from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: December 23, 2016

People walk outside the European Commission headquarters in Belgium, November 26, 2015. (Benoit Tessier/Reuters)

December 23, 2016

People walk outside the European Commission headquarters in Belgium, November 26, 2015. (Benoit Tessier/Reuters)
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. No more data for you. The Court of Justice of the European Union invalidated portions of the United Kingdom’s new Investigatory Powers Act that require communications service providers retain user data so that it can later be examined if determined relevant to a criminal investigation. The Court called such provisions "general and indiscriminate" and that they exceed "the limits of what is strictly necessary and cannot be considered to be justified within a democratic society." The UK government, as well as many law enforcement organizations throughout Europe, have consistently claimed that such powers are necessary for national security, terrorism, and organized crime investigations. It’s unclear how the decision will affect the United Kingdom given its intent to leave the European Union, though the it has signalled its intent to appeal. Over at Lawfare, Andrew Keane Woods examines the court’s decision.

2. Now my work is export controlled? The United States failed to convince the states party to the Wassenaar Arrangement to revise the listing of common hacking tools as controlled munitions subject to export control. Back in 2013, Wassenaar Arrangement countries had agreed to slap controls on the use of "intrusion software" largely to prevent countries with dubious human rights records or other malicious actors from purchasing tools that could be used to break into computer networks. However, the rule was so broadly written that some U.S. security researchers, whose job it is to poke holes in systems to test their security, argued it would subject their work to the controls and hinder cybersecurity efforts.

3. Please don’t bring your fake news here. German lawmakers are considering fining social media firms up to €500,000 (US$522,400) for publishing fake news, according to a report in Der Spiegel. Social media platforms, and Facebook in particular, have been under intense scrutiny given the role that misleading or false information seemed to have played in the U.S. election. Some German officials are likely concerned that the same thing could play out in the German federal election in 2017. Compounding that concern is the fact that the head of German domestic intelligence recently signalled that Russia would be looking to manipulate German media to sow distrust in the German political process.

(Editor’s note: There will be no week in review on Friday, December 30. Happy Holidays!)