Cyber Week in Review: Feb 7, 2020

Technical Problems Delay Count in Iowa Caucus

Results from the Iowa Caucus were unexpectedly delayed for over a day after voting concluded. The Iowa Democratic Party (IDP) blamed the delay on an app called Shadow, which was meant to tally and report votes from individual precincts to party officials. Details about the untested app, which experts described as “hastily thrown together,” had been kept secret until the caucus, supposedly to prevent hackers from targeting it. Though the results of the caucus were confirmed by paper ballots and the IDP said it performed numerous quality control checks, a New York Times review found significant inconsistencies in the final tally. There is no evidence that any of the problems were intentional, but that did not stop users from spreading disinformation about the caucus on social media. The disastrous event has called into question the future of Iowa’s privileged role as the first state in the nation to hold its nominating contest, as well as what role technology should play in elections.

Barr Proposes U.S. Purchase of Controlling Stakes in Ericsson and Nokia

U.S. Attorney General William Barr proposed on Thursday that the United States purchase controlling stakes in Ericsson and Nokia to help build an international competitor to Huawei. During his speech at the Center for Strategic and International Studies in Washington, DC, Barr also warned that allowing China to establish technological dominance not only endangered U.S. security, but also threatened its economic future, and stated that it was the first time in history that the United States was not the leader in a major technological sector that will underpin future innovation. In addition to proposing U.S. purchases of controlling stakes in these companies, Barr also floated the possibility of a consortium of private U.S. and allied companies that would be competitive with Huawei. The attorney general’s remarks demonstrate the radical steps the Trump administration is willing to consider in its efforts to weaken Huawei’s market power. The Chinese company currently sells just under a third of the world’s telecommunications equipment.

FCC Concludes Cell Carrier(s) Violated Law by Selling Location Data

Last Friday, the FCC announced [PDF] that it had concluded its investigation into the unauthorized sale of American consumers’ cell phone location data and found at least one wireless carrier broke the law by selling customers’ location data to third parties, who then resold it further. The investigation began in May 2018 after a report was released that showed most customers’ location data could be bought on the black market for a relatively small fee. The black market availability of the data wasn’t the only scandal—one company that purchased the data provided it to law enforcement without warrants, and another accidentally exposed all of the location data they had purchased via a bug on their website. Senator Ron Wyden (D-OR), who brought the issue to the FCC’s attention in 2018, said he was “eager to see whether the FCC will truly hold wireless companies accountable, or let them off with a slap on the wrist.” FCC Chairman Ajit Pai stated earlier this week that he plans to circulate a “Notice of Apparent Liability for Forfeiture” to other FCC commissioners, which will certify the FCC’s determination that the companies violated federal law. For now, it is unclear what penalties these companies will face.

Newly Revealed Ransomware Targets Industrial Control Systems

On Monday, researchers announced the discovery of EKANS, a new ransomware that targets industrial control systems (ICS). The determination that EKANS was designed to target ICS environments came from the discovery of a “kill list” embedded in its code, which contained industry-specific programs to shut down. Though ransomware is common, EKANS is only the second known example designed specifically to target ICS. Because some of the programs it shuts down are critical to industrial operations, experts warn that in a worst-case scenario EKANS could even damage physical systems. The discovery of EKANS is another reason for U.S. companies to heed the Department of Homeland Security’s advice that businesses and government agencies [PDF] consider all ransomware a serious destructive threat.

YouTube to Ban Some Deceptive Political Content

This week, YouTube announced the specific steps it would take to ban deceptive political content ahead of the election. The company said it would remove technically manipulated content, video that attempts to mislead about voting or the census, and content that lies about the eligibility of candidates to serve in office. It will also terminate any channel that impersonates someone or uses artificial means to inflate views or other metrics. Over 500 hours of video is uploaded every minute to YouTube, which makes moderating content a daunting task. The company did not specify what combination of digital tools and human moderators would be used to enforce the policy. The announcement comes as other large tech companies, including Twitter and Facebook, try to reassure the public that they are more prepared to handle disinformation than they were in 2016.

Huawei Sues Verizon Over Alleged Patent Violations

On Wednesday, Chinese telecom giant Huawei filed a lawsuit against Verizon in Texas for allegedly using its patents without a license. Huawei first raised the issue in June 2019, and the suit follows a series of meetings between the companies. Huawei claimed it could not determine what compensation it was owed since it does not know what contribution the patents made to Verizon’s business. Verizon alleges that the suit is a direct retaliation for the United States’ increasingly aggressive posture towards Huawei and claims “Huawei’s real target is not Verizon; it is any country or company that defies it.” The patents cover areas such as networking and video communications. None of them involve 5G technology.