from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: March 31, 2017

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Here we go again. Government access to encrypted data is back in the headlines after last week’s deadly terror attack in the United Kingdom. UK officials are keenly interested in the attacker’s digital communications before the incident took place. British officials met with tech companies to demand that they be granted access to plain text conversations from messaging services like WhatsApp when it is relevant to a terrorist investigation. Security experts and digital rights advocates maintain that giving authorities such access defeats the purpose of encryption (see this infographic for more on the debate). At the same time the UK made its demands, U.S. FBI director James Comey publicly discussed creating an international "framework" for creating legal access to encrypted devices.

2. U.S. internet service providers will still be able to sell your weird browsing history to advertisers. President Donald Trump is expected to sign a repeal of privacy rules that would have required internet service providers (ISPs) to obtain consumer consent before collecting and sharing their browsing data. The Obama administration created the privacy rules to prevent ISPs from selling web and app histories, something they had been allowed to do until the rules would have gone into effect in December. Obviously, privacy activists are not happy with the reversal. Some incensed internet users are campaigning to buy Congress’ web data with the view of making it public. Even some of President Trump’s staunchest supporters online are calling on him to veto the repeal.

3. Is North Korea holding up banks in cyberspace? The New York Times reports that North Korea might be the first country to use its offensive cyber capabilities to rob banks. A recent investigation into an espionage operation that targeted several Polish banks led researchers to a hacking to-do list that revealed North Korea’s plans to loot more than 100 organizations worldwide, the bulk of which are financial institutions. The group thought to be behind the attempted Polish attack--Lazarus APT--is also suspected of being behind the attacks on Bangladesh Bank and Sony Pictures.

4. Move fast and break things. Russian state-sponsored hacking group APT28 (also known as Fancy Bear, Sofacy, and Pawn Storm) doesn’t care much for stealth according to Finnish authorities. In its annual report, SUPO, Finland’s security intelligence service, noted not only an increase in foreign hacking, but also an apparent lack of effort to conceal the activity. Despite Finland’s acknowledgment of Russian spies in its networks, the Finnish government remains confident it can resist falling prey to Russia’s propaganda war, according to a recent article in Foreign Policy.

5. Global Network Initiative expands. Global Network Initiative (GNI) announced the addition of seven international telecommunications companies to its membership this week. The GNI is a multistakeholder organization whose members, including Google, Facebook, Microsoft, and Yahoo, are committed to uphold international human rights and privacy principles. According to the GNI, over 1.5 billion people in over 120 countries will now be covered by the organization’s commitment to upholding their users’ human rights.