Further Reading and Other Developments (29 June)

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Other Developments

  • The Senate Commerce, Science, and Transportation Committee held an oversight hearing on the Federal Communications Commission (FCC) with the FCC Chair and four Commissioners.
  • New Zealand’s Parliament passed the “Privacy Act 2020,” a major update of its 1993 statute that would, according to New Zealand’s Privacy Commissioner, do the following:
    • Mandatory notification of harmful privacy breaches. If organisations or businesses have a privacy breach that poses a risk of serious harm, they are required to notify the Privacy Commissioner and affected parties. This change brings New Zealand in line with international best practice.
    • Introduction of compliance orders. The Commissioner may issue compliance notices to require compliance with the Privacy Act. Failure to follow a compliance notice could result a fine of up to $10,000.
    • Binding access determinations. If an organisation or business refuses to make personal information available upon request, the Commissioner will have the power to demand release.
    • Controls on the disclosure of information overseas. Before disclosing New Zealanders’ personal information overseas, New Zealand organisations or businesses will need to ensure those overseas entities have similar levels of privacy protection to those in New Zealand.
    • New criminal offences. It will be an offence to mislead an organisation or business in a way that affects someone’s personal information or to destroy personal information if a request has been made for it.  The maximum fine for these offences is $10,000.
    • Explicit application to businesses whether or not they have a legal or physical presence in New Zealand. If an international digital platform is carrying on business in New Zealand, with the New Zealanders’ personal information, there will be no question that they will be obliged to comply with New Zealand law regardless of where they, or their servers are based.
  • The United States’ National Archives’ Information Security Oversight Office (ISOO) submitted its annual report to the White House and found:
    • Our Government’s ability to protect and share Classified National Security Information and Controlled Unclassified Information (CUI) continues to present serious challenges to our national security. While dozens of agencies now use various advanced technologies to accomplish their missions, a majority of them still rely on antiquated information security management practices. These practices have not kept pace with the volume of digital data that agencies create and these problems will worsen if we do not revamp our data collection methods for overseeing information security programs across the Government. We must collect and analyze data that more accurately reflects the true health of these programs in the digital age.
    • However, ISOO noted progress on efforts to better secure and protect CUI but added “[f]ull implementation will require additional resources, including dedicated funds and more full-time staff.”
    • Regarding classified information, ISOO found “Classified National Security Information policies and practices remain outdated and are unable to keep pace with the volume of digital data that agencies create.”
  • The Australian Strategic Policy Institute’s International Cyber Policy Centre released its most recent “Covid-19 Disinformation & Social Media Manipulation” report titled “ID2020, Bill Gates and the Mark of the Beast: how Covid-19catalyses existing online conspiracy movements:”
    • Against the backdrop of the global Covid-19 pandemic, billionaire philanthropist Bill Gates has become the subject of a diverse and rapidly expanding universe of conspiracy theories. As an example, a recent poll found that 44% of Republicans and 19% of Democrats in the US now believe that Gates is linked to a plot to use vaccinations as a pretext to implant microchips into people. And it’s not just America: 13% of Australians believe that Bill Gates played a role in the creation and spread of the coronavirus, and among young Australians it’s 20%. Protests around the world, from Germany to Melbourne, have included anti-Gates chants and slogans.
    • This report takes a close look at a particular variant of the Gates conspiracy theories, which is referred to here as the ID2020 conspiracy (named after the non-profit ID2020 Alliance, which the conspiracy theorists claim has a role in the narrative), as a case study for examining the dynamics of online conspiracy theories on Covid-19. Like many conspiracy theories, that narrative builds on legitimate concerns, in this case about privacy and surveillance in the context of digital identity systems, and distorts them in extreme and unfounded ways.
  • The Pandemic Response Accountability Committee (PRAC) released “TOP CHALLENGES FACING FEDERAL AGENCIES:  COVID-19 Emergency Relief and Response Efforts” for those agencies that received the bulk of funds under the “Coronavirus Aid, Relief, and Economic Security (CARES) Act” (P.L. 116-136). PRAC is housed within the Council of the Inspectors General on Integrity and Efficiency (CIGIE) is comprised of “21 Offices of Inspector General (OIG) overseeing agencies who received the bulk of the emergency funding.” PRAC stated
    • CIGIE previously has identified information technology (IT) security and management as a long-standing, serious, and ubiquitous challenge that impacts agencies across the government, highlighting agencies’ dependence on reliable and secure IT systems to perform their mission-critical functions.  Key areas of concern have included safeguarding federal systems against cyberattacks and insider threats, modernizing and managing federal IT systems, ensuring continuity of operations, and recruiting and retaining a highly skilled cybersecurity workforce.  
    • These concerns remain a significant challenge, but are impacted by (1) widespread reliance on maximum telework to continue agency operations during the pandemic, which has strained agency networks and shifted IT resources, and (2) additional opportunities and targets for cyberattacks created by remote access to networks and increases in online financial activity.
  • Following the completion of a European Union-People’s Republic of China summit, European Commission President Ursula von der Leyen pointed to a number of ongoing technology-related issues between the EU and the PRC, including:
    • [W]e continue to have an unbalanced trade and investment relationship. We have not made the progress we aimed for in last year’s Summit statement in addressing market access barriers. We need to follow up on these commitments urgently. And we also need to have more ambition on the Chinese side in order to conclude negotiations on an investment agreement. These two actions would address the asymmetry in our respective market access and would improve the level playing field between us. In order to conclude the investment agreement, we would need in particular substantial commitments from China on the behaviour of state-owned enterprises, transparency in subsidies, and transparency on the topic of forced technology transfers.
    • We have raised these issues at the same time with President Xi and Premier Li that we expect that China will show the necessary level of ambition to conclude these negotiations by the end of this year. I think it is important that we have now a political, high-level approach on these topics.
    • I have also made it clear that China needs to engage seriously on a reform of the World Trade Organization, in particular on the future negotiations on industrial subsidies. This is the relevant framework where we have to work together on the topic – and it is a difficult topic – but this is the framework, which we have to establish to have common binding rules we agree on.
    • And we must continue to work on tackling Chinese overcapacity, for example in the steel and metal sectors, and in high technology. Here for us it is important that China comes back to the international negotiation table, that we sit down there and find solutions.
    • We also pointed out the importance of the digital transformation and its highly assertive approach to the security, the resilience and the stability of digital networks, systems and value chains. We have seen cyberattacks on hospitals and dedicated computing centres. Likewise, we have seen a rise of online disinformation. We pointed out clearly that this cannot be tolerated.
  • United States Secretary of State Mike Pompeo issued a statement titled “The Tide Is Turning Toward Trusted 5G Vendors,” in which he claimed:
    • The tide is turning against Huawei as citizens around the world are waking up to the danger of the Chinese Communist Party’s surveillance state. Huawei’s deals with telecommunications operators around the world are evaporating, because countries are only allowing trusted vendors in their 5G networks. Examples include the Czech Republic, Poland, Sweden, Estonia, Romania, Denmark, and Latvia. Recently, Greece agreed to use Ericsson rather than Huawei to develop its 5G infrastructure.
  • Germany’s highest court, the Bundesgerichtshof (BGH), ruled against Facebook’s claim that the country’s antitrust regulator was wrong in its finding that it was abusing its dominant position in combining data on German nationals and residents across its platforms. Now the matter will go down to a lower German court that is expected to heed the higher court’s ruling and allow the Bundeskartellamt’s restrictions to limit Facebook’s activity.
  • France’s Conseil d’État upheld the Commission nationale de l’informatique et des libertés’ (CNIL) 2019 fine of €50 million of Google under the General Data Protection Regulation (GDPR) “for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.”
  • A Virginia court ruled against House Intelligence Committee Ranking Member Devin Nunes (R-CA) in his suit against Twitter and Liz Mair, a Republican consultant, and Twitter accounts @devincow and @DevinNunesMom regarding alleged defamation.
  • The California Secretary of State has listed the ballot initiative to add the “California Privacy Rights Act” to the state’s law, in large part, to amend the “California Consumer privacy Act” (CCPA) (AB 375) as having qualified for November’s ballot.

Further Reading

  • Wrongfully Accused by an Algorithm” – The New York Times. In what should have been predictable and foreseeable given the error rate of many facial recognition algorithms at identifying correctly people of color, an African American was wrongly identified by this technology, causing him to be released. Those in the field and experts stress positive identifications are supposed to only be one piece of evidence, but in this case, it was the only evidence police had. After a store loss specialists agreed a person in low grade photo was the likely shoplifter, police arrested the man. Eventually, the charges were dismissed, initially with prejudice leaving open the possibility of future prosecution but later the district attorney cleared all charges and expunged the arrest.
  • Pentagon Says it Needs ‘More Time’ Fixing JEDI Contract“ – Nextgov. The saga of the Department of Defense’s Joint Enterprise Defense Infrastructure cloud contract continues. Amazon and Microsoft will need to submit revised bids for the possibly $10 billion procurement as the Department of Defense (DOD) is trying to cure the problems turned up by a federal court in the suit brought by Amazon. These bids would be evaluated later this summer, according to a recent DOD court filing. The next award of this contract could trigger another bid protest just as the first award caused Amazon to challenge Microsoft’s victory.
  • EU pushing ahead with digital tax despite U.S. resistance, top official says” – Politico. In an Atlantic Council event, European Commission Executive Vice President Margrethe Vestager stated the European Union will move ahead with an EU-wide digital services tax despite the recent pullout of the United States from talks on such a tax. The Organization for Economic Co-operation and Development had convened multi-lateral talks to resolve differences on how a global digital services tax will ideally function with most of the nations involved arguing for a 2% tax to be assessed in the nation where the transaction occurs as opposed to where the company is headquartered. EU officials claim agreement was within reach when the US removed itself from the talks. An EU-wide tax is of a piece with a more aggressive stance taken by the EU towards US technology companies, a number of which are currently under investigation for antitrust and anti-competitive behaviors.
  • Verizon joins ad boycott of Facebook over hateful content” – Associated Press. The telecommunications company joined a number of other companies in pulling their advertising from Facebook organized by the ADL (the Anti-Defamation League), the NAACP, Sleeping Giants, Color Of Change, Free Press and Common Sense. The #StopHateforProfit “asks large Facebook advertisers to show they will not support a company that puts profit over safety,” and thus far, a number of companies are doing just that, including Eddie Bauer, Patagonia, North Face, Ben & Jerry’s, and others. In a statement, a Facebook spokesperson stated “[o]ur conversations with marketers and civil rights organizations are about how, together, we can be a force for good.” While Facebook has changed course due to this and other pressure regarding content posted or ads placed on its platform by most recently removing a Trump campaign ad with Nazi imagery, the company has not changed its position on allowing political ads with lies.
  • The UK’s contact tracing app fiasco is a master class in mismanagement” – MIT Technology Review. This after-action report on the United Kingdom’s National Health Service’s efforts to build its own COVID-19 contact tracing app is grim. The NHS is basically scrapping its work and opting for the Google/Apple API. However, the government in London is claiming “we will now be taking forward a solution that brings together the work on our app and the Google/Apple solution.” A far too ambitious plan married to organizational chaos led to the crash of the NHS effort.
  • Trump administration sees no loophole in new Huawei curb” – Reuters. Despite repeated arguments by trade experts the most recent United States Department of Commerce regulations on Huawei will not cut off access to high technology components, Secretary of Commerce Wilbur Ross claimed “[t]he Department of Commerce does not see any loopholes in this rule…[and] [w]e reaffirm that we will implement the rule aggressively and pursue any attempt to evade its intent.”
  • Defense Department produces list of Chinese military-linked companies” – Axios. Likely in response to a letter sent last year by Senate Minority Leader Chuck Schumer (D-NY) and Senator Tom Cotton (R-AR), the Department of Defense has finally fulfilled a requirement in the FY 1999 National Defense Authorization Act to update a list of “those persons operating directly or indirectly in the United States or any of its territories and possessions that are Communist Chinese military companies.” The DOD has complied and compiled a list of People’s Republic of China (PRC) entities linked to the PRC military. This provision in the FY 1999 NDAA also grants the President authority to “exercise International Emergency Economic Powers Act (IEEPA) authorities” against listed entities, which could include serious sanctions.
  • Andrew Yang is pushing Big Tech to pay users for data” – The Verge. Former candidate for the nomination of the Democratic Party for President Andrew Yang has stated the Data Dividend Project, “a movement dedicated to taking back control of our personal data: our data is our property, and if we allow companies to use it, we should get paid for it.” Additionally, “[i]ts primary objective is to establish and enforce data property rights under laws such as the California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020.” California Governor Gavin Newsom proposed a similar program in very vague terms in a State of California speech but never followed up on it, and Senator John Kennedy (R-LA) has introduced the “Own Your Own Data Act” (S. 806) to provide people with rights to sell their personal data.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Retha Ferguson from Pexels

Further Reading (5 May)

  • Australia Is Going To Make Facebook And Google Pay For The Journalism They Use” – BuzzFeed News and “French publishers win decisive battle against Google” – Politico EU. Australia’s Treasurer Josh Frydenberg explained in an op-ed that because Facebook and Google have not come to an agreement with the Australian Competition & Consumer Commission in “facilitat[ing] the development of a voluntary code of conduct governing the relationships between digital platforms and media businesses, the goal of which was to protect consumers, improve transparency and address the power imbalance between the parties.” Frydenberg is threatening to put in place a system under which the Australian government would force these companies to pay journalism outlets for using their content. The Australian government could release a mandatory code by July followed by legislation. France’s Autorité de la Concurrence has ordered Google to negotiate
  • Amazon used data from its sellers to create competing products: report” – The Hill. According to 20 former Amazon employees, the company is using data on products third parties sell on its platform to develop competing products contrary to the company’s frequent claims. These claims will surely be scrutinized by the U.S. Department of Justice, the Federal Trade Commission, the European Commission, and the House Judiciary Committee, all of which are already investigating the company.
  • Vietnam says accusations it hacked China for virus information ‘baseless’” – Reuters; “Vietnam alleged to have hacked Chinese organisations in charge of COVID-19 response” – The Register; “COVID-19 prompts Vietnam hackers to hit China health officials for info, say researchers” – CNET; and “Vietnam denies hacking Chinese organisations for coronavirus information” – South China Morning Post.Cybersecurity company, FireEye, released a report claiming in January Vietnam’s APT32 started trying to hack into the People’s Republic of China’s Ministry of Emergency Management and the government of Wuhan province looking for information on how the COVID-19 pandemic started. To no great surprise, Vietnam denied the reports.
  • Investors Bet Giant Companies Will Dominate After Crisis” – The New York Times. The COVID-19 pandemic may exacerbate and accelerate the growth and dominance of companies like Amazon and Apple. It may also result in more focus in Congress on antitrust and anti-competitive issues.
  • Exam anxiety: how remote test-proctoring is creeping students out” – The Verge. The online proctor business has boomed during the COVID-19 pandemic as universities and colleges are turning to these services to police the taking of exams by students. However, it is not clear these companies have the privacy, cybersecurity, and technological policies in place to allay fears among students and some educators.
  • A Scramble for Virus Apps That Do No Harm” – The New York Times. Governments around the world are pushing into use a range of different smartphone apps to track people with COVID-19 and with whom they may have interacted. However, a number of problems remain, including privacy, cybersecurity, whether governments should be allowed to access Bluetooth, location data, and people’s contacts. It is also proving a problem that in many place people are mostly not downloading the app. For example, Norway is on the high side of adoption at 30% of the population, a level that is far short of what is needed according to most conceptions of how this technology would ideally work. Some governments are looking at apps as part of their response.
  • Europe’s Privacy Law Hasn’t Shown Its Teeth, Frustrating Advocates” – The New York Times. There are many critics of the General Data Protection Regulation, arguing the nearly two-year data processing regime has largely been a failure. The reasons for these perceived shortcomings include enforcement is fractured among the European Union’s member nation’s data protection authorities (DPA), the relatively small budgets of these agencies, the years of appeals of decisions, the complexity of the issues posed by the cases, the number of complaints, and the over-sized role of Ireland’s DPA given that most tech giants have their European headquarters there. However, a number of ruling are expected this summer that may change views on the efficacy of the law.
  • Movie and TV Piracy Sees an ‘Unprecedented’ Spike During Quarantine” – VICE. As streaming services like Netflix are seeing surges in usage with significant parts of the world under various orders keeping people home, to no great surprise, illegal viewing has also exploded. However, the increase in the latter activities has jumped between 30-50% depending on the nation.

Further Reading (11 April)

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 here.

  • Taiwan joins Canada in banning Zoom for government video conferencing” – CBC and “Video service Zoom taking security seriously: U.S. government memo” – Reuters. The island nation joined Canada in banning the use of popular web conferencing app, Zoom, even though the company is allegedly addressing security concerns turned up over the last few weeks. Taiwan’s Cabinet cited “security concerns” without identifying those concerns in its statement recommending the use of other apps. However, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Federal Risk and Authorization Management Program reportedly issued a memorandum finding the government version of Zoom safe to use, which is different from its free or business versions. Citizen Lab has issued a report calling into question Zoom’s security, among other things, however.
  • We Saw NSO’s Covid-19 Software in Action, and Privacy Experts Are Worried” – Vice’s Motherboard. Israel’s NSO Group and Italy’s Cy4Gate have pitched systems to their respective governments and possibly others that would use people’s phones to track them in the name of preventing and tracing COVID-19. NSO Group’s system allegedly uses the contacts in one’s phone to suss out who a person has contacted or is liable to contact. Cy4Gate would rely more on location data to much the same aims. Questions have been raised from the perspective of civil liberties and privacy and effectiveness. Thus far, as far as is known, it has just been government agencies using location data although there is possibly help from private sector companies.
  • The Far-Right Helped Create The World’s Most Powerful Facial Recognition Technology” – HuffPost. A long read on Clearview AI and its ties to white supremacists, Neo-Nazis, and Peter Thiel, who has invested in Clearview and owns a large stake in Palantir which contracts with numerous federal agencies to provide data analytics. This epic examination of all the interconnections is worth the time.
  • The Humble Phone Call Has Made a Comeback” – The New York Times. In a somewhat surprising development, Verizon is saying that boring, vanilla wireless calls have risen by 50% and AT&T says the same on their networks has increased 35%. Everyone quoted in the article claims this is because sheltering-in-place Americans are looking for connection in the form of voice. The article hints that over the top call services like WhatsApp are also experiencing surges, and, of course, the now ubiquitous Zoom has experienced phenomenal growth. However, something the article touches on but does not develop is the possibility that internet capacity issues may be limiting video calls and so phone calls are a more appealing option.
  • As School Moves Online, Many Students Stay Logged Out” – The New York Times. As should not be a surprise for anyone with even just a rudimentary grasp of the Digital Divide, more affluent children are participating in distance learning programs at a much higher rate due to a variety of reasons, including a household’s inability to afford broadband service, an area’s spotty or non-existent coverage, or new duties foist on children by parents who still need to work outside the home. It would seem absent dramatic, even miraculous, changes in federal and state programs and funding, the gap between the digital haves and haves not will only grow with the differences in the education of American children growing as well.
  • Mass school closures in the wake of the coronavirus are driving a new wave of student surveillance” – The Washington Post. Another feature of digital life that has accelerated during the COVID-19 pandemic: online proctors for tests. However, allowing these proctors to access laptop cameras, microphones, and screens present all sorts of privacy issues, in addition to the other software and apps universities and high schools are using to surveil their students. More dramatically, some companies use facial recognition technology, eye-tracking software, and even predictive software to determine whether a student is cheating. Moreover, these companies get access to all sorts of sensitive student data in the name of ensuring the person taking the test is actually who she claims to be. And, many students have to pay fees for the service they are being forced to use.
  • WhatsApp to impose new limit on forwarding to fight fake news” – The Guardian. The popular messaging app is trying to slow the spread of COVID-19 misinformation and lies by setting new limits on the forwarding of certain messages. Now, if a message has been forwarded five or more times, a user will only be able to send it on to one person or chat at a time. In 2018, WhatsApp instituted a five person/chat forward limit in India where the mass forwarding of rumors and fake news led to the lynchings of more than 30 people who were allegedly kidnapping children. This limit was extended to the rest of the world in 2019. Presently, there are WhatsApp messages indicating that 5G is the cause of COVID-19 and all manner of pseudo-science and incorrect medical advice being sent via WhatsApp.

Further Reading (March 2)

  • Senior intelligence official told lawmakers that Russia wants to see Trump reelected” – Washington Post and “Lawmakers Are Warned That Russia Is Meddling to Re-elect Trump” – New York Times. According to these accounts of a briefing provided to the House Intelligence Committee by the Office of the Director of National Intelligence (DNI), the status report on ongoing, mutating Russian efforts to interfere with the 2020 election may both result in the acting DNI being denied the job permanently and an impairment of federal efforts to fend off Russian interference. Reportedly, the conclusion that Russia favors Trump over Democratic candidates angered both committee Republicans and the White House. With the departure of former acting DNI Joseph Maguire and the tapping of U.S. Ambassador to Germany Richard Grenell, a Trump loyalist with no intelligence experience, the Intelligence Community (IC) may limit the information it shares with Congress and the public.
  • Pay Up, Or We’ll Make Google Ban Your Ads” — Krebs on Security. A variation of ransomware has surfaced in which the purveyors threaten to overwhelm a website’s advertising through Google’s AdSense with bot traffic, causing Google to take down the ad, unless bitcoin is turned over. Another mutation of the seemingly lucrative ransomware trade.
  • 2014 Bloomberg Hoped the NSA Was “’Reading Every Email’” – The Intercept. The website unearthed a live event with Katie Couric at which former New York City Mayor and candidate for the Democratic nomination for President Mike Bloomberg endorsed National Security Agency surveillance and a notice and comment approach to privacy regarding private sector practices. However, these views are contrary to many in the Democratic party, and Bloomberg has taken other privacy and surveillance stances that may prove unacceptable to Democratic voters.
  • Retail Customer Data Exposure Spotlights Cloud Security Risk” – Bloomberg Law. Failing to properly set up the security for consumer data stored in the cloud resulted in a security firm being able to easily access information on millions of American households. A market analytics company did not configure security settings correctly and consequently the data on consumers being stored on Amazon’s cloud was accessible to anyone with credentials to log into AWS.
  • Hacker Eva Galperin Has a Plan to Eradicate Stalkerware” – WIRED. A security researcher with the Electronic Frontier Foundation (EFF) has convinced Kaspersky to treat spyware used by stalkers and estranged spouses as malware and hopes to talk the other antivirus companies into doing the same.
  • At Facebook, One Million Takedowns Per Day is Evidence of Failure, Not Success” – Council on Foreign Relations. In this piece, a cybersecurity expert argues that even if Facebook’s numbers on takedowns of fake accounts are accurate, there are still millions of fake accounts from which users may sow discord and disinformation. A case is made for Facebook to introduce validated accounts to ensure the person opening the account is an actual person and not a mischief maker.
  • Corporations are working with the Trump administration to control online speech” – Washington Post. In an opinion piece, Senator Ron Wyden (D-OR) defended Section 230 the same week the Department of Justice held a workshop on this provision of federal law that protects online platforms from legal liability for what its users post online. Following months of Trump Administration and Republican pushback on Section 230, Attorney General William Barr called for a reexamination of the legal shield. Wyden claimed the Administration and Republicans are looking to revise Section 230 with the foreseeable results that smaller platforms and those expressing disfavored viewpoints would be either litigated out of existence or silenced.
  • Lawyer: Assange was offered US pardon if he cleared Russia” – AP News and “Rohrabacher confirms he offered Trump pardon to Assange for proof Russia didn’t hack DNC email” – Yahoo News. Despite differing rationales as to why a U.S. pardon was being offered, both an attorney for Julian Assange and former Representative Dana Rohrabacher (R-CA) agree that a pardon was offered to Assange if he disclosed the source of the Democratic National Committee emails provided to Wikileaks. Assange’s lawyer claimed the pardon would be in exchange for stating Russia was not involved whereas Rohrabacher claimed the purpose was to confirm that deceased DNC staffer Seth Rich was the source. The White House denied any involvement.
  • How Saudi Arabia Infiltrated Twitter” – BuzzFeed News. This piece details the lack of internal security at Twitter that made the social media platform ripe to be infiltrated. Allegedly, two Saudis working for Twitter were recruited to inform the Saudi government about the Twitter accounts of Saudi dissidents throughout the world. One employee has been indicted and is being held in the U.S. while the other fled to Saudi Arabia. Moreover, the article suggests the U.S. and Israeli governments tried to get Twitter to turn over account information, but the company declined to do so.

Further Reading (February 27)

  • ‘The intelligence coup of the century’” – The Washington Post. A fascinating read of how the Central Intelligence Agency and National Security Agency and West Germany’s intelligence agency used a Swiss company, Crypto AG, to sell encryption machines to the governments of many countries that enabled the agencies to spy on their communications. This operation ran from the mid-1950’s through the last decade when end-to-end encryption in apps and devices rendered such machines superfluous. According to the source documents and sources, the Germans were appalled by the Americans insistence that even allies be spied upon. The revelations in this article may not help the Trump Administration make the case that Huawei and other Chinese companies are security risks.
  • Ransomware Attacks Grow, Crippling Cities and Businesses” – The New York Times. Experts continue to insist the actual number of ransomware attacks are underreported for a variety of reasons, including the fact many victims pay the ransom. However, the reported number of attacks and the average amount of demanded ransom continues to grow. Hackers are growing more creative in who they target and how they try to get payment. Worse still, these attacks are driving a number of smaller and mid-sized businesses to close down when they either choose not to pay the ransom or do not get their data unlocked, a common occurrence. 
  • Explained: Why The Feds Are Raiding Tech Companies For Medical Records” – Forbes. Law enforcement agencies are making requests of and receiving access from companies that hold vast amounts of medical records. This seems to be an area of data privacy that has not received much attention.
  • U.S. Officials Say Huawei Can Covertly Access Telecom Networks” – Wall Street Journal. According to British, German and U.S. officials, the Trump Administration has been providing evidence that Huawei maintains access through its hardware to telecommunications systems. However, Administration officials would not say whether Huawei or Chinese intelligence has used this access. Huawei denied ever having spied and asserted it would not heed Chinese intelligence if directed to do so. The company did not say whether it has or would allow Chinese intelligence operatives to access these alleged backdoors. Nonetheless, even with this purported evidence, both the U.K. and Germany appear to be willing to use Huawei equipment with certain security mitigation.
  • California’s new privacy law is off to a rocky start” – TechCrunch. There continues to be a wide range of compliance with the “California Consumer Privacy Act” (AB 375) and a nascent subindustry of tech companies to help California residents utilize their rights under the new privacy statute.
  • Judge orders Pentagon to stop work on JEDI cloud contract” – Politico. A federal court granted Amazon’s request to enjoin the Department of Defense’s $10 billion Joint Enterprise Defense Infrastructure cloud contract that was awarded to Microsoft. Amazon has argued that President Donald Trump’s tweets and other actions prejudiced the company during the procurement. It remains to be seen whether Amazon will prevail.
  • How Big Companies Spy on Your Emails” – Vice’s Motherboard. Turns out your email may be the subject of data mining and subsequent sharing of information gleaned from inboxes. The companies identified in the article claim they only utilized anonymized or pseudonymized data.
  • Personal Data of All 6.5 Million Israeli Voters Is Exposed” – The new York Times. An app used by Prime Minister Benjamin Netanyahu’s Likud Party made available the personal information of every voter in Israel through apparently shoddy data security or a mistake. White hat hackers flagged the problem, but it is not clear who, if anyone, may have accessed the information.
  • Someone Tried to Hack My Phone. Technology Researchers Accused Saudi Arabia.” – The New York Times. In June 2018, a reporter who has written extensively about the rise of Saudi Arabia’s crown prince, Mohammed bin Salman, was sent a suspicious text he never opened that one group of experts claim is Pegasus spyware developed by an Israeli security firm, the NSO Group. It may be malware similar to that sent to Amazon CEO Jeff Bezos phone that his security experts say was sent by Prince Mohammed. The NSO Group has denied any connection.
  • EXCLUSIVE: The cyber-attack the UN tried to keep under wraps” – The New Humanitarian. According to a still secret United Nations report, a sophisticated hacker broke into the servers of three offices, including the UN Office of the High Commissioner for Human Rights, and may have accessed and exfiltrated the information of UN personnel and people with whom they have worked. This report follows years of warnings that UN systems were vulnerable. Nonetheless, the UN has not publicly acknowledged the hack nor need they do so are they are exempt from data security regimes such as the General Data Protection Regulation.
  • Huawei denies German report it colluded with Chinese intelligence” – Reuters. The international news agency picked up on an article in a German publication, Handelsblatt, that detailed a classified paper sent by a think tank to the German government detailing the likely risks posed by technical backdoors in Huawei products. These backdoors could be used for surveillance or other practices, and the think tank concluded that considering China’s National Intelligence Law, Huawei would be required to use this access to help the Chinese government. Interestingly, Huawei denied that it had ever worked with Chinese intelligence, which was beside the point of the paper. In any event, the German government is said to be considering setting technical requirements high enough for its 5G networks to screen out Huawei without resorting to an out and out ban.
  • Federal Agencies Use Cellphone Location Data for Immigration Enforcement” – Wall Street Journal. DHS is buying cellphone location data from at least one private vendor to track, apprehend, and arrest non-U.S. citizens and residents in the U.S. While the Supreme Court has held that law enforcement agencies must obtain a warrant to directly use location data, it appears going to a private sector third-party may serve as a legal workaround. This may be the first of perhaps more ways law enforcement agencies are using and will use cellphone location data in investigating alleged crimes, and critics argue the potential for abuse is high given the lack of oversight.
  • EU Deepens Antitrust Inquiry Into Facebook’s Data Practices” – Wall Street Journal. The European Commission (EC) is continuing and deepening its investigation into Facebook’s alleged anticompetitive practices of advantaging or disadvantaging its partners with respect to accessing user data on the basis of perceived threat to the social media giant. The EC claims such practices are inherently anticompetitive and in violation of European Union law, while Facebook has denied the allegations and has characterized the EC’s efforts to obtain internal communications as unacceptably broad. The EC’s examination of Facebook follows other allegations of the company’s possibly anticompetitive practices, notably a lawsuit brought by app developer Six4Three and the two troves of Facebook documents that have been released (here and here.)
  • The Billion-Dollar Disinformation Campaign to Reelect the President” – The Atlantic. A very deep examination of the playbook the Trump reelection campaign is expanding for this year’s election, including disinformation, attacks on the media, and other methods to so muddy the waters that people will have trouble telling truth from fiction.

Further Reading (January 27)

Further Reading (December 17)

Further Reading (December 8)

  • Big Tech’s Big Defector“ – The New Yorker. Roger McNamee was one of the pioneer investors in Silicon Valley, including companies like Facebook, and now condemns many of the data privacy practices the largest technology engage in. This article surveys a number of possible remedies, including banning transfers of data to third parties, imposing a fiduciary duty of companies that collect and process data, and levy a tax on injurious collection and divisive content on platforms.
  • UN Secretary-General: US-China Tech Divide Could Cause More Havoc Than the Cold War“ – WIRED. Secretary-General António Guterres predicts that a major war could be started with one country utilizing a cyberattack on another country. In this wide-ranging interview, Guterres opines on autonomous weapons, geostrategic social and technological divides. Also, on how technology can help and hurt humans and the flourishing of democracy.
  • The California DMV Is Making $50M a Year Selling Drivers’ Personal Information” – VICE. Even with the pending effective date of the “California Consumer Privacy Act,” there is a significant loophole through which sensitive data about Californians is being sold to data brokers and others: the DMV. In a public records request, VICE found out the DMV earned $50 million last year selling such data, and California is not the only state doing this.
  • Imagine Being on Trial. With Exonerating Evidence Trapped on Your Phone.” – The New York Times. An eye-opening investigation on the huge gap between the technological and legal resources available to prosecutors and largely out of reach for public defenders. Even though smartphones and the trove of data they hold could better help courts get to the truth of many criminal matters, public defenders are either not able to afford technology prosecutors typically use to extract data from phones but they also cannot issue warrants to tech companies which frequently rebuff the subpoenas they issue. As a side note, one company, Grayshift, offers technology to prosecutors to access the data on encrypted iPhones, suggesting there are means for law enforcement to break encrypted communications.
  • Exclusive: China’s ByteDance moves to ringfence its TikTok app amid U.S. probe – sources” ­– Reuters. In the face of a Committee on Foreign Investment in the United States (CFIUS) review, TikTok’s parent, ByteDance, is reportedly putting in place systems to ensure separation between the data collected by TikTok and the data collected by the parent company.
  • U.S. Tech Companies Prop Up China’s Vast Surveillance Network” – The Wall Street Journal. Through minority partnerships or other arrangements, the technology of a number of American firms are being used by Chinese firms to assist in surveillance and oppression in China. The U.S. firms typically claim not to know the end uses but profess their opposition to the types of tactics used in China.

Further Reading (23 November)

  • Meet The Immigrants Who Took On Amazon”Wired. This article traces a burgeoning movement of workers at an Amazon fulfillment center in Minneapolis-St. Paul comprised largely of Somali immigrants to win some concessions from management. The article also traces Amazon’s view on unionizing (not surprisingly, it’s not favorable) and its employment practices. Whether the efforts of Amazon workers at this warehouse spread to other facilities remains to be seen.
  • Child Abusers Run Rampant as Tech Companies Look the Other Way” – The New York Times. A horrific expose on how poorly technology platforms are doing in identifying and taking down child pornography. A number of the tech companies claim security and privacy are the reasons they do not scan the pictures and videos uploaded to their networks, law enforcement officials and other stakeholders decry a lack of will. Worse still, tech companies are not sharing technology to identify this illegal material or are not sharing proprietary methods. Moreover, end-to-end encryption is only complicating matters.
  • “He’s F–King Destroyed This Town”: How Mark Zuckerberg Became The Most Reviled Man In Tech” ­– Vanity Fair. Once widely admired among the tech community in Northern California, Facebook’s CEO is a bit less admired these days on account of the company’s bruising (some say illegal) business tactics and how its actions portray the larger tech world.
  • Yes, Robots Are Stealing Your Job” – The New York Times. Candidate for the Democratic nomination for president, Andrew Yang, shares his views on automation and why many current and future jobs may soon not be available for humans. He discusses his proposal on how to help those displaced by the coming wave of automation, including a universal basic income.
  • How Facebook’s ‘Switcheroo’ plan concealed scheme to kill popular apps” – ComputerWeekly.com. An investigative journalist got his hands on thousands of pages of documents showing Facebook’s methods of dealing with competitors and potential rivals, which a former app developer is alleging in a California state court violates antitrust laws. In addition to the outlets reporting on these documents, the cache of internal Facebook communications have been provided to the House Judiciary Committee for its investigation into digital markets.
  • Microsoft vows to ‘honor’ California’s sweeping privacy law across entire US” – The Verge. Just as with the GDPR, Microsoft says it will voluntarily honor the “core” principles of the CCPA when it becomes effective.

Further Reading (15 November)

  • The Porch Pirate of Potrero Hill Can’t Believe It Came to This” – The Atlantic. How technology intersects with and possibly exacerbates long entrenched societal problems. A fascinating read starting with someone stealing Amazon packages in a rapidly gentrifying San Francisco neighborhood.
  • Why Do We Tolerate Saudi Money in Tech?” – The New York Times and “Former Twitter employees charged with spying for Saudi Arabia by digging into the accounts of kingdom critics” – The Washington Post. Unsealed indictments show that agents working for the Saudi regime used Twitter to track critics of the government, and questions have been posed regarding the effect of a Saudi prince’s stake in Twitter that is the second largest bloc of shares and bigger than CEO Jack Dorsey. It is likely that many countries around the world will continue to seek to penetrate Twitter and other giant social media platforms to mine the information for a range of goals, not least of which will be spying on enemies.
  • Facebook’s Rebrand Addresses Its $5 Billion FTC Settlement” – BuzzFeed News. Critics claim Facebook’s all capitals rebrand is an attempt to forestall action by regulators that its ownership of WhatsApp and Instagram is deceptive and to also to stave off attempts to split up the company.
  • Inside the Valentine’s Day Text Message Mystery” – The New York Times. Last week thousands of SMS messages sent on Valentine’s Day 2019 arrived on people’s phones, causing understandable confusion. The explanations from telecommunications companies as to why this happened were vague, but eventually the fingered was pointed at Syniverse Technologies, a third-party messaging service that admitted the wave of messages was caused when a server that crashed on February 14 was reactivated.
  • In the Trump era, Oracle holds tech sway” – Axios. In part because of CEO Safra Catz’s support for President Donald Trump, and in part because of its different business model, Oracle has escaped the lashing the larger technology companies have endured of late.
  • Facebook considering limits on targeted campaign ads” – Politico. Vice-President for Global Affairs and Communications and former British Deputy Prime Minister Nick Clegg reveals that Facebook may forgo the microtargeting of users that allowed for personalized political ads in 2016 that many argue amplified the dynamics of the 2016 election and allowed disinformation to be all the more effective. Facebook’s floating of this policy change came after Google signaled it might limit political advertising, and Twitter swore off paid political ads. These may be signs that the scrutiny and pressure that accompany political advertising may not be worth the revenue.
  • Why has a privacy app used by Edward Snowden hit the NBA, NFL and NCAA?” – yahoo! sports. Signal has displaced WhatsApp as the go-to messaging in professional North American sports for players, agents, and executives because of the app’s reputation as the safest, most secure app available. It also helps cover potentially unethical conduct because of the setting that automatically deletes communications.