from Digital and Cyberspace Policy Program and Net Politics

Cyber Week in Review: March 29, 2019

People protest against the planned EU copyright reform in Berlin, Germany March 23, 2019. Reuters/Hannibal Hanschke

This Week: European Parliament passes sweeping copyright legislation; Facebook charged with housing discrimination; Chinese ownership of dating app declared national security risk; ASUS hack; and the United Kingdom flags Huawei security concerns. 

March 29, 2019

People protest against the planned EU copyright reform in Berlin, Germany March 23, 2019. Reuters/Hannibal Hanschke
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

EU Shakes Up Copyright: On Tuesday, the EU passed its controversial copyright overhaul. Articles 11 and 13 of the EU Directive are particularly contentious, and have sparked protests across Europe as well as widespread opposition from tech giants such as YouTube and Google. Lambasted by critics as the “meme ban,” Article 13, imposes liability on online platforms for copyrighted material posted on their sites, and some claim that the provision could result in widespread filtering of uploaded internet content. Article 11 requires news aggregators that display clips of others’ content to pay “fair and proportionate remuneration” to news organizations. Google suggested the legislation may force it to pull its news aggregation platform, Google News, from Europe.  The measures are a part of the EU’s attempt to “take back control” of the digital sphere and further integrate the bloc’s digital single market. Pending ratification by the European Council, EU member states will have two years to implement the directive.

More on:

Cybersecurity

Social Media

European Union

Dating Apps Weaponized: The Committee on Foreign Investment in the United States (CFIUS), which monitors the national security implications of select corporate transactions,  declared Chinese ownership of Grindr, a dating app for gay men, to be a national security risk. National security officials are concerned that Beijing Kunlun Tech, which acquired Grindr in 2016, would be required to share the personal data of Grindr users if requested by the Chinese government. Kunlun is now ready to sell. CFIUS has recently blocked a number of deals involving Chinese bidders that involved significant privacy or personal data risks, including the sales of cash transfer app MoneyGram and mobile marketing platform AppLovin. In addition to the large amounts of private personal data hosted in Grindr, dating apps have also recently been used in disinformation campaigns, which might have also raise red flags for U.S. regulators. As Veronika Velch points out in Just Security, the case of a manufactured Tinder-based sexual harassment scandal in Ukraine in late 2018 demonstrates the ease of creating fake online dating profiles to enable large-scale smear campaigns.

Housing Discrimination on Facebook: Department of Housing and Urban Development (HUD) Secretary Ben Carson charged Facebook with Fair Housing Act violations on Thursday over the platform’s discriminatory housing ad practices. According to HUD, Facebook allows companies to uses its platform to exclude users from viewing certain ads. Facebook’s tools not only enable discrimination but also appear to make it impossible to stop discrimination on the basis of protected characteristics such as race, religion, sex, disability, and national origin. The array of tools available to advertisers included “a map tool to exclude people who live in a specified area from seeing an ad by drawing a red line around that area.” In a statement, Facebook said that it was “surprised” by HUD’s action, as the platform had made changes to its housing ad targeting system as recently as last week when it reached a settlement with major civil rights organizations including the National Fair Housing Alliance, the American Civil Liberties Union, and the Communication Workers of America.

Huawei’s code stinks. After months of speculating about the security risks associated with Huawei, the United Kingdom’s oversight board released a long report on the very real security vulnerabilities in Huawei network equipment. The Huawei Cyber Security Evaluation Centre—more commonly referred to as The Cell—is responsible for scouring Huawei source code for vulnerabilities and backdoors. While The Cell’s annual report does not identify backdoors that could be used by Chinese intelligence to break into foreign networks—which is the United States’ main concern—it does identify glaring security vulnerabilities that could be exploited by just about anyone. The Cell found “serious and systematic defects in Huawei’s software engineering and cyber security competence,” which allows The Cell to provide only “limited technical assurance” that the United Kingdom can manage the security risk associated with Huawei. Despite the clear security risk, most European countries have ruled out banning Huawei from their 5G rollout, instead opting to manage the risks associated with Huawei equipment.

ASUS Updates Hijacked: Vice revealed on Monday that servers belonging to Taiwan-based consumer electronics manufacturer ASUS had been hacked since June 2018. After gaining access to the firm’s official update servers, attackers deployed fake updates to ASUS customers that contained a backdoor. Half a million computers were infected, but the attack only focused on 600 specific devices and took no action against non-targeted machines. Such specific targeting is highly reminiscent of the state-sponsored Stuxnet hack, and experts say that the complexity of the attack differentiates it from other recent supply chain attacks such as NotPetya. Notably, Russian cybersecurity company Kaspersky was the first to report the hack, dubbed “ShadowHammer,” which Symantec later confirmed. Both Kaspersky and an independent researcher  warned ASUS of ShadowHammer as well as other risks to its networks in January 2019, but ASUS denied that it was compromised until after the Vice report.

More on:

Cybersecurity

Social Media

European Union

Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail
Close