Secretary of State Mike Pompeo announced the creation of a new bureau within the state department for cybersecurity.
government
CISA Tells Federal Agencies to Update SolarWinds Software ASAP
In the wake of the SolarWinds cyber attack on the U.S. government, CISA urges agencies to update their software by the end of the year.
US Government Appeals Injunction Against TikTok Ban
The U.S. government is appealing an injunction from S. District Court Judge Carl Nichols that blocked its ban of TikTok.
The Trump administration had raised concerns over the video-sharing app due to its Chinese ownership by way of parent company ByteDance, and the potential risk of TikTok’s U.S. user data being accessed by the Chinese government.
[…]
Judge Nichols in the separate case led by TikTok ruled that Trump overstepped his authority in trying to ban the app from the U.S., referring to the agency’s action as “arbitrary and capricious.”
New Covid Relief Package Removes Huawei, ZTE Broadband Equipment
The U.S. passed a new US$900 Covid relief package and it provides US$1.9 billion to remove Huawei and ZTE equipment from US networks.
DOJ Charges Zoom Executive With Aiding Chinese Government
The Department of Justice is charging a China-based Zoom executive with aiding the Chinese government to shut down certain Zoom meetings.
Russian ‘Cozy Bear’ Hacking Team Hits US Government Networks
A group of Russian hackers known as Cozy Bear has hacked several U.S. government agencies like the Treasury and Commerce departments.
On Sunday night, FireEye said the attackers were infecting targets using Orion, a widely used business software app from SolarWinds. After taking control of the Orion update mechanism, the attackers were using it to install a backdoor that FireEye researchers are calling Sunburst.
How the U.S. Used the Patriot Act to Track Web Browsing
Government entities have been using Section 215 of the Patriot Act as justification to collect logs of web browsing activity.
In fact, “one of those 61 orders resulted in the production of information that could be characterized as information regarding browsing,” Mr. Ratcliffe wrote in the second letter. Specifically, one order had approved collection of logs revealing which computers “in a specified foreign country” had visited “a single, identified U. S. web page.”
Big Tech CEOs to Speak on Section 230 Law Tomorrow
The CEOs of Facebook, Alphabet, and Twitter will appear before the Senate Commerce Committee tomorrow to speak about Section 230.
Apple Lobbies Congress on Uyghur Slave Labor Bills
A report on Friday says that Apple lobbied Congress through Fierce Government Relations on the Uyghur Forced Labor Prevention Act.
Apple Looks for Tax Breaks for U.S. Chip Production
A report on Thursday says that Apple has been lobbying the government for tax breaks as it seeks to build its U.S. chip production.
Federal Judge Halts TikTok Ban From United States
On Sunday, federal judge Carl Nichols granted a preliminary injunction against a TikTok ban from the Trump administration.
How the United States is Ensuring Votes are Secure
Max Eddy writes an examination of election engineering and how the U.S. can ensure voting security. The part I think is fascinating is the work of Sam Curry, CSO of cybersecurity company Cybereason. His team has been simulating election attacks to figure out how best to protect our elections.
He’s observed numerous strategies and has advice on how best to protect an election. The people playing the role of defenders, usually given the role of law enforcement, “must create open lines of communication between government departments and also media sources and social media companies,” said Curry. Knowing who to call and when to call them and having a reliable back-up system in case one fails (or is intentionally sabotaged) are all critical.
CISA Believes China Hacked US Government Systems
According to the Cybersecurity and Infrastructure Security Agency, Chinese-affiliated hackers have compromised U.S. government computer systems.
“This beaconing is a result of cyber threat actors successfully completing cyber operations that are often designed around emergent vulnerabilities and reliant on existing exploitation tools,” the advisory states. “CISA observed activity from a Federal Government IP address beaconing out to the threat actors’ [command and control] server.”
Get we just get it together for 10 seconds, please?
Government Contractor ‘Anomaly Six’ Used SDK to Track Phones
A U.S. government contractor called Anomaly Six used its SDK embedded in over 500 apps to track people. Which apps have this SDK is unknown.
Congressman Wants Apple to Increase Security Over Foreign-Linked Apps
Rep. Stephen Lynch, chairman of the House subcommittee on national security, sent separate letters to Apple and Google, wanting assurances these companies could warn users about apps with foreign ties.
At a minimum, Apple and Google should take steps to ensure that users are aware of the potential privacy and national security risks of sharing sensitive information with applications that store data in countries adversarial to the United States, or whose developers are subsidiaries of foreign companies.
Apple can only do so much. They probably can’t check the source code of every app to see if it contains Chinese spying code. And what about U.S. spying code?
Supreme Court Supports Federal Ban on Robocalls
The U.S. Supreme Court has upheld a federal ban on robocalls and eliminated an exception that was made for government debt collectors.
Senate Judiciary Committee Passes Anti-Privacy ‘EARN IT Act’
Today the Senate Judiciary Committee passed the EARN IT act, a bill that weakens Section 230 protections for social media companies in an attempt to fight online child abuse.
Senators Introduce COVID-19 Consumer Data Protection Act
Today a group of Republican senators announced plans to introduce the COVID-19 Consumer Data Protection Act.
The legislation would provide all Americans with more transparency, choice, and control over the collection and use of their personal health, geolocation, and proximity data. The bill would also hold businesses accountable to consumers if they use personal data to fight the COVID-19 pandemic.
A good move, I think. We need thoughtful legislation passed to preempt the contact tracing train.
Apple Exec Cynthia Hogan Joins Joe Biden’s Team as Adviser
Joe Biden’s presidential campaign announced that Apple executive Cynthia Hogan will join their team as an adviser to search for a running mate.
Apple Responds to Senator Questions About COVID-19 App
Several Democratic senators had sent a letter to Tim Cook, questioning the privacy and security of Apple’s COVID-19 app. Today we have Apple’s response.
Could We See a US Digital Dollar Soon?
So right away, the answer to my headline is “probably not.” The article I’m linking to says language of digital dollars was removed from the final version of the stimulus package. But I think it’s worthwhile to think about.
The bill establishes a digital dollar, which it defines as ‘a balance expressed as a dollar value consisting of digital ledger entries that are recorded as liabilities in the accounts of any Federal Reserve Bank or … an electronic unit of value, redeemable by an eligible financial institution (as determined by the Board of Governors of the Federal Reserve System).’
Now may not be the time to introduce entirely new technologies, especially if they slow the release of the package. But I personally like the idea, although I don’t advocate for a completely cashless society as I’ve mentioned before.
U.S. Government Wants to Track Coronavirus Spread With Location Data
The U.S. government is in talks with Facebook, Google, and others to use location data to track the spread of the coronavirus.
Public-health experts are interested in the possibility that private-sector companies could compile the data in anonymous, aggregated form, which they could then use to map the spread of the infection, according to three people familiar with the effort, who requested anonymity because the project is in its early stages.
On the surface, it’s for good intentions (They always seem good on the surface). But we know that in certain situations, data can be de-anonymized. Some questions: How will they use this data? How effective would this be? Will the government keep the database afterward? My initial thought is that I have no problem with medical experts and scientists doing this. But I have no faith in this current administration, or faith in companies like Facebook and Google. What if they created an app to collect this data? That way it’s optional. And please password–protect the server.
A.G. William Barr Wants Tech Companies to Fight Child Sexual Abuse
Attorney General William Barr wants tech companies like Apple to fight online child sexual abuse even more with “voluntary standards.”
These voluntary principles are built on existing industry efforts to combat these crimes. Some leading companies have dedicated significant resources to develop and deploy tools in the fight to protect children online and to detect, disrupt and identify offenders. Although significant progress has been made, there is much more to be done to strengthen existing efforts and enhance collective action.
First, as I discovered last year Apple started to scan online iCloud content for child sexual abuse material (CSAM). Many other companies do the same. Second, although encryption wasn’t explicitly mentioned, this is undoubtedly (in my opinion) a new development in the war on encryption. Child predators are one of the scary boogeymen used by the government to erode our privacy even further. I of course do support Apple scanning for this content, but it’s not a black and white issue.
NSA Spy Program Cost Taxpayers $100 Million and Was Overall Useless
Form 2015 to 2019 the National Security Agency (NSA) collected Americans’ domestic phone calls and texts. The program cost US$100 million but only one investigation was able to make use of that data.
Moreover, only twice during that four-year period did the program generate unique information that the F.B.I. did not already possess, said the study, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday.
“Based on one report, F.B.I. vetted an individual, but, after vetting, determined that no further action was warranted,” the report said. “The second report provided unique information about a telephone number, previously known to U.S. authorities, which led to the opening of a foreign intelligence investigation.”