Cyber Week in Review: October 7, 2016

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. U.S. government officially accuses Russia of directing email compromises of U.S. officials. The Department of Homeland Security and Office of the Director of National Intelligence accused the Russian government of directing the recent email compromises of Democratic Party officials and subsequent release through DCLeaks.com, WikiLeaks, and Guccifer 2.0. Furthermore, DHS and ODNI officials believe “that only Russia’s senior-most officials could have authorized these activities” and that the disclosures are intended to "interfere with the U.S. election process." The accusation is significant, as it is only the fourth time the U.S. government has publicly attributed a cyber incident to a state-sponsored actor (the first three times being the 2014 PLA indictment, the 2014 North Korean hack of Sony Pictures Entertainment, and the 2011-2013 Iranian denial of service attacks). Curiously, Washington chose to accuse Moscow on a Friday afternoon via press release despite the Russian doxxing campaign being arguably noisier and higher profile than the three previous incidents, which drew indictments and a public rebuke from President Obama.

2. Yahoo collaborated with the NSA... maybe? On Tuesday, Reuters reported that Yahoo had secretly developed a program to scan the entirety of its customers’ emails for a specific string of characters provided by the National Security Agency. The report stated that this was the first time an email provider had been asked to simultaneously scan all incoming communications. Yahoo called the story misleading and several other tech companies were quick to deny that they had similar efforts in place. The following day, the New York Times contradicted some of Reuters’ claims. Quoting anonymous sources, Yahoo is said to have modified existing software that scans incoming email for malware and child pornography to quarantine messages with a specific "digital signature" believed to be used by a state-sponsored terrorist organization for later FBI collection. It’s difficult to draw concrete conclusions about anything from what’s been written. In fact, the Times and Reuters contradict each other on the basic substance of the request: Reuters called it "a broad demand for real-time Web collection" while the Times referred to it as an “individualized court order to look only for code uniquely used by the foreign terrorist organization.” And a third report from Motherboard claims the NSA and FBI actually demanded that Yahoo install a rootkit on its systems. As Nicholas Weaver makes the case for at Lawfare, it might be best to withhold judgment on this incident until a clearer picture of what actually happened is available.

3. We swear, the IANA transition is actually happening. Last week, four states filed a suit to prevent the turnover of basic internet functions to ICANN, which failed in the final hour, allowing the transition to go forward at midnight last Friday. The debate has since moved from prevention to reversal, with many arguing that the lawsuit was stopped on merely technical grounds and that the actual case is still valid. If this is true, then the suit can still progress through the courts, which can then force the United States to retake control of IANA. The Register, as always, provides the best analysis on the transition’s machinations.

4. Facebook’s Free Basics in the United States? The social media giant wants to bring its controversial version of subsidized internet to unconnected Americans. Free Basics, which started its life as Internet.org, provides free access to a limited set of websites curated by Facebook by exempting these sites from carriers’ data caps--a practice known as zero rating. It’s currently available in more than forty countries, mostly in Africa, and has served more than 25 million people. It was banned in India in February under a law that prohibits charging different amounts for access to different websites, and suspended in Egypt last December after Facebook was used to coordinate anti-government protests. Fearing a similar backlash in the United States, where a net neutrality policy may make Facebook a target of the FCC, the company is first engaging in discussions with the White House to determine the most feasible path to implementation.

5. Donald Trump’s cybersecurity speech. Republican presidential candidate Donald Trump announced his cybersecurity plan this week. Net Politics contributors Alex Grigsby and David O’Connor compare his proposals to current White House policy.