Cyber Week in Review: January 27, 2017
from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: January 27, 2017

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. President Trump’s Android. Old habits die hard, or in this case become major national security risks. The New York Times reported this week that President Trump has continued tweeting from his “old, unsecured Android phone” since entering the White House, raising red flags among cybersecurity experts. The phone, which is believed to be a Samsung Galaxy S3 or S4, is regarded as completely insecure: “A Galaxy S3 does not meet the security requirements of the average teenager, let alone the purported leader of the free world,” writes Nicholas Weaver in Lawfare. While President Trump holds on to his beloved Android, politicos across the country are learning from the Democratic National Committee breach and using Signal, a smartphone app that allow users to send encrypted messages.

2. Ruling in Microsoft’s case stands in Ireland case, but no one is truly happy. A federal appeals court refused to rehear arguments in the Microsoft-Ireland case, sustaining Microsoft’s refusal to hand over emails of a non-U.S. citizen stored on a server in Ireland to the Department of Justice. In 2013, the Department of Justice had requested Microsoft hand over the emails and obtained a court order to that effect. That order was squashed last year as a result of Microsoft’s challenge, with the appeals court concluding that the U.S. government can only force companies to hand over data if the data is held in the United States. Although Microsoft celebrated the renewed victory, Just Security’s Jennifer Daskal argues that the decision is ultimately a bad one given that it creates incentives for data localization, with all of the problems that entails, and creates a conflict of laws nightmare when countries invariably try to obtain data held abroad concerning their nationals to investigate local crimes.

3. From Russia with love. The arrest of at least three top cybersecurity specialists connected to the Kremlin on treason charges has raised some eyebrows. Ruslan Stoyanov a top cybercrime investigator at Kaspersky Labs, who had previously worked for the Russian government, was arrested in December. News of his arrest only surfaced this week, shortly after which two FSB cyber experts were also arrested. Speculation abounds that the three individuals might have been spying for Washington. Another theory floating around: the individuals are associated with “Anonymous International,” a hacker collective known for leaking information compromising to Kremlin officials. A third theory could be that they refused to comply with the Russian government’s requests for cyber-related assistance. In any case, the arrests will keep observers guessing.

4. U.S. executive order aimed at enforcement of immigration laws creates Privacy Shield scare. President Trump triggered a scare over transatlantic data flows this week when he ordered U.S. agencies to exclude non-U.S. citizens or permanent residents from their privacy policies. The move aims to help U.S. officials enforce immigration laws, but European parliamentarians quickly raised concerns that the move could invalidate the Privacy Shield, a mechanism that facilitates U.S.-EU data flows. As part of the Privacy Shield, the United States extended certain privacy rights to EU citizens and gave them a right to redress in U.S. courts. The European Commission and U.S. observers quickly rebutted those concerns, noting that the rights extended to EU citizens are a matter of U.S. law and cannot be superseded by an executive order. The scare will arguably the first of many between Washington and Brussels over digital privacy and policy issues over the next few years given Europeans’ general skepticism of President Trump.

5. Cameroon shuts down internet access in certain regions. Quartz reports that the government of Cameroon has ordered telecom operators to shut off mobile internet access in certain regions of the country. The cut-off regions are home to English-speaking Cameroonians who have been protesting what they view as neglect by the French-speaking government and majority. According to the report and activists, the telcos complied with the order fearing that failure to do so would jeopardize their operating licenses.