Cyber Week in Review: June 3, 2016

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Safe Harbor successor unable to make it safely into harbor. The prospect of Privacy Shield winning the approval of the European Commission gets dimmer every day. European Data Protection Supervisor Giovanni Buttarelli announced this week that he would not endorse the proposed U.S.-EU data sharing agreement, saying that “significant improvements are needed.” Buttarelli said he did not believe the agreement could pass scrutiny by the Court of Justice of the European Union, which struck down Safe Harbor last year. Other European privacy experts concurred, giving Privacy Shield a 60 to 70 percent chance of being struck down. Meanwhile, data continues to flow, but a decision by the Irish data protection authority is raising questions about the legality of the “model clauses” that many companies have been using to justify transfers in the absence of a transatlantic agreement.

2. Haters gonna hate the IANA transition. According to The Hill, former presidential candidate Ted Cruz is circulating a draft bill that would prevent the Department of Commerce’s National Telecommunications and Information Administration (NTIA) from handing over the IANA contract to the multistakeholder internet community unless Congress approves. Cruz and a number of Republican senators have expressed concern with the IANA transition, which would relinquish the U.S. government’s oversight over the domain name system--a longstanding diplomatic irritant between the United States and the rest of the world. CFR’s Rob Knake recently tried to square Ted Cruz’s hostility to government programs and his defense of government oversight over the internet’s addressing system. You can find that here.

3. Iran: All your message are belong to us. Iran’s Supreme Council for Cyberspace, the country’s internet regulator, gave foreign instant messaging services a year to comply with a new directive that requires "all data and activity linked to Iranian citizens" to be hosted in Iran. Many popular messaging platforms, such as Facebook’s Messenger, are already banned in the country but an estimated 20 million Iranians use Telegram, which isn’t. Although Iran ostensibly wants foreign providers to keep data in the country to make it easier to local law enforcement to access messages, it’s unlikely that a localization mandate will succeed. There are a number of messaging platforms--Whatsapp being the most popular--rolling out end-to-end encryption that makes it impossible for companies to decrypt messages sent between two users.

4. Tech companies agree to promptly review hate speech flagged by the European Commission. Google, Facebook, Twitter, and Microsoft signed an agreement with the European Commission this week to remove content that European law classifies hate speech from their sites in a timely manner. Under the new code of conduct, the companies agree to review “the majority of” alleged hate speech within twenty-four hours of being notified of its presence. EU officials heralded the agreement, although it largely represents a clarification of the companies’ current practices with regard to online hate speech. Some digital rights groups are concerned about the new rules, however, saying that decisions over what constitutes hate speech online require greater oversight and could lead to a slippery slope that limits free speech. Related: in a Cyber Brief last year, CFR’s David Fidler argued that the United States government should make its rules regarding takedown of terrorist content more transparent.