Further Reading, Other Developments, and Coming Events (8 September)

Here is today’s Further Reading, Other Developments, and Coming Events.

Coming Events

  • The United States-China Economic and Security Review Commission will hold a hearing on 9 September on “U.S.-China Relations in 2020: Enduring Problems and Emerging Challenges” to “evaluate key developments in China’s economy, military capabilities, and foreign relations, during 2020.”
  • On 10 September, the General Services Administration (GSA) will have a webinar to discuss implementation of Section 889 of the “John S. McCain National Defense Authorization Act (NDAA) for FY 2019” (P.L. 115-232) that bars the federal government and its contractors from buying the equipment and services from Huawei, ZTE, and other companies from the People’s Republic of China.
  • The Federal Communications Commission (FCC) will hold a forum on 5G Open Radio Access Networks on 14 September. The FCC asserted
    • Chairman [Ajit] Pai will host experts at the forefront of the development and deployment of open, interoperable, standards-based, virtualized radio access networks to discuss this innovative new approach to 5G network architecture. Open Radio Access Networks offer an alternative to traditional cellular network architecture and could enable a diversity in suppliers, better network security, and lower costs.
  • The Senate Judiciary Committee’s Antitrust, Competition Policy & Consumer Rights Subcommittee will hold a hearing on 15 September titled “Stacking the Tech: Has Google Harmed Competition in Online Advertising?.” In their press release, Chair Mike Lee (R-UT) and Ranking Member Amy Klobuchar (D-MN) asserted:
    • Google is the dominant player in online advertising, a business that accounts for around 85% of its revenues and which allows it to monetize the data it collects through the products it offers for free. Recent consumer complaints and investigations by law enforcement have raised questions about whether Google has acquired or maintained its market power in online advertising in violation of the antitrust laws. News reports indicate this may also be the centerpiece of a forthcoming antitrust lawsuit from the U.S. Department of Justice. This hearing will examine these allegations and provide a forum to assess the most important antitrust investigation of the 21st century.
  • The United States’ Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced that its third annual National Cybersecurity Summit “will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7:”
    • September 16: Key Cyber Insights
    • September 23: Leading the Digital Transformation
    • September 30: Diversity in Cybersecurity
    • October 7: Defending our Democracy
    • One can register for the event here.
  • On 22 September, the Federal Trade Commission (FTC) will hold a public workshop “to examine the potential benefits and challenges to consumers and competition raised by data portability.”
  • The Senate Judiciary Committee’s Antitrust, Competition Policy & Consumer Rights Subcommittee will hold a hearing on 30 September titled ““Oversight of the Enforcement of the Antitrust Laws” with Federal Trade Commission Chair Joseph Simons and United States Department of Justice Antitrust Division Assistant Attorney General Makan Delhrahim.
  • The Federal Communications Commission (FCC) will hold an open meeting on 30 September, but an agenda is not available at this time.

Other Developments

  • The National Institute of Standards and Technology (NIST) announced a 15 and 16 September webinar to discuss its Draft Outline of Cybersecurity Profile for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. NIST stated it “seeks insight and feedback on this Annotated Outline to improve the PNT cybersecurity profile, which is scheduled for publication in February 2021…[and] [a]reas needing more input include feedback on the description of systems that use PNT services and the set of standards, guidelines, and practices addressing systems that use PNT services.” NIST explained that “[t]hrough the Profile development process, NIST will engage the public and private sectors on multiple occasions to include a request for information, participation in workshops, solicitation of feedback on this annotated outline, and public review and comment on the draft Profile.” The agency added “[t]he Profile development process is iterative and, in the end state, will identify and promote the responsible use of PNT services from a cybersecurity point of view.”
    • In June, NIST released a request for information (RFI) “about public and private sector use of positioning, navigation, and timing (PNT) services, and standards, practices, and technologies used to manage cybersecurity risks, to systems, networks, and assets dependent on PNT services.” This RFI is being undertaken per direction in a February executive order (EO) to serve as the foundation for the Trump Administration’s efforts to lessen the reliance of United States’ (U.S.) critical infrastructure on current PNT systems and services. Specifically, the EO seeks to build U.S. capacity to meet and overcome potential disruption or manipulation of the PNT systems and services used by virtually every key sector of the public and private sectors of the U.S.
    • NIST explained “Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services, was issued on February 12, 2020 and seeks to protect the national and economic security of the United States from disruptions to PNT services that are vital to the functioning of technology and infrastructure, including the electrical power grid, communications infrastructure and mobile devices, all modes of transportation, precision agriculture, weather forecasting, and emergency response.” The EO directed NIST “to develop and make available, to at least the appropriate agencies and private sector users, PNT profiles.” NIST said “[r]esponses to this RFI will inform NIST’s development of a PNT profile, using the NIST Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework), that will enable the public and private sectors to identify systems, networks, and assets dependent on PNT services; identify appropriate PNT services; detect the disruption and manipulation of PNT services; and manage the associated cybersecurity risks to the systems, networks, and assets dependent on PNT services.”
    • The EO defines the crucial term this RFI uses: “PNT profile” means a description of the responsible use of PNT services—aligned to standards, guidelines, and sector-specific requirements—selected for a particular system to address the potential disruption or manipulation of PNT services.
    • In April, the Department of Homeland Security (DHS) released a Congressionally required report, “Report on Positioning, Navigation, and Timing (PNT) Backup and Complementary Capabilities to the Global Positioning System (GPS)” as required by Section 1618 of the “2017 National Defense Authorization Act (NDAA) (P.L. 114–328) that was due in December 2017. DHS offered “recommendations to address the nation’s PNT requirements and backup or complementary capability gaps.”
  • Switzerland’s Federal Data Protection and Information Commissioner (FDPIC) has reversed itself and decided that the Swiss-U.S. Privacy Shield does not provide adequate protection for Swiss citizens whose data is transferred for processing into the United States (U.S.) However, it does not appear that there will be any practical effect as of yet. The FDPIC determined that the agreement “does not provide an adequate level of protection for data transfer from Switzerland to the US pursuant to the Federal Act on Data Protection (FADP).” This decision comes two months after the Court of Justice of the European Union (CJEU) struck down the European Union-U.S. Privacy Shield. The FDPIC noted this determination followed “his annual assessment of the Swiss-US Privacy Shield regime and recent rulings on data protection by the CJEU.” The FDPIC also issued a policy paper explaining the determination. The FDPIC added
    • As a result of this assessment, which is based on Swiss law, the FDPIC has deleted the reference to ‘adequate data protection under certain conditions’ for the US in the FDPIC’s list of countries. Since the FDPIC’s assessment has no influence on the continued existence of the Privacy Shield regime, and those concerned can invoke the regime as long as it is not revoked by the US, the comments on the Privacy Shield in the list of countries will be retained in an adapted form.
  • The United States Department of Defense (DOD) released its statutorily required annual report on the People’s Republic of China (PRC) that documented the rising power of the nation, especially with respect to cybersecurity and information warfare. The Pentagon noted
    • 2020 marks an important year for the People’s Liberation Army (PLA) as it works to achieve important modernization milestones ahead of the Chinese Communist Party’s (CCP) broader goal to transform China into a “moderately prosperous society” by the CCP’s centenary in 2021. As the United States continues to respond to the growing strategic challenges posed by the PRC, 2020 offers a unique opportunity to assess both the continuity and changes that have taken place in the PRC’s strategy and armed forces over the past two decades.
    • Regarding Cyberwarfare, the DOD asserted
      • The development of cyberwarfare capabilities is consistent with PLA writings, which identify Information Operations (IO) – comprising cyber, electronic, and psychological warfare – as integral to achieving information superiority and as an effective means for countering a stronger foe. China has publicly identified cyberspace as a critical domain for national security and declared its intent to expedite the development of its cyber forces.
      • The PRC presents a significant, persistent cyber espionage and attack threat to military and critical infrastructure systems. China seeks to create disruptive and destructive effects—from denial-of- service attacks to physical disruptions of critical infrastructure— to shape decision-making and disrupt military operations in the initial stages of a conflict by targeting and exploiting perceived weaknesses of militarily superior adversaries. China is improving its cyberattack capabilities and has the ability to launch cyberattacks—such as disruption of a natural gas pipeline for days to weeks—in the United States.
      • PLA writings note the effectiveness of IO and cyberwarfare in recent conflicts and advocate targeting C2 and logistics networks to affect an adversary’s ability to operate during the early stages of conflict. Authoritative PLA sources call for the coordinated employment of space, cyber, and EW as strategic weapons to “paralyze the enemy’s operational system of systems” and “sabotage the enemy’s war command system of systems” early in a conflict. Increasingly, the PLA considers cyber capabilities a critical component in its overall integrated strategic deterrence posture, alongside space and nuclear deterrence. PLA studies discuss using warning or demonstration strikes—strikes against select military, political, and economic targets with clear “awing effects”—as part of deterrence. Accordingly, the PLA probably seeks to use its cyberwarfare capabilities to collect data for intelligence and cyberattack purposes; to constrain an adversary’s actions by targeting network-based logistics, C2, communications, commercial activities, and civilian and defense critical infrastructure; or, to serve as a force-multiplier when coupled with kinetic attacks during armed conflict.
      • The PLA’s ongoing structural reforms may further change how the PLA organizes and commands IO, particularly as the Strategic Support Force (SSF) evolves over time. By consolidating cyber and other IO-related elements, the SSF likely is generating synergies by combining national-level cyber reconnaissance, attack, and defense capabilities in its organization.
    • The DOD also noted the PLA’s emphasis on intelligentized warfare:
      • The PLA sees emerging technologies as driving a shift to “intelligentized” warfare from today’s “informatized” way of war. PLA strategists broadly describe intelligentized warfare as the operationalization of artificial intelligence (AI) and its enabling technologies, such as cloud computing, big data analytics, quantum information, and unmanned systems, for military applications. These technologies, according to PRC leaders—including Chairman Xi Jinping— represent a “Revolution in Military Affairs” for which China must undertake a whole-of-government approach to secure critical economic and military advantages against advanced militaries.
  • The United States’ (U.S.) Citizenship and Immigration Services (USCIS) of the Department of Homeland Security (DHS) is proposing a rule “to amend DHS regulations concerning the use and collection of biometrics in the enforcement and administration of immigration laws by USCIS, U.S. Customs and Border Protection (CBP), and U.S. Immigration and Customs Enforcement (ICE).”
    • USCIS further explained:
    • First, DHS proposes that any applicant, petitioner, sponsor, beneficiary, or individual filing or associated with an immigration benefit or request, including United States citizens, must appear for biometrics collection without regard to age unless DHS waives or exempts the biometrics requirement.
    • Second, DHS proposes to authorize biometric collection, without regard to age, upon arrest of an alien for purposes of processing, care, custody, and initiation of removal proceedings.
    • Third, DHS proposes to define the term biometrics.
    • Fourth, this rule proposes to increase the biometric modalities that DHS collects, to include iris image, palm print, and voice print.
    • Fifth, this rule proposes that DHS may require, request, or accept DNA test results, which include a partial DNA profile, to prove the existence of a claimed genetic relationship and that DHS may use and store DNA test results for the relevant adjudications or to perform any other functions necessary for administering and enforcing immigration and naturalization laws.
    • Sixth, this rule would modify how VAWA and T nonimmigrant petitioners demonstrate good moral character, as well as remove the presumption of good moral character for those under the age of 14. 
    • Lastly, DHS proposes to further clarify the purposes for which biometrics are collected from individuals filing immigration applications or petitions, to include criminal history and national security background checks; identity enrollment, verification, and management; secure document production, and to administer and enforce immigration and naturalization laws.

Further Reading

  • State aid helps China tech leaders shrug off US sanctions” By Kenji Kawase – Nikkei Asian Review. A number of companies placed on the United States’ no-trade list have received generous subsidies from their government in Beijing. The People’s Republic of China (PRC) sees the health of a number of these companies as vital to its long term development and is willing to prop them up. Some companies have received multiples of their net profit to keep them afloat.
  • Facebook Says Trump’s Misleading Post About Mail-In Voting Is OK. Employees Say It’s Not.” By Craig Silverman and Ryan Mac – BuzzFeed News. There is more internal dissension at Facebook even after the company’s announcement it would not accept political advertising the last week of the election and correct misinformation about voting. Within hours of this policy change, President Donald Trump encouraged voters to possibly vote twice, which many Facebook employees saw as a violation of the new policy. The company disagreed and appended a claim from a bipartisan think tank study finding that mail-in voting is largely fraud free.
  • Why Facebook’s Blocking of New Political Ads May Fall Short” By Davey Alba and Sheera Frenkel – The New York Times. This piece explains in detail why Facebook’s new policy to combat political misinformation is likely to fall quite short of addressing the problem.
  • Student arrested for cyberattack against Miami schools used ‘easy to prevent’ program” By Colleen Wright and David Ovalle – Miami Herald. The United States’ fourth largest school district fell victim to a distributed denial of service attack launched by a 16-year-old student using more than a decade old tools downloaded from the internet. This unnamed hacker foiled the Miami-Dade school district’s first three days of online classes, raising questions about the cybersecurity of the school system if such an old attack succeeded so easily and how safe the personal information of students is in this school system and others around the country.
  • Trump and allies ratchet up disinformation efforts in late stage of campaign” By Ashley Parker – The Washington Post. It has been apparent for some that President Donald Trump and a number of his Republican allies are intentionally or recklessly spreading false information to try to help his campaign cover ground against frontrunner former Vice President Joe Biden. The goal is to so muddy the waters that the average person will neither be able to discern the truth of a claim not be concerned about doing so. This approach is the very same Russia’s leader Vladimir Putin has successfully executed in pushing his country into a post-truth world. Experts are warning that a continuation of this trend in the United States (U.S.) could wreak potentially irreparable harm.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by wal_172619 from Pixabay

Further Reading, Other Developments, and Coming Events (2 September)

Here is today’s Further Reading, Other Developments, and Coming Events

Coming Events

  • The United States-China Economic and Security Review Commission will hold a hearing on 9 September on “U.S.-China Relations in 2020: Enduring Problems and Emerging Challenges” to “evaluate key developments in China’s economy, military capabilities, and foreign relations, during 2020.”
  • On 10 September, the General Services Administration (GSA) will have a webinar to discuss implementation of Section 889 of the “John S. McCain National Defense Authorization Act (NDAA) for FY 2019” (P.L. 115-232) that bars the federal government and its contractors from buying the equipment and services from Huawei, ZTE, and other companies from the People’s Republic of China.
  • The Federal Communications Commission (FCC) will hold a forum on 5G Open Radio Access Networks on 14 September. The FCC asserted
    • Chairman [Ajit] Pai will host experts at the forefront of the development and deployment of open, interoperable, standards-based, virtualized radio access networks to discuss this innovative new approach to 5G network architecture. Open Radio Access Networks offer an alternative to traditional cellular network architecture and could enable a diversity in suppliers, better network security, and lower costs.
  • The Senate Judiciary Committee’s Antitrust, Competition Policy & Consumer Rights Subcommittee will hold a hearing on 15 September titled “Stacking the Tech: Has Google Harmed Competition in Online Advertising?.” In their press release, Chair Mike Lee (R-UT) and Ranking Member Amy Klobuchar (D-MN) asserted:
    • Google is the dominant player in online advertising, a business that accounts for around 85% of its revenues and which allows it to monetize the data it collects through the products it offers for free. Recent consumer complaints and investigations by law enforcement have raised questions about whether Google has acquired or maintained its market power in online advertising in violation of the antitrust laws. News reports indicate this may also be the centerpiece of a forthcoming antitrust lawsuit from the U.S. Department of Justice. This hearing will examine these allegations and provide a forum to assess the most important antitrust investigation of the 21st century.
  • The United States’ Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced that its third annual National Cybersecurity Summit “will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7:”
    • September 16: Key Cyber Insights
    • September 23: Leading the Digital Transformation
    • September 30: Diversity in Cybersecurity
    • October 7: Defending our Democracy
    • One can register for the event here.
  • On 22 September, the Federal Trade Commission (FTC) will hold a public workshop “to examine the potential benefits and challenges to consumers and competition raised by data portability.”
  • The Senate Judiciary Committee’s Antitrust, Competition Policy & Consumer Rights Subcommittee will hold a hearing on 30 September titled ““Oversight of the Enforcement of the Antitrust Laws” with Federal Trade Commission Chair Joseph Simons and United States Department of Justice Antitrust Division Assistant Attorney General Makan Delhrahim.
  • The Federal Communications Commission (FCC) will hold an open meeting on 30 September, but an agenda is not available at this time.

Other Developments

  • The Department of Commerce’s Bureau of Industry and Security (BIS) released for comment an advanced notice of proposed rulemaking to implement a provision from a 2018 rewrite of the United States (U.S.) export control of certain technology, namely “foundational technology” in this case. The Export Control Reform Act (ECRA) (P.L. 115-232) required the Department of Commerce to establish “a regular, ongoing interagency process to identify emerging and foundational technologies,” and Commerce began the process with an advanced notice of proposed rulemaking to identify only emerging technologies in November 2018. Yet the agency has not followed up with draft regulations on managing the export control process for emerging technologies. BIS explained
    • Pursuant to the Export Control Reform Act of 2018, BIS and its interagency partners are engaged in a process to identify emerging and foundational technologies that are essential to the national security of the United States. Foundational technologies essential to the national security are those that may warrant stricter controls if a present or potential application or capability of that technology poses a national security threat to the United States. In order to determine if technologies are foundational, BIS will evaluate specific items, including items currently subject only to anti-terrorism (AT) controls on the CCL or those designated as EAR99.
    • Under ECRA, emerging and foundational technologies are those technologies that are essential to the national security of the United States and are not critical technologies described in Section 721(a)(6)(A)(i)-(v) of the Defense Production Act of 1950, as amended (DPA).
    • Section 1758 of ECRA requires that foundational technologies be identified, and that BIS establish appropriate controls for that technology under the EAR. At a minimum, such controls would apply to countries subject to an embargo, including an arms embargo, imposed by the United States.
    • ECRA also requires that the interagency process is to take into account:
      • The development of foundational technologies in foreign countries;
      • The effect export controls may have on the development of such technologies in the United States; and
      • The effectiveness of export controls imposed pursuant to ECRA on limiting the proliferation of foundational technologies to foreign countries.
  • The Privacy Commissioner of Canada Daniel Therrien responded to an inquiry from Members of Parliament “about the privacy implications of the federal government’s COVID-19 exposure notification application (COVID Alert) and the ArriveCAN application.” The OPC explained
    • Our review of the COVID Alert application highlighted serious weaknesses with our current federal privacy legislation. In this case, the government took the position that its privacy laws do not apply in light of its assertion that personal information is not collected by the application. Further, while the design of the application is good, and that the government has agreed to be subject to an independent review, the government was not bound to make these commitments. The government chose to respect the principles put forth in our guidance documents because public trust is vital to the application’s success. However, without robust laws, other programs and applications could be introduced in the future that are not so privacy-sensitive.
  • The Department of Commerce’s Bureau of Industry and Security (BIS) “added 24 Chinese companies to the Entity List for their role in helping the Chinese military construct and militarize the internationally condemned artificial islands in the South China Sea,” including a number of technology companies. BIS explained:
    • The Entity List is a tool utilized by BIS to restrict the export, re-export, and transfer (in-country) of items subject to the Export Administration Regulations (EAR) to persons (individuals, organizations, companies) reasonably believed to be involved, or to pose a significant risk of becoming involved, in activities contrary to the national security or foreign policy interests of the United States.
    • Additionally, in a related action, “the Department of State will begin imposing visa restrictions on People’s Republic of China (PRC) individuals responsible for, or complicit in, either the large-scale reclamation, construction, or militarization of disputed outposts in the South China Sea, or the PRC’s use of coercion against Southeast Asian claimants to inhibit their access to offshore resources.” The Department of State stated that “[t]hese individuals will now be inadmissible into the United States, and their immediate family members may be subject to these visa restrictions as well.”
  • The Trump Administration announced “more than $1 billion in awards for the establishment of 12 new AI and QIS research and development (R&D) institutes nationwide,” a substantial portion of which Congress would need to appropriate in future years. The White House claimed the National Science Foundation’s (NSF) Artificial Intelligence (AI) Research Institutes and the Department of Energy’s (DOE) quantum information science (QIS) Research Centers “will serve as national R&D hubs for these critical industries of the future, spurring innovation, supporting regional economic growth, and training our next generation workforce.”
  • The Trump Administration explained:
    • The National Science Foundation and additional Federal partners are awarding $140 million over five years to a total of seven NSF-led AI Research Institutes. These collaborative research and education institutes will focus on a range of AI R&D areas, such as machine-learning, synthetic manufacturing, precision agriculture, and forecasting prediction. Research will take place at universities around the country, including the University of Oklahoma at Norman, the University of Texas at Austin, the University of Colorado at Boulder, the University of Illinois at Urbana-Champaign, the University of California at Davis, and the Massachusetts Institute of Technology.
    • NSF anticipates making additional AI Research Institute awards in the coming years, with more than $300 million in total awards, including contributions from partner agencies, expected by next summer. Overall, NSF invests more than $500 million in artificial intelligence activities annually and is the largest Federal driver of nondefense AI R&D.
    • To establish the QIS Research Centers, DOE is announcing up to $625 million over five years to five centers that will be led by DOE National Laboratory teams at Argonne, Brookhaven, Fermi, Oak Ridge, and Lawrence Berkeley National Laboratories. Each QIS Center will incorporate a collaborative research team spanning multiple institutions as well as scientific and engineering disciplines. The private sector and academia will be providing another $300 million in contributions for the centers.

Further Reading

  • Facebook takes down Russian operation that recruited U.S. journalists, amid rising concerns about election misinformation” By Elizabeth Dwoskin and Craig Timberg – The Washington Post; “Russians Again Targeting Americans With Disinformation, Facebook and Twitter Say” By Sheera Frenkel and Julian E. Barnes; “Russian internet trolls hired U.S. journalists to push their news website, Facebook says” By Kevin Collier and Ken Dilanian – NBC News. In what is more evidence that the Russian Federation’s tactics have changed even though its goals have not, Facebook and Twitter announced the takedown of content written by Americans for a fake new source created and run by the Internet Research Agency. The purported online publications, Peace Data, has posted a number of articles aimed at turning far left voters off to the Biden-Harris campaign. In a sign of evolution, however, they hired freelance American journalists to write content that was then amplified elsewhere on the internet. A very curious aspect of this incident is why the FBI merely tipped off Facebook and Twitter instead of a more vigorous approach to addressing efforts to again create distrust and chaos in a U.S. election. One of the articles claims the FBI does not respond to state-sponsored influence operations as they may not be against U.S. law.
  • Big Tech Embraces New Cold War Nationalism” By JS Tan – Foreign Policy. This piece argues that Silicon Valley’s worldview and strategies have changed now in large part because of the rise of companies from the People’s Republic of China (PRC) like Huawei, TikTok, Tencent, and Alibaba. Now companies like Facebook and Google are discarding their internationalist, neoliberal approach and have aligned themselves with the United States (U.S.) government for a variety of reasons, including an inability to compete fairly inside the PRC. However, Silicon Valley and Washington’s interests on the PRC may be aligned, but in a number of other, very significant ways, especially with the current government, there are considerable differences.
  • Amazon Is Spying on Its Workers in Closed Facebook Groups, Internal Reports Show” By Lauren Kaori Gurley and Joseph Cox – Vice. Another article about the online giant’s distaste for unions and labor organizing activity. In this piece, we learn that Amazon is monitoring public posts by Amazon Flex drivers and possibly even penetrating closed or private groups on platforms like Facebook and hen reportedly extensively inside the company on The other day, Vice broke a story about Amazon posting two positions for intelligence analysts to help the company track labor organizing. The company took down the positions after the story was posted.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by WikiImages from Pixabay

Senate Intelligence Committee Issues Final Russia Report

The committee examined the counterintelligence component of Russia’s interference in the 2016 election and made recommendations out of proportion with the alleged conduct.

The Senate Intelligence Committee released the fifth and final volume of its investigation into Russia’s interference with the 2016 presidential election in favor of the Trump Campaign. This volume focused on the counterintelligence aspect of the 2016 election. However, even though the committee detailed extensive troubling communication and connection between the Trump Campaign and likely Russian Federation intelligence operatives, the committee is not recommending much in the way of statutory or regulatory changes to prevent future interactions and influence campaigns of this ilk. A number of the recommendations would likely prove helpful, but the committee is stopping short of making the sort of sweeping recommendations one might expect given the breadth and enormity of Russian interference in 2016 and during the current election.

In its press release, the committee explained “Volume 5: Counterintelligence Threats and Vulnerabilities,” “examines Russia’s attempts to gain influence in the American political system during the 2016 elections.” The committee explained that it

found that the Russian government engaged in an aggressive, multi-faceted effort to influence, or attempt to influence, the outcome of the 2016 presidential election. Parts of this effort are outlined in the Committee’s earlier volumes on election security, social media, the Obama Administration’s response to the threat, and the January 2017 Intelligence Community Assessment (ICA).

The committee stated “[t]he fifth and final volume focuses on the counterintelligence threat, outlining a wide range of Russian efforts to influence the Trump Campaign and the 2016 election…[and] lays out its findings in detail by looking at many aspects of the counterintelligence threat posed by the Russian influence operation.” The committee asserted

While the Committee does not describe the final result as a complete picture, this volume provides the most comprehensive description to date of Russia’s activities and the threat they posed. This volume presents this information in topical sections in order to address coherently and in detail the wide variety of Russian actions. The events explained in these sections in many cases overlap, and references in each section will direct the reader to those overlapping parts of the volume. Immediately below is a summary of key findings from several sections.

The committee stated its “inquiry highlighted several ways in which hostile actors were able to capitalize on gaps in laws or norms and exert influence…[and] [t]hose areas included unclear laws regarding foreign advocacy, flawed assumptions about what intelligence activity looks like, and a campaign’s status as a private entity intertwined with the structures of democracy.” The committee contended “[f]urther, the freedom of expression at the root of our democratic society became an opportunity for Russian influence to hide in plain sight.”

The committee explained that its recommendations “present a variety of paths through which Congress, the executive branch, and private entities and individuals can and should begin to respond to these threats, both jointly and independently.” The committee vowed that “[t]hese recommendations, however, do not mark the end of the Committee’s work in this space, which requires ongoing vigilance by the United States government and further consideration of legislative and policy responses.” The committee pledged to “continue to evaluate and consider the results of this investigation as part of its ongoing oversight and legislative responsibilities and its efforts to understand and address malign foreign interference targeting U.S. democratic processes.”

The committee called for updating and more vigorously enforcing the law that requires those acting for foreign governments to register and abide by, greater awareness of foreign influence and intelligence operations, better outreach by the Federal Bureau of Investigation (FBI) to targeted campaigns, and to expand Congressional power visa vis expansive, novel claims of executive privilege, the types of which the Trump Administration has extensively made throughout the investigation.

The Senate Intelligence Committee made the following recommendations:

1. Review, Update, and Enforce the Foreign Agents Registration Act and Related Statutes

The Committee recommends that Congress update the Foreign Agents Registration Act (FARA), and that the Department of Justice (DOJ) clarify the statute’s requirements by issuing public guidance on enforcement and more stringently enforcing the existing statute. FARA was enacted over 80years ago, in large part to target Nazi propaganda. FARA seeks to aid the U.S. Government and the American people in understanding and evaluating the activities, statements, and motives of individuals and entities functioning as agents of foreign principals in the United States. Since that time, Congress has made some modifications to the statute to increase transparency with respect to lawyers and lobbyists who also engage in political activity on behalf of foreign powers inside the United States. However, loopholes still exist, and foreign actors exploited those loopholes in 2016. The Committee’s investigation revealed a number of lawyers, public relations experts, businesses, political consultants, and campaign operatives working in the United States in coordination with or at the request of, foreign principals. Many of these individuals and businesses did not register under FARA.

  • DOJ should increase enforcement of FARA. For years, DOJ failed to pursue criminal penalties for even the most flagrant violations of the statute. While recent enforcement efforts have resulted in several successful criminal prosecutions, the Committee found numerous incidents where FARA registrations were excessively delayed, retroactive, incomplete, inaccurate, or otherwise insufficient to accomplish the objectives of the law.
  • DOJ should publish comprehensive public guidance on FARA. In part as a result of limited enforcement, the public has insufficient information about the statute’s scope and application. DOJ’s interpretation of the statute is largely untested and undefined. While DOJ has made efforts to publish more information about its interpretation of the statute, including through the publication of advisory opinions, these are overly redacted and incomplete. Comprehensive public guidance has been beneficial for other similarly- situated statutes, and those publications, such as DOJ’s Resource Guide to the US. Foreign Corrupt Practices Act, may serve as a helpful model in issuing useful and practical guidance on FARA.
  • Congress should update FARA to more clearly define the activities covered by the statute. This may include narrowing or redefining the breadth of some provisions, such as ·those that may apply to purely foreign consulting, while strengthening other provisions, such as activities targeting the U.S. Government or the American people.
  • Congress should remove the Lobbying Disclosure Act (LDA) exemption to FARA registration. Currently, FARA registrants for foreign principals who are not themselves foreign governments or political parties may register under the LDA regime rather than the more comprehensive registration regime under FARA. The Committee found that individuals not formally affiliated with a foreign government may nonetheless sufficiently represent that government’s interest, even if that government is not the principal beneficiary, to merit the application of FARA’s heightened requirements.

Congress should also examine whether other foreign agent laws and the Espionage Act need to be updated to more effectively address the reality of modern intelligence operations targeting the United States.

  • For example, 18 U.S.C. §951 makes it a crime to operate as an agent of a foreign government, to include an agent with respect to non-political activity, without first notifying the Attorney General. While DOJ has generally reserved prosecutions under this statute for behavior that resembles espionage, the statute’s overlap with FARA and its general scope may need refined and updated. 18 U.S.C. § 219 provides criminal penalties for a public official of the United States to be or act as an agent of a foreign principal required to register under FARA. Together, these and other interrelated law make up a patchwork of overlapping and ill-defined prohibitions that are overdue for a more thorough review.

Although DOJ makes FARA registration filings publicly available on its website, there is no obligation on registrants to disclose this information when they are engaged in covered political activities. As a result, the registration materials do little to further the statute’s goal of transparency for the American public. This lack of transparency is especially acute in the media space, where messaging by a single FARA registrant has the potential to reach millions of Americans.

  • Congress should amend FARA to mandate, or the Federal Communications Commission (FCC) and other relevant authorities should impose a requirement, that FARA-registered news agencies operating in the United States provide clear, prominent, and regular notifications to audiences regarding the outlet’s FARA-registered status. Transparency should be affirmatively provided to audiences on a regular basis so that the American public is able to make informed decisions about information consumption.
  • In addition, all U.S. media outlets should clearly label or otherwise identify content that appears in connection with FARA-registered work, even if it comes in the form of an opinion column. It is the ultimate responsibility of the editorial staff at U.S. media outlets to understand the origins of the information that their journalists and outside contributors are promoting, and to inform their audiences when that information is ,in some way sponsored or influenced by a foreign agent.
  • More broadly, all U.S. media outlets should clearly label opinion content as such, in particular when opinion content, in tone or in format, could be mistaken for journalistic reporting.

2. Recognize Russia’s Use of Non-Traditional Intelligence Actors for Influence

The Russian government treats oligarchs, organized crime, and associated businesses as tools of the state, rather than independent, private entities. The Kremlin uses these entities to pursue- Kremlin priorities, including money laundering, sanctions evasion, and influence operations. This is a fundamentally different model than in the United States.

  • While U.S. companies can and should conduct business as they see fit within the bounds of the law, they should proceed with maximum caution when doing business in Russia. Business exchanges can be a vehicle for compromise of electronic devices, collection of compromising information for influence efforts, theft of proprietary business information, and recruitment by intelligence services. Such efforts can be overt or covert, and can target national security information and hamper the competitiveness of U.S. companies. American business leaders need to understand that they, too, are a target and take precautions.
  • Politically-active U.S. organizations, including non-profits and advocacy groups, should likewise recognize that they can also be, and likely are, targeted by foreign intelligence services. Although the known targeting in 2016 was directed toward conservative organizations, organizations of all political and ideological stripes should be prepared for it. Hostile foreign governments may seek to influence U.S. policy in foreign affairs, energy and environmental policy, military conflict, and others matters involving international relations, through indirect channels like these. Leadership in such organizations should consider conducting due diligence, as appropriate, when dealing with counterparts from adversarial countries, and adopting sound cyber security practices to protect their networks and sensitive information.
  • [REDACTED]Just as business leaders need to recognize their counterparts may be extensions of the Russian state, the U.S. Government should similarly treat non-governmental entities close to the Kremlin as legitimate targets for intelligence collection and surveillance. The U.S. Government needs the tools and authorities in place to determine whether a non-governmental entity is operating on behalf of the Russian state and mitigate the counterintelligence threat, particularly if that entity seeks to operate in the United States or allied countries. These tools and authorities should augment the entire spectrum of U.S. Government activities, including to the ability to deny visas, the ability to conduct surveillance akin to that used against suspected intelligence officers, and the ability to target financial operations, such as the ability to deny transactions or seize assets.

3. Protect Campaigns from Foreign Influence Efforts

As part of its counterintelligence mission, FBI should offer defensive briefings to all presidential campaigns, including during the primaries, for both candidates and staff. FBI should provide detailed briefings as specific issues arise. When nominees are official, FBI should undertake a renewed effort to educate campaigns-from leadership to schedulers-about the avenues of influence adversaries use. These briefings should include specific, if hypothetical, examples and clear defensive steps campaigns can take. FBI has traditionally delivered these briefings as brief conversations; given the aggressive efforts Russia undertook in 2016 and the likelihood of similar future efforts by Russia and others, these conversations should cover cybersecurity best practices and how to recognize approaches that are outside ordinary relationship building.

Future presidential campaigns should perform thorough vetting of staff, particularly those staff who have responsibilities that entail interacting with foreign governments. Diligence, experience, and caution are all the more critical when interacting with representatives of adversaries’ governments.

Campaigns should recognize that campaign staff are attractive targets for foreign intelligence services, and that staff who have not previously been sensitized to counterintelligence threats are especially vulnerable to targeting and exploitation. Presidential campaigns should require staff who interact with foreign governments to receive counterintelligence training from the FBI. Further, that staff should report to designated campaign leadership any foreign contacts, including any offers of foreign assistance, so that the campaign can recognize patterns in foreign outreach. Campaigns should institute a centralized reporting structure to ensure that suspicious contacts with foreign governments or their proxies are documented and can be shared with law enforcement when appropriate, in a timely and accurate manner. This information would assist U.S. counterintelligence efforts to more quickly identify patterns and a clearer picture of nation-level threats. FBI and law enforcement should treat the information passed by campaigns as extremely sensitive, and protect the information from inadvertent disclosure, such as by limiting the number of personnel with access. In addition, a full understanding of the problem will encourage law enforcement agencies to pass defensive information back to campaigns.

To facilitate these activities, campaigns should designate specific individuals to be responsible for counterintelligence and for cybersecurity issues. These individuals should be clearly identified within the campaign as a point of contact for security-related questions or concerns, but will also serve as an accountable entry point for the FBI’s interaction and information sharing with the campaign.

Campaigns should notify FBI of all foreign offers of assistance, and all staff should be made aware of this expectation. In order to not encourage, or amplify, foreign influence efforts, campaigns should reject the use of foreign origin material, especially if it has potentially been obtained though the violation of U.S. law.

The Russian Government has sought to understand, and potentially exploit, vulnerabilities in the U.S. campaign finance system in furtherance of Russia’s election influence activities. Russia’s interest in this tactic· is longstanding. The Committee is not aware of specific successful efforts in this regard related to the 2016 U.S. election, however the Committee’s insight is limited, and in other countries Russia has gone to great lengths to launder money intended for election influence. The DOJ, the Intelligence Community, regulators and legislators should work together to identify and address any loopholes that could be abused, by Russia or any other foreign actor, in malign influence operations targeting U.S. elections.

4. Protect Government Employees from Foreign Influence Efforts

Congressional leadership should work with the IC and federal law enforcement to assess the counterintelligence and foreign influence risk associated with foreign government- funded travel by congressional staff, in particular the Mutual Educational and Cultural Exchange Act. Congress does not allow registered lobbyists to pay for the travel or the meals of congressional staff due to concerns about undue influence. This same logic should apply to foreign governments. Congressional leadership should explore increasing the budget for staff travel, so that it is funded and managed by Congress and not by foreign governments.

In addition to enhanced cybersecurity training for all U.S. Government personnel, all federal government employees who travel internationally, regardless of agency or department, should be required to receive counterintelligence training.

5. Bolster Resources for IC Elements to Uncover Influence Campaigns and Focus the National Intelligence Priorities Framework (NIPF) on Foreign Government Influence

[REDACTED]

These terms are vague and vast, and do not acknowledge the growing threat of disruption by foreign actors conducting malign influence activities targeting the United States.

The Committee recommends, therefore, that all future iterations of the NIPF, which is an exercise and tool used to distribute finite IC resources across a wide variety of threats, specify and prioritize foreign malign influence activities.

[REDACTED]

FBI should empower its analysts to check assumptions underpinning FBI operations, to apply the rigor of intelligence analysis to assessments and confidential human sources, and to create a culture where questioning previously held assumptions is acceptable and encouraged.

6. Improve Victim Notification and Information Sharing

While the Committee understands FBI’s reluctance to force solutions on hacked victims, FBI should develop a clear policy to address how to escalate victim notifications within a hacked entity, particularly for those involved in an election, when it appears that entity has not successfully remediated a cyber breach.

In addition, the FBI’s Cyber Division should have an escalation policy for how to engage a victim entity when the victim is not responsive to the FBI’s investigative needs. The policy should include how to communicate with the victim entity about escalation, and, in narrow situations where the security of the election is at risk, the potential use of compulsory process. Channels of communication, both within the FBI and with political organizations, should be established early in a campaign cycle.

The FBI should seek to downgrade and share classified information for defense against cyber intrusions whenever possible. If downgrading the information is not feasible, the FBI should work to find a cleared individual at the victim entity and brief that individual at the highest possible level about the incident, prior to or contemporaneous with engaging with the entity’s IT staff.

The FBI should develop clear best practices for dealing with cybersecurity vendors in incident response. Congress should consider legislation that mandates third-party cybersecurity vendors to report indicators of nation-state compromise to the U.S. Government, be it through FBI or other entities, which may include sharing malware, network traffic, forensic images, and other appropriate data to enable the U.S. Government to protect against nation-state cyber adversaries. Any sharing mandate should also include suitable protections for personally identifiable information or other sensitive or privileged material.

7. Strengthen Congressional Authority to Challenge Executive Privilege

Congress should consider amending the Senate’s subpoena enforcement statute to remove or otherwise limit the carve out in 28 U.S.C. § 1365(a) that precludes enforcement against government officials asserting a ”governmental privilege or objection.” This exception, the Committee’s investigation showed, allows for the potential abuse of executive privilege claims. Such an amendment should include a process to expedite judicial review of disputes between Congress and the executive branch over subpoena compliance, and clarify that a government official’s mere assertion of a government privilege does not strip a federal court of jurisdiction.

The report contained the additional views of a group of Republican Senators, a group of Democrats, and one Democratic Senator. These sections drew conclusions from the evidence the committee, as a whole, did not support. Not surprisingly, the Republican Senators, including the acting chair, claimed the evidence showed neither Trump nor his campaign colluded with Russia. Senators Jim Risch (R-ID), Marco Rubio (R-FL), Roy Blunt (R-MO), Tom Cotton (R-AR), John Cornyn (R-TX), and Ben Sasse (R-NE) asserted:

  • Volume 5 of the report on Russian Active Measures Campaigns and Interference is the last body of work relating to the Committee’s investigation into Russian meddling in the 2016 U.S. presidential election. This final volume brings an end to more than three years of investigative work. Bipartisan professional staff reviewed more than one million documents and interviewed more than 200 witnesses to produce over 1,000 pages of analysis. Volume 5 exhaustively reviews the counterintelligence threats and vulnerabilities to the 2016 election, but never explicitly states the critical fact: the Committee found no evidence that then-candidate Donald Trump or his campaign colluded with the Russian government in its efforts to meddle in the election (emphasis in the original).
  • Volume 5 is an important contribution to the historical record from which historians will someday draw. As is evident to those who read all five volumes of the Committee’s report, the Russian government inappropriately meddled in our 2016 general election in many ways but then-Candidate Trump was not complicit. After more than three years of investigation by this Committee, we can now say with no doubt, there was no collusion (emphasis in the original).

Also, to no great surprise, Democrats took a different view, arguing the report definitively establishes coordination between Russia and the Trump Campaign. Senators Martin Heinrich (D-NM), Dianne Feinstein (D-CA), Ron Wyden (D-OR), Kamala Harris (D-CA), and Michael Bennet (D-CO) contended:

  • Almost four years after the 2016 U.S. presidential election, the Committee has now published the bipartisan results of its investigation of the Russian government’s election interference and efforts- to aid Donald Trump’s candidacy. The Committee’s work product is voluminous, fact-oriented, and essential reading for all Americans. But the Committee has not sought to draw overarching conclusions about its investigation, opting instead to let the reader determine the significance of these events. These additional views provide necessary context for the reader regarding (1) the Trump Campaign’s cooperation with Russia; (2) investigative limitations; and (3) significant ongoing concerns.
  • It is our conclusion, based on the facts detailed in the Committee’s Report, that the Russian intelligence services’ assault on the integrity of the 2016 U.S. electoral process and Trump and his associates’ participation in and enabling of this Russian activity, represents one of the single most grave counterintelligence threats to American national security in the modem era.

Wyden appended additional views of his to the report

  • The fifth and final volume of the Committee’s report includes a wealth of extremely troubling new revelations about the counterintelligence threat posed by Donald Trump and his campaign. Much of the new information in this report, however, remains needlessly classified. That is unfortunate, not only because the counterintelligence concerns that surround Donald Trump constitute an ongoing threat to national security, but because this report includes redacted information that is directly relevant to Russia’s interference in the 2020 election.
  • As the report details, the Committee was hindered in numerous ways by the subjects of its investigation. In other respects, however, the impediments to the investigation were self- inflicted. First, while the Committee investigated interactions between Donald Trump and particular Russians and identified deeply concerning financial links, it did not seek to answer key questions about Donald Trump’s finances that relate directly to counterintelligence. In short, the Committee did not follow the money.

As noted, despite decrying the interactions between agents of the Russian Federation and Trump Campaign officials and associates that ultimately led to unprecedented interference in a presidential election, the Senate Intelligence Committee offered limited recommendations on how to address likely, future attempts to interfere. The explanation may lie in the additional views Republican and Democratic Members offered that arrived at dramatically different conclusions, suggesting the committee’s report was necessarily limited in the remedies that could be agreed upon. For example, the report calls out the interactions of those like one-time Trump Campaign chair Paul Manafort with likely Russian intelligence operatives and the information he shared with them. And yet, Senate Republicans have blocked legislation that would place an affirmative duty of campaign officials to alert the Federal Bureau of Investigations, the agency that leads on counterintelligence investigations and operations, in the event a foreign power offers assistance or seeks to influence an election.

In fact, in July, Senate Republicans stripped out just such a bill from the “National Defense Authorization Act for Fiscal Year 2021“ (S.4049) the “Foreign Influence Reporting in Elections Act” (FIRE Act) (S.2242). This bill had been added to the “Intelligence Authorization Act for Fiscal Year 2021” (S.3905) in committee markup and then most of this bill had been added to S.4049 expect the FIRE Act. The sponsor of the FIRE Act, Senate Intelligence Committee Ranking Member Mark Warner (D-VA), went to the Senate floor to protest the striking of his bill: “[t]he  committee  voted  14  to  1  to  pass an intel authorization bill that included  the  FIRE  Act,  the  act  that  I  just described, so that if a foreign government interferes or offers you assistance  or  offers  you  dirt,  you  don’t  say  thanks;  you  call  the  FBI.”

Prior to its inclusion in the FY 2021 Intelligence Authorization Act, Warner had asked unanimous consent to take up the FIRE Act multiple times but was met with Republican objections each time. And there are other election security bills Republicans have continued to block, including:

  • The “Duty To Report Act” (S.1247)
  • The “Senate Cybersecurity Protection Act” (S.890)
  • The “Securing America’s Federal Elections Act” (SAFE Act) (H.R.2722)
  • The “Secure Elections Act of 2019” (S.1540)

However, the Senate has taken up and passed two election-related bills addressing facets of the cybersecurity challenges. On July 17, the Senate passed the “Defending the Integrity of Voting Systems Act” (S. 1321) by unanimous consent that would “make it a federal crime to hack any voting systems used in a federal election” according to the Senate Judiciary Committee’s website. In June the Senate also passed the “Defending Elections against Trolls from Enemy Regimes (DETER) Act” (S. 1328) that “will make “improper interference in U.S. elections” a violation of U.S. immigration law, and violators would be barred from obtaining a visa to enter the United States. The House has yet to act on these bills.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Further Reading, Other Developments, and Coming Events (15 August)

Here are Further Reading, Other Developments, and Coming Events.

Coming Events

  • On 18 August, the National Institute of Standards and Technology (NIST) will host the “Bias in AI Workshop, a virtual event to develop a shared understanding of bias in AI, what it is, and how to measure it.”
  • The United States’ Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced that its third annual National Cybersecurity Summit “will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7:”
    • September 16: Key Cyber Insights
    • September 23: Leading the Digital Transformation
    • September 30: Diversity in Cybersecurity
    • October 7: Defending our Democracy
    • One can register for the event here.
  • The Senate Judiciary Committee’s Antitrust, Competition Policy & Consumer Rights Subcommittee will hold a hearing on 15 September titled “Stacking the Tech: Has Google Harmed Competition in Online Advertising?.” In their press release, Chair Mike Lee (R-UT) and Ranking Member Amy Klobuchar (D-MN) asserted:
    • Google is the dominant player in online advertising, a business that accounts for around 85% of its revenues and which allows it to monetize the data it collects through the products it offers for free. Recent consumer complaints and investigations by law enforcement have raised questions about whether Google has acquired or maintained its market power in online advertising in violation of the antitrust laws. News reports indicate this may also be the centerpiece of a forthcoming antitrust lawsuit from the U.S. Department of Justice. This hearing will examine these allegations and provide a forum to assess the most important antitrust investigation of the 21st century.
  • On 22 September, the Federal Trade Commission (FTC) will hold a public workshop “to examine the potential benefits and challenges to consumers and competition raised by data portability.” By 21 August, the FTC “is seeking comment on a range of issues including:
    • How are companies currently implementing data portability? What are the different contexts in which data portability has been implemented?
    • What have been the benefits and costs of data portability? What are the benefits and costs of achieving data portability through regulation?
    • To what extent has data portability increased or decreased competition?
    • Are there research studies, surveys, or other information on the impact of data portability on consumer autonomy and trust?
    • Does data portability work better in some contexts than others (e.g., banking, health, social media)? Does it work better for particular types of information over others (e.g., information the consumer provides to the business vs. all information the business has about the consumer, information about the consumer alone vs. information that implicates others such as photos of multiple people, comment threads)?
    • Who should be responsible for the security of personal data in transit between businesses? Should there be data security standards for transmitting personal data between businesses? Who should develop these standards?
    • How do companies verify the identity of the requesting consumer before transmitting their information to another company?
    • How can interoperability among services best be achieved? What are the costs of interoperability? Who should be responsible for achieving interoperability?
    • What lessons and best practices can be learned from the implementation of the data portability requirements in the GDPR and CCPA? Has the implementation of these requirements affected competition and, if so, in what ways?”
  • The Federal Communications Commission (FCC) will hold an open meeting on 30 September, but an agenda is not available at this time.

Other Developments

  • The Global Engagement Center (GEC) at the U.S. Department of State published the “GEC Special Report: Pillars of Russia’s Disinformation and Propaganda Ecosystem” The GEC drew on “on publicly available reporting to provide an overview of Russia’s disinformation and propaganda ecosystem.”  The GEC identified the five pillars of Russia’s Disinformation and Propaganda Ecosystem:
    • official government communications;
    • state-funded global messaging;
    • cultivation of proxy sources;
    • weaponization of social media; and
    • cyber-enabled disinformation.
    • The GEC stated
      • This report provides a visual representation of the ecosystem described above, as well as an example of the media multiplier effect it enables. This serves to demonstrate how the different pillars of the ecosystem play distinct roles and feed off of and bolster each other. The report also includes brief profiles of select proxy sites and organizations that occupy an intermediate role between the pillars of the ecosystem with clear links to Russia and those that are meant to be fully deniable. The emphasis on these proxy sites is meant to highlight the important role they play, which can be overlooked given the attention paid to official Russian voices on one end of the spectrum, and the social media manipulation and cyber-enabled threats on the other.
  • The United States (U.S.) Department of Veterans Affairs (VA) has restarted its process for rolling out its new electronic health record (EHR) and announced it has “revised its previous schedule to convert facilities to its new HER capabilities with updated timelines for deployments in August in Columbus, Ohio, and October in Spokane, Washington.” The VA opted to replace its Veterans Health Information Systems and Technology Architecture (VistA) with a commercial off-the-shelf system the U.S. Department of Defense has chosen, Cerner Millennium. However, this $16 billion acquisition has encountered numerous difficulties and delays, which has caught he continued attention of Congress.
    • The VA claimed “The new timeline will preserve the 10-year implementation schedule and the overall cost estimates of VA’s EHR modernization program…[and] [a]fter the conversion at these sites, VA will bring other select facilities forward in the timeline.”
    • In June 2020, the U.S. Government Accountability Office (GAO) found:
      • VA met its schedule for making the needed system configuration decisions that would enable the department to implement its new EHR system at the first VA medical facility, which was planned for July 2020. In addition, VA has formulated a schedule for making the remaining EHR system configuration decisions before implementing the system at additional facilities planned for fall 2020.
      • VA’s Electronic Health Record Modernization (EHRM) program was generally effective in establishing decision-making procedures that were consistent with applicable federal standards for internal control. However, VA did not always ensure the involvement of relevant stakeholders, including medical facility clinicians and staff, in the system configuration decisions. Specifically, VA did not always clarify terminology and include adequate detail in descriptions of local workshop sessions to medical facility clinicians and staff to ensure relevant representation at local workshop meetings. Participation of such stakeholders is critical to ensuring that the EHR system is configured to meet the needs of clinicians and support the delivery of clinical care.
  • The United States (U.S.) Government Accountability Office (GAO) studied and reported on privacy and accuracy issues related to the use of facial recognition technology requested by the chairs of the House Judiciary and Oversight and Reform Committees. This report updates a 2015 report on the same issues and renews the agency’s call first made in 2013 that Congress “strengthen[] the current consumer privacy framework to reflect the effects of changes in technology and the marketplace—particularly in relation to consumer data used for marketing purposes—while also ensuring that any limitations on data collection and sharing do not unduly inhibit the economic and other benefits to industry and consumers that data sharing can accord.”
    • In the new report, the GAO explained that “[s]takeholders we interviewed identified additional activities that companies could improve the use of facial recognition technology. These activities include
      • defining the purpose for the technology’s use and clearly notifying consumers how companies are using the technology—such as surveillance or marketing;
      • identifying risks and limitations associated with using the technology and prohibiting certain uses (e.g., those with discriminatory purposes); and
      • providing guidance or training related to these issues.
    • The GAO asserted
      • However, these voluntary privacy frameworks and suggested activities that could help address privacy concerns or improve the use of facial recognition technology are not mandatory. Furthermore, as discussed earlier, in most contexts facial recognition technology is not currently covered by federal privacy law. Accordingly, we reiterate our 2013 suggestion that Congress strengthen the current consumer privacy framework to reflect the effects of changes in technology and the marketplace.
  • The United States Department of Justice (DOJ) “announced the dismantling of three terrorist financing cyber-enabled campaigns, involving the al-Qassam Brigades, Hamas’s military wing, al-Qaeda, and Islamic State of Iraq and the Levant (ISIS)…the government’s largest-ever seizure of cryptocurrency in the terrorism context.”
    • The DOJ claimed
      • These three terror finance campaigns all relied on sophisticated cyber-tools, including the solicitation of cryptocurrency donations from around the world.  The action demonstrates how different terrorist groups have similarly adapted their terror finance activities to the cyber age.  Each group used cryptocurrency and social media to garner attention and raise funds for their terror campaigns.  Pursuant to judicially-authorized warrants, U.S. authorities seized millions of dollars, over 300 cryptocurrency accounts, four websites, and four Facebook pages all related to the criminal enterprise.
  • The United States (U.S.) National Counterintelligence and Security Center (NCSC) revealed it has “has been providing classified briefings and other assistance to federal procurement executives, chief information officers and chief information security officers from across the U.S. Government on supply chain threats and risks stemming from contracting with five Chinese companies.” The NCSC explained the “supply chain security briefings are designed to assist federal agencies implement” Section 889 of the “John S. McCain National Defense Authorization Act (NDAA) for FY 2019” (P.L. 115-232).
    • The NCSC stated:
      • One provision of the NDAA prohibits the U.S. Government from directly using goods and services from five specified Chinese companies — Huawei, ZTE Corporation, Hytera Communications, Hanghzou Hikvision and Dahua Technology Company.
      • Another, broader, provision of Section 889 prohibits federal agencies from contracting with any company that uses goods and services from these five Chinese firms. This particular prohibition takes effect on August 13, 2020, unless a federal agency authorizes a waiver for a specific company, which can only be granted by the agency head after receiving NCSC supply chain security guidance.
  • The Federal Communications Commission (FCC) denied two petitions to stay an April 2020 rulemaking that would make the 6Ghz band of spectrum available to users other than the incumbents. The FCC noted “wo parties—Edison Electric Institute (EEI) and Association of Public-Safety Communications Officials-International, Inc. (APCO)—petitioned to stay the Order:
    • EEI, a trade association representing investor-owned electric utilities, seeks only to stay the effectiveness of the rules that apply to low-power indoor devices. 
    • APCO, a non-profit association of persons who manage and operate public-safety communications systems, seeks to stay the rules for both standard-power and low-power indoor operations.
    • In the rule and order, the FCC explained
      • We authorize two different types of unlicensed operations—standard-power and indoor low-power operations. We authorize standard-power access points using an automated frequency coordination (AFC) system. These access points can be deployed anywhere as part of hotspot networks, rural broadband deployments, or network capacity upgrades where needed. We also authorize indoor low-power access points across the entire 6 GHz band. These access points will be ideal for connecting devices in homes and businesses such smartphones, tablet devices, laptops, and Internet-of-things (IoT) devices to the Internet. As has occurred with Wi-Fi in the 2.4 GHz and 5 GHz bands, we expect that 6 GHz unlicensed devices will become a part of most peoples’ everyday lives. The rules we are adopting will also play a role in the growth of the IoT; connecting appliances, machines, meters, wearables, and other consumer electronics as well as industrial sensors for manufacturing.
  • In a speech, the Australian Competition and Consumer Commission (ACCC) Chair Rod Sims laid out the status of his agency’s actions against Google, Facebook, and other large technology platforms flowing from its final report in its “Digital Platforms Inquiry” that “proposes specific recommendations aimed at addressing some of the actual and potential negative impacts of digital platforms in the media and advertising markets, and also more broadly on consumers,” including:
    • The ACCC recently launched an action against Google regarding misleading representations it made to consumers to obtain their consent to expand the scope of personal information it collected and used about its’ users online activities.
    • In another case, which we brought against Google last year, we allege that Google misled consumers into sharing location data with Google. We contend Google did not clearly inform consumers using Android mobile devices that a particular account setting allowed Google to collect location data. We assert that many consumers may have unknowingly provided more of their personal location data to Google than they intended. Google then used consumers’ location data to enhance the value of its advertising services to prospective advertisers. This case is currently in Court with a hearing scheduled in late November.
    • Currently the ACCC is considering the acquisition by Google and Facebook of Fitbit and Giphy, respectively. We are considering questions such as whether they have the ability to give themselves advantages by favouring their own products, or whether these acquisitions are raising barriers to entry for other competitors.
    • In April 2020 the Federal Government directed the ACCC to develop a mandatory code of conduct to address bargaining power imbalances between Australian news media businesses and digital platforms. We recently published the draft legislation for the code.
  • A British appeals court overturned a decision that found that a police force’s use of facial recognition technology in a pilot program that utilized live footage to be legal. The appeals court found the use of this technology by the South Wales Police Force a violation of “the right to respect for private life under Article 8 of the European  Convention  on  Human  Rights,  data  protection  legislation,  and  the  Public  Sector Equality Duty (“PSED”) under section 149 of the Equality Act 2010.”

Further Reading

  • North Korean Hacking Group Attacks Israeli Defense Industry” by Ronen Bergman and Nicole Perlroth – The New York Times. Israel is denying the claims of a cybersecurity firm that hackers from the Democratic People’s Republic of Korea (DPRK) deeply penetrated its defense industry. Through the use of sophisticated phishing, including fake LinkedIn accounts and fluent English speakers, employees at Israeli defense companies were tricked into stalling spyware on these personal computers and then the hackers allegedly eventually accessed classified Israeli networks. The attacks show growing sophistication from DPRK hackers and that those looking to penetrate networks will always seek out weak spots.
  • Pentagon Requests More Time to Review JEDI Cloud Contract Bids” by Frank Konkel – Nextgov. The United States Department of Defense (DOD) has asked for yet more time to resolve who will win the second round of the Joint Enterprise Defense Infrastructure (JEDI) cloud contract that may prove worth more than $10 billion to the winner. The Pentagon had told the court it was on schedule to make an award ion the rebid of the contract that Microsoft had won over Amazon. The latter claimed political interference from the White House violated federal contract law, among other claims, resulting in this lawsuit.
  • Google rival’s study urges letting mobile users pick search defaults” by Ashley Gold – Axios. DuckDuckGo, a search engine, claims in newly released research that permitting Android users to choose their search engine would decrease Google’s market share by 20%. This could be relevant to the United States (U.S.) Department of Justice’s (DOJ) antitrust investigation. As a point of reference, in the U.S., the United Kingdom, and Australia, Google’s share of the mobile search engine market is 95%, 98% and 98%. DOJ may seriously look at this remedy as the European Commission (EC) imposed this as part of its antitrust case against Google, resulting in a record €4.34 billion fine.
  • Facial Recognition Start-Up Mounts a First Amendment Defense” By Kashmir Hill – The New York Times. Clearview AI has retained legendary First Amendment lawyer Floyd Abrams to make the argument that its collection, use, and dissemination of publicly photos scraped from the internet is protected as free speech. Abrams is quoting as saying that while privacy is, of course, an important right, the First Amendment to the United States Constitution would trump any such rights. It is expected that this argument will be employed in the myriad suits against the facial recognition technology firm in the range of suits against the company.
  • An advanced group specializing in corporate espionage is on a hacking spree” By Jeff Stone – cyberscoop. A new hacking group, RedCurl, has gone on a worldwide hacking campaign that broke into businesses in the United Kingdom, Canada, and other places. The hackers phished a number of businesses successfully by impersonating someone from the human resources in he organization.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Further Reading, Other Developments, and Coming Events (13 August)

Here are Further Reading, Other Developments, and Coming Events:

Coming Events

  • On 18 August, the National Institute of Standards and Technology (NIST) will host the “Bias in AI Workshop, a virtual event to develop a shared understanding of bias in AI, what it is, and how to measure it.”
  • The United States’ Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced that its third annual National Cybersecurity Summit “will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7:”
    • September 16: Key Cyber Insights
    • September 23: Leading the Digital Transformation
    • September 30: Diversity in Cybersecurity
    • October 7: Defending our Democracy
    • One can register for the event here.
  • The Senate Judiciary Committee’s Antitrust, Competition Policy & Consumer Rights Subcommittee will hold a hearing on 15 September titled “Stacking the Tech: Has Google Harmed Competition in Online Advertising?.” In their press release, Chair Mike Lee (R-UT) and Ranking Member Amy Klobuchar (D-MN) asserted:
    • Google is the dominant player in online advertising, a business that accounts for around 85% of its revenues and which allows it to monetize the data it collects through the products it offers for free. Recent consumer complaints and investigations by law enforcement have raised questions about whether Google has acquired or maintained its market power in online advertising in violation of the antitrust laws. News reports indicate this may also be the centerpiece of a forthcoming antitrust lawsuit from the U.S. Department of Justice. This hearing will examine these allegations and provide a forum to assess the most important antitrust investigation of the 21st century.

Other Developments

  • Senate Intelligence Committee Acting Chair Marco Rubio (R-FL) and Vice Chairman Mark Warner (D-VA) released a statement indicating the committee had voted to adopt the fifth and final volume of its investigation of the Russian Federation’s interference in the 2016 election. The committee had submitted the report to the Intelligence Community for vetting and have received the report with edits and redactions. The report could be released sometime over the next few weeks.  Rubio and Warner stated “the Senate Intelligence Committee voted to adopt the classified version of the final volume of the Committee’s bipartisan Russia investigation. In the coming days, the Committee will work to incorporate any additional views, as well as work with the Intelligence Community to formalize a properly redacted, declassified, publicly releasable version of the Volume 5 report.” The Senate Intelligence Committee’s has released four previous reports:
  • The National Institute of Standards and Technology (NIST) is accepting comments until 11 September on draft Special Publication 800-53B, “Control Baselines for Information Systems and Organizations,” a guidance document that will serve a key role in the United States government’s efforts to secure and protect the networks and systems it operates and those run by federal contractors. NIST explained:
    • This publication establishes security and privacy control baselines for federal information systems and organizations and provides tailoring guidance for those baselines. The use of the security control baselines is mandatory, in accordance with OMB Circular A-130 [OMB A-130] and the provisions of the Federal Information Security Modernization Act4 [FISMA], which requires the implementation of a set of minimum controls to protect federal information and  information systems. Whereas use of the privacy control baseline is not mandated by law or [OMB A-130], SP 800-53B, along with other supporting NIST publications, is designed to help organizations identify the security and privacy controls needed to manage risk and satisfy the security and privacy requirements in FISMA, the Privacy Act of 1974 [PRIVACT], selected OMB policies (e.g., [OMB A-130]), and designated Federal Information Processing Standards (FIPS), among others
  • The United States Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released an “Election Vulnerability Reporting Guide
    to provide “election administrators with a step-by-step guide, list of resources, and a template for establishing a successful vulnerability disclosure program to address possible vulnerabilities in their state and local election systems…[and] [t]he six steps include:
    • Step 1: Identify Systems Where You Would Accept Security Testing, and those Off-Limits
    • Step 2: Draft an Easy-to-Read Vulnerability Disclosure Policy (See Appendix III)
    • Step 3: Establish a Way to Receive Reports/Conduct Follow-On Communication
    • Step 4: Assign Someone to Thank and Communicate with Researchers
    • Step 5: Assign Someone to Vet and Fix the Vulnerabilities
    • Step 6: Consider Sharing Information with Other Affected Parties
  • The United Kingdom’s Information Commissioner’s Office (ICO) has issued “Guidance on AI and data protection” that “clarifies how you can assess the risks to rights and freedoms that AI can pose from a data protection perspective; and the appropriate measures you can implement to mitigate them.” The ICO explained “[w]hile data protection and ‘AI ethics’ overlap, this guidance does not provide generic ethical or design principles for your use of AI.” The ICO stated “[i]t corresponds to data protection principles, and is structured as follows:
    • part one addresses accountability and governance in AI, including data protection impact assessments (DPIAs);
    • part two covers fair, lawful and transparent processing, including lawful bases, assessing and improving AI system performance, and mitigating potential discrimination;
    • part three addresses data minimisation and security; and
    • part four covers compliance with individual rights, including rights related to automated decision-making.
  •  20 state attorneys general wrote Facebook Chief Executive Officer Mark Zuckerberg and Chief Operating Officer Sheryl Sandberg “to request  that  you  take  additional  steps  to prevent   Facebook   from   being used   to   spread   disinformation   and   hate   and   to   facilitate discrimination.” They also asked “that you take more steps to provide redress for users who fall victim to intimidation and harassment, including violence and digital abuse.” The attorneys general said that “[b]ased on our collective experience, we believe that Facebook should take additional actions including the following steps—many of which are highlighted in Facebook’s recent Civil Rights Audit—to strengthen its commitment to civil rights and fighting disinformation and discrimination:
    • Aggressively enforce Facebook policies against hate speech and organized hate organizations: Although Facebook has developed policies against hate speech and organizations that peddle it, we remain concerned that Facebook’s policies on Dangerous Individuals and Organizations, including but not limited to its policies on white nationalist and white supremacist content, are not enforced quickly and comprehensively enough. Content that violates Facebook’s own policies too often escapes removal just because it comes as coded language, rather than specific magic words. And even where Facebook takes steps to address a particular violation, it often fails to proactively address the follow-on actions by replacement or splinter groups that quickly emerge.
    • Allow public, third-party audits of hate content and enforcement: To gauge the ongoing progress of Facebook’s enforcement efforts, independent experts should be permitted access to the data necessary to conduct regular, transparent third-party audits of hate and hate-related misinformation on the platform, including any information made available to the Global Oversight Board. As part of this effort, Facebook should capture data on the prevalence of different forms of hate content on the platform, whether or not covered by Facebook’s own community standards, thus allowing the public to determine whether enforcement of anti-hate policies differs based on the type of hate content at issue.
    • Commit to an ongoing, independent analysis of Facebook’s content population scheme and the prompt development of best practices guidance: By funneling users toward particular types of content, Facebook’s content population scheme, including its algorithms, can push users into extremist online communities that feature divisive and inflammatory messages, often directed at particular groups. Although Facebook has conducted research and considered programs to reduce this risk, there is still no mandatory guidance for coders and other teams involved in content population. Facebook should commit to an ongoing, independent analysis of its content population scheme, including its algorithms, and also continuously implement mandatory protocols as best practices are identified to curb bias and prevent recommendations of hate content and groups.
    • Expand policies limiting inflammatory advertisements that vilify minority groups: Although Facebook currently prohibits ads that claim that certain people, because of their membership in a protected group, pose a threat to the physical safety of communities or the nation, its policies still allow attacks that characterize such groups as threats to national culture or values. The current prohibition should be expanded to include such ads.
  • New Zealand’s Ministry of Statistics “launched the Algorithm Charter for Aotearoa New Zealand” that “signals that [the nation’s agencies] are committed to being consistent, transparent and accountable in their use of algorithms.”
    • The Ministry explained “[t]he Algorithm Charter is part of a wider ecosystem and works together with existing tools, networks and research, including:
      • Principles for the Safe and Effective Use of Data and Analytics (Privacy Commissioner and Government Chief Data Steward, 2018)
      • Government Use of Artificial Intelligence in New Zealand (New Zealand Law Foundation and Otago University, 2019)
      • Trustworthy AI in Aotearoa – AI Principles (AI Forum New Zealand, 2020)
      • Open Government Partnership, an international agreement to increase transparency.
      • Data Protection and Use Policy (Social Wellbeing Agency, 2020)
      • Privacy, Human Rights and Ethics Framework (Ministry of Social Development).
  • The European Union (EU) imposed its first cyber sanctions under its Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities (aka the cyber diplomacy toolbox) against six hackers and three entities from the Russian Federation, the People’s Republic of China (PRC) and the Democratic People’s Republic of Korea for attacks against the against the Organisation for the Prohibition of Chemical Weapons (OPCW) in the Netherlands, the malware attacks known as Petya and WannaCry, and Operation Cloud Hopper. The EU’s cyber sanctions follow sanctions the United States has placed on a number of people and entities from the same nations and also indictments the U.S. Department of Justice has announced over the years. The sanctions are part of the effort to levy costs on nations and actors that conduct cyber attacks. The EU explained:
    • The attempted cyber-attack was aimed at hacking into the Wi-Fi network of the OPCW, which, if successful, would have compromised the security of the network and the OPCW’s ongoing investigatory work. The Netherlands Defence Intelligence and Security Service (DISS) (Militaire Inlichtingen- en Veiligheidsdienst – MIVD) disrupted the attempted cyber-attack, thereby preventing serious damage to the OPCW.
    • “WannaCry” disrupted information systems around the world by targeting information systems with ransomware and blocking access to data. It affected information systems of companies in the Union, including information systems relating to services necessary for the maintenance of essential services and economic activities within Member States.
    • “NotPetya” or “EternalPetya” rendered data inaccessible in a number of companies in the Union, wider Europe and worldwide, by targeting computers with ransomware and blocking access to data, resulting amongst others in significant economic loss. The cyber-attack on a Ukrainian power grid resulted in parts of it being switched off during winter.
    • “Operation Cloud Hopper” has targeted information systems of multinational companies in six continents, including companies located in the Union, and gained unauthorised access to commercially sensitive data, resulting in significant economic loss.
  • The United States’ Federal Communications Commission (FCC) is asking for comments on the Department of Commerce’s the National Telecommunications and Information Administration’s (NTIA) petition asking the agency to start a rulemaking to clarify alleged ambiguities in 47 USC 230 regarding the limits of the liability shield for the content others post online versus the liability protection for “good faith” moderation by the platform itself. The NTIA was acting per direction in an executive order allegedly aiming to correct online censorship. Executive Order 13925, “Preventing Online Censorship” was issued in late May after Twitter factchecked two of President Donald Trump’s Tweets regarding false claims made about mail voting in California in response to the COVID-19 pandemic. Comments are due by 2 September.
  • The Australian Competition & Consumer Commission (ACCC) released for public consultation a draft of “a mandatory code of conduct to address bargaining power imbalances between Australian news media businesses and digital platforms, specifically Google and Facebook.” The government in Canberra had asked the ACCC to draft this code earlier this year after talks broke down between the Australian Treasury
    • The ACCC explained
      • The code would commence following the introduction and passage of relevant legislation in the Australian Parliament. The ACCC released an exposure draft of this legislation on 31 July 2020, with consultation on the draft due to conclude on 28 August 2020. Final legislation is expected to be introduced to Parliament shortly after conclusion of this consultation process.
    • This is not the ACCC’s first interaction with the companies. Late last year, the ACCC announced a legal action against Google “alleging they engaged in misleading conduct and made false or misleading representations to consumers about the personal location data Google collects, keeps and uses” according to the agency’s press release. In its initial filing, the ACCC is claiming that Google mislead and deceived the public in contravention of the Australian Competition Law and Android users were harmed because those that switched off Location Services were unaware that their location information was still be collected and used by Google for it was not readily apparent that Web & App Activity also needed to be switched off.
    • A year ago, the ACCC released its final report in its “Digital Platforms Inquiry” that “proposes specific recommendations aimed at addressing some of the actual and potential negative impacts of digital platforms in the media and advertising markets, and also more broadly on consumers.”
  • The United States’ Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued “released core guidance documentation for the Trusted Internet Connections (TIC) program, developed to assist agencies in protecting modern information technology architectures and services.” CISA explained “In accordance with the Office of Management and Budget (OMB) Memorandum (M) 19-26: Update to the TIC Initiative, TIC 3.0 expands on the original initiative to drive security standards and leverage advances in technology to secure a wide spectrum of agency network architectures.” Specifically, CISA released three core guidance documents:
    • Program Guidebook (Volume 1) – Outlines the modernized TIC program and includes its historical context
    • Reference Architecture (Volume 2) – Defines the concepts of the program to guide and constrain the diverse implementations of the security capabilities
  • Senators Ron Wyden (D-OR), Bill Cassidy (R-LA) and ten other Members wrote the Federal Trade Commission (FTC) urging the agency “to investigate widespread privacy violations by companies in the advertising technology (adtech) industry that are selling private data about millions of Americans, collected without their knowledge or consent from their phones, computers, and smart TVs.” They asked the FTC “to use its authority to conduct broad industry probes under Section 6(b) of the FTC Act to determine whether adtech companies and their data broker partners have violated federal laws prohibiting unfair and deceptive business practices.” They argued “[t]he FTC should not proceed with its review of the Children’s Online Privacy Protection Act (COPPA) Rule before it has completed this investigation.”
  •  “100 U.S. women lawmakers and current and former legislators from around the world,” including Speaker of the House Nancy Pelosi (D-CA), sent a letter to Facebook CEO Mark Zuckerberg and COO Sheryl Sandberg urging the company “to take decisive action to protect women from rampant and increasing online attacks on their platform that have caused many women to avoid or abandon careers in politics and public service.” They noted “[j]ust a few days ago, a manipulated and widely shared video that depicted Speaker Pelosi slurring her speech was once again circulating on major social media platforms, gaining countless views before TikTok, Twitter, and YouTube all removed the footage…[and] [t]he video remains on Facebook and is labeled “partly false,” continuing to gain millions of views.” The current and former legislators “called on Facebook to enforce existing rules, including:
    • Quick removal of posts that threaten candidates with physical violence, sexual violence or death, and that glorify, incite or praise violence against women; disable the relevant accounts, and refer offenders to law enforcement.
    • Eliminate malicious hate speech targeting women, including violent, objectifying or dehumanizing speech, statements of inferiority, and derogatory sexual terms;
    • Remove accounts that repeatedly violate terms of service by threatening, harassing or doxing or that use false identities to attack women leaders and candidates; and
    • Remove manipulated images or videos misrepresenting women public figures.
  • The United States’ Departments of Commerce and Homeland Security released an update “highlighting more than 50 activities led by industry and government that demonstrate progress in the drive to counter botnet threats.” in May 2018, the agencies submitted “A Report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats” that identified a number of steps and prompted a follow on “A Road Map Toward Resilience Against Botnets” released in November 2018.
  • United States (U.S.) Secretary of Commerce Wilbur Ross and European Commissioner for Justice Didier Reynders released a joint statement explaining that “[t]he U.S. Department of Commerce and the European Commission have initiated discussions to evaluate the potential for an enhanced EU-U.S. Privacy Shield framework to comply with the July 16 judgment of the Court of Justice of the European Union in the Schrems II case.”
    • Maximillian Schrems filed a complaint against Facebook with Ireland’s Data Protection Commission (DPC) in 2013, alleging that the company’s transfer of his personal data violated his rights under European Union law because of the mass U.S. surveillance revealed by former National Security Agency (NSA) contractor Edward Snowden. Ultimately, this case resulted in a 2015 Court of Justice of the European Union (CJEU) ruling that invalidated the Safe Harbor agreement under which the personal data of EU residents was transferred to the US by commercial concerns. The EU and US executed a follow on agreement, the EU-U.S. Privacy Shield, that was designed to address some of the problems the CJEU turned up, and the U.S. passed a law, the “Judicial Redress Act of 2015” (P.L. 114-126), to provide EU citizens a way to exercise their EU rights in US courts via the “Privacy Act of 1974.”
    • However, Schrems continued and soon sought to challenge the legality of the European Commission’s signing off on the Privacy Shield agreement, the adequacy decision issued in 2016, and also the use of standard contractual clauses (SCC) by companies for the transfer of personal data to the US. The CJEU struck down the adequacy decision, throwing into doubt many entities’ transfers out of the EU into the U.S. but upheld SCCs in a way that suggested EU data protection authorities (DPA) may need to review all such agreements to ensure they comply with EU law.
  • The European Commission (EC) announced an “an in-depth investigation to assess the proposed acquisition of Fitbit by Google under the EU Merger Regulation.” The EC voiced its concern “that the proposed transaction would further entrench Google’s market position in the online advertising markets by increasing the already vast amount of data that Google could use for personalisation of the ads it serves and displays.” The EC detailed its “preliminary competition concerns:
    • Following its first phase investigation, the Commission has concerns about the impact of the transaction on the supply of online search and display advertising services (the sale of advertising space on, respectively, the result page of an internet search engine or other internet pages), as well as on the supply of ”ad tech” services (analytics and digital tools used to facilitate the programmatic sale and purchase of digital advertising). By acquiring Fitbit, Google would acquire (i) the database maintained by Fitbit about its users’ health and fitness; and (ii) the technology to develop a database similar to Fitbit’s one.
    • The data collected via wrist-worn wearable devices appears, at this stage of the Commission’s review of the transaction, to be an important advantage in the online advertising markets. By increasing the data advantage of Google in the personalisation of the ads it serves via its search engine and displays on other internet pages, it would be more difficult for rivals to match Google’s online advertising services. Thus, the transaction would raise barriers to entry and expansion for Google’s competitors for these services, to the ultimate detriment of advertisers and publishers that would face higher prices and have less choice.
    • At this stage of the investigation, the Commission considers that Google:
      • is dominant in the supply of online search advertising services in the EEA countries (with the exception of Portugal for which market shares are not available);
      • holds a strong market position in the supply of online display advertising services at least in Austria, Belgium, Bulgaria, Croatia, Denmark, France, Germany, Greece, Hungary, Ireland, Italy, Netherlands, Norway, Poland, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom, in particular in relation to off-social networks display ads;
      • holds a strong market position in the supply of ad tech services in the EEA.
    • The Commission will now carry out an in-depth investigation into the effects of the transaction to determine whether its initial competition concerns regarding the online advertising markets are confirmed.
    • In addition, the Commission will also further examine:
      • the effects of the combination of Fitbit’s and Google’s databases and capabilities in the digital healthcare sector, which is still at a nascent stage in Europe; and
      • whether Google would have the ability and incentive to degrade the interoperability of rivals’ wearables with Google’s Android operating system for smartphones once it owns Fitbit.
    • In February after the deal had been announced, the European Data Protection Board (EDPB) made clear it position that Google and Fitbit will need to scrupulously observe the General Data Protection Regulation’s privacy and data security requirements if the body is sign off on the proposed $2.2 billion acquisition. Moreover, at present Google has not informed European Union (EU) regulators of the proposed deal. The deal comes at a time when both EU and U.S. regulators are already investigating Google for alleged antitrust and anticompetitive practices, and the EDPB’s opinion could carry weight in this process.
  • The United States’ (U.S.) Department of Homeland Security released a Privacy Impact Assessment for the U.S. Border Patrol (USPB) Digital Forensics Programs that details how it may conduct searches of electronic devices at the U.S. border and ports of entry. DHS explained
    • As part of USBP’s law enforcement duties, USBP may search and extract information from electronic devices, including: laptop computers; thumb drives; compact disks; digital versatile disks (DVDs); mobile phones; subscriber identity module (SIM) cards; digital cameras; vehicles; and other devices capable of storing electronic information.
    • Last year, a U.S. District Court held that U.S. Customs and Border Protection (CPB) and U.S. Immigration and Customs Enforcement’s (ICE) current practices for searches of smartphones and computers at the U.S. border are unconstitutional and the agency must have reasonable suspicion before conducting such a search. However, the Court declined the plaintiffs’ request that the information taken off of their devices be expunged by the agencies. This ruling follows a Department of Homeland Security Office of the Inspector General (OIG) report that found CPB “did not always conduct searches of electronic devices at U.S. ports of entry according to its Standard Operating Procedures” and asserted that “[t]hese deficiencies in supervision, guidance, and equipment management, combined with a lack of performance measures, limit [CPB’s] ability to detect and deter illegal activities related to terrorism; national security; human, drug, and bulk cash smuggling; and child pornography.”
    • In terms of a legal backdrop, the United States Supreme Court has found that searches and seizures of electronic devices at borders and airports are subject to lesser legal standards than those conducted elsewhere in the U.S. under most circumstances. Generally, the government’s interest in securing the border against the flow of contraband and people not allowed to enter allow considerable leeway to the warrant requirements for many other types of searches. However, in recent years two federal appeals courts (the Fourth and Ninth Circuits) have held that searches of electronic devices require suspicion on the part of government agents while another appeals court (the Eleventh Circuit) held differently. Consequently, there is not a uniform legal standard for these searches.
  • The Inter-American Development Bank (IDB) and the Organization of Americans States (OAS) released their second assessment of cybersecurity across Latin America and the Caribbean that used the Cybersecurity Capacity Maturity Model for Nations (CMM) developed at University of Oxford’s Global Cyber Security Capacity Centre (GSCC). The IDB and OAS explained:
    • When the first edition of the report “Cybersecurity: Are We Ready in Latin America and the Caribbean?” was released in March 2016, the IDB and the OAS aimed to provide the countries of Latin America and the Caribbean (LAC) not only with a picture of the state of cybersecurity but also guidance about the next steps that should be pursued to strengthen national cybersecurity capacities. This was the first study of its kind, presenting the state of cybersecurity with a comprehensive vision and covering all LAC countries.
    • The great challenges of cybersecurity, like those of the internet itself, are of a global nature. Therefore, it is undeniable that the countries of LAC must continue to foster greater cooperation among themselves, while involving all relevant actors, as well as establishing a mechanism for monitoring, analysis, and impact assessment related to cybersecurity both nationally and regionally. More data in relation to cybersecurity would allow for the introduction of a culture of cyberrisk management that needs to be extended both in the public and private sectors. Countries must be prepared to adapt quickly to the dynamic environment around us and make decisions based on a constantly changing threat landscape. Our member states may manage these risks by understanding the impact on and the likelihood of cyberthreats to their citizens, organizations, and national critical infrastructure. Moving to the next level of maturity will require a comprehensive and sustainable cybersecurity policy, supported by the country’s political agenda, with allocation of  financial resources and qualified human capital to carry it out.
    • The COVID-19 pandemic will pass, but events that will require intensive use of digital technologies so that the world can carry on will continue happening. The challenge of protecting our digital space will, therefore, continue to grow. It is the hope of the IDB and the OAS that this edition of the report will help LAC countries to have a better understanding of their current state of cybersecurity capacity and be useful in the design of the policy initiatives that will lead them to increase their level of cyberresilience.
  • The European Data Protection Supervisor (EDPS) issued an opinion on “the European Commission’s action plan for a comprehensive Union policy on preventing money laundering and terrorism financing (C(2020)2800 final), published on 7 May 2020.” The EDPS asserted:
    • While  the  EDPS acknowledges the  importance  of  the  fight  against money  laundering  and terrorism financing as an objective of general interest, we call for the legislation to strike a balance between the interference with the fundamental rights of privacy and personal data protection and  the measures that  are  necessary  to  effectively  achieve  the  general  interest goals on anti-money  laundering  and  countering the  financing  of terrorism (AML/CFT) (the principle of proportionality).
    • The EDPS recommends that the Commission monitors the effective implementation of the existing  AML/CFT  framework while ensuring that the  GDPR  and  the  data  protection framework are respected and complied with. This is particularly relevant for the works on the interconnection of central bank account mechanisms and beneficial ownership registers that should be largely inspired by the principles of data minimisation, accuracy and privacy-by-design and by default.  

Further Reading

  • China already has your data. Trump’s TikTok and WeChat bans can’t stop that.” By Aynne Kokas – The Washington Post. This article persuasively makes the case that even if a ban on TikTok and WeChat were to work, and there are substantive questions as to how a ban would given how widely the former has been downloaded, the People’s Republic of China (PRC) is almost certainly acquiring massive reams of data on Americans through a variety of apps, platforms, and games. For example, Tencent, owner of WeChat, has a 40% stake in Epic Games that has Fortnite, a massively popular multiplayer game (if you have never heard of it, ask one of the children in your family). Moreover, a recent change to PRC law mandates that companies operating in the PRC must share their data bases for cybersecurity reviews, which may be an opportunity aside from hacking and exfiltrating United States entities, to access data. In summation, if the Trump Administration is serious about stopping the flow of data from the U.S. to the PRC, these executive orders will do very little.
  • Big Tech Makes Inroads With the Biden Campaign” by David McCabe and Kenneth P. Vogel – The New York Times. Most likely long before former Vice President Joe Biden clinched the Democratic nomination, advisers volunteered to help plot out his policy positions, a process that intensified this year. Of course, this includes technology policy, and many of those volunteering for the campaign’s Innovation Policy Committee have worked or are working for large technology companies directly or as consultants or lobbyists. This piece details some of these people and their relationships and how the Biden campaign is managing possible conflicts of interest. Naturally, those on the left wing of the Democratic Party calling for tighter antitrust, competition, and privacy regulation are concerned that Biden might be pulled away from these positions despite his public statements arguing that the United States government needs to get tougher with some practices.
  • A Bible Burning, a Russian News Agency and a Story Too Good to Check Out” By Matthew Rosenberg and Julian E. Barnes – The New York Times. The Russian Federation seems to be using a new tactic with some success for sowing discord in the United States that is the information equivalent of throwing fuel onto a fire. In this case, a fake story manufactured by a Russian outlet was seized on by some prominent Republicans, in part, because it fits their preferred world view of protestors. In this instance, a Russian outlet created a fake story amplifying an actual event that went viral. We will likely see more of this, and it is not confined to fake stories intended to appeal to the right. The same is happening with content meant for the left wing in the United States.
  • Facebook cracks down on political content disguised as local news” by Sara Fischer – Axios. As part of its continuing effort to crack down on violations of its policies, Facebook will no longer allow groups with a political viewpoint to masquerade as news. The company and outside experts have identified a range of instances where groups propagating a viewpoint, as opposed to reporting, have used a Facebook exemption by pretending to be local news outlets.
  • QAnon groups have millions of members on Facebook, documents show” By Ari Sen and Brandy Zadrozny – NBC News. It appears as if some Facebooks are leaking the results of an internal investigation that identified more than 1 million users who are part of QAnon groups. Most likely these employees want the company to take a stronger stance on the conspiracy group QAnon like the company has with COVID-19 lies and misinformation.
  • And, since Senator Kamala Harris (D-CA) was named former Vice President Joe Biden’s (D-DE) vice presidential pick, this article has become even more relevant than when I highlighted it in late July: “New Emails Reveal Warm Relationship Between Kamala Harris And Big Tech” – HuffPost. Obtained via an Freedom of Information request, new email from Senator Kamala Harris’ (D-CA) tenure as her state’s attorney general suggest she was willing to overlook the role Facebook, Google, and others played and still play in one of her signature issues: revenge porn. This article makes the case Harris came down hard on a scammer running a revenge porn site but did not press the tech giants with any vigor to take down such material from their platforms. Consequently, the case is made if Harris is former Vice President Joe Biden’s vice presidential candidate, this would signal a go easy approach on large companies even though many Democrats have been calling to break up these companies and vigorously enforce antitrust laws. Harris has largely not engaged on tech issues during her tenure in the Senate. To be fair, many of these companies are headquartered in California and pump billions of dollars into the state’s economy annually, putting Harris in a tricky position politically. Of course, such pieces should be taken with a grain of salt since it may have been suggested or planted by one of Harris’ rivals for the vice president nomination or someone looking to settle a score.
  • Unwanted Truths: Inside Trump’s Battles With U.S. Intelligence Agencies” by Robert Draper – The New York Times. A deeply sourced article on the outright antipathy between President Donald Trump and Intelligence Community officials, particularly over the issue of how deeply Russia interfered in the election in 2016. A number of former officials have been fired or forced out because they refused to knuckle under to the White House’s desire to soften or massage conclusions of Russia’s past and current actions to undermine the 2020 election in order to favor Trump.
  • Huawei says it’s running out of chips for its smartphones because of US sanctions” By Kim Lyons – The Verge and “Huawei: Smartphone chips running out under US sanctions” by Joe McDonald – The Associated Press. United States (U.S.) sanctions have started biting the Chinese technology company Huawei, which announced it will likely run out of processor chips for its smartphones. U.S. sanctions bar any company from selling high technology items like processors to Huawei, and this capability is not independently available in the People’s Republic of China (PRC) at present.
  • Targeting WeChat, Trump Takes Aim at China’s Bridge to the World” By Paul Mozur and Raymond Zhong – The New York Times. This piece explains WeChat, the app, the Trump Administration is trying to ban in the United States (U.S.) without any warning. It is like a combination of Facebook, WhatsApp, news app, and payment platform and is used by more than 1.2 billion people.
  • This Tool Could Protect Your Photos From Facial Recognition” By Kashmir Hill – The New York Times. Researchers at the University of Chicago have found a method of subtly altering photos of people that appears to foil most facial recognition technologies. However, a number of experts interviewed said it is too late to stop companies like AI Clearview.
  • I Tried to Live Without the Tech Giants. It Was Impossible.” By Kashmir Hill – The New York Times. This New York Times reporter tried living without the products of large technology companies, which involved some fairly obvious challenges and some that were not so obvious. Of course, it was hard for her to skip Facebook, Instagram, and the like, but cutting out Google and Amazon proved hardest and basically impossible because of the latter’s cloud presence and the former’s web presence. The fact that some of the companies cannot be avoided if one wants to be online likely lends weight to those making the case these companies are anti-competitive.
  • To Head Off Regulators, Google Makes Certain Words Taboo” by Adrianne Jeffries – The Markup. Apparently, in what is a standard practice at large companies, employees at Google were coached to avoid using certain terms or phrases that antitrust regulators would take notice of such as: “market,” “barriers to entry,” and “network effects.” The Markup obtained a 16 August 2019 document titled “Five Rules of Thumb For Written Communications” that starts by asserting “[w]ords matter…[e]specially in antitrust laws” and goes on to advise Google’s employees:
    • We’re out to help users, not hurt competitors.
    • Our users should always be free to switch, and we don’t lock anyone in.
    • We’ve got lots of competitors, so don’t assume we control or dominate any market.
    • Don’t try and define a market or estimate our market share.
    • Assume every document you generate, including email, will be seen by regulators.
  • Facebook Fired An Employee Who Collected Evidence Of Right-Wing Pages Getting Preferential Treatment” By Craig Silverman and Ryan Mac – BuzzFeed News. A Facebook engineer was fired after adducing proof in an internal communications system that the social media platform is more willing to change false and negative ratings to claims made by conservative outlets and personalities than any other viewpoint. If this is true, it would be opposite to the narrative spun by the Trump Administration and many Republicans in Congress. Moreover, Facebook’s incentives would seem to align with giving conservatives more preferential treatment because many of these websites advertise on Facebook, the company probably does not want to get crosswise with the Administration, sensational posts and content drive engagement which increases user numbers that allows for higher ad rates, and it wants to appear fair and impartial.
  • How Pro-Trump Forces Work the Refs in Silicon Valley” By Ben Smith – The New York Times. This piece traces the nearly four decade old effort of Republicans to sway mainstream media and now Silicon Valley to its viewpoint.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo credit: Gerd Altmann on Pixabay

State Department Touts Its Clean Network Program

A U.S. government agency publicizes a plan light on specifics but heavy on rhetoric to eliminate PRC equipment, services, and apps from U.S. systems.   

The United States (U.S.) Department of State unveiled “[t]he Clean Network program…the Trump Administration’s comprehensive approach to safeguarding the nation’s assets including citizens’ privacy and companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party.” This new program is an expansion or even a repurposing of a Congressional mandate to remove suspect and unsafe equipment and systems from federal agency networks. Nonetheless, there was scant detail provided on how the Department of State will accomplish its goals to remove technology from the People’s Republic of China (PRC) from U.S. networks and systems. The Department of State’s announcement comes at about the same time the Trump Administration announced executive orders designed to ban TikTok and WeChat, two PRC apps, suggesting the announcement was timed to coincide with the White House’s news.

Clean Networks is an expansion of the Clean Path , a program to address the risks created by having PRC 5G equipment and services on the agency’s networks. In April 2020, Secretary of State Mike Pompeo “announced that the U.S. Department of State will begin requiring a Clean Path for all 5G network traffic entering and exiting U.S. diplomatic facilities.” The Department of State noted:

  • The 5G Clean Path is an end-to-end communication path that does not use any transmission, control, computing, or storage equipment from untrusted IT vendors, such as Huawei and ZTE, which are required to comply with directives of the Chinese Communist Party.
  • The 5G Clean Path embodies the highest standards of security against untrusted, high-risk vendors’ ability to disrupt, manipulate or deny services to private citizens, financial institutions, or critical infrastructure.

In launching the Clean Path for 5G, the Department of State was responding to language in a recent National Defense Authorization Act aimed at removing equipment and systems from the PRC and other nations of concern. However, this language did not require the agency to take these additional steps and is likely acting under a more general grant of authority from Congress to regulate its acquisition and use of technology. However, this program sweeps wider than the Department of State and would normally be coordinated in the White House by an entity like the Office of Management and Budget (OMB). In fact, the Department of State is claiming to be spearheading this effort for the Trump Administration. The Department of State asserted

The Clean Network program is the Trump Administration’s comprehensive approach to safeguarding the nation’s assets including citizens’ privacy and companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party (CCP).

In a fact sheet, the Department of State explained the “Clean Network Lines of Effort:”

The Clean Network initiative is a comprehensive effort to address the long-term threat to data privacy, security, and human rights posed to the free world from authoritarian malign actors, such as the CCP. The Clean Network is rooted in internationally accepted digital trust standards and is a reflection of our commitment to an open, interoperable, and secure global internet based on shared democratic values and respect for human rights. This effort represents the execution of a multi-year, all-of-government enduring strategy, built on a coalition of trusted partners.

  • 5G Clean Path: To protect the voice and data traversing 5G standalone networks entering and exiting U.S. diplomatic facilities at home and abroad. Announced by Secretary Pompeo on April 29, 2020, the 5G Clean Path is an end-to-end communication path that does not use any transmission, control, computing, or storage equipment from untrusted IT vendors, such as Huawei and ZTE, which are required by Chinese law to comply with directives of the CCP. The 5G Clean Path embodies the highest standards of security against untrusted, high-risk vendors’ ability to disrupt, manipulate or deny services to private citizens, financial institutions, or critical infrastructure. All mobile data traffic entering American diplomatic systems will be subject to new, stringent requirements.
  • Clean Carrier: To ensure untrusted People’s Republic of China (PRC) carriers are not connected with U.S. telecommunications networks. Such companies pose a danger to U.S. national security and should not provide international telecommunications services to and from the United States.
  • Clean Store: To remove untrusted applications from U.S. mobile app stores. PRC apps threaten our privacy, proliferate viruses, censor content, and spread propaganda and disinformation. On August 6, 2020, President Trump signed two Executive Orders to address the threats posed by TikTok and WeChat. TikTok and WeChat capture vast swathes of data from their unsuspecting users and are compelled by Chinese law to turn over this private information to the CCP upon request. The American people’s most sensitive personal and business information must be protected on their mobile phones from exploitation and theft for the CCP’s benefit.
  • Clean Apps: To prevent untrusted PRC smartphone manufacturers from pre-installing—or otherwise making available for download—trusted apps on their apps store. Huawei, an arm of the PRC surveillance state is trading on the innovations and reputations of leading U.S. and foreign companies. These companies should remove their apps from Huawei’s app store to ensure they are not partnering with a human rights abuser.
  • Clean Cloud: To prevent U.S. citizens’ most sensitive personal information and our businesses’ most valuable intellectual property, including COVID-19 vaccine research, from being stored and processed on cloud-based systems built or operated by untrusted vendors, such as Alibaba, Baidu, China Mobile, China Telecom, and Tencent.
  • Clean Cable: To ensure the undersea cables connecting our country to the global internet are not subverted for intelligence gathering by the PRC at hyper scale. We will also work with foreign partners to ensure that undersea cables around the world aren’t built or operated by untrusted vendors.

As noted, the Clean Path program had its genesis in a provision in a recently enacted bill. Section 889 of the “John S. McCain National Defense Authorization Act (NDAA) for FY 2019” (P.L. 115-232) was drafted to address the threats posed by the presence of Huawei and ZTE equipment and services throughout the systems and supply chains of the federal government and its contractors. The ultimate goal is the complete phaseout, if possible, of these and any other suspect systems that could possibly be compromised or exploited in the future. Consequently, Russian equipment and systems are also targeted. All federal agencies must inventory and then work to remove this equipment and products within the next few years.

As a result, a rulemaking changed the Federal Acquisition Regulations (FAR) to put into effect the Section 889 required ban on Huawei and ZTE products. Specifically the August 2019 interim rule bars federal agencies from buying Huawei, ZTE, and related Chinese “equipment, system[s], or service[s] that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system” unless an exception allows the agency to disregard this general ban. This rule has already taken effect, and it is likely the DOD and other agencies will issue a final rule, which may change the interim rule on the margins but will likely maintain the substance of the prohibition. It bears note that this interim rule is applicable to all contracts going forward and some solicitations offered and contracts signed before August 13, 2019.

In July 2020, federal agencies released an interim rule to implement the second half of the Section 889 government-wide ban on buying or using Huawei, ZTE, and other equipment and systems considered risky or suspect by the U.S. government. This part of the ban extends the prohibition to entities that would contract with US agencies. Therefore, as a general matter, such contractors would need to certify their services, systems, and equipment are free and clear of “covered telecommunication equipment,” which is largely technology developed and manufactured in the People’s Republic of China (PRC) or the Russian Federation. This rule will take effect on 13 August but may possibly affect contracts entered into before that date. And yet, comments are being accepted on this rule until 14 September, which will likely affect the rule on the margins when a final version is issued but not its substance.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by Pete Linforth from Pixabay

Further Reading, Other Developments, and Coming Events (31 July)

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Here are Further Reading, Other Developments, and Coming Events.

Coming Events

  • On 31 July, the House Intelligence Committee will mark up its Intelligence Authorization Act.
  • On 31 July the Select Committee on the Modernization of Congress will hold a business meeting “to consider proposed recommendations.”
  • On 3 August the House Oversight and Reform Committee will hold a hearing on the tenth “Federal Information Technology Acquisition Reform Act” (FITARA) scorecard on federal information technology.
  • On 4 August, the Senate Armed Services Committee will hold a hearing titled “Findings and Recommendations of the Cyberspace Solarium Commission” with these witnesses:
    • Senator Angus S. King, Jr. (I-ME), Co-Chair, Cyberspace Solarium Commission
    • Representative Michael J. Gallagher (R-WI), Co-Chair, Cyberspace Solarium Commission
    • Brigadier General John C. Inglis, ANG (Ret.), Commissioner, Cyberspace Solarium Commission
  • On 6 August, the Federal Communications Commission (FCC) will hold an open meeting to likely consider the following items:
    • C-band Auction Procedures. The Commission will consider a Public Notice that would adopt procedures for the auction of new flexible-use overlay licenses in the 3.7–3.98 GHz band (Auction 107) for 5G, the Internet of Things, and other advanced wireless services. (AU Docket No. 20-25)
    • Radio Duplication Rules. The Commission will consider a Report and Order that would eliminate the radio duplication rule with regard to AM stations and retain the rule for FM stations. (MB Docket Nos. 19-310. 17-105)
    • Common Antenna Siting Rules. The Commission will consider a Report and Order that would eliminate the common antenna siting rules for FM and TV broadcaster applicants and licensees. (MB Docket Nos. 19-282, 17-105)
    • Telecommunications Relay Service. The Commission will consider a Report and Order to repeal certain TRS rules that are no longer needed in light of changes in technology and voice communications services. (CG Docket No. 03-123)
  • The National Institute of Standards and Technology (NIST) will hold the “Exploring Artificial Intelligence (AI) Trustworthiness: Workshop Series Kickoff Webinar,” “a NIST initiative involving private and public sector organizations and individuals in discussions about building blocks for trustworthy AI systems and the associated measurements, methods, standards, and tools to implement those building blocks when developing, using, and testing AI systems” on 6 August.
  • On 18 August, the National Institute of Standards and Technology (NIST) will host the “Bias in AI Workshop, a virtual event to develop a shared understanding of bias in AI, what it is, and how to measure it.”

Other Developments

  • The European Commission (EC) released a report on the status of efforts across the European Union (EU) to implement the EU Toolbox on 5G Cybersecurity, the bloc’s approach to navigating security issues presented by equipment and services offered by companies from the People’s Republic of China such as Huawei. The EC concluded
    • All  Member  States  reported  that  concrete  steps  have  been  taken  to  implement  the  Toolbox.  Most  Member  States  carried  out  a  gap  analysis  and  launched  a  process  to  review  and  upgrade  existing security measures and enforcement mechanisms. Many Member States have already adopted or are well advanced in the preparation of more advanced security measures on 5G cybersecurity.
    • However,  work  is  still  ongoing  in  many  Member  States  on  defining  the  content  and  scope  of  the  measures and in some cases, political decisions still need to be made in this regard. In addition, even where  measures  are  in  progress  or  being  planned,  not  all  Member  States  have  shared  detailed information about every measure, due to diverse stages in the national implementation processor for national security reasons. Nevertheless, a number of findings can be formulated based on the analysis presented  in  this  report as  regards  the  implementation  of  the  Toolbox  and  areas  where  specific  attention  is  needed  in  the  next  phases  of  the  implementation  of  the  Toolbox  at  national  and/or  EU  level.
  • The United States (US) and Australia released this joint statement after this week’s Australia-United States Ministerial Consultations (AUSMIN) after the heads of their defense and foreign ministries met in Washington DC. The two countries listed a number of steps and initiatives designed to counter the People’s Republic of China (PRC). Among other developments:
    • The US and Australia signed a classified Statement of Principles on Alliance Defense Cooperation and Force Posture Priorities in the Indo-Pacific.
    • The two nations “plan to continue to counter these threats vigorously, including through collaboration with international partners, and through a new working group between the Department of Foreign Affairs and Trade and the Department of State, which will monitor and respond to disinformation efforts.”
    • The US and Australia “expressed deep concern that the targeting of intellectual property and sensitive business information, including information relating to the development of vaccines and treatments for pandemic response, presents an increasing threat to the global economy, and they committed to holding malicious actors accountable.”
    • The countries “noted the role of 5G network security best practices, such as the Prague Proposals, and expressed their intent to work with like-minded partners to develop end-to-end technical solutions for 5G that use trusted vendors….[and] [a]cknowledging that 5G is only the starting point, the two nations also reaffirm their commitment to lifting the security of critical and emerging technologies that will be vital to our nations’ prosperity.”
    • The US and Australia “welcomed the announcement that Lynas has signed a Phase 1 contract with the U.S. Department of Defense for an engineering and market feasibility study for the design of a heavy rare earth separation facility in the United States” and “the continued development of a U.S.-Australia Critical Minerals Plan of Action to improve the security of critical minerals in the United States and Australia.” 
  • The United Kingdom’s National Cyber Security Centre (NCSC) has issued a report titled “The Cyber Threat to Sports Organisations” “to demystify the cyber threat to sports organisations by highlighting the cyber security issues that affect the sector on a daily basis: business email compromise, digital fraud, and venue security.” The NCSC asserted
    • cyber attacks against sports organisations are very common, with 70% of those surveyed experiencing at least one attack per annum. This is significantly higher than the average across UK business.
    • The primary cyber threat comes from cyber criminals with a financial motive. Criminal attacks typically take advantage of poor implementation of technical controls and normal human traits such as trust and ineffective password policies.
    • There have been a small number of Hostile Nation-state attacks against sports organisations; typically, these attacks have exploited the same vulnerabilities used by criminals.
    • The most common outcome of cyber attacks is unauthorised access to email accounts (Business Email Compromise) leading to fraud. Ransomware is also a significant issue in the sector.
  • Top Republicans on one of the committees with jurisdiction over technology have written Google and Apple regarding their “app store and the policies you have in place to ensure apps are appropriately vetted, particularly those with close ties to China and the Chinese Communist Party (CCP).” House Energy and Commerce Committee Ranking Member Greg Walden (R-OR) and Consumer Protection and Commerce Subcommittee Ranking Member Cathy McMorris Rodgers (R-WA) are asking the companies to respond by 12 August to a series of questions. They asserted
    • As with any crisis, there are those that seek to exploit opportunities for their own malicious intent. We believe that bad actors may be taking advantage of the American people’s trust in your brand, which likely extends to apps available through your store. While we want an open and transparent marketplace that does not limit innovators outside your company, we know there are those that seek to use apps as a means to push through pop-up ads or hijack devices to make it a tool for eavesdropping.
    • The level of permissions that these apps require may include access to camera, microphone, and contacts, as well as functionality to load other malware for bad actors to control a device even after the original app has been removed. This is especially alarming when it comes from companies with direct or indirect links to the CCP.
  • A Washington DC think tank published a report written in part with Representatives Robin Kelly (D-IL) and Will Hurd (R-TX) titled “AI and the Workforce.” The Bipartisan Policy Center explained that “[b]ased on our discussions with stakeholders, we have identified the following key principles:
    • 1. The United States should embrace and take a leadership role in the AI-driven economy by filling the AI talent gap and preparing the rest of the workforce for the jobs of the future. However, in doing so, policymakers should make inclusivity and equal opportunity a priority.
    • 2. Closing the AI talent gap requires a targeted approach to training, recruiting, and retaining skilled workers. This AI talent should ideally have a multi-disciplinary skill set that includes ethics.
    • 3. The AI talent gap is not the only challenge of the AI-driven economy, so the federal government should focus more broadly on the jobs of the future and skills that are complemented by AI technology. Additionally, encouraging workers to develop basic AI and technological literacy can help them better determine how to complement AI systems.
    • 4. The educational system from kindergarten through post-college is not yet designed for the AI-driven economy and should be modernized.
    • 5. The skills that will be in demand in the future will continuously change, so lifelong learning and ways to help displaced and mid-career workers transition into new jobs is critical for the workforce of the future.
    • In September 2018, Kelly and Hurd released a white paper detailing the “lessons learned from the Subcommittee’s oversight and hearings on AI and sets forth recommendations for moving forward.” 
  • The National Cyber Security Centre (NCSC) updated its “Mobile Device Guidance” regarding “Windows 10, Android and VPNs. The NCSC stated “[o]ver the next few months, we’ll be bringing our Chrome OS and Ubuntu Linux guidance up to date and into the new format.”
  • Cybersecurity company FireEye released a report on a new type of Russian disinformation campaign where hackers are gaining access to legitimate news sources and planting fake stories that are subsequently amplified on social media.
    • FireEye explained it
      • has tied together several information operations that we assess with moderate confidence comprise part of a broader influence campaign, ongoing since at least March 2017, aligned with Russian security interests. The operations have primarily targeted audiences in Lithuania, Latvia, and Poland with narratives critical of the North Atlantic Treaty Organization’s (NATO) presence in Eastern Europe, occasionally leveraging other themes such as anti-U.S. and COVID-19-related narratives as part of this broader anti-NATO agenda. We have dubbed this campaign “Ghostwriter.”
    • FireEye added
      • Many, though not all, of the incidents we suspect to be part of the Ghostwriter campaign appear to have leveraged website compromises or spoofed email accounts to disseminate fabricated content, including falsified news articles, quotes, correspondence and other documents designed to appear as coming from military officials and political figures in the target countries. This falsified content has been referenced as source material in articles and op-eds authored by at least 14 inauthentic personas posing as locals, journalists, and analysts within those countries.

Further Reading

  • Rite Aid deployed facial recognition systems in hundreds of U.S. stores” by Jeffrey Dastin– Reuters. A major United States retailer was using facial recognition technology mostly at stores in poorer, more ethnically diverse areas that seems connected to a company in the People’s Republic of China. Rite Aid has ceased use of this system that was implemented to address shoplifting and other crime and guards and other personnel were supposed to act when the system turned up a hit on a person in the store who had committed a crime or made trouble in another location. Given the accuracy of this sort of technology, there were a range of false positives. Additionally, locations in New York City that had similar crime profiles in majority white, affluent areas were much less likely to have this system. The company, DeepCamLLC, providing the technology appears intimately connected to a Chinese firm, Shenzhen Shenmu, that appears funded by a Beijing run venture capital/investment fund.
  • Facebook Wins Temporary Halt to EU Antitrust Data Demands” by Stephanie Bodoni – Bloomberg. In a setback for the European Commission’s (EC) investigation, the European Union General Court has temporarily blocked data and document requests in a pair of rulings. The court ruled for Facebook in finding the EC’s request “may unavoidably include personal information” and so “it is important to ensure that confidential treatment of such information is safeguarded, especially when the information does, at first sight, not appear to have any link with the subject matter of the commission’s investigation.” A Facebook attorney claimed the requests were going to net “highly sensitive personal information such as employees’ medical information, personal financial documents, and private information about family members of employees.” The court is expected to issue a final decision on the data requests, which has obvious implications for the EC’s investigation of Facebook.
  • Google’s Top Search Result? Surprise! It’s Google” By Adrianne Jeffries and Leon Yin – The Markup. Google’s search results have changed tremendously over the last 15 years from showing the top organic results to now reserving the 50% of the page for Google results and products. As a result a number of online businesses that compete with Google products have withered and some have died. Google denies abusing its market power, but competitors and possibly some regulators think otherwise, possibly foreshadowing future anti-competitive enforcement actions.
  • Five Eyes alliance could expand in scope to counteract China” by Patrick Wintour – The Guardian. The United States, United Kingdom, Canada, New Zealand, and Australia may expand both the scope of heir Five Eyes arrangement and the membership as a means of pushing back on Chinese policies and actions. Japan could possibly join the alliance and perhaps it serves as the basis for a trade agreement to address Beijing.
  • Huawei to double down on HSBC as legal battle over extradition of Meng Wanzhou intensifies” by Zhou Xin – South China Morning Post. As the daughter of Huawei’s founder continues to be held in Canada facing possible extradition to the United States (US) to be tried on charges of violating US sanctions on Iran. Meng Wanzhou’s lawyers are focusing on the evidence provided by Hong Kong based bank HSBC to the US Department of Justice as being deficient in a number of ways. The People’s Republic of China is still holding two Canadians incommunicado who were arrested and charged with espionage after Meng was detained in British Columbia.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Further Reading, Other Developments, and Coming Events (24 July)

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Here are Further Reading, Other Developments, and Coming Events.

Coming Events

  • On  27 July, the House Judiciary Committee’s Antitrust, Commercial, and Administrative Law Subcommittee will hold its sixth hearing on “Online Platforms and Market Power” titled “Examining the Dominance of Amazon, Apple, Facebook, and Google” that will reportedly have the heads of the four companies as witnesses.
  • On 28 July, the Senate Commerce, Science, and Transportation Committee’s Communications, Technology, Innovation, and the Internet Subcommittee will hold a hearing titled “The PACT Act and Section 230: The Impact of the Law that Helped Create the Internet and an Examination of Proposed Reforms for Today’s Online World.”
  • On 28 July the House Science, Space, and Technology Committee’s Investigations and Oversight and Research and Technology Subcommittees will hold a joint virtual hearing titled “The Role of Technology in Countering Trafficking in Persons” with these witnesses:
    • Ms. Anjana Rajan, Chief Technology Officer, Polaris
    • Mr. Matthew Daggett, Technical Staff, Humanitarian Assistance and Disaster Relief Systems Group, Lincoln Laboratory, Massachusetts Institute of Technology
    • Ms. Emily Kennedy, President and Co-Founder, Marinus Analytics
  •  On 28 July, the House Homeland Security Committee’s Cybersecurity, Infrastructure Protection, & Innovation Subcommittee will hold a hearing titled “Secure, Safe, and Auditable: Protecting the Integrity of the 2020 Elections” with these witnesses:
    • Mr. David Levine, Elections Integrity Fellow, Alliance for Securing Democracy, German Marshall Fund of the United States
    • Ms. Sylvia Albert, Director of Voting and Elections, Common Cause
    • Ms. Amber McReynolds, Chief Executive Officer, National Vote at Home Institute
    • Mr. John Gilligan, President and Chief Executive Officer, Center for Internet Security, Inc.
  • On 30 July the House Oversight and Reform Committee will hold a hearing on the tenth “Federal Information Technology Acquisition Reform Act” (FITARA) scorecard on federal information technology.
  • On 30 July, the Senate Commerce, Science, and Transportation Committee’s Security Subcommittee will hold a hearing titled “The China Challenge: Realignment of U.S. Economic Policies to Build Resiliency and Competitiveness” with these witnesses:
    • The Honorable Nazak Nikakhtar, Assistant Secretary for Industry and Analysis, International Trade Administration, U.S. Department of Commerce
    • Dr. Rush Doshi, Director of the Chinese Strategy Initiative, The Brookings Institution
    • Mr. Michael Wessel, Commissioner, U.S. – China Economic and Security Review Commission
  • On 4 August, the Senate Armed Services Committee will hold a hearing titled “Findings and Recommendations of the Cyberspace Solarium Commission” with these witnesses:
    • Senator Angus S. King, Jr. (I-ME), Co-Chair, Cyberspace Solarium Commission
    • Representative Michael J. Gallagher (R-WI), Co-Chair, Cyberspace Solarium Commission
    • Brigadier General John C. Inglis, ANG (Ret.), Commissioner, Cyberspace Solarium Commission
  • On 6 August, the Federal Communications Commission (FCC) will hold an open meeting to likely consider the following items:
    • C-band Auction Procedures. The Commission will consider a Public Notice that would adopt procedures for the auction of new flexible-use overlay licenses in the 3.7–3.98 GHz band (Auction 107) for 5G, the Internet of Things, and other advanced wireless services. (AU Docket No. 20-25)
    • Radio Duplication Rules. The Commission will consider a Report and Order that would eliminate the radio duplication rule with regard to AM stations and retain the rule for FM stations. (MB Docket Nos. 19-310. 17-105)
    • Common Antenna Siting Rules. The Commission will consider a Report and Order that would eliminate the common antenna siting rules for FM and TV broadcaster applicants and licensees. (MB Docket Nos. 19-282, 17-105)
    • Telecommunications Relay Service. The Commission will consider a Report and Order to repeal certain TRS rules that are no longer needed in light of changes in technology and voice communications services. (CG Docket No. 03-123)

Other Developments

  • Slack filed an antitrust complaint with the European Commission (EC) against Microsoft alleging that the latter’s tying Microsoft Teams to Microsoft Office is a move designed to push the former out of the market. A Slack vice president said in a statement “Slack threatens Microsoft’s hold on business email, the cornerstone of Office, which means Slack threatens Microsoft’s lock on enterprise software.” While the filing of a complaint does not mean the EC will necessarily investigate, under its new leadership the EC has signaled in a number of ways its intent to address the size of some technology companies and the effect on competition.
  • The National Institute of Standards and Technology (NIST) has issued for comment NIST the 2nd Draft of NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). NIST claimed this guidance document “promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches…[and] contains the same main concepts as the initial public draft, but their presentation has been revised to clarify the concepts and address other comments from the public.” Comments are due by 21 August 2020.
  • The United States National Security Commission on Artificial Intelligence (NSCAI) published its Second Quarter Recommendations, a compilation of policy proposals made this quarter. NSCAI said it is still on track to release its final recommendations in March 2021. The NSCAI asserted
    • The recommendations are not a comprehensive follow-up to the interim report or first quarter memorandum. They do not cover all areas that will be included in the final report. This memo spells out recommendations that can inform ongoing deliberations tied to policy, budget, and legislative calendars. But it also introduces recommendations designed to build a new framework for pivoting national security for the artificial intelligence (AI) era.
    • The NSCAI stated it “has focused its analysis and recommendations on six areas:
    • Advancing the Department of Defense’s internal AI research and development capabilities. The Department of Defense (DOD) must make reforms to the management of its research and development (R&D) ecosystem to enable the speed and agility needed to harness the potential of AI and other emerging technologies. To equip the R&D enterprise, the NSCAI recommends creating an AI software repository; improving agency- wide authorized use and sharing of software, components, and infrastructure; creating an AI data catalog; and expanding funding authorities to support DOD laboratories. DOD must also strengthen AI Test and Evaluation, Verification and Validation capabilities by developing an AI testing framework, creating tools to stand up new AI testbeds, and using partnered laboratories to test market and market-ready AI solutions. To optimize the transition from technological breakthroughs to application in the field, Congress and DOD need to reimagine how science and technology programs are budgeted to allow for agile development, and adopt the model of multi- stakeholder and multi-disciplinary development teams. Furthermore, DoD should encourage labs to collaborate by building open innovation models and a R&D database.
    • Accelerating AI applications for national security and defense. DOD must have enduring means to identify, prioritize, and resource the AI- enabled applications necessary to fight and win. To meet this challenge, the NSCAI recommends that DOD produce a classified Technology Annex to the National Defense Strategy that outlines a clear plan for pursuing disruptive technologies that address specific operational challenges. We also recommend establishing mechanisms for tactical experimentation, including by integrating AI-enabled technologies into exercises and wargames, to ensure technical capabilities meet mission and operator needs. On the business side, DOD should develop a list of core administrative functions most amenable to AI solutions and incentivize the adoption of commercially available AI tools.
    • Bridging the technology talent gap in government. The United States government must fundamentally re-imagine the way it recruits and builds a digital workforce. The Commission envisions a government-wide effort to build its digital talent base through a multi-prong approach, including: 1) the establishment of a National Reserve Digital Corps that will bring private sector talent into public service part-time; 2) the expansion of technology scholarship for service programs; and, 3) the creation of a national digital service academy for growing federal technology talent from the ground up.
    • Protecting AI advantages for national security through the discriminate use of export controls and investment screening. The United States must protect the national security sensitive elements of AI and other critical emerging technologies from foreign competitors, while ensuring that such efforts do not undercut U.S. investment and innovation. The Commission proposes that the President issue an Executive Order that outlines four principles to inform U.S. technology protection policies for export controls and investment screening, enhance the capacity of U.S. regulatory agencies in analyzing emerging technologies, and expedite the implementation of recent export control and investment screening reform legislation. Additionally, the Commission recommends prioritizing the application of export controls to hardware over other areas of AI-related technology. In practice, this requires working with key allies to control the supply of specific semiconductor manufacturing equipment critical to AI while simultaneously revitalizing the U.S. semiconductor industry and building the technology protection regulatory capacity of like-minded partners. Finally, the Commission recommends focusing the Committee on Foreign Investment in the United States (CFIUS) on preventing the transfer of technologies that create national security risks. This includes a legislative proposal granting the Department of the Treasury the authority to propose regulations for notice and public comment to mandate CFIUS filings for investments into AI and other sensitive technologies from China, Russia and other countries of special concern. The Commission’s recommendations would also exempt trusted allies and create fast tracks for vetted investors.
    • Reorienting the Department of State for great power competition in the digital age. Competitive diplomacy in AI and emerging technology arenas is a strategic imperative in an era of great power competition. Department of State personnel must have the organization, knowledge, and resources to advocate for American interests at the intersection of technology, security, economic interests, and democratic values. To strengthen the link between great power competition strategy, organization, foreign policy planning, and AI, the Department of State should create a Strategic Innovation and Technology Council as a dedicated forum for senior leaders to coordinate strategy and a Bureau of Cyberspace Security and Emerging Technology, which the Department has already proposed, to serve as a focal point and champion for security challenges associated with emerging technologies. To strengthen the integration of emerging technology and diplomacy, the Department of State should also enhance its presence and expertise in major tech hubs and expand training on AI and emerging technology for personnel at all levels across professional areas. Congress should conduct hearings to assess the Department’s posture and progress in reorienting to address emerging technology competition.
    • Creating a framework for the ethical and responsible development and fielding of AI. Agencies need practical guidance for implementing commonly agreed upon AI principles, and a more comprehensive strategy to develop and field AI ethically and responsibly. The NSCAI proposes a “Key Considerations” paradigm for agencies to implement that will help translate broad principles into concrete actions.
  • The Danish Defence Intelligence Service’s Centre for Cyber Security (CFCS) released its fifth annual assessment of the cyber threat against Denmark and concluded:
    • The cyber threat pose a serious threat to Denmark. Cyber attacks mainly carry economic and political consequences.
    • Hackers have tried to take advantage of the COVID-19 pandemic. This constitutes a new element in the general threat landscape.
    • The threat from cyber crime is VERY HIGH. No one is exempt from the threat. There is a growing threat from targeted ransomware attacks against Danish public authorities and private companies.  The threat from cyber espionage is VERY HIGH.
    • The threat is especially directed against public authorities dealing with foreign and security policy issues as well as private companies whose knowledge is of interest to foreign states. 
    • The threat from destructive cyber attacks is LOW. It is less likely that foreign states will launch destructive cyber attacks against Denmark. Private companies and public authorities operating in conflict-ridden regions are at a greater risk from this threat. 
    • The threat from cyber activism is LOW. Globally, the number of cyber activism attacks has dropped in recent years,and cyber activists rarely focus on Danish public authorities and private companies. The threat from cyber terrorism is NONE. Serious cyber attacks aimed at creating effects similar to those of conventional terrorism presuppose a level of technical expertise and organizational resources that militant extremists, at present, do not possess. Also, the intention remains limited. 
    • The technological development, including the development of artificial intelligence and quantum computing, creates new cyber security possibilities and challenges.

Further Reading

  • Accuse, Evict, Repeat: Why Punishing China and Russia for Cyberattacks Fails” – The New York Times. This piece points out that the United States (US) government is largely using 19th Century responses to address 21st Century conduct by expelling diplomats, imposing sanctions, and indicting hackers. Even a greater use of offensive cyber operations does not seem to be deterring the US’s adversaries. It may turn out that the US and other nations will need to focus more on defensive measures and securing its valuable data and information.
  • New police powers to be broad enough to target Facebook” – Sydney Morning Herald. On the heels of a 2018 law that some argue will allow the government in Canberra to order companies to decrypt users communications, Australia is considering the enactment of new legislation because of concern among the nation’s security services about end-to-end encryption and dark browsing. In particular, Facebook’s proposed changes to secure its networks is seen as fertile ground of criminals, especially those seeking to prey on children sexually.
  • The U.S. has a stronger hand in its tech battle with China than many suspect” – The Washington Post. A national security writer makes the case that the cries that the Chinese are coming may prove as overblown as similar claims made about the Japanese during the 1980s and the Russian during the Cold War. The Trump Administration has used some levers that may appear to impede the People’s Republic of China’s attempt to displace the United States. In all, this writer is calling for more balance in viewing the PRC and some of the challenges it poses.
  • Facebook is taking a hard look at racial bias in its algorithms” – Recode. After a civil rights audit that was critical of Facebook, the company is assembling and deploying teams to try to deal with the biases in its algorithms on Facebook and Instagram. Critics doubt the efforts will turn out well because economic incentives are aligned against rooting out such biases and the lack of diversity at the company.
  • Does TikTok Really Pose a Risk to US National Security?” – WIRED. This article asserts TikTok is probably no riskier than other social media apps even with the possibility that the People’s Republic of China (PRC) may have access to user data.
  • France won’t ban Huawei, but encouraging 5G telcos to avoid it: report” – Reuters. Unlike the United States, the United Kingdom, and others, France will not outright ban Huawei from their 5G networks but will instead encourage their telecommunications companies to use European manufacturers. Some companies already have Huawei equipment on the networks and may receive authorization to use the company’s equipment for up to five more years. However, France is not planning on extending authorizations past that deadline, which will function a de facto sunset. In contrast, authorizations for Ericsson or Nokia equipment were provided for eight years. The head of France’s cybersecurity agency stressed that France was not seeking to move against the People’s Republic of China (PRC) but is responding to security concerns.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

UK Finally Releases Russia Report

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

A committee of the United Kingdom (UK) Parliament issued its report on its investigation into Russian interference and rendered a scathing indictment of disengagement by the British government on the challenges and threats posed by the Russian Federation going back to early this century. The Intelligence and Security Committee of Parliament (ISC), a joint body consisting of nine members of the House of Commons and the same number from the House of Lords, had been tasked with investigating the extent to which Russia has been interfering with the UK, including the Brexit vote in 2016. The ISC has returned with a record of half-measures, often uncoordinated between agencies and entities inside the British government, that have proved ineffective. The ISC is calling for a range of policy, strategic, and legislative changes to counter the threat posed by Russian activities, many of which occurred in cyberspace or digitally. Presumably, these changes would also help the UK deal with other nations that are aggressive in cyberspace, including the People’s Republic of China (PRC), the Democratic People’s Republic of Korea (DPRK), Iran, and others.

This report follows the four of five volume report the United States Senate Intelligence Committee has released on Russian interference with the 2016 US Presidential Election in favor of the Trump Campaign and to sow discord and distrust generally. In October 2019, the Committee transmitted its report to Prime Minister Boris Johnson who would “now consider whether there is any information in the report which, if published, would be prejudicial to the continued discharge of the functions of the security and intelligence Agencies.” In its press release today, the ISC stated “it is a matter of great regret that it was not published last November, ahead of the General Election.”

In the report, the ISC explained the report “covers aspects of the Russian threat to the UK (Cyber; Disinformation and Influence; and Russian Expatriates) followed by an examination of how the UK Government – in particular the Agencies and Defence Intelligence – has responded (Allocation of Effort; Strategy, Co-ordination and Tasking; A Hard Target; Legislation; International Partnerships; and Engagement with Russia).”

The previous ISC wrote the press release the current ISC issued:

ISC questions whether Government took its eye off the ball on Russia, finds that they underestimated the response required to the Russian threat and are still playing catch up:

  • Russian influence in the UK is the new normal. Successive Governments have welcomed the oligarchs and their money with open arms, providing them with a means of recycling illicit finance through the London ‘laundromat’, and connections at the highest levels with access to UK companies and political figures.
  • This has led to a growth industry of ‘enablers’ including lawyers, accountants, and estate agents who are – wittingly or unwittingly – de facto agents of the Russian state.
  • It clearly demonstrates the inherent tension between the Government’s prosperity agenda and the need to protect national security. While we cannot now shut the stable door, greater powers and transparency are needed urgently.
  • UK is clearly a target for Russian disinformation. While the mechanics of our paper-based voting system are largely sound, we cannot be complacent about a hostile state taking deliberate action with the aim of influencing our democratic processes.
  • Yet the defence of those democratic processes has appeared something of a ‘hot potato’, with no one organisation considering itself to be in the lead, or apparently willing to conduct an assessment of such interference. This must change.
  • Social media companies must take action and remove covert hostile state material: Government must ‘name and shame’ those who fail to act.
  • We need other countries to step up with the UK and attach a cost to Putin’s actions. Salisbury must not be allowed to become the high water mark in international unity over the Russia threat.
  • A number of issues addressed in this published version of the Russia Report are covered in more depth in the Classified Annex. We are not able to discuss these aspects on the grounds of national security.

The previous ISC continued in its press release:

  • [T]his Inquiry found it surprisingly difficult to establish who has responsibility: the defence of the UK’s democratic processes has appeared to be something of a ‘hot potato’, with no single organisation identifying itself as having an overall lead. We understand the nervousness around any suggestion that the intelligence Agencies might be involved in the mechanics of the democratic process, but that does not apply when it comes to the protection of those processes. And without seeking to imply that those organisations currently responsible are not capable, the Committee have questioned whether DCMS and the Electoral Commission have the weight and access required to tackle a major hostile state threat. Democracy is intrinsic to our country’s success and well-being. Protecting it must be a ministerial priority, with the Office for Security and Counter-Terrorism taking the policy lead and the operational role sitting with MI5.
  • In terms of responsibility, it was noted that – as with so many other issues currently – it is the social media companies who hold the key but are failing to play their part. The Government must establish a protocol with these companies to ensure that they take covert hostile state use of their platforms seriously, with agreed deadlines within which such material will be removed, and Government should ‘name and shame’ those which fail to act.
  • There have been widespread allegations that Russia sought to influence voters in the 2016 referendum on the UK’s membership of the EU: studies have pointed to the preponderance of pro-Brexit or anti-EU stories on RT and Sputnik, and the use of ‘bots’ and ‘trolls’, as evidence. The actual impact of such attempts on the result itself would be difficult – if not impossible – to prove. However what is clear is that the Government was slow to recognise the existence of the threat – only understanding it after the ‘hack and leak’ operation against the Democratic National Committee, when it should have been seen as early as 2014. As a result the Government did not take action to protect the UK’s process in 2016. The Committee has not been provided with any post-referendum assessment – in stark contrast to the US response to reports of interference in the 2016 presidential election. In our view there must be an analogous assessment of Russian interference in the EU referendum.
  • What is clear is that Russian influence in the UK is ‘the new normal’: successive Governments have welcomed the Russian oligarchy with open arms, and there are a lot of Russians with very close links to Putin who are well integrated into the UK business, political and social scene – in ‘Londongrad’ in particular. Yet few, if any, questions have been asked regarding the provenance of their considerable wealth and this ‘open door’ approach provided ideal mechanisms by which illicit finance could be recycled through the London ‘laundromat’. It is not just the oligarchs either – the arrival of Russian money has resulted in a growth industry of ‘enablers’: lawyers, accountants, and estate agents have all played a role, wittingly or unwittingly, and formed a “buffer” of Westerners who are de facto agents of the Russian state.
  • There is an obvious inherent tension between the Government’s prosperity agenda and the need to protect national security. To a certain extent, this cannot be untangled and the priority now must be to mitigate the risk, and ensure that where hostile activity is uncovered, the proper tools exist to tackle it at source and to challenge the impunity of Putin-linked elites. It is notable, for example, that a number of Members of the House of Lords have business interests linked to Russia, or work directly for major Russian companies linked to the Russian state – these relationships should be carefully scrutinised, given the potential for the Russian state to exploit them.
  • In addition to the Putin-linked elites, the UK is also home to a number of Putin’s critics who have sought sanctuary in the UK fearing politically-motivated charges and harassment, and the events of 4 March 2018 showed the vulnerability of former Russian intelligence officers who have settled in the UK – one of the issues we address in the Classified Annex to our Report.
  • It has been clear for some time that Russia under Putin has moved from potential partner to established threat, fundamentally unwilling to adhere to international law – the murder of Alexander Litvinenko in 2006 and the annexation of Crimea in 2014 were stark indicators of this. We therefore question whether the Government took its eye off the ball because of its focus on counter-terrorism: it was the opinion of the Committee that until recently the Government had badly underestimated the response required to the Russian threat –and is still playing catch up. Russia poses a tough intelligence challenge and our intelligence Agencies must have the tools they need to tackle it. In particular, new legislation must be introduced to tackle foreign spies: the Official Secrets Act is not fit for purpose and while this goes unrectified the UK intelligence community’s hands are tied.
  • More broadly, we need a continuing international consensus against Russian aggressive action. Effective constraint of nefarious Russian activities in the future will rely on making sure that the price the Russians pay for such interference is sufficiently high: the West is strongest when it acts collectively, and the UK has shown it can lead the international response. The expulsion of 153 ‘diplomats’ from 29 countries and NATO following the use of chemical weapons on UK soil in the Salisbury attack was unprecedented and, together with the subsequent exposure of the GRU agents responsible, sent a strong message that such actions would not be tolerated. But Salisbury must not be allowed to become the high water mark in international unity over the Russia threat: we must build on this effort to ensure momentum is not lost.

In the report, the ISC explained

As a result of our scrutiny, we have reached conclusions as to what is working well, where there is a need for more, or different, effort, or where a strategy may need updating, and we have commissioned a number of actions. These are embedded throughout the Report. We note here, however, that there have been a number of cross-cutting themes which have emerged during the course of our work:

  • Most surprising, perhaps, was the extent to which much of the work of the Intelligence Community is focused on ***. We had, at the outset of our Inquiry, believed they would be taking a rather broader view, given that it is clearly acknowledged that the Russians use a whole-of-state approach.
  • This focus has led us to question who is responsible for broader work against the Russian threat and whether those organisations are sufficiently empowered to tackle a hostile state threat such as Russia. In some instances, we have therefore recommended a shift in responsibilities. In other cases, we have recommended a simplification: there are a number of unnecessarily complicated wiring diagrams that do not provide the clear lines of accountability that are needed.
  • The clearest requirement for immediate action is for new legislation: the Intelligence Community must be given the tools it needs and be put in the best possible position if it is to tackle this very capable adversary, and this means a new statutory framework to tackle espionage, the illicit financial dealings of the Russian elite and the ‘enablers’ who support this activity.
  • More broadly, the way forward lies with taking action with our allies; a continuing international consensus is needed against Russian aggressive action. The West is strongest when it acts collectively and that is the way in which we can best attach a cost to Putin’s actions. The UK has shown it can shape the international response, as it did in response to the Salisbury attacks. It must now seek to build on this effort to ensure that momentum is not lost.

The Committee is pursuing additional inquiries that could also result in proposed changes in how the UK handles cyberspace threats:

  • an Inquiry into national security issues relating to China;
  • an Inquiry into Right Wing Terrorism;
  • an examination of the current threat from Northern Ireland-Related Terrorism; and
  • a case study on GCHQ procurement.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by TeeFarm from Pixabay

Further Reading, Other Developments, and Coming Events (22 July)

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Here are Further Reading, Other Developments, and Coming Events.

Coming Events

  • On 22 July, the Senate Homeland Security & Governmental Affairs Committee will markup a number of bills and nominations, including:
    • The nomination of Derek Kan to the Office of Management and Budget’s Deputy Director
    • The “Federal Emergency Pandemic Response Act” (S.4204)
    • The “Securing Healthcare and Response Equipment Act of 2020” (S.4210)
    • The “National Response Framework Improvement Act of 2020” (S.4153)
    • The “National Infrastructure Simulation and Analysis Center Pandemic Modeling Act of 2020” (S.4157)
    • The “PPE Supply Chain Transparency Act of 2020” (S.4158)
    • The “REAL ID Act Modernization Act” (S.4133)
    • The “Safeguarding American Innovation Act” (S.3997)
    • The “Information Technology Modernization Centers of Excellence Program Act” (S.4200)
    • The “Telework for U.S. Innovation Act” (S.4318)
    • The “GAO Database Modernization Act” (S.____)
    • The “CFO Vision Act of 2020” (S.3287)
    • The “No Tik Tok on Government Devices Act” (S. 3455)
    • The “Cybersecurity Advisory Committee Authorization Act of 2020” (S. 4024)
  • On 23 July, the Senate Commerce, Science, and Transportation Committee’s Communications, Technology, Innovation, and the Internet Subcommittee will hold a hearing on “The State of U.S. Spectrum Policy” with the following witnesses:
    • Mr. Tom Power, Senior Vice President and General Counsel, CTIA
    • Mr. Mark Gibson, Director of Business Development, CommScope
    • Dr. Roslyn Layton, Visiting Researcher, Aalborg University
    • Mr. Michael Calabrese, Director, Wireless Future Project, Open Technology Institute at New America
  • On  27 July, the House Judiciary Committee’s Antitrust, Commercial, and Administrative Law Subcommittee will hold its sixth hearing on “Online Platforms and Market Power” titled “Examining the Dominance of Amazon, Apple, Facebook, and Google” that will reportedly have the heads of the four companies as witnesses.
  • On 6 August, the Federal Communications Commission (FCC) will hold an open meeting to likely consider the following items:
    • C-band Auction Procedures – The Commission will consider a Public Notice that would adopt procedures for the auction of new flexible-use overlay licenses in the 3.7–3.98 GHz band (Auction 107) for 5G, the Internet of Things, and other advanced wireless services. (AU Docket No. 20-25)
    • Radio Duplication Rules – The Commission will consider a Report and Order that would eliminate the radio duplication rule with regard to AM stations and retain the rule for FM stations. (MB Docket Nos. 19-310. 17-105)
    • Common Antenna Siting Rules – The Commission will consider a Report and Order that would eliminate the common antenna siting rules for FM and TV broadcaster applicants and licensees. (MB Docket Nos. 19-282, 17-105)
    • Telecommunications Relay Service – The Commission will consider a Report and Order to repeal certain TRS rules that are no longer needed in light of changes in technology and voice communications services. (CG Docket No. 03-123)
    • Inmate Calling Services – The Commission will consider a Report and Order on Remand and a Fourth Further Notice of Proposed Rulemaking that would respond to remands by the U.S. Court of Appeals for the District of Columbia Circuit and propose to comprehensively reform rates and charges for the inmate calling services within the Commission’s jurisdiction.  (WC Docket No. 12-375)

Other Developments

  • Acting Office of Management and Budget (OMB) Director Russell Vought was confirmed by the Senate by a 51-45 vote. OMB has been without a Senate-confirmed Director since Mick Mulvaney resigned at the end of March, but he was named acting White House Chief of Staff in January 2019, resulting in Vought serving as the acting OMB head since that time.
  • Former Vice President and Democratic candidate for President Joe Biden issued a statement on Russian interference with the 2020 election that laid out his plan to respond and retaliate against these ongoing activities. His very high-level plan is a list of currently used methods of combatting cyber-attacks, much of which he would be able to undertake without Congressional assent. Biden contended “[d]espite the exposure of Russia’s malign activities by the U.S. Intelligence Community, law enforcement agencies, and bipartisan Congressional committees, the Kremlin has not halted its efforts to interfere in our democracy.” Biden said “[i]n spite of President [Donald] Trump’s failure to act, America’s adversaries must not misjudge the resolve of the American people to counter every effort by a foreign power to interfere in our democracy, whether by hacking voting systems and databases, laundering money into our political system, systematically spreading disinformation, or trying to sow doubt about the integrity of our elections.” He vowed:
    • If elected president, I will treat foreign interference in our election as an adversarial act that significantly affects the relationship between the United States and the interfering nation’s government.
    • I will direct the U.S. Intelligence Community to report publicly and in a timely manner on any efforts by foreign governments that have interfered, or attempted to interfere, with U.S. elections.
    • I will direct my administration to leverage all appropriate instruments of national power and make full use of my executive authority to impose substantial and lasting costs on state perpetrators.
    • These costs could include financial-sector sanctions, asset freezes, cyber responses, and the exposure of corruption.
    • A range of other actions could also be taken, depending on the nature of the attack.
    • I will direct our response at a time and in a manner of our choosing.
    • In addition, I will take action where needed to stop attempts to interfere with U.S. elections before they can impact our democratic processes.
    • In particular, I will direct and resource the Department of Defense, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Department of State, and the Federal Bureau of Investigation’s Foreign Interference Task Force to develop plans for disrupting foreign threats to our elections process.
    • This will be done, wherever possible, in coordination with our allies and partners, so that we are isolating the regimes that seek to undermine democracies and civil liberties.
  • Top Democrats in Congress have written the Director of the Federal Bureau of Investigation (FBI) requesting “a defensive counterintelligence briefing to all Members of the House of Representatives and the Senate regarding foreign efforts to interfere in the 2020 U.S. presidential election.” Speaker of the House Nancy Pelosi (D-CA), Senate Minority Leader Chuck Schumer (D-NY), House Intelligence Committee Chair Adam Schiff (D-CA), and Senate Intelligence Committee Ranking Member Mark Warner (D-VA) sent a letter to FBI Director Christopher Wray in which they claimed “that Congress appears to be the target of a concerted foreign interference campaign, which seeks to launder and amplify disinformation in order to influence congressional activity, public debate, and the presidential election in November.”
  • District of Columbia Attorney General Karl Racine (D) has inserted himself into the struggle raging over the Trump Administration’s remaking of the United States (US) Agency for Global Media (USAGM), in part, by installing Michael Pack as the head of USAGM. He filed suit “to resolve a dispute between two dueling Boards of Directors that has paralyzed the Open Technology Fund (OTF), a District nonprofit…which supports encryption and anti-censorship tools for people living in repressive societies…an independent nonprofit corporation organized and created under District law that receives grant funding from the USAGM” per his press release. Racine claimed:
    • The USAGM CEO does not have authority over OTF’s Board or officers: OTF is an independent D.C. nonprofit corporation, which governs itself under local law and under its own bylaws. While USAGM provides grant funding for OTF’s work, it does not have authority over OTF’s governance. OAG asserts that OTF’s bylaws are clear and that only the organization’s Board of Directors—not USAGM, its leadership, or any other body—has the authority to appoint or remove OTF directors.
    • Dueling Boards have paralyzed OTF: Two Boards are currently claiming authority over OTF, and without clarity as to which Board is properly in place, the organization is effectively leaderless. It is also unable to authorize decisions necessary for carrying out its functions, including decisions to authorize funding partner organizations have already been promised, and decisions related to potential new partnership. The leadership crisis has also left employees of the organization at risk of losing their jobs.
    • The original Board of Directors is the valid Board: OAG asserts that because Pack did not have authority under either District law or OTF’s bylaws to dismiss OTF’s Board of Directors, the Court should recognize OTF’s original Board as valid.
    • Any actions taken on behalf of OTF by Michael Pack or his replacement Board should be voided: Michael Pack did not have authority as USAGM CEO to dismiss or appoint Directors on behalf of OTF. As a result, any actions Pack or the replacement Board have taken on behalf of OTF should be invalidated.
  • The Department of Commerce’s (DOC) Bureau of Industry and Security (BIS) has announced further action against entities from the People’s Republic of China (PRC) by adding “to the Entity List 11 Chinese companies implicated in human rights violations and abuses in the implementation of the PRC’s campaign of repression, mass arbitrary detention, forced labor, involuntary collection of biometric data, and genetic analyses targeted at Muslim minority groups from the Xinjiang Uyghur Autonomous Region (XUAR)” according to the agency’s press release. DOC claimed “[t]oday’s action will result in these companies facing new restrictions on access to U.S.-origin items, including commodities and technology…[and] will supplement BIS’s two tranches of Entity List designations in October 2019 and June 2020, actions that together added 37 parties engaged in or enabling PRC’s repression in Xinjiang.”

Further Reading

  • Google Promises Privacy With Virus App but Can Still Collect Location Data” – The New York Times. Google’s version of the contact racing app developed with Apple has a feature the other company does not: it prompts users to turn on the Android device’s location setting. This feature would seem to be contrary to the claims made by Google and Apple that their Bluetooth tracing system does not collect sensitive location data. In fact, the companies refused to request of the governments of the United Kingdom and France, among others, to change settings on their smartphones to allow for centralized information collection on possible COVID-19 transmission. A number of European nations have pressed Google to remove this feature, and a Google spokesperson claimed the Android Bluetooth tracing capability did not use location services, begging the question why the prompt appears.
  • Inside the Federal Trade Commission’s Facebook probe” – Axios. The anonymous sources inside the Federal Trade Commission (FTC) cautioning that the agency will not likely pursue an anti-trust action against Facebook before next year may be part of an inner-agency quarrel slowing down the inquiry. Allegedly, the FTC’s Bureau of Competition and its Office of Policy Planning are at odds over the drafting of guidance that will govern the Facebook and other anti-trust investigations. The latter wants to keep the current standards of harm to consumers in terms of price changes, which the former thinks are inapplicable in the provision of free services. How this struggle plays out may well inform the agency’s approach to Facebook and other tech companies.
  • Beware the ‘But China’ Excuses” – The New York Times. This article cautions people from putting too much stock in the claims by the Trump Administration and technology companies that the People’s Republic of China (PRC) is the seeming threat they say it is. If the PRC is such a threat, the United States might consider investing more in basic research and development (R&D) and in some critical tech sectors to develop and build their products in the US. Also the notion advanced by some tech sector CEOs that breaking up the tech giants will ultimately benefit PRC competitors is scrutinized.
  • DHS Authorizes Domestic Surveillance to Protect Statues and Monuments” – Lawfare. One of my law school professors and a colleague examine a Department of Homeland Security’s (DHS) Office of Intelligence & Analysis (I&A) that authorizes intelligence and information collection on those who present threats to monuments, memorials, and statues that seems like a Trojan Horse by which DHS could surveil and mobilize protestors in the streets of American cities. The surveillance cannot be electronic surveillance, but then DHS could ask a sister agency to conduct such activity if needed.
  • Two more cyber-attacks hit Israel’s water system” – ZDNet. It appears Iran has responded to Israel’s cyber attacks that led to a number of problems at facilities in Tehran. This is the latest in an ongoing battle between the two Middle Eastern enemies that may escalate further.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.