Cyber Week in Review: October 20, 2017

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. May it please the Court. The Supreme Court has agreed to hear United States v. Microsoft, a case that will determine the extent to which U.S. law enforcement can access data stored abroad. Last year, Microsoft successfully quashed a warrant compelling it to hand over customer emails stored in Ireland on the grounds that doing so would be an extraterritorial application of U.S. law. The U.S. government appealed that decision. Over at Lawfare, Andrew Woods has a good primer on the case. Given a spat of similar cases and conflicting rulings, having the Court decide the case could provide companies and law enforcement with clear guidance on collecting digital evidence. American University's Jennifer Daskal isn't so sure given that a decision in either party's favor is unlikely to make for good law--a decision for the government would require U.S. companies to turn over data no matter where it is held and a decision for Microsoft would create an incentive for tech companies to store user data offshore. Instead, many observers, a few courts, and at least two Senators believe Congress is better placed to resolve the issue.

2. The tactics of trolling. A former employee of the Internet Research Agency (IRA), one of the Kremlin’s propaganda machines that spread polarizing messages and disinformation on Facebook in the months leading up to the election, spoke about the agency’s efforts to spread misinformation and contribute to polarization. He claims that the IRA ordered employees to “set Americans against their own government: to provoke unrest and discontent, and to lower Obama’s support ratings.” IRA employees battled with Facebook admins, creating and developing new pages as Facebook attempted to take them down. Trolls were also meant to study U.S. politics so they could create convincing content to disparage Hilary Clinton. According to a report, the IRA had roughly one third of its staff working to influence the U.S. election on Facebook and other networking channels. In an attempt to limit foreign influence on social media, two democratic senators have proposed legislation that would require digital platforms to keep a public record of all purchased ads and their origins.

3. This will work, for now. The European Commission has published its first assessment of the implementation of the U.S.-EU Privacy Shield, which is meant to protect Europeans’ data when it is transferred to the United States. Under the Privacy Shield, participating U.S. companies may collect Europeans’ data so long as they provide individuals with information regarding the type and purpose of any data collection, the identity of any third parties to whom the data is disclosed, and the ability to make complaints about the mishandling of data. Although the Commission is generally happy with the U.S. implementation of the Privacy Shield, it believes the United States should do more to ensure compliance. For example the EU wants the U.S. government to conduct regular compliance checks on participating U.S. companies and that Congress reform section 702 of the Foreign Intelligence Surveillance Act. Congress is currently considering whether to reauthorize section 702 as is or make privacy-enhancing modifications. If section 702 is reauthorized cleanly, next year's assessment is unlikely to be as kind.