Cyber Week in Review: September 13, 2019
Tech Giants Ask Congress for a Data Privacy Bill to Bypass State Laws: More than 50 tech CEOs sent a letter to Congress this week calling for a national data privacy law to "strengthen consumer trust and establish a stable policy environment.” The tech giants, including Amazon, IBM, and Qualcomm, are pushing Congress to pass a federal law that would preempt state law ahead of the implementation of California’s strict data privacy law. The companies argue that having a patchwork of state and federal data privacy laws would be confusing for consumers and detrimental to business. But critics have voiced concern that preempting state laws would hurt data privacy in the long term, as states have historically been faster than the federal government in adjusting policy to rapidly-advancing technology.
As four proposed pieces of data privacy legislation have stalled in Congress, House lawmakers from both parties have ramped up their probe into anti-competitive practices in the tech industry. The House Judiciary Committee is asking executives from Amazon, Apple, Facebook, and Google to provide documents including executive communications and financial statements as well as information about competitors, market share, mergers, and key business decisions, in search of evidence of anti-competitive behavior. Facebook, for example, is being asked about its acquisition of WhatsApp and Instagram, while Google was asked to turn over information related to 24 products and services, including YouTube and Waze.
Ren Zhengfei Considers Selling Huawei’s 5G Technology: Huawei CEO Ren Zhengfei said he is ready to share his company’s 5G technology with potential Western buyers. In an interview with the Economist, Ren said that Huawei would be willing to sell existing 5G patents, licenses, code, technical blueprints, and production know-how to avoid a ban in the West and to create a competitor. Access to Huawei’s 5G would be sold for a one-time fee, which Huawei would use to further its R&D efforts. The acquirer would be able to modify the source code, which he said would prevent Huawei or the Chinese government from accessing foreign telecommunications networks. It is unclear if there are any potential takers of the offer.
Moreover, security concerns about the inclusion of Huawei into sensitive telecommunications networks continue to rise, with Australian cyber officials this week advising India to ban Huawei from supplying parts for their 5G rollout.
North Korean APTs Continue Attacks on U.S. Entities: As denuclearization talks have stalled between Pyongyang and Washington, Kimsuky, a North Korean hacking group, is suspected of targeting U.S. entities with malware in obscure file formats. The threat actor obtained documents written by industry experts, such as a conference speaker’s notes after a nuclear deterrence summit and an academic’s report on North Korea’s new ballistic missile submarine, and trojanized them with file formats that have relatively low detection rates by anti-virus products, such as KFPs (Kodak FlashPix).
On Friday, the U.S. Treasury Office of Foreign Assets Control announced it is sanctioning the Lazarus Group and two other North Korean APTs. Amid the continued threat, U.S. authorities have voiced their desire to increase information sharing with the private sector. On Sunday, U.S. Cyber Command released samples of North Korea's state-backed malware to researchers, though researchers said the information was outdated.
New California Labor Law Threatens Gig Economy Platforms: California legislators approved a landmark bill that would require many businesses to treat contractors as employees, a move that could potentially disrupt the business model of many app-based companies. This bill would require Uber, Lyft, Doordash, and other gig economy platforms to guarantee labor law protections, such as minimum wage, overtime pay, sick leave, and Social Security and Medicare contributions, to those that operate on their platforms. The bill is set to go into effect on January 1, though Uber signaled that it will resist efforts to reclassify its drivers as employees, arguing that it is exempt from the law because it is a platform rather than a company. Uber is also working with Lyft and DoorDash to funnel $90 million into a committee for a ballot initiative that would create a separate category under the labor code for their workers and announced its intention to respond to claims of misclassification in arbitration and in court, if necessary.
Cloudflare May Have Provided Service to Terrorists and Drug Traffickers: In the run up to its public offering, Cloudfare Inc., cloud-based networking and cybersecurity services provider, voluntarily disclosed that it may have provided services to terrorists, drug traffickers, and other entities identified in the Treasury Department’s counter-terrorism and counter-narcotics trafficking sanctions programs. The company also listed its former customer 8chan, the free speech forum that hosted material from the man who allegedly conducted the mass shooting in El Paso last month, as a risk factor. Despite these disclosures, Cloudfare, which provides distributed domain name server services and mitigation for distributed denial-of-service (DDoS) attacks, raised $525 million in its initial public offering on Thursday after pricing its shares higher than expected.