from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: May 22, 2015

Comey Net Politics Cyber CFR
Comey Net Politics Cyber CFR

May 22, 2015

Comey Net Politics Cyber CFR
Comey Net Politics Cyber CFR
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

  • A coalition of activist groups, companies, trade associations, and computer science experts sent a letter to the President Obama urging him to reject policy or legislative proposals that would require U.S. companies to deliberately weaken the security of their products. According to Politico, the letter is "timed to influence an internal review of encryption policy options that is being prepped" for the President’s review. For months now, U.S. agencies such as the FBI, NSA, and Department of Homeland Security have locked horns with the U.S. tech sector and civil society groups over whether companies should be required to have the capability to decrypt data pursuant to a lawful request. FBI Director James Comey called the letter "depressing" and said it "contained no acknowledgement that there are societal costs to universal encryption."
  • The U.S. Department of Commerce’s Bureau of Industry and Security is requesting public comment on a proposal to slap export controls on intrusion software, the components that help build it, and Internet protocol-based surveillance equipment. Any U.S. company looking to export these tools anywhere except Canada would be required to apply for a license. The move aims to implement the 2013 amendments to export control list maintained by the Wassenaar arrangement, a coalition of countries that regulate the use of dual use technologies. In theory, export licenses should limit the proliferation of the zero-day market and make it harder for regimes with poor human rights records to purchase surveillance kit. In practice, some security researchers have complained that the export control regime could make it harder for computer security researchers to probe hardware and software for vulnerabilities.
  • ICANN CEO Fadi Chehadé announced that he plans to step down from his post in March 2016 to pursue another job in the private sector and unrelated to the domain name industry. The announcement comes as the Internet community is developing a proposal to manage the IANA functions without the oversight of the U.S. Department of Commerce. In a press release, the Department of Commerce thanked Chehadé for his work and noted that a successful transition process "does not depend on the leadership of a single individual." Kieren McCarthy at the Register muses on the curious timing of the announcement and reflects on Chehadé’s tenure as CEO.
  • The White House has already begun the process of winding-down the NSA’s bulk phone data collection before June 1. The Senate rejected the USA Freedom Act, which would have limited phone metadata collection, and then failed to pass an extension of the Patriot Act, under whose authority the program operated. The Senate will try again during a rare Sunday session on May 31, but the House is in recess until June 1