from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: November 13, 2015

Cyber CFR Net Politics Microsoft
Cyber CFR Net Politics Microsoft

November 13, 2015

Cyber CFR Net Politics Microsoft
Cyber CFR Net Politics Microsoft
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

  • Microsoft announced it will allow European customers to store cloud data on German servers starting in 2016. Chief Executive Satya Nadella announced that Microsoft has partnered with Deutsche Telekom AG to run data centers in Magdeburg and Frankfurt, and “offer customers choice and trust in how their data is handled and where it is stored.” The deal with Deutsche Telekom is novel: under German law, Microsoft would be unable to access its customers’ data unless their customers explicitly authorize it or Deutsche Telekom approves a request to access the data. The announcement is being framed as a way to keep data beyond the reach of U.S. intelligence agencies, namely the NSA, given that Microsoft would be incapable of handing over data even if compelled by a U.S. court. Practically, however, Microsoft’s legal jiu jitsu may actually make it easier for the NSA to access Europeans’ data. Before, the NSA had to go to a U.S. court (e.g. the Foreign Intelligence Surveillance Court) to access data on non-U.S. persons held by U.S. companies. Now, a foreign company holds the data, removing the requirement for the NSA to petition a court, effectively allowing it to access as much data as it wants provided it has the technical capabilities to break into Deutsche Telekom’s servers or tap the Internet’s backbone.
  • NSA Director Michael Rogers proudly noted that the agency shares more than 90 percent of the zero-day vulnerabilities it detects with companies in a speech at Columbia University. Reuters, quoting anonymous "current and former" U.S. government officials notes that the number may be misleading given that the NSA sometimes discloses zero-days only once they have been used in an intelligence operation. For more of the U.S. vulnerabilities disclosure process, you can check out Net Politics’ write up.
  • The 10th annual Internet Governance Forum (IGF) took place in João Pessoa, Brazil, drawing a diverse array of government, private sector, and civil society  participants from all over the world to discuss Internet policy.  This year’s theme is "Evolution of Internet Governance: Empowering Sustainable Development," and workshops revolve around various sub-themes, such as cybersecurity, the Internet economy, diversity, openness, and human rights. All of the sessions are available online. This may be the last IGF if the UN General Assembly does not renew its mandate in December at the WSIS+10 meeting, though that seems unlikely given the first draft of the WSIS+10 outcome document.
  • The Intercept interviewed Edward Snowden, who provided tips to readers to protect their data online. Although Snowden is a polarizing figure, his advice is sound and consistent with the suggestions many other cybersecurity experts have given. His advice? Use two factor authentication, use a password manager, and use TOR for sensitive online activities. Do it, do it now.