Cyber Week in Review: October 23, 2015

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

• As Chinese President Xi Jinping and UK Prime Minister David Cameron announced their very own agreement to thwart cyber-enabled economic espionage for commercial gain, there were conflicting reports of whether China violated an almost identical agreement with the United States. According to a widely referenced CrowdStrike report, the security company identified several probes on their customer’s systems linked to the Chinese government since the U.S.-China deal on September 25. It’s unclear whether the Crowdstrike findings are significant. U.S. Cyber Command Deputy Commander Lt. Gen. James K. McLaughlin noted that a change in behavior may take time, commenting “it’s too early for any of us to see any of those changes.” One expert challenged the Crowdstrike report on the grounds that Chinese government attempts to access companies’ networks in the pharmaceutical and tech sector do not prove that China intended to access intellectual property (IP) for commercial gain. There could be other reasons for the attempted Chinese intrusions, such as identifying dissidents. Proving the Chinese broke the deal would require evidence of IP theft by state-backed actors and then finding the same IP in a Chinese commercial product. It will take longer than a month to find evidence of that.
• A divisive German data retention bill is one step closer to becoming law after passing a vote in the Bundestag. The law would require telecommunication companies store customer metadata on servers in the country for ten weeks and provide access to law enforcement during the investigation of “severe crimes.” Like a predecessor bill passed in 2007 and later rejected by a constitutional court in 2010, this legislation has faced challenges from law enforcement and privacy advocates alike over its disproportionate scope and impracticability. As mentioned in Lawfare, the timing of the passage is certainly ironic as it comes “just one week after the European Court of Justice struck down regulation ‘permitting the public authorities to have access on a generalized basis’ because it ‘must be regarded as compromising the essence of the fundamental right to respect for private life.’” While the European Union lambasts the United States’ “indiscriminate surveillance” practices, European countries continue to pursue mandatory metadata collection laws.
• In other legislative news, the Cybersecurity Information Sharing Act (CISA) hit the floor of the U.S. Senate this week, much to the relief or consternation of lawmakers, tech companies, and privacy advocates. Depending on who you ask, the legislation either facilitates the sharing of cyber threat information within the private sector and with government or legalizes the surveillance of Americans. A vote on CISA will likely take place early next week, with its passage resting on a series of amendments. Politico and the Hill have the nuts and bolts.
• At the United Nations, member states convened for the second preparatory meeting for the World Summit on the Information Society + 10 Review (WSIS+10) to discuss the a zero draft resolution outlining the next steps in the WSIS process. For the uninitiated, Net Politics guest contributor Samantha Dickinson has an overview of the issue. Although there was a general consensus about the importance of using technology to promote sustainable development and bridging the digital divide, there were several noteworthy disagreements. Developing countries and China wanted more cybersecurity references in the text, a position that drew opposition from the United States on the basis that security-related work was occurring in other UN, multilateral, and multistakeholder forums. Australia, Canada, the European Union, and the United States wanted more human rights language and Russia took the opportunity to obliquely criticize the United States for "mass surveillance." A revised draft of the WSIS+10 outcome document is expected November 10.
• The encryption debate continues. Apple submitted a response to a court order issued by a New York federal judge last week to determine whether a government request to decrypt a smartphone was “technically feasible” and “unduly burdensome.” Unsurprisingly, Apple told the court no and yes, respectively. The judge made headlines for rejecting the U.S. government’s claim that the eighteenth century-era All Writs Act justified its decryption request while withholding his decision on the request itself until hearing from Apple directly. In a Wall Street Journal-sponsored event, CEO Tim Cook and NSA Director Michael Rogers agreed that both sides needed to turn down the vitriol surrounding the issue but failed to find common ground elsewhere. Cook said that encryption was necessary to protect people’s privacy and Rogers said that strong, but not unbreakable, encryption is in the U.S. interest.
• In case you missed it, Net Politics turned one this week! If you haven’t already, please let us know how we’re doing by taking out readership survey.