from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: March 11, 2016

Cyber Net Politics CFR
Cyber Net Politics CFR

March 11, 2016

Cyber Net Politics CFR
Cyber Net Politics CFR
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Report: United States to attribute cyber incident to Iran. CNN reports that the Unites States is getting ready to indict government-sponsored Iranian hackers of breaking into the computer network of a flood control dam in a suburb of New York City. The incident allegedly occurred in 2013 but only came to light in 2015 as a result of an article in the Wall Street Journal, which connected the same intruders to similar incidents against Capital One, PNC Financial Services, and SunTrust Banks. Very little is known about the incident other than it was unsophisticated--CNN reports that only "back office" not "operational systems" were affected, presumably indicating the controls that regulate water flow were not affected. Still, if the CNN report is true, it would only be the second time that the U.S. government formally indicts state-sponsored hackers and the third time the United States has publicly accused another state of being behind an attack. In 2014, the U.S. Department of Justice indicted five officers of the People’s Liberation Army for cyber-enabled espionage against U.S. firms and in 2015, the White House attributed the Sony hack to North Korea.

2. FBI to Apple: I rebut your rebuttal! Federal prosecutors filed a response to Apple this week in the ongoing dispute over whether the company can be compelled to write code that would enable the Federal Bureau of Investigation to access the iPhone of one of the San Bernardino attackers. In their filing, they dispute many of Apple’s claims. According to the government, the case passes a 3-part test set by previous court decision with respect to the All Writs Act, which empowers the court order in this case. The government filing argues that Apple has a close connection to their phones because of its “monopoly-like” control over distribution of software to phones; that assisting the government does not place an “undue burden” on Apple; and that the company’s assistance is necessary for the government to access the data on the phone. They also dispute Apple’s claim that writing this code would present a security risk for all Apple users and that compelling Apple to write code is not a violation of the First Amendment because the code would remain private. Apple has shot back in the press, with a spokesman arguing it’s a slippery slope to a future where the government can compel Apple to turn on a user’s camera or microphone.

3. UK bill raises privacy questions. The Investigatory Powers Bill, a draft surveillance law under consideration by the UK Parliament, was excoriated this week in the first report to the United Nations by the UN’s special rapporteur on privacy, Joseph Cannataci. Cannataci said Parliament is “setting a bad example to other states” and doesn’t fully understand the “serious and possibly unintended consequences” of legitimizing "mass surveillance." He criticized the draft bill for failing to meet privacy standards set by the decisions of European courts in Max Schrems’ successful challenge of Safe Harbor and Roman Zakharov’s dispute over Russian surveillance of telecommunications. But the Investigatory Powers Bill isn’t the only challenge to online communications that lies ahead for the United Kingdom. Should the country vote to leave the European Union, it would severely impact the ability of companies to move data between the United Kingdom and the European continent, and even uncertainty ahead of the vote could push firms to move their data to other parts of Europe.

4. Have they found a way to solve a problem like IANA? As anticipated, the Internet community agreed on a proposal to end U.S. government control of the IANA functions and transfer them to the Internet Corporation for Assigned Names and Numbers (ICANN), which oversees the Internet’s address book. For more on the specifics of the proposal, you can get into the details here, here, and here. Up next, the U.S. Department of Commerce will assess whether the plan its requirements for the transition, namely that the proposal maintains the openness of the Internet and the security and stability of the domain name system. If the proposal passes that hurdle, it will then have to go to a skeptical Congress and to the White House for sign-off. The IANA transition isn’t out of the woods yet.