Other Developments, Further Reading, and Coming Events (20 August 2021)

Antitrust, Artificial Intelligence, Big Data, Broadband, CISA, Coming Events, Competition, Cyber Crime, Cybersecurity, Data Flows, Data Protection, data security, DHS, ecommerce, Encryption, EU, FCC, FTC, Further Reading, GDPR, Misinformation, NIST, OSTP, Other Developments, People's Republic of China, privacy, Ransomware, Section 230, Social Media, Technology, Telecommunications, United States 23 Minutes

Subscribe to my newsletter, The Wavelength, if you want the content on my blog delivered to your inbox four times a week before it’s posted here.

Other Developments

  • Apple announced “new child safety features in three areas, developed in collaboration with child safety experts:
    • First, new communication tools will enable parents to play a more informed role in helping their children navigate communication online. The Messages app will use on-device machine learning to warn about sensitive content, while keeping private communications unreadable by Apple.
    • Next, iOS and iPadOS will use new applications of cryptography to help limit the spread of CSAM online, while designing for user privacy. CSAM detection will help Apple provide valuable information to law enforcement on collections of CSAM in iCloud Photos.
    • Finally, updates to Siri and Search provide parents and children expanded information and help if they encounter unsafe situations. Siri and Search will also intervene when users try to search for CSAM-related topics.
  • The Center for Democracy & Technology (CDT) articulated its belief that Apple’s above announcement “will threaten the security and privacy of its users and ultimately imperil secure messaging around the world.” CDT added:
    • Apple describes these new policies as an effort to protect children, which is unquestionably an important and worthy goal. Proliferation of child sexual abuse material (CSAM) is an abhorrent crime against which firm action is required. However, CDT is deeply concerned that Apple’s changes in fact create new risks to children and all users, and mark a significant departure from long-held privacy and security protocols.
  • Privacy International (PI) argued Apple’s “plans risk opening the door to mass surveillance around the world while arguably doing little to improve child safety.” PI asserted:
    • As one of the world’s biggest tech companies, the decisions Apple make matter. This is a clear signal to every government around the world that Apple – and inevitably their entire industry – have the technology and the will to carry out mass surveillance. By opening the floodgates, even for something as important as protecting children, Apple and the rest of the industry will inevitably be unable to resist doing the same for other reasons and for other governments.
    • While these plans are ostensbily aimed at improving child safety in the US, it is undeniable that the same technical approach an be widened to include other categories of images and content. Indeed, it has already been applied for counter-terrorism purposes, and there are consistent calls for tech companies to use such an approach to identify copyright infringments.
    • At the same time as opening the doors for global mass surveillance, such client-scanning technology will also arguably do little to improve child safety. It is an approach that is easily to circumvent: criminals will either simply not use iCloud, or over time be able to produce false negatives by modifying content to ‘game’ the scanning techniques to avoid detection. Conversely, such an approach could also result in false positives, allowing malicious actors to create images or other content in ways that the scanning technology misclassifies it as child sexual abuse. This is something that can be of particular interest for those wishing to silent whistleblowers, investigative journalists or political opponents, by simply sending them illegal content. In short, client-side scanning weakens the security of communications and opens the door to abuses.
  • The United Kingdom’s (UK) Competition and Markets Authority (CMA) “has provisionally found Facebook’s merger with Giphy will harm competition between social media platforms and remove a potential challenger in the display advertising market.” The CMA cautioned that if its “competition concerns are ultimately confirmed, it could require Facebook to unwind the deal and sell off Giphy in its entirety.” The CMA made available the following materials: Provisional Findings, Summary of provisional findings, Notice of provisional findings, and Remedies notice. The CMA summarized its findings:
    • Impact on social media platforms
      • Following an in-depth investigation, the CMA has provisionally found that Facebook’s takeover of Giphy will negatively impact competition between social media platforms.
      • Millions of posts every day on social media sites now include a GIF. Any reduction in the choice or quality of these GIFs could significantly affect how people use these sites and whether or not they switch to a different platform, such as Facebook. As most major social media sites that compete with Facebook use Giphy GIFs, and there is only one other large provider of GIFs – Google’s Tenor – these platforms have very little choice.
      • The CMA provisionally found that Facebook’s ownership of Giphy could lead it to deny other platforms access to its GIFs. Alternatively, it could change the terms of this access – for example, Facebook could require Giphy customers, such as TikTok, Twitter and Snapchat, to provide more user data in order to access Giphy GIFs. Such actions could increase Facebook’s market power, which is already significant. The CMA’s analysis suggests that Facebook’s platforms – Facebook, WhatsApp, and Instagram – account for over 70% of the time people spend on social media and are accessed at least once a month by 80% of all internet users.
    • Impact on digital ‘display’ advertising
      • Before the merger, Giphy was offering innovative paid advertising in the US, which had the potential to compete with Facebook’s own display advertising services. This allowed companies – including customers such as Dunkin’ Donuts and Pepsi – to promote their brands through visual images and GIFs.
      • The CMA found that, prior to the deal, Giphy was considering expanding its advertising services to other countries, including the UK. This would have brought a new player into the advertising market and a potential challenger to Facebook. It would also have encouraged greater innovation from others in the market, including social media sites and advertisers. However, Facebook terminated Giphy’s paid advertising partnerships following the deal, meaning an important source of potential competition has been lost.
  • The United States (U.S.) Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced “the standup of the Joint Cyber Defense Collaborative (JCDC)…a new agency effort to lead the development of cyber defense operations plans, and to execute those plans in coordination with partners from the federal interagency, private sector, and state, local, tribal, territorial (SLTT) government stakeholders to drive down risk before an incident and to unify defensive actions should an incident occur.” CISA explained:
    • CISA is establishing the JCDC to integrate unique cyber capabilities across multiple federal agencies, many state and local governments, and countless private sector entities to achieve shared objectives. Specifically, the JCDC will:
      • Design and implement comprehensive, whole-of-nation cyber defense plans to address risks and facilitate coordinated action;
      • Share insight to shape joint understanding of challenges and opportunities for cyber defense;
      • Implement coordinated defensive cyber operations to prevent and reduce impacts of cyber intrusions; and
      • Support joint exercises to improve cyber defense operations.
    • The initial industry partners that are participating in the JCDC include Amazon Web Services, AT&T, CrowdStrike, FireEye Mandiant, Google Cloud, Lumen, Microsoft, Palo Alto Networks, and Verizon.  This is only the beginning, as the JCDC will strive to include private sector and SLTT partners from across sectors as our focus areas expand.  Government partners include the Department of Defense, U.S. Cyber Command, the National Security Agency, the Department of Justice, the Federal Bureau of Investigation and the Office of the Director of National Intelligence, with Sector Risk Management Agencies joining the effort as we move forward.
    • In recent months, various major cyber incidents have had an impact on our critical infrastructure community and caused downstream consequences to Americans that rely on it for everyday functions. The federal government, SLTT governments, and the private sector work tirelessly to strengthen our defensive posture, but none of us can do it alone. As a community, the JCDC will deploy innovation, collaboration, and imagination to protect American businesses, government agencies, and our people against cyber intrusions.
  • The European Consumer Organisation (BEUC) “filed a complaint (with the European Commission and the European network of consumer authorities) against WhatsApp for multiple breaches of EU consumer rights” according to their press release. BEUC asserted:
    • The complaint is first due to the persistent, recurrent and intrusive notifications pushing users to accept WhatsApp’s policy updates. The content of these notifications, their nature, timing and recurrence put an undue pressure on users and impair their freedom of choice. As such, they are a breach of the EU Directive on Unfair Commercial Practices.
    • In addition, the complaint highlights the opacity of the new terms and the fact that WhatsApp has failed to explain in plain and intelligible language the nature of the changes. It is basically impossible for consumers to get a clear understanding of what consequences WhatsApp’s changes entail for their privacy, particularly in relation to the transfer of their personal data to Facebook and other third parties. This ambiguity amounts to a breach of EU consumer law which obliges companies to use clear and transparent contract terms and commercial communications.
    • WhatsApp’s conduct is aggravated by the fact that it keeps pushing users to accept a privacy policy which is currently under scrutiny by the European Data Protection Authorities for breaches of EU data protection law.3 BEUC’s consumer law complaint is separate from this ongoing scrutiny but we also call on the data protection authorities to speed up their investigations.  We urge the European network of consumer authorities and the network of data protection authorities to work in close cooperation on these issues.
  • The White House’s Office of Science and Technology Policy (OSTP) announced it “will develop clear and effective implementation guidance for [National Security Presidential Memorandum (NSPM-33)], working in close partnership with the National Security Council staff, fellow Cabinet agencies, and other federal agencies through the National Science and Technology Council.” The OSTP explained:
    • During its final week in office, the previous administration issued a National Security Presidential Memorandum (NSPM-33) to “strengthen protections of United States Government-supported R&D against foreign government interference and exploitation” while “maintaining an open environment to foster research discoveries and innovation that benefit our nation and the world.”
    • NSPM-33 implementation guidance will address three major areas:
      • Disclosure Policy — ensuring that federally-funded researchers provide their funding agencies and research organizations with appropriate information concerning external involvements that may bear on potential conflicts of interest and commitment;
      • Oversight and Enforcement — ensuring that federal agencies have clear and appropriate policies concerning consequences for violations of disclosure requirements and interagency sharing of information about such violations; and,
      • Research Security Programs — ensuring that research organizations that receive substantial federal R&D funding (greater than $50 million annually) maintain appropriate research security programs.
  • Senate Commerce, Science, and Transportation Committee Ranking Member Roger Wicker (R-MS) and Senate Minority Whip and Communications, Media, and Broadband Subcommittee Ranking Member John Thune (R-SD) wrote Federal Communications Commission (FCC) Acting Chair Jessica Rosenworcel “to request a status update on the agency’s long-form application review process for the Rural Digital Opportunity Fund (RDOF) Phase I auction, which awarded $9.2 billion over ten years to over 300 bidders to deploy high-speed broadband to over 5.2 million unserved homes and businesses in 49 states.” Wicker and Thune argued:
    • Today, we write to request a status update on the FCC’s long-form application review process. This application review process is critical to ensuring that winning bidders are capable of fulfilling their legal, technical, and financial obligations under the program and can deliver broadband services to rural areas as promised. Notably, the FCC cannot authorize money to winners until it reviews and approves a given provider’s long-form application.
    • We fully support a thorough review of long-form applications and expect the FCC to do so in a timely and transparent manner. Indeed, in January 2021, we joined a letter to then-FCC Chairman Ajit Pai requesting that the agency properly vet winning bidders in a public manner, and that it consider opportunities for public input on the applications. Despite these requests, the FCC’s review process remains unclear. Months have passed since winners submitted their long-form applications, and the agency has remained almost entirely silent about the status of its review and plans to authorize money to winning bidders.
    • Although we recognize the complexity of this process, the FCC’s prolonged evaluation of long-form applications must become more transparent and efficient. Each day that the Commission spends vetting long-form applications is another day that unserved Americans go without the high-speed broadband that is essential to everyday life. We urge the FCC to move quickly to finish this process and begin authorizing support to winning bidders.
  • The National Institute of Standards and Technology (NIST) released “a new draft cybersecurity white paper – Planning for a Zero Trust Architecture: A Starting Guide for Administrators, which provides a high-level overview of the NIST Risk Management Framework (NIST RMF) and how it can help in developing and implementing a zero trust architecture.” In the draft, NIST stated:
    • Zero trust (ZT) is the set of principles upon which information technology architectures are planned, deployed, and operated. ZT uses a holistic view that considers all potential risks to a given mission or business process and how they are mitigated. As such, there is no single specific infrastructure implementation or architecture, but it depends on the workflow (i.e., part of the enterprise mission) being analyzed and the resources that are used in performing that workflow. Zero trust strategic thinking can be used to plan and implement an enterprise IT infrastructure, which then could be said to be a zero trust architecture (ZTA).
    • Enterprise administrators and system operators need to be involved in the planning and deployment for a ZTA to be successful. ZTA planning requires input and analysis from system and workflow owners as well as professional security architects. Zero trust cannot be imposed from above onto an existing workflow but needs to be integrated into all aspects of the enterprise. This paper introduces some of the concepts in the NIST Risk Management Framework (RMF) to administrators and operators. The RMF lays out a set of processes and tasks that is integrated into enterprise risk analysis, planning, development, and operations. Administrators who may normally not perform the tasks detailed in the RMF may find that they will need to become familiar with them as they migrate to a ZTA.
    • NIST Special Publication 800-207 gives a conceptual framework for zero trust. While not comprehensive to all information technology it can be used as a tool to understand and develop a ZTA for an enterprise. NIST SP 800-207 also provides an abstract logical architecture that can be used to map solutions and gaps upon.
  • The United States (U.S.) Federal Deposit Insurance Corporation’s (FDIC) Office of the Inspector General (OIG) issued an audit titled “Security and Management of Mobile Devices.” The OIG stated:
    • The Federal Deposit Insurance Corporation (FDIC) deploys nearly 4,600 smartphones and
      more than 150 tablets to its employees and contractor personnel to support its business
      operations and communications. Although these mobile devices offer opportunities to
      improve business productivity, they also introduce the risk of cyber threats that could
      compromise sensitive FDIC data. The FDIC must implement proper controls to ensure that it effectively manages its inventory of mobile devices and the associated expenditures.
    • The FDIC uses a cloud-based mobile device management (MDM) solution to secure and
      manage its smartphones and tablets. The MDM solution performs a number of important
      functions, such as connecting mobile devices to the FDIC’s network, monitoring the security and configuration settings on the devices, and erasing sensitive FDIC data on the devices when users report them as lost or stolen.
    • The audit found that the FDIC had not established or implemented effective controls and
      practices to secure and manage its mobile devices in three of the nine areas assessed
      because the controls and practices did not comply with relevant Federal or FDIC
      requirements and guidance. Specifically, the audit determined that:
      • FDIC policies, procedures, and guidance were outdated and did not reflect current
        business practices pertaining to mobile devices, and they did not address key
        elements recommended by the National Institute of Standards and Technology
        (NIST). For example, FDIC policies did not address the Bring Your Own Device
        (BYOD) program nor the risks associated with personal use of FDIC-furnished mobile
        devices, such as downloading and using non-work related applications, and texting,
        messaging, and video.
      • The FDIC did not conduct Control Assessments of the MDM solution annually in order to ensure that controls were effective and operating as intended.
      • FDIC Logging and Monitoring practices were not guided by written procedures and did not provide for adequate separation of duties.
    • Controls and practices in the areas of Awareness Training, Billing Analysis, and Configuration Management were partially effective because they complied with some, but not all, relevant security requirements and guidelines. For example, the FDIC did not develop written procedures for testing software updates to its mobile devices or complete testing of software updates before allowing users to download and install them.
    • The FDIC implemented effective controls and practices in the areas of Asset Management,
      Incident Response, and Data Protection.
  • The High Court of Delhi directed the government’s lawyers to take instructions on a petition filed about data breaches in India. The Free Software Movement of India (FSMI) had filed a petition asking for government action per the law:
    • The Petitioner is General Secretary of FSMI (Free Software Movement of India). FSMI is a national coalition of various regional and sectoral free software movements  operating in different parts of India.
    • The Petitioner has filed this Petition praying for a direction to Respondent No.2 Computer Emergency Respondent Team -India (“CERT-In”) , which an office attached to the
      Respondent No.1, Union of India, for acting on the representation of the Petitioner and commence investigation and review of the recent data breaches of BigBasket, Domino’s, MobiKwik and Air India (all of which are mobile and/or online web applications collecting personal information from India’s residents for providing services). The data breaches have compromised sensitive personal and financial information of millions of users of these services.
    • The Petitioner wrote to the CERT-In on 11.11.2020, 30.03.2021, 21.04.2021, and on 22.05.2021 urging it to investigate the data breaches and update the citizens on what had transpired at Domino’s, MobiKwik, BigBasket and AirIndia as mandated by the CERT-In Rules as notified under S. 70B of the IT Act, 2000. The citizen charter of CERT-In lays down that the CERT-In shall acknowledge the grievances received by it, and that it shall redress the grievances within one month from the data of receipt of grievance. However, there was no response or acknowledgement of Petitioner’s emails and letters.
  • The European Parliament Think Tank issued a briefing on “Artificial Intelligence in smart cities and urban mobility” and reached these key findings:
    • Artificial Intelligence (AI) enabling smart urban solutions brings multiple benefits, including more efficient energy, water and waste management, reduced pollution, noise and traffic congestions. Local authorities face relevant challenges undermining the digital transformation from the technological, social and regulatory standpoint, namely (i) technology and data availability and reliability, the dependency on third private parties and the lack of skills; (ii) ethical challenges for the unbiased use of AI; and (iii) the difficulty of regulating interdependent infrastructures and data, respectively. To overcome the identified challenges, the following actions are recommended:
    • EU-wide support for infrastructure and governance on digitalisation, including high performance computing, integrated circuits, CPUs and GPU’s, 5G, cloud services, Urban Data Platforms, enhancing efficiency and ensuring at the same time unbiased data collection.
    • Inclusion of urban AI in EU research programs addressing data exchange, communication networks and policy on mobility and energy, enhancing capacity building initiatives, also through test and experimentation facilities.
    • Harmonising AI related policies in the EU, taking into account the context specificity: necessary research.
    • Adoption of innovative procurement procedures, entailing requirements for technical and
      ethically responsible AI.
  • Singapore’s Smart Nation and Digital Government Office (SNDGO) “published the second update on the Government’s personal data protection efforts,” “a key recommendation made by the Public Sector Data Security Review Committee (PSDSRC) in November 2019, to enhance transparency on how the Government uses and secures citizen data. SNDGO stated:
    • The number of government data incidents rose from 75 in FY2019 to 108 in FY2020. While the number of data incidents reported has increased by 44%, there has been a downward trend in their severity – none of these incidents were assessed to be of high severity, and all incidents were addressed within 48 hours. The increase in data incidents reported correlates with trends seen in the private sector and globally, as the exchange and usage of data grows. The increase also reflects increased awareness and improved understanding among public officers to report all data incidents, regardless of scale or impact.
    •  Out of the 108 government data incidents in FY2020, 6 were detected as a result of public reports made to the Government Data Security Contact Centre (GDSCC). The Centre was set up in April 2020 for members of the public to report data incidents involving government data or government agencies, and seeks to strengthen the Government’s capabilities to detect data incidents.
    •  Public officers found to have made unauthorised use or disclosure of government data will be held accountable. In 2021, several individuals had been charged under the Official Secrets Act (OSA) for the unauthorised disclosure of information related to Singapore’s response to COVID-19.
    • As of 31 March 2021, the Government has implemented 21 of the 24 initiatives arising from the five key recommendations by the PSDSRC. The 3 initiatives that have been implemented since 1 October 2020 are: 
      • The Data Privacy Protection Capability Centre (DPPCC): This centre was set up within GovTech in December 2020 to deepen the Government’s expertise in data privacy protection technologies. It will provide expert advice to agencies, and monitor emerging data privacy protection risks and recommend solutions to mitigate these risks.
      • Advanced Data Protection Technical Measures: Since its inception, the DPPCC has begun studying and implementing advanced technical measures to protect data in Government systems. An example is the de-identification modules to protect sensitive personal data and maintain data privacy, while enabling data to be used.
      • Amendments to the Personal Data Protection Act (PDPA): The amendments came into effect on 1 February 2021. These amendments strengthen the data protection accountability of non-Government entities and non-public officers who handle Government data. Punitive measures were introduced to hold these individuals accountable for the reckless handling, or intentional mishandling, of personal data.
    •  The remaining 3 of the 24 initiatives are technical measures, which require significant re-architecting of technical systems and more time to develop. The Government is on track to complete these initiatives as planned, by end-2023.
  • The Federal Trade Commission (FTC) revealed that “that Aristotle International, Inc. (Aristotle) has been removed from the list of self-regulatory organizations that police for compliance with the Children’s Online Privacy Protection Act (COPPA).” The agency stated “[o]perators of websites and online services that paid Aristotle fees to participate in its self-regulatory program can no longer receive favorable regulatory treatment.”
    • As part of its oversight of the COPPA Safe Harbor program, the FTC warned Aristotle earlier this year that the agency was concerned Aristotle may not have sufficiently monitored its member companies to ensure they were complying with its guidelines, as required by the COPPA Rule. After receiving an inadequate response from Aristotle, FTC staff told Aristotle that it planned to recommend that the Commission revoke its approval of the company’s safe harbor program. On June 1, Aristotle notified Commission staff that it was withdrawing from the COPPA safe harbor program.
    • Aristotle was one of seven FTC-approved Safe Harbor organizations and is the first to be removed from the list of FTC-approved children’s privacy self-regulatory programs since the COPPA Rule went into effect two decades ago. The COPPA Rule requires that operators of commercial websites and online services directed to children under the age of 13, or general-audience websites and online services that knowingly collect personal information from children under 13, notify parents about their information practices and obtain verifiable parental consent before collecting, using, or disclosing any personal information from children under the age of 13.
    • Organizations such as Aristotle operate self-regulatory COPPA “safe harbor” programs that certify compliance with the FTC’s COPPA Rule. In order to get FTC approval to operate their programs, such organizations must have guidelines that provide the same or greater protections for children as the COPPA Rule. They also must have an effective and mandatory mechanism in place to conduct independent assessments of member organizations’ compliance with the program guidelines. Companies certified as members of a safe harbor program are deemed to be in compliance with the COPPA Rule. The Commission approved Aristotle to operate a COPPA Safe Harbor program in 2012.
  • Computer Emergency Response Team (CERT) New Zealand (NZ) “says the majority of ransomware attacks occur through poorly configured remote access systems, which businesses use to allow staff to access systems from outside the office.” CERT NZ stated:
    • While there are a range of these in use, one of the most commonly used is Remote Desktop Protocol (RDP), with over 2,500 identified in New Zealand. RDP has a number of weaknesses, which means when it is used over the internet it can be exploited by attackers, and is a leading contributor to the ransomware incidents that CERT NZ receives.
    • CERT NZ is partnering with internet service providers to contact organisations that use internet-exposed RDP to provide advice on how they can make remote working more secure.
    • As RDP is often exploited by attackers to gain access to an organisation’s network, CERT NZ recommends organisations consider other options to enable remote working, such as a virtual private network (VPN). Good VPN solutions support two-factor authentication, which adds an extra layer of security, and are designed to be used over the internet.
    • More broadly, CERT NZ is concerned about the growing impact ransomware attacks are having on New Zealand.
    • CERT NZ has seen an increase in ransomware reports in the second quarter of 2021 (April to June), compared to the first quarter of the year. Reaching a total of 30 reports, this is the highest number of ransomware reports made to CERT NZ within one quarter.  
    • CERT NZ will soon be releasing more guidance for organisations about how to protect themselves against ransomware.

Further Reading

  • AT&T, Dish Strike $5 Billion Deal to Support Boost Mobile” By Drew FitzGerald — Wall Street Journal. AT&T Inc. struck a deal to carry Dish Network Corp.’s existing cellphone customers over its wireless network, bringing two erstwhile rivals closer as they each pursue more advanced 5G technology. The nonexclusive deal, disclosed in a securities filing Monday, would pay AT&T at least $5 billion over 10 years to support Dish’s consumer cellphone brands, which include Boost Mobile, Ting and Republic Wireless. The agreement also provides an avenue for AT&T to use some Dish wireless spectrum licenses to support both companies’ customers, according to the filing.
  • Google delays in-app billing crackdown after wave of US antitrust lawsuits” By Ron Amadeo — Ars Technica. Earlier this month, Google was sued by dozens of state attorneys general over its Play Store policies. Just over a week later, the company is essentially delaying the enforcement of one of its most significant upcoming changes: a decree that all Play Store apps must use Google’s in-app billing or face a ban. Developers can now request a six-month extension to the deadline. Back in September 2020, Google announced a crackdown on violations of its in-app billing rules. The Play Store rules have long said that apps must use Google’s billing system for in-app purchases (so that Google gets a cut), but many apps just ignored this rule without repercussions. Last year’s announcement said that this practice would end by September 30, 2021, and all in-app purchases—including subscriptions from the likes of Netflix and Spotify—would need to run through Google.
  • Zoom buys Five9 for $14.7 billion to ‘deliver even more happiness’” By Kim Lyons — The Verge. Videoconferencing platform Zoom is acquiring cloud contact center software company Five9 for $14.7 billion, the company announced. “We are continuously looking for ways to enhance our platform, and the addition of Five9 is a natural fit that will deliver even more happiness and value to our customers,” Zoom CEO Eric Yuan said in the announcement. He added that the deal will add more business clients to Zoom’s customer base, and that Five9 is “complementary” to its Zoom Phone cloud system.
  • How China Transformed Into a Prime Cyber Threat to the U.S.” By Nicole Perlroth — The New York Times. Nearly a decade ago, the United States began naming and shaming China for an onslaught of online espionage, the bulk of it conducted using low-level phishing emails against American companies for intellectual property theft.
  • U.S. Competition Policy Is Aligning With Europe, and Deeper Cooperation Could Follow” By Daniels Michaels and Brnet Kendall — Wall Street Journal. The European Union’s top antitrust regulator foresees greater alignment with the U.S. on competition enforcement, particularly in the tech sector, amid a broader policy reorientation under the Biden administration. EU Executive Vice President Margrethe Vestager, the bloc’s competition commissioner, said she expects “much more intense work when it comes to technology and the digitized market” between her team and Washington.
  • The struggle to make health apps truly private” By Sara Morrison — recode. Jonathan J.K. Stoltman already knew how hard it can be for people with addiction to find the right treatment. As director of the Opioid Policy Institute, he also knew how much worse the pandemic made it: A family member had died of an opioid overdose last November after what Stoltman describes as an “enormous effort” to find them care. So Stoltman was hopeful that technology could improve patient access to treatment programs through things like addiction treatment and recovery apps.
  • T-Mobile Investigating Claims of Massive Customer Data Breach” By Joseph Cox — Vice’s Motherboard. A day after this article was published, T-Mobile confirmed in an announcement that it suffered a data breach. The original story is below. T-Mobile says it is investigating a forum post claiming to be selling a mountain of personal data. The forum post itself doesn’t mention T-Mobile, but the seller told Motherboard they have obtained data related to over 100 million people, and that the data came from T-Mobile servers.
  • The foreigners in China’s disinformation drive” By Kerry Allen & Sophie Williams — BBC News. Foreign video bloggers denouncing what they say is negative coverage of China on highly controversial subjects such as Xinjiang are attracting large numbers of subscribers on platforms like YouTube. In recent years, the “vloggers” have been increasingly presenting themselves as China-lovers, spreading Communist Party disinformation. YouTube labels Chinese state media like broadcaster CGTN as government-funded. But there is little policing when it comes to individuals promoting similar narratives.
  • A New Tool Shows How Google Results Vary Around the World” By Tom Simonite — WIRED. Google’s claim to “organize the world’s information and make it universally accessible and useful” has earned it an aura of objectivity. Its dominance in search, and the disappearance of most competitors, make its lists of links appear still more canonical. An experimental new interface for Google Search aims to remove that mantle of neutrality. Search Atlas makes it easy to see how Google offers different responses to the same query on versions of its search engine offered in different parts of the world. The research project reveals how Google’s service can reflect or amplify cultural differences or government preferences—such as whether Beijing’s Tiananmen Square should be seen first as a sunny tourist attraction or the site of a lethal military crackdown on protesters.
  • Ireland’s Days as a Tax Haven May Be Ending, but Not Without a Fight” By Liz Alderman — The New York Times. On the crowded waterside quay of Dublin’s Silicon Docks neighborhood, Google’s European headquarters tower above the skyline. Facebook and Twitter are neighbors. The European bases of Apple, Pfizer and hundreds of U.S. multinationals are implanted around the country, symbols of the commerce produced by Ireland’s famously low corporate taxes. But the model that has fueled the so-called Celtic Tiger economy for decades is in peril, as a coalition of 130 nations works to overhaul a global tax system that Ireland depends on to lure businesses looking to reduce the taxes they pay.
  • Three months, 700 steps: Why it takes so long to produce a computer chip” By Jeanne Whalen — The Washington Post. Christopher Belfi was waiting tables in a lakeside resort near this Upstate New York town a decade ago when he got the career break he’d been waiting for — an invitation to work at a semiconductor factory. Belfi, who’d recently graduated from the State University of New York at Albany with a technology degree, started chatting with two customers who turned out to be managers at the nearby semiconductor factory. “I used to coach robotics teams in college. And so we were just talking about that. They left their business cards in my checkbook, and I applied and never turned back,” Belfi says.

Coming Events 

  • 1 September
    • The House Armed Services Committee will mark up the FY 2022 National Defense Authorization Act (H.R.4395).
  • 30 September
    • The Federal Communications Commission (FCC) will hold an open meeting. No agenda has been announced as of yet.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Dainis Graveris on Unsplash

Photo by Jonas Verstuyft on Unsplash

Published by Michael Kans

An attorney who specializes in technology policy, law, and politics with other areas of expertise.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s