Other Developments, Further Reading, and Coming Events (27 July 2021)

Subscribe to my newsletter, The Wavelength, if you want the content on my blog delivered to your inbox four times a week before it’s posted here.

Other Developments

  • The Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) announced “the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions.” DHS added:
    • The Department’s Cybersecurity and Infrastructure Security Agency (CISA) advised TSA on cybersecurity threats to the pipeline industry, as well as technical countermeasures to prevent those threats, during the development of this second Security Directive.  This Security Directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review.   
    • This is the second Security Directive that TSA has issued to the pipeline sector this year, building upon an initial Security Directive that TSA issued in May 2021 following the ransomware attack on a major petroleum pipeline.  The May 2021 Security Directive requires critical pipeline owners and operators to (1) report confirmed and potential cybersecurity incidents to CISA; (2) designate a Cybersecurity Coordinator to be available 24 hours a day, seven days a week; (3) review current practices; and, (4) identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.
  • The Senate Armed Services Committee completed its markup of its FY 2022 National Defense Authorization Act (NDAA) and issued a summary of the bill instead of actual text as has been customary. Their House counterparts are set to mark up their bill in early September. In the summary, the committee highlighted technology funding and programmatic provisions:
    • The 61st annual NDAA supports a total of $777.9 billion in fiscal year 2022 funding for national defense. Within this topline, the legislation authorizes $740.3 billion for the Department of Defense (DOD) and $27.7 billion for national security programs within the Department of Energy (DOE). This legislation, like the President’s budget request, does not include a separate Overseas Contingency Operations (OCO) request – any war-related costs are included in the base budget.
    • Strengthening DOD’s Cybersecurity Posture
      • Requires the development a joint zero trust strategy and a model architecture for the Department of Defense Information Network and a data management strategy.
      • Requires a program to demonstrate and assess an automated security validation capability to assist the Department in cybersecurity efforts.
      • Directs an assessment of the utility and cost-benefits of using capabilities to make risk-based vulnerability remediation decisions, identify key cyber terrain and assets, identify single-node mission dependencies, and monitor for changes in mission threat execution.
      • Authorizes an increase of $268.4 million across the DOD to support cybersecurity efforts.
    • Enhancing CYBERCOM’s Authorities and Capabilities
      • Authorizes full funding for U.S. Cyber Command (CYBERCOM).
      • Assigns to the Commander, CYBERCOM, responsibility for directly controlling and
      • managing the planning, programming, budgeting, and execution of the resources to maintain the Cyber Mission Forces.
      • Requires the Commander, CYBERCOM, to establish a voluntary process for engaging with the commercial information technology and cybersecurity companies to develop methods of coordination to protect against foreign malicious cyber actors.
      • Encourages CYBERCOM Joint Force Headquarters-Department of Defense Information Networks (JFHQ-DODIN) to explore further application of commercial off-the-shelf solutions across the command to address urgent intelligence and operations gaps.
    • Responding to the Cyber Threat Environment
      • Requires an assessment of the current and emerging offensive cyber posture of adversaries of the United States and the plans of the military services for offensive cyber operations during potential conflict.
      •  Requires an assessment of the policy, capacity, and capabilities of DOD to defend the United States from ransomware attacks.
      • Requires the Secretary of Defense to develop a pilot program to assess the feasibility and advisability of entering into voluntary public-private partnerships with Internet ecosystem companies to discover and disrupt the use of their platforms, systems, services, and infrastructure by malicious cyber actors.
      • Directs DOD to conduct an assessment of the need to establish a cyberspace foundational and science and technical intelligence center; focus on wargaming activities and capabilities; and enhance operation models and simulations.
      • Requires the Secretary of Defense to submit a report on the plans for the Cyber Maturity Model Certification Program.
      • Strengthens the university cyber consortium of academic institutions that have been designed as Cyber Centers of Academic Excellence for cyber operations, cyber research, and cyber defense.
      • Directs the establishment of a working group to review and propose updates to DOD and component acquisition policy and guidance on cybersecurity requirements for systems and weapon acquisitions and report on specific proposals for updating policy and guidance.
      • Directs the Comptroller General to assess DOD’s efforts to address information and communications technology supply chain risks.
      • Requires a report on ways the DOD can improve support to the Cybersecurity and Infrastructure Security Agency to increase awareness of threats and vulnerabilities.
  • The House Energy and Commerce Committee marked up a number of bills, including the following as described in a committee briefing memorandum:
    • H.R. 4026, the “Social Determinants of Health Data Analysis Act of 2021”, introduced by Reps. Burgess (R-TX) and Blunt Rochester (D-DE), requires the Comptroller General of the United States to submit to Congress within two years of enactment a report on the actions taken by the Secretary of Health and Human Services (HHS) to address social determinants of health. The report shall include: an analysis of how data collection undertaken by HHS complies with Federal and state privacy laws and regulations, a description of any coordination by HHS with other relevant Federal, State, and local agencies, an identification of any potential for duplication or any barriers, and recommendations on how to foster public-private partnerships and leverage the private sector to address social determinants of health.
    • H.R. 2685, the “Understanding Cybersecurity of Mobile Networks Act”, introduced by Reps. Eshoo and Kinzinger (R-IL), would require the National Telecommunications and Information Administration (NTIA) to examine and report on the cybersecurity of mobile service networks and the vulnerability of these networks and mobile devices to cyberattacks and surveillance conducted by adversaries. The report must include an assessment of the degree to which providers of mobile service have addressed certain cybersecurity vulnerabilities; a discussion of the degree to which these providers have implemented cybersecurity best practices and risk assessment frameworks; and an estimate of the prevalence and efficacy of encryption and authentication algorithms and techniques used in mobile service and communications equipment, mobile devices, and mobile operating systems and software, among other things.
    • H.R. 3919, the “Secure Equipment Act of 2021”, introduced by Reps. Scalise (R-LA) and Eshoo, would direct the Federal Communications Commission (FCC) to clarify that it will no longer review or approve applications from companies on the Commission’s “Covered List.” The bill would prevent further integration and sales of Huawei, ZTE, Hytera, Hikvision, and Dahua – all Chinese state-backed or directed firms – in the United States regardless of whether federal funds are involved. An AINS is expected to be offered to clarify that the rules required by the legislation should not apply retroactively to equipment previously authorized by the FCC, and that the legislation does not prevent the FCC from studying whether, in a future proceeding, the rules should apply retroactively.
    • H.R. 4028, the Information and Communication Technology Strategy Act”, introduced by Reps. Long (R-MO), Spanberger (D-VA), Carter (R-GA), and McNerney (D-CA), would
      direct the Secretary of Commerce to submit to Congress within one year a report analyzing the state of economic competitiveness of trusted vendors in the information and communication technology supply chain, identifying which components or technologies are critical or vulnerable, and identifying which components or technologies on which U.S. networks depend. It would also require the Secretary to submit to Congress, within six months after the report is submitted, a whole-of-government strategy to ensure the competitiveness of trusted vendors in the United States.
    • H.R. 4032, the “Open RAN Outreach Act”, introduced by Reps. Allred (D-TX), O’Halleran (D-AZ), Guthrie, and Hudson, directs the NTIA Administrator to provide outreach and technical assistance to small communications network providers regarding Open Radio Access Networks (Open-RAN). An AINS is expected to be offered to clarify that the outreach and technical assistance should address the uses, benefits, and shortcoming of Open RAN; that the technical assistance may be related to participation in the grant program authorized in the FY 2021 National Defense Authorization Act; and that NTIA may use such grant funds to carry out the legislation.
    • H.R. 4045, the “FUTURE Networks Act”, introduced by Reps. Doyle (D-PA), Johnson (R-OH), and McBath (D-GA), would require the FCC to create a 6G (sixth-generation) Task Force. The bill stipulates that the membership of the Task Force shall be appointed by the FCC Chair, and that the Task Force membership be composed, if possible, of representatives from trusted companies (meaning those not controlled by foreign adversaries), trusted public interest groups, and trusted government representatives with at least one representative from federal, state, local, and tribal governments. The Task Force would have to submit a report to Congress on 6G wireless technology, including the possible uses, strengths, and limitations of 6G, (including any supply chain, cybersecurity, or other limitations that will need to be addressed in future generations of wireless technologies.
    • H.R. 4046, the “NTIA Policy and Cybersecurity Coordination Act”, introduced by Reps. Duncan (R-SC), Wild (D-PA) and Curtis, would authorize the existing NTIA Office of Policy Analysis and Development and rename it the Office of Policy Development and Cybersecurity. In addition to codifying the responsibilities of NTIA in administering the information sharing program in Section 8 of the Secure and Trusted Communications Act, the Office would be assigned functions to coordinate and develop policy regarding the cybersecurity of communications networks.
    • H.R. 4055, the “American Cybersecurity Literacy Act”, introduced by Reps. Kinzinger, Eshoo, Veasey (D-TX), Houlahan (D-PA), and Bilirakis, would require NTIA to develop and conduct a cybersecurity literacy campaign to educate U.S. individuals and businesses about common cybersecurity risks and best practices. An AINS is expected to be offered to make technical changes to the bill.
    • H.R. 4067, the “Communications Security Advisory Act of 2021”, introduced by Reps. Slotkin (D-MI), Schrader (D-OR) and Walberg (R-MI), would codify an existing FCC advisory council, the Communications Security, Reliability, and Interoperability Council, focused on network security, resiliency, and interoperability. It also requires biennial reporting to the FCC, Congress, and public with recommendations to improve communications networks on such issues.
  • The Australian Competition & Consumer Commission (ACCC) announced that it “is examining competition and consumer concerns with general online retail marketplaces such as eBay Australia, Amazon Australia, Kogan and Catch.com.au as part of its inquiry into digital platform services in Australia.” This inquiry is part of the ACCC’s “ five-year inquiry into markets for the supply of digital platform services in Australia and their impacts on competition and consumers, following a direction from the Treasurer.” The ACCC explained:
    • The ACCC is keen to receive submissions from consumers, platforms and third-party sellers, from small businesses to major brands, to inform its inquiry, and has released an issues paper today. Consumers and small business sellers are also invited to share their experiences with marketplaces by completing short online surveys.
    • General online retail marketplaces allow sellers to list a range of products which can be searched for, found and purchased by consumers. These marketplaces compete against each other, as well as against so-called bricks and mortar businesses, to attract both buyers and sellers.
    • The ACCC will examine the marketplaces and their relationships with third-party sellers and consumers, as well as how these marketplaces affect competition in Australian markets.
    • The ACCC will consider pricing practices, the use of data, the terms and conditions imposed on third-party sellers, and the impacts on competition when the marketplace itself operates as a seller on the platform.
    • Key consumer issues to be considered include the ability of customers to leave and read reviews of sellers and products, how complaints are handled and how consumers’ data is collected and used.
    • The issues paper also looks at the services offered by the marketplaces, the market structures and the way the markets work.
  • Texas Attorney General Ken Paxton and the Knight First Amendment Institute and the American Civil Liberties Union (ACLU) of Texas reached a settlement over the latter two’s suit against Paxton for blocking users from his personal Twitter account. The First Amendment Institute stated in its press release:
    • Texas Attorney General Ken Paxton has unblocked all critics from his @KenPaxtonTX Twitter account and has agreed not to block people based on viewpoint in the future. Paxton’s agreement, memorialized in a joint stipulation filed late Friday in federal court in Austin, brings to a close a lawsuit challenging Paxton’s actions under the First Amendment.
    • The case was filed in April 2021 by the Knight First Amendment Institute at Columbia University and the American Civil Liberties Union of Texas on behalf of nine individual plaintiffs and the Knight Institute. Paxton had blocked the individual plaintiffs from his @KenPaxtonTX account after they criticized him or his policies in their own tweets.
  • The United Kingdom’s (UK) Financial Conduct Authority (FCA) issued its Annual Report and Accounts and its Business Plan, and in the latter, the FCA asserted:
    • Digital competition
    • We will continue to assess the impact that digitalisation can have on competition to help ensure that digital financial services markets:
      • deliver greater value for consumers by fostering effective competition while providing appropriate protection
      • provide consumers with a choice of quality products that meet their needs at a competitive price
    • We will collaborate with external parties, including the Government, the Digital Markets Unit and through our Digital Regulation Cooperation Forum membership.
  • The Senate Homeland Security and Governmental Affairs Committee marked up and reported out a number of technology bills, including:
    • S. 1917, K-12 Cybersecurity Act of 2021;
    • S. 2201, Supply Chain Security Training Act of 2021;
    • S. 1324, Civilian Cyber Security Reserve Act;
    • In a press release, Chair Gary Peters (D-MI) summarized two of the bills:
      • The K-12 Cybersecurity Act directs the Cybersecurity and Infrastructure Security Agency (CISA) to work with teachers, school administrators, other federal departments and private sector organizations to complete a study of cybersecurity risks specific to K-12 educational institutions, including risks related to securing sensitive student and employee records and challenges related to remote-learning. Following the completion of that study, the bill directs CISA to develop cybersecurity recommendations and an online toolkit to help schools improve their cybersecurity hygiene. Schools are responsible for securing a considerable amount of sensitive records related to their students and employees, including student grades, family records, medical histories, and employment information. In 2020, K-12 public schools saw a record-breaking number of cyber-attacks with more than 400 publicly-reported incidents.
      • The Supply Chain Security Training Act directs the General Services Administration in coordination with the Department of Homeland Security, Department of Defense and the Office of Management and Budget to create a standardized training program to help federal employees responsible for purchasing services and equipment identify whether those products could compromise the federal government’s information security. Recent breaches of federal information systems exploited vulnerabilities in the SolarWinds and Microsoft Exchange networks, highlighting the need for robust technological supply chain security and the importance of ensuring agency personnel responsible for managing these resources are well versed and up-to-date on cybersecurity threats and other attempts to steal sensitive or valuable information.
    • Senator Jacky Rosen (D-NV) summarized her bill, the “Civilian Cyber Security Reserve Act” (S.1324):
      • According to the Government Accountability Office, the consistent shortage of cyber security personnel represents a high risk to national security. To address this shortage, the bipartisan Civilian Cyber Security Reserve Act establishes a civilian cyber security reserve pilot program, which authorizes cybersecurity reservists to provide surge capacity in response to significant incidents. Activated personnel would serve in temporary positions, for up to six months, as Federal civil service employees to supplement existing cybersecurity personnel. Participation would be voluntary and by invitation only. The legislation is modeled after recommendations from the National Commission on Military, National, and Public Service and Cyberspace Solarium Commission reports to establish a cyber security reserve corps.
  • The Texas Supreme Court allowed suits to advance against Facebook brought by three people who say they were victims of sex trafficking. The court agreed with Facebook that 47 USC 230 blocked most of the grounds the plaintiffs sued to sue the company but allowed their suits to continue on the basis of the carveout to Section 230 enacted in 2018 in the “Allow States and Victims to Fight Online Sex Trafficking Act” (P.L. 115-164). The court explained:
    • Facebook seeks writs of mandamus directing the dismissal of three lawsuits pending
      against it in district court. The plaintiffs in all three cases allege they were victims of sex
      trafficking who became entangled with their abusers through Facebook. They assert claims for negligence, negligent undertaking, gross negligence, and products liability based on Facebook’s alleged failure to warn of, or take adequate measures to prevent, sex trafficking on its internet platforms. They also assert claims under a Texas statute creating a civil cause of action against those who intentionally or knowingly benefit from participation in a sex-trafficking venture.
    • In all three lawsuits, Facebook moved to dismiss all claims against it as barred by section
      230 of the federal “Communications Decency Act” (“CDA”), which provides that “[n]o cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section.” 47 U.S.C. § 230(e)(3). Facebook contends that all the plaintiffs’ claims are “inconsistent with” section 230(c)(1), which says that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”
    • For the reasons explained below, we deny mandamus relief in part and grant it in part. The plaintiffs’ statutory human-trafficking claims may proceed, but their common-law claims for negligence, gross negligence, negligent undertaking, and products liability must be dismissed.
  • The Cybersecurity and Infrastructure Security Agency (CISA) launched “its newest federal enterprise security initiative: mobile cybersecurity shared services that is piloting three capabilities to improve the security of government furnished equipment (GFE) mobile devices (e.g., smartphones and tablets) and applications.” CISA stated that “[t]he pilots will be managed by CISA’s Cybersecurity Quality Services Management Office (QSMO).” CISA provided more detail on the pilots:
    • Vetting Mobile Application Security
    • The first CISA mobile security pilot is a new mobile application vetting (MAV) service, which will evaluate the security of government-developed mobile applications (apps) and third-party apps used on GFE mobile devices. The service will identify app vulnerabilities, flaws, and possible risks—either accidental coding errors or intentionally placed malicious code—to mobile devices as well as app and enterprise security so that steps can be taken to fix discovered issues.
    • Kryptowire, Inc. of Tysons Corner, VA, has been awarded phase III of a Small Business Innovation Research contract for the MAV service. They will develop a pilot capability, implementing the mobile app and firmware analysis MAV service with the goal of providing mobile app vetting and firmware vulnerability analysis as a scalable service to the Federal Civilian Executive Branch (FCEB). The test pilot will launch in fiscal year 2022 and consists of up to three early-adopter agencies.
    • Verifying Mobile Device Security
    • The second mobile security pilot is focused on mobile device security. The Traveler-Verified Information Protection (T-VIP) service is a device-integrity validation tool that detects software, firmware and hardware modifications to a smartphone between two points in time.
    • Because government travelers need their GFE mobile devices to stay in contact with their offices while traveling to foreign countries, embassies, or external sites, they can be prime targets for compromise. These travelers cannot monitor what occurs “under the hood” of their mobile devices, so comparisons of pre-travel and post-travel scans by the T-VIP software—developed by Pacific Northwest National Laboratory—will identify suspicious changes on the devices made during their travel, thus increasing the security of sensitive government information. T-VIP is a government-off-the-shelf solution and is for official government use only. The service is being piloted for adoption as a full mobile cybersecurity shared offering to FCEB agencies.
    • Mobile Network Security Service
    • Finally, CISA, in cooperation with the Department of Homeland Security, Science and Technology (S&T) Directorate, is developing a pilot solution to deploy protective DNS services to mobile devices. As government agencies and their employees are increasingly relying on mobile devices with an exponential increase in use due to the extensive remote work posture adopted in the wake of the pandemic, a protective DNS solution for mobile traffic will align DNS protections with those provided to traditional enterprise systems.
    • , which is designing a solution that will route mobile DNS traffic to a protective DNS resolver managed by CISA. This mobile protective DNS capability is intended to integrate with  CISA’s protective DNS shared service offering.
  • The United Kingdom’s (UK) Department for Digital, Culture, Media & Sport (DCMS) opened a consultation titled “Digital identity and attributes consultation” that “asks for views on how the digital identity system should operate, including proposals for a governing body which will be charged with making sure organisations follow government rules on digital identity.” DCMS stated:
    • Online authentication, identity and eligibility solutions can increase security, ease of use and accessibility to public services. They are central to making public services more efficient and effective. They will also improve people’s ability to operate confidently in an increasingly digital economy.
    • The government is committed to realising the benefits of digital identity, without creating ID cards. Earlier this year we published a draft of the UK digital identity and attributes trust framework. This set out what rules and standards are needed to protect people’s sensitive identity data when used digitally.
    • This consultation now seeks views on three key issues:
      • the governance system to oversee digital identity and and make sure organisations comply with the rules
      • how to allow trusted organisations to make digital checks against authoritative government-held data
      • establishing the legal validity of digital identities, so people are confident they are as good as physical documents like passports or bank statements

Further Reading

  • The Nightmare of Our Snooping Phones” By Shira Ovide — The New York Times. “Data privacy” is one of those terms that feels stripped of all emotion. It’s like a flat soda. At least until America’s failures to build even basic data privacy protections carry flesh-and-blood repercussions. This week, a top official in the Roman Catholic Church’s American hierarchy resigned after a news site said that it had data from his cellphone that appeared to show the administrator using the L.G.B.T.Q. dating app Grindr and regularly going to gay bars. Journalists had access to data on the movements and digital trails of his mobile phone for parts of three years and were able to retrace where he went.
  • U.S. Military Bought Cameras in Violation of America’s Own China Sanctions” By Sam Biddle — The Intercept. Numerous federal agencies, including several branches of the military, buy video surveillance equipment that can’t legally be used in U.S. government systems and that is made by Chinese companies sanctioned on national security grounds, records and products reviewed by The Intercept indicate. The agencies purchased blacklisted hardware through a network of American resellers that claimed the camera systems were in compliance with the sanctions. Those claims in numerous cases had little apparent basis, according a joint investigation with IPVM, a video surveillance industry research publication.
  • Fraud on the Farm: How a baby-faced CEO turned a Farmville clone into a massive Ponzi scheme” By Paul Benjamin Osterlund — Rest of the World. On November 21, 2019, 25-year-old Recep Ataş stepped onto a shooting range in the Istanbul suburb of Başakşehir. He fired several rounds at the target, before suddenly aiming the weapon directly against his heart and pulling the trigger. The single shot killed him. The next day, Ataş’ father told local media that his son was depressed  — a large bank loan loomed over him. The money Ataş had borrowed evaporated after he’d invested it in Farm Bank, a smartphone app similar to the once-popular Facebook game Farmville. But unlike Farmville, Farm Bank had a real-world twist. 
  • YouTube’s recommendations still push harmful videos, crowdsourced study finds” By Brandy Zadrozny — NBC News. ouTube’s recommendation algorithm suggests videos with misinformation, violence, hate speech and other content that violates its own policies, researchers say. A new crowdsourced investigation from the Mozilla Foundation, the nonprofit behind the Firefox web browser, asked more than 37,000 YouTube users to act as watchdogs and report harmful content through a browser extension that was then analyzed by research assistants at the University of Exeter in England. That user-supplied content included Covid-19 misinformation, political conspiracy theories, and both violent and graphic content, including sexual content that appeared to be cartoons for children, the analysis found. 
  • How Vietnam’s ‘influencer’ army wages information warfare on Facebook” By James Pearson — Reuters. In Vietnam, where the state is fighting a fierce online battle against political dissent, social media “influencers” are more likely to be soldiers than celebrities.
  • ‘Cyber-attack’ hits Iran’s transport ministry and railways” — The Guardian. Websites of Iran’s transport and urbanisation ministry went out of service on Saturday after a “cyber-disruption” in computer systems, the official IRNA news agency reported. On Friday, Iran’s railways also appeared to come under cyber-attack, with messages about alleged train delays or cancellations posted on display boards at stations across the country. Electronic tracking of trains across Iran reportedly failed.
  • China Plans Security Checks for Tech Companies Listing Overseas” By Raymond Zhong — The New York Times. China moved on Saturday toward requiring domestic tech companies to submit to a cybersecurity checkup before they can go public on overseas stock exchanges, a step that would close the regulatory gap that allowed the ride-hailing giant Didi to list shares on Wall Street last week without getting a clean bill of digital health from Beijing. On July 2, two days after Didi’s shares began trading on the New York Stock Exchange, China’s internet regulator ordered the company to stop signing up users while officials conducted a security review, sending its share price tumbling.
  • China drafts new cyber-security industry plan” — Reuters. China’s Ministry of Industry and Information Technology said on Monday it has issued a draft three-year action plan to develop the country’s cyber-security industry, estimating the sector may be worth more than 250 billion yuan ($38.6 billion) by 2023.
  • UK’s trade chief Liz Truss seeks closer ties with tech firms in US visit” By Graham Lanktree — Politico. Britain’s Trade Secretary Liz Truss is headed to the United States for a five-day visit where she’ll try to forge new ties with the country’s tech giants. Truss’ trip, running Sunday through Thursday, will see her stop in San Francisco, where she is slated to meet Silicon Valley companies as well as representatives of California Governor Gavin Newsom.
  • Twitter appoints resident grievance officer in India to comply with new internet rules” By Manish Singh — Tech Crunch. Twitter has appointed a resident grievance officer in India days after the American social media firm said to have lost the liability protection on user-generated content in the South Asian nation over non-compliance with local IT rules. On Sunday, Twitter identified Vinay Prakash as its new resident grievance officer and shared a way to contact him as required by India’s new IT rules, which was unveiled in February this year and went into effect in late May. Twitter has also published a compliance report, another requirement listed in the new rules.
  • The US needs a ‘Digital Marshall Plan’ to counter China’s Digital Silk Road” By Orit Frenkel, Kent Hughes and Jennifer A. Hillman — The Hill. The United States is poised to launch a much-needed initiative to advance American global competitiveness. Done right, such an initiative could usher in a U.S. era of strong, inclusive and sustainable economic growth, along with reinvigorated global leadership. Both Congress and the Biden administration are contemplating major initiatives. They should take bold action, lest they squander this moment. 
  • The Most Influential Spreader of Coronavirus Misinformation Online” By Sheera Frenkel — The New York Times. The article that appeared online on Feb. 9 began with a seemingly innocuous question about the legal definition of vaccines. Then over its next 3,400 words, it declared coronavirus vaccines were “a medical fraud” and said the injections did not prevent infections, provide immunity or stop transmission of the disease. Instead, the article claimed, the shots “alter your genetic coding, turning you into a viral protein factory that has no off-switch.”

Coming Events 

  • 27 July
    • The Federal Trade Commission (FTC) will hold PrivacyCon 2021. The FTC has announced this agenda:
      • Introduction: Jamie Hine, Senior Attorney, Federal Trade Commission, Division of Privacy & Identity Protection
      • Welcome to PrivacyCon: Rebecca Kelly Slaughter, Commissioner, Federal Trade Commission
      • Opening Remarks: Erie Meyer, Chief Technologist, Federal Trade Commission
      • Panel 1: Algorithms
        • Basileal Imana, University of Southern California, Auditing for Discrimination in Algorithms Delivering Job Ads
        • Hongyan Chang, National University of Singapore, On the Privacy Risks of Algorithm Fairness
        • Martin Strobel, National University of Singapore, On the Privacy Risks of Model Explanations
        • Moderator: Devin Willis, Attorney, Federal Trade Commission, Division of Privacy & Identity Protection
      • Algorithms Presentation
        • Ziad Obermeyer, University of California at Berkeley, Algorithmic Bias Playbook Presentation
        • Moderator: Lerone Banks, Technologist, Federal Trade Commission, Division of Privacy & Identity Protection
      • Panel 2: Privacy – Considerations and Understanding
        • Nico Ebert, Zurich University of Applied Sciences, Bolder is Better: Raising User Awareness Through Salient and Concise Privacy Notices
        • Siddhant Arora, Carnegie Mellon University, Finding a Choice in a Haystack: Automatic Extraction of Opt-Out Statements from Privacy Policy Text
        • Cameron Kormylo, Virginia Tech, Reconsidering Privacy Choices: The Impact of Defaults, Reversibility, and Repetition
        • Peter Mayer, Karlsruhe Institute of Technology, Now I’m a bit angry – Individuals’ Awareness, Perception, and Responses to Data Breaches that Affected Them
        • Moderator: Danielle Estrada, Attorney, Federal Trade Commission, Division of Privacy & Identity Protection
      • Panel 3: AdTech
        • Imane Fouad, Inria (France), Missed by Filter Lists: Detecting Unknown Third-Party Trackers with Invisible Pixels
        • Janus Varmarken, University of California Irvine, The TV is Smart and Full of Trackers: Measuring Smart TV Advertising and Tracking
        • Miranda Wei, University of Washington, What Twitter Knows: Characterizing Ad Targeting Practices, User Perceptions, and Ad Explanations Through Users’ Own Twitter Data
        • Moderator: Miles Plant, Attorney, Federal Trade Commission, Division of  Privacy & Identity Protection
      • Panel 4: IoT
        • AnupamDas, North Carolina State University, Hey Alexa, is this Skill Safe: Taking a Closer Look at the Alexa Skill Ecosystem
        • Jeffrey Young, Clemson University, Measuring the Policy Compliance of Voice Assistant Applications
        • Pardis Emami-Naeni, University of Washington, Which Privacy and Security Attributes Most Impact Consumers’ Risk Perception and Willingness to Purchase IoT Devices?
        • Genevieve Liberte, Florida International University, Real-time Analysis of Privacy (un)Aware IoT Applications
        • Moderator: Linda Holleran Kopp, Attorney, Federal Trade Commission, Division of Privacy & Identity Protection
      • Panel 5: Privacy – Children and Teens
        • Mohammad Mannan, Concordia University (Canada), Betrayed by the Guardian – Security and Privacy Risks of Parental Control Solutions and Parental Controls: Safer Internet Solutions or New Pitfalls?
        • Cameryn Gonnella, BBB National Programs, Risky Business – The Current State of Teen Privacy in the Android App Marketplace
        • Moderator: Manmeet Dhindsa, Attorney, Federal Trade Commission, Division of Privacy & Identity Protection
      • Panel 6: Privacy and the Pandemic
        • Marzieh Bitaab, Arizona State University, Scam Pandemic: How Attackers Exploit Public Fear through Phishing
        • Christine Geeng, University of Washington, Social Media COVID-19 Misinformation Interventions Viewed Positively, But Have Limited Impact
        • Moderator: Christina Yeung, Technologist, Federal Trade Commission, Office of Technology Research and Investigation
      • Closing Remarks
        • Lerone Banks, Technologist, Federal Trade Commission, Division of Privacy & Identity Protection
    • The House Oversight and Reform Committee’s National Security Subcommittee will hold a hearing titled “Defending the U.S. Electric Grid Against Cyber Threats.”
    • The Senate Banking, Housing, and Urban Affairs Committee will hold a hearing titled “Cryptocurrencies: What are they good for?”
    • The Senate Homeland Security and Governmental Affairs Committee will hold a hearing titled “Resources and Authorities Needed to Protect and Secure the Homeland” with Secretary of Homeland Security Alejandro Mayorkas.
    • The Senate Judiciary Committee will hold a hearing titled “America Under Cyber Siege: Preventing and Responding to Ransomware Attacks.”
    • The Senate Commerce, Science, and Transportation Committee will hold a hearing titled “Pipeline Cybersecurity: Protecting Critical Infrastructure.”
  • 28 July
    • The House Energy and Commerce Committee’s Consumer Protection and Commerce Subcommittee will hold a hearing titled “Transforming the FTC: Legislation to Modernize Consumer Protection” with the five FTC Commissioners.
    • The House Oversight and Reform Committee’s Government Operations Subcommittee will hold a hearing titled “FITARA 12.0” to review the federal government’s Federal Information Technology Acquisition Reform Act (FITARA) compliance.
    • The House Administration Committee will hold a hearing titled “Election Subversion: A Growing Threat to Electoral Integrity.”
    • The House Armed Services Committee’s Cyber, Innovative Technologies, and Information Systems Subcommittee will mark up its portion of the committee’s FY 2022 National Defense Authorization Act (H.R.4395).
  • 5 August
    • The Federal Communications Commission (FCC) will hold its monthly open meeting with this tentative agenda:
      • Establishing Two New Innovation Zones. The Commission will consider a Public Notice that would create two new Innovation Zones for Program Experimental Licenses and the expansion of an existing Innovation Zone. (ET Docket No. 19-257)
      • Numbering Policies for Modern Communications. The Commission will consider a Further Notice of Proposed Rulemaking to update the Commission’s rules regarding direct access to numbers by interconnected Voice over Internet Protocol providers to safeguard the nation’s finite numbering resources, curb illegal robocalls, protect national security, and further promote public safety. (WC Docket Nos. 13-97, 07-243, 20-67; IB Docket No. 16-155)
      • Appeals of the STIR/SHAKEN Governance Authority Token Revocation Decisions. The Commission will consider a Report and Order that would establish a process for the Commission to review decisions of the private STIR/SHAKEN Governance Authority that would have the effect of placing voice service providers out of compliance with the Commission’s STIR/SHAKEN implementation rules. (WC Docket Nos. 17-97, 21-291)
      • Modernizing Telecommunications Relay Service (TRS) Compensation. The Commission will consider a Notice of Proposed Rulemaking on TRS Fund compensation methodology for IP Relay service. (CG Docket No. 03-123; RM-11820)
      • Updating Outmoded Political Programming and Record-Keeping Rules. The Commission will consider a Notice of Proposed Rulemaking to update outmoded political programming rules. (MB Docket No. 21-293)
      • Review of the Commission’s Part 95 Personal Radio Services Rules. The Commission will consider a Memorandum Opinion and Order on Reconsideration that would grant three petitions for reconsideration of the Commission’s May 2017 Part 95 Personal Radio Services Rules Report and Order. (WT Docket No. 10-119)
  • 1 September
    • The House Armed Services Committee will mark up the FY 2022 National Defense Authorization Act (H.R.4395).

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Anni Roenkae from Pexels

Photo by 丁亦然 on Unsplash

Photo by Neil Soni on Unsplash

Photo by Spenser Sembrat on Unsplash

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s