Cyber Week in Review: April 24, 2020

Experts Criticize German-Led Digital Contact Tracing Initiative

On Monday, a group of scientists and researchers from more than twenty-five countries published an open letter expressing concern about the German-led Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) initiative to keep track of people who have been exposed to COVID-19. The initiative tracks contact by monitoring the proximity of users’ phones. The experts argue that PEPP-PT lacks transparency and that the centralized storage of data might be exploited by governments for discriminatory practices or invasive surveillance. The researchers support an alternative standard, called DP-3T, that they claim is more privacy-preserving. It is unclear how much support the German initiative actually has: PEPP-PT claimed support from seven European countries, two of which now support DP-3T. Last week, PEPP-PT posted a twenty-five page document detailing its privacy practices.

Supreme Court Will Hear Case on Computer Fraud and Abuse Act

This week, the U.S. Supreme Court announced that it would hear Van Buren v. United States, a case involving the controversial Computer Fraud and Abuse Act (CFAA). The 1986 act, described by critics as “the worst law in technology,” makes it illegal to access computers without authorization. Developed before the internet was widespread, the act’s vague wording has led lower courts to disagree about its meaning. In this specific case, Nathan Van Buren, a Georgia police officer was convicted of violating CFAA after he took money from a police informant to run a license plate search on a database the officer legally had access to. The CFAA has been central to a number of high-profile cases, most prominently that of Aaron Swartz, who took his own life after he faced thirty-five years in prison for downloading articles from an academic database.

Facebook Bans Some Events That Violate Social Distancing Rules

Facebook has removed from its platform event listings for anti-quarantine protests that violate state law, the company announced this week. The protests, mostly organized by far-right groups, called for the lifting of stay-at-home orders. Facebook says that it will continue to remove events that violate laws that mandate social distancing. Donald Trump Jr. and Senator Josh Hawley (R-MO) both accused the tech giant of violating free speech. The other tech platforms have also announced new COVID-19 inspired rules. Google will require all advertisers to verify their identities to purchase ads in order to crack down on ads promoting misinformation or products related to the coronavirus, and Twitter has expanded its COVID-19 content moderation guidelines to include misinformation on the relationship between 5G and the pandemic.

Microsoft Calls for Open Data to Prevent Centralization of Digital Power

On Tuesday, Microsoft called for governments and companies around the world to be more open with their data to prevent the concentration of digital power in the hands of the United States, China, and a few tech giants. Without naming any firms in particular, Microsoft explained that a small handful of technology companies have amassed increasingly large shares of the data collected over the internet. This provides them with valuable opportunities and advantages in the research and development of emerging technologies. Artificial intelligence research in particular requires massive datasets on which to train algorithms. While Microsoft admitted that it would benefit from broader data sharing since data collection is not its primary business, some non-profits celebrated the move, hailing it as a major milestone for the open data movement.

Senators ask Cyber Command and CISA to Deter Coronavirus-Related Hacks

On Monday, a bipartisan group of U.S. senators sent a letter addressed to General Paul Nakasone, commander of U.S. Cyber Command, and Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA), urging them to do more to defend U.S. health-care systems against cyberattacks that exploit the coronavirus pandemic. In particular, the letter urged the officials to consider operations to “defend forward,” without elaborating on what this would entail in practice. The senators also suggest that CISA and Cyber Command make greater outreach efforts to spread public awareness about coronavirus-related disinformation campaigns. The letter comes amid increased targeting of U.S. health-care infrastructure by nation-state and criminal hackers, despite promises by some groups that they would refrain from doing so.