Cyber Week in Review: January 22, 2016

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Australian PM Turnbull and President Obama talk cyber. Australian Prime Minister Malcolm Turnbull brought up cyber during a visit to Washington, DC, this week, saying that states should stop supporting the cyber-enabled theft of intellectual property and that Internet governance should be led by “the communities that use” the Internet, not governments. Turnbull announced a new annual dialogue on cybersecurity between the United States and Australia, to be led by the Center for Strategic and International Studies and the Australian Strategic Policy Institute. Both sides will work together to define norms for state behavior in cyberspace and create cooperative measures for responding to cyber incidents. Turnbull also said that Australia is working to counter the online narrative of the Islamic State group and noted approvingly cooperation between the U.S. government and private sector in this area.

2. We have an intractable problem? Let’s study it! Rep. Mike McCaul (R-TX) and Sen. Mark Warner (D-VA) are planning to introduce a bill in Congress that would create a national commission to examine how law enforcement officials can gain access to the encrypted data of criminal suspects without weakening the privacy or security of Americans. While law enforcement has repeatedly asked tech companies to find a technical solution to the problem, security experts have said that’s impossible without severely weakening encryption. McCaul and Warner’s proposed commission intends to get around that impasse by convening tech industry executives, privacy advocates, academics, and law enforcement and intelligence officials to discuss the issue. They would make joint recommendations on both legislative and technological measures around the encryption problem. The congressmen haven’t set a date for when they’ll introduce their bill. However, others may supersede them with a less conciliatory approach. Senators Richard Burr (R-NC) and Dianne Feinstein (D-CA) are working on legislation requiring tech companies to put backdoors in their encryption, and state legislators in New York and California have already taken steps toward banning encrypted devices at the urging of law enforcement officials. Meanwhile, NSA director Adm. Mike Rogers appeared to announce his support for strong encryption this week.

3. A tiny ray of additional sunlight on the U.S. government’s zero-day policy. The Electronic Frontier Foundation (EFF) was able to obtain more information about the U.S. policy on zero-days. Regular readers of Net Politics will remember that last September, the U.S. government, for the first time, published a heavily redacted version of the policy that outlines how the it handles zero-day vulnerabilities. We analyzed the issue here. This week, the EFF able to obtain a new copy of the policy with slightly less redactions. The document now reveals that the United States engages in offensive cyber activities and that the zero-days the government discovers it acquires can be used for both offensive and defensive purposes. Quelle surprise!