Other Developments, Further Reading, and Coming Events (10 June 2021)

Subscribe to my newsletter, The Wavelength, if you want updates on global technology developments four times a week.

Other Developments

  • The European Commission (EC) “adopted two sets of standard contractual clauses (SCC), one for use between controllers and processors and one for the transfer of personal data to third countries.” SCCs are one of the means under the General Data Protection Regulation (GDPR) by which a data controller may transfer the personal data to a nation outside the European Union (EU) that does not have laws essentially equivalent to the EU’s. The EC contended:
    • They reflect new requirements under the General Data Protection Regulation (GDPR) and take into account the Schrems II judgement of the Court of Justice, ensuring a high level of data protection for citizens. These new tools will offer more legal predictability to European businesses and help, in particular, SMEs to ensure compliance with requirements for safe data transfers, while allowing data to move freely across borders, without legal barriers.
    • The new standard contractual clauses take into account the joint opinion of the European Data Protection Board and the European Data Protection Supervisor, feedback from stakeholders during a broad public consultation and the opinion of Member States’ representatives.
    • The standard contractual clauses published today reflect new requirements under the General Data Protection Regulation and address the realities faced by modern business. Thanks to their standardisation and pre-approval, the SCCs provide companies with an easy-to-implement template. Companies know that when they use this template they meet data protection requirements.
    • Main innovations of the new standard contractual clauses:
      • One single entry-point covering a broad range of transfer scenarios, instead of separate sets of clauses;
      • More flexibility for complex processing chains, through a ‘modular approach’ and by offering the possibility for more than two parties to join and use the clauses;
      • Practical toolbox to comply with the Schrems II judgment; i.e. an overview of the different steps companies have to take to comply with the Schrems II judgment as well as examples of possible ‘supplementary measures’, such as encryption, that companies may take if necessary
    • For controllers and processors that are currently using previous sets of standard contractual clauses, a transition period of 18 months is provided.
    • These standard contractual clauses are adopted at a moment where a number of regional organisations and third countries are developing or have issued their own standard contractual clauses on the basis of converging principles. The Commission will intensify its cooperation with these international partners to further facilitate data transfers between different regions of the world.
  • The United Kingdom’s Competition and Markets Authority (CMA) announced it “has launched a probe into whether Facebook has gained an unfair advantage over competitors in providing services for online classified ads and online dating, through how it gathers and uses certain data.” The CMA added:
    • The firm collects data from its digital advertising services, which allow other businesses to advertise to Facebook users, and from its single sign-on option, Facebook Login, which offers people the ability to sign into other websites, apps and services using their Facebook log-in details.
    • The CMA will look into whether Facebook has unfairly used the data gained from its advertising and single sign-on to benefit its own services, in particular Facebook Marketplace – where users and businesses can put up classified ads to sell items – and Facebook Dating – a dating profile service it launched in Europe in 2020.
    • The European Commission has today also launched its own investigation into Facebook’s use of data. The CMA will seek to work closely with the European Commission as the independent investigations develop.
  • In an action coordinated with the United Kingdom’s Competition and Markets Authority (CMA), the European Commission (EC) revealed it “has opened a formal antitrust investigation to assess whether Facebook violated EU competition rules by using advertising data gathered in particular from advertisers in order to compete with them in markets where Facebook is active such as classified ads.” The EC asserted that “[t]he formal investigation will also assess whether Facebook ties its online classified ads service “Facebook Marketplace” to its social network, in breach of EU competition rules.” The EC continued:
    • As part of its in-depth investigation, the Commission will examine in detail whether Facebook’s position in social networks and online advertising allows it to harm competition in neighbouring markets, where Facebook is also active thanks to its social network, and in particular in online classified ads.
    • When advertising their services on Facebook, companies, which also compete directly with Facebook, may provide it commercially valuable data. Facebook might then use this data in order to compete against the companies which provided it.
    • This applies in particular to online classified ads providers, the platforms on which many European consumers buy and sell products. Online classified ads providers advertise their services on Facebook’s social network. At the same time, they compete with Facebook’s own online classified ads service, “Facebook Marketplace”.
    • Following a preliminary investigation, the Commission has concerns that Facebook may distort competition for the online classified ads services. In particular, Facebook might make use of the data obtained from competing providers in the context of their advertising on Facebook’s social network, to help Facebook Marketplace outcompete them. Facebook could, for instance, receive precise information on users’ preferences from its competitors’ advertisement activities and use such data in order to adapt Facebook Marketplace.
    • The Commission will also examine whether the way Facebook Marketplace is embedded in the social network constitutes a form of tying which gives it an advantage in reaching customers and forecloses competing online classified ads services.
  • Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger sent a memorandum to private sector entities titled “What We Urge You To Do To Protect Against The Threat of Ransomware” in which she urged these entities to put in place best practices and security measures to guard against ransomware attacks. Neuberger said businesses should take these steps immediately:
    • Implement the five best practices from the President’s Executive Order:
    • President Biden’s Improving the Nation’s Cybersecurity Executive Order is being implemented with speed and urgency across the Federal Government. We’re leading by example because these five best practices are high impact: multifactor authentication (because passwords alone are routinely compromised), endpoint detection & response (to hunt for malicious activity on a network and block it), encryption (so if data is stolen, it is unusable) and a skilled, empowered security team (to patch rapidly, and share and incorporate threat information in your defenses). These practices will significantly reduce the risk of a successful cyber- attack.
    • Backup your data, system images, and configurations, regularly test them, and keep the backups offline: Ensure that backups are regularly tested and that they are not connected to the business network, as many ransomware variants try to find and encrypt or delete accessible backups. Maintaining current backups offline is critical because if your network data is encrypted with ransomware, your organization can restore systems.
    • Update and patch systems promptly: This includes maintaining the security of operating systems, applications, and firmware, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to drive your patch management program.
    • Test your incident response plan: There’s nothing that shows the gaps in plans more than testing them. Run through some core questions and use those to build an incident response plan: Are you able to sustain business operations without access to certain systems? For how long? Would you turn off your manufacturing operations if business systems such as billing were offline?
    • Check Your Security Team’s Work: Use a 3rd party pen tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.
    • Segment your networks: There’s been a recent shift in ransomware attacks – from stealing data to disrupting operations. It’s critically important that your corporate business functions and manufacturing/production operations are separated and that you carefully filter and limit internet access to operational networks, identify links between these networks and develop workarounds or manual controls to ensure ICS networks can be isolated and continue operating if your corporate network is compromised. Regularly test contingency plans such as manual controls so that safety critical functions can be maintained during a cyber incident.
  • United States Trade Representative (USTR) Katherine Tai announced “the conclusion of the one-year Section 301 investigations of Digital Service Taxes (DSTs) adopted by Austria, India, Italy, Spain, Turkey, and the United Kingdom.” Tai stated “[t]he final determination in those investigations is to impose additional tariffs on certain goods from these countries, while suspending the tariffs for up to 180 days to provide additional time to complete the ongoing multilateral negotiations on international taxation at the OECD and in the G20 process.” Tai continued:
    • On June 2, 2020, USTR initiated investigations into DSTs adopted or under consideration in ten jurisdictions:  Austria, Brazil, the Czech Republic, the European Union, India, Indonesia, Italy, Spain, Turkey, and the United Kingdom.  
    • In March 2021, USTR announced proposed trade actions in these six investigations, and undertook a public notice and comment process, during which it collected hundreds of public comments and held seven public hearings.  USTR also terminated the remaining four investigations (of Brazil, the Czech Republic, the European Union, and Indonesia) because those jurisdictions had not implemented the DSTs under consideration.
  • The United States Department of the Treasury announced “that it has distributed $105.3 billion to more than 1,500 recipients through the Coronavirus State and Local Fiscal Recovery Funds, established by the American Rescue Plan Act of 2021.” Among other uses, the agency explained recipients can “[i]nvest in water, sewer, and broadband infrastructure, improving access to clean drinking water, supporting vital wastewater and stormwater infrastructure, and expanding access to broadband internet.” The Department further explained:
    • This $105.3 billion distribution is part of the $350 billion allocated in emergency funding for state, local, territorial, and Tribal governments. Only 11 days since announcing the $350 billion allocation and guidelines on ways the funds can be used to respond to acute pandemic-response needs, fill revenue shortfalls among state and local governments, and support the communities and populations hardest-hit by the COVID-19 crisis, the Department already distributed approximately 30% of the total allocation – and nearly half of the funds available for immediate disbursement – by close of business on Wednesday, May 19. Treasury is committed to ensuring these resources are disbursed as quickly as possible to eligible state, territorial, metropolitan city, county, and Tribal governments to assist communities as they recover from the pandemic.
  • Federal Trade Commission (FTC) Acting Chair Rebecca Kelly Slaughter wrote the Senate Commerce, Science, and Transportation Committee to respond “to arguments in a letter from the U.S. Chamber of Commerce regarding the Commission’s ability to use Section 13(b) of the FTC Act to seek consumer compensation in antitrust and consumer protection cases.” Slaughter stated:
    • On April 20, 2021, my fellow Commissioners and I testified at a full Committee hearing entitled “Strengthening the Federal Trade Commission’s Authority to Protect Consumers,” where we urged Congress to act swiftly to restore the Federal Trade Commission’s (“FTC” or “Commission”) statutory authority to obtain monetary relief under Section 13(b) of the Federal Trade Commission Act (the “FTC Act”).1 During the hearing, I saw for the first time a letter that the Chamber of Commerce of the United States of America (“Chamber”) sent to you the day before that raised numerous concerns with legislation that would restore the Commission’s ability to obtain monetary relief under Section 13(b) of the FTC Act. Now having had time to review the letter carefully, it is my view that the Chamber’s position is based on a fundamental misunderstanding of the history and function of Section 13(b). Congress’s adoption of such an approach would be a boon to those who engage in unfair, deceptive, or anticompetitive business practices, at the expense of harmed consumers and honest competitors.
    • The recently introduced House bill and other proposals to amend Section 13(b) do not “dramatically extend FTC authority in unbounded ways” or lack “safeguards against misuse” as the Chamber wrongly asserts. Rather, these proposals simply codify the way the Commission used Section 13(b) on a bipartisan basis for four decades, but with an additional ten-year statute of limitation on the Commission’s ability to obtain monetary relief. This approach makes sense and is good for consumers and honest businesses. Accordingly, I reiterate the Commission’s request that Congress act quickly to restore Section 13(b) of the FTC Act and preserve the FTC’s ability to enjoin illegal conduct, disgorge ill-gotten gains, and return to consumers money they have lost. I look forward to continuing to work with the Committee and Congress on this critically important issue.
  • The United States Department of Defense (DOD) “released the names of “Chinese military companies” operating directly or indirectly in the United States in accordance with the statutory requirement of Section 1260H of the National Defense Authorization Act for Fiscal Year 2021.” The DOD stated:
    • The Department is determined to highlight and counter the People’s Republic of China’s (PRC) Military-Civil Fusion development strategy, which supports the modernization goals of the People’s Liberation Army (PLA) by ensuring its access to advanced technologies and expertise acquired and developed by even those PRC companies, universities, and research programs that appear to be civilian entities.  Section 1260H directs the Department to begin identifying, among other things, Military-Civil Fusion contributors operating directly or indirectly in the United States.
  • In response to the Facebook Oversight Board’s decision, Facebook announced it will suspend former President Donald Trump for two years from its platforms. Vice President of Global Affairs Nick Clegg explained:
    • Last month, the Oversight Board upheld Facebook’s suspension of former US President Donald Trump’s Facebook and Instagram accounts following his praise for people engaged in violence at the Capitol on January 6. But in doing so, the board criticized the open-ended nature of the suspension, stating that “it was not appropriate for Facebook to impose the indeterminate and standardless penalty of indefinite suspension.” The board instructed us to review the decision and respond in a way that is clear and proportionate, and made a number of recommendations on how to improve our policies and processes.
    • We are today announcing new enforcement protocols to be applied in exceptional cases such as this, and we are confirming the time-bound penalty consistent with those protocols which we are applying to Mr. Trump’s accounts. Given the gravity of the circumstances that led to Mr. Trump’s suspension, we believe his actions constituted a severe violation of our rules which merit the highest penalty available under the new enforcement protocols. We are suspending his accounts for two years, effective from the date of the initial suspension on January 7 this year.
    • At the end of this period, we will look to experts to assess whether the risk to public safety has receded. We will evaluate external factors, including instances of violence, restrictions on peaceful assembly and other markers of civil unrest. If we determine that there is still a serious risk to public safety, we will extend the restriction for a set period of time and continue to re-evaluate until that risk has receded.
    • When the suspension is eventually lifted, there will be a strict set of rapidly escalating sanctions that will be triggered if Mr. Trump commits further violations in future, up to and including permanent removal of his pages and accounts.
  • The Republican leadership on the House Energy and Commerce Committee introduced the “American Broadband Act” (H.R.3435) that will:
    • Close the digital divide through investments that target rural and unserved areas based on accurate maps;
    • Authorize $20 billion over five years to promote broadband infrastructure deployment and $3 billion to promote rural wireless infrastructure deployment;
    • Remove barriers to investment and deployment for distressed communities and encourage public-private broadband partnerships;
    • Streamline permitting processes by incentivizing state and local governments to cut red tape, placing reasonable limits on permitting, and promoting infrastructure deployment on federal lands;
    • Unleash private investment to win the future.
  • Republicans on the House Agriculture Committee released the “Broadband For Rural America Act” (H.R.3369) that:
    • Authorizes $3.7 billion per year for critical rural broadband programs, including the ReConnect Rural Broadband Program, the Middle Mile Broadband Program, and the Innovative Broadband Advancement Program
    • Targets limited resources so assistance is focused on the most rural and least-connected residents, which are often the most expensive to connect
    • Promotes borrower accountability and protects taxpayers with new tools to ensure promised services are delivered to rural communities
  • Senate Finance Committee Chair Ron Wyden (D-OR) wrote Secretary of the Treasury Janet Yellen asking her “to allow more underserved communities to deploy modern broadband networks with American Rescue Plan funds.” Wyden asserted:
    • I am concerned that overly prescriptive language regarding eligibility for broadband investments in Treasury’s recently published Interim Final Rule risks excluding underserved communities from this funding and depriving them of economic opportunity. Treasury appears to have limited funding to communities that are unserved or underserved, which it defines as lacking access to a wireline broadband connection capable of reliably delivering download speeds of 25 megabits per second (Mbps) and uploads of 3 Mbps.
    • To assume that communities with speeds at or above 25/3 Mbps are adequately served — and to ignore cost as a factor in this consideration — would be severely misguided, and it ignores the reality on the ground for American students, working families, and businesses. The reality is that the Federal Communication Commission’s (FCC) current broadband benchmark of 25/3 Mbps is woefully outdated. The mass adoption of video calling, streaming, and other bandwidth-intensive apps by Americans during the COVID-19 pandemic has made it clear that miserly speeds and data caps are holding back telework, remote education and telehealth capacity. Simply put, it is not possible for a family of four to telework and engage in remote schooling while sharing 3 Mbps of upload bandwidth.
    • In fact, Treasury concluded in the Interim Final Rule that only symmetrical speeds of 100 Mbps are “sufficient to enable users to generally meet household needs, including the ability to support the simultaneous use of work, education, and health applications, and also sufficiently robust to meet increasing household demands for bandwidth.” As a result, Fiscal Recovery Funds projects are expected to deliver service that reliably meets or exceeds this standard. Treasury’s conclusions regarding the inadequacy of the FCC’s broadband benchmark mirror those of both the Acting FCC Chairwoman Jessica Rosenworcel and bipartisan Members of Congress. That is why I urge Treasury to ensure any community with service that falls below its own standard of 100 Mbps upload and download speeds is eligible for this funding.
  • The European Data Protection Board (EDPB) responded to Access Now’s April letter regarding which nation’s data protection authority has jurisdiction over Amazon in light of an article “pointing to several violations of obligations imposed on controllers under the General Data Protection Regulation(GDPR).” The EDPB stated:
    • The Guidelines for identifying a controller or processor’s lead supervisory authority were adopted on 13 December 2016 following careful consideration of relevant factors for the determination of the main establishment and revised and adopted on 5 April 2017 by the members of the WP29. The EDPB members then agreed upon the endorsement of the revised version on 25 May 2018. As is the case with all guidance by the EDPB, we are permanently monitoring the necessity of reviewing also these guidelines and incorporating additional factors, and we will do so, if necessary.
    • While the EDPB cannot comment on possible ongoing investigations by its members, I would like to inform you that the Internal Market Information System (IMI), an information and communications system which facilitates the exchange of information between supervisory authorities for the GDPR cooperation and consistency procedures, does specifically enable any supervisory authority to express its views on competence at an early stage of such procedure launched by the supervisory authorities and/or initiate the dispute resolution mechanism as per Art. 65 GDPR.
    • The one-stop-shop mechanism ensures that the lead supervisory authority responsible for investigating cases against a particular controller considers the input of any concerned supervisory authority. The European Data Protection Board cannot make any statements regarding the main establishment of a particular controller, unless, for instance, it takes place within the framework of the dispute resolution mechanism (Art. 65 GDPR). Moreover, the competence to carry out investigations, according to Article 58.1 GDPR, is reserved for the national supervisory authorities.
  • The National Institute of Standards and Technology (NIST) issued a range of guidance and standards documents:
    • A draft of NIST SP 800-161, Revision 1 for comment , Cyber Supply Chain Risk Management Practices for Systems and Organizations. More than ever, organizations are concerned about the risks associated with products and services that may contain potentially malicious functionality, are counterfeit, or are vulnerable due to poor manufacturing and development practices within the cyber supply chain. These risks can decrease an enterprise’s visibility into and understanding of how the technology that they acquire is developed, integrated, and deployed. They can also affect and be affected by the processes, procedures, and practices used to ensure the security, resilience, reliability, safety, integrity, and quality of products and services. That is why NIST is inviting comments on a major revision to Cyber Supply Chain Risk Management Practices for Systems and Organizations (SP 800-161). The updates are designed to better help organizations identify, assess, and respond to cyber supply chain risks while still aligning with other fundamental NIST cybersecurity risk management guidance.
    • A Cybersecurity White Paper on confidence mechanisms for Internet of Things (IoT) devices, Establishing Confidence in IoT Device Security: How do we get there? This paper describes the landscape of confidence mechanisms that are currently available for establishing the security of IoT devices in the marketplace, with the goal of starting a conversation about what it means to have confidence in the cybersecurity of IoT devices used by individuals and organizations and the various ways of gaining that confidence. The paper is based on extensive research on initiatives that can help to instill confidence in IoT device security and a series of meetings with government and industry experts.
    • NIST’s National Cybersecurity Center of Excellence (NCCoE) has released the second draft of NIST Special Publication (SP) 1800-30, Securing Telehealth Remote Patient Monitoring Ecosystem. Increasingly, healthcare delivery organizations (HDOs) incorporate telehealth and remote patient monitoring (RPM) as part of a patient’s care regimen. RPM systems may offer convenience and may be cost-effective for patients and HDOs, which promotes increased adoption rates. Without adequate privacy and cybersecurity measures, however, unauthorized individuals may expose sensitive data or disrupt patient monitoring services.
    • NIST is in the process of a periodic review and maintenance of its cryptography standards and NIST Special Publications. A description of the review process is available at the Crypto Publication Review Project page. Currently, we are reviewing the following publications: 
      • Federal Information Processing Standard (FIPS) 197, Advanced Encryption Standard (AES), 2001
      • NIST Special Publication (SP) 800-38A, Recommendation for Block Cipher Modes of Operation: Methods and Techniques, 2001 
      • NIST SP 800-38A Addendum, Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode, 2010 
      • NIST SP 800-15, Minimum Interoperability Specification for PKI Components (MISPC), Version 1, 1998 
      • NIST SP 800-25, Federal Agency Use of Public Key Technology for Digital Signatures and Authentication, 2000 
      • NIST SP 800-32, Introduction to Public Key Technology and the Federal PKI Infrastructure, 2001  
  • The Information Technology and Innovation Foundation (ITIF) found in a report that “many [United States] federal government websites are not accessible for people with disabilities.” ITIF offered these “key takeaways:”
    • Section 508 of the Rehabilitation Act, as amended in 1998, requires federal agencies to follow modern standards of web accessibility for users with disabilities.
    • The Justice Department submits biennial reports to the president and Congress evaluating agencies’ compliance with Section 508, but it has not made these reports available to the public since 2012.
    • ITIF tested the most popular federal websites and found that 30 percent did not pass an automated accessibility test for their homepage, and nearly half (48 percent) failed the test on at least one of their three most popular pages.
    • One-third of popular federal websites did not have an easily discoverable page with contact information for users to report accessibility issues, and agencies are not required to collect or share data on the complaints they receive.
    • Congress, the White House, and GSA should work together to increase transparency surrounding accessibility, expand the number of centralized accessibility resources, and encourage agencies to make web accessibility a priority.

Further Reading

  • Google announces new privacy features for Android phones — but stops short of limiting ad tracking” By Gerrit De Vynck — The Washington Post. Mobile phone apps constantly hoover up data about their users. At Google’s annual developer conference on Tuesday, the company announced a few new features that let people with phones running its Android operating system limit that harvesting. But the changes stopped short of forcing apps to specifically ask permission to use people’s data to advertise to them across the Web, a policy Apple instituted on its iPhones in February.
  • After Media Detour, AT&T Confronts Old Problems” By Edmund Lee and Lauren Hirsch — The New York Times. At a meeting of AT&T’s top leaders at the company’s headquarters in Dallas, Randall L. Stephenson, the chief executive, sounded a victory note. The wireless provider was on the verge of a transformative deal that would turn the phone company into a tech and media giant. It was about to take ownership of Time Warner, the entertainment colossus behind HBO, CNN and the Warner Bros. studios. Mr. Stephenson praised his new prize, but also took a moment to take a small jab at the company he was about to acquire, according to two people with knowledge of the matter who spoke on the condition of anonymity to describe a private meeting.
  • That AT&T-Discovery deal is about the battle for broadband” — Marketplace. It’s been not quite three years since AT&T completed its $85 billion merger with Time Warner, with the hope that investing in content would drive customers to consume that content with AT&T’s internet and on AT&T phones. Now, that deal is coming undone. AT&T plans to spin off HBO, CNN and the rest of its media assets in a deal with Discovery, leaving telecommunications as its main focus again. Verizon is doing the same thing by getting rid of AOL and Yahoo. I spoke with Roger Entner, who follows the industry as founder of Recon Analytics. He said this comes as the industry pours billions of dollars into 5G and fiber. And it’s hard to fight the broadband war and the streaming war at the same time. The following is an edited transcript of our conversation.
  • Once Tech’s Favorite Economist, Now a Thorn in Its Side” By Steve Lohr — The New York Times. Paul Romer was once Silicon Valley’s favorite economist. The theory that helped him win a Nobel prize — that ideas are the turbocharged fuel of the modern economy — resonated deeply in the global capital of wealth-generating ideas. In the 1990s, Wired magazine called him “an economist for the technological age.” The Wall Street Journal said the tech industry treated him “like a rock star.”
  • Facebook removes 110,000 pieces of Covid misinformation posted by Australian users” By Josh Taylor — The Guardian. Facebook has removed more than 110,000 pieces of Covid-related misinformation generated by Australian accounts in the first year of the pandemic, the company has revealed. In February, Facebook, along with Twitter, Google, Microsoft, Redbubble and TikTok, signed on to a new voluntary industry code aimed at combating misinformation and disinformation online.
  • Schools and other organizations are sharing more about kids online. Here’s what parents can do to protect them.” By Stacey Steinberg — The Washington Post. Last month my daughter came home from school full of excitement. “I am artist of the week,” she shared with me proudly. She is my youngest of three, and I knew what that meant. Having roamed the halls of my children’s elementary school countless times over the past decade, I knew that her artwork was likely to be on display in the hallway for all to admire.
  • Judge Chooses Timeline for JEDI Cloud Case” By Frank Konkel — Nextgov. Days after attorneys for the Pentagon, Microsoft and Amazon Web Services proposed competing schedules for moving forward in ongoing JEDI litigation, Judge Patricia Campbell-Smith selected AWS’ proposed schedule through at least July. Per the judge’s decision, AWS, which first challenged the Pentagon’s decision to award the Joint Enterprise Defense Infrastructure cloud contract in October 2019, must file a motion to complete the case’s administrative record by June 18. The motion allows AWS to argue why the court should consider additional evidence related to allegations that political interference played a role in Microsoft’s selection for the JEDI award.
  • Endless scrolling through social media can literally make you sick” By Julia Sklar — National Geographic. When a dark ashy cloud born from wildfires settled over the Seattle metropolitan area, Jack Riewe was among the millions of people suddenly trapped indoors. It was September 2020, and without access to the outdoors during a pandemic, it became even more difficult for the 27-year-old writer to see other people. He could only fill his days switching between working remotely on his computer, watching TV, or scrolling through endless fire updates on his phone.
  • New research shows how many important links on the web get lost to time” By Mitchell Clark — The Verge. A quarter of the deep links in The New York Times’ articles are now rotten, leading to completely inaccessible pages, according to a team of researchers from Harvard Law School, who worked with the Times’ digital team. They found that this problem affected over half of the articles containing links in the NYT’s catalog going back to 1996, illustrating the problem of link rot and how difficult it is for context to survive on the web.
  • Vulnerabilities in billions of Wi-Fi devices let hackers bypass firewalls” By Dan Goodin — Ars Technica. One of the things that makes Wi-Fi work is its ability to break big chunks of data into smaller chunks and combine smaller chunks into bigger chunks, depending on the needs of the network at any given moment. These mundane network plumbing features, it turns out, have been harboring vulnerabilities that can be exploited to send users to malicious websites or exploit or tamper with network-connected devices, newly published research shows.
  • Florida, in a First, Will Fine Social Media Companies That Bar Candidates” By David McCabe — The New York Times. Florida on Monday became the first state to regulate how companies like Facebook, YouTube and Twitter moderate speech online, by imposing fines on social media companies that permanently bar political candidates in the state. The law, signed by Gov. Ron DeSantis, is a direct response to Facebook’s and Twitter’s bans of former President Donald J. Trump in January. In addition to the fines for barring candidates, it makes it illegal to prevent some news outlets from posting to their platforms in response to the contents of their stories.
  • WhatsApp Sues India’s Government to Stop New Internet Rules” By Mike Isaac — The New York Times.  WhatsApp sued the Indian government on Wednesday to stop what it said were oppressive new internet rules that would require it to make people’s messages “traceable” to outside parties for the first time. The lawsuit, filed by WhatsApp in the Delhi High Court, seeks to block the enforceability of the rules that were handed down by the government this year. WhatsApp, a service owned by Facebook that sends encrypted messages, claimed in its suit that the rules, which were set to go into effect on Wednesday, were unconstitutional.

Coming Events

  • On 10 June, the Senate Homeland Security and Governmental Affairs Committee will hold a hearing on the nominations of Robin Carnahan to be Administrator, General Services Administration; Jen Easterly to be Director, Cybersecurity and Infrastructure Security Agency, DHS; and Chris Inglis to be National Cyber Director.
  • The House Judiciary Committee will conduct an oversight hearing of the Federal Bureau of Investigation on 10 June.
  • On 14 June, the California Privacy Protection Agency Board will hold its inaugural meeting.
  • On 17 June the Senate Appropriations Committee will hold a hearing on the Department of Defense’s FY 2022 budget request.
  • The Federal Communications Commission (FCC) will hold its June meeting on 17 June with this tentative agenda:
    • Protecting Against National Security Threats to the Communications Supply Chain through the Equipment Authorization and Competitive Bidding Programs.
      The Commission will consider a Notice of Proposed Rulemaking and Notice of Inquiry seeking comments on steps it could take to secure the nation’s critical communications networks through its equipment authorization and competitive bidding programs. (ET Docket No. 21-232; EA Docket No. 21-233)
    • Allowing Earlier Equipment Marketing and Importation Opportunities. The Commission will consider a Report and Order that would adopt changes to the equipment authorization rules to allow expanded marketing and importation of radiofrequency devices prior to certification, with conditions. (ET Docket No. 20-382)
    • Improving the Emergency Alert System and Wireless Emergency Alerts. The Commission will consider a Report and Order and Further Notice of Proposed Rulemaking to implement section 9201 of the National Defense Authorization Act for Fiscal Year 2021, which is intended to improve the way the public receives emergency alerts on their mobile phones, televisions, and radios. (PS Docket Nos. 15-94, 15-91)
    • Improving Robocall and Spoofing Input from Private Entities. The Commission will consider a Report and Order to implement Section 10(a) of the TRACED Act by adopting a streamlined process that will allow private entities to alert the FCC’s Enforcement Bureau about suspected unlawful robocalls and spoofed caller ID. (EB Docket No. 20-374)
    • Promoting Telehealth for Low-Income Consumers. The Commission will consider a Second Report and Order that would provide guidance on the administration of the Connected Care Pilot Program and further instructions to program participants. (WC Docket No. 18-213)
    • Exploring Spectrum Options for Devices Used to Mark Fishing Equipment. The Commission will consider a Notice of Proposed Rulemaking that would satisfy the Commission’s statutory obligation in Section 8416 of the National Defense Authorization Act for Fiscal Year 2021 to initiate a rulemaking proceeding to explore whether to authorize devices that can be used to mark fishing equipment for use on Automatic Identification System (AIS) channels consistent with the core purpose of the AIS to prevent maritime accidents. (WT Docket No. 21-230)
    • Improving Low Power FM Radio. The Commission will consider an Order on Reconsideration of a proceeding to modernize the LPFM technical rules. (MB Docket No. 19-193)
    • Enforcement Bureau Action. The Commission will consider an enforcement action.
  • On 27 July, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Tomáš Nožina on Unsplash

Photo by Denny Müller on Unsplash

Photo by Jeff Sundstrom on Unsplash

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s