Other Developments, Further Reading, and Coming Events (17 August 2021)

Subscribe to my newsletter, The Wavelength, if you want the content on my blog delivered to your inbox four times a week before it’s posted here.

Photo by David M. Goehring or CarbonNYC on Flickr; Find the original here.

Other Developments

  • Senator John Kennedy (R-LA) introduced the “Don’t Push My Buttons Act” (S.2335) “in response to social media platforms that track personal data to polarize and provoke online users” according to his press statement. Kennedy claimed that “[t]he bill would deny legal immunity under the Communications Act of 1934 to platforms that leverage user data to promote divisive content without permission from those users.” Kennedy continued:
    • Many social media platforms collect data to identify their users’ “hot buttons”—divisive issues that create strong emotional responses or reactions. The companies then employ algorithms that intentionally show their users content designed to agitate them.  
    • The Don’t Push my Buttons Act would narrow the scope of the liability limitation provided under Section 230 of the Communications Act, denying immunity to platforms that use algorithms to optimize engagement by pushing divisive content into users’ feeds.
  • Two chairs of House Energy and Commerce Committee subcommittees wrote Facebook CEO Mark Zuckerberg “demanding answers to how the company is handling COVID-19 vaccine misinformation and disinformation” In their statement, Representatives Jan Schakowsky (D-IL) and Anna Eshoo (D-CA) argued their “letter follows several failures from Facebook to provide requested information on the topic, most recently to the Attorney General of the District of Columbia, Karl Racine.” Schakowsky and Eshoo contended:
    • The Attorney General of the District of Columbia, Karl Racine, has called on Facebook to publicly release the results of an internal study that reportedly examined the role the company has played in the spread of misinformation and disinformation throughout the pandemic. We agree with his assessment and urge you to publish the internal study. Identifying online communities who’ve had the most exposure to the falsehoods, lies and distortions that have appeared on your platform serves the best interests of global public health. It’s past time for Facebook to come clean about your role in prolonging the COVID-19 pandemic and commit to rectifying deadly mistakes that it has made in the past year.
    • Misinformation and disinformation have run rampant on Facebook and Instagram since the beginning of the epidemic. Facebook has housed, and even recommended, pages and groups that share misinformation about masks and handwashing, myths about children’s ability to contract COVID-19, false claims about the dangers of that COVID-19, and lies about vaccines efficacy. This content is undermining efforts to curb the pandemic and save lives, yet they continue to operate and spread their lies on your platform despite grave consequences. As a result, the pandemic rages on and people continue to die from COVID-19.
  • A loose coalition of groups are urging the Congress to pass a bill providing $52 billion for semiconductor manufacturing in the United States (U.S.) The Semiconductor Industry Association (SIA) “along with a broad coalition of 19 other tech, auto, medical, defense, and other business and labor groups” sent a letter to Congress asking the legislature “to enact funding for the semiconductor manufacturing, research, and design initiatives authorized in the “Creating Helpful Incentives for the Production of Semiconductors” (CHIPS) for America Act” per their statement. They claimed:
    • The share of global semiconductor manufacturing capacity in the U.S. has decreased from 37% in 1990 to 12% today, according to a report by SIA and the Boston Consulting Group (BCG). This decline is largely due to substantial subsidies offered by the governments of our global competitors, placing the U.S. at a competitive disadvantage in attracting new construction of semiconductor manufacturing facilities, or “fabs.” Additionally, federal investment in semiconductor research has remained flat as a share of GDP, while other governments have invested substantially in research initiatives to strengthen their own semiconductor capabilities, and existing U.S. tax incentives for R&D lag behind those of other countries. Furthermore, global semiconductor supply chain vulnerabilities have emerged in recent years that must be addressed through government investments in chip manufacturing and research, according to a separate SIA-BCG study.
  • France’s Commission nationale de l’informatique et des libertés (CNIL) “closed the injunction issued against AMAZON EUROPE CORE on 7 December 2020.” CNIL added:
    • On 7 December 2020, in addition to fining them 35 million euros, the CNIL’s restricted committee enjoined AMAZON EUROPE CORE, within three months, to inform the data subjects in advance and in a clear and complete manner, for example on the information banner on the home page of the “amazon.fr” website:
      • of the purposes of all cookies subject to consent,
      • of the means available to them to refuse them.
    • In view of the answers provided by AMAZON EUROPE CORE within the time limit set and considering that they have complied with the injunction it had issued, the restricted committee decided to close the procedure on 8 July 2021.
    • This closure relates only to the scope of the injunction issued by the restricted committee in its deliberation of 7 December 2020.
    • When the case was referred to it before the end of the adaptation period allowed to those involved by the CNIL, the restricted ommittee did not examine the compliance of the information banner provided on the site “amazon.fr” with the new rules on cookies, particularly concerning consent, which are clarified by the guidelines and the recommendation of 17 September 2020.
  • Senator Steve Daines (R-MT) “introduced a bill to crack down on big tech and online platforms’ ability to discriminate against users based on their political speech and beliefs…[that] would enforce equal access to political candidates on online platforms as well as create a provision to prohibit the removal of content based on political beliefs” per his press release. Daines claimed his “Preserving Political Speech Online Act” (S.2338) will:
    • Require the FTC to initiate a rulemaking to require online platforms and third-party advertisers to follow fair access and equal opportunity rules including: 
      • If an online platform permits a federal candidate to advertise they must allow all other candidates for the same office equal opportunity to advertise
      • The rates must be comparable for all candidates for the same office
      • An online platform may not censor any advertisement for a candidate
    • Require online platforms to maintain and make publicly available a complete record of political advertising purchases.
    • Require the FCC to initiate a rule making to apply the existing Section 315 laws to all licensees that engage in political advertising.
    • Update the ‘good faith’ provision in Section 230 to ensure that platforms can remove truly offensive material or material that promotes illegal activity. 
    • Create a new ‘bad faith’ provision that prohibits the removal of content based on the grounds of race, color, religion, sex, national origin, or political affiliation or speech. 
    • Exempt from the ‘bad faith’ provision platforms that operate services dedicated to a specific set of issues or beliefs. 
  • The Administrative Conference of the United States (ACUS) “adopted four recommendations at its virtual Seventy-fourth Plenary Session” including “Managing Mass, Computer-Generated, and Falsely Attributed Comments” and “Virtual Hearings in Agency Adjudication.” ACUS explained in its Federal Register notice:
    • Recommendation 2021-1, Managing Mass, Computer-Generated, and Falsely Attributed Comments. This recommendation offers agencies best practices for managing mass, computer-generated, and falsely attributed comments in agency rulemakings. It provides guidance for agencies on using technology to process such comments in the most efficient way possible while ensuring that the rulemaking process is transparent to prospective commenters and the public more broadly.
    • Recommendation 2021-4, Virtual Hearings in Agency Adjudication. This recommendation addresses the use of virtual hearings—that is, proceedings in which participants attend remotely using a personal computer or mobile device—in agency adjudications. Drawing heavily on agencies’ experiences during the COVID-19 pandemic, the recommendation identifies best practices for improving existing virtual-hearing programs and establishing new ones in accord with principles of fairness and efficiency and with due regard for participant satisfaction.
  • The United Kingdom’s Information Commissioner’s Office (ICO) laid out its plans for building on its May 2020 guidance on artificial intelligence and decisionmaking. The ICO explained:
    • We were clear from the outset that we wanted to make this guidance as practical and useful as possible. This reflects a key ICO aim to enable innovation and economic growth in the AI sector. We can only do this if the guidance we produce is practically applicable to real life situations.
    • To understand the impact that the guidance has had during the last year, we consulted with 56 organisations who make decisions about their customers using personal data and AI. This group included SMEs, public sector organisations and established technology organisations.
    • We asked these groups to tell us what worked well, what could be improved, and whether they had any further comments on the guidance.
    • The feedback was positive, and we are pleased that participants found the guidance useful and of high quality. We heard that the guidance provides a good foundation for improving awareness and understanding of the need for explanations relating to AI systems, and how to construct those explanations.
    • Respondents also said the guidance clearly defined the key elements needed to build explainable AI systems and when further detail was needed this was also easy to understand.
    • Areas the consultation identified to improve on included the length of the guidance. To address this point and ensure the key parts of the guidance are quickly accessible, we have added the “at a glance” sections separately alongside the guidance as a summary document. This pulls the fundamental elements of the guidance into one place and makes it easier to find them quickly.
  • The Federal Trade Commission (FTC) stated it “is adjusting its process for reviewing mergers to deal with a surge in merger filings.” The FTC continued:
    • In a new blog post, FTC Bureau of Competition Director Holly Vedova notes, “for deals that we cannot fully investigate within the requisite timelines [under the Hart Scott Rodino Act], we have begun to send standard form letters alerting companies that the FTC’s investigation remains open and reminding companies that the agency may subsequently determine that the deal was unlawful. Companies that choose to proceed with transactions that have not been fully investigated are doing so at their own risk.” 
    • When sent, the letters will remind companies that the FTC may subsequently determine that their deal is unlawful and seek to undo the transaction. 
  • The United Nations (UN) Human Rights Committee found that “Mauritius’ 2013 National Identity Card Act violates its citizens’ privacy rights, as there are no sufficient guarantees that the fingerprints and other biometric data stored on the identity card will be securely protected.” The committee explained:
    • Mauritius launched the country’s first identity card scheme back in 1985. In order to prevent multiple applications for an identity card with faked names and information, the authority amended its legislation in 2009 with additional biometric data requirements and increased penalties for non-compliance.  A new smart identity card was subsequently launched in 2013 to replace the old identity card. 
    • In addition to the printed information such as name, date of birth and gender, the new electronic ID card also contains a microchip storing data including fingerprints that can be read by an e-reader. The government explained that the fingerprint requirement was essential to tackle identity fraud.
    • M.M. refused to apply for the new smart ID card and took the Mauritius government to court, challenging the constitutionality of the new ID card scheme. The Supreme Court in 2015 ruled that even though there was expert evidence showing that biometric data retention was insecure and notoriously difficult to protect, the new ID card requirements had been made “in the interests of public order”.
  • United States Securities and Exchange Commission (SEC) Chair Gary Gensler issued a statement “on Investor Protection Related to Recent Developments in China.” Gensler stated:
    • Recently, the government of the People’s Republic of China provided new guidance to and placed restrictions on China-based companies raising capital offshore, including through associated offshore shell companies. These developments include government-led cybersecurity reviews of certain companies raising capital through offshore entities.
    • This is relevant to U.S. investors. In a number of sectors in China, companies are not allowed to have foreign ownership and cannot directly list on exchanges outside of China. To raise money on such exchanges, many China-based operating companies are structured as Variable Interest Entities (VIEs).
    • In such an arrangement, a China-based operating company typically establishes an offshore shell company in another jurisdiction, such as the Cayman Islands, to issue stock to public shareholders. That shell company enters into service and other contracts with the China-based operating company, then issues shares on a foreign exchange, like the New York Stock Exchange. While the shell company has no equity ownership in the China-based operating company, for accounting purposes the shell company is able to consolidate the operating company into its financial statements.
    • For U.S. investors, this arrangement creates “exposure” to the China-based operating company, though only through a series of service contracts and other contracts. To be clear, though, neither the investors in the shell company’s stock, nor the offshore shell company itself, has stock ownership in the China-based operating company. I worry that average investors may not realize that they hold stock in a shell company rather than a China-based operating company. 
    • In light of the recent developments in China and the overall risks with the China-based VIE structure, I have asked staff to seek certain disclosures from offshore issuers associated with China-based operating companies before their registration statements will be declared effective. In particular, I have asked staff to ensure that these issuers prominently and clearly disclose:
      • That investors are not buying shares of a China-based operating company but instead are buying shares of a shell company issuer that maintains service agreements with the associated operating company. Thus, the business description of the issuer should clearly distinguish the description of the shell company’s management services from the description of the China-based operating company;
      • That the China-based operating company, the shell company issuer, and investors face uncertainty about future actions by the government of China that could significantly affect the operating company’s financial performance and the enforceability of the contractual arrangements; and
      • Detailed financial information, including quantitative metrics, so that investors can understand the financial relationship between the VIE and the issuer.
    • Additionally, for all China-based operating companies seeking to register securities with the SEC, either directly or through a shell company, I have asked staff to ensure that these issuers prominently and clearly disclose:
      • Whether the operating company and the issuer, when applicable, received or were denied permission from Chinese authorities to list on U.S. exchanges; the risks that such approval could be denied or rescinded; and a duty to disclose if approval was rescinded; and
      • That the Holding Foreign Companies Accountable Act, which requires that the Public Company Accounting Oversight Board (PCAOB) be permitted to inspect the issuer’s public accounting firm within three years, may result in the delisting of the operating company in the future if the PCAOB is unable to inspect the firm.
  • Canada’s Communications Security Establishment (CSE) issued an update to its series of Cyber threats to Canada’s democratic process reports. The CSE made these findings:
    • Global trends
    • Democratic processes remain a popular target. After increasing from 2015 to 2017, the proportion of democratic processes targeted by cyber threat actors has remained relatively stable since 2017.
    • From 2015 to 2020, we judge that the vast majority of cyber threat activity affecting democratic processes can be attributed to state-sponsored cyber threat actors. These actors target democratic processes in pursuit of their strategic objectives (i.e., political, economic, and geopolitical).
    • Russia, China, and Iran are very likely responsible for most of the foreign state-sponsored cyber threat activity against democratic processes worldwide.
    • Cyber threat actors most often target some combination of voters, political parties, and election infrastructure. We judge that cyber threat actors likely perceive that directing their efforts at a combination of targets associated with a democratic process is more effective than targeting one group in isolation.
    • Between 2015 and 2020, cyber threat activity was directed at voters more often than against political parties and elections. This activity included online foreign influence activity as well as more traditional cyber threat activities, like information theft or denying access to important websites. We assess that it is likely that cyber threat actors perceive targeting voters to be a more effective and relatively easy way to interfere with democratic processes.
    • We assess that changes made around the world in response to the COVID‑19 pandemic, such as moving parts of the democratic process online or incorporating new technology into the voting process, almost certainly increased the cyber threat surface of democratic processes. Most significantly, threat actors can harness and amplify false narratives related to the COVID‑19 pandemic to decrease confidence in elections.
    • Implications for Canada
    • We assess that Canada’s democratic process remains a lower-priority target for state-sponsored cyber actors relative to other countries. However, we judge it very likely that Canadian voters will encounter some form of foreign cyber interference (i.e., cyber threat activity by foreign actors or online foreign influence) ahead of, and during, the next federal election. It is unlikely to be at the scale seen in the US.
    • In the event of a federal election during a pandemic, Elections Canada has plans in place to protect the health and safety of all participants in the electoral process. While any modifications to the electoral process have the potential to increase the cyber threat, we assess that the planned changes do not substantially expand the cyber threat to Canada’s democratic process.
  • The National Institute of Standards and Technology (NIST) “is in the process of a periodic review and maintenance of its cryptography standards and guidelines” and is requesting comments on the following publications that are under review:
  • The United States (U.S.) Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) announced “the extension of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force to July 31, 2023.” CISA added:
    • The Task Force, chaired by CISA and the Information Technology (IT) and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from large and small private sector organizations charged with identifying challenges and devising workable solutions and recommendations for managing risks to the global ICT supply chain.
    • Under the newly signed charter,  the Task Force will continue and conclude ongoing efforts such as the release of two additional products, which includes a report focused on liability protections for the private sector when sharing supply chain risk information, and a guide that will help small and medium-sized businesses better understand and manage their ICT SCRM needs to mitigate the effects in the event of a cyber incident. The Task Force will also continue to explore means for building partnerships, develop new resources, and collectively enhance ICT supply chain resilience.
  • Senators Angus King (I-ME) and James Lankford (R-OK), and Representatives Susan Wild (D-PA) and Mike Gallagher (R-WI) “introduced bipartisan, bicameral legislation aimed at protecting sensitive U.S. research from foreign adversaries, while also securing America’s valuable international partnerships that spur technological innovation.” They claimed further in their press statement that “[t]he legislation will advance key technology research in areas such as artificial intelligence and quantum science with trustworthy international partners while simultaneously securing these advancements from rival nations who seek to steal American technological breakthroughs.” They asserted:
    • Specifically, the legislation would require the Secretary of State, in consultation with the Director of the Office of Science and Technology Policy, the National Security Council, the Secretary of Energy, the Director of the National Science Foundation and the heads of other relevant agencies, to create a list of allied countries with which joint international research and cooperation would advance United States national interests and advance scientific knowledge in the key technology focus areas, as identified in the U.S. Innovation and Competition Act. Agencies would then be required to work with listed allies to develop general security policies and procedures in line with USICA requirements to prevent sensitive governmental, academic, and private sector research from being disclosed to adversaries. The Department of State will then be required to provide a report to Congress within a year identifying the most promising international research ventures leveraging resources and advancing research in key technology focus areas. 

Further Reading

  • CTRL-ALT-Delete? The internet industry’s D.C. powerhouse vanishes.” By Emily Birnbaum — Politico. Silicon Valley’s longtime voice in D.C. is in disarray. The Internet Association has been shedding staff, losing influence on Capitol Hill and shrinking to near-obscurity in media coverage of tech policy debates in Washington, even as the industry faces controversies ranging from alleged monopolization to privacy to how it treats its legions of workers.  
  • How Internet and TV providers get away with jacking up your bill” By Geoffrey Fowler — The Washington Post. I recently moved and needed to sign up for Internet and TV service. I chose a package that Comcast advertised would cost $90 per month. When the first bill arrived, it totaled — surprise! —$127.72. That’s 42 percent more. As I’ve learned, jacking up prices for service is perfectly legal. It’s also maddeningly common. My murky Comcast bill exposes a much deeper problem. The coronavirus pandemic taught us that being online is as important as having electricity.But there’s quite literally a price we pay as consumers for the way companies have cornered the market for Internet access. Across many American communities, one or two companies control how we get online — and treat us like captives. They obscure the truth on their bills. And when we don’t know what we’re paying for, we end up getting fleeced.
  • 5 tricks to lower your Internet bill” By Geoffrey Fowler — The Washington Post. If your Internet or cable bill is more than you can afford — or suddenly looks higher than you signed up for — you’re hardly alone. Many American Internet and cable TV companies employ a shell game of limited-time promotions and hidden, variable service fees to get us to pay more over time. The Biden administration has asked the Federal Communications Commission to address the shenanigans by requiring a “nutrition label” for broadband service, like you get with packaged food. But that could take some time.
  • The Assault on Our Privacy Is Being Conducted in Private” By Greg Bensinger — The New York Times. “You have zero privacy anyway,” Scott McNealy, the chief executive of Sun Microsystems, infamously declared more than 20 years ago. “Get over it.” Well, you shouldn’t get over it. The rise of social media, Google and online shopping and banking has made us far more exposed than back in the internet’s infancy in 1999. Today, personal data like your Social Security number, bank account information, passwords, purchases, political beliefs, likes and dislikes are stockpiled in central databases. That makes it more easily analyzed than ever before by companies that want to part you from your money, and easier for criminals to steal or for the government to sift through. Worse, we hand over much of it willingly.
  • Amazon and Google patch major bug in their DNS-as-a-Service platforms” By Catalin Cimpanu — The Record. At the Black Hat security conference today, two security researchers have disclosed a security issue impacting hosted DNS service providers that can be abused to hijack the platform’s nodes, intercept some of the incoming DNS traffic, and then map customers’ internal networks. Discovered by Shir Tamari and Ami Luttwak from cloud security company Wiz, the vulnerability highlights the amount of sensitive information collected by managed DNS platforms and their attractiveness from a cyber-espionage and intelligence data collection standpoint.
  • Mark Zuckerberg’s Metaverse Already Sucks” By Gian Volpicelli — WIRED UK. The Zuckerverse is coming. Just over a week ago, Facebook CEO Mark Zuckerberg announced, in a long interview with the Verge, that his social network is readying itself to become “a metaverse company.” First floated in Neal Stephenson’s 1992 sci-fi novel Snow Crash, the metaverse is an idealized immersive successor of the internet—a virtual space where billions of users will move, interact, and operate across myriad different but interoperable worlds and situations, always retaining their avatar identities, virtual possessions, and digital currencies. It is hard to pin the metaverse down (more on this later), but the shape one can make out amid the cyberpunk mist is some version of Ernest Cline’s novel Ready Player One meets Fortnite meets virtual reality meets blockchain. A game-y galaxy that seamlessly fuses with the meatspace. What matters is that metaverse is now the buzzword du jour and that Facebook wants a piece of it. The bad news is that Zuckerberg’s metaverse ambitions sound boring as hell.
  • What if Humans Just Can’t Get Along Anymore?” By Farhad Manjoo — The New York Times. At the broadest level, human history is a story about cooperation. Individually, we big-brained, hairless primates are fairly ridiculous creatures, easy pickings for any dad-bod Simba roaming the plains. But get us together and we achieve dominion over land and sky. Reluctantly, violently, often after exhausting every other possibility, people keep stumbling toward one another to get pretty much everything done. From the family to the village to the city, nation-state and global mega-corporation, cooperation and coordination among groups of increasing size and complexity is, for better or worse, how we all got to now.
  • U.K. Considers Blocking Nvidia Takeover of Arm Over Security” By Kitty Donaldson and Giles Turner — yahoo! finance. The U.K. is considering blocking a takeover of Arm Ltd. by Nvidia Corp. due to potential risks to national security, according to people familiar with the discussions. Nvidia, the biggest U.S. chip company by market capitalization, announced in September a $40 billion deal to acquire Arm from Japan’s SoftBank Group Corp., as part of a push to spread its reach in the surging market for semiconductors. SoftBank has been selling assets to raise cash for buybacks and fresh investments in startups.
  • Evidence suggests Russia’s SVR is still using ‘WellMess’ malware, despite US warnings” By Tim Starks — cyberscoop. President Joe Biden urging Vladimir Putin to crack down on cyberattacks coming from within Russian borders doesn’t seem to have convinced the Kremlin to give it up just yet. RiskIQ said in a report Friday that it uncovered active hacking infrastructure that Western governments attributed last summer to the Russian SVR intelligence agency-linked APT29 or Cozy Bear, which it used at the time to try to steal COVID-19 research.
  • Amazon will pay you $10 in credit for your palm print biometrics” By Zach Whittaker —Tech Crunch. How much is your palm print worth? If you ask Amazon, it’s about $10 in promotional credit if you enroll your palm prints in its checkout-free stores and link it to your Amazon account. Last year, Amazon introduced its new biometric palm print scanners, Amazon One, so customers can pay for goods in some stores by waving their palm prints over one of these scanners. By February, the company expanded its palm scanners to other Amazon grocery, book and 4-star stores across Seattle.
  • Sharri Markson says YouTube suspension of Sky News Australia is ‘cancellation of free speech’” By Amanda Meade — The Guardian. The News Corp Australia journalist Sharri Markson has told Fox News in the US that YouTube’s suspension of Sky News Australia for violating its Covid medical misinformation policy was “the most extreme cancellation of free speech imaginable”. Markson, the investigations writer at the Australian newspaper and a Sky News presenter, appeared on Tucker Carlson Tonight to talk about the seven-day YouTube ban imposed on Sky News Australia. YouTube has not identified which videos violated the policy but Sky had posted numerous videos disputing the seriousness of the disease and the need for lockdowns while promoting hydoxychlorquine or ivermectin.

Coming Events 

  • 1 September
    • The House Armed Services Committee will mark up the FY 2022 National Defense Authorization Act (H.R.4395).
  • 30 September
    • The Federal Communications Commission (FCC) will hold an open meeting. No agenda has been announced as of yet.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Brett Jordan on Unsplash

Photo by David M. Goehring or CarbonNYC on Flickr; Find the original here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s