from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: Dec 20, 2019

Kashmiri journalists display laptops and placards during a protest demanding restoration of internet service, in Srinagar
Kashmiri journalists display laptops and placards during a protest demanding restoration of internet service, in Srinagar REUTERS/Danish Ismail

European Union considers curbs on non-EU state-backed companies; India’s shutdown of internet in Kashmir is the longest ever in a democracy; U.S. technology sector rebuffs Trump administration’s efforts to shut out Chinese companies; European Union legal opinion complicates bloc’s data transfers; and NSO Group software used to target Pakistani officials’ phones.

December 20, 2019

Kashmiri journalists display laptops and placards during a protest demanding restoration of internet service, in Srinagar
Kashmiri journalists display laptops and placards during a protest demanding restoration of internet service, in Srinagar REUTERS/Danish Ismail
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Margrethe Vestager Considers Curbs on Non-EU State-Backed Companies

Margrethe Vestager, vice-president of the European Commission for a Europe Fit for the Digital Age, is examining ways to curb unfair competition from non-EU state-owned enterprises, as EU member states urge closer scrutiny of Chinese investment in the bloc. This scrutiny stems from an aggressive push by Chinese state-supported compaies to acquire European companies and other assets. According to Vestager, these companies have been able to use their government backing to outbid competitors. In response, the EU is considering a Dutch proposal that would empower Vestager’s commission to conduct investigations into a company’s conduct if it thought the business was engaging in “distortionary” behavior thanks to government subsidies, or making excessive profits thanks to a dominant position in its own country. The proposed measure marks a potential step in increased EU oversight of Chinese investment in the bloc, which peaked at $41 billion in 2016.

More on:

Cybersecurity

China

India

India’s Shutdown of Internet in Kashmir Is the Longest Ever in a Democracy

The Indian government’s shutdown of the internet in Kashmir entered its 134th day on Monday, making it the longest shutdown ever imposed in a democracy. Only authoritarian regimes, such as China and Myanmar, have cut off the internet for longer. The shutdown occurred when Indian authorities revoked Kashmir’s autonomy and statehood on August 5, claiming that it was necessary to maintain security in the restive territory claimed by both India and Pakistan. Shutting down the internet has become a regular feature of law enforcement in India, which has the distinction of imposing the most blackouts in the world. Officials routinely block access to contain rumors or quell protests. The current shutdown in Kashmir has paralyzed regular life for its people. Businesses have been unable to function, causing an estimated $1.4 billion in losses, while doctors complain that it is more difficult to care for patients. As long as the internet shutdown continues, Kashmiris will continue to have to find ways to gain internet access, like taking a 70-mile train ride on the so-called “internet express” to the nearest town with an internet café.    

U.S. Technology Sector Rebuffs Efforts to Shut Out Chinese Companies

U.S. technology companies have rebuffed a Trump administration request that they sign a set of principles which would effectly shut out Huawei from their supply chains. Among the principles was a pledge that these companies would stop sourcing supplies from a list of Chinese companies. The U.S. companies rejected these requests due to their concern that cooperating in such a way would leave them open to being sued on antitrust grounds for acting as a cartel. Their refusal comes amid a wider pushback from the U.S. business community against the U.S. government’s tougher China policies, such as the Department of Commerce’s proposal that would grant the secretary of commerce the power to block imports of sensitive technology from a country considered to be a foreign adversary. However, companies have been relieved by the U.S. government’s decision to issue temporary licenses for suppliers, such as chipmakers, to sell their equipment to Huawei. Chips seen to have little impact on national security, such as those that go into handsets, have not been restricted.

European Union Legal Opinion Complicates Bloc’s Data Transfers

More on:

Cybersecurity

China

India

On Thursday, an advisor to the European Union’s (EU) Court of Justice recommended that U.S. tech giants should be blocked from transferring EU users’ data to the United States if they can’t guarantee it will be handled in compliance with EU privacy laws. The case stems from EU concerns over whether companies, such as Apple, Google, and Facebook, violate EU privacy protections because of their obligations under U.S. surveillance laws, which could compel them to hand over the personal data of EU users. Concerns over U.S. surveillance led the Court of Justice to strike down a previous U.S.-EU agreement dubbed Safe Harbor in 2015, which allowed companies to freely transfer EU data to the U.S., provided that they met certain benchmarks. Safe Harbor’s replacement, Privacy Shield, has been facing similar legal challenges, and its suspension could also block data transfers to the United States, which could cost tech companies billions.

NSO Group Software Used to Target Pakistani Officials’ Phones

Israeli spyware company, NSO Group, allegedly provided technology to surveil communications on the mobile phones of at least two dozen Pakistani government officials. The intrusions exploited a vulnerability in WhatsApp’s software that allowed the attackers to access messages and data on targets’ phones. This is the same exploit that was used to spy on Jamal Khashoggi, the Saudi dissident who was brutally murdered in October last year. The alleged targeting of Pakistani officials gives a first insight into how NSO’s signature “Pegasus” spyware could have been used by states to spy on their own officials or rival governments. The proliferation of private spyware companies is projected to enable states not traditionally thought to have strong cyber capabilities to conduct advanced espionage. WhatsApp’s discovery of NSO group’s breach prompted the company to file a lawsuit against NSO Group in October, accusing it of “unauthorized access and abuse” of its services and targeting of innocent civilians.

Editor's note: There will be no Week in Review for the next two weeks in observance of the holidays. It will return on January 10.

Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail
Close