from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: April 15, 2016

Microsoft is challenging a rule that prohibits it from informing customers when the U.S. government has accessed their data. (Mike Segar/Reuters)

April 15, 2016

Microsoft is challenging a rule that prohibits it from informing customers when the U.S. government has accessed their data. (Mike Segar/Reuters)
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed.

1. The relationship between Silicon Valley and Washington isn’t improving. Microsoft is taking the U.S. government to court, again. Microsoft objects to gag orders that prohibit the software giant from telling its customers, sometimes indefinitely, that their data has been searched or seized by law enforcement. The company argues that these orders violate their customers rights under the First Amendment, which protects free speech, and Fourth Amendment, which protects against unreasonable search and seizure. The case is likely to be another high profile one for Microsoft, already butting heads with the U.S. Justice Department over the U.S. government’s ability to access data Microsoft controls in Ireland. Over at Just Security, Jennifer Daskal thinks that Microsoft has a good case but that it may be overtaken by events as a Congressional judiciary committee approved draft legislation that would make the issue moot. The Email Privacy Act, under consideration in the House, with a similar bill with bipartisan support in the Senate, would require that individuals be told that law enforcement searched their data.

2. Europe’s privacy regulators disapprove of Privacy Shield . The Article 29 Data Protection Working Party, a group of data protection commissioners from Europe’s 28 member states, doesn’t like the new Privacy Shield, which the European Commission and U.S. Department of Commerce agreed to in February and seeks to facilitate transatlantic data transfers. In a non-binding opinion, data protection authorities expressed concern about the absence of provisions in the agreement that would prohibit “massive and indiscriminate collection of personal data” and the modalities of the deal’s review mechanism that ensures both sides are sticking to the deal. The working party ultimately decided that Privacy Shield does not reflect the data protection principles guaranteed under EU law. That puts the European Commission in a bind. Ignoring the the opinion would leave the Privacy Shield vulnerable to a challenge before the Court of Justice of the European Union, already skeptical of U.S.-EU data flows. Adopting the working group’s recommendations would require a renegotiation with the United States and, according to Peter Margulies at Lawfare, require amendments to U.S. intelligence law. Congress has already modified U.S. law to implement the Privacy Shield, and there may be less of an appetite to accede to more European demands.

3. China: is it hacking less or just not getting caught? The Financial Times reports that private cybersecurity firms are observing a decline in the rate of Chinese cyberattacks since presidents Barack Obama and Xi Jinping vowed to stop conducting cyber espionage for commercial purposes in September 2015. The detection of fewer incidents could mean that the Chinese are implementing the agreement, but it could also mean that China has gotten better at hiding its tracks. CFR Whitney Shepardson Senior Fellow Rob Knake was quoted in the article, saying that there is a "consensus that activity is still ongoing, but narrower in scope and with better tradecraft." It turns out that Chinese government hackers may be using "English or Russian rather than Mandarin to write notes embedded in their hacking tools" to hide their tracks.