Other Developments, Further Reading, and Coming Events (9 August 2021)

Artificial Intelligence, Broadband, Coming Events, Cyber Crime, Cybersecurity, Data Flows, Data Protection, data security, DOC, DOD, DOJ, FISMA, FTC, Misinformation, News Industry, Other Developments, People's Republic of China, privacy, Ransomware, Russia, Section 230, Social Media, Technology, Telecommunications 25 Minutes

Subscribe to my newsletter, The Wavelength, if you want the content on my blog delivered to your inbox four times a week before it’s posted here.

Other Developments

  • The United States (U.S.) Department of Justice (DOJ) provided an update to its January statement that it had been compromised in the SolarWinds hack. Over 27 U.S. Attorneys Offices were compromised. The DOJ stated:
    • In a statement issued January 6, 2021, the Department of Justice acknowledged that the global SolarWinds incident involved intrusion into the Department’s Microsoft O365 email environment and that this activity constituted a major incident under the Federal Information Security Modernization Act (FISMA).  After learning of the malicious activity, the Office of the Chief Information Officer eliminated the identified method by which the actor was accessing the O365 email environment and in accordance with FISMA, the department took steps to notify the appropriate federal agencies, Congress, and the public as warranted.
    • The Department of Justice understands that when victims make information public about the nature and scope of computer intrusions they suffered, others can use that information to prepare themselves for the next threat.  To encourage transparency and strengthen homeland resilience, today we are providing additional details about the SolarWinds intrusion in December 2020.
    • The Department is responding to this incident as if the Advanced Persistent Threat (APT) group responsible for the SolarWinds breach had access to all email communications and attachments found within the compromised O365 accounts. The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020.  The compromised data included all sent, received, and stored emails and attachments found within those accounts during that time.
    • While other districts were impacted to a lesser degree, the APT group gained access to the O365 email accounts of at least 80 percent of employees working in the U.S. Attorneys’ offices located in the Eastern, Northern, Southern, and Western Districts of New York.  The Executive Office for U.S. Attorneys has notified all impacted account holders and the Department has provided guidance to identify particular threats.  
    • The Department’s objective continues to be mitigating the operational, security, and privacy risks caused by the incident.
  • The Biden Administration issued a proposed rule that would tighten the United States (U.S.) government’s “Buy American” requirements per Executive Order (EO) 14005, “Ensuring the Future Is Made in All of America by All of America’s Workers.” How the EO and changes to how U.S. agencies buy goods and services can drive changes in the U.S. economy, and in this case, considering the billions of dollars of technology goods and services bought every year, these proposed changes could force technology companies to move production back to the U.S. In the proposed rule, the Department of Defense, General Services Administration, and National Aeronautics and Space Administration (NASA) asserted:
    • These actions [under the EO] include:
      • (i) regulatory amendments to the implementation of the Buy American Act in FAR part 25 to fit the current realities of the American economy;
      • (ii) the creation of a Made in America Office within the Office of Management and Budget to provide centralized, strategic, and holistic management of domestic sourcing activities across Federal procurement, Federal financial assistance, and maritime policies;
      • (iii) a public website with information on all proposed waivers to the Buy American Act and other Buy American Laws, as defined in the E.O., that helps more U.S. firms access Federal contracting and provides data to the Made in America Office to inform policy development for domestic sourcing; and
      • (iv) a review by the Federal Acquisition Regulatory Council (FAR Council), in consultation with the Made in America Office, of the longstanding statutory exemption from the Buy American Act for commercial information technology (IT) to determine if the original purpose or other goals of the exemption remain relevant in the current economic and national security environment.
    • Collectively, these and other efforts called for by the E.O. will promote greater economic and national security and further the Administration’s commitment to build back a stronger domestic manufacturing base, create good jobs, and ensure the U.S. economy remains strong, resilient, and ready to meet the challenges of the future. Strengthening implementation of the Buy American Act will send clear demand signals to domestic producers, spurring strategic investments in domestic supply chains.
    • In a fact sheet, the White House explained:
      • The proposed rule directs the following changes to strengthen Buy American requirements:
        • “Make Buy American Real” and close loopholes by raising the domestic content threshold. The Buy American statute says products bought with taxpayer dollars must “substantially all” be made in the U.S. However, today, products could qualify if just 55%–just over half—of the value of their component parts was manufactured here. The NPRM proposes an immediate increase of the threshold to 60% and a phased increase to 75%. This proposal would close a problematic loophole in the current regulation, while also allowing businesses time to adjust their supply chains to increase the use of American-made components. If adopted, this change would create more opportunities for small- and medium-sized manufacturers and their employees, including small and disadvantaged enterprises, from all parts of the country. To support this work, the Small Business Administration has created a new manufacturing office in its federal contracting division.
        • Strengthens domestic supply chains for critical goods with new price preferences. As the pandemic made clear, supply chain disruptions can impact the health, safety, and livelihoods of Americans—leaving us without access to critical goods during a crisis. Some products are simply too important to our national and economic security to be dependent on foreign sources. The NPRM proposes applying enhanced price preferences to select critical products and components identified by the Critical Supply Chain review, mandated under E.O. 14017, and the pandemic supply chain strategy called for under E.O. 14001. These preferences, once in place, would support the development and expansion of domestic supply chains for critical products by providing a source of stable demand for domestically produced critical products.
        • Increases transparency and accountability in Buy American rules. Reporting challenges have hampered implementation of Buy American rules for decades. Currently, contractors only tell the government if they meet the content threshold rather than reporting the total domestic content in their products. The NPRM proposes to establish a reporting requirement for critical products. The new reporting requirement would bolster compliance with the Buy American Act and improve data on the actual U.S. content of goods purchased. More complete and accurate data would be used to target future improvements to support America’s entrepreneurs, farmers, ranchers, and workers— and along the way, create good jobs and resilient communities.
  • Senate Commerce, Science, and Transportation Committee Chair Maria Cantwell (D-WA) and Ranking Member Roger Wicker (R-MS) wrote Secretary of Commerce Gina Raimondo “urging her to robustly confront growing threats to American cybersecurity and privacy.” They called on the Department of Commerce to take previously recommended actions on matters within its jurisdiction to address cybersecurity, some of which have been pending for some time:
    • The Administration has correctly called for action, with the Department of Homeland Security issuing new requirements for U.S. pipeline operators and the Department of Justice moving to identify foreign hackers. DOC must also be part of the solution, given its already significant responsibilities. In September 2020, the U.S. Government Accountability Office identified the DOC as the lead agency for 49 of the 191 activities outlined in the 2018 National Cyber Strategy, more than any other federal agency. Among these activities, the NIST cybersecurity and privacy frameworks support the adoption of standards and best practices by industry, academia, and government institutions. In addition, NIST’s National Initiative for Cybersecurity Education supports universities, major corporations, the federal government, and others to develop the cybersecurity workforce of the future.
    • Given these emerging responsibilities, we were encouraged by your commitment to build on

    • NIST cybersecurity efforts, as expressed during your confirmation process before the Senate Commerce Committee. We urge you to take swift action on this important work and to ensure that the full range of NIST cybersecurity activities is appropriately resourced, with a particular focus on the following areas:
      • Developing the Cybersecurity Workforce. As of 2019, there were 300,000 unfilled cybersecurity jobs in the United States. DOC should swiftly and fully implement the cybersecurity workforce provisions from the HACKED Act, which passed as part of the FY 2021 NDAA after careful consideration within our committee. The HACKED Act directed
      • DOC to carry out the Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) program, an effort to attract and retain cybersecurity personnel through cooperation between educational institutions and industry. DOC should also continue its existing cybersecurity workforce activities performed via the National Initiative for      Cybersecurity Education.
      • Demonstrating New and Existing Cyber Capabilities. DOC should swiftly and fully implement the cybersecurity prize competitions directed by the CYBER LEAP Act, passed in FY 2021 NDAA after careful consideration within our committee. These challenges will demonstrate the potential for systems that make cyberattacks economically unattractive, improve federal agency response to cyberattacks, and increase the privacy, security, and safety on individuals while online. DOC should also continue to support the National Cybersecurity Center of Excellence—a public-private partnership to create practical cybersecurity solutions.
      • Ensuring Resilient Supply Chains. Consistent with the E.O. 14028, DOC should continue addressing cybersecurity supply chain risk, including by updating and, as appropriate, encouraging the adoption of software supply chain best practices. Actions should include a prompt update to NIST Special Publication 800-161, Cyber Supply Chain Risk Management Practices for Systems and Organizations, and continued work on advancing trustworthy networks and infrastructure, including zero trust architectures. Further, DOC should leverage its supply chain resilience activities—such as the sectoral reviews under E.O. 14017, the new supply chain task force, and the semiconductor incentives under the FY 2021 NDAA, as appropriate—to promote the availability of measurably secure hardware and software.
      • Addressing Emerging Technology. DOC should leverage its significant research experience to address the cybersecurity challenges and opportunities from emerging technologies such as artificial intelligence, quantum technology, advanced communications, and the Internet of Things. DOC should continue to support research within the Applied Cybersecurity Division, the Computer Science Division, and the Information Technology Laboratory, while expanding research in emerging areas, including interdisciplinary research and research between offices, to better prepare the United States for the effects of these technologies.
  • President Joe Biden nominated Thea Kendler to be the Assistant Secretary of Commerce for Export Administration. Currently, Kendler is an attorney at the United States (U.S.) Department of Justice’s National Security Division’s Counterintelligence and Export Control Section and is on the team of prosecutors waging the case against Huawei Chief Financial Officer Meng Wanzhou who is currently being detained in Canada for extradition to the U.S. Kendler would serve under the nominee for Under Secretary of Commerce for Industry and Security Alan Estevez.
    • In a bio, the White House summarized her background:
      • Thea Kendler is an experienced federal government attorney whose career focuses on national security and international trade law. As a trial attorney in the Department of Justice’s National Security Division, Counterintelligence and Export Control Section, Ms. Kendler partners with U.S. Attorney’s Offices and federal agents around the country to investigate and prosecute cases primarily involving export controls, economic espionage, and counterintelligence. Ms. Kendler frequently speaks to international audiences on strategic trade controls and conducts training for foreign government officials on best border security law enforcement practices.
      • Before joining the Justice Department in 2014, Ms. Kendler served as Senior Counsel in the Commerce Department’s Office of Chief Counsel for Industry and Security, providing legal advice on export controls regulations and enforcement to the Bureau of Industry and Security. Earlier in her career, she practiced in the International Trade section of the law firm Akin Gump Strauss Hauer & Feld LLP, where she conducted internal investigations and represented corporate clients in export controls, antidumping and countervailing duty, and Customs proceedings. 
      • Ms. Kendler graduated from the University of Pennsylvania Law School, where in her third year she received a Foreign Language and Area Studies (FLAS) grant from the U.S. Department of Education to further her Chinese study.  Her undergraduate degree is from Princeton University with a concentration in the School of Public and International Affairs and certificates in East Asian Studies and Chinese Culture.  While in college, she studied Chinese in Beijing, China, and Japanese in Kanazawa, Japan.  Ms. Kendler is admitted to the New York and District of Columbia Bars.  She lives in Bethesda, Maryland, with her husband and two children.
  • Zoom settled a class action suit in the United States (U.S.) for $85 million that will bring to a close a number of suits filed against the videoconferencing company that will require a number of changes to shore up its privacy and security practices. These suits were filed after the beginning of the COVID-19 pandemic when ZOOM became very widely used. The court explained the salient parts of the settlement:
    • After a year and a half of hard-fought and contentious litigation, and months of concurrent settlement negotiations, the Parties present the Court with an agreement to settle Plaintiffs’ claims against Zoom Video Communications, Inc. (“Zoom”) on a nationwide, class basis. If approved, the Settlement will establish a non-reversionary cash fund of $85 million to pay valid claims, notice and administration costs, Service Payments to Class Representatives, and any attorneys’ fees and costs awarded by the Court. The Settlement also provides comprehensive injunctive relief designed to address the issues on which Plaintiffs’ claims are based. In sum, the Settlement provides an outstanding set of benefits to Class Members and merits preliminary approval.
    • In early 2020, usage of Zoom’s video conferencing services increased dramatically in response to the COVID-19 pandemic. See Dkt. No. 179, Second Amended Complaint (“SAC”) ¶ 75. Shortly thereafter, reports announced that Zoom claimed to have end-to-end encryption, when in fact Zoom did not offer true end-to-end encryption. Id. ¶¶ 160-73. Plaintiffs alleged that Zoom improperly shared its users’ data without notice or consent through the use of third party software integrations from companies such as Facebook (id. ¶¶ 76-89) and Google (id. ¶¶ 109-14). Additionally, Zoom meetings became the target of “Zoombombings”—i.e., unwanted and unauthorized interruptions of Zoom meetings which caused numerous problems and disruptions for Zoom and its users. Id. ¶¶ 174-80.
    • Zoom has agreed to over a dozen major changes to its practices, designed to improve meeting security, bolster privacy disclosures, and safeguard consumer data. Id. ¶ 3. For example, Zoom agreed to provide in-meeting notifications to make it easier for users to understand who can see, save, and share Zoom users’ information and content by alerting users when a meeting host or another participant uses a third-party application during a meeting. Id. ¶ 3.1(n). Separately, Zoom will ensure that its privacy statement will disclose the ability of Zoom users to share user data with third parties via integrations third party software, or otherwise to record meetings, and/or to transcribe meetings. Id. ¶ 3.1(m). The Settlement also requires Zoom to (i) not reintegrate the Facebook SDK for iOS into Zoom meetings for a year and will request that Facebook delete any U.S. user data obtained from the SDK (id. ¶ 3.1(e),(f)); (ii) develop and maintain, for at least three years, documented protocols and procedures for admitting third party applications for dissemination to users through Zoom’s “Marketplace” (id. ¶ 3.1(i)); (iii) develop and maintain a user-support ticket system for internal tracking of, and communication with users about reports of meeting disruptions (id. ¶ 3.1(c)); (iv) develop and maintain a documented process for communication with law enforcement about meeting disruptions involving illegal content, including dedicated personnel to report serial meeting disrupters to law enforcement (id.); (v) develop and maintain security features such as waiting rooms for attendees, the suspend meeting activities button, and blocking of users from specific countries for a minimum of three years (id. ¶¶ 3.1(b), 3.2). The Settlement also requires Zoom to better educate users about the security features available to protect meeting security and privacy, through dedicated space on the Zoom website and banner-type notifications. Id. ¶ 3.1(a). Zoom’s website will also have centralized information and links for parents whose children are using school-provisioned K-12 accounts. Id. ¶ 3.1(p).
  • A number of civil rights groups wrote the Federal Trade Commission (FTC) and called on the agency “to exercise the full extent of their rulemaking authority to ban corporate use of facial surveillance technology, ban continuous surveillance in places of public accommodation, and stop industry wide data abuse.” They used the example of Amazon’s varied smart devices and their data collection and processing and data privacy practices as an example of why stronger regulation is needed. These groups asserted:
    • With no oversight or accountability, corporations have flooded the market with Wi-Fi enabled smart devices. Though many companies sell connected devices, Amazon provides a perfect case study on how monopolistic power compounds unfair practices, and why the FTC must act to prevent further abuses wherever they occur.
    • One product line alone, Amazon Ring, includes doorbell and floodlight cameras, mailbox sensors, car cams, and soon indoor drones. These Ring devices collectively surveil millions of people — not only inside a purchaser’s home but extending to outside public and private spaces, including sidewalks where someone may walk their dog, and to neighboring yards where young children may play.
    • We are encouraged by the FTC’s previous willingness to combat extractive and abusive data harvesting. For example, the agency’s recent order against app developer Everalbum requires the company to delete not only its ill-gotten data, but also the facial recognition models or algorithms developed with users’ data.
    • Rulemaking is needed to stop widespread systematic surveillance, discrimination, lax security, tracking of individuals, and the sharing of data. While Amazon’s smart home ecosystem, facial surveillance technology, and e-learning devices provide a good case study, these rules must extend beyond this one technology corporation to include any entity collecting, using, selling, and/or sharing personal data.
  • The European Union Agency for Cybersecurity (ENISA) issued a report – Threat Landscape for Supply Chain Attacks, “which analysed 24 recent attacks, strong security protection is no longer enough for organisations when attackers have already shifted their attention to suppliers.” ENISA summarized its recommendations on how organizations can mitigate supply chain attacks:
    • Apply good practices and engage in coordinated actions at EU level.
    • The impact of attacks on suppliers may have far reaching consequences because of the increased interdependencies and complexities of the techniques used. Beyond the damages on affected organisations and third parties, there is a deeper cause for concern when classified information is exfiltrated and national security is at stake or when consequences of a geopolitical nature could emerge as a result.
    • In this complex environment for supply chains, establishing good practices and getting involved in coordinated actions at EU level are both important to support all Member States in developing similar capabilities – to reach a common level of security.
    • The report issues an extensive number of recommendations for customers to manage the supply chain cybersecurity risk and to manage the relationship with the suppliers.
    • Recommendations for customers include:
      • identifying and documenting suppliers and service providers;
      • defining risk criteria for different types of suppliers and services such as supplier & customer dependencies, critical software dependencies, single points of failure;
      • monitoring of supply chain risks and threats;
      • managing suppliers over the whole lifecycle of a product or service, including procedures to handle end-of-life products or components;
      • classifying of assets and information shared with or accessible to suppliers, and defining relevant procedures for accessing and handling them.
      • The report also suggests possible actions to ensure that the development of products and services complies with security practices. Suppliers are advised to implement good practices for vulnerability and patch management for instance.
    • Recommendations for suppliers include:
      • ensuring that the infrastructure used to design, develop, manufacture, and deliver products, components and services follows cybersecurity practices;
      • implementing a product development, maintenance and support process that is consistent with commonly accepted product development processes;
      • monitoring of security vulnerabilities reported by internal and external sources that includes used third-party components;
      • maintaining an inventory of assets that includes patch-relevant information.
  • Twitter announced a collaboration “with The Associated Press (AP) and Reuters to expand our efforts to identify and elevate credible information on Twitter.” The organizations explained:
    • This joint work will increase the scale and speed of the current work outlined above by: 
      • Increasing and improving context sharing: Ensuring that credible information is available in real time around key conversations as they emerge on Twitter, especially where facts are in dispute or when Twitter’s Curation team doesn’t have the specific expertise or access to a high enough volume of reputable reporting on Twitter. For example, people on Twitter can expect more Trends with contextual descriptions and links to reporting from trusted sources more frequently.
      • Anticipating and proactively identifying emerging conversation: Proactively providing context on topics garnering widespread interest including those that could potentially generate misleading information. Rather than waiting until something goes viral, Twitter will contextualize developing discourse at pace with or in anticipation of the public conversation.
      • Improving the effectiveness of product features: Supporting product experimentation and existing initiatives where additional credible context could make our work better. For example, Birdwatch will use feedback from AP and Reuters as one way to assess the quality of information elevated by Birdwatch participants.
      • During this initial phase of the program, AP and Reuters will focus on English-language content. 
  • The House Energy and Commerce Committee’s Consumer Protection and Commerce Subcommittee Ranking Gus Bilirakis (R-FL) and Representative John Curtis (R-UT) sent letters to Facebook CEO Mark Zuckerberg, YouTube CEO Susan Wojcicki, and Snapchat CEO Evan Spiegel. They wrote:
    • We are especially concerned by recent reports suggesting children ages thirteen and under that were surveyed across the United States are actively using [Facebook/Instagram/Snapchat/YouTube], despite this being a clear violation of your terms of service. We acknowledge the challenging task of policing your site for underage or fake accounts, but increased attention must be placed on ensuring underage children are not using these sites and exposed to inappropriate content.
    • Given these concerns, we kindly request responses to the following questions by July 16, 2021:
      • What specific steps do you take to identify an underage user that is violating your terms of service?
      • What specific steps do you take or are planning to take to ensure underage users cannot access content on [Facebook/Instagram/Snapchat/YouTube]?
      • What specific steps do you take to accurately verify a potential user’s identity before they can successfully use [Facebook/Instagram/Snapchat/YouTube]? Are there more actions that you believe you can take to strengthen your verification methods to protect against underage users and from adversaries attempting to undermine our American ideals through [Facebook/Instagram/Snapchat/YouTube]? If so, what are these actions?
      • What steps do you take or are you planning to take to protect younger users against sexually offensive and other type of inappropriate content? When a parent reaches out to [Facebook/Instagram/Snapchat/YouTube] for help related to such content, what steps do you take?
      • What steps do you understand Congress should take to help protect our children from offensive content on [Facebook/Instagram/Snapchat/YouTube] and from foreign adversaries using this platform to influence American society?
  • The White House launched the National Artificial Intelligence (AI) Research Resource Task Force that “is tasked with building an implementation plan to realize a National AI Research Resource that would make AI research and development (R&D) equitable and accessible to all Americans.” This new task force also issued “Request for Information (RFI) on an Implementation Plan for a National Artificial Intelligence Research Resource” to “inform its work.” The White House stated:
    • The meeting opened with remarks from the Task Force Co-Chairs, Dr. Lynne Parker, Director of the National AI Initiative at the White House Office of Science and Technology Policy, and Dr. Erwin Gianchandani, Senior Advisor for Translation, Innovation, and Partnerships at the National Science Foundation.
    • Dr. Parker thanked the Task Force members for their service and willingness to lend their expertise to the effort to expand access to the resources that fuel AI research. She outlined the Congressional mandate for the Task Force and framed the vision of a National AI Research Resource that would provide AI researchers and students across scientific fields with access to advanced computing frameworks, high-quality datasets, and educational tools and user-support mechanisms.
    • Dr. Gianchandani then moderated a discussion among the Task Force members that delved into the key characteristics that could be envisioned for a National AI Research Resource as well as the technical and policy considerations that the Task Force will explore.
    • To provide a foundation for the Task Force’s future deliberations, he shared initial lessons learned from a range of federal pilot efforts to enhance access to commercial cloud offerings for federally funded AI R&D. Next, representatives from the National Institutes of Health (NIH) Science and Technology Research Infrastructure for Discovery, Experimentation, and Sustainability (STRIDES) initiative joined the meeting to share the model they have developed to connect NIH-funded researchers with commercial cloud resources. The Task Force members expressed their interest in learning how these experiments demonstrated the ways in which public-private partnerships can serve to inform and advance a National AI Research Resource.
    • The Task Force members discussed the timeline for their work and components of the implementation plan mandated by Congress. They considered proposed working groups to concentrate on key capabilities and considerations, and how to bring in substantial external engagement to inform their work through a wide range of perspectives and expertise. The Task Force members emphasized the importance of gathering input from the public through a Request for Information that is open for comment through September 1, 2021.
  • Consumer Reports’ Digital Lab “along with a coalition of partners, is embarking on an ambitious project called Broadband Together to investigate the state of internet access in the U.S. CR will analyze thousands of consumer ISP bills from across the country to better understand what factors determine why and how ISPs charge the prices they do, and what information is and is not included in monthly bills.” Digital Lab is directing people to go to “www.broadbandtogether.org to participate, and share your bill today.” Digital Lab is seeking to revive a transparency initiative to bring great insight into cable and wirless bills the Federal Communications Commission (FCC) made part of part their net neutrality rules during the Obama Administration that were ultimately rescinded. Digital Labs stated:
    • In 2015, the FCC issued a second Open Internet Order, which not only aimed to set net neutrality rules that could withstand legal challenge, but also enhanced and strengthened the pricing transparency rules. Specifically, it required ISPs to disclose: 
      • the full monthly service charge, including promotional and standard rates, all one-time and/or recurring fees, and whether data caps would be imposed;
      • performance metric data specific to geographic location; and 
      • if the consumer’s internet usage would trigger “a network practice” likely to affect their service, as when, for example, a data cap triggers “throttling” or significant overage fees.
    • The 2015 order also laid out plans for a uniform—but voluntary—disclosure format that ISPs could use to satisfy the new transparency requirements. And in 2016 the FCC released the format: a broadband consumer label modeled on the Nutrition Facts label. If ISPs had decided to use this voluntary safe harbor, it would have represented a genuine move towards price transparency, and been a clear win for consumers.
    • But it was not to be. In 2017, over the protests of CR and other consumer groups, the newly installed FCC chair Ajit Pai pushed the agency to issue the Restoring Internet Freedom Order, which both overturned the 2015 net neutrality rules and tossed out the stricter transparency standards, including the voluntary broadband nutrition label.

Further Reading

  • ‘It has to be known what was done to us’: Natick couple harassed by eBay tell their story for the first time” By Aaron Pressman — Boston Globe. Natick resident David Steiner was puttering in his garage on a sunny Sunday morning when a neighbor walking a dog called out to him: “Hey, your fence has been tagged.”Steiner, who with his wife, Ina, publishes a news website about the e-commerce industry from their home, thought his neighbor must be joking — who would be graffitiing his new white vinyl fence on their quiet, tree-lined street?
  • What Should Happen to Our Data When We Die?” By Adrienne Matei — The New York Times. The new Anthony Bourdain documentary, “Roadrunner,” is one of many projects dedicated to the larger-than-life chef, writer and television personality. But the film has drawn outsize attention, in part because of its subtle reliance on artificial intelligence technology. Using several hours of Mr. Bourdain’s voice recordings, a software company created 45 seconds of new audio for the documentary. The A.I. voice sounds just like Mr. Bourdain speaking from the great beyond; at one point in the movie, it reads an email he sent before his death by suicide in 2018.
  • Canadian justice lawyer: US didn’t mislead in Huawei arrest” By Jim Morris — Associated Press. There is no evidence to support defense allegations the U.S. acted in bad faith or omitted evidence in an attempt to mislead an extradition hearing for a top executive at Chinese communications giant Huawei Technologies, a Canadian government lawyer said Thursday. The argument came in a hearing for Meng Wanzhou, who is Huawei’s chief financial officer as well as the daughter of the company’s founder, was arrested by Canadian authorities at Vancouver’s airport in late 2018. The U.S. wants her extradited to face fraud charges.
  • Call Me a Traitor: Daniel Hale exposed the machinery of America’s clandestine warfare. Why did no one seem to care?” By Kerry Howley — New York Magazine. Daniel Everette Hale was the best dishwasher in Nashville. He was faster, more efficient, more knowledgeable about the machinery that makes a restaurant run. He could predict when the kitchen would need bowls and when small plates; he could take apart the dishwasher and deliver an impromptu lecture on the proper cleaning thereof. He was 31, slight, with a buzz cut and tattoos down his taut forearms, and while he thought himself the best, in the minds of the men for whom he worked he was a touch too invested. If something broke, such as a spray nozzle, he’d show up the next day with a new spray nozzle and tools to install it, having never checked with management at all, at which point management might say, “Daniel, we already had a backup spray nozzle.” Despite the excellence of his washing, he had been fired many times from many kitchens for generally being a pain in the ass. He was, for instance, persistently pressing the staff to demand higher wages and was repeatedly disappointed that the staff seemed uninterested.
  • Operation Fox Hunt: How China Exports Repression Using a Network of Spies Hidden in Plain Sight” By Sebastian Rotella and Kirsten Berg — ProPublica. On the hunt again, the cop from Wuhan rolled into New Jersey on a secret reconnaissance mission. Hu Ji watched the suburban landscape glide past the highway. He was in his early 40s, about 6-foot-1, smooth and confident-looking. His cases had led from Fiji to France to Mexico, making headlines back home. The work was riskier here; in fact, it was illegal. But he knew the turf. He’d identified himself as a Chinese police officer on his tourist visa, and the Americans hadn’t given him any trouble. Sometimes, it was best to hide in plain sight.
  • Industry, Unions Urge Congress to Speed Semiconductor Bills” By Daniel Flatley — Bloomberg. Congress must act quickly to bolster semiconductor manufacturing in the U.S., according to a letter from several trade groups and unions delivered to House and Senate leaders on Thursday. “Strengthening the U.S. position in semiconductor research, design, and manufacturing is a national priority,” reads the letter, organized by the Semiconductor Industry Association.
  • DarkSide ransomware gang returns as new BlackMatter operation” By Lawrence Abrams — Bleeping Computer. Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. After conducting an attack on Colonial Pipeline, the US’s largest fuel pipeline, and causing fuel shortages in the southeast of the USA, the DarkSide ransomware group faced increased scrutiny by international law enforcement and the US government.
  • Tencent Sinks After China Denounces Online Gaming” By Chong Koh Ping — Wall Street Journal. Shares of Tencent Holdings Ltd. and rivals fell Tuesday after a state-owned Chinese newspaper criticized online gaming as “opium for the mind,” fueling investor concerns that the companies’ popular games could be swept up into a broader regulatory crackdown. Within hours the article was no longer accessible on the paper’s website, before later reappearing with some of its harsher language removed. Meanwhile, Tencent said it would introduce stricter curbs on younger users.
  • Phantom Warships Are Courting Chaos in Conflict Zones” By Mark Harris — WIRED. On September 17 last year, the largest ship in the UK’s Royal Navy, the aircraft carrier HMS Queen Elizabeth, steamed majestically towards the Irish Sea. The 283-meter-long fleet flagship was flanked by an escort of destroyers and smaller ships from the UK, Dutch, and Belgian navies. The six vessels moving in close formation would have made an awe-inspiring spectacle—if they had actually been there. In fact, satellite imagery of their supposed locations shows nothing but deep blue sea, and news reports suggest the warships were actually scattered in distant ports at the time. The Queen Elizabeth and its flotilla were previously unreported victims of a disturbing trend: warships having their positions—and even entire voyages—faked using the automatic identification system, a wireless radio technology designed to prevent collisions at sea.
  • Hackers used never-before-seen wiper in recent attack on Iranian train system” By  Jonathan Greig — ZDNet. Researchers with cybersecurity company SentinelOne reconstructed the recent cyberattack on Iran’s train system in a new report, uncovering a new threat actor — which they named ‘MeteorExpresss’ — and a never-before-seen wiper. On July 9, local news outlets began reporting on a cyberattack targeting the Iranian train system, with hackers defacing display screens in train stations by asking passengers to call ‘64411’, the phone number of Iranian Supreme Leader Khamenei’s office. 
  • GOP: Biden not doing enough to help Cubans access internet” By Adriana Gomez Licon — Associated Press. House Republican Leader Kevin McCarthy and fellow GOP politicians accused President Joe Biden on Thursday of not doing more to help Cubans on the island get access to the internet. Internet service was cut off at one point during a July 11 protest against the communist government, but Cuban authorities have not explicitly acknowledged that they did it. Service is still spotty across the island more than three weeks later.
  • FTC’s economics witness out, in new blow to court fight with Facebook” By Leah Nylen — Politico. The lead economics expert in the Federal Trade Commission’s antitrust suit against Facebook has parted ways with the agency, two individuals familiar with the case said — adding yet another impediment to the regulator’s largest court fight. The FTC is now looking for a new expert, just three weeks before the agency must decide whether to file the new version of the Facebook lawsuit after a D.C.-based judge threw it out last month.
  • An Obsession With Secrets” By Shira Ovide — The New York Times. Before visitors set foot inside many tech company offices, they must sign a (digital) promise not to blab about what they overhear or see there. Religious leaders in the United States entered into legally binding agreements not to talk in detail about their online worship collaboration with Facebook. And Amazon demanded that testers of a revealing body-scanning technology not reveal anything about the experience. Nondisclosure agreements like these have become a fixture for many influential people and institutions that want to keep secrets, sometimes for understandable reasons and other times for horrifying ones. NDAs and similar legal agreements have been used to cover up sexual abuse and harassment and discrimination at work.
  • National cyber director endorses plan for a bureau to collect, analyze threat data” By Tonya Riley — cyberscoop. National Cyber Director Chris Inglis called for the creation of a bureau of cyber statistics while outlining his priorities for the office in a speech Monday. The idea, initially proposed by Congress’s bipartisan Cyberspace Solarium Commission, would require the Department of Homeland Security to collect, process, and analyze statistics relevant to cyber threats and cybercrimes. It would require organizations that provide incident response services or cyber insurance to report information every 180 days. Inglis was a member of the same commission prior to his current role.

Coming Events 

  • 12 August
    • The Senate Judiciary Committee will markup the “State Antitrust Enforcement Venue Act of 2021” (S.1787), “a bill to ensure state attorneys general are able to remain in the court they select rather than having their cases moved to a court the defendant prefers” per a May 2021 press release issued by Senators Mike Lee (R-UT) and Amy Klobuchar (D-MN).
  • 1 September
    • The House Armed Services Committee will mark up the FY 2022 National Defense Authorization Act (H.R.4395).
  • 30 September
    • The Federal Communications Commission (FCC) will hold an open meeting. No agenda has been announced as of yet.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Micah Tindell on Unsplash

Image by Here and now, unfortunately, ends my journey on Pixabay from Pixabay

Published by Michael Kans

An attorney who specializes in technology policy, law, and politics with other areas of expertise.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s