from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: September 28, 2018

The U.S. Capitol dome is pictured in the pre-dawn darkness in this general view taken on October 18, 2013. Jonathan Ernst/Reuters

This week: possible federal privacy legislation, Aadhaar goes before the Indian Supreme Court, DEF CON's Voting Village, and Huawei-related news in Australia and Canada. 

September 28, 2018

The U.S. Capitol dome is pictured in the pre-dawn darkness in this general view taken on October 18, 2013. Jonathan Ernst/Reuters
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. We take your privacy seriously. Executives from Google, Apple, Twitter, and others testified before the Senate Commerce Committee during a hearing about data protection and privacy. In recent months, federal lawmakers have signaled that they are considering federal data privacy legislation in the wake of the Cambridge Analytica scandal, the Equifax breach, California's Consumer Privacy Act (loathed by some tech companies), and Europe's General Data Protection Regulation. During the hearings, the tech companies acknowledged that a federal privacy law was necessary to streamline the current patchwork of state privacy and data breach notification laws. The companies differed, however, in the type of legislation they would prefer. Apple, which primarily makes money by selling hardware, said that it would support legislation similar to California’s whereas Google, which sells ads based on its users' habits, said that a California- or GDPR-style framework would pose a challenge. In a Council on Foreign Relations brief published earlier this year, Center of Democracy and Technology CEO Nuala O’Connor proposed four things a new privacy framework should accomplish: cover all U.S. institutions, harmonize inconsistencies among states, incentivize data protection as opposed to breach disclosure, and provide a redress mechanism.

More on:

Cybersecurity

Digital Policy

2. Aadhaar is constitutional, sort of. The Supreme Court of India has upheld the legality of Aadhaar, the controversial biometrics identification program, ruling that it does not violate Indians’ right to privacy but that its use should be limited. Introduced in 2009, Aadhaar was intended to cut down on graft by providing a fool-proof identification mechanism to access government services. However, the program has come under criticism due to security breaches, authentication errors that wrongly denied welfare to eligible recipients (some of whom later died), and the widespread practice of private businesses requiring Aadhaar identification for everything from buying a cell phone to opening bank accounts. By limiting Aadhaar’s use to government entities, the ruling addresses the last concern, a restriction some view as a “blow” to the “vision of the Aadhaar project as a universal and ubiquitous ID.” Though the decision is generally seen as a victory for the Indian government, civil society activists have vowed to continue their campaign to rein in the program.

3. So many vulnerabilities. Organizers of DEF CON’s Voting Village released a report about weaknesses in popular voting machines that were hacked into during August’s conference. The report cites a voting tabulator used in twenty-three states that can be hacked into remotely, warning that “hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election.” Other flaws found included a malware vulnerability, initially reported a decade ago, that was identified in a machine used in the 2016 election. The report joins the growing number of warnings issued by cybersecurity experts about the security of the U.S. election infrastructure, following reports of Russian interference during the 2016 presidential election. Voting Village organizers have urged Congress to fund the implementation of basic security standards and a crisis communications plan in states, but that is unlikely to take place in time for the U.S. midterm elections in November. Writing in the New York Times Magazine, Kim Zetter examines why U.S. election infrastructure remains so vulnerable.

4. Did you know that some just don't like Huawei? Two Huawei stories of note this week. First, Reuters reports that the United States, Japan, and Australia plan to submit a joint bid to squeeze out Huawei in its efforts to build a submarine telecommunications cable to Papua New Guinea. Western countries have had longstanding concerns that Huawei equipment could be used by the Chinese government to facilitate espionage. Given existing tensions between the United States and its allies and China in the Pacific, submarine cables in the region have become a point of contention. In July, Australia signed a deal with the Solomon Islands to build a cable there, sidelining Huawei which already had a preliminary contract with the Solomon government to build it. Second, the Globe and Mail reports that Canada does not intend to follow Australia’s lead in banning Huawei from providing equipment for its 5G network, at least for now. Testifying before a House of Commons committee, a senior cybersecurity official said the Communications Security Establishment had a testing regime in place to evaluate the security of Huawei equipment, similar to the UK approach. Ottawa previously announced that it was conducting a national security analysis to identify current and emerging risks to its telecommunications network, and 5G equipment is not expected to be deployed there until 2022.

More on:

Cybersecurity

Digital Policy

Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail
Close