Other Developments, Further Reading, and Coming Events (3 August 2021)

Subscribe to my newsletter, The Wavelength, if you want the content on my blog delivered to your inbox four times a week before it’s posted here.

Other Developments

  • In a quarterly United States (U.S.) Securities and Exchange Commission (SEC) filing, Amazon revealed that Luxembourg’s data protection authority fined the company more than $880 million for violating the General Data Protection Regulation, the largest fine to date. Like Ireland’s Data Protection Commission, the Luxembourg National Commission for Data Protection (CNPD) has been criticized for lax enforcement of the GDPR. Nonetheless, the CNPD has not released its decision, and Amazon has said in media reports it will appeal. In any event, in its 10-Q filing Amazon stated:
    • On July 16, 2021, the Luxembourg National Commission for Data Protection (the “CNPD”) issued a decision against Amazon Europe Core S.à r.l. claiming that Amazon’s processing of personal data did not comply with the EU General Data Protection Regulation. The decision imposes a fine of €746 million and corresponding practice revisions. We believe the CNPD’s decision to be without merit and intend to defend ourselves vigorously in this matter.
  • The Republican ranking members of the House Energy and Commerce and Judiciary Committees unveiled a raft of bills as the most recent phase of their campaign to “hold Big Tech accountable.” Ranking Members Cathy McMorris Rodgers (R-WA) and Jim Jordan (R-OH) summarized the bills that form this initiative:
    • Section 230 Reform 
    • Preserving constitutionally protected speech, led by Republican Leaders Cathy McMorris Rodgers (R-WA) and Jim Jordan (R-OH), to remove liability protections for companies who censor constitutionally protected speech on their platforms, require appeals processes, and transparency for content enforcement decisions.   
    • Bad Samaritan carve out, led by Rep. Bob Latta (R-OH), to amend section 230 to remove liability protections from companies that act as Bad Samaritans and knowingly promote, solicit, or facilitate illegal activity.   
    • Chinese Communist Party carve out, led by Rep. Neal Dunn (R-FL), to exclude companies with direct or indirect ties to the Chinese Communist Party from section 230.  
    • Nondiscrimination carve out, led by Rep. Dan Crenshaw (R-TX), to remove liability protections from companies who take action based on a user’s racial, sexual, political affiliation, or ethnic grounds.   
    • FTC exemption, led by Rep. Fred Upton (R-MI), to amend section 230 to remove liability protections for actions brought against a company by the FTC.   
    • Cyberbullying carve out, led by Rep. Tim Walberg (R-MI), to amend section 230 to remove liability protections for claims based on cyberbullying.   
    • Doxxing carve out, led by Rep. Jeff Duncan (R-SC), to amend section 230 to remove liability protections for claims based on doxxing.  
    • Terrorism carve out, led by Rep. Gary Palmer (R-AL), to amend section 230 to remove liability protections for claims based on foreign terrorism content.   
    • Child exploitation, including pornography carve out, led by Gus Bilirakis (R-FL), to amend section 230 to remove liability protections for claims based on child exploitation, including child pornography.  
    • Counterfeit products carve out, led by Rep. Richard Hudson (R-NC), to amend section 230 to remove liability protections for claims related to counterfeit products.  
    • Illegal drugs carve out, led by Rep. David McKinley (R-WV), to amend section 230 to remove liability protections for claims based on the illegal sale of drugs and the sale of illegal drugs.  
    • Product liability carve out, led by Rep. Kelly Armstrong (R-ND), to preserve claims relating to product liability, for any instance in which an interactive computer service has physical possession or control of a product at issue. 
    • Content Moderation Practices to Address Certain Content 
    • Lawful content protection, led by Rep. Dan Crenshaw (R-TX), to prevent companies from blocking or preventing access to lawful content, as well as degrading or impairing access to such content. 
    • Content moderation on illegal drugs, led by Rep. Brett Guthrie (R-KY), to require companies to implement reasonable content moderation practices to address the illegal sale of drugs and the sale of illegal drugs.  
    • Content moderation on terrorism, led by Rep. Debbie Lesko (R-AZ), to require companies to implement reasonable content moderation practices to address foreign terrorism content.   
    • Content moderation on doxxing, led by Rep. Buddy Carter (R-GA), to require companies to implement reasonable content moderation practices to address doxxing. 
    • Protecting Children from Mental Health Harms and Cyberbullying 
    • Mental health impact disclosure, led by Rep. Bill Johnson (R-OH), to require companies to disclose the mental health impact on their products and services have on children and  a NIH study to review whether warning labels about such risks should be required on such products and services.   
    • Improving Transparency 
    • Content policies, led by Rep. Billy Long (R-MO), to require companies to disclose how they develop their content moderation policies.  
    • Appeals policies, led by Rep. Michael Burgess (R-TX), to require companies to disclose how they develop their appeals processes.   
    • App Store policies, led by Rep. Steve Scalise (R-LA), to require companies to disclose how they develop and implement their app store policies.   
    • Content enforcement, led by Rep. Latta (R-OH), to require companies to disclose their content enforcement decisions related to child pornography, child trafficking, cyberbullying, illegal sale of drugs, foreign terrorism content, counterfeit products, revenge porn, and doxxing.   
    • Additional Accountability Bills 
    • Law enforcement study, led by Rep. Gus Bilirakis (R-FL), to direct the GAO to conduct a study on how platforms can better work with law enforcement to address illegal content and crimes on their platforms.  
    • Consumer education on law enforcement, led by Rep. Markwayne Mullin (R-OK), to require annual education campaigns to inform the public about the resources available to them when their safety and security have been violated online.  
    • Universal Service Fund Contributions, led by Rep. Markwayne Mullin (R-OK), to require a study on the feasibility of requiring Big Tech to contribute to the Universal Service Fund.  
    • ID verification, led by Rep. John Curtis (R-UT), to require social media companies to require verification of the identity of users prior to use of their platform. 
  • The European Commission (EC) “presented an ambitious package of legislative proposals to strengthen the EU’s anti-money laundering and countering terrorism financing (AML/CFT) rules…[that] also includes the proposal for the creation of a new EU authority to fight money laundering” per its press release. The EC explained “package consists of four legislative proposals:
  • The National Institute of Standards and Technology (NIST) issued two guidance documents:
    • NIST Special Publication (SP) 800-47 Revision 1, Managing the Security of Information Exchanges, provides guidance on identifying information exchanges; considerations for protecting exchanged information before, during, and after the exchange commensurate with risk; and sample templates of the agreements needed to manage the protection of the exchanged information. Rather than focus on any particular type of technology-based connection or information access, this publication has been updated to define the scope of information exchange, describe the benefits of securely managing information exchange, identify types of information exchanges, discuss potential security risks associated with information exchange, and detail a four phase methodology to securely manage information exchange between systems and organizations. This document also recommends steps for each phase of the methodology with an emphasis on the security measures necessary to protect the shared data.
  • Longtime Congressional opponents to what they see as National Security Agency (NSA) surveillance abuses under the Foreign Intelligence Surveillance Act (FISA) will be able to get and up or down vote on a provision to an appropriations bill to bar the NSA from using any funds for some FISA activities. The House Rules Committee made the amendment in order during the coming floor consideration of the “Commerce, Justice, Science, and Related Agencies Appropriations Act, 2022” (H.R.4505). A bipartisan group of Representatives, Zoe Lofgren (D-CA), Thomas Massie (R-KY), Pramila Jayapal (D-WA), Warren Davidson (R-OH), Anna Eshoo (D-CA), and Victoria Spartz (R-IN) will offer this language when the House takes up the bill, possibly as early as this week:
    • (a) Except as provided in subsection (b), none of the funds made available by this Act may be used by an officer or employee of the United States to query information acquired under section 702 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1881a) using a United States person identifier.
    • (b) Subsection (a) shall not apply to queries authorized under section 105, 304, 703, 704, or 705 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1805; 1842; 1881b; 1881c; 1881d), or title 18, United States Code, regardless of under what Foreign Intelligence Surveillance Act authority it was collected.
  • The United Kingdom’s Department for Digital, Culture, Media & Sport (DCMS) issued “[a] call for views on amending the incident reporting framework for digital service providers within the Network & Information Systems (NIS) regulations” and published an accompanying policy paper. DCMS explained:
    • This document sets out the government’s approach to rectify an EU-Exit related deficiency in the Network and Information Systems legislation surrounding incident reporting thresholds for digital service providers.
    • This call for views seeks feedback on the government’s proposal to move incident reporting thresholds from legislation to ICO guidance.
  • House Energy and Commerce Committee Ranking Member Cathy McMorris Rodgers (R-WA), House Judiciary Committee Ranking Member Jim Jordan (R-OH), and House Oversight and Reform Committee Ranking Member James Comer (R-KY) wrote the five commissioners of the Federal Trade Commission (FTC) the day after the appeared before the House Energy and Commerce Committee “with serious concerns about the partisan actions of the FTC’s Democratic Commissioners to consolidate agency power, unilaterally assert and expand regulatory authority, and abandon bipartisan and open processes.” They argued:
    • The Biden FTC, however, has abandoned these tenets of good government to expand regulatory power. The FTC’s decisions have real-world consequences to
      American consumers and the American economy, and these actions will fundamentally change
      the agency’s mission and undermine the rule of law. It is essential that Congress fully understand  the scope and nature of the FTC’s actions, and the extent to which any of the actions have been unduly influenced by the White House. As our Committees continue their oversight of the FTC and consider legislation relating to the FTC’s scope and authority, please provide the following information:
      • 1. All documents and communications referring or relating to the July 1, 2021,
        Commission meeting, including but not limited to the development, consideration and
        adoption of the actions taken at that meeting and the rationale for the meeting’s
        rushed timeline or the hearing of comments by the Commission after votes were
      • 2. All documents and communications referring or relating to instructions, directives, or commands given to FTC staff since June 15, 2021, to cancel public engagements or
      • 3. A timeline for the FTC’s issuance of any rulemaking or guidance to replace the 2015
        policy statement concerning unfair methods of competition, including an explanation
        for whether the public will have opportunity to submit written comments on a draft of
        that document and how the FTC will ensure its position reflects concerns or facts
        generated through public comments;
      • 4. All documents and communications referring or related to the FTC’s proposal,
        development or implementation of policies or actions called for by or under the
        authority of Executive Order 14036;
      • 5. All documents and communications between or among employees or officials of the
        Federal Trade Commission and employees or officials of the Executive Office of the
        President concerning items 1-4, above.
      • 6. As similarly requested of Attorney General Garland on May 17, 2021, copies of all
        written communications between the Department of Justice (DOJ) and the FTC
        concerning H.R. 2668 or any drafts of the legislation since March 11, 2021.
  • A group of civil rights and human rights advocacy groups wrotea letter to the Office of Science and Technology Policy (OSTP) and memos to key federal agencies about their oversight of tech practices across hiring, credit, and housing.” One of the signatories, the Center for Democracy and Technology (CDT) asserted:
    • The coalition calls for the OSTP to prioritize civil rights and equity in the Biden administration’s AI and tech policy agenda, and for regulators to update and extend their policy guidance and rules to ensure more equitable outcomes in tech-driven decision-making and advertising. Financial institutions must develop less discriminatory AI models and improve processes for fair lending risk assessments. Housing regulators should monitor housing eligibility technologies and the unjustifiable use of court records to deny housing.
  • Verizon and Huawei settled a series of patent lawsuits as the former company announced in a press statement. Huawei had filed suit after talks had broken down about Huawei has offered to license some of its technology to the United States telecommunications giant. The patents in dispute were:
    • U.S. Patent No. 8,270,433, “Sending Method, Receiving and Processing Method and Apparatus for Adapting Payload Bandwidth for Data Transmission”
    • U.S. Patent No. 10,027,693 “Method, Device and System for Alerting against Unknown Malicious Codes within a Network Environment”
    • U.S. Patent No. 9,521,366 “Method and apparatus for playing conference signal, video conference terminal, and mobile device”
  • Facebook announced changes to Instagram’ designed to protect users below the age of 16. Facebook also provided an overview of the methods it will use to find users below the age of 13 who are not allowed to use either Facebook or Instagram. The company explained its new privacy policies for Instagram:
    • Creating an experience on Instagram that’s safe and private for young people, but also fun, comes with competing challenges. We want them to easily make new friends and keep up with their interests, but we don’t want them to deal with unwanted DMs or comments from strangers. We think private accounts are the right choice for young people, but we recognize some young creators might want to have public accounts to build a following.
    • We want to strike the right balance of giving young people all the things they love about Instagram while also keeping them safe. That’s why we’re announcing changes we’ll make today, including:
      • Defaulting young people into private accounts
      • Making it harder for potentially suspicious accounts to find young people
      • Limiting the options advertisers have to reach young people with ads

Further Reading

  • Hackers leak full EA data after failed extortion attempt” By Catalin Cimpanu — The Record. The hackers who breached Electronic Arts last month have released the entire cache of stolen data after failing to extort the company and later sell the stolen files to a third-party buyer. The data, dumped on an underground cybercrime forum on Monday, July 26, is now being widely distributed on torrent sites. According to a copy of the dump obtained by The Record, the leaked files contain the source code of the FIFA 21 soccer game, including tools to support the company’s server-side services.
  •  “Spanish-language misinformation about vaccines is evading Facebook’s moderators” By Tonya Riley — cyberscoop. acebook is still struggling to rein in COVID-19 misinformation in Spanish, a recent report from the advocacy group Avaaz indicates. Avaaz, a global human rights group, looked at top-performing posts on Instagram, which is owned by Facebook, promoting a debunked viral claim the coronavirus will make patients’ arms magnetic because it contains metals or possibly a microchip. Of the 30 Instagram posts in Spanish, only one had received a fact-checking label as of June 14. In comparison, roughly half of the 47 high-performing English posts had a fact-checking label.
  •  “The government’s facing a severe shortage of cyber workers when it needs them the most” By Joseph Marks — The Washington Post. The government is struggling to hire cybersecurity workers at the same time it is facing an unprecedented slate of hacking threats. The dearth of cyber workers is making it harder to protect government data from being stolen by adversaries and diminishing its ability to help improve cybersecurity in industries vital to national and economic security. It also worsens the dangers posed by the government’s notoriously outdated technology systems. Top officials have described the slow pace of cyber hiring as a national security threat
  • Pegasus spyware found on journalists’ phones, French intelligence confirms” By Kim Willsher — The Guardian. French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, including a senior member of staff at the country’s international television station France 24.
  • US consultants lined up to run fund that owns Israeli spyware company NSO” By Stephanie Kirchgaessner — The Guardian. Public investors in the private equity firm that owns a majority stake in the Israeli spyware company NSO Group are in talks to transfer management of that fund to Berkeley Research Group, a US consulting firm. A person familiar with the matter told the Guardian the talks, which are at an early stage, followed an internal dispute between the co-founders of Novalpina Capital, whose fund took over NSO Group in 2019.
  • US voices concern with Israeli officials about Pegasus revelations” By Stephanie Kirchgaessner — The Guardian. The White House has raised concerns with top Israeli officials about allegations that spyware sold by Israeli surveillance company NSO Group has been used by governments around the world to monitor journalists and activists and – potentially – government officials with close ties to the US. Brett McGurk, a top Biden administration adviser on the Middle East, raised questions privately about NSO in a meeting last week with Zohar Palti, a senior Israeli defence ministry official, according to reports by Axios and the Washington Post.
  • More Cities Are Moving to Drop Automated Gunshot-Detection Tech” By Todd Feathers — Vice. Community organizers in San Diego and Chicago are calling on their city leaders to end contracts with the surveillance company ShotSpotter, which installs hidden microphone arrays and uses a combination of algorithms and human reviewers to detect gunshots. Recent Motherboard investigations found that in at least four cities, the tech is placed almost exclusively in non-white neighborhoods, and that ShotSpotter analysts who prepare forensic reports for criminal trials have changed the the system’s original findings about the number and location of gunshots—sometimes in ways that support police narratives that aren’t backed by any physical evidence. (Police and Shotspotter both claim the system is installed in “high-crime” areas.) It is currently in place in more than 120 cities, including a more than 117-square mile swath of Chicago and a 3.6-square mile area in San Diego. 

Coming Events 

  • 4 August
    • The Senate Homeland Security and Governmental Affairs Committee will markup a number of measures, including:
      • S. 2559, Deepfake Task Force Act;
      • S. 2551, AI Training Act;
      • S. 2520, State and Local Government Cybersecurity Act;
      • S. 2305, Cybersecurity Opportunity Act;
      • S. 2439, DHS Industrial Control Systems Capabilities Enhancement Act of 2021;
      • S. 2540, CISA Technical Corrections and Improvements Act of 2021;
      • S. 2525, Domains Critical to Homeland Security Act.
    • The Senate Intelligence Committee will hold a hearing titled “Beijing’s Long Arm: Threats To U.S. National Security.”
  • 5 August
    • The Federal Communications Commission (FCC) will hold its monthly open meeting with this tentative agenda:
      • Establishing Two New Innovation Zones. The Commission will consider a Public Notice that would create two new Innovation Zones for Program Experimental Licenses and the expansion of an existing Innovation Zone. (ET Docket No. 19-257)
      • Numbering Policies for Modern Communications. The Commission will consider a Further Notice of Proposed Rulemaking to update the Commission’s rules regarding direct access to numbers by interconnected Voice over Internet Protocol providers to safeguard the nation’s finite numbering resources, curb illegal robocalls, protect national security, and further promote public safety. (WC Docket Nos. 13-97, 07-243, 20-67; IB Docket No. 16-155)
      • Appeals of the STIR/SHAKEN Governance Authority Token Revocation Decisions. The Commission will consider a Report and Order that would establish a process for the Commission to review decisions of the private STIR/SHAKEN Governance Authority that would have the effect of placing voice service providers out of compliance with the Commission’s STIR/SHAKEN implementation rules. (WC Docket Nos. 17-97, 21-291)
      • Modernizing Telecommunications Relay Service (TRS) Compensation. The Commission will consider a Notice of Proposed Rulemaking on TRS Fund compensation methodology for IP Relay service. (CG Docket No. 03-123; RM-11820)
      • Updating Outmoded Political Programming and Record-Keeping Rules. The Commission will consider a Notice of Proposed Rulemaking to update outmoded political programming rules. (MB Docket No. 21-293)
      • Review of the Commission’s Part 95 Personal Radio Services Rules. The Commission will consider a Memorandum Opinion and Order on Reconsideration that would grant three petitions for reconsideration of the Commission’s May 2017 Part 95 Personal Radio Services Rules Report and Order. (WT Docket No. 10-119)
  • 1 September
    • The House Armed Services Committee will mark up the FY 2022 National Defense Authorization Act (H.R.4395).

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Mikael Stenberg on Unsplash

Photo by David Dibert on Unsplash

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s