Further Reading, Other Developments, and Coming Events (9 November)

Further Reading

  • Facebook bans ‘STOP THE STEAL’ group Trump allies were using to organize protests against vote counting” By Tony Romm, Isaac Stanley-Becker and Elizabeth Dwoskin — The Washington Post. A significant portion of the online activity among those on the right wing alleging that the Biden Campaign and Democrats have stolen the election is traceable to right-wing media influencers and it is less an organic effort. Moreover, Facebook has apparently had a mixed record in locating and taking down material that is seeking to spread lies about the integrity of the election and foment violence.
  • False News Targeting Latinos Trails the Election” By Patricia Mazzei and Nicole Perlroth — The New York Times. By the metrics used in the article (although it’s not clear exactly where the Times got its data), the disinformation in Spanish on social media in 2020 exceeded the Russian disinformation campaign in 2016. Apparently, Facebook, Twitter, and YouTube were not prepared or were not expecting the flood of lies, misinformation, and disinformation about President-elect Joe Biden or the Democrats generally, especially in South Florida where Republicans did much better than expected. Much of this content tied Biden to the former dictators of Cuba and Venezuela, Fidel Castro and Hugo Chavez.
  • Trump’s Tweeting Isn’t Crazy. It’s Strategic, Typos and All.” By Emily Dreyfuss — The New York Times. This piece traces the evolution of a campaign to paint the Biden family as engaged in criminal activity to both smear them and to blunt any criticism of the Trump family given the many and serious allegations of lawbreaking and unethical behavior.
  • TikTok invites UK lawmakers to review algorithm after being probed on China censorship concerns” By Sam Shead — CNBC. In testimony before the United Kingdom’s (UK) Parliament’s Business, Energy and Industrial Strategy Committee, TikTok’s head of policy in the UK said the platform used to censor content but then hedged the statement after the hearing in a statement. Prior to May 2019, the company hewed to the content wishes of the People’s Republic of China and material on Tiananmen Square was not on the platform. However, she did claim that TikTok’s data is stored in the United States with backups in Singapore, none of which goes to the PRC.
  • The Disinformation Is Coming From Inside the White House” By Matthew Rosenberg, Jim Rutenberg and Nick Corasaniti — The New York Times. Turns out much of the disinformation about alleged but unproven vote fraud is coming directly from the President, his advisers, his allies, and his family. It may come to pass that domestic disinformation, misinformation, and lies will have a larger impact than similar efforts from overseas.

Other Developments

  • Representative Ro Khanna (D-CA) introduced “The 21st Century Jobs Package” (H.R.8693) that establish a Federal Institute of Technology (FIT) and “allocates $900 billion in research & development (R&D) funding for emerging technologies like Advanced Manufacturing, Synthetic Biology, Artificial intelligence, Biotechnology, and Cybersecurity” according to his press release. In a summary, Khanna explained:
    • At the center of this proposal is the creation of a FIT, with presence in multiple locations around the country. These locations will initially take the form of additional facilities and faculty within or alongside existing universities and complementing ecosystems that are already dynamic. Over time, they will grow to include new stand-alone operations in areas without strong existing university bases. The vision, as in the past, is to marry federal resources and guidance with local initiative.
    • The proposed budget for this entire initiative is $900 billion over ten years. This would raise total public R&D spending to 1% of GDP by the end of the period, returning us to our role as an international leader. Most importantly, it would create as many as three million good new jobs per year. Many of these jobs would be in places that have fallen behind.
  • Australia’s Attorney-General has released an issues paper as a precursor of a possible rewrite of the country’s Privacy Act 1988 “to ensure privacy settings empower consumers, protect their data and best serve the Australian economy…as part of the government’s response to the Australian Competition and Consumer Commission’s Digital Platforms Inquiry” according to the its press release. The Attorney-General explained:
    • The review will examine and, if needed, consider options for reform on matters including:
    • The scope and application of the Privacy Act including in relation to:
      • the definition of ‘personal information’
      • current exemptions, and
      • general permitted situations for the collection, use and disclosure of personal information.
    • Whether the Privacy Act effectively protects personal information and provides a practical and proportionate framework for promoting good privacy practices including in relation to:
      • notification requirements
      • consent requirements including default privacy settings
      • overseas data flows, and
      • erasure of personal information.
    • Whether individuals should have direct rights of action to enforce privacy obligations under the Privacy Act.
    • Whether a statutory tort for serious invasions of privacy should be introduced into Australian law.
    • The impact of the notifiable data breach scheme and its effectiveness in meeting its objectives.
    • The effectiveness of enforcement powers and mechanisms under the Privacy Act and the interaction with other Commonwealth regulatory frameworks.
    • The desirability and feasibility of an independent certification scheme to monitor and demonstrate compliance with Australian privacy laws
  • The National Institute of Standards and Technology (NIST) has released for comment its “Draft Federal Information Processing Standard (FIPS) 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors (Standard).” NIST explained in the Federal Register notice:
    • This Standard defines common credentials and authentication mechanisms offering varying degrees of security for both logical and physical access applications. The draft revision proposes changes to FIPS 201-2, Standard for Personal Identity Verification of Federal Employees and Contractors to include: Expanding specification on the use of additional PIV credentials known as derived PIV credentials, procedures for supervised remote identity proofing, the use of federation as a means for a relying system to interoperate with PIV credentials issued by other agencies, alignment with the current practice/policy of the Federal Government and specific changes requested by Federal agencies and implementers. Before recommending these proposed changes to the Secretary of Commerce for review and approval, NIST invites comments from all interested parties.
    • In the draft document, NIST stated:
      • Authentication of an individual’s identity is a fundamental component of physical and logical access control. An access control decision must be made when an individual attempts to access security-sensitive buildings, information systems, and applications. An accurate determination of an individual’s identity supports making sound access control decisions. T
      • his document establishes a standard for a Personal Identity Verification (PIV) system that meets the control and security objectives of Homeland Security Presidential Directive-12 [HSPD-12]. It is based on secure and reliable forms of identity credentials issued by the Federal Government to its employees and contractors. These credentials are used by mechanisms that authenticate individuals who require access to federally controlled facilities, information systems, and applications. This Standard addresses requirements for initial identity proofing, infrastructure to support interoperability of identity credentials, and accreditation of organizations and processes issuing PIV credentials.
  • The Federal Communications Commission (FCC) announced a $200 million settlement with T-Mobile “to resolve an investigation of its subsidiary Sprint’s compliance with the Commission’s rules regarding waste, fraud, and abuse in the Lifeline program for low-income consumers” according to the agency’s press release. The FCC explained:
    • The payment is the largest fixed-amount settlement the Commission has ever secured to resolve an investigation.  The settlement comes after an Enforcement Bureau investigation into reports that Sprint, prior to its merger with T-Mobile, was claiming monthly subsidies for serving approximately 885,000 Lifeline subscribers even though those subscribers were not using the service, in potential violation of the Commission’s “non-usage” rule.  The matter initially came to light as a result of an investigation by the Oregon Public Utility Commission.  In addition to paying a $200 million civil penalty, Sprint agreed to enter into a compliance plan to help ensure future adherence to the Commission’s rules for the Lifeline program.

Coming Events

  • On 10 November, the Senate Commerce, Science, and Transportation Committee will hold a hearing to consider nominations, including Nathan Simington’s to be a Member of the Federal Communications Commission.
  • On 17 November, the Senate Judiciary Committee will reportedly hold a hearing with Facebook CEO Mark Zuckerberg and Twitter CEO Jack Dorsey on Section 230 and how their platforms chose to restrict The New York Post article on Hunter Biden.
  • On 18 November, the Federal Communications Commission (FCC) will hold an open meeting and has released a tentative agenda:
    • Modernizing the 5.9 GHz Band. The Commission will consider a First Report and Order, Further Notice of Proposed Rulemaking, and Order of Proposed Modification that would adopt rules to repurpose 45 megahertz of spectrum in the 5.850-5.895 GHz band for unlicensed operations, retain 30 megahertz of spectrum in the 5.895-5.925 GHz band for the Intelligent Transportation Systems (ITS) service, and require the transition of the ITS radio service standard from Dedicated Short-Range Communications technology to Cellular Vehicle-to-Everything technology. (ET Docket No. 19-138)
    • Further Streamlining of Satellite Regulations. The Commission will consider a Report and Order that would streamline its satellite licensing rules by creating an optional framework for authorizing space stations and blanket-licensed earth stations through a unified license. (IB Docket No. 18-314)
    • Facilitating Next Generation Fixed-Satellite Services in the 17 GHz Band. The Commission will consider a Notice of Proposed Rulemaking that would propose to add a new allocation in the 17.3-17.8 GHz band for Fixed-Satellite Service space-to-Earth downlinks and to adopt associated technical rules. (IB Docket No. 20-330)
    • Expanding the Contribution Base for Accessible Communications Services. The Commission will consider a Notice of Proposed Rulemaking that would propose expansion of the Telecommunications Relay Services (TRS) Fund contribution base for supporting Video Relay Service (VRS) and Internet Protocol Relay Service (IP Relay) to include intrastate telecommunications revenue, as a way of strengthening the funding base for these forms of TRS and making it more equitable without increasing the size of the Fund itself. (CG Docket Nos. 03-123, 10-51, 12-38)
    • Revising Rules for Resolution of Program Carriage Complaints. The Commission will consider a Report and Order that would modify the Commission’s rules governing the resolution of program carriage disputes between video programming vendors and multichannel video programming distributors. (MB Docket Nos. 20-70, 17-105, 11-131)
    • Enforcement Bureau Action. The Commission will consider an enforcement action.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by Walkerssk from Pixabay

Further Reading, Other Developments, and Coming Events (28 August)

Here is today’s Further Reading, Other Developments, and Coming Events.

Coming Events

  • On 10 September, the General Services Administration (GSA) will have a webinar to discuss implementation of Section 889 of the “John S. McCain National Defense Authorization Act (NDAA) for FY 2019” (P.L. 115-232) that bars the federal government and its contractors from buying the equipment and services from Huawei, ZTE, and other companies from the People’s Republic of China.
  • The Federal Communications Commission (FCC) will hold a forum on 5G Open Radio Access Networks on 14 September. The FCC asserted
    • Chairman [Ajit] Pai will host experts at the forefront of the development and deployment of open, interoperable, standards-based, virtualized radio access networks to discuss this innovative new approach to 5G network architecture. Open Radio Access Networks offer an alternative to traditional cellular network architecture and could enable a diversity in suppliers, better network security, and lower costs.
  • The Senate Judiciary Committee’s Antitrust, Competition Policy & Consumer Rights Subcommittee will hold a hearing on 15 September titled “Stacking the Tech: Has Google Harmed Competition in Online Advertising?.” In their press release, Chair Mike Lee (R-UT) and Ranking Member Amy Klobuchar (D-MN) asserted:
    • Google is the dominant player in online advertising, a business that accounts for around 85% of its revenues and which allows it to monetize the data it collects through the products it offers for free. Recent consumer complaints and investigations by law enforcement have raised questions about whether Google has acquired or maintained its market power in online advertising in violation of the antitrust laws. News reports indicate this may also be the centerpiece of a forthcoming antitrust lawsuit from the U.S. Department of Justice. This hearing will examine these allegations and provide a forum to assess the most important antitrust investigation of the 21st century.
  • The United States’ Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced that its third annual National Cybersecurity Summit “will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7:”
    • September 16: Key Cyber Insights
    • September 23: Leading the Digital Transformation
    • September 30: Diversity in Cybersecurity
    • October 7: Defending our Democracy
    • One can register for the event here.
  • On 22 September, the Federal Trade Commission (FTC) will hold a public workshop “to examine the potential benefits and challenges to consumers and competition raised by data portability.”
  • The Senate Judiciary Committee’s Antitrust, Competition Policy & Consumer Rights Subcommittee will hold a hearing on 30 September titled ““Oversight of the Enforcement of the Antitrust Laws” with Federal Trade Commission Chair Joseph Simons and United States Department of Justice Antitrust Division Assistant Attorney General Makan Delhrahim.
  • The Federal Communications Commission (FCC) will hold an open meeting on 30 September, but an agenda is not available at this time.

Other Developments

  • Members of the British Parliament have written the United Kingdom’s (UK) Information Commissioner’s Office (ICO) “about the Government’s approach to data protection and privacy during the COVID-19 pandemic, and also the ICO’s approach to ensuring the Government is held to account.” The MPs argued in the letter addressed to UK ICO Commissioner Elizabeth Denham
    • During the crisis, the Government has paid scant regard to both privacy concerns and data protection duties. It has engaged private contractors with problematic reputations to process personal data, as highlighted by Open Democracy and Foxglove. It has built a data store of unproven benefit. It chose to build a contact tracing proximity App that centralised and stored more data than was necessary, without sufficient safeguards, as highlighted by the Human Rights Committee. On releasing the App for trial, it failed to notify yourselves in advance of its Data Protection Impact Assessment – a fact you highlighted to the Human Rights Committee.
    • Most recently, the Government has admitted breaching their data protection obligations by failing to conduct an impact assessment prior to the launch of their Test and Trace programme. They have only acknowledged this failing in the face of a threat of legal action by Open Rights Group. The Government have highlighted your role at every turn, citing you as an advisor looking at the detail of their work, and using you to justify their actions.
    • The MPs added:
      • In this context, Parliamentarians and the public need to be able to rely on the Regulator. However, the Government not only appears unwilling to understand its legal duties, it also seems to lack any sense that it needs your advice, except as a shield against criticism.
      • Regarding Test and Trace, it is imperative that you take action to establish public confidence – a trusted system is critical to protecting public health. The ICO has powers to compel documents to understand data processing, contractual relations and the like (Information Notices). The ICO has powers to assess what needs to change (Assessment Notices). The ICO can demand particular changes are made (Enforcement notices). Ultimately the ICO has powers to fine Government, if it fails to adhere to the standards which the ICO is responsible for upholding.
  • The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has released a 5G strategy that flows from a Trump Administration strategy released earlier this year. CISA is not asserting it has much authority in how the private sector will build, roll out, source, and secure 5G and is instead looking to capitalize on its role as the United States government’s cybersecurity agency for the civilian part of the government. As such, CISA is proposing to advise private sector stakeholders and provide its expertise so that the next generation of wireless communications in the U.S. is safe, stable, and secure. CISA is putting forth five initiatives that seeks to position CISA as a key stakeholder in assisting the larger U.S. efforts and individual companies and entities.
    • In the “National Strategy To Secure 5G,” the Trump Administration tied its overarching effort to foster 5G development and to cement the U.S.’s role as the preeminent technological power in the world to its 2018 United States National Cyber Strategy.
    • The Administration asserted
      • This National Strategy to Secure 5G expands on how the United States Government will secure 5G infrastructure domestically and abroad. 5G infrastructure will be an attractive target for criminals and foreign adversaries due to the large volume of data it transmits and processes as well as the support that 5G will provide to critical infrastructure. Criminals and foreign adversaries will seek to steal information transiting the networks for monetary gain and exploit these systems and devices for intelligence collection and surveillance. Adversaries may also disrupt or maliciously modify the public and private services that rely on communications infrastructure. Given these threats, 5G infrastructure must be secure and reliable to maintain information security and address risks to critical infrastructure, public health and safety, and economic and national security.
    • CISA noted the four lines of efforts from the “National Strategy To Secure 5G” are:
      • Facilitating domestic 5G rollout;
      • Assessing the risks and identifying core security principles for 5G infrastructure;
      • Managing the risks to our economic and national security from the use of 5G infrastructure; and
      • Promoting responsible global development and deployment of 5G infrastructure.
    • CISA stated
      • [it] leads 5G risk management efforts so the United States can fully benefit from all the advantages 5G connectivity promises to bring. In support of CISA’s operational priority to secure 5G, as outlined in the CISA Strategic Intent, the CISA 5G Strategy establishes five strategic initiatives that stem from the four lines of effort defined in the National Strategy to Secure 5G. Guided by three core competencies: Risk Management, Stakeholder Engagement, and Technical Assistance, these initiatives include associated objectives to ensure there are policy, legal, security, and safety frameworks in place to fully leverage 5G technology while managing its significant risks. With the support of CISA and its partners, the CISA 5G Strategy seeks to advance the development and deployment of a secure and resilient 5G infrastructure, one that enables enhanced national security, technological innovation, and economic opportunity for the United States and its allied partners.
    • CISA laid out the five initiatives:
      • Strategic Initiative 1: Support 5G policy and standards development by emphasizing security and resilience
        • The development of 5G policies and standards serve as the foundation for securing 5G’s future communications infrastructure. Those entities that shape the future of these policies and standards position themselves as global leaders and help facilitate secure deployment and commercialization of 5G technologies. To prevent attempts by threat actors to influence the design and architecture of 5G networks, it is critical that these foundational elements be designed and implemented with security and resilience from the start.
        • DESIRED OUTCOME: Threat actors are unable to maliciously influence the design and architecture of 5G networks.
      • Strategic Initiative 2: Expand situational awareness of 5G supply chain risks and promote security measures
        • Between untrusted components, vendors, equipment, and networks, 5G supply chain security is under constant threat. For example, while certain 5G equipment may be from a trusted vendor, supporting components manufactured or handled by untrusted partners or malicious actors could negate any security measures in place. These compromised components have the potential to affect the connectivity and security of transmitted data and information.
        • DESIRED OUTCOME: Malicious or inadvertent vulnerabilities within the 5G supply chain are successfully prevented or mitigated.
      • Strategic Initiative 3: Partner with stakeholders to strengthen and secure existing infrastructure to support future 5G deployments
        • Before moving to a standalone infrastructure, the first iterations of 5G deployment will work alongside existing 4G LTE infrastructure and core networks. While 5G architecture is designed to be more secure, 5G’s specifications and protocols stem from previous networks, which contain legacy vulnerabilities. For example, the overlay of 4G and 5G networks has the potential for a malicious actor to carry out a downgrade attack, where they could force a user on a 5G network to use 4G in order to exploit known vulnerabilities against them. These inherent vulnerabilities, along with new and unidentified risks, will require the collaboration of industry and government to develop and communicate security enhancements to support secure 5G deployments.
        • DESIRED OUTCOME: Secure 5G deployment, void of legacy vulnerabilities and untrusted components.
      • Strategic Initiative 4: Encourage innovation in the 5G marketplace to foster trusted 5G vendors
        • As 5G is deployed, there is an emphasis on ensuring that state-influenced entities do not dominate the 5G marketplace. To address this concern, CISA will work with its partners to support R&D initiatives and prize programs that result in secure and resilient 5G technologies and capabilities. By supporting these types of efforts, CISA will help drive innovation and establish a trusted vendor community for the future of 5G.
        • DESIRED OUTCOME: Increased number of trusted vendors in the 5G marketplace to address risks posed by limited competition and proprietary solutions.
      • Strategic Initiative 5: Analyze potential 5G use cases and share information on identified risk management strategies
        • The enhanced capabilities of 5G technologies will support an array of new functions and devices, introducing a plethora of potential use cases. With the potential for the connection of billions of devices on a network, also known as massive Machine-Type Communication (mMTC), applications like smart cities will require increased security to safeguard connected devices from potential threats and vulnerabilities. To ensure the security and integrity of these devices, CISA will communicate known vulnerabilities and risk management strategies for use cases associated with securing the Nation’s critical functions.
        • DESIRED OUTCOME: New vulnerabilities introduced by deployments of 5G technology are clearly understood and managed.
  • The Office of Management and Budget (OMB) released new guidance on grants and agreements federal agencies must generally follow that further implements a ban on using United States (U,S.) government funds on buying services or equipment from Huawei, ZTE, and other companies from the People’s Republic of China (PRC). Section 889 of the “John S. McCain National Defense Authorization Act (NDAA) for FY 2019” (P.L. 115-232) bars federal agencies, federal contractors, and recipients of federal funds from buying or using these services. Two regulations have been issued previously pertaining to agencies and contractors, and this notice governs the recipients of federal funding. However, the explanatory portion of the notice that discusses Section 889 differs from the actual regulatory text, giving rise to possible confusion over the scope and extent of the ban on the recipients of federal funding from buying or paying for banned services and equipment.
    • In the body of the notice, OMB stated:
      • OMB revised 2 CFR to align with section 889 of the NDAA for FY 2019 (NDAA 2019). The NDAA 2019 prohibits the head of an executive agency from obligating or expending loan or grant funds to procure or obtain, extend or renew a contract to procure or obtain, or enter into a contract (or extend or renew a contract) to procure or obtain the equipment, services, or systems prohibited systems as identified in NDAA 2019. To implement this requirement, OMB is adding a new section, 2 CFR 200.216 Prohibition on certain telecommunication and video surveillance services or equipment, which prohibit Federal award recipients from using government funds to enter into contracts (or extend or renew contracts) with entities that use covered telecommunications equipment or services. This prohibition applies even if the contract is not intended to procure or obtain, any equipment, system, or service that uses covered telecommunications equipment or services. As described in section 889 of the NDAA 2019, covered telecommunications equipment or services includes:
        • Telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities).
      • For the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes, video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities).
      • Telecommunications or video surveillance services provided by such entities or using such equipment.
      • Telecommunications or video surveillance equipment or services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of the National Intelligence or the Director of the Federal Bureau of Investigation, reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country.
    • In the rule itself, it is provided that the ban extends to the recipients and subrecipients themselves and not contractors using the banned services or equipment:
      • (a) Recipients and subrecipients are prohibited from obligating or expending loan or grant funds to:
        • (1) Procure or obtain;
        • (2) Extend or renew a contract to procure or obtain; or
        • (3) Enter into a contract (or extend or renew a contract) to procure or obtain equipment, services, or systems that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system.
  • The United States (U.S.) Department of Justice (DOJ) announced a major reorganization of its Antitrust Division through the creation of “the Office of Decree Enforcement and Compliance and a Civil Conduct Task Force” and a shuffling of subject area matters “among its six civil sections in order to build expertise based on current trends in the economy.”
    • The DOJ explained
      • The Office of Decree Enforcement and Compliance will have primary responsibility for enforcing judgments and consent decrees in civil matters.  It will also advise the Antitrust Division’s criminal sections when parties seek credit at the charging stage for their corporate compliance programs.  The office will work closely with division attorneys, monitors, and compliance officers to ensure the effective implementation of and compliance with antitrust judgments.  Additionally, the office will be the Antitrust Division’s primary contact for complainants who have information regarding potential violations of those final judgments.
      • The second change to the Antitrust Division’s civil enforcement program is the creation of the Civil Conduct Task Force.  This dedicated group of Division attorneys will work across the civil sections and field offices to identify conduct investigations that require additional focus and resources.  As an independent group, the task force will have the dedicated resources and a consistent mandate to investigate and, ultimately, prosecute civil conduct violations of the antitrust laws.
      • The third change announced today is the realignment of certain responsibilities within the Antitrust Division’s six civil sections. The allocation of commodities among sections has evolved over the years, and today’s announcement is a recognition that technology has reshaped the competitive dynamics in several industries that the Antitrust Division analyzes on a regular basis.
      • Specifically, the currently named Media, Entertainment, and Professional Services Section will shift attention to financial services, fintech, and banking.  Those commodities were previously divided across three other civil sections.  The currently named Telecommunications and Broadband Section will expand its portfolio to concentrate on media, entertainment, and telecommunications industries. Lastly, the currently named Technology and Financial Services section will focus full time on technology markets and the competitive characteristics of platform business models.
  • A class action was filed in British court against Marriott for data breaches between 2014 and 2018 exposed the personal data of people worldwide. This action follows the United Kingdom’s (UK) Information Commissioner’s Office’s (ICO) intention to fine Marriott “£99,200,396 for infringements of the General Data Protection Regulation (GDPR)” in 2019, but this enforcement action was extended through mid-2020 by the ICO. It is unclear when, or even if, the ICO will conclude its investigation and action against Marriott given the UK’s pending exit from the European Union and the GDPR. Theoretically, the ICO may be able to use the UK’s data protection law, and it is telling the class action is filed under both the GDPR and the UK’s data protection law in effect during most of the period in which the breaches occurred.
    • The law firm handling the class action asserted
      • It is believed the data breach began when the systems of the Starwood Hotels group were compromised following a hack on its reservation network, which is believed to have first occurred in 2014. Marriott International acquired the Starwood Hotels group in 2016 but the exposure of customer information was not discovered until 2018. The guests’ personal data affected by the breach included information such as guests’ names, email and postal addresses, telephone numbers, gender and credit card information.
  • The Federal Highway Administration (FHWA), a component agency of the United States (U.S.) Department of Transportation (DOT), asked for input on a draft rule “to ensure that States meet specific registration, notification, and coordination requirements to facilitate broadband infrastructure deployment in the right-of-way (ROW) of applicable Federal-aid highway projects.” The agency was directed to undertake this rulemaking by language in the “MOBILE NOW Act” that was enacted as part of “The Consolidated Appropriations Act, 2018” (P.L. 115-141). The FHWA explained “[o]nce the regulations take effect, the Section 607 requirements will apply to each State that receives funds under [the section of the United States Code that governs highway funding and projects], including the District of Columbia and the Commonwealth of Puerto Rico.” The agency added:
    • FHWA recognizes that it is in the public interest for utility facilities to use jointly the ROW of public roads and streets when such use and occupancy do not adversely affect highway or traffic safety, or otherwise impair the highway or its aesthetic quality, and does not conflict with Federal, State, or local laws and regulations. The opportunity for such joint use avoids the additional cost of acquiring separate ROW for the exclusive accommodation of utilities. As a result, the ROW of highways is often used to provide public services to abutting residents as well as to serve conventional highway needs.
    • Utility facilities, unlike most other fixed objects that may be present within the highway environment, are not owned nor are their operations directly controlled by State or local public agencies. Federal laws and FHWA regulations contained in 23 U.S.C. 109, 111, 116, and 123 and 23 CFR parts 1, 635, 645, and 710 regulate the accommodation, relocation, and reimbursement of utilities located within the highway ROW. State departments of transportation (State DOT) are required to develop Utility Accommodation policies that meet these regulations. 23 CFR 645.211.

Further Reading

  • New Zealand stock exchange hit by cyber attack for second day” By Martin Farrer – The Guardian. A powerful offshore Distributed Denial of Service (DDoS) attack took down the nation’s stock exchange for the second day in a row. Given the apparent sophistication and resources necessary to execute this attack, according to experts, one wonders if either of the Pacific Rim’s most active, capable nation-state hackers may be responsible: the People’s Republic of China or the Democratic People’s Republic of Korea.
  • Israeli phone hacking company faces court fight over sales to Hong Kong” by Patrick Howell O’Neill – MIT Technology Review. Human rights attorneys have filed suit in Tel-Aviv to force the Ministry of Defence to end exports of Cellebrite’s phone hacking technology to repressive regimes like Hong Kong and Belarus. It is not clear Israel ever granted Cellebrite an export license, and the Ministry is being closed mouth on the issue. Previous filings assert Cellebrite’s technology has been used over 4,000 times in Hong Kong to hack into the phones of dissidents and activists even though many were using device encryption. Given that Cellebrite sells its technology widely throughout the world, perhaps the claims of some Five Eyes nations, including the United States, United Kingdom, and Australia, are overblown?
  • Armed militias mobilize on social media hours before deadly Kenosha shooting” – The Atlantic Counsel’s Digital Forensic Research Lab. As it turns out, Facebook and reddit posts and pages were encouraging armed individuals and militias to go to Kenosha, Wisconsin ostensibly to ensure protests over the police shooting of an African American man in the back did not result in violence or looting. An alarming number of these posts called for violence against the protestors, and at least one person heeded this call by shooting and killing two protestors.
  • Facebook chose not to act on militia complaints before Kenosha shooting” By Russell Brandom – The Verge. Even with people submitting complaints that various users and groups were inciting violence in Kenosha, Wisconsin, Facebook moderators declined to take down most of the material…until the day after a person shot and killed two protestors.
  • Tech’s deepening split over ads and privacy” By Kyle Daly – Axios. This piece summarizes some of the internecine fighting in Silicon Valley over privacy, which, as the author points out is driven by, or perhaps more kindly, happens to coincide with each companies’ interest. For example, Apple faces antitrust scrutiny in the United States and European Union and does not earn much revenue from advertising, so it is easy for them to propose changes to their iOS that would give users much more control over the data companies could collect. This would hurt some of Apple’s rivals like Facebook. What is not mentioned here is that should Microsoft win the TikTok sweepstakes, it is all but certain it’s position on stricter privacy controls will change, for the video sharing app s built on harvesting data from users.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by Free-Photos from Pixabay

UK Finally Releases Russia Report

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

A committee of the United Kingdom (UK) Parliament issued its report on its investigation into Russian interference and rendered a scathing indictment of disengagement by the British government on the challenges and threats posed by the Russian Federation going back to early this century. The Intelligence and Security Committee of Parliament (ISC), a joint body consisting of nine members of the House of Commons and the same number from the House of Lords, had been tasked with investigating the extent to which Russia has been interfering with the UK, including the Brexit vote in 2016. The ISC has returned with a record of half-measures, often uncoordinated between agencies and entities inside the British government, that have proved ineffective. The ISC is calling for a range of policy, strategic, and legislative changes to counter the threat posed by Russian activities, many of which occurred in cyberspace or digitally. Presumably, these changes would also help the UK deal with other nations that are aggressive in cyberspace, including the People’s Republic of China (PRC), the Democratic People’s Republic of Korea (DPRK), Iran, and others.

This report follows the four of five volume report the United States Senate Intelligence Committee has released on Russian interference with the 2016 US Presidential Election in favor of the Trump Campaign and to sow discord and distrust generally. In October 2019, the Committee transmitted its report to Prime Minister Boris Johnson who would “now consider whether there is any information in the report which, if published, would be prejudicial to the continued discharge of the functions of the security and intelligence Agencies.” In its press release today, the ISC stated “it is a matter of great regret that it was not published last November, ahead of the General Election.”

In the report, the ISC explained the report “covers aspects of the Russian threat to the UK (Cyber; Disinformation and Influence; and Russian Expatriates) followed by an examination of how the UK Government – in particular the Agencies and Defence Intelligence – has responded (Allocation of Effort; Strategy, Co-ordination and Tasking; A Hard Target; Legislation; International Partnerships; and Engagement with Russia).”

The previous ISC wrote the press release the current ISC issued:

ISC questions whether Government took its eye off the ball on Russia, finds that they underestimated the response required to the Russian threat and are still playing catch up:

  • Russian influence in the UK is the new normal. Successive Governments have welcomed the oligarchs and their money with open arms, providing them with a means of recycling illicit finance through the London ‘laundromat’, and connections at the highest levels with access to UK companies and political figures.
  • This has led to a growth industry of ‘enablers’ including lawyers, accountants, and estate agents who are – wittingly or unwittingly – de facto agents of the Russian state.
  • It clearly demonstrates the inherent tension between the Government’s prosperity agenda and the need to protect national security. While we cannot now shut the stable door, greater powers and transparency are needed urgently.
  • UK is clearly a target for Russian disinformation. While the mechanics of our paper-based voting system are largely sound, we cannot be complacent about a hostile state taking deliberate action with the aim of influencing our democratic processes.
  • Yet the defence of those democratic processes has appeared something of a ‘hot potato’, with no one organisation considering itself to be in the lead, or apparently willing to conduct an assessment of such interference. This must change.
  • Social media companies must take action and remove covert hostile state material: Government must ‘name and shame’ those who fail to act.
  • We need other countries to step up with the UK and attach a cost to Putin’s actions. Salisbury must not be allowed to become the high water mark in international unity over the Russia threat.
  • A number of issues addressed in this published version of the Russia Report are covered in more depth in the Classified Annex. We are not able to discuss these aspects on the grounds of national security.

The previous ISC continued in its press release:

  • [T]his Inquiry found it surprisingly difficult to establish who has responsibility: the defence of the UK’s democratic processes has appeared to be something of a ‘hot potato’, with no single organisation identifying itself as having an overall lead. We understand the nervousness around any suggestion that the intelligence Agencies might be involved in the mechanics of the democratic process, but that does not apply when it comes to the protection of those processes. And without seeking to imply that those organisations currently responsible are not capable, the Committee have questioned whether DCMS and the Electoral Commission have the weight and access required to tackle a major hostile state threat. Democracy is intrinsic to our country’s success and well-being. Protecting it must be a ministerial priority, with the Office for Security and Counter-Terrorism taking the policy lead and the operational role sitting with MI5.
  • In terms of responsibility, it was noted that – as with so many other issues currently – it is the social media companies who hold the key but are failing to play their part. The Government must establish a protocol with these companies to ensure that they take covert hostile state use of their platforms seriously, with agreed deadlines within which such material will be removed, and Government should ‘name and shame’ those which fail to act.
  • There have been widespread allegations that Russia sought to influence voters in the 2016 referendum on the UK’s membership of the EU: studies have pointed to the preponderance of pro-Brexit or anti-EU stories on RT and Sputnik, and the use of ‘bots’ and ‘trolls’, as evidence. The actual impact of such attempts on the result itself would be difficult – if not impossible – to prove. However what is clear is that the Government was slow to recognise the existence of the threat – only understanding it after the ‘hack and leak’ operation against the Democratic National Committee, when it should have been seen as early as 2014. As a result the Government did not take action to protect the UK’s process in 2016. The Committee has not been provided with any post-referendum assessment – in stark contrast to the US response to reports of interference in the 2016 presidential election. In our view there must be an analogous assessment of Russian interference in the EU referendum.
  • What is clear is that Russian influence in the UK is ‘the new normal’: successive Governments have welcomed the Russian oligarchy with open arms, and there are a lot of Russians with very close links to Putin who are well integrated into the UK business, political and social scene – in ‘Londongrad’ in particular. Yet few, if any, questions have been asked regarding the provenance of their considerable wealth and this ‘open door’ approach provided ideal mechanisms by which illicit finance could be recycled through the London ‘laundromat’. It is not just the oligarchs either – the arrival of Russian money has resulted in a growth industry of ‘enablers’: lawyers, accountants, and estate agents have all played a role, wittingly or unwittingly, and formed a “buffer” of Westerners who are de facto agents of the Russian state.
  • There is an obvious inherent tension between the Government’s prosperity agenda and the need to protect national security. To a certain extent, this cannot be untangled and the priority now must be to mitigate the risk, and ensure that where hostile activity is uncovered, the proper tools exist to tackle it at source and to challenge the impunity of Putin-linked elites. It is notable, for example, that a number of Members of the House of Lords have business interests linked to Russia, or work directly for major Russian companies linked to the Russian state – these relationships should be carefully scrutinised, given the potential for the Russian state to exploit them.
  • In addition to the Putin-linked elites, the UK is also home to a number of Putin’s critics who have sought sanctuary in the UK fearing politically-motivated charges and harassment, and the events of 4 March 2018 showed the vulnerability of former Russian intelligence officers who have settled in the UK – one of the issues we address in the Classified Annex to our Report.
  • It has been clear for some time that Russia under Putin has moved from potential partner to established threat, fundamentally unwilling to adhere to international law – the murder of Alexander Litvinenko in 2006 and the annexation of Crimea in 2014 were stark indicators of this. We therefore question whether the Government took its eye off the ball because of its focus on counter-terrorism: it was the opinion of the Committee that until recently the Government had badly underestimated the response required to the Russian threat –and is still playing catch up. Russia poses a tough intelligence challenge and our intelligence Agencies must have the tools they need to tackle it. In particular, new legislation must be introduced to tackle foreign spies: the Official Secrets Act is not fit for purpose and while this goes unrectified the UK intelligence community’s hands are tied.
  • More broadly, we need a continuing international consensus against Russian aggressive action. Effective constraint of nefarious Russian activities in the future will rely on making sure that the price the Russians pay for such interference is sufficiently high: the West is strongest when it acts collectively, and the UK has shown it can lead the international response. The expulsion of 153 ‘diplomats’ from 29 countries and NATO following the use of chemical weapons on UK soil in the Salisbury attack was unprecedented and, together with the subsequent exposure of the GRU agents responsible, sent a strong message that such actions would not be tolerated. But Salisbury must not be allowed to become the high water mark in international unity over the Russia threat: we must build on this effort to ensure momentum is not lost.

In the report, the ISC explained

As a result of our scrutiny, we have reached conclusions as to what is working well, where there is a need for more, or different, effort, or where a strategy may need updating, and we have commissioned a number of actions. These are embedded throughout the Report. We note here, however, that there have been a number of cross-cutting themes which have emerged during the course of our work:

  • Most surprising, perhaps, was the extent to which much of the work of the Intelligence Community is focused on ***. We had, at the outset of our Inquiry, believed they would be taking a rather broader view, given that it is clearly acknowledged that the Russians use a whole-of-state approach.
  • This focus has led us to question who is responsible for broader work against the Russian threat and whether those organisations are sufficiently empowered to tackle a hostile state threat such as Russia. In some instances, we have therefore recommended a shift in responsibilities. In other cases, we have recommended a simplification: there are a number of unnecessarily complicated wiring diagrams that do not provide the clear lines of accountability that are needed.
  • The clearest requirement for immediate action is for new legislation: the Intelligence Community must be given the tools it needs and be put in the best possible position if it is to tackle this very capable adversary, and this means a new statutory framework to tackle espionage, the illicit financial dealings of the Russian elite and the ‘enablers’ who support this activity.
  • More broadly, the way forward lies with taking action with our allies; a continuing international consensus is needed against Russian aggressive action. The West is strongest when it acts collectively and that is the way in which we can best attach a cost to Putin’s actions. The UK has shown it can shape the international response, as it did in response to the Salisbury attacks. It must now seek to build on this effort to ensure that momentum is not lost.

The Committee is pursuing additional inquiries that could also result in proposed changes in how the UK handles cyberspace threats:

  • an Inquiry into national security issues relating to China;
  • an Inquiry into Right Wing Terrorism;
  • an examination of the current threat from Northern Ireland-Related Terrorism; and
  • a case study on GCHQ procurement.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by TeeFarm from Pixabay

Further Reading, Other Developments, and Coming Events (21 July)

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Here are Further Reading, Other Developments, and Coming Events.

Coming Events

  • The Federal Trade Commission (FTC) will hold its fifth annual PrivacyCon on 21 July and has released its agenda.
  • On 22 July, the Senate Homeland Security & Governmental Affairs Committee will markup a number of bills and nominations, including:
    • The nomination of Derek Kan to the Office of Management and Budget’s Deputy Director
    • The “Federal Emergency Pandemic Response Act” (S.4204)
    • The “Securing Healthcare and Response Equipment Act of 2020” (S.4210)
    • The “National Response Framework Improvement Act of 2020” (S.4153)
    • The “National Infrastructure Simulation and Analysis Center Pandemic Modeling Act of 2020” (S.4157)
    • The “PPE Supply Chain Transparency Act of 2020” (S.4158)
    • The “REAL ID Act Modernization Act” (S.4133)
    • The “Safeguarding American Innovation Act” (S.3997)
    • The “Information Technology Modernization Centers of Excellence Program Act” (S.4200)
    • The “Telework for U.S. Innovation Act” (S.4318)
    • The “GAO Database Modernization Act” (S.____)
    • The “CFO Vision Act of 2020” (S.3287)
    • The “No Tik Tok on Government Devices Act” (S. 3455)
    • The “Cybersecurity Advisory Committee Authorization Act of 2020” (S. 4024)
  • On 23 July, the Senate Commerce, Science, and Transportation Committee’s Communications, Technology, Innovation, and the Internet Subcommittee will hold a hearing on “The State of U.S. Spectrum Policy” with the following witnesses:
    • Mr. Tom Power, Senior Vice President and General Counsel, CTIA
    • Mr. Mark Gibson, Director of Business Development, CommScope
    • Dr. Roslyn Layton, Visiting Researcher, Aalborg University
    • Mr. Michael Calabrese, Director, Wireless Future Project, Open Technology Institute at New America
  • On  27 July, the House Judiciary Committee’s Antitrust, Commercial, and Administrative Law Subcommittee will hold its sixth hearing on “Online Platforms and Market Power” titled “Examining the Dominance of Amazon, Apple, Facebook, and Google” that will reportedly have the heads of the four companies as witnesses.
  • On 6 August, the Federal Communications Commission (FCC) will hold an open meeting to likely consider the following items:
    • C-band Auction Procedures – The Commission will consider a Public Notice that would adopt procedures for the auction of new flexible-use overlay licenses in the 3.7–3.98 GHz band (Auction 107) for 5G, the Internet of Things, and other advanced wireless services. (AU Docket No. 20-25)
    • Radio Duplication Rules – The Commission will consider a Report and Order that would eliminate the radio duplication rule with regard to AM stations and retain the rule for FM stations. (MB Docket Nos. 19-310. 17-105)
    • Common Antenna Siting Rules – The Commission will consider a Report and Order that would eliminate the common antenna siting rules for FM and TV broadcaster applicants and licensees. (MB Docket Nos. 19-282, 17-105)
    • Telecommunications Relay Service – The Commission will consider a Report and Order to repeal certain TRS rules that are no longer needed in light of changes in technology and voice communications services. (CG Docket No. 03-123)
    • Inmate Calling Services – The Commission will consider a Report and Order on Remand and a Fourth Further Notice of Proposed Rulemaking that would respond to remands by the U.S. Court of Appeals for the District of Columbia Circuit and propose to comprehensively reform rates and charges for the inmate calling services within the Commission’s jurisdiction.  (WC Docket No. 12-375)

Other Developments

  • A United States court has denied a motion by an Israeli technology company to dismiss an American tech giant’s suit that the former infected its messaging system with malware for purposes of espionage and harassment. In October 2019, WhatsApp and Facebook filed suit against the Israeli security firm, NSO Group, alleging that in April 2019, it sent “malware to approximately 1,400 mobile phones and devices…designed to infect the Target Devices for the purpose of conducting surveillance of specific WhatsApp users.” This step was taken, Facebook and WhatsApp claim, in order to circumvent WhatApp’s end-to-end encryption. The social media companies are suing “for injunctive relief and damages pursuant to the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, and the California Comprehensive Computer Data Access and Fraud Act, California Penal Code § 502, and for breach of contract and trespass to chattels.” In the District Court’s ruling from last week, it rejected the NSO Group’s claims that it deserved sovereign immunity from the lawsuit because it was working for sovereign governments among others and will allow WhatsApp and Facebook to proceed with their suit.
  • The European Data Protection Supervisor (EDPS) published a report “on how EU institutions, bodies and agencies (EUIs) carry out Data Protection Impact Assessments (DPIAs) when processing information that presents a high risk to the rights and freedom of natural persons” according to the EDPS’ press release. The EDPS detailed its lessons learned, suggestions on how EU institutions could execute better DPIAs, and additional guidance on how DPIAs should be performed in the future.
  • The Court of Justice of the European Union’s (CJEU) Advocate General Saugmandsgaard Øe rendered his opinion in case concerning the possible lability of YouTube and Uploaded for a user posting copyrighted materials without the consent of the owners. In a CJEU summary, Øe found “as EU law currently stands, online platform operators, such as YouTube and Uploaded, are not directly liable for the illegal uploading of protected works by the users of those platforms.” Øe noted that “Directive  2019/790 on  copyright  and  related rights  in  the  Digital  Single  Market introduces, for online platform operators such as YouTube, a new liability regime specific to works illegally uploaded by  the  users  of  such  platforms….which  must  be  transposed  by  each Member State into its national law by 7 June 2021at the latest, requires, inter alia, those operators to obtain an authorisation from the rightholders, for example by concluding a licensing agreement, for the works uploaded by users of their platforms.” The Advocate General’s decisions are not binding but work to inform the CJEU as it decides cases, but it is not uncommon for the CJEU to incorporate the Advocate General’s findings in their decisions.
  • The United Kingdom’s Parliament’s House of Lords’ Select Committee on Democracy and Digital Technologies released its report regarding “a pandemic of ‘misinformation’ and ‘disinformation’…[that] [i]f allowed to flourish these counterfeit truths will result in the collapse of public trust, and without trust democracy as we know it will simply decline into irrelevance.” The committee explained the report “addresses a number of concerns, including the urgent case for reform of electoral law and our overwhelming need to become a digitally literate society” including “forty-five  recommendations  which,  taken  together,  we  believe could serve as a useful response to a whole series of concerns.”
  • Belgium’s data protection authority, the Autorité de protection des données, has fined Google €600,000 for violations related to the company’s failure to heed the right to be forgotten as enforced under the General Data Protection Regulation (GDPR).  
  • The National Institute of Standards and Technology (NIST) released two crosswalks undertaken by outside entities comparing the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management to the General Data Protection Regulation (GDPR) and ISO/IEC 27701, private sector privacy guidance:
    • The Enterprivacy Consulting Group’s crosswalk for the GDPR-Regulation 2016/679.
  • Senator Josh Hawley (R-MO) sent Twitter CEO Jack Dorsey a second letter regarding the Twitter hack and asserted:
    • [R]eports also indicate that screenshots of Twitter’s internal tools have been circulating within the hacking community. One such screenshot indicates that Twitter employs tools allowing it to append “Search Blacklist,” “Trends Blacklist,” “Bounced,” and “ReadOnly” flags to user accounts. Given your insistence in testimony to Congress that Twitter does not engage in politically biased “shadowbanning” and the public interest in Twitter’s moderation practices, it is notable that Twitter reportedly suspended user accounts sharing screenshots of this panel.
    • Hawley posed a series of questions seeking to root out a bias against conservative viewpoints on the platform, a frequently leveled charge.
  • The Ranking Members of the House Foreign Affairs Committee, House Energy and Commerce Committee, and House Financial Services Committee wrote President Donald Trump to “encourage you to consider utilizing your ability under existing authorities to sanction PRC-linked hackers” for “targeting U.S. institutions and “attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.” In a May unclassified public service announcement, the Federal Bureau of Investigation (FBI) and CISA named the People’s Republic of China as a nation waging a cyber campaign against U.S. COVID-19 researchers. The agencies stated they “are issuing this announcement to raise awareness of the threat to COVID-19-related research.” Last week, The United Kingdom’s National Cyber Security Centre (NCSC), Canada’s Communications  Security Establishment (CSE), United States’ National Security Agency (NSA) and the United States’ Department of Homeland Security’s Cybersecurity and Infrastructure Security  Agency (CISA) issued a joint advisory on a Russian hacking organization’s efforts have “targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.”

Further Reading

  • Twitter’s security holes are now the nation’s problem“ – Politico; “Twitter hack triggers investigations and lawmaker concerns” – The Washington Post; “Hackers Convinced Twitter Employee to Help Them Hijack Accounts” – Vice’s Motherboard; “Twitter Struggles to Unpack a Hack Within Its Walls” and “Hackers Tell the Story of the Twitter Attack From the Inside” – The New York Times. After the hacking last week that took over a number of high profile people’s accounts (e.g. Barack Obama, Bill Gates, Elon Musk, etc.), policymakers in Washington are pressing Twitter for explanations and remediation to prevent any such future attacks, especially in the run up to the 2020 election. Reportedly, a group of hackers looking to push a Bitcoin scam took over accounts of famous people and then made it appear they were selling Bitcoin. Republicans and Democrats in the United States’ capital are alarmed that such a hack by another nation could throw the country and world into chaos. One media outlet is reporting the hackers provided proof they bribed a Twitter employee with access to administrative credentials to pull off the hack. Another is reporting that a hacker got into Twitter’s Slack channel where the credentials were posted. Nonetheless, the Federal Bureau of Investigation (FBI) has opened an inquiry. It is unclear whether the hackers accessed people’s DM’s, and Senator Ron Wyden (D-OR) noted he has secured a commitment from the company in 2018 to use encryption to secure DMs that has not yet been implemented. The company will have to answer more tough questions at a time when it is in the crosshairs of the rump Administration for alleged abuses of 47 U.S.C. 230 in stifling conservative viewpoints after the platform fact checked the President and has taken down a range of accounts. And, of course, working in the background is the company’s 2011 settlement with the Federal Trade Commission (FTC) in which the agency claimed Twitter violated the FTC Act by “engag[ing] in a number of practices that, taken together, failed to provide reasonable and appropriate security to: prevent unauthorized access to nonpublic user information and honor the privacy choices exercised by its users in designating certain tweets as nonpublic…[and by] fail[ing] to prevent unauthorized administrative control of the Twitter system.” If the agency investigates and finds similar misconduct, they could seek sizeable monetary damages in federal court.
  • F.T.C.’s Facebook Investigation May Stretch Past Election” – The New York Times. Even though media accounts say the United States Department of Justice will bring an antitrust action against Google possibly as early as this month, it now appears the Federal Trade Commission (FTC) will not be bringing a case against Facebook until next year. It appears the agency is weighing whether it should depose CEO Mark Zuckerberg and COO Sheryl Sandberg and has made additional rounds of document requests, all of which has reportedly slowed down the investigation. Of course, should the investigation stretch into next year, a President Joe Biden could designate a new chair of the agency, which could change the scope and tenor of the investigation.
  • New Emails Reveal Warm Relationship Between Kamala Harris And Big Tech” – HuffPost. Obtained via an Freedom of Information request, new email from Senator Kamala Harris’ (D-CA) tenure as her state’s attorney general suggest she was willing to overlook the role Facebook, Google, and others played and still play in one of her signature issues: revenge porn. This article makes the case Harris came down hard on a scammer running a revenge porn site but did not press the tech giants with any vigor to take down such material from their platforms. Consequently, the case is made if Harris is former Vice President Joe Biden’s vice presidential candidate, this would signal a go easy approach on large companies even though many Democrats have been calling to break up these companies and vigorously enforce antitrust laws. Harris has largely not engaged on tech issues during her tenure in the Senate. To be fair, many of these companies are headquartered in California and pump billions of dollars into the state’s economy annually, putting Harris in a tricky position politically. Of course, such pieces should be taken with a grain of salt since it may have been suggested or planted by one of Harris’ rivals for the vice president nomination or someone looking to settle a score.
  • Inside Big Tech’s Years-Long Manipulation Of American Op-Ed Pages” – Big Technology from Alan Krantowitz. To no great surprise, large technology companies have adopted a widely used tactic of getting someone sympathetic to “write” an op-ed for a local newspaper to show it is not just big companies pushing for a policy. In this case, it was, and likely still is, the argument against breaking up the tech giants or regulating them more closely. In one case, it is not clear the person who allegedly “wrote” the article actually even knew about it.
  • Trump campaign pushes Facebook ads bashing TikTok” – CNN. The White House is using new means to argue TikTok poses a threat to Americans and national security: advertisements on Facebook by the Trump campaign. The ads repeated the same basic message that has been coming out of the White House that TikTok has been denying: that the app collects and sends user sensitive user data to the People’s Republic of China (PRC). Another wrinkle TikTok pointed to is that Facebook is readying a competitor, Instagram Reels, set to be unveiled as early as this week.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Produtora Midtrack from Pexels

The UK Will Now Eliminate Huawei From Its 5G Networks

The Conservative government in London has changed course and will now ban Huawei from its 5G networks by 2027, but this might not be enough to head off a challenge from those in the party who want a stronger line. The British government claimed a US regulatory change has made using Huawei impracticable.

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Prime Minister Boris Johnson has reversed the United Kingdom’s (UK) course on Huawei equipment in its 5G networks and instead of limiting the percentage of the UK’s next generation telecommunications network that would consist of Huawei to 35%, now Downing Street is proposing to eliminate the Chinese company entirely. While Johnson’s government is essentially blaming a United States Department of Commerce rule aiming to cut off the flow of semiconductors to Huawei, it is likely the position of a number of Conservative Ministers of Parliament (MP) who were planning to oppose Johnson’s original plan informed the revised path. And much to the chagrin of this bloc of 60 or so Tory MPs, Johnson’s government is not calling for the removal of Huawei equipment from existing 2G, 3G, and 4G networks, a proposal British telecommunications companies have opposed. Consequently, Conservative MPs may try to change the coming telecommunication bill to institute the new Huawei ban to apply it to existing equipment, and they may have the votes to do so, forcing the Prime Minister to risk a defeat on the floor of the House of Commons or change his package further ahead of consideration.

Johnson had floated the notion that a so-called G10 group of nations could pool resources and develop alternative means of achieving 5G other than buying from Huawei, one of the People’s Republic of China (PRC) companies the United States has been pressuring allies and others not to buy from. It is not clear whether Johnson will try to pursue this other strategy with the new change in course.

Digital, Culture, Media and Sport Secretary Oliver Dowden made a “statement on telecoms” earlier today in the House of Commons, explaining the government’s change in plans regarding Huawei in particular. Dowden stated:

  • In January, we set out to this House our conclusions on how we would define and restrict high risk vendors, keeping them outside the network’s core and away from critical infrastructure and sites.
  • We have been clear-eyed from the start that the Chinese-owned vendors Huawei and ZTE were deemed to be high risk.
  • And we made clear that the National Cyber Security Centre (NCSC) would review and update its advice as necessary.

He declared that “[s]ince January the situation has changed.” He added that “[o]n the 15th of May the US Department of Commerce announced that new sanctions had been imposed against Huawei through changes to the foreign direct product rules…a significant, material change – and one that we have to take into consideration.”

Dowden claimed

  • This morning, the Prime Minister chaired a meeting of the National Security Council. Attendees at that meeting took full account of the NCSC’s advice, together with the implications for UK industry and wider geostrategic considerations.
  • The government agrees with the NCSC’s advice: the best way to secure our networks is for operators to stop using new affected Huawei equipment to build the UK’s future 5G networks.
  • So to be clear, from the end of this year, telecoms operators must not buy any 5G equipment from Huawei. And once the Telecoms Security Bill is passed it will be illegal for them to do so.

Dowden continued

I know that Honourable Members have sought a commitment from the government to remove Huawei equipment from our 5G network altogether. This is why we have concluded that it is necessary and prudent to commit to a timetable for the removal of Huawei equipment from our 5G network by 2027. Let me be clear. This requirement will be set out in law by the Telecoms Security Bill. By the time of the next election, we will have implemented in law an irreversible path for the complete removal of Huawei equipment from our 5G networks.

Dowden explained that “one of the reasons we are in this situation is because of global market failure…[and] [p]ut simply, countries around the world, not just in the UK, have become dangerously reliant on too few vendors.” He stated that “[w]e have already set out a clear and ambitious diversification strategy…[and] [t]hat strategy will include wide-ranging action in the short, medium and long-term with the aim of driving competition and innovation to grow the market and deliver greater resilience across our networks.” Dowden stated “[t]]he strategy will focus on three core elements:

  • First – securing the supply chains of our incumbent, non high risk suppliers by putting in place measures and mitigations that will protect supply chains and ensure there is no disruption to our networks.
  • Second – bringing new scale vendors into the UK market by removing barriers to entry, providing commercial incentives and creating large scale opportunities for new vendors to enter the UK market.
  • And third – addressing the existing structure of the supply market by investing in research and development and building partnerships between operators and vendors that will mean operators using multiple vendors in a single network will become the standard across the industry.

In a blog post and a summary, the NCSC explained in much more detail its analysis of the risks of using Huawei’s equipment, which derive mostly from the implications of US action and less from inherent risks.

NCSC Technical Director Dr Ian Levy explained “[i]n May, the US changed a subtle and detailed export control rule called the ‘Foreign-Produced Direct Product Rule’ (FDPR).” He added that “[t]he amended rule says that no-one, anywhere in the world, can send Huawei-designed chips to Huawei if US technology was used in the design tools or manufacture processes…[and] [t]his doesn’t just mean that Huawei can’t use design tools that contain US technology…[i]t also means:

  • no-one else can take a Huawei design and turn it into chip manufacture instructions (usually something called a GDS2) using tools that contain US technology
  • even if you’ve already got the GDS2 for a Huawei chip, you can’t actually turn it into a chip if your foundry process uses US technology (and for modern process nodes, US technology is pretty pervasive) or if the GDS2 was produced using US technology

Levy stated

The FDPR change wasn’t in effect in January. It is now, and that’s a material change to the facts on the ground that has led us to revisit our analysis. The NCSC now believes that there are only three things that can happen to help Huawei in response to this action. In our recent consultations with them, Huawei haven’t disagreed with this analysis. Those options are:

  1. Someone breaks US law and continue to manufacture. This is pretty unlikely. Huawei have always publicly said that they’ll follow applicable law, but the impact on any design house or foundry that went this way would be huge. Also – given there’d be a reasonable expectation that the chips broke US law – any organisation buying the equipment would be taking a significant risk.
  2. Huawei switch chips in equipment designs to ones that aren’t Huawei-designed, but perform the same sort of function. This is a big task. Assuming you can find someone to design a chip that’s near enough to the original, the integration into the wider product is a very complex job. This can’t be a direct replacement for a Huawei-designed chip, because then at least some of the design will be Huawei’s, and so likely caught by the rule. This is a really complex engineering task. And given Huawei’s continued lack of security or engineering quality as described in the Oversight Board reports, this is highly likely to introduce security and reliability problems into the equipment for the next few years at least.
  3. Someone makes new design tools and manufacturing processes for chips that don’t use any US technology and so can provide Huawei what they need. Good luck doing that quickly. You need to invent some new ways of doing really complex things (extreme UV lithography, multi-patterning etc.) while being bound by the laws of physics. The precise mechanisms the foundry uses to make these tiny transistors dictate the design rules your EDA tools have to enforce. As a cartoon example, if the foundry process produces some fuzziness around the edges of transistors, your design tool will need to leave more space between them, or the performance of the chip could be affected. The performance and capability of your EDA tools dictate what the foundry can build reliably. If your EDA tools can’t do lots of Maxwell’s equation solving, you’ll need to route wires differently round the chip and simplify your design. You don’t need to understand how a FinFET works or what a hi-K dielectric is to know that’s a ton of work that’s likely to fail a few times.

Levy explained “[t]oday, we are publishing guidance, supported by government, as to what this all means for the future telecoms network builds and to help operators understand the impacts of this decision…[and] [t]he guidance says that:

  • existing Huawei equipment in the UK can continue to be used, subject to the HRV policy and our mitigation strategy
  • operators need to procure enough spares to maintain the equipment for the expected lifetime
  • operators should seek to cease procuring and deploying Huawei 5G access equipment, all transport equipment, and other miscellany to manage the long-term risks of the newly designed products (practically, procurements are likely to cease by the end of 2020)
  • operators should seek to cease procuring and deploying Huawei FTTP (Fibre to the Premises) access equipment. It may take a bit longer for rollouts to cease in this case, so the Department for Digital, Culture, Media & Sport (DCMS) are going to work with industry to establish a manageable timeframe

In mid-May, the Department of Commerce’s Bureau of Industry and Security (BIS) “announced plans to protect U.S. national security by restricting Huawei’s ability to use U.S. technology and software to design and manufacture its semiconductors abroad” per the agency’s press release. BIS released an interim final rule that takes effect as of 15 May, but the agency is accepting comments through 14 July, meaning there will be a final rule issued at some point in the future once the comments have been analyzed and addressed. Nevertheless, Commerce claimed the BIS interim final rule “cuts off Huawei’s efforts to undermine U.S. export controls.”

Commerce stated

  • BIS is amending its longstanding foreign-produced direct product rule and the Entity List to narrowly and strategically target Huawei’s acquisition of semiconductors that are the direct product of certain U.S. software and technology.
  • Since 2019 when BIS added Huawei Technologies and 114 of its overseas-related affiliates to the Entity List, companies wishing to export U.S. items were required to obtain a license.[1]  However, Huawei has continued to use U.S. software and technology to design semiconductors, undermining the national security and foreign policy purposes of the Entity List by commissioning their production in overseas foundries using U.S. equipment.
  • Specifically, this targeted rule change will make the following foreign-produced items subject to the Export Administration Regulations (EAR):
  • Items, such as semiconductor designs, when produced by Huawei and its affiliates on the Entity List (e.g., HiSilicon), that are the direct product of certain U.S. Commerce Control List (CCL) software and technology; and
  • Items, such as chipsets, when produced from the design specifications of Huawei or an affiliate on the Entity List (e.g., HiSilicon), that are the direct product of certain CCL semiconductor manufacturing equipment located outside the United States.  Such foreign-produced items will only require a license when there is knowledge that they are destined for reexport, export from abroad, or transfer (in-country) to Huawei or any of its affiliates on the Entity List.

Commerce added that “[t]o prevent immediate adverse economic impacts on foreign foundries utilizing U.S. semiconductor manufacturing equipment that have initiated any production step for items based on Huawei design specifications as of May 15, 2020, such foreign-produced items are not subject to these new licensing requirements so long as they are reexported, exported from abroad, or transferred (in-country) by 120 days from the effective date.”

The PRC’s Commerce Ministry posted a statement, arguing “[t]he U.S. uses state power, under the so-called excuse of national security, and abuses export control measures to continuously oppress and contain specific enterprises of other countries.” The Ministry vowed the PRC will “take all necessary measures to resolutely safeguard the legitimate rights and interests of Chinese enterprises.”

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Marcin Nowak on Unsplash

Further Reading and Other Developments (6 June)

Other Developments

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

  • A number of tech trade groups are asking the House Appropriations Committee’s Commerce-Justice-Science Subcommittee “to direct the National Institute of Standards and Technology (NIST) to create guidelines that help companies navigate the technical and ethical hurdles of developing artificial intelligence.” They argued:
    • A NIST voluntary framework-based consensus set of best practices would be pro-innovation, support U.S. leadership, be consistent with NIST’s ongoing engagement on AI industry consensus standards development, and align with U.S. support for the OECD AI principles as well as the draft Memorandum to Heads of Executive Departments and Agencies, “Guidance for Regulation of Artificial Intelligence Applications.”
  • The Department of Defense (DOD) “named seven U.S. military installations as the latest sites where it will conduct fifth-generation (5G) communications technology experimentation and testing. They are Naval Base Norfolk, Virginia; Joint Base Pearl Harbor-Hickam, Hawaii; Joint Base San Antonio, Texas; the National Training Center (NTC) at Fort Irwin, California; Fort Hood, Texas; Camp Pendleton, California; and Tinker Air Force Base, Oklahoma.”  The DOD explained “[t]his second round, referred to as Tranche 2, brings the total number of installations selected to host 5G testing to 12…[and] builds on DOD’s previously-announced 5G communications technology prototyping and experimentation and is part of a 5G development roadmap guided by the Department of Defense 5G Strategy.”
  • The Federal Trade Commission announced a $150,000 settlement with “HyperBeard, Inc. [which] violated the Children’s Online Privacy Protection Act Rule (COPPA Rule) by allowing third-party ad networks to collect personal information in the form of persistent identifiers to track users of the company’s child-directed apps, without notifying parents or obtaining verifiable parental consent.”
  • The National Institute of Standards and Technology (NIST) released Special Publication 800-133 Rev. 2, Recommendation for Cryptographic Key Generation that “discusses the generation of the keys to be used with the approved  cryptographic  algorithms…[which] are  either  1) generated  using  mathematical  processing  on  the  output  of  approved  Random  Bit  Generators (RBGs) and  possibly  other  parameters or 2) generated based on keys that are generated in this fashion.”
  • United States Trade Representative (USTR) announced “investigations into digital services taxes that have been adopted or are being considered by a number of our trading partners.” These investigations are “with respect to Digital Services Taxes (DSTs) adopted or under consideration by Austria, Brazil, the Czech Republic, the European Union, India, Indonesia, Italy, Spain, Turkey, and the United Kingdom.” The USTR is accepting comments until 15 July.
  • NATO’s North Atlantic Council released a statement “concerning malicious cyber activities” that have targeted medical facilities stating “Allies are committed to protecting their critical infrastructure, building resilience and bolstering cyber defences, including through full implementation of NATO’s Cyber Defence Pledge.” NATO further pledged “to employ the full range of capabilities, including cyber, to deter, defend against and counter the full spectrum of cyber threats.”
  • The Public Interest Declassification Board (PIDB) released “A Vision for the Digital Age: Modernization of the U.S. National Security Classification and Declassification System” that “provides recommendations that can serve as a blueprint for modernizing the classification and declassification system…[for] there is a critical need to modernize this system to move from the analog to the digital age by deploying advanced technology and by upgrading outdated paper-based policies and practices.”
  • In a Department of State press release, a Declaration on COVID-19, the G7 Science and Technology Ministers stated their intentions “to work collaboratively, with other relevant Ministers to:
    • Enhance cooperation on shared COVID-19 research priority areas, such as basic and applied research, public health, and clinical studies. Build on existing mechanisms to further priorities, including identifying COVID-19 cases and understanding virus spread while protecting privacy and personal data; developing rapid and accurate diagnostics to speed new testing technologies; discovering, manufacturing, and deploying safe and effective therapies and vaccines; and implementing innovative modeling, adequate and inclusive health system management, and predictive analytics to assist with preventing future pandemics.
    • Make government-sponsored COVID-19 epidemiological and related research results, data, and information accessible to the public in machine-readable formats, to the greatest extent possible, in accordance with relevant laws and regulations, including privacy and intellectual property laws.
    • Strengthen the use of high-performance computing for COVID-19 response. Make national high-performance computing resources available, as appropriate, to domestic research communities for COVID-19 and pandemic research, while safeguarding intellectual property.
    • Launch the Global Partnership on AI, envisioned under the 2018 and 2019 G7 Presidencies of Canada and France, to enhance multi-stakeholder cooperation in the advancement of AI that reflects our shared democratic values and addresses shared global challenges, with an initial focus that includes responding to and recovering from COVID-19. Commit to the responsible and human-centric development and use of AI in a manner consistent with human rights, fundamental freedoms, and our shared democratic values.
    • Exchange best practices to advance broadband connectivity; minimize workforce disruptions, support distance learning and working; enable access to smart health systems, virtual care, and telehealth services; promote job upskilling and reskilling programs to prepare the workforce of the future; and support global social and economic recovery, in an inclusive manner while promoting data protection, privacy, and security.
  • The Digital, Culture, Media and Sport Committee’s Online Harms and Disinformation Subcommittee held a virtual meeting, which “is the second time that representatives of the social media companies have been called in by the DCMS Sub-committee in its ongoing inquiry into online harms and disinformation following criticism by Chair Julian Knight about a lack of clarity of evidence and further failures to provide adequate answers to follow-up correspondence.” Before the meeting, the Subcommittee sent a letter to Twitter, Facebook, and Google and received responses. The Subcommittee heard testimony from:
    • Facebook Head of Product Policy and Counterterrorism Monika Bickert
    • YouTube Vice-President of Government Affairs and Public Policy Leslie Miller
    • Google Global Director of Information Policy Derek Slater
    • Twitter Director of Public Policy Strategy Nick Pickles
  • Senators Ed Markey (D-MA), Ron Wyden (D-OR) and Richard Blumenthal (D-CT) sent a letter to AT&T CEO Randall Stephenson “regarding your company’s policy of not counting use of HBO Max, a streaming service that you own, against your customers’ data caps.” They noted “[a]lthough your company has repeatedly stated publicly that it supports legally binding net neutrality rules, this policy appears to run contrary to the essential principle that in a free and open internet, service providers may not favor content in which they have a financial interest over competitors’ content.”
  • The Brookings Institution released what it considers a path forward on privacy legislation and held a webinar on the report with Federal Trade Commissioner (FTC) Christine Wilson and former FTC Commissioner and now Microsoft Vice President and Deputy General Counsel Julie Brill.

Further Reading

  • Google: Overseas hackers targeting Trump, Biden campaigns” – Politico. In what is the latest in a series of attempted attacks, Google’s Threat Analysis Group announced this week that People’s Republic of China affiliated hackers tried to gain access to the campaign of former Vice President Joe Biden and Iranian hackers tried the same with President Donald Trump’s reelection campaign. The group referred the matter to the federal government but said the attacks were not successful. An official from the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) remarked “[i]t’s not surprising that a number of state actors are targeting our elections…[and] [w]e’ve been warning about this for years.” It is likely the usual suspects will continue to try to hack into both presidential campaigns.
  • Huawei builds up 2-year reserve of ‘most important’ US chips” ­– Nikkei Asian Review. The Chinese tech giant has been spending billions of dollars stockpiling United States’ (U.S.) chips, particularly from Intel for servers and programable chips from Xilinx, the type that is hard to find elsewhere. This latter chip maker is seen as particularly crucial to both the U.S. and the People’s Republic of China (PRC) because it partners with the Taiwan Semiconductor Manufacturing Company, the entity persuaded by the Trump Administration to announce plans for a plant in Arizona. Shortly after the arrest of Huawei CFO Meng Wanzhou in 2018, the company began these efforts and spent almost $24 billion USD last year stockpiling crucial U.S. chips and other components.
  • GBI investigation shows Kemp misrepresented election security” – Atlanta-Journal Constitution. Through freedom of information requests, the newspaper obtained records from the Georgia Bureau of Investigation (GBI) on its investigation at the behest of then Secretary of State Brian Kemp, requested days before the gubernatorial election he narrowly won. At the time, Kemp claimed hackers connected to the Democratic Party were trying to get into the state’s voter database, when it was Department of Homeland Security personnel running a routine scan for vulnerabilities Kemp’s office had agreed to months earlier. The GBI ultimately determined Kemp’s claims did not merit a prosecution. Moreover, even though Kemp’s staff at the time continues to deny these findings, the site did have vulnerabilities, including one turned up by a software company employee.
  • Trump, Biden both want to repeal tech legal protections — for opposite reasons” – Politico. Former Vice President Joe Biden (D) wants to revisit Section 230 because online platforms are not doing enough to combat misinformation, in his view. Biden laid out his views on this and other technology matters for the editorial board of The New York Times in January, at which point he said Facebook should have to face civil liability for publishing misinformation. Given Republican and Democratic discontent with Section 230 and the social media platforms, there may be a possibility legislation is enacted to limit this shield from litigation.
  • Wearables like Fitbit and Oura can detect coronavirus symptoms, new research shows” –The Washington Post. Perhaps wearable health technology is a better approach to determining when a person has contracted COVID-19 than contact tracing apps. A handful of studies are producing positive results, but these studies have not yet undergone the per review process. Still, these devices may be able to determine disequilibrium in one’s system as compared to a baseline, suggesting an infection and a need for a test. This article, however, did not explore possible privacy implications of sharing one’s personal health data with private companies.
  • Singapore plans wearable virus-tracing device for all” – Reuters. For less than an estimated $10 USD for unit, Singapore will soon introduce wearable devices to better track contacts to fight COVID-19. In what may be a sign that the city-state has given up on its contact tracing app, TraceTogether, the Asian nation will soon release these wearables. If it not clear if everyone will be mandated to wear one and what privacy and data protections will be in place.
  • Exclusive: Zoom plans to roll out strong encryption for paying customers” – Reuters. In the same vein as Zoom allowing paying customers to choose where their calls are routing through (e.g. paying customers in the United States could choose a different region with lesser surveillance capabilities), Zoom will soon offer stronger security for paying customers. Of course, should Zoom’s popularity during the pandemic solidify into a dominant competitive position, this new policy of offering end-to-end encryption that the company cannot crack would likely rouse the ire of the governments of the Five Eyes nations. These plans breathe further life into the views of those who see a future in which privacy and security are commodities to be bought and those unable or unwilling to afford them will not enjoy either. Nonetheless, the company may still face a Federal Trade Commission (FTC) investigation into its apparently inaccurate claims that calls were encrypted, which may have violated Section 5 of the FTC Act along with similar investigations by other nations.
  • Russia and China target U.S. protests on social media” – Politico. Largely eschewing doctored material, the Russian Federation and the People’s Republic of China (PRC) are using social media platforms to further drive dissension and division in the United States (U.S.) during the protests by amplifying the messages and points of views of Americans, according to an analysis of one think tank. For example, some PRC officials have been tweeting out “Black Lives Matter” and claims that videos purporting to show police violence are, in fact, police violence. The goal to fan the flames and further weaken Washington. Thus far, the American government and the platforms themselves have not had much of a public response. Additionally, this represents a continued trend of the PRC in seeking to sow discord in the U.S. whereas before this year use of social media and disinformation tended to be confined to issues of immediate concern to Beijing.
  • The DEA Has Been Given Permission To Investigate People Protesting George Floyd’s Death” – BuzzFeed News. The Department of Justice (DOJ) used a little known section of the powers delegated to the agency to task the Drug Enforcement Agency (DEA) with conducting “covert surveillance” of to help police maintain order during the protests following the killing of George Floyd’s, among other duties. BuzzFeed News was given the two page memorandum effectuating this expansion of the DEA’s responsibilities beyond drug crimes, most likely by agency insiders who oppose the memorandum. These efforts could include use of authority granted to the agency to engage in “bulk collection” of some information, a practice the DOJ Office of the Inspector General (OIG) found significant issues with, including the lack of legal analysis on the scope of the sprawling collection practices.
  • Cops Don’t Need GPS Data to Track Your Phone at Protests” – Gizmodo. Underlying this extensive rundown of the types of data one’s phone leaks that is vacuumed up by a constellation of entities is the fact that more law enforcement agencies are buying or accessing these data because the Fourth Amendment’s protections do not apply to private parties giving the government information.
  • Zuckerberg Defends Approach to Trump’s Facebook Posts” – The New York Times. Unlike Twitter, Facebook opted not to flag President Donald Trump’s tweets about the protests arising from George Floyd’s killing last week that Twitter found to be glorifying violence. CEO Mark Zuckerberg reportedly deliberated at length with senior leadership before deciding the tweets did not violate the platform’s terms of service, a decision roundly criticized by Facebook employees, some of whom staged a virtual walkout on 1 June. In a conference call, Zuckerberg faced numerous questions about why the company does not respond more forcefully to tweets that are inflammatory or untrue. His answers that Facebook does not act as an arbiter of truth were not well freceived among many employees.
  • Google’s European Search Menu Draws Interest of U.S. Antitrust Investigators” – The New York Times. Allegedly Department of Justice (DOJ) antitrust investigators are keenly interested in the system Google lives under in the European Union (EU) where Android users are now prompted to select a default search engine instead of just making its Google’s. This system was put in place as a response to the EU’s €4.34 billion fine in 2018 for imposing “illegal restrictions on Android device manufacturers and mobile network operators to cement its dominant position in general internet search.” This may be seen as a way to address competition issues while not breaking up Google as some have called for. However, Google is conducting monthly auctions among the other search engines to be of the three choices given to EU consumers, which allows Google to reap additional revenue.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.