from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: November 6, 2015

TPP Cyber Net Politics CFR

November 6, 2015

TPP Cyber Net Politics CFR
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

  • The full text of the Trans-Pacific Partnership agreement was released yesterday. Finalized last month after ten years of talks, the extensive trade deal negotiated by twelve Pacific rim countries contains more than a few chapters that are likely to influence digital trade, including the chapters on intellectual property, electronic commerce, telecommunications, and technical barriers. Longstanding opponents of the deal such as the Electronic Frontier Foundation have already denounced it, arguing that it prioritizes "trade interests over privacy rights.” Over at Passcode, George Washington University Professor Susan Ariel Aaronson asks everyone to take a breather and assess on the entire contents of the deal before opining on its impact on the open Internet. Given the technical and legalistic nature of the text, that will likely take some time. Net Politics’ own David Fidler’s will have his initial comments next week.
  • The UK government released a draft of its investigatory powers bill and supporting explanatory documentation aimed at updating the country’s surveillance and oversight legislation. Over 200 pages long, the draft bill aims to consolidate all of the existing surveillance and communications interception powers of UK law enforcement and intelligence agencies, including authorities they always had but were never made explicit, like collecting communications metadata. A lot of attention has focused on the bill’s provision that would require communications providers to retain Internet connection records (ICRs) for up to a year. ICRs would allow law enforcement to know which computer or website an individual accessed but not the content accessed. Unsurprisingly, the bill has attracted controversy. Edward Snowden has called it the “snooper’s charter” while and an unnamed intelligence official in the Guardian argued that the powers were necessary to keep UK citizens safe, echoing the conclusions of three separate independent panels.
  • According to Wired, a group of hackers has claimed Zerodium’s $1 million bounty for an “exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices.” The new exploit acquisition firm made headlines in September for offering to pay the sum up to three times over for the hack, significantly more than the going rates of $250,000 in 2012 and $500,000 in 2013. While only one group made a complete jailbreak, Zerodium founder Chaouki Bekrar has suggested that he may pay a second team a partial bounty for their partial exploit. He now plans to share this information with customers--“government organizations” and “major corporations in defense, technology, and finance”--but not Apple.
  • Bloomberg reported that Germany and China are close to finalizing a pact prohibiting cyber espionage for commercial gain between the two countries. This would be the third agreement China has negotiated in just over a month, having reached analogous settlements with the United States in late September and the United Kingdom in late October. Although it’s not the first time China has sought to address Germany’s cyber espionage concerns, Angela Merkel is seeking a deal “very quickly” according to Bloomberg.
  • On Monday, the U.S. Supreme Court heard arguments for Spokeo, Inc. v. Robins, a case with important implications for privacy, cyber, and national security law. The plaintiff filed a class-action lawsuit against Spokeo, which bills itself as the “people search engine,” for providing false information about him on his profile, and claims he is owed damages despite the absence of concrete harm for willful violation of the Fair Credit Reporting Act, a law that requires credit information collected about a person be accurate. CFR International Affairs Fellow Adam Klein provides more insight into the case on Lawfare.