Other Developments, Further Reading, and Coming Events (24 August 2021)

Antitrust, Artificial Intelligence, Big Data, CISA, Coming Events, Competition, COVID-19, Cyber Crime, Cybersecurity, Data Flows, Data Protection, data security, DHS, ecommerce, FTC, Further Reading, NIST, OMB, Other Developments, privacy, Technology, Telecommunications 22 Minutes

Subscribe to my newsletter, The Wavelength, if you want the content on my blog delivered to your inbox four times a week before it’s posted here.

Other Developments

  • The Federal Trade Commission split along party lines in voting to file an amended complaint against Facebook in its federal antitrust case and rejected the company’s complaint that Chair Lina Khan recuse herself. In late June, a federal court granted Facebook’s motion to dismiss against the FTC because it failure to makes its case under Section 2 of the Sherman Antitrust Act that Facebook “has monopoly power in the market for Personal Social Networking (PSN) Services.” The court stated the FTC may refile its case and laid out a map for doing so:
    • To guide the parties in the event amendment occurs, this Opinion also explains two further conclusions of law. First, even if the FTC had sufficiently pleaded market power, its challenge to Facebook’s policy of refusing interoperability permissions with competing apps fails to state a claim for injunctive relief. As explained herein (and in the Court’s separate Opinion in the States’ case), there is nothing unlawful about having such a policy in general. While it is possible that Facebook’s implementation of that policy as to certain specific competitor apps may have violated Section 2, such finding would not change the outcome here: all such revocations of access occurred in 2013, seven years before this suit was filed, and the FTC lacks statutory authority to seek an injunction “based on [such] long-past conduct.” FTC v. Shire ViroPharma, Inc., 917 F.3d 147, 156 (3d Cir. 2019). Regardless of whether the FTC can amend its Complaint to plausibly allege market power and advance this litigation, then, the conduct it has alleged regarding Facebook’s interoperability policies cannot form the basis for Section 2 liability. Second, the agency is on firmer ground in scrutinizing the acquisitions of Instagram and WhatsApp, as the Court rejects Facebook’s argument that the FTC lacks authority to seek injunctive relief against those purchases. Whether other issues arise in a subsequent phase of litigation is dependent on how the Government wishes to proceed.
    • In its press release, the FTC summarized its amended complaint:
      • The complaint alleges that after repeated failed attempts to develop innovative mobile features for its network, Facebook instead resorted to an illegal buy-or-bury scheme to maintain its dominance. It unlawfully acquired innovative competitors with popular mobile features that succeeded where Facebook’s own offerings fell flat or fell apart. And to further moat its monopoly, Facebook lured app developers to the platform, surveilled them for signs of success, and then buried them when they became competitive threats. Lacking serious competition, Facebook has been able to hone a surveillance-based advertising model and impose ever-increasing burdens on its users. 
      • The FTC filed the amended complaint today in the U.S. District Court for the District of Columbia, following the court’s June 28 ruling on the FTC’s initial complaint. The amended complaint includes additional data and evidence to support the FTC’s contention that Facebook is a monopolist that abused its excessive market power to eliminate threats to its dominance.
      • According to the amended complaint, a critical transition period in the history of the internet, and in Facebook’s history, was the emergence of smartphones and the mobile Internet in the 2010s. Facebook’s CEO, Mark Zuckerberg, recognized at the time that “we’re vulnerable in mobile” and a major shareholder worried that Facebook’s mobile weakness “ran the risk of the unthinkable happening – being eclipsed by another network[.]” 
      • After suffering significant failures during this critical transition period, Facebook found that it lacked the business talent and engineering acumen to quickly and successfully integrate its outdated desktop-based technology to the new era of mobile-first communication. Unable to maintain its monopoly or its advertising profits by fairly competing, Facebook’s executives addressed this existential threat by buying up the new mobile innovators, including its rival Instagram in 2012 and mobile messaging app WhatsApp in 2014, who had succeeded where Facebook had failed. The company supplemented its anticompetitive shopping spree with an open-first-close-later scheme that helped cement its monopoly by severely hampering the ability of rivals and would-be rivals to compete on the merits. By anticompetitively cementing its personal social networking monopoly, Facebook has harmed the competitive process and limited consumer choice.
      • As described in the amended complaint, after starting Facebook Platform as an open space for third party software developers, Facebook abruptly reversed course and required developers to agree to conditions that prevented successful apps from emerging as competitive threats to Facebook. By pulling this bait and switch on developers, Facebook insulated itself from competition during a critical period of technological change. Developers that had relied on Facebook’s open-access policies were crushed by new limits on their ability to interoperate. Facebook’s conduct not only harmed developers such as Circle and Path, but also deprived consumers of promising and disruptive mavericks that could have forced Facebook to improve its own products and services. 
      • The amended complaint bolsters the FTC’s monopoly power allegations by providing detailed statistics showing that Facebook had dominant market shares in the U.S. personal social networking market. The suit also provides new direct evidence that Facebook has the power to control prices or exclude competition; significantly reduce the quality of its offering to users without losing a significant number of users or a meaningful amount of user engagement; and exclude competition by driving actual or potential competitors out of business.
      • Facebook’s dominant position is also protected by significant barriers to entry, including high switching costs.  Over time, users of a personal social network build more connections and develop a history of posts and shared experiences, which they cannot easily transfer to another personal social networking provider.
      • Other significant barriers to entry include user-to-user effects, known as network effects, which make a personal social network more valuable as more users join the service. As the amended complaint notes, it is very difficult for a new entrant to displace an established personal social network in which users’ friends and family already participate.
  • T-Mobile confirmed reports of a massive data breach of customer persona; data. Vice reported the personal data of 100 T-Mobile users was for sale online, and while T-Mobile has put the figure lower, it has conceded it is still investigating. The company claimed:
    • We have continued to work around the clock on the forensic analysis and investigation into the cyberattack against T-Mobile systems while also taking a number of proactive steps to protect customers and others whose information may have been exposed.
    • Our investigation is ongoing and will continue for some time, but at this point, we are confident that we have closed off the access and egress points the bad actor used in the attack. Below is what we know to date.
    • We previously reported information from approximately 7.8 million current T-Mobile postpaid customer accounts that included first and last names, date of birth, SSN, and driver’s license/ID information was compromised. We have now also determined that phone numbers, as well as IMEI and IMSI information, the typical identifier numbers associated with a mobile phone, were also compromised. Additionally, we have since identified another 5.3 million current postpaid customer accounts that had one or more associated customer names, addresses, date of births, phone numbers, IMEIs and IMSIs illegally accessed. These additional accounts did not have any SSNs or driver’s license/ID information compromised.
    • We also previously reported that data files with information from about 40 million former or prospective T-Mobile customers, including first and last names, date of birth, SSN, and driver’s license/ID information, were compromised. We have since identified an additional 667,000 accounts of former T- Mobile customers that were accessed with customer names, phone numbers, addresses and dates of birth compromised. These additional accounts did not have any SSNs or driver’s license/ID information compromised.
    • Separately, we have also identified further stolen data files including phone numbers, IMEI, and IMSI numbers. That data included no personally identifiable information.
    • We continue to have no indication that the data contained in any of the stolen files included any customer financial information, credit card information, debit or other payment information.
    • As we previously reported, approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were exposed. We have proactively reset ALL of the PINs on these accounts. Similar information from additional inactive prepaid accounts was also accessed. In addition, up to 52,000 names related to current Metro by T-Mobile accounts may have been included. None of these data sets included any personally identifiable information. Further, none of the T-Mobile files stolen related to former Sprint prepaid or Boost customers.
  • The Office of Management and Budget (OMB) issued a memorandum titled “Protecting Critical Software Through Enhanced Security Measures”
    • Executive Order (EO) 14028, Improving the Nation’s Cybersecurity (May 12, 2021), recognizes the importance to the Federal Government of software security – and in particular, the security of “critical software,” as defined by the National Institute of Standards and Technology (NIST). The EO directs NIST to issue guidance on security measures for critical software, and further directs the Office of Management and Budget (OMB) to require agencies to comply with that guidance. The guidance from NIST, issued on July 8, 2021, outlines core security measures, the implementation of which is crucial for the protection of critical software.
    • This memorandum provides instructions for the implementation of those fundamental measures required to secure the use of software falling within the definition below and directs executive departments and agencies (hereafter referred to as agencies) to implement those measures in phases. Agencies should keep in mind that the measures identified in the guidance from NIST are not comprehensive; their adoption may not eliminate the need to implement additional security measures to satisfy requirements and objectives that lie outside the scope of the NIST guidance.
    • Government-wide implementation of NIST’s guidance for the use of critical software will occur through a phased approach. During the initial implementation phase, agencies should focus on standalone, on-premise software that performs security-critical functions or poses similar significant potential for harm if compromised. Such software includes applications that provide the following categories of services:
      • identity, credential, and access management (ICAM);
      • operating systems, hypervisors, container environments;
      • web browsers;
      • endpoint security;
      • network control;
      • network protection;
      • network monitoring and configuration;
      • operational monitoring and analysis;
      • remote scanning;
      • remote access and configuration management; and
      • backup/recovery and remote storage.
    • Agencies must review this guidance and ensure it is implemented across all categories of critical software described in section II.A. Subsequent phases of implementation will address additional categories of software, as determined by the Cybersecurity and Infrastructure Security Agency (CISA). The following categories of software, among others, will be included in those future phases:
      • software that controls access to data;
      • cloud-based and hybrid software;
      • software development tools, such as code repository systems, testing software, integration software, packaging software, and deployment software;
      • software components in boot-level firmware; and
      • software components in operational technology (OT).
  • The United States (U.S.) Department of Homeland Security (DHS) Science and Technology Directorate (S&T) published an “Artificial Intelligence and Machine Learning Strategic Plan” “which lays out an actionable path for S&T to advise and assist the Department in harnessing the opportunities of Artificial Intelligence and Machine Learning (AI/ML).” S&T stated:
    • The S&T AI/ML Strategic Plan defnes S&T’s approach to effectively address the opportunities and challenges that AI/ML poses to the Department, the broader Homeland Security Enterprise, and the missions they serve. The S&T  AI/ML Strategic Plan presents three goals:
    • GOAL 1: Drive Next-Generation AI/ML Technologies for Cross-Cutting Homeland Security Capabilities S&T will make strategic investments in AI/ML research and development activities that meet critical DHS needs. S&T has identified three R&D objectives: Advance Trustworthy AI, Advance Human Machine Teaming, and Leverage AI/ML for Secure Cyberinfrastructure. Advancing Trustworthy AI is an interdisciplinary effort to research and provide actionable solutions for issues such as explainable AI, privacy protection, countering bias, and countering adversarial machine learning. S&T will research Human Machine Teaming, optimizing human and machine interactions while limiting their weaknesses. In the area of Secure Cyberinfrastructure, S&T will research capabilities that allow data sharing and processing across systems, effective management of AI/ML models, and AI/ML capabilities that enable threat detection and response.
    • GOAL 2: Facilitate Use of Proven AI/ML Capabilities in Homeland Security Missions S&T will identify technically mature capabilities and match them to mission needs to facilitate understanding and adoption of existing AI/ML solutions by DHS Components and stakeholders. S&T will also advance capabilities that can be used by non specialists to curate and process large datasets, while advising the Department on the technical and policy infrastructure needed for AI/ML.
    • GOAL 3: Build an Interdisciplinary AI/ML-Trained Workforce
      S&T will recruit experts and train current personnel to improve AI/ML competence across the S&T workforce in order to more effectively achieve S&T missions. Additionally, S&T will provide expert advice and recommendations for training opportunities to the broader DHS and Homeland Security Enterprise (HSE) communities.
    • S&T’s approach to AI/ML is informed by national guidance and the DHS Artificial Intelligence Strategy. S&T leadership is committed to ensuring that AI/ML research, development, test, evaluation, and departmental applications comply with statutory and other legal requirements, and sustain privacy protections and civil rights and civil liberties for individuals. A subsequent S&T AI/ML Implementation Plan will detail how the S&T AI/ML Strategic Plan will be operationalized.
  • New Zealand’s Privacy Commissioner explained in a blog post how damages can be awarded for emotional harm under the Privacy Act:
    • Under the Privacy Act, the Human Rights Review Tribunal (“the Tribunal”) can award damages for emotional harm caused by a privacy breach. Damages are compensatory rather than punitive; the goal is to compensate individuals for specific harm rather than punish a defendant’s bad behaviour.
    • Calculating damages for emotional harm is not an exact science, especially when there has been no quantifiable financial loss. We have identified some factors contributing to the different amounts awarded for emotional harm in recent cases, which are helpful to consider when balancing the risks and benefits of taking your complaint to the Tribunal.
    • What damages can the Tribunal award?
    • The Tribunal can award damages if, as a result of a privacy breach, the complainant has:
      • suffered a pecuniary loss
      • reasonably incurred expenses
      • lost a benefit that they might reasonably have expected, or
      • suffered humiliation, loss of dignity, and injury to feelings.
    • The Tribunal has provided some useful guidance on quantifying emotional harm caused by a privacy breach. There are three broad bands of emotional harm: less serious breaches can see up to $10,000, more serious awards have ranged from $10,000 to $50,000, and the most serious awards have been more than $50,000.
  • The Office of the Privacy Commissioner of Canada (OPC) updated several guidance documents “to reaffirm some of the types of personal information generally considered sensitive in the context of the Personal Information Protection and Electronic Documents Act (PIPEDA).” The OPC stated:
    • The updated guidance includes considerations for businesses evaluating what types of information are “sensitive”. Under PIPEDA, organizations must protect personal information with appropriate safeguarding measures commensurate with the sensitivity of the information, and seek express consent when the information is likely to be considered sensitive.
    • These updates help to reflect how the OPC has interpreted sensitive information in the context of PIPEDA.
    • While under PIPEDA any personal information can be sensitive depending on the context, we have found that certain types of personal information will generally be considered sensitive because of the specific risks to individuals when said information is collected, used or disclosed.
    • The updated guidance sets out that certain types of information that will generally be considered sensitive and require a higher degree of protection. This includes health and financial data, ethnic and racial origins, political opinions, genetic and biometric data, an individual’s sex life or sexual orientation, and religious/philosophical beliefs.
    • The updates follow discussions with Industry, Science and Economic Development Canada (ISED) with respect to an ongoing review by the European Commission about the “adequacy” of Canada’s privacy legislation.
    • The General Data Protection Regulation (GDPR) requires adequacy decisions to be reviewed every four years. As a result, Canada’s adequacy status – which allows data to flow freely from the European Union (EU) to Canada – is now being reviewed.
    • An adequacy review involves a comprehensive assessment of the country’s privacy regime.
  • Amazon announced an extension of its “A-to-Z Guarantee to cover property damage and personal injury” and explained:
    • Amazon originally launched the A-to-z Guarantee more than 20 years ago to provide customers with a hassle-free return process for products sold and fulfilled by third-party sellers. This helped customers more confidently shop from sellers, raising the bar on customer experience and driving sellers’ growth.
    • Now, in the unlikely event a defective product sold through Amazon.com causes property damage or personal injury, Amazon will directly pay customers for claims under $1,000—which account for more than 80% of cases—at no cost to sellers, and may step in to pay claims for higher amounts if the seller is unresponsive or rejects a claim we believe to be valid. We are also launching Amazon Insurance Accelerator to help sellers buy insurance at competitive rates from trusted providers. We’re excited that these innovations create a more trustworthy shopping and selling experience for customers and sellers in our store.
  • The BBB National Programs Children’s Advertising Review Unit (CARU) issued “a revised version of the CARU Advertising Guidelines, widely recognized industry standards that ensure advertising directed to children is not deceptive, unfair, or inappropriate for its intended audience.” In their press release, BBB National Programs explained:
    • These Guidelines were revised to address newer digital and immersive forms of child-directed interactive media more specifically. 
    • CARU’s self-regulatory role is to review and evaluate advertising, whether in print or digital ads, on TV, on product labeling, or now, within games and apps, for truth, accuracy, appropriateness, and sensitivity to the uniquely impressionable child audience. The revised Guidelines extend this watchful eye to now include video, influencer marketing, apps, in-game advertising, and purchase options in games. 
    • Starting January 1, 2022, CARU will begin reviewing the marketplace for non-compliance with the revised Guidelines. Until that time, CARU will continue to review and evaluate advertising under the current Guidelines. 
    • To help advertisers prepare for the debut of the new Guidelines, we have highlighted six key changes: 
      • 1. Children: Under Age 13
      • The revised Guidelines now cover advertising primarily directed to children under age 13 in any media. The current Guidelines covered advertising directed to children under age 12. This change aligns with COPPA, the Children’s Online Privacy Protection Act, which provides protections against the online collection of personal information from children under age 13. 
      • At the same time, the revised Guidelines recognize that, for instance, advertising aimed at children 10-12 years old should not have to look or sound like advertising directed to 5-year-olds. New language in the Guidelines makes clear that determining whether advertising complies with the Guidelines will be based upon the age-range of the target audience.  
      • 2. Diversity and Inclusion
      • CARU’s revised Guidelines take a stand on the need for advertising in the children’s space to promote positive change by reflecting the diversity of humanity and providing an inclusive space where children of all races, religions, cultures, genders, sexual orientations, and physical and cognitive abilities can feel valued and respected. Building upon the positive strides made by many advertisers, the Guidelines make clear that advertising portraying or encouraging negative social stereotyping, prejudice, or discrimination violates CARU’s standards. 
      • 3. In-App and In-Game Advertising and Purchases
      • Recognizing that kids spend considerable free time playing games on their mobile devices, the revised Guidelines specifically call out the use of unfair, deceptive, or other manipulative in-app and in-game advertising and purchase offer tactics. 
      • The Guidelines identify examples of violative practices, such as the use of deceptive door openers and social pressure or validation to mislead or cause children to unknowingly or inadvertently engage in ad viewing or make in-app purchases. CARU’s guidelines make clear that advertisers, app designers, and developers must create these spaces with children in mind and build in transparency from the start.
      • 4. Endorsers and Influencers
      • CARU recognizes the tremendous popularity and impact that endorsers and influencers have in the child’s space. When it comes to influencer marketing, the Guidelines say to make it clear and obvious – in language children can easily understand – that an influencer is being paid or receiving free product to promote or play with an advertiser’s products or services. 
      • 5. Blurring
      • CARU and most advertisers recognize that children have limited knowledge, experience, sophistication, and maturity to evaluate the credibility of information and may not even understand when they are viewing or hearing advertising. While the blurring of advertising and non-advertising content isn’t new, the power of children’s digital media to blur these lines means it is especially important for advertisers to clearly and conspicuously inform children that what they are seeing is advertising – in simple language that they can understand. The Guidelines make clear that transparency is key.
      • 6. Material Disclosures
      • The exploding range of digital media directed to children, including influencer marketing, games, and other immersive content, heightens the need for and importance of clear and conspicuous disclosures of material information in words that children can understand.  
      • The Guidelines have been revised to better spell out what clear and conspicuous mean in the context of different advertising formats. For instance, the Guidelines make clear that, with limited exceptions, in audio-video advertisements, disclosures should be made in both audio and video form to best ensure that children see/hear them. In addition, in videos and other content that lasts more than a few minutes, advertisers must repeat this disclosure more than once so that children are more likely to get the message.
  • The PCI Security Standards Council (PCI SSC) and the Cloud Security Alliance (CSA) “issued a joint bulletin to highlight the importance of properly scoping cloud environments.” The PCI SSC and CSA asserted in their press release:
    • At a high level, scoping involves the identification of people, processes, and technologies that interact with or could otherwise impact the security of payment data or systems.  When utilizing cloud security for payments, this responsibility is typically shared between the cloud customer and the cloud service provider.
    • Data breach investigation reports continue to find that organizations suffering compromises involving payment data were unaware that cardholder data was present on the compromised systems.  Proper scoping should be a critical and ongoing activity for organizations to ensure they are aware of where their payment data is located and that the necessary security controls are in place to protect that data.  Improper scoping can result in vulnerabilities being unidentified and unaddressed, which criminals can exploit.  Knowing exactly where payment data is located within your systems will empower organizations to develop a game plan to protect that data. 
    • Limiting exposure to payment data reduces the chance of being a target for criminals.  Some important best practices areas of focus should be:
      • Data protection: Assure that information is protected by maximizing use of strong cryptography and key management practices, tokenization, and masking where feasible and employing robust data loss prevention solutions.
      • Authentication: Assure that strong multi-factor authentication is pervasive to protect against common attacks against the credentials of consumers, merchants, and service providers
      • Systems management: Recent high-profile breaches have pointed to weaknesses in how responsible parties perform routine systems management functions, such as patch management, verification of code updates and configuration management.
      • DevOps & DevSecOps:  Software supply chains are important areas of exposure for malicious attackers and merchants should understand the original source of all components of the payment solution.
      • Data governance: With global nature of cloud, assure that information stays within the appropriate jurisdiction boundaries and is accessed by stakeholders with legitimate needs.
      • Resiliency: Assure that service providers take advantage of cloud’s nearly unlimited capabilities to provide redundancy for application availability and data backups.

Further Reading

  • The Novel Material That’s Shrinking Phone Chargers, Powering Up Electric Cars, and Making 5G Possible” By Christopher Mims — The Wall Street Journal. If you’re reading this on a screen, it’s likely you’re literally staring at the future. Present in most LED screens, as well as the LED lights that now provide much indoor illumination, is the metal gallium. And while not as well known as silicon, it is taking over in many of the places that silicon once reigned supreme—from antennas to charging bricks and other energy-converting systems known as “power electronics.” In the process, it’s enabling a surprising array of new technologies, from faster-charging cellphones, to lighter electric vehicles, to more power-efficient data centers that run the services and apps we use.
  • Student proves Twitter algorithm ‘bias’ toward lighter, slimmer, younger faces” By Alex Hern — The Guardian. Twitter’s image cropping algorithm prefers younger, slimmer faces with lighter skin, an investigation into algorithmic bias at the company has found. The finding, while embarrassing for the company, which had previously apologised to users after reports of bias, marks the successful conclusion of Twitter’s first ever “algorithmic bug bounty”. The company has paid $3,500 to Bogdan Kulynych, a graduate student at Switzerland’s EFPL university, who demonstrated the bias in the algorithm, which is used to focus image previews on the most interesting parts of pictures, as part of a competition at the DEF CON security conference in Las Vegas.
  • This forgotten language is seeing a revival thanks to TikTok” By Bianca Brutus — NBC News. Cia, 20, was scrolling through TikTok one night when she came across a video about a forgotten secret tongue.  She learned this language was called Tut. It was a clandestine form of communication, rooted in English and created by Black people during the 18th century. Cia said she did not know about the existence of Tut prior to the video. In fact, she never knew African Americans had their own form of communication during slavery. 
  • Google Docs Scams Still Pose a Threat” By Lily Hay Newman — WIRED. In May 2017, a phishing attack now known as “the Google Docs worm” spread across the internet. It used special web applications to impersonate Google Docs and request deep access to the emails and contact lists in Gmail accounts. The scam was so effective because the requests appeared to come from people the target knew. If they granted access, the app would automatically distribute the same scam email to the victim’s contacts, thus perpetuating the worm. The incident ultimately affected more than a million accounts before Google successfully contained it. New research indicates, though, that the company’s fixes don’t go far enough. Another viral Google Docs scam could happen anytime.
  • The Spine Collector” By Reeves Wiedeman — New York. On the morning of March 1, 2017, Catherine Mörk and Linda Altrov Berg were in the offices of Norstedts, a book publisher in Sweden, when they received an unusual email. A colleague in Venice was asking for a top-secret document: the unpublished manuscript of the forth-coming fifth book in Stieg Larsson’s “Millennium” series. The books, which follow hacker detective Lisbeth Salander, have sold more than 100 million copies. David Lagercrantz, another Swedish writer, had taken over the series after Larsson’s death, and his latest — The Man Who Chased His Shadow — was expected to be one of the publishing events of the year.
  • The Failure of China’s Microchip Giant Tests Beijing’s Tech Ambitions” By Paul Mozur — The New York Times. In 2015, an obscure company run by a real estate mogul woke the world to China’s ambitions in semiconductors, the foundational technology that powers computing. Laden with state funding and political backing, the company made jaws drop with a $23 billion bid to buy the American chip maker Micron.
  • Homeland Security Considers Outside Firms to Analyze Social Media After Jan. 6 Failure” By Rachael Levy — The Wall Street Journal. The Department of Homeland Security is considering hiring private companies to analyze public social media for warning signs of extremist violence, spurring debate within the agency over how to monitor for such threats while protecting Americans’ civil liberties. The effort, which remains under discussion and hasn’t received approval or funding, would involve sifting through large flows of internet traffic to help identify online narratives that might provide leads on developing attacks, whether from home or abroad.
  • Senate’s internet access plan rests on better broadband maps” By Dean DeChiaro — Roll Call. The Senate’s bipartisan infrastructure bill makes a $42.5 billion bet that the government will overcome an obstacle that has long plagued efforts to connect most Americans to the internet: notoriously inaccurate maps showing where they can get a signal – and where they can’t. That’s the amount of grant funding that the legislation, which the Senate passed earlier this month on a 69-30 vote, would provide to states to fund broadband projects in areas currently considered unserved or underserved. To qualify, proposals would have to comply with new broadband maps drawn by the Federal Communications Commission. There’s one catch: the new maps don’t exist yet. And they may not be ready to go for one or two years, experts say.
  • Check if your iPhone, iPad is infected with Pegasus spyware with this free tool” By Jason Cipriani — c/net. Whenever there’s a new report about an iPhone or iPad exploit being actively distributed and used, it’s unnerving. In July, it was revealed that security researchers discovered evidence of Pegasus spyware being used on the phones of journalists, politicians and activists. The spyware can be remotely installed on a target’s iPhone or iPad, granting the person or organization who installed it full access to the device and all the data it holds — without the owner taking any action. That includes text messages, emails and even recording phone calls. Pegasus was originally designed and is marketed by its creator, the NSO Group, to monitor criminals and terrorists. 
  • The Taliban Have Seized U.S. Military Biometrics Devices” By Ken Klippenstein and Sara Sirota — The Intercept. The Taliban have seized U.S. military biometrics devices that could aid in the identification of Afghans who assisted coalition forces, current and former military officials have told The Intercept. The devices, known as HIIDE, for Handheld Interagency Identity Detection Equipment, were seized last week during the Taliban’s offensive, according to a Joint Special Operations Command official and three former U.S. military personnel, all of whom worried that sensitive data they contain could be used by the Taliban. HIIDE devices contain identifying biometric data such as iris scans and fingerprints, as well as biographical information, and are used to access large centralized databases. It’s unclear how much of the U.S. military’s biometric database on the Afghan population has been compromised.
  • Afghans scramble to delete digital history, evade biometrics” By Rina Chandran — Thomson Reuters Foundation. Thousands of Afghans struggling to ensure the physical safety of their families after the Taliban took control of the country have an additional worry: that biometric databases and their own digital history can be used to track and target them.

Coming Events 

  • 1 September
    • The House Armed Services Committee will mark up the FY 2022 National Defense Authorization Act (H.R.4395).
  • 30 September
    • The Federal Communications Commission (FCC) will hold an open meeting. No agenda has been announced as of yet.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Alex Kalinin on Unsplash

Photo by Ian Hutchinson on Unsplash

Published by Michael Kans

An attorney who specializes in technology policy, law, and politics with other areas of expertise.

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s