Here is a quick round-up of this week’s technology headlines and related stories you may have missed:
Election meddling in Ukraine. Russia appears to be intensifying its efforts to interfere in Ukraine’s upcoming election. This week Ukrainian President Petro Poroshenko accused Russia of launching cyberattacks against the country’s Central Election Commission, an independent governmental body that manages federal elections in Ukraine. According to Poroshenko, the CEC was targeted by DDoS attacks for two days. The alleged attacks are likely the latest in a years-long Russian election meddling campaign in Ukraine that has included buying election officials’ personal data with cryptocurrencies as well as targeting campaign staff’s personal computers. In response to potential interference, Ukraine announced that it would work with the United States to “develop protection mechanisms.”
Cyber Command finally (sorta) drops the cyber bomb. On the day of the 2018 midterm elections, U.S. Cyber Command took down the internet connection of the infamous Russian troll-farm Internet Research Agency (IRA). The Washington Post reported this week that the previously undisclosed operation against the IRA was part of “the first offensive cyber-campaign against Russia designed to thwart attempts to interfere with a U.S. election.” While the attack only temporarily impeded the IRA’s operations, the overarching goal was to send a message to malicious Russian actors. Another attack in that same campaign involved sending literal messages to individuals at the IRA—which was so “perturbing,” according to U.S. officials, that it led IRA officials to “[launch] an internal investigation to root out what they thought were insiders leaking personnel information.”
While the IRA operation is clearly a triumph for Cyber Command, it’s unclear whether Cyber Command’s signaling will change the IRA’s behavior. It’s also worth noting that IRA is also a low hanging fruit in comparison to other U.S. adversaries in cyberspace. If the United States cannot deter trolls, how will it go after Chinese and Russian hackers?
Also, very unpleasant but necessary to say: as long as the biggest operation of them all — Shadowbrokers — hangs over NSA and CYBERCOM with no explanation, no attribution, no response, then no signalling is likely to make much of a difference.— Thomas Rid (@RidT) February 26, 2019
The data Brexit. European Union’s top privacy chief deflated the United Kingdom's hopes of reaching a quick deal on data flow this week. Until now, British and EU officials assumed an “adequacy” decision, which would allow data to flow freely between the UK and EU, would be negotiated swiftly after Brexit. However, European Data Protection Supervisor Giovanni Buttarelli said such decision could take “years,” since EU authorities would need to review the British government’s surveillance programs and its handling of citizens’ personal data. The UK would also need to get in line behind other countries that are seeking a data flow deal with the EU. “A divorce is a divorce, so you need time before re-establishing certain relationships, Buttarelli said. “Once you are out, it is all more complicated.” A no-deal scenario would likely disrupt the operations of companies in tech, banking, and insurance that rely on freely transferring mass volumes of personal data across the channel and throughout Europe.
Washington wants in on privacy legislation. The push for a federal privacy law is gaining momentum in Washington. This week both the Democrat-controlled House of Representatives and Republican-controlled Senate held hearings on federal privacy legislation, suggesting that a privacy law might be one of the few legislative items to gain bipartisan support this year. However, disagreement over how a potential federal private law would look remains unclear. In front of the House Energy and Commerce Committee, business groups pushed lawmakers for legislation that would pre-empt state laws and simplify the regulatory framework for technology firms. Privacy advocates, on the other hand, defended state regulations as critical to establishing a “floor and not a ceiling so that states can afford protections they deem appropriate for their citizens.” Still, optimism about potential congressional action on privacy remains high. Sen. Roger Wicker, Chairman of the Senate Committee on Commerce, Science, and Transportation, went as far as to state that “it would be nice to have [a bill] on the president’s desk this year.” The renewed focus on federal privacy legislation comes after California passed its own consumer data privacy bill last June, which sparked a wave of federal proposals.