from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: May 29, 2015

China Military Strategy CFR Net Politics Adam Segal
China Military Strategy CFR Net Politics Adam Segal

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

  • The Chinese government released a white paper on military strategy Wednesday, which continued to emphasize the need to develop cyber capabilities and win wars "under conditions of informatization," following in the footsteps of defense white papers the Chinese government has published in the last decade (in Chinese). China will also soon release a five-year plan on cybersecurity "to safeguard state secrets," a senior official at the Chinese Ministry of Industry and Information Technology said Wednesday. The plan could potentially make it more difficult for already-embattled foreign technology firms to do business in China. Right on the tail of the plan’s announcement, a Chinese cybersecurity firm claimed it had evidence (in Chinese) of a hacker group, which they call OceanLotus, supported by a foreign government that has repeatedly conducted cyberattacks against Chinese government agencies, research institutes, and shipping companies for the past three years.
  • After a month-long period for public comments, there seems to be widespread support for a proposal for the U.S. government to hand off control of the Internet’s domain name system (DNS) to the Internet Corporation for Assigned Names and Numbers (ICANN), the California-based nonprofit that oversees IP addresses. Under the plan, the U.S. government would divest DNS control to an ICANN-affiliated organization that could be legally separated in the future, should ICANN be found to be handling the system ineffectively. That’s an important provision given past concerns about ICANN’s performance and insular decision-making. However, the DNS hand-off isn’t finalized yet, and concerns remain regarding the details of the transition.
  • Philip Zimmerman, the creator of PGP, the system that’s used to protect the privacy of most encrypted Internet communications, just moved to Switzerland to escape snooping by the U.S. government. In an interview earlier this week, he compared the surveillance activities of the U.S. government to that of a "dystopian society" and North Korea. Zimmerman is taking with him Silent Circle, the mobile encryption startup he founded three years ago. Zimmerman has been a leading privacy activist since he released PGP to the public in 1991 to protest a Senate bill allowing the government to obtain the contents of voice and data communications.
  • Barring an eleventh-hour miracle, it seems likely that certain provisions of the USA Patriot Act will expire on Sunday, including section 215 that authorizes the NSA’s call records program. A primary barrier to the provisions’ renewal is divided opinion about government surveillance in the GOP. Senate majority leader Mitch McConnell (R-KY) has pushed for a complete reauthorization of the law. According to McConnell, the call records program is essential to the intelligence community’s ability to identify and stop terrorist threats. Because of this, McConnell has unequivocally opposed the USA Freedom Act, which modifies the call records program and allows other Patriot Act provisions to lapse. Given strong support for reforming the law from Republicans in the House, however, it’s unlikely that efforts to continue some of the law’s provisions will be successful unless McConnell changes his tone.
  • Just over a week into a two-month comment period on proposed amendments to the Wassenaar Arrangement, an arms control agreement between 41 nations, some cybersecurity researchers have already begun to express their opposition to the changes. The proposed amendments add intrusion exploits and IP surveillance products to the list of arms that may not be sold internationally. The Wassenaar Arrangement’s existing ban on the export of encryption tools has received criticism in the past, with some saying it does more to prevent individuals living under oppressive governments from having access to effective encryption than stop those governments from getting their hands on such tools. However, some security researchers have criticized the newly proposed limitation in particular, saying it will prevent them from getting access to tools they need to test the security of computer systems for the purposes of improving it.