Cyber Week in Review: September 30, 2016
from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: September 30, 2016

CFR Cyber Net Politics
CFR Cyber Net Politics

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Has anyone found the 400lb hacker yet? Cybersecurity got prime time attention this week when the U.S. presidential candidates were asked how they would "fight" cyberattacks during Monday’s debate. Hillary Clinton asserted that "cyber warfare will be one of the biggest challenges facing the next president," called out Russia for compromising the Democratic National Committee’s (DNC) networks, and hinted that the United States needed to deter adversaries by demonstrating the country’s range of offensive capabilities. For his part, Donald Trump mostly agreed with the need for a stronger deterrent but questioned whether Russia was in fact responsible for the DNC incident--despite U.S. intelligence consensus on the matter--and went on to describe attribution challenges associated with "the cyber." Clinton’s answer, though not perfect, was arguably stronger than Trump’s, who was widely derided for providing a meandering answer that included references to a 400lb hacker and the fact that his ten year-old son was good with computers.

2. German authorities reject recent changes in WhatsApp’s privacy policy. The German data protection authority in Hamburg ordered Facebook to stop collecting data from WhatsApp users and to delete the information it had already collected. In August, Facebook, which bought WhatsApp for $19 billion, announced a change in the messaging service’s privacy policy that would allow Facebook to collect WhatsApp user data for advertising purposes. Some of WhatsApp’s one billion users expressed concern at the data-sharing move when it was first announced, believing that the privacy of their communications could be undermined. Although Facebook has said it will appeal the German decision, the social network faces regulatory headwinds in the United Kingdom, Italy and India, which are also scrutinizing the data sharing deal.

3. IANA transfer crisis averted? Many in the internet governance community rejoiced this week when Congress adopted short term appropriations legislation that did not include language prohibiting the U.S. Department of Commerce from transferring the IANA functions to the global mutlistakeholder internet community. Certain congressional Republicans, including former presidential candidate Ted Cruz, tried to insert language in the funding bill to prevent the transfer but were ultimately unsuccessful following weeks of intense lobbying. The celebration may not last long however, as attorneys general in Arizona, Texas, Oklahoma and Nevada filed suit against the federal government to block the transfer. Kieren McCarthy at the Register examines the lawsuit’s validity and likelihood of success.

4. More fallout from the Yahoo breach. The New York Times reports that Yahoo executives did not prioritize the security of Yahoo services, which possibly contributed to the compromise of over 500 million e-mail accounts announced earlier this month. Sources told the paper that CEO Marissa Mayer was resistant to changes proposed by former Yahoo chief information security officer Alex Stamos and his team for fear that basic security measures, like forcing a password reset after a compromise, would cause users to flee. There was also concern that deploying encryption throughout the company would make it impossible for Yahoo to gather the analytics and user data required to improve its services. The report is unlikely to make life easier for the company, which has been asked to brief Senators on the fall out of the email compromise and is facing a possible SEC probe into whether Yahoo should have disclosed the breach to investors when it was first discovered earlier this summer.