Cyber Week in Review: November 30, 2018
Here is a quick round-up of this week’s technology headlines and related stories you may have missed:
1. Any Huawei-related puns? Anyone? The U.S. government has begun a campaign urging allies to not use Huawei products in their telecom networks because of the national security risk they may pose, according to the Wall Street Journal. U.S. officials have long been concerned that Huawei products could facilitate Chinese espionage, but this recent outreach effort seems particularly motivated by concerns that traffic from overseas military bases, which largely flows through commercial networks, could be compromised. Coincidentally, news of the campaign comes at the same time that New Zealand announced that it had rejected a local telecom's proposal to use Huawei equipment in its 5G network upgrade over what the government called “a significant network security risk.” Despite these warnings, however, the Chinese equipment provider remains a popular, with Papua New Guinea announcing that it would honor its agreement with Huawei to build a submarine telecom cable rather than accept a last minute counteroffer put forth by the United States, Japan, and Australia to build the same cable with a different company.
2. A test case for the CLOUD Act. A coalition of human rights groups have written to the U.S. Department of Justice arguing that UK authorities should not be given access to the data of U.S. technology companies under the CLOUD Act. The act allows the United States to establish bilateral agreements with foreign governments to facilitate the collection of digital evidence in criminal investigations. Under the law, the United States can only establish agreements with countries whose law enforcement and criminal justice system meet "applicable international human rights obligations." The coalition of rights groups claim that the UK fails to meet this standard given various laws which they believe restrict freedom of expression, and a recent court case that found the UK in breach of the European Convention on Human Rights. They also note that UK law allows for the issuance of general warrants that do not limit the duration of data access, contrary to particularized and time-bound requirements in U.S. law. Despite these objections, it is hard to imagine that they will torpedo the draft UK-US deal on digital evidence given that the CLOUD Act was largely created to implement it.
3. Extorting U.S. cities with ransomware is not the best business model. The U.S. Department of Justice announced an indictment of two Iranian hackers for running a ransomware and extortion operation that earned them $6 million in ransom payments and cost victims over $30 million. The hackers are believed to have created and installed the SamSam ransomware on the computers of public institutions, hospitals, and city governments, asking bitcoin in exchange for decrypting the victims' files. U.S. officials called the operation an “extreme form of 21st century digital blackmail,” and caused hospitals to turn away patients and crippled municipal networks in cities such as Atlanta. In a separate action, the Treasury Department sanctioned two other Iranian individuals for helping the indicted hackers exchange their bitcoin ransom for Iranian rial. The both departments remained silent on whether the Iranians charged were operating at Tehran's direction, or whether they were working on their own for the money.
4. I think this law needs more teeth. Russia is reportedly planning on implementing harsher penalties for technology firms that violate Russian law, as part of a larger crackdown on scofflaw internet services according to Reuters. Google was recently charged with failing to remove banned websites on a list maintained by Russian internet regulator Roskomnadzor from its search results. The search giant was fined the equivalent of $10,430 under current law, the equivalent of a rounding error in the world of Google accounting. As a result the Kremlin is looking to amend the law, circulating a proposal that would allow Roskomnadzor to fine internet companies up to one percent of their annual revenue in Russia.
5. Should we ban this? A request for public comment published in the Federal Register suggests that the U.S. Department of Commerce is exploring the possibility of making emerging technologies such as artificial intelligence (AI), advanced computing technology, quantum computing, and others subject to export control rules. These technologies, according to Commerce, could be considered "essential to U.S. national security" requiring licenses for export and is seeking comment from the public to inform its assessment. Given the current state of U.S-Chinese technology competition, some in the Donald J. Trump administration might view export controls on AI, quantum computing, and other frontier technologies to export controls as a way to keep the United States competitive. However, R. David Edelman at MIT argues that export controls on such general computing technology could actually hamper U.S. competitiveness by limiting opportunities for research collaboration and closing off U.S. export markets. The comment period ends December 12, 2018.