Cyber Week in Review: December 1, 2017

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Did China violate the 2015 Obama-Xi deal? The U.S. Department of Justice charged three Chinese nationals for hacking into the networks of three U.S companies and stealing proprietary data. The indictment is the first since the 2015 U.S.-China deal to not sponsor the cyber theft of intellectual property for commercial gain, and has led to speculation whether Beijing is violating it. The three nationals are believed to work for Boyusec, which some U.S. cybersecurity companies claim is a contractor for China's Ministry of State Security. If true, China would only be breaking the 2015 deal if the information was stolen at Beijing's behest and was transmitted to Chinese companies to get an edge over their U.S. competitors. The indictment remains silent on whether the Department of Justice believes the actions were state-directed or to benefit national champions, though it does point out that at least one of the technologies stolen had "no military applications"--the implication being that stealing it was outside the scope of acceptable espionage. According to Politico, the Department of Justice raised the Boyusec case with Chinese counterparts before pressing charges but "received no meaningful response." U.S. officials are likely using the case as a not-so-subtle signal to Beijing to abide by the agreement, though some fear Beijing could retaliate by charging former NSA hackers and limiting their ability to travel. 

2. We're going to build our own internet, with our own Bender memes and rickrolls. Russian media outlet RBC reports that the Kremlin issued a directive in October ordering the country's telecommunications ministry to develop a backup domain name system (DNS) for the exclusive use of BRICS countries (Brazil, Russia, India, China, and South Africa). Russia has long been concerned that the United States could remove the .ru top-level domain from the internet, making all Russian websites with a .ru domain inaccessible. It is unclear whether Russia plans to build a DNS entirely separate from the existing DNS that allows the internet to function (effectively creating two internets) or whether it will build more DNS mirrors to make the .ru domain more resilient. As Kieren McCarthy points out in the Register, the odds of the United States kicking .ru off the internet is close to zero (and perhaps impossible now that the United States no longer contractually oversees the DNS), and even if it could, the existing resiliency built into the DNS would ensure that such a drastic move would not cascade across the world. 

3. Hell hath no fury like a German intelligence officer scorned. In a speech this week, the head of Germany’s domestic intelligence agency took aim at Facebook and other social media platforms for not doing enough to combat misinformation. He criticized them for "hiding behind the legal privileges" they enjoy to spread information without taking any editorial oversight over their content and argued that “democratic pluralism loses its foundations if it is no longer based on facts.” Germany has been a leading advocate for placing stricter regulations on networking sites, passing a law this summer that imposes fines of up to €50 million if a platform does not remove hate speech within twenty-four hours of being posted. In response to the law, Facebook announced it would be adding 500 more contractors to monitor content in Germany, bringing the total to 1,200 people reviewing posts in the county.

4. Wither the third party doctrine?The U.S. Supreme Court heard arguments for Carpenter v. United States, which could change the way privacy protections apply to cell phone location data. The case involves a man who was convicted of several robberies based on records from his phone service provider proving he was at the crime scenes. The data was obtained following a legal precedent set in 1979 that allows telephone companies to provide metadata, like location, to the U.S. government without a warrant. The ACLU argues that cellphone metadata can reveal a person's habits that would ordinarily be protected by the Fourth Amendment. The justices seemed to agree. A decision is not expected until this coming summer.