from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: April 22, 2016

April 22, 2016

Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. The European Union’s case against Google, part one. The EU competition commissioner, Margrethe Vestager, formally charged Google of violating the European Union’s antitrust laws by abusing "its dominant position by imposing restrictions on Android device manufacturers and mobile network operators." Vestager alleges that these restrictions harmed consumers by limiting what search engines and apps that Android users could use. Google has consistently pointed out that users are free to use alternatives to Google’s apps, such as Firefox instead of the Chrome browser, but it seems that hasn’t swayed the European Commission. Google has twelve weeks to respond to the charges, though it is likely the case will take years to resolve if the similar EU-Microsoft competition case is any guide. Android isn’t the only Google product that has drawn Vestager’s scrutiny. The competition commission is also investigating allegations that Google is distorting search results to benefit its own shopping service. Cue the complaints of the European Union picking on U.S. tech firms.

2. Cybersecurity down under. Australia announced a $230 million investment over four years to “enhance Australia’s cybersecurity capability and deliver new initiatives.” The announcement came as Prime Minister Malcom Turnbull launched the country’s new cybersecurity strategy, which creates two new senior government positions (a minister to assist the prime minister on cybersecurity and an ambassador for cyber issues), aims to improve public-private sector collaboration through a joint threat sharing center and developing voluntary "cyber health checks." During the launch, Turnbull confirmed that the Bureau of Meteorology and the Department of Parliamentary Services suffered breaches last year. Nothing in the strategy is particularly new or earth shattering. The United States and other countries have had senior level cybersecurity coordinators, ambassadors, and public-private collaboration initiatives. Nevertheless, the strategy signals the importance of cybersecurity to Australia’s prosperity and national security.

3. If I had a million dollars, I’d buy a vulnerability. FBI Director James Comey said that the iPhone flaw his organization bought to break into the San Bernardino shooter’s phone cost more than his entire salary during the remainder of his appointment as bureau head. Reuters did some quick math and estimated the flaw cost more than $1.3 million. The price of a vulnerability ranges widely and lots of factors go into determining the cost, such as the ubiquity of the software, the work it took to discover the flaw, whether the flaw can be exploited, and the demand for it. Million-dollar price tags are rare but not unheard of. Zerodium famously paid out a $1 million bounty for a flaw in iOS 9Net Politics’ Rob Knake argues that having the FBI buy software flaws could actually improve the cybersecurity of tech products.

4. No, Apple didn’t hand over iOS source code to the Chinese state. In a congressional hearing this past Tuesday, Apple’s General Counsel Bruce Sewell stated under oath that the Chinese government had requested the company’s code multiple times over the past two years, but that Apple refused every time. During the Apple and FBI standoff over the San Bernardino iPhone, law enforcement officials and others suggested Apple had handed over iOS source code to the Chinese state, yet wasn’t willing to do the same with the FBI.