Cyber Week in Review: May 29, 2020

Twitter Checks Trump on Mail-in Voting Tweets

On Tuesday, Twitter added a fact-check notice to a series of President Donald Trump’s tweets on mail-in voting. Twitter said that the tweets contained potentially misleading information about voting processes and were labeled to provide additional context about mail-in ballots. The move to label the tweets comes just weeks after the company introduced a new policy on misleading information. President Trump has criticized the move as an attempt to stifle free speech and interfere in the upcoming presidential election. But amid another controversy, in which Twitter decided to not remove a tweet in which the President falsely suggested former lawmaker Joe Scarborough played a role in the death of a congressional aide, others say Twitter’s policies are not enough. In response to this controversy, a Twitter spokesperson said the company is “working to expand existing product features and policies so we can more effectively address things like this going forward, and we hope to have those changes in place shortly.”

Trump Signs Executive Order Limiting Protections for Online Platforms 

Following Twitter’s move to apply a fact-checking notice to tweets posted by President Trump about voter fraud, the president signed an executive order on Thursday seeking to limit the legal protections enjoyed by online platforms under federal law. Specifically, the order aims to scale back Section 230 of the 1996 Communications Decency Act, which generally shields online companies from liability for materials posted by their users. Representatives from Google, Facebook, and Twitter criticized the effort, and Twitter’s public policy account tweeted that efforts to erode Section 230 “threaten the future of online speech and internet freedoms.” Experts predict that the executive order will be challenged in court for overstepping the federal government’s authority in restricting the legal protections of online platforms.

Amnesty International Discovers Vulnerability in Qatar’s Contact Tracing App

On Tuesday, Amnesty International reported a vulnerability in Qatar’s coronavirus contact tracing app, EHTERAZ, that allowed researchers to access personally identifiable information, including a person’s name, health status, and GPS coordinates from the app’s central database. The Qatari government, which made downloading the app mandatory last Friday, immediately fixed the vulnerability after being alerted by the organization. Like the United Kingdom, whose contact tracing app has also been revealed to have security flaws, Qatar’s app uses a centralized model for storing personal data in a central database controlled by the government. Not only was this model easily exploited by Amnesty International’s security researchers, but it has also been criticized by privacy activists for granting governments unrestricted access to their citizens’ personal data. Apple and Google’s decentralized model for contact tracing, which has already been implemented in Switzerland’s app and embraced by the German government, could continue to gain in popularity if centralized systems, like Qatar’s, are shown to be more vulnerable.

U.S. Government Plans to Cancel Visas of Chinese Graduate Students With Ties to PLA 

On Thursday, the New York Times, relying on two unnamed U.S. government sources, reported that the U.S. government will cancel the visas of thousands of Chinese graduate students and researchers with direct ties to universities affiliated with China’s People’s Liberation Army (PLA). The move would be the first designed to prohibit a category of Chinese students from studying in the United States. U.S. universities are expected to push back against the measure, not least because Chinese students make up the largest portion of international students and provide a valuable source of tuition. According to the sources, the main purpose of the move is to clamp down on spying and intellectual property theft that some Chinese students have been suspected of engaging in on U.S. campuses. In a separate move, Senators Tom Cotton (R-AR) and Marsha Blackburn (R-TN) on Wednesday proposed the Secure Campus Act, which, if passed, would prohibit Chinese citizens from receiving visas to attend U.S. graduate programs in STEM fields. Both efforts are expected to further exacerbate already strained U.S.-China relations, which have been particularly tense amid the coronavirus pandemic and China’s newly passed national security law regarding Hong Kong. 

The NSA Accuses Russian Hackers of Targeting Email Servers Around the World

On Thursday, the National Security Agency (NSA) publicly accused Sandworm, a hacking group affiliated with the GRU, Russia’s military intelligence, of targeting email servers around the world since at least August 2019. The announcement did not specify which servers had been compromised or Sandworm’s motive behind the operation. However, former NSA employee Jake Williams warned that exploiting email servers could allow attackers to penetrate additional networks and observe both current and historic email activity. The NSA urged all companies using the email server software targeted by Sandworm to update their software, check their traffic logs for evidence of exploitation, and segment their networks to prevent penetrations from spreading. Numerous cyberattacks have been attributed to Sandworm, including the NotPetya worm that caused $10 billion in damage globally in 2017. The NSA’s decision to publicly call out the group’s activities demonstrates an increased willingness to identify cyber threats as the U.S. presidential election approaches.