Cyber Week in Review: September 18, 2015

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

• The public humming and hawing over sanctioning Chinese cyber actors continues. After several weeks of anonymous Obama administration officials signaling that sanctions were coming, the White House seems to have nixed the plan after a senior Chinese official met with U.S. representatives. Meng Jianzhu, a senior Chinese communist party official, met National Security Advisor Susan Rice, FBI Director James Comey, and Secretary of Homeland Security Jeh Johnson. Despite the talks being characterized as “ugly,” the Washington Post reported that U.S. and Chinese officials reached “substantial agreement” on a several cybersecurity issues. While sanctions may be off the table in advance of Chinese President Xi’s visit next week, President Obama hasn’t taken them off the table entirely. In a speech to business leaders, he noted that he was still “prepared to take some countervailing actions” to stem state-sponsored espionage aimed at pilfering trade secrets.
• President Xi and Chinese Cyberspace Administrator Lu Wei will attend a tech summit in Washington state next week that will include executives of Alibaba, Baidu, Apple, Facebook, IBM, Google and Uber. U.S. executives may want to discuss the pledge of compliance China is urging companies to sign. The pledge, first sent to companies over the summer, asks companies to ensure their products are “secure and controllable,” don’t harm national security and consumers’ rights, and that they “cooperate with third-party institutions for assessment.” While U.S. companies are eager to gain market share in China, they’ve recently been more vocal in pushing back against Chinese requirements they feel could jeopardize their intellectual property, source code, and trade secrets. Ars Technica compares the pledge to U.S. companies’ participation in the NSA’s PRISM program. That analogy only goes so far. PRISM required tech companies to hand over user data upon request, not give U.S. intelligence agencies access to companies’ source code.
• The Senate Judiciary Committee held a hearing on reforming the 1986 Electronic Communications Privacy Act (ECPA). The Committee considered a bill to close a loophole in the law that allows law enforcement to obtain e-mail older than 180 days from a sever with a subpoena instead of a warrant. Although the bill has widespread bipartisan support, the Federal Trade Commission and Security and Exchange Commission expressed opposition, arguing that stronger privacy protections for e-mails would hamper their ability to collect evidence in civil cases. ECPA reform advocates pushed back, noting that e-mails on servers should have the same protections as printed e-mails stored in someone’s drawer. At the hearing, the Business Software Alliance encouraged committee to also consider emerging issues, like e-mails stored on foreign servers akin to those in the Microsoft case.
• Republican Presidential Candidate Jeb Bush released a five-point cybersecurity policy that is strikingly similar to the White House’s current approach to cybersecurity. Despite criticizing the Obama administration for the OPM incident and Hillary Clinton’s e-mail server, the Bush plan calls for information sharing legislation and improving government procurement, two White House cybersecurity priorities. Net Politics’ own Rob Knake calls it "a ringing endorsement of the approach the Obama administration has taken.” The only major departure from Bush proposal and current policy is the GOP candidate’s rejection IANA transition process, which is sure to rile many in the Internet governance community who have been working on a transition process for over eighteen months.