Cyber Week in Review: October 27, 2023

U.S. withdraws digital trade proposals from World Trade Organization

U.S. Trade Representative Katherine Tai is dropping several digital trade demands in World Trade Organization (WTO) talks. The proposals were introduced in 2018 during the Trump administration and aimed at securing free cross-border data flows and prohibiting national data localization requirements and government reviews of company’s source code. The change comes as the Biden administration is trying to negotiate a digital trade portion of the Indo-Pacific Economic Framework (IPEF), and as both the administration and some Democrats in Congress are increasingly trying to regulate large technology companies. The move brought backlash from several corners, including from Senator Ron Wyden (D-OR) who claimed the move would be “a win for China,” and Jonathan McHale, Vice President of the Computer and Communications Industry Association lobbying group, which counts Google, Amazon, and Meta among its members, who called it “a major disappointment.”

Progress towards EU AI Act signifies hope for December deal

Throughout this week, European Union lawmakers have been continually working towards further agreement on the AI Act. On Tuesday night, these lawmakers agreed to a framework for Article 6 of the Act, which focuses on outlining how to designate “high risk” AI systems, according to individuals involved in the EU legislative process. Article 6 had been a significant point of contention in the discussions around ratifying the AI Act, due to disagreements about a proposed tiering process for high risk systems versus unacceptable systems, and the role of so-called “accessory systems” which perform minor tasks secondary to a human, such as translating text between languages. However, the agreement on Article 6 is a significant step forward on the AI Act, and negotiators will meet again at the upcoming convening meeting in December, where they hope to iron out a final version of the bill to present for passage, prior to the EU parliamentary election in June 2024. In similar news, the UN announced that it was convening a new AI Advisory Board to focus on the risks, opportunities, and international governance of artificial intelligence.

Weibo mandates that users with more than one million followers use their real name

Weibo, the Chinese microblogging website roughly similar to Twitter, announced that it will require users with more than a million followers to use their real names on the platform. It is unclear if the new policy is being implemented on the orders of China’s main internet regulator, the Cyberspace Administration of China (CAC), or if it is the result of internal deliberations at the company. The company’s CEO, Wang Gaofei, has already added his full name to his personal account, which had not shown his name before the change. The CAC has been tightening its control over social media in the past several months, issuing thirteen regulatory rules in July of this year, one which stipulated that platforms need to do more to identify users by their real names.

Threat actors compromise Okta to access downstream systems

U.S. identity and access management company Okta announced that its systems had been compromised by an unknown threat actor who managed to access the account of a support engineer at the company. The actors leveraged their access to break into the networks of several other companies, including BeyondTrust, Cloudflare, and 1Password, although the scale of the breach is still in question. All the companies said they spotted the intrusion in its early stages, and did not detect the actor on their internal systems. Both BeyondTrust and Cloudflare criticized Okta for its slow response to the incident, with BeyondTrust stating that they notified Okta of the breach on October 2, and that it took Okta sixteen days to resolve the breach. Okta suffered a high-profile hack in January 2022 after the Lapsu$ gang broke into its systems and posted screenshots of its internal systems.

Forty one states sue Meta, alleging its products harm children

Forty one U.S. states and Washington, D.C. are suing Meta, alleging that the company has built addictive features into its platforms Instagram and Facebook, and that these addictive features are harming children. The main suit [PDF], which thirty three states are party to and which was filed in the U.S. District Court for the Northern District of California, alleges that Meta utilized four strategies that were harmful to children, including: attempting to maximize young users’ time on the platform; deploying harmful and manipulative product features on said platforms to increase young users’ compulsive use of the platforms; minimizing public reporting of harms to young users and purposefully publishing misleading reports showing low rates of negative experiences by users; and refusing to abandon existing features even after they’ve been found to be harmful. Meta said it was disappointed the attorneys general had chosen to file the suit rather than “working productively with companies across the industry to create clear, age-appropriate standards for the many apps teens use.”

Eva Schwartz is the intern for the CFR Independent Task Force Program.