Coming and Recent Events (5 August)

Still on holiday, but just a quick post on some recent hearings of interest and some future ones of interest.

Coming Events

  • On 6 August, the Federal Communications Commission (FCC) will hold an open meeting to likely consider the following items:
    • C-band Auction Procedures. The Commission will consider a Public Notice that would adopt procedures for the auction of new flexible-use overlay licenses in the 3.7–3.98 GHz band (Auction 107) for 5G, the Internet of Things, and other advanced wireless services. (AU Docket No. 20-25)
    • Radio Duplication Rules. The Commission will consider a Report and Order that would eliminate the radio duplication rule with regard to AM stations and retain the rule for FM stations. (MB Docket Nos. 19-310. 17-105)
    • Common Antenna Siting Rules. The Commission will consider a Report and Order that would eliminate the common antenna siting rules for FM and TV broadcaster applicants and licensees. (MB Docket Nos. 19-282, 17-105)
    • Telecommunications Relay Service. The Commission will consider a Report and Order to repeal certain TRS rules that are no longer needed in light of changes in technology and voice communications services. (CG Docket No. 03-123)
  • On 7 August, Australia’s Parliamentary Joint Committee On Intelligence and Security will hold a public hearing “to review amendments made to Commonwealth legislation by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018.” The committee is supposed to wrap up this inquiry by 30 September.
  • The National Institute of Standards and Technology (NIST) will hold the “Exploring Artificial Intelligence (AI) Trustworthiness: Workshop Series Kickoff Webinar,” “a NIST initiative involving private and public sector organizations and individuals in discussions about building blocks for trustworthy AI systems and the associated measurements, methods, standards, and tools to implement those building blocks when developing, using, and testing AI systems” on 6 August.
  • On 18 August, the National Institute of Standards and Technology (NIST) will host the “Bias in AI Workshop, a virtual event to develop a shared understanding of bias in AI, what it is, and how to measure it.”

Recent Past Events

  • On 3 August the House Oversight and Reform Committee held a hearing on the tenth “Federal Information Technology Acquisition Reform Act” (FITARA) scorecard on federal information technology.
  • On 4 August, the Senate Armed Services Committee held a hearing titled “Findings and Recommendations of the Cyberspace Solarium Commission” that follows a 30 July House Armed Services hearing on the same topic. These witnesses appeared before the committee:
    • Senator Angus S. King, Jr. (I-ME), Co-Chair, Cyberspace Solarium Commission
    • Representative Michael J. Gallagher (R-WI), Co-Chair, Cyberspace Solarium Commission
    • Brigadier General John C. Inglis, ANG (Ret.), Commissioner, Cyberspace Solarium Commission
  • On 5 August the Senate Commerce, Science, and Transportation Committee held an oversight hearing on the Federal Trade Commission (FTC) with the agency’s chair and four commissioners.
  • On 5 August, the Senate Energy and Natural Resources Committee held a hearing to “Examine Efforts to Improve Cybersecurity for the Energy Sector” with these witnesses:
    • Mr. Alexander Gates, Senior Advisor, Office of Policy for Cybersecurity, Energy Security, & Emergency Response, U.S. Department of Energy
    • Mr. Joseph McClelland, Director, Office of Energy Infrastructure Security, Federal Energy Regulatory Commission
    • Mr. Steve Conner, President and CEO, Siemens Energy, Inc.
    • Mr. Thomas F. O’Brien, Senior Vice President and Chief Information Officer, PJM Interconnection

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by Bishnu Sarangi from Pixabay

10th Federal IT Scorecard Released

I’m on holiday, so just a short post.

On 3 August, the House Oversight and Reform Committee’s Government Operations Subcommittee held its most recent biannual hearing on how United States government agencies are faring in meeting the metrics as laid out in a few key statutes on information technology (IT) development, security, transparency, and other related areas. However, the subcommittee, for reasons that are not immediately clear, did not release the actual scorecard (aka the FITARA Scorecard), and so I’m posting a version of it released by a trade publication.

As for the substance, you can compare to the last scorecard released in December 2019 and see that things mostly remain the same. I think the incentive structure for federal agencies (and probably companies providing these products and services to the federal government) will need to change further before greater gains are made with with the more than $90 billion spent annually in Washington on IT. A big part of the problem is that agencies are still not following the requirements of the “Federal Information Technology Acquisition Reform Act” (FITARA) (P.L. 113-291) regarding the authority of Chief Information Officers (CIO) to manage and acquire IT. These officials should be deciding these matters, and it is not happening in agencies, likely because more CIO authority means less authority elsewhere over significant funding and programs. Hence, good old institutional resistance and warring over turf is part of the problem. There are others, as have been chewed over, and were discussed at the hearing.

Anyway, I just wanted to make the FITARA Scorecard available for those interested but unable to find it.

And, I’ll be back to posting regularly next week.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by Michael Schwarzenberger from Pixabay

Further Reading, Other Developments, and Coming Events (31 July)

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Here are Further Reading, Other Developments, and Coming Events.

Coming Events

  • On 31 July, the House Intelligence Committee will mark up its Intelligence Authorization Act.
  • On 31 July the Select Committee on the Modernization of Congress will hold a business meeting “to consider proposed recommendations.”
  • On 3 August the House Oversight and Reform Committee will hold a hearing on the tenth “Federal Information Technology Acquisition Reform Act” (FITARA) scorecard on federal information technology.
  • On 4 August, the Senate Armed Services Committee will hold a hearing titled “Findings and Recommendations of the Cyberspace Solarium Commission” with these witnesses:
    • Senator Angus S. King, Jr. (I-ME), Co-Chair, Cyberspace Solarium Commission
    • Representative Michael J. Gallagher (R-WI), Co-Chair, Cyberspace Solarium Commission
    • Brigadier General John C. Inglis, ANG (Ret.), Commissioner, Cyberspace Solarium Commission
  • On 6 August, the Federal Communications Commission (FCC) will hold an open meeting to likely consider the following items:
    • C-band Auction Procedures. The Commission will consider a Public Notice that would adopt procedures for the auction of new flexible-use overlay licenses in the 3.7–3.98 GHz band (Auction 107) for 5G, the Internet of Things, and other advanced wireless services. (AU Docket No. 20-25)
    • Radio Duplication Rules. The Commission will consider a Report and Order that would eliminate the radio duplication rule with regard to AM stations and retain the rule for FM stations. (MB Docket Nos. 19-310. 17-105)
    • Common Antenna Siting Rules. The Commission will consider a Report and Order that would eliminate the common antenna siting rules for FM and TV broadcaster applicants and licensees. (MB Docket Nos. 19-282, 17-105)
    • Telecommunications Relay Service. The Commission will consider a Report and Order to repeal certain TRS rules that are no longer needed in light of changes in technology and voice communications services. (CG Docket No. 03-123)
  • The National Institute of Standards and Technology (NIST) will hold the “Exploring Artificial Intelligence (AI) Trustworthiness: Workshop Series Kickoff Webinar,” “a NIST initiative involving private and public sector organizations and individuals in discussions about building blocks for trustworthy AI systems and the associated measurements, methods, standards, and tools to implement those building blocks when developing, using, and testing AI systems” on 6 August.
  • On 18 August, the National Institute of Standards and Technology (NIST) will host the “Bias in AI Workshop, a virtual event to develop a shared understanding of bias in AI, what it is, and how to measure it.”

Other Developments

  • The European Commission (EC) released a report on the status of efforts across the European Union (EU) to implement the EU Toolbox on 5G Cybersecurity, the bloc’s approach to navigating security issues presented by equipment and services offered by companies from the People’s Republic of China such as Huawei. The EC concluded
    • All  Member  States  reported  that  concrete  steps  have  been  taken  to  implement  the  Toolbox.  Most  Member  States  carried  out  a  gap  analysis  and  launched  a  process  to  review  and  upgrade  existing security measures and enforcement mechanisms. Many Member States have already adopted or are well advanced in the preparation of more advanced security measures on 5G cybersecurity.
    • However,  work  is  still  ongoing  in  many  Member  States  on  defining  the  content  and  scope  of  the  measures and in some cases, political decisions still need to be made in this regard. In addition, even where  measures  are  in  progress  or  being  planned,  not  all  Member  States  have  shared  detailed information about every measure, due to diverse stages in the national implementation processor for national security reasons. Nevertheless, a number of findings can be formulated based on the analysis presented  in  this  report as  regards  the  implementation  of  the  Toolbox  and  areas  where  specific  attention  is  needed  in  the  next  phases  of  the  implementation  of  the  Toolbox  at  national  and/or  EU  level.
  • The United States (US) and Australia released this joint statement after this week’s Australia-United States Ministerial Consultations (AUSMIN) after the heads of their defense and foreign ministries met in Washington DC. The two countries listed a number of steps and initiatives designed to counter the People’s Republic of China (PRC). Among other developments:
    • The US and Australia signed a classified Statement of Principles on Alliance Defense Cooperation and Force Posture Priorities in the Indo-Pacific.
    • The two nations “plan to continue to counter these threats vigorously, including through collaboration with international partners, and through a new working group between the Department of Foreign Affairs and Trade and the Department of State, which will monitor and respond to disinformation efforts.”
    • The US and Australia “expressed deep concern that the targeting of intellectual property and sensitive business information, including information relating to the development of vaccines and treatments for pandemic response, presents an increasing threat to the global economy, and they committed to holding malicious actors accountable.”
    • The countries “noted the role of 5G network security best practices, such as the Prague Proposals, and expressed their intent to work with like-minded partners to develop end-to-end technical solutions for 5G that use trusted vendors….[and] [a]cknowledging that 5G is only the starting point, the two nations also reaffirm their commitment to lifting the security of critical and emerging technologies that will be vital to our nations’ prosperity.”
    • The US and Australia “welcomed the announcement that Lynas has signed a Phase 1 contract with the U.S. Department of Defense for an engineering and market feasibility study for the design of a heavy rare earth separation facility in the United States” and “the continued development of a U.S.-Australia Critical Minerals Plan of Action to improve the security of critical minerals in the United States and Australia.” 
  • The United Kingdom’s National Cyber Security Centre (NCSC) has issued a report titled “The Cyber Threat to Sports Organisations” “to demystify the cyber threat to sports organisations by highlighting the cyber security issues that affect the sector on a daily basis: business email compromise, digital fraud, and venue security.” The NCSC asserted
    • cyber attacks against sports organisations are very common, with 70% of those surveyed experiencing at least one attack per annum. This is significantly higher than the average across UK business.
    • The primary cyber threat comes from cyber criminals with a financial motive. Criminal attacks typically take advantage of poor implementation of technical controls and normal human traits such as trust and ineffective password policies.
    • There have been a small number of Hostile Nation-state attacks against sports organisations; typically, these attacks have exploited the same vulnerabilities used by criminals.
    • The most common outcome of cyber attacks is unauthorised access to email accounts (Business Email Compromise) leading to fraud. Ransomware is also a significant issue in the sector.
  • Top Republicans on one of the committees with jurisdiction over technology have written Google and Apple regarding their “app store and the policies you have in place to ensure apps are appropriately vetted, particularly those with close ties to China and the Chinese Communist Party (CCP).” House Energy and Commerce Committee Ranking Member Greg Walden (R-OR) and Consumer Protection and Commerce Subcommittee Ranking Member Cathy McMorris Rodgers (R-WA) are asking the companies to respond by 12 August to a series of questions. They asserted
    • As with any crisis, there are those that seek to exploit opportunities for their own malicious intent. We believe that bad actors may be taking advantage of the American people’s trust in your brand, which likely extends to apps available through your store. While we want an open and transparent marketplace that does not limit innovators outside your company, we know there are those that seek to use apps as a means to push through pop-up ads or hijack devices to make it a tool for eavesdropping.
    • The level of permissions that these apps require may include access to camera, microphone, and contacts, as well as functionality to load other malware for bad actors to control a device even after the original app has been removed. This is especially alarming when it comes from companies with direct or indirect links to the CCP.
  • A Washington DC think tank published a report written in part with Representatives Robin Kelly (D-IL) and Will Hurd (R-TX) titled “AI and the Workforce.” The Bipartisan Policy Center explained that “[b]ased on our discussions with stakeholders, we have identified the following key principles:
    • 1. The United States should embrace and take a leadership role in the AI-driven economy by filling the AI talent gap and preparing the rest of the workforce for the jobs of the future. However, in doing so, policymakers should make inclusivity and equal opportunity a priority.
    • 2. Closing the AI talent gap requires a targeted approach to training, recruiting, and retaining skilled workers. This AI talent should ideally have a multi-disciplinary skill set that includes ethics.
    • 3. The AI talent gap is not the only challenge of the AI-driven economy, so the federal government should focus more broadly on the jobs of the future and skills that are complemented by AI technology. Additionally, encouraging workers to develop basic AI and technological literacy can help them better determine how to complement AI systems.
    • 4. The educational system from kindergarten through post-college is not yet designed for the AI-driven economy and should be modernized.
    • 5. The skills that will be in demand in the future will continuously change, so lifelong learning and ways to help displaced and mid-career workers transition into new jobs is critical for the workforce of the future.
    • In September 2018, Kelly and Hurd released a white paper detailing the “lessons learned from the Subcommittee’s oversight and hearings on AI and sets forth recommendations for moving forward.” 
  • The National Cyber Security Centre (NCSC) updated its “Mobile Device Guidance” regarding “Windows 10, Android and VPNs. The NCSC stated “[o]ver the next few months, we’ll be bringing our Chrome OS and Ubuntu Linux guidance up to date and into the new format.”
  • Cybersecurity company FireEye released a report on a new type of Russian disinformation campaign where hackers are gaining access to legitimate news sources and planting fake stories that are subsequently amplified on social media.
    • FireEye explained it
      • has tied together several information operations that we assess with moderate confidence comprise part of a broader influence campaign, ongoing since at least March 2017, aligned with Russian security interests. The operations have primarily targeted audiences in Lithuania, Latvia, and Poland with narratives critical of the North Atlantic Treaty Organization’s (NATO) presence in Eastern Europe, occasionally leveraging other themes such as anti-U.S. and COVID-19-related narratives as part of this broader anti-NATO agenda. We have dubbed this campaign “Ghostwriter.”
    • FireEye added
      • Many, though not all, of the incidents we suspect to be part of the Ghostwriter campaign appear to have leveraged website compromises or spoofed email accounts to disseminate fabricated content, including falsified news articles, quotes, correspondence and other documents designed to appear as coming from military officials and political figures in the target countries. This falsified content has been referenced as source material in articles and op-eds authored by at least 14 inauthentic personas posing as locals, journalists, and analysts within those countries.

Further Reading

  • Rite Aid deployed facial recognition systems in hundreds of U.S. stores” by Jeffrey Dastin– Reuters. A major United States retailer was using facial recognition technology mostly at stores in poorer, more ethnically diverse areas that seems connected to a company in the People’s Republic of China. Rite Aid has ceased use of this system that was implemented to address shoplifting and other crime and guards and other personnel were supposed to act when the system turned up a hit on a person in the store who had committed a crime or made trouble in another location. Given the accuracy of this sort of technology, there were a range of false positives. Additionally, locations in New York City that had similar crime profiles in majority white, affluent areas were much less likely to have this system. The company, DeepCamLLC, providing the technology appears intimately connected to a Chinese firm, Shenzhen Shenmu, that appears funded by a Beijing run venture capital/investment fund.
  • Facebook Wins Temporary Halt to EU Antitrust Data Demands” by Stephanie Bodoni – Bloomberg. In a setback for the European Commission’s (EC) investigation, the European Union General Court has temporarily blocked data and document requests in a pair of rulings. The court ruled for Facebook in finding the EC’s request “may unavoidably include personal information” and so “it is important to ensure that confidential treatment of such information is safeguarded, especially when the information does, at first sight, not appear to have any link with the subject matter of the commission’s investigation.” A Facebook attorney claimed the requests were going to net “highly sensitive personal information such as employees’ medical information, personal financial documents, and private information about family members of employees.” The court is expected to issue a final decision on the data requests, which has obvious implications for the EC’s investigation of Facebook.
  • Google’s Top Search Result? Surprise! It’s Google” By Adrianne Jeffries and Leon Yin – The Markup. Google’s search results have changed tremendously over the last 15 years from showing the top organic results to now reserving the 50% of the page for Google results and products. As a result a number of online businesses that compete with Google products have withered and some have died. Google denies abusing its market power, but competitors and possibly some regulators think otherwise, possibly foreshadowing future anti-competitive enforcement actions.
  • Five Eyes alliance could expand in scope to counteract China” by Patrick Wintour – The Guardian. The United States, United Kingdom, Canada, New Zealand, and Australia may expand both the scope of heir Five Eyes arrangement and the membership as a means of pushing back on Chinese policies and actions. Japan could possibly join the alliance and perhaps it serves as the basis for a trade agreement to address Beijing.
  • Huawei to double down on HSBC as legal battle over extradition of Meng Wanzhou intensifies” by Zhou Xin – South China Morning Post. As the daughter of Huawei’s founder continues to be held in Canada facing possible extradition to the United States (US) to be tried on charges of violating US sanctions on Iran. Meng Wanzhou’s lawyers are focusing on the evidence provided by Hong Kong based bank HSBC to the US Department of Justice as being deficient in a number of ways. The People’s Republic of China is still holding two Canadians incommunicado who were arrested and charged with espionage after Meng was detained in British Columbia.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Further Reading, Other Developments, and Coming Events (30 July)

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Here are Further Reading, Other Developments, and Coming Events.

Coming Events

  • On 30 July, the Senate Commerce, Science, and Transportation Committee’s Security Subcommittee will hold a hearing titled “The China Challenge: Realignment of U.S. Economic Policies to Build Resiliency and Competitiveness” with these witnesses:
    • The Honorable Nazak Nikakhtar, Assistant Secretary for Industry and Analysis, International Trade Administration, U.S. Department of Commerce
    • Dr. Rush Doshi, Director of the Chinese Strategy Initiative, The Brookings Institution
    • Mr. Michael Wessel, Commissioner, U.S. – China Economic and Security Review Commission
  • On 30 July, the House Armed Services Committee’s Intelligence and Emerging Threats and Capabilities Subcommittee will hold a hearing titled “Review of the Recommendations of the Cyberspace Solarium Commission” with these witnesses:
    • Senator Angus King (I-ME), Chairman, Cyberspace Solarium Commission
    • Representative Mike Gallagher (R-WI), Chairman, Cyberspace Solarium Commission
    • The Honorable Patrick Murphy, Commissioner, Cyberspace Solarium Commission
    • Mr. Frank Cilluffo, Commissioner, Cyberspace Solarium Commission
  • On 31 July, the House Intelligence Committee will mark up its Intelligence Authorization Act.
  • On 31 July the Select Committee on the Modernization of Congress will hold a business meeting “to consider proposed recommendations.”
  • On 3 August the House Oversight and Reform Committee will hold a hearing on the tenth “Federal Information Technology Acquisition Reform Act” (FITARA) scorecard on federal information technology.
  • On 4 August, the Senate Armed Services Committee will hold a hearing titled “Findings and Recommendations of the Cyberspace Solarium Commission” with these witnesses:
    • Senator Angus S. King, Jr. (I-ME), Co-Chair, Cyberspace Solarium Commission
    • Representative Michael J. Gallagher (R-WI), Co-Chair, Cyberspace Solarium Commission
    • Brigadier General John C. Inglis, ANG (Ret.), Commissioner, Cyberspace Solarium Commission
  • On 6 August, the Federal Communications Commission (FCC) will hold an open meeting to likely consider the following items:
    • C-band Auction Procedures. The Commission will consider a Public Notice that would adopt procedures for the auction of new flexible-use overlay licenses in the 3.7–3.98 GHz band (Auction 107) for 5G, the Internet of Things, and other advanced wireless services. (AU Docket No. 20-25)
    • Radio Duplication Rules. The Commission will consider a Report and Order that would eliminate the radio duplication rule with regard to AM stations and retain the rule for FM stations. (MB Docket Nos. 19-310. 17-105)
    • Common Antenna Siting Rules. The Commission will consider a Report and Order that would eliminate the common antenna siting rules for FM and TV broadcaster applicants and licensees. (MB Docket Nos. 19-282, 17-105)
    • Telecommunications Relay Service. The Commission will consider a Report and Order to repeal certain TRS rules that are no longer needed in light of changes in technology and voice communications services. (CG Docket No. 03-123)
  • The National Institute of Standards and Technology (NIST) will hold the “Exploring Artificial Intelligence (AI) Trustworthiness: Workshop Series Kickoff Webinar,” “a NIST initiative involving private and public sector organizations and individuals in discussions about building blocks for trustworthy AI systems and the associated measurements, methods, standards, and tools to implement those building blocks when developing, using, and testing AI systems” on 6 August.
  • On 18 August, the National Institute of Standards and Technology (NIST) will host the “Bias in AI Workshop, a virtual event to develop a shared understanding of bias in AI, what it is, and how to measure it.”

Other Developments

  • Senate Armed Services Committee Chair James Inhofe (R-OK) has publicly placed a hold on the re-nomination of Federal Communications Commission member over the agency’s April decision to permit Ligado to proceed with its plan “to deploy a low-power terrestrial nationwide network in the 1526-1536 MHz, 1627.5-1637.5 MHz, and 1646.5-1656.5 MHz bands that will primarily support Internet of Things (IoT) services.” This is the latest means of pressing the FCC Inhofe and allies on Capitol Hill and in the Trump Administration have taken. In the recently passed “National Defense Authorization Act (NDAA) for Fiscal Year 2021” (S.4049) there is language requiring “the Secretary of Defense to enter into an agreement with the National Academies of Science, Engineering, and Medicine to conduct an independent technical review of the Order and Authorization adopted by the FCC on April 19, 2020 (FCC 20–48). The independent technical review would include a comparison of the two different approaches used for evaluation of potential harmful interference. The provision also would require the National Academies of Science, Engineering, and Medicine to submit a report on the independent technical review.” This provision may make it into the final FY 2021 NDAA, which would stop Ligado from proceeding before the conclusion of the study.
  • Senator Josh Hawley (R-MO) has released yet another bill amending 47 USC 230 (aka Section 230), the “Behavioral Advertising Decisions Are Downgrading Services (BAD ADS) Act,” that “remove Section 230 immunity from Big Tech companies that display manipulative, behavioral ads or provide data to be used for them.” Considering that targeting advertising forms a significant part of the revenue stream for such companies, this seems to be of a piece with other bills of Hawley’s and others to pressure social media platforms. Hawley noted he “has been a leading critic of Section 230’s protection of Big Tech firms and recently called for Twitter to lose immunity if it chooses to editorialize on political speech.”
  • The United States National Counterintelligence and Security Center (US NCSC) issued a statement on election security on the 100th day before the 2020 Presidential Election. US NCSC Director William Evanina described the risks facing the US heading into November but did not detail US efforts to address and counter the efforts of foreign nations to influence and disrupt Presidential and Congressional elections this fall. The US NCSC explained it is working with other federal agencies and stakeholders, however.
    • US NCSC Director William Evanina explained the purpose of the press release is to “share insights with the American public about foreign threats to our election and offer steps to citizens across the country to build resilience and help mitigate these threats…[and] to update Americans on the evolving election threat landscape, while also safeguarding our intelligence sources and methods.” Evanina noted “Office of the Director of National Intelligence (ODNI) has been providing robust intelligence-based briefings on election security to the presidential campaigns, political committees, and Congressional audiences.” Including the assertion “[i]n leading these classified briefings, I have worked to ensure fidelity, accountability, consistency and transparency with these stakeholders and presented the most timely and accurate information we have to offer” may be Evanina’s way of pushing back on concerns that the White House has placed people loyal to the President at the top of some IC entities who may lack independence. Top Democrats
    • The US NCSC head asserted “[e]lection security remains a top priority for the Intelligence Community and we are committed in our support to the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), given their leadership roles in this area.”
    • Evanina claimed “[a]t this time, we’re primarily concerned with China, Russia and Iran — although other nation states and non-state actors could also do harm to our electoral process….[and] [o]ur insights and judgments will evolve as the election season progresses:
      • China is expanding its influence efforts to shape the policy environment in the United States, pressure political figures it views as opposed to China’s interests, and counter criticism of China. Beijing recognizes its efforts might affect the presidential race.
      • Russia’s persistent objective is to weaken the United States and diminish our global role. Using a range of efforts, including internet trolls and other proxies, Russia continues to spread disinformation in the U.S. that is designed to undermine confidence in our democratic process and denigrate what it sees as an anti-Russia “establishment” in America.
      • Iran seeks to undermine U.S. democratic institutions and divide the country in advance of the elections. Iran’s efforts center around online influence, such as spreading disinformation on social media and recirculating anti-U.S. content.
    • Speaker of the House Nancy Pelosi (D-CA), Senate Minority Leader Chuck Schumer (D-NY), House Intelligence Committee Chair Adam Schiff (D-CA), and Senate Intelligence Committee Ranking Member Mark Warner (D-VA) released their response to the NCSC statement:
      • The statement just released by NCSC Director William Evanina does not go nearly far enough in arming the American people with the knowledge they need about how foreign powers are seeking to influence our political process. The statement gives a false sense of equivalence to the actions of foreign adversaries by listing three countries of unequal intent, motivation and capability together. The statement, moreover, fails to fully delineate the goal, nature, scope and capacity to influence our election, information the American people must have as we go into November. To say without more, for example, that Russia seeks to ‘denigrate what it sees as an anti-Russia ‘establishment’ in America’ is so generic as to be almost meaningless. The statement omits much on a subject of immense importance.
      • “In our letter two weeks ago, we called on the FBI to provide a defensive briefing to the entire Congress about specific threats related to a concerted foreign disinformation campaign, and this is more important than ever.  But a far more concrete and specific statement needs to be made to the American people, consistent with the need to protect sources and methods.  We can trust the American people with knowing what to do with the information they receive and making those decisions for themselves. But they cannot do so if they are kept in the dark about what our adversaries are doing, and how they are doing it.  When it comes to American elections, Americans must decide.”
    • Senate Majority Leader Mitch McConnell (R-KY) and Senate Intelligence Committee Chair Marco Rubio (R-FL) issued their own statement:
      • We are disappointed by the statement from Senator Schumer, Senator Warner, Speaker Pelosi, and Representative Schiff about Bill Evanina, the Director of the National Counterintelligence and Security Center. Evanina is a career law enforcement and intelligence professional with extensive experience in counterintelligence. His reputation as a straight-shooter immune from politics is well-deserved. It is for this reason that Evanina received overwhelming support from the Senate when he was confirmed to be Director of the NCSC and again when the Administration tapped him to lead the nation’s efforts to protect the 2020 elections from foreign interference.
      • We believe the statement baselessly impugns his character and politicizes intelligence matters. Their manufactured complaint undercuts Director Evanina’s nonpartisan public outreach to increase Americans’ awareness of foreign influence campaigns right at the beginning of his efforts.
      • Prior to their public statements, Director Evanina had previewed his efforts and already offered to provide another round of briefings to the Congress on the threat and steps the US government has taken over the last three and a half years to combat it. We believe the threat is real, and is more complex than many partisans may wish to admit. We welcome these briefings, and hope our colleagues will listen to the career professionals who have been given this mission.
      •  We will not discuss classified information in public, but we are confident that while the threat remains, we are far better prepared than four years ago. The intelligence community, law enforcement, election officials, and others involved in securing our elections are far better postured, and Congress dramatically better informed, than any of us were in 2016—and our Democrat colleagues know it.
  • The Australian Cyber Security Centre (ACSC) and the Digital Transformation Agency (DTA) issued “new Cloud Security Guidance co-designed with industry to support the secure adoption of cloud services across government and industry.” The agencies stated this new release “will guide organisations including government, Cloud Service Providers (CSP), and Information Security Registered Assessors Program (IRAP) assessors on how to perform a comprehensive assessment of a cloud service provider and its cloud services, so a risk-informed decision can be made about its suitability to handle an organisation’s data.” ACSC and DTA added “The Cloud Security Guidance is supported by forthcoming updates to the Australian Government Information Security Manual (ISM), the Attorney-General’s Protective Security Policy Framework (PSPF), and the DTA’s Secure Cloud Strategy.”
  • The National Institute of Standards and Technology (NIST) studied how well facial recognition technology and services could identify people wearing masks and, to no great surprise, the results were not good with respect to accuracy. NIST stressed that the facial recognition technology were not calibrated for masks in qualifying its results. In its Interagency Report NISTIR 8311, NIST found
    • Algorithm accuracy with masked faces declined substantially across the board. Using unmasked images, the most accurate algorithms fail to authenticate a person about 0.3% of the time. Masked images raised even these top algorithms’ failure rate to about 5%, while many otherwise competent algorithms failed between 20% to 50% of the time.
    • Masked images more frequently caused algorithms to be unable to process a face, technically termed “failure to enroll or template” (FTE). Face recognition algorithms typically work by measuring a face’s features — their size and distance from one another, for example — and then comparing these measurements to those from another photo. An FTE means the algorithm could not extract a face’s features well enough to make an effective comparison in the first place.
    • The more of the nose a mask covers, the lower the algorithm’s accuracy. The study explored three levels of nose coverage — low, medium and high — finding that accuracy degrades with greater nose coverage.
    • While false negatives increased, false positives remained stable or modestly declined. Errors in face recognition can take the form of either a “false negative,” where the algorithm fails to match two photos of the same person, or a “false positive,” where it incorrectly indicates a match between photos of two different people. The modest decline in false positive rates show that occlusion with masks does not undermine this aspect of security.
    • The shape and color of a mask matters. Algorithm error rates were generally lower with round masks. Black masks also degraded algorithm performance in comparison to surgical blue ones, though because of time and resource constraints the team was not able to test the effect of color completely.
    • NIST explained this report
      • is the first of a series of reports on the performance of face recognition algorithms on faces occluded by protective face masks [2] commonly worn to reduce inhalation of viruses or other contaminants. This study is being run under the Ongoing Face Recognition Vendor Test (FRVT) executed by the National Institute of Standards and Technology (NIST). This report documents accuracy of algorithms to recognize persons wearing face masks. The results in this report apply to algorithms provided to NIST before the COVID-19 pandemic, which were developed without expectation that NIST would execute them on masked face images.
  • The United States National Science Foundation (NSF) and the Office of Science and Technology Policy (OSTP) inside the White House announced the establishment of the Quantum Leap Challenges Institutes program and “$75 million for three new institutes designed to have a tangible impact in solving” problems associated with quantum information science and engineering. NSF added “Quantum Leap Challenge Institutes also form the centerpiece of NSF’s Quantum Leap, an ongoing, agency-wide effort to enable quantum systems research and development.” NSF and OSTP named the following institutes:
    • NSF Quantum Leap Challenge Institute for Present and Future Quantum Computing. Today’s quantum computing prototypes are rudimentary, error-prone, and small-scale. This institute, led by the University of California, Berkeley, plans to learn from these to design advanced, large-scale quantum computers, develop efficient algorithms for current and future quantum computing platforms, and ultimately demonstrate that quantum computers outperform even the best conceivable classical computers.
  • The United States Department of Energy (DOE) published its “Blueprint for the Quantum Internet” “that lays out a blueprint strategy for the development of a national quantum internet, bringing the United States to the forefront of the global quantum race and ushering in a new era of communications” and held an event to roll out the new document and approach. The Blueprint is part of the Administration’s effort to implement the “National Quantum Initiative Act” (P.L. 115-368), a bill “[t]o provide for a coordinated Federal program to accelerate quantum research and development for the economic and national security of the United States.” Under Secretary of Energy for Science Paul Dabbar explained in a blog post that “[t]he Blueprint lays out four priority research opportunities to make this happen:
    • Providing the foundational building blocks for Quantum Internet;
    • Integrating Quantum networking devices;
    • Creating repeating, switching, and routing technologies for Quantum entanglement;
    • Enabling error correction of Quantum networking functions.
  • The European Commission (EC) is requesting feedback until 10 September on its impact assessment for future European Union legislation on artificial intelligence (AI). The EC explained “the  overall  policy  objective  is  to  ensure  the  development  and  uptake  of lawful  and trustworthy  AI across the Single Market through the creation of an ecosystem of trust.” Earlier this year, as part of its Digital Strategy, the EC recently released a white paper earlier this year, “On Artificial Intelligence – A European approach to excellence and trust,” in which the Commission articulates its support for “a regulatory and investment oriented approach with the twin objective of promoting the uptake of AI and of addressing the risks associated with certain uses of this new technology.” The EC stated that “[t]he purpose of this White Paper is to set out policy options on how to achieve these objectives…[but] does not address the development and use of AI for military purposes.”

Further Reading

  • Google Takes Aim at Amazon. Again.” – The New York Times. For the fifth time in the last decade, Google will try to take on Amazon, in part, because the latter’s dominance in online retailing is threatening the former’s dominance in online advertising. Google is offering a suite of inducements for retailers to use its platform, Google Shopping. One wonders if Google gains traction whether Amazon would point to the competition as proof it is not engaged in anti-competitive practices to regulators.
  • Twitter’s security woes included broad access to user accounts” – Ad Age. This piece details the years long tension inside the social media giant between strengthening internal security and developing features to make more money. Not surprisingly, the latter consideration almost always trumped the former, a situation exacerbated by Twitter’s growing use of third-party contractors to handle back end functions, including security. Apparently, many contractors would spy on celebrities’ accounts, sometimes using workarounds to defeat Twitter’s security. Even though this article claims it was only contractors, one wonders if some Twitter employees were doing the same. Whatever the case, Twitter’s board has been warned about weak security for years and opted against heeding this advice, a factor that likely allowed the platform to get hacked a few weeks ago. Worse still, the incentives do not seem aligned to drive better security in the future. 
  • We’re in the middle of the COVID-19 crisis. Big Tech is already preparing for the next one.” – Protocol. For people who think large technology companies have not had a prominent enough role during the current pandemic, this news will be reassuring. The Consumer Technology Association (CTA), a non-profit organized under Section 501(c)(6) of United States’ tax laws, has commenced with a “Public Health Tech Initiative” “[t]o ensure an effective public sector response to future pandemics like COVID-19.” This group “will explore and create recommendations for the use of technology in dealing with and recovering from future public health emergencies.”
  • Car Companies Want to Monitor Your Every Move With Emotion-Detecting AI” – Vice’s Motherboard. A number of companies are selling auto manufacturers on a suite of technology that could record everything that happens in your car, including facial analysis algorithms, for a variety of purposes with financial motives such as behavioral advertising, setting insurance rates, and others. The United States does not have any laws that directly regulate such practices whereas the European Union does, suggesting such technology would be deployed less in Europe.
  • Russian Intelligence Agencies Push Disinformation on Pandemic” – The New York Times. United States (US) intelligence agencies declassified and share intelligence with journalists purporting to show how Russian Federation intelligence agencies have adapted their techniques in their nonstop disinformation campaign against the US, the North Atlantic Treaty Organization, and others. As Facebook, Twitter, and others have grown adept at locating and removing content from obvious Russian outlets like RT and Sputnik, Russian agencies are utilizing more subtle techniques, aiming at the same goal of undermining confidence among Americans and elsewhere in the government.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Further Reading, Other Developments, and Coming Events (28 July)

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Here are Further Reading, Other Developments, and Coming Events.

Coming Events

  • On 28 July, the House Rules Committee will consider the rule for and amendments to the H.R. 7617—Department of Defense Appropriations Act, 2021 [Defense, Commerce, Justice, Science, Energy and Water Development, Financial Services and General Government, Homeland Security, Labor, Health and Human Services, Education, Transportation, Housing, and Urban Development Appropriations Act, 2021].
  • On 28 July, the Senate Commerce, Science, and Transportation Committee’s Communications, Technology, Innovation, and the Internet Subcommittee will hold a hearing titled “The PACT Act and Section 230: The Impact of the Law that Helped Create the Internet and an Examination of Proposed Reforms for Today’s Online World.”
  • On 28 July the House Science, Space, and Technology Committee’s Investigations and Oversight and Research and Technology Subcommittees will hold a joint virtual hearing titled “The Role of Technology in Countering Trafficking in Persons” with these witnesses:
    • Ms. Anjana Rajan, Chief Technology Officer, Polaris
    • Mr. Matthew Daggett, Technical Staff, Humanitarian Assistance and Disaster Relief Systems Group, Lincoln Laboratory, Massachusetts Institute of Technology
    • Ms. Emily Kennedy, President and Co-Founder, Marinus Analytics
  • On  29 July, the House Judiciary Committee’s Antitrust, Commercial, and Administrative Law Subcommittee will hold its sixth hearing on “Online Platforms and Market Power” titled “Examining the Dominance of Amazon, Apple, Facebook, and Google” that will reportedly have the heads of the four companies as witnesses.
  • On 30 July the House Oversight and Reform Committee will hold a hearing on the tenth “Federal Information Technology Acquisition Reform Act” (FITARA) scorecard on federal information technology.
  • On 30 July, the Senate Commerce, Science, and Transportation Committee’s Security Subcommittee will hold a hearing titled “The China Challenge: Realignment of U.S. Economic Policies to Build Resiliency and Competitiveness” with these witnesses:
    • The Honorable Nazak Nikakhtar, Assistant Secretary for Industry and Analysis, International Trade Administration, U.S. Department of Commerce
    • Dr. Rush Doshi, Director of the Chinese Strategy Initiative, The Brookings Institution
    • Mr. Michael Wessel, Commissioner, U.S. – China Economic and Security Review Commission
  • On 4 August, the Senate Armed Services Committee will hold a hearing titled “Findings and Recommendations of the Cyberspace Solarium Commission” with these witnesses:
    • Senator Angus S. King, Jr. (I-ME), Co-Chair, Cyberspace Solarium Commission
    • Representative Michael J. Gallagher (R-WI), Co-Chair, Cyberspace Solarium Commission
    • Brigadier General John C. Inglis, ANG (Ret.), Commissioner, Cyberspace Solarium Commission
  • On 6 August, the Federal Communications Commission (FCC) will hold an open meeting to likely consider the following items:
    • C-band Auction Procedures. The Commission will consider a Public Notice that would adopt procedures for the auction of new flexible-use overlay licenses in the 3.7–3.98 GHz band (Auction 107) for 5G, the Internet of Things, and other advanced wireless services. (AU Docket No. 20-25)
    • Radio Duplication Rules. The Commission will consider a Report and Order that would eliminate the radio duplication rule with regard to AM stations and retain the rule for FM stations. (MB Docket Nos. 19-310. 17-105)
    • Common Antenna Siting Rules. The Commission will consider a Report and Order that would eliminate the common antenna siting rules for FM and TV broadcaster applicants and licensees. (MB Docket Nos. 19-282, 17-105)
    • Telecommunications Relay Service. The Commission will consider a Report and Order to repeal certain TRS rules that are no longer needed in light of changes in technology and voice communications services. (CG Docket No. 03-123)

Other Developments

  • The United States’ (US) Office of Management and Budget (OMB), an agency within the Executive Office of the President, has issued a memorandum in the same vein as other Trump Administration initiatives to increase the US government’s buying of goods and services produced domestically. Noting that 40% of the funds provided by Congress through annual legislation will be spent between 1 July and 30 September (roughly $200 billion), OMB urged federal agencies “to keep the following considerations in mind to support timely awards and maximize return on investment from each taxpayer dollar” among others:
    • Take full advantage of acquisition flexibilities and innovative tools. This week, the President’s Management Agenda unveiled a new cross-agency priority goal (CAP Goal) on “frictionless acquisition.” This CAP Goal creates a management platform to leverage modem buying strategies that have been shown to achieve just-in-time delivery with improved customer satisfaction and enable access to a broader and more innovative suite of companies and solutions. Agencies can review the resources on acquisition innovation and opportunities for collaboration by going to the frictionless CAP Goal on performance.gov.
      • The Goal Statement of this new CAP is “The Federal Government will deliver commercial items at the same speed as the market place & manage customers’ delivery expectations for acquisitions of non-commercial items by breaking down barriers to entry using modern business practices and technologies” as explained in a detailed presentation on frictionless acquisition released this month.
    • Use the resources of category management. As part of the ongoing transformation of federal acquisition, procurement involving common needs has been organized around categories of spending led by market experts who share business intelligence and help agencies avoid duplicative contracting work. This business structure has saved taxpayers more than $27 billion since FY 2016 and made it much easier for buyers to make rapid, well­ informed decisions on how best to acquire IT hardware, security, consulting services and many other every day needs that account for more than half of all contract spending. To stay current with market trends and available federal solutions, agencies should bookmark the category management dashboards on the acquisition gateway at https://hallways.cap.gsa.gov/app/#/.
    • Buy American. E.O. 13881 strengthens the general preference for American-made goods and, for the first time in 65 years, increases the percentage of U.S. manufactured content that must be in a product to qualify for the preference, including a very high standard for iron and steel. Agencies are encouraged to work with the Federal Acquisition Regulatory Council (FAR Council) to consider early implementation, as appropriate, while the rulemaking process proceeds.
    • In a related memorandum issued earlier this month, OMB asserted
      • Under the President’s Management Agenda and the leadership of OMB ‘s Office of Federal Procurement Policy (OFPP), the Administration has elevated the importance of acquisition innovation and category management as key pillars of a modernized procurement system. These pillars are proving to be critical assets in the face of market conditions that require heightened agility and the ongoing need r physical distancing as communities take steps to reopen. We are seeing smart use of existing contract vehicles and resources, supported by our category management market experts, such as for cleaning and distinction, information technology related to telework and healthcare, and enhanced entry screening services. We are also seeing growing examples of agencies leveraging innovative business practices, such as virtual acquisitions, that save time and enable acquisitions to continue where they might otherwise have been stopped.
      • OMB went on to detail best practices and examples in how agencies have adapted their procurement authority to the pandemic commensurate with ongoing Administration priorities such as category management
  • Senator Amy Klobuchar (D-MN) and some of her Democratic colleagues wrote Attorney General William Barr “to raise serious concerns regarding Google LLC’s (Google) proposed acquisition of Fitbit, Inc. (Fitbit)”. They stated
    • We are aware that the Antitrust Division of the Department of Justice is investigating this transaction and has issued a Second Request to gather additional information about the acquisition’s potential effects on competition. Amid reports that Google is offering modest, short-term concessions to overseas enforcers to avoid a full-scale investigation of the transaction in Europe, we write to urge the Division to continue with its efforts to conduct a thorough and comprehensive review of this proposed merger and to take any and all enforcement action warranted by the law and the evidence.
    • This letter comes at a time when the Department of Justice is considering Google’s potential antitrust practices and whether to file suit. The European Commission is also investigating the Google acquisition of FitBit.
    • Klobuchar is the Ranking Member of the Senate Judiciary Committee’s Antitrust, Competition Policy and Consumer Rights Subcommittee and was joined on the letter by Senators Richard Blumenthal (D-CT), Cory Booker (D-NJ), Mazie K. Hirono (D-HI), Sherrod Brown (D-OH), Mark Warner (D-VA), and Elizabeth Warren (D-MA).
  • Facebook and members of a class action and their attorneys have reached a second settlement in a suit brought under Illinois’ “Biometric Information Privacy Act” after a first settlement was rejected by the judge overseeing Patel, et al. v. Facebook, Inc.,. In January, the plaintiffs and Facebook agreed on a $550 million settlement to resolve claims the social media giant used and stored  people’s images contrary to the Illinois ban on such practices absent explicit consent. Facebook faced liability of up to $5000 per person affected and more than $40 billion in total potential liability. However, the judge thought the settlement was too low considering the Illinois legislature expressed its intention that violations would be punished more on the order of $1000 per person. Now, the parties have added $100 million, arriving at a $650 million settlement the judge will still need to bless.
  • Secretary of State Mike Pompeo made a speech at the Ronald Reagan Library “to make clear that the threats to Americans that President Trump’s China policy aims to address are clear and our strategy for securing those freedoms established.” Pompeo’s speech in the fourth in a series of Trump Administration officials making the Administration’s case against the People’s Republic of China (PRC), in some cases conflating PRC’s vying with the United States worldwide with the COVID-19 pandemic, suggesting the PRC is responsible for the course of the virus in the US and not Trump Administration policy.
  • The Department of Defense’s National Security Agency (NSA) and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) “released an advisory for critical infrastructure Operational Technology (OT) and Industrial Controls Systems (ICS) assets to be aware of current threats we observe, prioritize assessing their cybersecurity defenses and take appropriate action to secure their systems.” The agencies asserted “[d]ue to the increase in adversary capabilities and activities, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to harm to US interests or retaliate for perceived US aggression.”
  • The Secretary of Defense released a memorandum for Department of Defense (DOD) regarding “poor Proper Operations Security (OPSEC) practices within DOD in the past have resulted in the unauthorized disclosure or ” leaks” of controlled unclassified information (CUI), including information to be safeguarded under the CUI category for OPSEC, as well as classified national security information (together referred to here as “non-public information”). Secretary of Defense Mark Esper asserted “[o]ngoing reviews reveal a culture of insufficient OPSEC practices and habits within the DOD” and stated “[m]y goal, through an OPSEC campaign, is to change that culture across DOD by reminding DOD personnel.”
  • The United Kingdom’s Information Commissioner’s Office (ICO) published its annual report for 2019-2020, “covering what the Information Commissioner has called a “transformative period” for privacy and data protection and broader information rights.” The ICO offered these highlights:
    • Supporting and protecting the public and organisations
      • The Age Appropriate Design Code, introduced by the Data Protection Act 2018, was published in January. When it comes into full effect, it will help steer businesses to comply with current information rights legislation.
      • We intervened in the High Court case on the use of facial recognition technology by the South Wales Police as part of our work to ensure that the use of this technology does not infringe people’s rights.  As a response to the judgement, we issued the first Commissioner’s Opinion.
      • Our new freedom of information strategy was launched which sets out how we work to create a culture of openness in public authorities.  It also commits us to making the case for reform of the access to information law as set out previously in our Outsourcing Oversight report.
      • In figures:
        • We received 38,514 data protection complaints.
        • We closed 39,860 data protection cases (up from 34,684 in 2018/19) .
        • We received 6,367 freedom of information complaint cases.
    • Enforcement
      • We took regulatory action 236 times in response to breaches of the legislation that we regulate. That included 54 information notices, eight assessment notices, seven enforcement notices, four cautions, eight prosecutions and 15 fines.  
      • Over 2,100 investigations were conducted.
    • Innovation
      • Through our successful regulatory sandbox service, we have worked with a number of innovative organisations of all sizes to explore new data uses in a safe way while helping to ensure their customers’ privacy.
      • We also received additional resources from the government’s regulators innovation fund to set up a hub with other regulators to streamline and reduce burdens on businesses and public services using data.
      • In January, we launched our consultation on an AI framework to allow the auditing and assessment of the risk associated with AI applications and how to ensure their use is transparent, fair and accountable.
    • International
      • On a global scale, we continue to chair the Global Privacy Assembly, driving forward the development of the assembly into an international network that can have an impact on key data protection issues across the year. This helps to protect UK citizen’s personal data as it crosses borders and helps UK businesses operating internationally.
      • Due to the period covered by the report it does not reflect the impact of COVID-19 although, acknowledging the pandemic, Ms Denham said: ”The digital evolution of the past decade has accelerated at a dizzying speed in the past few months. Digital services are now central to how so many of us work, entertain ourselves and talk to friends and family.”

Further Reading

  • The Twitter Hacks Have to Stop” – The Atlantic. Bruce Schneier makes the case that the United States and other western democracies must step in and regulate vital platforms like Twitter for security and size given the central role they play in most societies. Letting these companies implement their own security without oversight or transparency has led to a situation where the account of world leaders or government agencies are vulnerable to hacks and misinformation. Schneier thinks the size and dominance of Twitter, Facebook, etc is a major part of this problem that must also be addressed.
  • US and Australia set to launch campaign to counter disinformation” – Sydney Morning Herald. Two of the Five Eyes allies met in Washington on 27 July for their annual Australia-U.S. Ministerial Consultations (AUSMIN) and part of their planning on how to counter the People’s Republic of China (PRC) is working together on an effort to address the PRC’s disinformation campaigns. The already close relationship between Washington and Canberra has deepened as tensions between the United States (US) and PRC continue to escalate. However, the US and Australia are framing this initiative as aiming to counter all disinformation in the Indo-Pacific region, suggesting other nations may be waging disinformation campaigns of concern, including the Russian Federation and the Democratic People’s Republic of Korea.
  • Russia’s GRU Hackers Hit US Government and Energy Targets” – WIRED. Starting in December 2018, APT28 (aka Fancy Bear), a Russian hacking group, targeted and penetrated a number of United States (US) entities, including federal and state governments, educational institutions, and energy companies. APT28 is closely associated with Glavnoye razvedyvatel’noye upravleniye (GRU), the Main Directorate of the General Staff of the Armed Forces of the Russian Federation and is the entity behind the takedowns of Ukraine’s electrical grid in 2015 and 2016 among other high profile hacks and attacks. The timing of these attacks, sometimes executed as phishing attacks, is interesting for it comes after US Cyber Command and possibly the Central Intelligence Agency (CIA) took down Russia’s Internet Research Agency and other actions designed to deter Russian interference in the 2019 mid-term elections in November 2018.
  • “Hurting People  At Scale” – Facebook’s Employees Reckon With The Social Network They’ve Built” – BuzzFeed News. This article documents the dissent and turmoil inside the company about content moderation, which some see the social media giant doing dismally. Some employees and ex-employees are taking issue with how CEO Mark Zuckerberg and his leadership are acting or not to take down extreme and violent content.
  • Big Tech Funds a Think Tank Pushing for Fewer Rules. For Big Tech.” – The New York Times. The Global Antitrust Institute at George Mason University’s Antonin Scalia Law School has been pushing for less regulation of antitrust statutes and regulations, especially in “educating” antitrust officials at conferences. It has also been financially supported by large technology companies which benefit from these policies and has not been transparent about its funding or the extent to which these companies’ positions on antitrust inform its efforts and output. A similar New York Times investigation into other Washington DC think tanks exposed the transactional nature of some of these institutions, donors, and positions.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

PRC Legislation and Report

The chair and ranking member of a Senate committee mark out their perspectives on how the US should change its foreign policy to address the PRC.

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Before the Senate Foreign Relations Committee held its hearing on competition between the United States (US) and the People’s Republic of China (PRC), committee Republicans and the top Democrat articulated their views on how the US should respond to the PRC’s rise in the form of legislation for the former and a report for the latter. There is agreement the PRC’s actions poses problems for the US in a variety of ways, but there are significant differences in the proposed policy solutions to the PRC. A significant limit that should be acknowledged are the Constitutional limits on how far Congress can direct or influence the powers of the President to conduct foreign policy. Consequently, these Members direct the executive branch to report on certain ideal actions, which can create pressure on Administration officials to comply so long as there is not conflict with current Administration policy.

Chair Jim Risch (R-ID), East Asia, The Pacific, and International Cybersecurity Policy Subcommittee Chair Cory Gardner (R-CO), Near East, South Asia, Central Asia, and Counterterrorism Subcommittee Chair Mitt Romney (R-UT), and Multilateral International Development, Multilateral Institutions, and International Economic, Energy, and Environmental Policy Subcommittee Chair Todd Young (R-IN) introduced the “Strengthening Trade, Regional Alliances, Technology, and Economic and Geopolitical Initiatives Concerning China Act” (STRATEGIC Act) (S.4272), a comprehensive package of policy and funding changes the US should make to counter the rise of the PRC, some of which necessarily pertains to technology issues.

In their press release, Risch, Gardner, Romney, and Young highlighted “[k]ey provisions:”

  • Tackle China’s economic practices that distort global markets and hurt U.S. businesses, especially intellectual property (IP) theft and mass government subsidization and sponsorship of Chinese companies.
  • Confront tech competition by increasing technology collaboration with allies and partners.
  • Safeguard institutions from malign and undue PRC influence.
  • Strengthen U.S. posture in the Indo-Pacific to protect its interests, allies, and partners.
  • Prioritize cooperation over conflict when possible on areas such as arms control, North Korea, and the environment, if the PRC demonstrates good faith and transparency.

The STRATEGIC Act would, among other things do the following:

  • Not later than 1 year after the date of the enactment of this Act, and not less frequently than annually thereafter, the Secretary of State, in coordination with the Secretary of Commerce, the United States Trade Representative, and the Director of National Intelligence, shall create a list (referred to in this section as the ‘‘intellectual property violators list’’), which identifies all centrally administered, state-owned enterprises:
    • a significant act or series of acts of intellectual property theft that subjected a United States economic sector or particular company incorporated in the United States to harm; or
    • an act or government policy of involuntary or coerced technology transfer of intellectual property ultimately owned by a company incorporated in the United States.”
  • Not later than 1 year after the date of the enactment of this Act, and annually thereafter, the Secretary of State, in coordination with the United States Trade Representative and the Secretary of Commerce, shall publish an unclassified report in the Federal Register that comprehensively identifies and measures—
    • subsidies provided by the Government of the PRC to enterprises in the PRC in contravention of agreed trade and other rules; and
    • discriminatory treatment favoring enterprises in the PRC over foreign market participants.
  • The President, acting through the Secretary of Commerce, and in consultation with the Secretary of State and any other individuals the President determines should be consulted, shall issue regulations requiring United States entities with at least $100,000,000 of assets or other investment in the PRC to submit a semiannual report regarding the impact of the corporate social credit system on the ability of such United States companies to conduct business or otherwise operate in the PRC.
  • Not later than 180 days after the date of the enactment of this Act, and annually thereafter for the following 5 years, the Secretary of State, in consultation with the Director of National Intelligence and the Secretary of the Treasury, shall submit an unclassified report to the appropriate congressional committees that describes the risks posed to the United States by the presence in United States capital markets of companies incorporated in the PRC.
  • The Secretary of State, in coordination with the heads of other participating executive branch agencies, shall establish and develop a program to facilitate and encourage regular dialogues between United States Government regulatory and technical agencies and their counterpart organizations in allied and partner countries, both bilaterally and in relevant multilateral institutions and organizations
  • The Secretary of State, in coordination with the Secretary of Commerce, is authorized to establish a program to facilitate the contracting by United States embassies for the professional services of qualified experts, on a reimbursable fee for service basis, to assist interested United States persons and business entities with supply chain management issues related to the PRC
  • The President, acting through the Secretary of State, should undertake regular efforts to coordinate with other members of the coalition…to establish and advocate for norms, standards, and regulations to ensure that the development and application of new and emerging technologies uphold the goals of shared prosperity, security, and commitment to human rights, including through engagement in international organizations and standards-setting bodies
  • The President shall establish an interagency working group to provide assistance and technical expertise to enhance the representation and leadership of the United States at international bodies that set standards for equipment, systems, software, and virtually-defined networks that support 5th and future generations mobile telecommunications systems and infrastructure, such as the International Telecommunication Union and the 3rd Generation Partnership Project; and work with allies, partners, and the private sector to increase productive engagement.
  • The President may issue a finding that a country constitutes a significant threat to the national security of the United States and should be designated a ‘country of national security concern’
  • Ban Senate confirmed Department of State officials from representing countries of national security concern and ban the confirmation by the Senate for Department of State nominees who have represented such nations.
  • The Secretary of State shall establish, within the Bureau of International Organization Affairs of the Department of State, the Office of Integrity in the United Nations System
  • Not later than 180 days after the date of the enactment of this Act, the Secretary of State, in consultation with the Secretary of Agriculture, the Administrator of the United States Agency for International Development, the Director of the United States Fish and Wildlife Service, the Administrator of the National Oceanic and Atmospheric Administration, and the heads of other relevant Federal agencies, as appropriate, shall develop a strategy for cooperation with the PRC to combat wildlife and related trafficking

Also, before the Senate Foreign Relations Committee’s hearing on the People’s Republic of China, Ranking Member Bob Menendez (D-NJ) released a report “The New Big Brother: China and Digital Authoritarianism,” a year-long “effort to provide a holistic study of the threats posed to the United States, our allies, and the international community” by “digital authoritarianism” defined as “[t]he use of information and communications technology (ICT) products and services to surveil, repress, and manipulate domestic and foreign populations.” Menendez proposes targeted proposals so the US can push back on the digital authoritarianism of the PRC and other nations such as the Russian Federation. Some of these ideas could get folded into the STRATEGIC Act or similar legislation in order to garner Democratic support for a Republican bill.

Menendez explained the problem:

  • The growth and development of the digital domain worldwide has fundamentally changed how individuals, companies, and nations interact, work, and communicate –and with it the structure of global governance. Digitally-enabled technologies ranging from the Internet to mobile communications to emerging technologies, such as artificial intelligence, are accelerating the transmittal and receiving of information, enabling greater trade interactions and economic development, securing communications for our military and our allies, and aiding in the development of even newer, more capable technologies, amongst many other benefits. The United States has not only played a primary role in developing these new technologies, but it has worked to ensure the digital domain operates with openness, stability, reliability, interoperability, security, and respect for human rights.
  • These principles are under threat from authoritarian regimes, however, which see the advent of new technologies in a far more sinister light: as a means of surveilling and controlling populations, stifling the free flow of information, ensuring the survival of their governments, and as tools for malign influence campaigns worldwide. While multiple authoritarian governments have begun to utilize the digital domain in this manner, the People’s Republic of China is at the forefront of developing and expanding a new, different, and deeply troubling governance model for the digital domain: digital authoritarianism.
  • The rise of this new and worrying model of digital authoritarianism holds the potential to fundamentally alter the character of the digital domain.

In the cover letter to the report, Menendez asserted

The report’s comprehensive analysis of China’s digital authoritarianism describes how the People’s Republic of China is successfully developing and implementing its malign governance model internally and, increasingly, making inroads with other countries to also embrace its new digital doctrine. It further illustrates how the expansion of digital authoritarianism in China and abroad has drastic consequences for U.S. and allied security interests, the promotion of human rights, and the future stability of cyberspace. Consequently, the report calls for a series of both Congressional and Executive actions designed to counter China’s efforts to expand its model of digital authoritarianism; to strengthen U.S. technological innovation; and, to reinvigorate our diplomatic endeavors around the globe on digital issues.

In a separate document, Menendez pulled out the key findings and recommendations made by staff:

Key Findings

  • China’s efforts to advance and proliferate its information and communications technology (ICT) hardware and systems, both in China and overseas, represent not only a desire to continually expand its economy, but also a push to establish, expand, internationalize, and institutionalize a model for digital governance that this report describes as “digital authoritarianism.”
  • If left unchecked, China, not the U.S. and our allies, will write the rules of the digital domain, opening the doors for digital authoritarianism to govern the Internet and associated technologies.
  • To CCP leadership, the digital domain is a space that must be controlled by the Party. As such, development of new digitally enabled technologies must operate in line with Party principles. Without such control, CCP leaders fear these technologies could weaken the CCP’s hold over its citizens.
  • By building out so much of the digital infrastructure in the developing world, China could end up dominating a large portion of the global communications market, positioning it to potentially pressure other governments or conduct espionage.
  • At the United Nations, China has played a counterproductive role in efforts to build consensus on a free and fair future of cyberspace. China’s behavior echoes its consistent undermining of UN efforts that could highlight its own poor human rights record
  • The Administration’s current policy is insufficient to combat China’s digital authoritarianism, and its alienation of allies has further stunted the United States’ ability to influence other countries away from China’s digital authoritarianism model.
  • The surveillance system in Xinjiang has aided in the detention of possibly more than 2 million Uyghurs, ethnic Kazakhs, and members of other Muslim groups in Xinjiang, according to the U.S. State Department. In Xinjiang, Chinese government and police authorities retain what amounts to near absolute control of the entire ICT domain, and, through that control, have been able to repress and subjugate Uyghurs and other ethnic minorities in the region.
  • Foreign technology platforms are restricted from operating in China, allowing Chinese platforms that offer similar services to thrive and expand into new markets. Thanks to this market inefficiency, China now retains some of the most valuable Internet companies in the world by market capitalization, including Alibaba, Tencent, and Baidu.
  • The United States currently does not have a domestic 5G supplier for the equipment that makes up the Radio Access Network (RAN) for 5G. Instead, countries seeking viable alternatives to Chinese 5G RAN infrastructure rely on companies such as Swedish company Ericsson, South Korea-based Samsung, or Finnish firm Nokia to build out core components of their layer of the 5G infrastructure.
  • The United States could find a future advantage by leading on mmWave technologies, since 1) this band is the spectrum where ultra-fast innovations may arise and 2) a fully actualized 5G network will see devices seamlessly utilize and transition between both the sub-6 and mmWave bands.

Recommendations

  • It is critical that the United States government stimulate technological innovation in the United States by increasing government research and development funding, adopting a more extensive industrial policy, developing and attracting superior talent to the United States’ technology sector, strengthening bilateral and multilateral technology initiatives with like- minded allies and partners, and ensuring a competitive advantage for domestic companies in overseas markets.
  • Create an Industry Consortium on 5G: Congress should create a consortium comprised of leading U.S. telecommunications and technology companies that would be mandated to create the American 5G telecommunications alternative, exploring both cost-effective hardware and software solutions.
  • Establish a Digital Rights Promotion Fund: Congress should establish and authorize a Digital Rights Promotion Fund, which will provide grants and investments directly to entities that support the promotion of a free, secure, stable, and open digital domain and fight against the authoritarian use of information and communications technologies. The fund will provide these groups, especially those existing in countries experiencing undue surveillance or other forms of digital authoritarianism, the resources needed to better push back against the spread of digital authoritarianism. Groups able to receive money would include:
    • Local activist organizations promoting a free digital domain and working to counter oppressive surveillance regimes in countries where digital authoritarianism is apparent or on the rise.
    • Nonprofit organizations that advocate for the adoption of international governance standards for the digital domain based on openness, transparency, and the rule of law, including the protection of human rights.
    • Think tanks and other institutional bodies that provide scholarship and policy recommendations for best paths forward to protect against the rise of authoritarian surveillance.
  • Establish a Cyber Service Academy: Through legislative action, Congress should establish a new federal service academy similar to our other military service academies, with the specific aim of developing the future of our technology force. In addition to providing students a four year undergraduate education, the academy shall prepare students to become future military leaders in key digital and emerging technology fields, including robotics, artificial intelligence (AI), and cybersecurity.
  • Build a Coalition of Likeminded Allies on Critical Technology Issues: The President should lead an international effort, in coordination with our allies and partners, to counter Chinese efforts to develop and proliferate digital domain products, technologies, and services that are not predicated on free, democratic values.
  • Establish and Empower New Cyber Leadership within the State Department: Congress should pass the Cyber Diplomacy Act of 2019, or similar legislation, that establishes a new office or bureau of cyber issues at the State Department, which shall report to the Under Secretary for Political Affairs.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

China Hearing

The extent of the PRC’s threat and options for countering its challenge, especially in the  realm of technology, were discussed by a Senate committee.

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

The Senate Foreign Relations Committee held a hearing titled “Advancing Effective U.S. Competition With China: Objectives, Priorities, and Next Steps” that showed a shared agreement on challenge posed by the People’s Republic of China (PRC) but different views on how to manage the challenge. The hearing comes at a time when tensions between the United States and the PRC continue to escalate across a number of fronts with the Trump Administration and a number of Congressional Republicans using increasingly strong rhetoric against Beijing. In concert with the hearing, the chair and three other Republicans introduced legislation “to advance a comprehensive strategy for U.S. competition with the People’s Republic of China (PRC)” per their press release. The Ranking Member also issued a report “by the Senate Foreign Relations Committee Democratic Staff on China’s digital authoritarianism” according to his statement.

Chair Jim Risch (R-ID) stated stated “[a]s the Trump Administration has correctly recognized, China is a strategic and global competitor of the United States…[and] [i]t will be the greatest foreign policy challenge the United States faces in the decades to come. The policies of the Chinese Communist Party (CCP) undermine U.S. interests and values, including those we share with allies and partners around the world.” Risch asserted

  • COVID-19 has brought this challenge to the forefront of American life. We now know just how much the CCP’s decisions and actions directly affect U.S. citizens, our allies and partners, and the entire world. And we know not even a global pandemic will stop China’s aggressive behavior – whether that’s in Hong Kong, the South China Sea, or along the Indian border.
  • Over the last three years, the Trump Administration has taken numerous steps to put the United States on a stronger path to competing with China. Last week I was glad to see long overdue sanctions on CCP officials for human rights abuses in Xinjiang and Tibet. I was also pleased that we declared China’s claims in the South China Sea as unlawful, and deployed two carrier battle groups there for exercises. And after the CCP crushed Hong Kong’s autonomy, the president made the tough but necessary decision to end certain types of special treatment for Hong Kong.

Risch said

  • In May, the administration published a report on the implementation of its China strategy that goes into more detail. So this is a good time for the Committee to conduct oversight regarding our objectives, what we’ve done, and where we go from here.
  • This is also an opportunity to discuss China legislation put forward by members of this committee and others. This week, I introduced the “Strengthening Trade, Regional Alliances, Technology, and Economic and Geopolitical Initiatives Concerning China Act” (STRATEGIC Act) (S.4272). It is a comprehensive approach to China with concrete policies in several key areas of the competition. I’ll describe some of them briefly.
  • We must continue our focus on China’s anti-competitive economic policies. The Chinese government engages in intellectual property theft and massive financing of Chinese companies, and the most abusive anti-free market tactic of forced technology transfer. This is a horrible practice – it’s reprehensible.
  • These policies are designed to push others out of the market and create monopolies. Innovative American companies like Micron Technologies, based in my home state of Idaho, know these challenges well. Their intellectual property was stolen by a Chinese company, who then patented that technology in China and sued Micron. The STRATEGIC Act authorizes new tools for U.S. companies to address the harms caused by such policies, among several other provisions.
  • To maintain our economic and technological edge, it’s not enough to just push back on what China is doing. We also have to strengthen and invest in ourselves. In other committees, I have focused on this issue by supporting legislation promoting U.S. manufacturing of critical technologies, fortifying cyber security for our infrastructure and small businesses, and strengthening our technology workforce.
  • The STRATEGIC Act focuses on increasing technology collaboration with allies and partners. America is a world hub for innovation, and we can boost that innovation further by working with our highly capable partners. If we do, we will all be in a better position to develop the technologies of the future, and ensure they are used to uphold individual freedom, human rights, and prosperity.

Risch stressed “the importance of deterrence” and added

  • The United States, of course, does not seek any sort of military confrontation with China. However, China’s military is getting bigger, more capable, and becoming more aggressive. In the Indo-Pacific region, we should all be a lot more worried about the CCP’s plans for Taiwan, given what it just did to Hong Kong. In addition to the South China Sea, Japan faces almost daily incursions and pressure in the East China Sea. Beyond the region, China’s Belt and Road Initiative is also helping the Chinese military expand its presence.
  • We have to make it completely clear to the CCP that we are willing and able to defend our interests. That means reaffirming our commitments to our Indo-Pacific allies – even as they need to take on a larger role in defending the interests we share. The STRATEGIC Act focuses on key steps for advancing defense cooperation with our allies, including advocating for several difficult but important policy changes. 
  • I want to stress that this bill that I’ve introduced does not seek to block China. Rather, what it does is it offers prosperity. It offers an invitation to join the international community and operate under the rule of law and under international norms. If that happens, we all will prosper.
  • We should not miss the bipartisan opportunity that we have today to address these things. I’ll close with a note about bipartisanship.
  • Time and time again – on everything from human rights to investment screening – the Senate has worked across the aisle on China. But unfortunately, in recent months, that has become a lot harder. We have a long road ahead of us in this competition. We cannot allow partisanship to get in the way, even in an election year. Whatever happens in November, China will remain an issue. If we do not work together, the United States as a whole will be weaker.
  • I introduced this bill to push forward a serious, and bipartisan, conversation about the Senate’s role in advancing an effective strategy of competition. I want to thank several of my colleagues on this committee, from both sides of the aisle, for joining me in that effort. There is both Republican and Democrat input into this bill, not only from this committee, but also from think tanks around Washington, D.C., including Democrat think tanks. And I hope this will be the start of more cooperation to come.
  • When we get to a final bill, I’m very hopeful that that bill will contain items that everyone has an interest in. There’s been a number of people that have introduced bills. I know the ranking member is about to introduce a bill – I have no doubt that there will be things in there that we can all embrace. And I hope that as we get to a final bill, we will have things that we can embrace on a bipartisan basis.

Ranking Member Bob Menendez (D-NJ) remarked “I think the administration is asking the right questions about China and the U.S.-China relationship…[but] [u]nfortunately, however, I find that the administration’s strategies and policies fall well short of answering the enormity of the challenge.” He contended that “[w]e need, instead, as the title of this hearing suggests, an “effective” China strategy.”

Menendez stated

  • The China of 2020 is not the China of 1972, or even the China of 2000, or 2010. China today is challenging the United States across every dimension of power — political, diplomatic, economic, innovation, military, even cultural, and with an alternative and deeply disturbing model for global governance. China today, led by the Communist Party and propelled by Xi Jinping’s hyper-nationalism, is unlike any challenge we have faced as a nation before.
  • Emboldened by the retrenchment, shortcomings, and sometimes enablement of the Trump administration, China today is more active and more assertive in the region and in the international community than ever before.
  • Indeed, just since this this past March, China has increased its patrols near the Senkaku Islands in the East China Sea as well as its coercive activities in South China Sea, conducted air and maritime patrols intended to threaten Taiwan, clashed with India along the Actual Line of Control (the People’s Liberation Army’s first use of force abroad in 30 years), and continued to implement a morally repugnant campaign of genocide in Xinjiang, its cruel oppression of the Tibetan people, and the crushing of its own civil liberty.

Menendez explained

  • Just yesterday I released a report, “The New Big Brother,” looking at how China has stepped-up its game in seeking to export a new model of digital authoritarianism and manipulate new technologies to control its own citizens and people worldwide.
  • Aside from bluster, rhetoric, and some hastily written sanctions, what has the response been from this administration? The administration is now taking strong action on Hong Kong, but for months, when the people of Hong Kong needed us, the President was silent and complicit in China’s erosion of Hong Kong’s autonomy, happy to trade Hong Kong for his so-called trade deal. Along with the Chairman, I welcome regular Freedom of Navigation assertions and the administration’s recent clarification of our approach to claims in the South China Sea, but the reality is that over the past three years China’s aggression and coercion in the South China Sea has continued completely unchecked.

Menendez said “[i]n short, I am deeply concerned that the Administration’s approach is one that labors under the mistaken belief that just being confrontational is the same thing as being competitive.” He asserted

  • That is my question, in fact, about the action that the administration announced today in Houston. I am all for safeguarding our national security. I understand the importance of being tough with China. But being tough is the means, not the ends. So while there may be reason for taking this action — and I look forward to a briefing on it in an appropriate setting — I want to understand better not just the tactical considerations, but how this measure advances our strategy. What is the effect we expect this to have on China’s behavior? When China “retaliates,” as they have said they will, what will be our next move? And our next after that? I’m obviously not asking you to disclose specific actions, which I know you won’t, and shouldn’t, but as this is not a simple two-step dance, so help me understand where you think this is going.
  • I ask this because there should be little doubt that we are indeed in a new era of strategic competition with China — and the United States needs a new strategic framework and a new set of organizing principles to address the challenges of this new era. So far, and despite all the bluster, that effective new strategy has been utterly lacking from this administration.

Menendez continued

  • One of these core organizing principles, I would suggest, is the importance of working in close coordination with our allies and partners to develop a shared and effective approach to China. And I have to say, Secretary Biegun, that the administration’s disastrously wrong-headed, alienating, and attacking approach to our alliances has been one of the most disheartening to witness these past several years.
  • Our alliances, our partnerships, and the shared values on which they stand, and our reliability in the face of adversity are our “special sauce” for effective global leadership. 

Menendez contended

  • I know you will argue that this president and this administration have been uniquely successful with China.
  • I know that you are good at your job. But facts are indeed stubborn things.
  • Now, before this hearing devolves into a hearing bashing China and the World Health Organization for the COVID pandemic, let me assure you I stand second to no one in this body regarding concerns over how China’s paranoid totalitarianism contributed to its spread. But blame game politics won’t save American lives. Instead of relying on science and knowledge, the administration has spent its energy towards finding fault and racially inflammatory rhetoric that both threatens the safety and wellbeing of Asian Americans and further alienates us on the global stage, including at the G-7 and the UN Security Council.
  • If this administration is truly concerned about China’s malign intent at the World Health Organization and elsewhere, there is a simple solution — show up. Take action. If the U.S. leads, others will follow. If we leave the field open, if our own country cannot develop a serious strategy at home, others, like China, are only too eager to step into the vacuum.

Menendez added

  • I know the Chairman has introduced legislation today on China. I welcome his effort. As I mentioned at another hearing this morning, I am also working with colleagues on a bill to create a comprehensive China strategy, crosscutting jurisdictions beyond and including this committee, including trade and economic issues and investments here at home, which we plan to shortly introduce. Given the shortcomings of President Trump’s “all bluster and tactics, no strategy” approach to China, a comprehensive and integrated approach is needed. I suspect that there will be many areas of agreement between my bill and the Chairman’s, and so look forward to working with him on a combined approach.
  • And it is in this spirit, Mr. Secretary, that I implore you today to engage beyond this hearing in a genuine conversation with us about how we work together to develop a comprehensive approach to China, to reset our strategy and diplomacy, to reinvest and replenish the sources of our national strength and competitiveness at home, to place our partnerships and allies first, and that reflects our fundamental values as Americans.

Deputy Secretary of State Stephen Biegun stated

  • Over the course of many years and across multiple administrations, in our relations with Beijing, the United States has sought to spur China’s integration into the rules-based international order by strengthening, not undermining, international law, norms, and institutions. Over more than three decades, U.S. policies towards China have been aimed at that goal – by supporting China’s economic development through the massive outpouring of international assistance and lending to develop infrastructure and economic institutions; by beneficial trade treatment and robust foreign investment; by facilitation of Chinese membership in global institutions such as the World Trade Organization; by development and humanitarian assistance, by the education of millions of China’s brightest scholars at our best schools; and by intensive commercial diplomacy to address strategic and sectoral economic concerns. We anchored economic and diplomatic policies toward China in the expectation that they would produce the gradual but eventual opening and liberalization of China and its peaceful rise in a manner that would enhance stability in the Indo- Pacific and beyond, increase the freedoms of its own people, and expand global prosperity in a mutually beneficial manner.Where this Administration diverges from previous Administrations is in the will to face an uncomfortable truth in the U.S.-China relationship – the policies of the past three decades have simply not produced the outcome for which so many had hoped. As stated in the 2017 National Security Strategy: “(f)or decades, U.S. policy was rooted in the belief that support for China’s rise and for its integration into the post-war international order would liberalize China. Contrary to our hopes, China expanded its power at the expense of the sovereignty of others. China gathers and exploits data on an unrivaled scale and spreads features of its authoritarian system, including corruption and the use of surveillance. It is building the most capable and well-funded military in the world, after our own. Its nuclear arsenal is growing and diversifying. Part of China’s military modernization and economic expansion is due to its access to the U.S. innovation economy, including America’s world-class universities.”
  • As further stated in the National Security Strategy, “(a)lthough the United States seeks to continue to cooperate with China, China is using economic inducements and penalties, influence operations, and implied military threats to persuade other states to further its political and security agenda. China’s infrastructure investments and trade strategies reinforce its geopolitical aspirations. Its efforts to build and militarize outposts in the South China Sea endanger the free flow of trade, threaten the sovereignty of other nations, and undermine regional stability. China has mounted a rapid military modernization campaign designed to limit U.S. access to the region and provide China a freer hand there. China presents its ambitions as mutually beneficial, but Chinese dominance risks diminishing the sovereignty of many states in the Indo-Pacific. States throughout the region are calling for sustained U.S. leadership in a collective response that upholds a regional order respectful of sovereignty and independence.”
  • Secretary [of State Mike] Pompeo summed up this strategic shift in his October 30 speech: “It is no longer realistic to ignore the fundamental differences between our two systems and the impact that…the differences in those systems have on American national security…Today, we are finally realizing the degree to which the Communist Party is truly hostile to the United States and our values.”
  • An honest assessment of trends in the U.S.-China relationship suggests that reconsideration of U.S. policy toward China is urgent and overdue. The United States must respond with the full toolkit of policy instruments. These instruments will be adapted to defend against PRC efforts to undermine U.S.-supported institutions, respond to actions that encroach upon the sovereign interests of our allies and partners, hold the PRC accountable for its human rights violations and abuses, and respond to Chinese policies that fail to provide reciprocal opportunities for equivalent U.S. entities.
  • Concerns about Beijing’s policies are fueled by a growing number of disputes and areas of concern. These longstanding areas of concern include intellectual property theft and commercial espionage (including through cyber-enabled means), unequal treatment of U.S. diplomats, exporters and investors, non-governmental organizations, social media companies, and traditional media outlets and journalists in China, as well as the abuse by PRC security services of the United States’ open and welcoming posture toward Chinese students and researchers.
  • Additional areas of concern include the dismantling of Hong Kong’s autonomy, liberty, and democratic institutions, military pressure against Taiwan, arbitrary mass detentions and other human rights abuses in Xinjiang, efforts to eliminate Tibetan identity, and the assertion of unfounded maritime claims in the South China Sea. Finally, there is growing alarm in the United States and around the world with the Chinese government’s use of military and economic coercion and state-sponsored disinformation campaigns against the United States and our allies and partners, including, among others, India, Australia, Canada, the European Union, and several individual European governments.

Biegun stated “United States foreign policy toward the People’s Republic of China roughly falls within five broad areas:

  • First, using the full toolkit of United States foreign policy instruments including diplomatic engagement, public diplomacy, foreign assistance, commercial diplomacy, trade law, law enforcement, export controls and sanctions, and military deterrence;
  • Second, steady application of pressure to push back the PRC’s attempt to change and replace the U.S.-led free and open international order in areas of dispute or competition;
  • Third, reciprocal and transparent treatment of PRC institutions and organizations commensurate with PRC treatment of equivalent U.S. entities;
  • Fourth, close cooperation among all U.S. stakeholders in the relationship with the People’s Republic of China, including bipartisan engagement, Congressional-Executive coordination, the expert and think tank community, academia, business and civil society;
  • And fifth, strengthening international cooperation with allies and partners on shared concerns with the conduct of the Chinese Communist Party, with special emphasis in the Indo-Pacific.

Biegun asserted

The United States and the PRC are likely for the foreseeable future to remain competitors, but this does not mean our two nations need to be enemies. As the Administration has reiterated, we seek a constructive and results-oriented relationship with Beijing, and we will cooperate with China where our interests align. U.S. policies are designed to protect our interests, we do not envision a zero sum game as long as China abides by the key principle of reciprocity and transparency. Indeed, we want to see a prosperous China that is at peace with its own people and with its neighbors. Historically, in shaping the U.S.-China relationship, numerous Presidents have engaged with China’s leaders in direct diplomacy and held any number of strategic dialogues, sectoral dialogues, and security dialogues over the past several decades to resolve problems and advance mutual interests.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by mentatdgt from Pexels

Further Reading, Other Developments, and Coming Events (24 July)

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Here are Further Reading, Other Developments, and Coming Events.

Coming Events

  • On  27 July, the House Judiciary Committee’s Antitrust, Commercial, and Administrative Law Subcommittee will hold its sixth hearing on “Online Platforms and Market Power” titled “Examining the Dominance of Amazon, Apple, Facebook, and Google” that will reportedly have the heads of the four companies as witnesses.
  • On 28 July, the Senate Commerce, Science, and Transportation Committee’s Communications, Technology, Innovation, and the Internet Subcommittee will hold a hearing titled “The PACT Act and Section 230: The Impact of the Law that Helped Create the Internet and an Examination of Proposed Reforms for Today’s Online World.”
  • On 28 July the House Science, Space, and Technology Committee’s Investigations and Oversight and Research and Technology Subcommittees will hold a joint virtual hearing titled “The Role of Technology in Countering Trafficking in Persons” with these witnesses:
    • Ms. Anjana Rajan, Chief Technology Officer, Polaris
    • Mr. Matthew Daggett, Technical Staff, Humanitarian Assistance and Disaster Relief Systems Group, Lincoln Laboratory, Massachusetts Institute of Technology
    • Ms. Emily Kennedy, President and Co-Founder, Marinus Analytics
  •  On 28 July, the House Homeland Security Committee’s Cybersecurity, Infrastructure Protection, & Innovation Subcommittee will hold a hearing titled “Secure, Safe, and Auditable: Protecting the Integrity of the 2020 Elections” with these witnesses:
    • Mr. David Levine, Elections Integrity Fellow, Alliance for Securing Democracy, German Marshall Fund of the United States
    • Ms. Sylvia Albert, Director of Voting and Elections, Common Cause
    • Ms. Amber McReynolds, Chief Executive Officer, National Vote at Home Institute
    • Mr. John Gilligan, President and Chief Executive Officer, Center for Internet Security, Inc.
  • On 30 July the House Oversight and Reform Committee will hold a hearing on the tenth “Federal Information Technology Acquisition Reform Act” (FITARA) scorecard on federal information technology.
  • On 30 July, the Senate Commerce, Science, and Transportation Committee’s Security Subcommittee will hold a hearing titled “The China Challenge: Realignment of U.S. Economic Policies to Build Resiliency and Competitiveness” with these witnesses:
    • The Honorable Nazak Nikakhtar, Assistant Secretary for Industry and Analysis, International Trade Administration, U.S. Department of Commerce
    • Dr. Rush Doshi, Director of the Chinese Strategy Initiative, The Brookings Institution
    • Mr. Michael Wessel, Commissioner, U.S. – China Economic and Security Review Commission
  • On 4 August, the Senate Armed Services Committee will hold a hearing titled “Findings and Recommendations of the Cyberspace Solarium Commission” with these witnesses:
    • Senator Angus S. King, Jr. (I-ME), Co-Chair, Cyberspace Solarium Commission
    • Representative Michael J. Gallagher (R-WI), Co-Chair, Cyberspace Solarium Commission
    • Brigadier General John C. Inglis, ANG (Ret.), Commissioner, Cyberspace Solarium Commission
  • On 6 August, the Federal Communications Commission (FCC) will hold an open meeting to likely consider the following items:
    • C-band Auction Procedures. The Commission will consider a Public Notice that would adopt procedures for the auction of new flexible-use overlay licenses in the 3.7–3.98 GHz band (Auction 107) for 5G, the Internet of Things, and other advanced wireless services. (AU Docket No. 20-25)
    • Radio Duplication Rules. The Commission will consider a Report and Order that would eliminate the radio duplication rule with regard to AM stations and retain the rule for FM stations. (MB Docket Nos. 19-310. 17-105)
    • Common Antenna Siting Rules. The Commission will consider a Report and Order that would eliminate the common antenna siting rules for FM and TV broadcaster applicants and licensees. (MB Docket Nos. 19-282, 17-105)
    • Telecommunications Relay Service. The Commission will consider a Report and Order to repeal certain TRS rules that are no longer needed in light of changes in technology and voice communications services. (CG Docket No. 03-123)

Other Developments

  • Slack filed an antitrust complaint with the European Commission (EC) against Microsoft alleging that the latter’s tying Microsoft Teams to Microsoft Office is a move designed to push the former out of the market. A Slack vice president said in a statement “Slack threatens Microsoft’s hold on business email, the cornerstone of Office, which means Slack threatens Microsoft’s lock on enterprise software.” While the filing of a complaint does not mean the EC will necessarily investigate, under its new leadership the EC has signaled in a number of ways its intent to address the size of some technology companies and the effect on competition.
  • The National Institute of Standards and Technology (NIST) has issued for comment NIST the 2nd Draft of NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). NIST claimed this guidance document “promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches…[and] contains the same main concepts as the initial public draft, but their presentation has been revised to clarify the concepts and address other comments from the public.” Comments are due by 21 August 2020.
  • The United States National Security Commission on Artificial Intelligence (NSCAI) published its Second Quarter Recommendations, a compilation of policy proposals made this quarter. NSCAI said it is still on track to release its final recommendations in March 2021. The NSCAI asserted
    • The recommendations are not a comprehensive follow-up to the interim report or first quarter memorandum. They do not cover all areas that will be included in the final report. This memo spells out recommendations that can inform ongoing deliberations tied to policy, budget, and legislative calendars. But it also introduces recommendations designed to build a new framework for pivoting national security for the artificial intelligence (AI) era.
    • The NSCAI stated it “has focused its analysis and recommendations on six areas:
    • Advancing the Department of Defense’s internal AI research and development capabilities. The Department of Defense (DOD) must make reforms to the management of its research and development (R&D) ecosystem to enable the speed and agility needed to harness the potential of AI and other emerging technologies. To equip the R&D enterprise, the NSCAI recommends creating an AI software repository; improving agency- wide authorized use and sharing of software, components, and infrastructure; creating an AI data catalog; and expanding funding authorities to support DOD laboratories. DOD must also strengthen AI Test and Evaluation, Verification and Validation capabilities by developing an AI testing framework, creating tools to stand up new AI testbeds, and using partnered laboratories to test market and market-ready AI solutions. To optimize the transition from technological breakthroughs to application in the field, Congress and DOD need to reimagine how science and technology programs are budgeted to allow for agile development, and adopt the model of multi- stakeholder and multi-disciplinary development teams. Furthermore, DoD should encourage labs to collaborate by building open innovation models and a R&D database.
    • Accelerating AI applications for national security and defense. DOD must have enduring means to identify, prioritize, and resource the AI- enabled applications necessary to fight and win. To meet this challenge, the NSCAI recommends that DOD produce a classified Technology Annex to the National Defense Strategy that outlines a clear plan for pursuing disruptive technologies that address specific operational challenges. We also recommend establishing mechanisms for tactical experimentation, including by integrating AI-enabled technologies into exercises and wargames, to ensure technical capabilities meet mission and operator needs. On the business side, DOD should develop a list of core administrative functions most amenable to AI solutions and incentivize the adoption of commercially available AI tools.
    • Bridging the technology talent gap in government. The United States government must fundamentally re-imagine the way it recruits and builds a digital workforce. The Commission envisions a government-wide effort to build its digital talent base through a multi-prong approach, including: 1) the establishment of a National Reserve Digital Corps that will bring private sector talent into public service part-time; 2) the expansion of technology scholarship for service programs; and, 3) the creation of a national digital service academy for growing federal technology talent from the ground up.
    • Protecting AI advantages for national security through the discriminate use of export controls and investment screening. The United States must protect the national security sensitive elements of AI and other critical emerging technologies from foreign competitors, while ensuring that such efforts do not undercut U.S. investment and innovation. The Commission proposes that the President issue an Executive Order that outlines four principles to inform U.S. technology protection policies for export controls and investment screening, enhance the capacity of U.S. regulatory agencies in analyzing emerging technologies, and expedite the implementation of recent export control and investment screening reform legislation. Additionally, the Commission recommends prioritizing the application of export controls to hardware over other areas of AI-related technology. In practice, this requires working with key allies to control the supply of specific semiconductor manufacturing equipment critical to AI while simultaneously revitalizing the U.S. semiconductor industry and building the technology protection regulatory capacity of like-minded partners. Finally, the Commission recommends focusing the Committee on Foreign Investment in the United States (CFIUS) on preventing the transfer of technologies that create national security risks. This includes a legislative proposal granting the Department of the Treasury the authority to propose regulations for notice and public comment to mandate CFIUS filings for investments into AI and other sensitive technologies from China, Russia and other countries of special concern. The Commission’s recommendations would also exempt trusted allies and create fast tracks for vetted investors.
    • Reorienting the Department of State for great power competition in the digital age. Competitive diplomacy in AI and emerging technology arenas is a strategic imperative in an era of great power competition. Department of State personnel must have the organization, knowledge, and resources to advocate for American interests at the intersection of technology, security, economic interests, and democratic values. To strengthen the link between great power competition strategy, organization, foreign policy planning, and AI, the Department of State should create a Strategic Innovation and Technology Council as a dedicated forum for senior leaders to coordinate strategy and a Bureau of Cyberspace Security and Emerging Technology, which the Department has already proposed, to serve as a focal point and champion for security challenges associated with emerging technologies. To strengthen the integration of emerging technology and diplomacy, the Department of State should also enhance its presence and expertise in major tech hubs and expand training on AI and emerging technology for personnel at all levels across professional areas. Congress should conduct hearings to assess the Department’s posture and progress in reorienting to address emerging technology competition.
    • Creating a framework for the ethical and responsible development and fielding of AI. Agencies need practical guidance for implementing commonly agreed upon AI principles, and a more comprehensive strategy to develop and field AI ethically and responsibly. The NSCAI proposes a “Key Considerations” paradigm for agencies to implement that will help translate broad principles into concrete actions.
  • The Danish Defence Intelligence Service’s Centre for Cyber Security (CFCS) released its fifth annual assessment of the cyber threat against Denmark and concluded:
    • The cyber threat pose a serious threat to Denmark. Cyber attacks mainly carry economic and political consequences.
    • Hackers have tried to take advantage of the COVID-19 pandemic. This constitutes a new element in the general threat landscape.
    • The threat from cyber crime is VERY HIGH. No one is exempt from the threat. There is a growing threat from targeted ransomware attacks against Danish public authorities and private companies.  The threat from cyber espionage is VERY HIGH.
    • The threat is especially directed against public authorities dealing with foreign and security policy issues as well as private companies whose knowledge is of interest to foreign states. 
    • The threat from destructive cyber attacks is LOW. It is less likely that foreign states will launch destructive cyber attacks against Denmark. Private companies and public authorities operating in conflict-ridden regions are at a greater risk from this threat. 
    • The threat from cyber activism is LOW. Globally, the number of cyber activism attacks has dropped in recent years,and cyber activists rarely focus on Danish public authorities and private companies. The threat from cyber terrorism is NONE. Serious cyber attacks aimed at creating effects similar to those of conventional terrorism presuppose a level of technical expertise and organizational resources that militant extremists, at present, do not possess. Also, the intention remains limited. 
    • The technological development, including the development of artificial intelligence and quantum computing, creates new cyber security possibilities and challenges.

Further Reading

  • Accuse, Evict, Repeat: Why Punishing China and Russia for Cyberattacks Fails” – The New York Times. This piece points out that the United States (US) government is largely using 19th Century responses to address 21st Century conduct by expelling diplomats, imposing sanctions, and indicting hackers. Even a greater use of offensive cyber operations does not seem to be deterring the US’s adversaries. It may turn out that the US and other nations will need to focus more on defensive measures and securing its valuable data and information.
  • New police powers to be broad enough to target Facebook” – Sydney Morning Herald. On the heels of a 2018 law that some argue will allow the government in Canberra to order companies to decrypt users communications, Australia is considering the enactment of new legislation because of concern among the nation’s security services about end-to-end encryption and dark browsing. In particular, Facebook’s proposed changes to secure its networks is seen as fertile ground of criminals, especially those seeking to prey on children sexually.
  • The U.S. has a stronger hand in its tech battle with China than many suspect” – The Washington Post. A national security writer makes the case that the cries that the Chinese are coming may prove as overblown as similar claims made about the Japanese during the 1980s and the Russian during the Cold War. The Trump Administration has used some levers that may appear to impede the People’s Republic of China’s attempt to displace the United States. In all, this writer is calling for more balance in viewing the PRC and some of the challenges it poses.
  • Facebook is taking a hard look at racial bias in its algorithms” – Recode. After a civil rights audit that was critical of Facebook, the company is assembling and deploying teams to try to deal with the biases in its algorithms on Facebook and Instagram. Critics doubt the efforts will turn out well because economic incentives are aligned against rooting out such biases and the lack of diversity at the company.
  • Does TikTok Really Pose a Risk to US National Security?” – WIRED. This article asserts TikTok is probably no riskier than other social media apps even with the possibility that the People’s Republic of China (PRC) may have access to user data.
  • France won’t ban Huawei, but encouraging 5G telcos to avoid it: report” – Reuters. Unlike the United States, the United Kingdom, and others, France will not outright ban Huawei from their 5G networks but will instead encourage their telecommunications companies to use European manufacturers. Some companies already have Huawei equipment on the networks and may receive authorization to use the company’s equipment for up to five more years. However, France is not planning on extending authorizations past that deadline, which will function a de facto sunset. In contrast, authorizations for Ericsson or Nokia equipment were provided for eight years. The head of France’s cybersecurity agency stressed that France was not seeking to move against the People’s Republic of China (PRC) but is responding to security concerns.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Further Reading, Other Developments, and Coming Events (23 July)

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Here are Further Reading, Other Developments, and Coming Events.

Other Developments

  • New Zealand’s Privacy Commissioner has begun the process of implementing the new Privacy Act 2020 and has started asking for input on the codes of practice that will effectuate the rewrite of the nation’s privacy laws. The Commissioner laid out the following schedule:
    • Telecommunications Information Privacy Code and Civil Defence National Emergencies (Information Sharing) Code
      • Open: 29 July 2020 / Close: 26 August 2020
    • The Commissioner noted “[t]he new Privacy Act 2020 is set to come into force on 1 December…[and] makes several key reforms to New Zealand’s privacy law, including amendments to the information privacy principles.” The Commissioner added “[a]s a result, the six codes of practice made under the Privacy Act 1993 require replacement.”
  • Australia’s 2020 Cyber Security Strategy Industry Advisory Panel issued its report and recommendations “to provide strategic advice to support the development of Australia’s 2020 Cyber Security Strategy.” The body was convened by the Minister for Home Affairs. The panel “recommendations are structured around a framework of five key pillars:
    • Deterrence: The Government should establish clear consequences for those targeting businesses and Australians. A key priority is increasing transparency on Government investigative activity, more frequent attribution and consequences applied where appropriate, and strengthening the Australian Cyber Security Centre’s (ACSC’s) ability to disrupt cyber criminals by targeting the proceeds of cybercrime.
    • Prevention: Prevention is vital and should include initiatives to help businesses and Australians remain safer online. Industry should increase its cyber security capabilities and be increasingly responsible for ensuring their digital products and services are cyber safe and secure, protecting their customers from foreseeable cyber security harm. While Australians have access to trusted goods and services, they also need to be supported with advice on how to practice safe behaviours at home and work. A clear definition is required for what constitutes critical infrastructure and systems of national significance across the public and private sectors. This should be developed with consistent, principles-based regulatory requirements to implement reasonable protection against cyber threats for both the public and private sectors.
    • Detection: There is clear need for the development of a mechanism between industry and Government for real-time sharing of threat information, beginning with critical infrastructure operators. The Government should also empower industry to automatically detect and block a greater proportion of known cyber security threats in real-time including initiatives such as ‘cleaner pipes’.
    • Resilience: We know malicious cyber activity is hitting Australians hard. The tactics and techniques used by malicious cyber actors are evolving so quickly that individuals, businesses and critical infrastructure operators in Australia are not fully able to protect themselves and their assets against every cyber security threat. As a result, it is recommended that the Government should strengthen the incident response and victim support options already in place. This should include conducting cyber security exercises in partnership with the private sector. Speed is key when it comes to recovering from cyber incidents, it is therefore proposed that critical infrastructure operators should collaborate more closely to increase preparedness for major cyber incidents.
    • Investment: The Joint Cyber Security Centre (JCSC) program is a highly valuable asset to form a key delivery mechanism for the initiatives under the 2020 Cyber Security Strategy should be strengthened. This should include increased resources and the establishment of a national board in partnership with industry, states and territories with an integrated governance structure underpinned by a charter outlining scope and deliverables.
  •  Six of the world’s data protection authorities issued an open letter to the teleconferencing companies “to set out our concerns, and to clarify our expectations and the steps you should be taking as Video Teleconferencing (VTC) companies to mitigate the identified risks and ultimately ensure that our citizens’ personal information is safeguarded in line with public expectations and protected from any harm.” The DPAs stated that “[t]he principles in this open letter set out some of the key areas to focus on to ensure that your VTC offering is not only compliant with data protection and privacy law around the world, but also helps build the trust and confidence of your userbase.” They added that “[w]e welcome responses to this open letter from VTC companies, by 30 September 2020, to demonstrate how they are taking these principles into account in the design and delivery of their services. Responses will be shared amongst the joint signatories to this letter.” The letter was drafted and signed by:
    • The Privacy Commissioner of Canada
    • The United Kingdom Information Commissioner’s Office
    • The Office of the Australian Information Commissioner
    • The Gibraltar Regulatory Authority
    • The Office of the Privacy Commissioner for Personal Data, Hong Kong, China
    • The Federal Data Protection and Information Commissioner of Switzerland
  • The United States Office of the Comptroller of the Currency (OCC) “is reviewing its regulations on bank digital activities to ensure that its regulations continue to evolve with developments in the industry” and released an “advance notice of proposed rulemaking (ANPR) [that] solicits public input as part of this review” by 8 August 2020. The OCC explained:
    • Over the past two decades, technological advances have transformed the financial industry, including the channels through which products and services are delivered and the nature of the products and services themselves. Fewer than fifteen years ago, smart phones with slide-out keyboards and limited touchscreen capability were newsworthy.[1] Today, 49 percent of Americans bank on their phones,[2] and 85 percent of American millennials use mobile banking.[3]
    • The first person-to-person (P2P) platform for money transfer services was established in 1998.[4] Today, there are countless P2P payment options, and many Americans regularly use P2P to transfer funds.[5] In 2003, Congress authorized digital copies of checks to be made and electronically processed.[6] Today, remote deposit capture is the norm for many consumers.[7] The first cryptocurrency was created in 2009; there are now over 1,000 rival cryptocurrencies,[8] and approximately eight percent of Americans own cryptocurrency.[9] Today, artificial intelligence (AI) and machine learning, biometrics, cloud computing, big data and data analytics, and distributed ledger and blockchain technology are used commonly or are emerging in the banking sector. Even the language used to describe these innovations is evolving, with the term “digital” now commonly used to encompass electronic, mobile, and other online activities.
    • These technological developments have led to a wide range of new banking products and services delivered through innovative and more efficient channels in response to evolving customer preferences. Back-office banking operations have experienced significant changes as well. AI and machine learning play an increasing role, for example, in fraud identification, transaction monitoring, and loan underwriting and monitoring. And technology is fueling advances in payments. In addition, technological innovations are helping banks comply with the complex regulatory framework and enhance cybersecurity to more effectively protect bank and customer data and privacy. More and more banks, of all sizes and types, are entering into relationships with technology companies that enable banks and the technology companies to establish new delivery channels and business practices and develop new products to meet the needs of consumers, businesses, and communities. These relationships facilitate banks’ ability to reach new customers, better serve existing customers, and take advantage of cost efficiencies, which help them to remain competitive in a changing industry.
    • Along with the opportunities presented by these technological changes, there are new challenges and risks. Banks should adjust their business models and practices to a new financial marketplace and changing customer demands. Banks are in an environment where they compete with non-bank entities that offer products and services that historically have only been offered by banks, while ensuring that their activities are consistent with the authority provided by a banking charter and safe and sound banking practices. Banks also must comply with applicable laws and regulations, including those focused on consumer protection and Bank Secrecy Act/anti-money laundering (BSA/AML) compliance. And, importantly, advanced persistent threats require banks to pay constant and close attention to increasing cybersecurity risks.
    • Notwithstanding these challenges, the Federal banking system is well acquainted with and well positioned for change, which has been a hallmark of this system since its inception. The OCC’s support of responsible innovation throughout its history has helped facilitate the successful evolution of the industry. The OCC has long understood that the banking business is not frozen in time and agrees with the statement made over forty years ago by the U.S. Court of Appeals for the Ninth Circuit: “the powers of national banks must be construed so as to permit the use of new ways of conducting the very old business of banking.” [10] Accordingly, the OCC has sought to regulate banking in ways that allow for the responsible creation or adoption of technological advances and to establish a regulatory and supervisory framework that allows banking to evolve, while ensuring that safety and soundness and the fair treatment of customers is preserved.
  • A trio of House of Representatives Members have introduced “legislation to put American consumers in the driver’s seat by giving them clearer knowledge about the technology they are purchasing.” The “Informing Consumers about Smart Devices Act” (H.R.7583) was drafted and released by Representatives John Curtis (R-UT), Seth Moulton (D-MA), and Gus Bilirakis (R-FL) and according to their press release, it would:
    • The legislation is in response to reports about household devices listening to individuals’ conversations without their knowledge. While some manufacturers have taken steps to more clearly label their products with listening devices, this legislation would make this information more obvious to consumers without overly burdensome requirements on producers of these devices. 
    • Specifically, the bill requires the Federal Trade Commission (FTC) to work alongside industry leaders to establish guidelines for properly disclosing the potential for their products to contain audio or visual recording capabilities. To ensure this does not become an overly burdensome labeling requirement, the legislation provides manufacturers the option of requesting customized guidance from the FTC that fits within their existing marketing or branding practices in addition to permitting these disclosures pre or post-sale of their products.
  • House Oversight and Reform Committee Ranking Member James Comer (R-KY) sent Twitter CEO Jack Dorsey a letter regarding last week’s hack, asking for answers to his questions about the security practices of the platform. Government Operations Subcommittee Ranking Member Jody Hice (R-GA) and 18 other Republicans also wrote Dorsey demanding an explanation of “Twitter’s intent and use of tools labeled ‘SEARCH BLACKLIST’ and ‘TRENDS BLACKLIST’ shown in the leaked screenshots.”
  • The United States Court of Appeals for the District of Columbia has ruled against United States Agency for Global Media (USAGM) head Michael Pack and enjoined his efforts to fire the board of the Open Technology Fund (OTF). The court stated “it appears likely that the district court correctly concluded that 22 U.S.C. § 6209(d) does not grant the Chief Executive Officer of the United States Agency for Global Media, Michael Pack, with the authority to remove and replace members of OTF’s board.” Four removed members of the OTF Board had filed suit against pack. Yesterday, District of Columbia Attorney General Karl Racine (D) filed suit against USAGM, arguing that Pack violated District of Columbia law by dissolving the OTF Board and creating a new one.
  • Three advocacy organizations have lodged their opposition to the “California Privacy Rights Act” (aka Proposition 24) that will be on the ballot this fall in California. The American Civil Liberties Union, the California Alliance for Retired Americans, and Color of Change are speaking out against the bill because “it stacks the deck in favor of big tech corporations and reduces your privacy rights.” Industry groups have also started advertising and advocating against the statute that would rewrite the “California Consumer Privacy Act” (CCPA) (AB 375).

Further Reading

  • Facebook adds info label to Trump post about elections” – The Hill. Facebook has followed Twitter in appending information to posts of President Donald Trump that implicitly rebut his false claims about fraud and mail-in voting. Interestingly, they also appended information to posts of former Vice President Joe Biden that merely asked people to vote Trump out in November. If Facebook continues this policy, it is likely to stoke the ire of Republicans, many of whom claim that the platform and others are biased against conservative voices and viewpoints.
  • Ajit Pai urges states to cap prison phone rates after he helped kill FCC caps” – Ars Technica. The chair of the Federal Communications Commission (FC) is imploring states to regulate the egregious rates charged on payphones to the incarcerated in prison. The rub here is that Pai fought against Obama-era FCC efforts to regulate these practices, claiming the agency lacked the jurisdiction to police intrastate calls. Pai pulled the plug on the agency’s efforts to fight for these powers in court when he became chair.
  • Twitter bans 7,000 QAnon accounts, limits 150,000 others as part of broad crackdown” – NBC News. Today, Twitter announced it was suspending thousands of account of conspiracy theorists who believe a great number of untrue things, namely the “deep state” of the United States is working to thwart the presidency of Donald Trump. Twitter announced in a tweet: “[w]e will permanently suspend accounts Tweeting about these topics that we know are engaged in violations of our multi-account policy, coordinating abuse around individual victims, or are attempting to evade a previous suspension — something we’ve seen more of in recent weeks.” This practice, alternately called brigading or swarming, has been employed on a number of celebrities who are alleged to be engaging in pedophilia. The group, QAnon, has even been quoted or supported by Members of the Republican Party, some of whom may see Twitter’s actions as ideological.
  • Russia and China’s vaccine hacks don’t violate rules of road for cyberspace, experts say” – The Washington Post. Contrary to the claims of the British, Canadian, and American governments, attempts by other nations to hack into COVID-19 research is not counter to cyber norms these and other nations have been pushing to make the rules of the road. The experts interviewed for the article are far more concerned about the long term effects of President Donald Trump allowing the Central Intelligence Agency to start launching cyber attacks when and how it wishes.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

US Indictments Handed Down Against PRC Hackers

Two PRC nationals were indicted for hacking to help their country’s security services and for financial gain in a wide-ranging complaint. The charges come during a time when the DOJ and other US agencies are accusing the PRC of a range of actions that threaten the US and its allies.

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

The United States (US) Department of Justice (DOJ) made public two grand jury indictments of nationals of the People’s Republic of China (PRC) who allegedly led long term penetrations and hacking of a range of US public and private sector entities. The DOJ is claiming these hackers both worked closely with PRC government agencies in executing the hacks and sought to benefit financially from these activities. The indictments are the most recent development in the US-PRC dispute that continues to grow seemingly by the day. While it is very unlikely the US will ever succeed in extraditing or apprehending these hackers, many cybersecurity and national security experts see value in “naming and shaming” and filing charges as a means of shaping public opinion and rallying allies and like-minded nations against nations engaged in cyber attacks and hacking.

According to the materials released by the DOJ, these two PRC hackers were detected in trying to on the networks of Department of Energy’s Hanford Site which is engaged in cleanup from the production of plutonium during the Cold War. This suggests the hackers succeeded in penetrated these networks and possibly others at the Department of Energy. However, the DOJ stressed these hackers’ work in trying to access and exfiltrate information related to COVID-19 research, which echoes the claim made in a May unclassified public service announcement issued by the Federal Bureau of Investigation (FBI) and CISA that named the PRC as a nation waging a cyber campaign against U.S. COVID-19 researchers. It is possible these indictments and that claim are related. Moreover, the DOJ stressed the information these hackers stole from defense contractors and possibly universities involved with defense activities. Incidentally, if the claims are true, it would lend more weight to the Trump Administration’s previously made claims that the PRC is again violating the 2015 agreement struck to stop the “cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

In the indictment against LI Xiaoyu (李啸宇) and DONG Jiazhi (董家志), the DOJ claimed:

LI and DONG, former classmates at an electrical engineering college in Chengdu, China, used their technical training to hack the computer networks of a wide range of victims, such as companies engaged in high tech manufacturing; civil, industrial, and medical device engineering; business, educational, and gaming software development; solar energy; and pharmaceuticals. More recently, they researched vulnerabilities in the networks of biotech and other firms publicly known for work on COVID-19 vaccines, treatments, and testing technology. Their victim companies were located all over the world, including among other places the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, South Korea, Spain, Sweden, and the United Kingdom.

The DOJ further claimed

  • The Defendants stole hundreds of millions of dollars’ worth of trade secrets, intellectual property, and other valuable business information. At least once, they returned to a victim from which they had stolen valuable source code to attempt an extortion –threatening to publish on the internet, and thereby destroy the value of, the victim’s intellectual property unless a ransom was paid.
  • LI and DONG did not just hack for themselves. While in some instances they were stealing business and other information for their own profit, in others they were stealing information of obvious interest to the PRC’s Government’s Ministry of State Security (MSS). LI and DONG worked with, and were assisted by, and operated with the acquiescence of the MSS, including MSS Officer 1, known to the Grand Jury, who was assigned to the Guangdong regional division of the MSS (the Guangdong State Security Department GSSD).
  • When stealing information of interest to the MSS, LI and DONG in most instances obtained data through computer fraud against corporations and research institutions. For example, from victims including defense contractors in the U.S. and abroad, LI and DONG stole information regarding military satellite programs; military wireless networks and communications systems; high powered microwave and laser systems; a counter-chemical weapons system; and ship-to-helicopter integration systems.

The DOJ added in its statement on the case:

According to the indictment, to gain initial access to victim networks, the defendants primarily exploited publicly known software vulnerabilities in popular web server software, web application development suites, and software collaboration programs.  In some cases, those vulnerabilities were newly announced, meaning that many users would not have installed patches to correct the vulnerability.  The defendants also targeted insecure default configurations in common applications.  The defendants used their initial unauthorized access to place malicious web shell programs (e.g., the “China Chopper” web shell) and credential-stealing software on victim networks, which allowed them to remotely execute commands on victim computers.

The DOJ has filed the following charges and will seek these penalties per the agency’s press release:

  • The indictment charges the defendants with conspiring to steal trade secrets from at least eight known victims, which consisted of technology designs, manufacturing processes, test mechanisms and results, source code, and pharmaceutical chemical structures.  Such information would give competitors with a market edge by providing insight into proprietary business plans and savings on research and development costs in creating competing products.
  • The defendants are each charged with one count of conspiracy to commit computer fraud, which carries a maximum sentence of five years in prison; one count of conspiracy to commit theft of trade secrets, which carries a maximum sentence of ten years in prison; one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; one count of unauthorized access of a computer, which carries a maximum sentence of five years in prison; and seven counts of aggravated identity theft, which each carries a mandatory sentence of two non-consecutive years in prison.

The indictments come a few days after US Attorney General William Barr and Assistant Attorney General for National Security John Demers made remarks at separate events that cast the activities of the PRC as existential threats to the US and western democracy. Their remarks continued the Trump Administration’s rhetoric, echoed by many Republicans in Congress, warning of the dangers posed by the PRC and sometimes explicitly or implicitly blaming the nation for the COVID-19 virus as a means of shifting the focus from the Trump Administration’s response that has left the US with higher infection and death rates per capita than any comparable nation. For example, earlier today, in London, in describing his talks with British Foreign Secretary Dominic Raab, Secretary of State Mike Pompeo contended

We of course began with the challenge presented by the Chinese Communist Party and the COVID-19 virus that originated in Wuhan, China.  On behalf of the American people I want to extend my condolences to the British people from your losses from this preventable pandemic.  The CCP’s exploitation of this disaster to further its own interests has been disgraceful.

Earlier this month, Federal Bureau of Investigation (FBI) Director Christopher Wray delivered a speech at a conservative think tank that continued the Trump Administration’s focus on the PRC that followed the late June speech by National Security Advisor Robert O’Brien at the occasion of the announcement that Taiwan Semiconductor Manufacturing Corporation (TSMC) would build a plant in Arizona. In mid-June at the Copenhagen Democracy Summit Pompeo urged European leaders to work together to address the malign intentions and actions of the PRC that also threaten Europe. And, tomorrow Pompeo will “deliver a speech on Communist China and the future of the free world” at the Richard Nixon Presidential Library in Yorba Linda, California.

In his remarks, Barr compared the US’s situation to the challenges the “free enterprise system” faced at the end of the 1960’s within the US and from the former Soviet Union and called on private sector companies to stand together against the economic hegemony Beijing is seeking to enforce in part by coopting these companies and their technology. He lauded the refusal of some large tech companies to cooperate with the PRC’s change in national security law in Hong Kong and urged US firms doing business in the PRC to diversify supply chains and rare earth supplies in order to blunt growing Chinese dominance. Barr called for greater cooperation between the public and private sectors in the name of protecting the US and fending off the PRC.

Barr claimed

  • The PRC is now engaged in an economic blitzkrieg—an aggressive, orchestrated, whole-of-government (indeed, whole-of-society) campaign to seize the commanding heights of the global economy and to surpass the United States as the world’s preeminent superpower.  A centerpiece of this effort is the Communist Party’s “Made in China 2025” initiative, a plan for PRC domination of high-tech industries like robotics, advanced information technology, aviation, and electric vehicles.  Backed by hundreds of billions of dollars in subsidies, this initiative poses a real threat to U.S. technological leadership.  Despite World Trade Organization rules prohibiting quotas for domestic output, “Made in China 2025” sets targets for domestic market share (sometimes as high as 70 percent) in core components and basic materials for industries such as robotics and telecommunications.  It is clear that the PRC seeks not merely to join the ranks of other advanced industrial economies, but to replace them altogether.
  • “Made in China 2025” is the latest iteration of the PRC’s state-led, mercantilist economic model.  For American companies in the global marketplace, free and fair competition with China has long been a fantasy.  To tilt the playing field to its advantage, China’s communist government has perfected a wide array of predatory and often unlawful tactics: currency manipulation, tariffs, quotas, state-led strategic investment and acquisitions, theft and forced transfer of intellectual property, state subsidies, dumping, cyberattacks, and espionage.  About 80% of all federal economic espionage prosecutions have alleged conduct that would benefit the Chinese state, and about 60% of all trade secret theft cases have had a nexus to China.

Barr added

Just as consequential, however, are the PRC’s plans to dominate the world’s digital infrastructure through its “Digital Silk Road” initiative.  I have previously spoken at length about the grave risks of allowing the world’s most powerful dictatorship to build the next generation of global telecommunications networks, known as 5G.  Perhaps less widely known are the PRC’s efforts to surpass the United States in other cutting-edge fields like artificial intelligence.  Through innovations such as machine learning and big data, artificial intelligence allows machines to mimic human functions, such as recognizing faces, interpreting spoken words, driving vehicles, and playing games of skill such as chess or the even more complex Chinese strategy game Go.  AI long ago outmatched the world’s chess grandmasters.  But the PRC’s interest in AI accelerated in 2016, when AlphaGo, a program developed by a subsidiary of Google, beat the world champion Go player at a match in South Korea.  The following year, Beijing unveiled its “Next Generation Artificial Intelligence Plan,” a blueprint for leading the world in AI by 2030.  Whichever nation emerges as the global leader in AI will be best positioned to unlock not only its considerable economic potential, but a range of military applications, such as the use of computer vision to gather intelligence.

The PRC’s drive for technological supremacy is complemented by its plan to monopolize rare earth materials, which play a vital role in industries such as consumer electronics, electric vehicles, medical devices, and military hardware.  According to the Congressional Research Service, from the 1960s to the 1980s, the United States led the world in rare earth production. “Since then, production has shifted almost entirely to China,” in large part due to lower labor costs and lighter environmental regulation.

The United States is now dangerously dependent on the PRC for these materials.  Overall, China is America’s top supplier, accounting for about 80 percent of our imports.  The risks of dependence are real.  In 2010, for example, Beijing cut exports of rare earth materials to Japan after an incident involving disputed islands in the East China Sea.  The PRC could do the same to us.

As China’s progress in these critical sectors illustrates, the PRC’s predatory economic policies are succeeding.  For a hundred years, America was the world’s largest manufacturer — allowing us to serve as the world’s “arsenal of democracy.”  China overtook the United States in manufacturing output in 2010.  The PRC is now the world’s “arsenal of dictatorship.”

American companies must understand the stakes.  The Chinese Communist Party thinks in terms of decades and centuries, while we tend to focus on the next quarterly earnings report.  But if Disney and other American corporations continue to bow to Beijing, they risk undermining both their own future competitiveness and prosperity, as well as the classical liberal order that has allowed them to thrive.

Barr asserted

  • During the Cold War, Lewis Powell — later Justice Powell — sent an important memorandum to the U.S. Chamber of Commerce.  He noted that the free enterprise system was under unprecedented attack, and urged American companies to do more to preserve it.  “[T]he time has come,” he said, “indeed, it is long overdue—for the wisdom, ingenuity and resources of American business to be marshaled against those who would destroy it.”
  • So too today.  The American people are more attuned than ever to the threat that the Chinese Communist Party poses not only to our way of life, but to our very lives and livelihoods.  And they will increasingly call out corporate appeasement.
  • If individual companies are afraid to make a stand, there is strength in numbers.  As Justice Powell wrote: “Strength lies in organization, in careful long-range planning and implementation, in consistency of action over an indefinite period of years, in the scale of financing available only through joint effort, and in the political power available only through united action and national organizations.” 
  • Despite years of acquiescence to communist authorities in China, American tech companies may finally be finding their courage through collective action.  Following the recent imposition of the PRC’s draconian national security law in Hong Kong, many big tech companies, including Facebook, Google, Twitter, Zoom, and LinkedIn, reportedly announced that they would temporarily suspend compliance with governmental requests for user data.  True to form, communist officials have threatened imprisonment for noncompliant company employees.  We will see if these companies hold firm.  I hope they do.  If they stand together, they will provide a worthy example for other American companies in resisting the Chinese Communist Party’s corrupt and dictatorial rule.
  • The CCP has launched an orchestrated campaign, across all of its many tentacles in Chinese government and society, to exploit the openness of our institutions in order to destroy them.  To secure a world of freedom and prosperity for our children and grandchildren, the free world will need its own version of the whole-of-society approach, in which the public and private sectors maintain their essential separation but work together collaboratively to resist domination and to win the contest for the commanding heights of the global economy.  America has done that before.  If we rekindle our love and devotion for our country and each other, I am confident that we—the American people, American government, and American business together—can do it again.  Our freedom depends on it. 

In his speech, Assistant Attorney General for National Security John Demers walked through the DOJ’s efforts in “working with our interagency partners to protect against adversaries that would exploit our country’s open investment climate to harm our national security interests,” most likely a reference to the PRC that echoes Barr’s claim Beijing is taking advantage of the US. Demers discussed recent statutory and regulatory changes in the Committee on Foreign Investment in the United States process, the newly established Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (aka Team Telecom), and the DOJ’s National Security Division’s recently restructured and expanded Foreign Investment Review Section (FIRS) that is charged with crafting and overseeing agreements with companies seeking US government assent to deals involving significant foreign investment. Demers talked in generalities in explaining the Trump Administration’s approach as it pertains to the DOJ except when he referenced a Team Telecom recommendation to revoke the licenses to operate in the US of a PRC telecommunications company.

Demers explained

  • Looking at the numbers, only very few of the transactions we review are blocked.  That does not necessarily mean the others pose no national security risk; rather, for most transactions that involve national security risk, we are successful in working with companies to craft mitigation measures that enable us to resolve the risk without resort to barring the transaction.  Our ability to negotiate mitigation agreements with parties and then monitor compliance is often overlooked in public discussions of foreign investment review, but that part of our program is absolutely crucial.  For that reason, today I would like to focus on the “back end” or “compliance tail” of our reviewed transactions, and to provide what I hope are some helpful insights into our compliance priorities and how those priorities can inform your own approach to mitigation and compliance.
  • One of the major activities of DOJ’s National Security Division is working with our interagency partners to protect against adversaries that would exploit our country’s open investment climate to harm our national security interests.  This conference is devoted to that aspect of our work, and offers an opportunity to engage with the private sector about the threats we face, the steps taken to address those threats.
  • What I would like to discuss with you today is one specific element of our Division’s foreign investment review work, which is our increasing focus on compliance and enforcement.

Demers stated

the Department of Justice’s mitigation activities related to foreign investment arise chiefly in the context of two interagency groups: (1) the Committee on Foreign Investment in the United States; and (2) the newly minted Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector.  This new committee was established this past spring by Executive Order, and formalized the process known for years as Team Telecom, but unfortunately burdened it with the nearly unpronounceable acronym of CAFPUSTSS (pronounced caf-PUSS-tiss).  Here, for ease of our conversation, I will set aside this tongue twisting acronym and instead continue to refer to the committee as Team Telecom.

Demers added

  • In both of these interagency groups, the Department of Justice and our interagency partners can usually resolve national security and law enforcement risks by negotiating mitigation measures with the transaction parties.  Those measures can range from the relatively straightforward, such as routine notice requirements to the very complex – for example, imposing certain governance restrictions.  Once memorialized in a written agreement, we monitor compliance to ensure our identified concerns remain mitigated.
  • Since 2012, the number of mitigation agreements monitored by the Department of Justice has nearly doubled, and this upward trend shows no signs of abating.  Without effective mitigation monitoring by both the government and the parties themselves, the number of reviewed transactions able to clear CFIUS and Team Telecom would be far fewer.  For this reason, robust and effective compliance programs are in the mutual interest of both government and industry.

Finally, Demers remarked

I would like to make brief mention of recent enforcement activities regarding the U.S. subsidiary of China Telecom, which is a Chinese state-owned entity.  As you may be aware from our April 2020 recommendation to the FCC, the Executive Branch agencies identified substantial and unacceptable national security and law enforcement risks associated with China Telecom’s operations, which is why we recommended that the FCC revoke its licenses.  That recommendation was based on several factors, but many of them relate to the company’s failure to comply with a 2007 mitigation agreement.  Other factors include the company’s inaccurate statements concerning the storage of U.S. records and its cybersecurity policies.  The company’s operations also provided opportunities for P.R.C. state actors to engage in malicious cyber activity enabling economic espionage and disruption and misrouting of U.S. communications.  And, it followed logically that additional mitigation terms would give us no comfort with a party we cannot not trust to follow them.  The Foreign Investment Review Section identified those compliance issues through its mitigation monitoring program.  As a result, the Executive Branch agencies concluded that the national security and law enforcement risks associated with China Telecom’s international Section 214 authorizations could not be mitigated by additional mitigation terms.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.