Here is a quick round-up of this week’s technology headlines and related stories you may have missed:
1. Your laws are not valid here. The U.S. Supreme Court held oral arguments in the Microsoft-Ireland case this week. At issue is whether the U.S. government can compel U.S. companies to hand over data they store abroad. Andrew Keane Woods over at Lawfare has a great primer on the case, as well as post-hearing analysis. The legal consensus seems to be that the justices were sympathetic to the U.S. government's position that Microsoft should disclose the requested data despite it being stored in Ireland, but recognized that a bipartisan bill in Congress, the CLOUD Act, could make the issue moot. The rest of the world, and Europe in particular, is paying close attention to the case. Some European policymakers have argued that Microsoft's disclosure of the data in question could be a violation of EU privacy law. Despite these concerns, Reuters reports that the EU is developing new rules that would require tech companies to disclose data to governments upon request irrespective of where it is stored, potentially conflicting with the privacy laws of other countries. Pot, meet kettle.
2. Keys to the middle kingdom. Apple warned its Chinese iCloud customers that it will soon store the cryptographic keys to their accounts with its local partner, the state-owned Guizhou-Cloud Big Data Administration. China's cybersecurity law, which entered into force last year, requires Apple to store the keys with its local partner, making it easier for Beijing to access the data of Chinese customers--posing an obvious risk for those who don't toe the party line. Apple's move comes after Beijing required it to remove VPN apps from its app store in China as a result of complying with a different regulation. In a recent World Trade Organization filing, the U.S. government expressed concern that the VPN ban and the cybersecurity law would disrupt cross-border data transfers. China, however, is unlikely to care.
3. Bears in our midsts. German news sources reported that suspected Russian state-sponsored actors had compromised the Informationsverbund Berlin-Bonn, a computer network air gapped from the global internet used by the German Chancellery, parliament, the Foreign Office and other federal ministries based in Bonn. Germany's interior ministry confirmed that it was investigating a compromise of a federal government network, but did not provide any specifics. According to German daily Sueddeutsche Zeitung, the compromise began as far back as 2016 but documents were only exfiltrated at the beginning of 2018. There are conflicting reports of which specific Russian threat actor could be behind the compromise--some have mentioned APT28, which is better known for its compromise of the U.S. Democratic National Committee, whereas others have pointed the finger at Turla, a much lower-key operator.