House Democrats Release Their Tech and Competition Package, Part II

EU greenlights Facebook's acquisition of Kustomer; UK issues a government cyber security strategy; U.S. government publishes zero trust strategy

First, the Wavelength will transition to a paid product, but there will still be a free version available. Details to come this coming week.

Second, please send the Wavelength to anyone you think might find value in it.

Photo by Yassine Khalfalli on Unsplash

Some number of months after the United States (U.S.) Senate sent the “United States Competition and Innovation Act” (USCIA)  (S.1260) to the House (see here and here for more detail and analysis), the leadership of the U.S. House has worked out a massive package (more than 2900 pages) chock full of policy issues the Senate bill did not encompass.

A number of committees announced the release of the “America Creating Opportunities for Manufacturing, Pre-Eminence in Technology and Economic Strength Act of 2022” (aka the America COMPETES Act of 2022) (H.R.4521) and asserted in their press release that the bill “includes a historic investment to surge production of American-made semiconductors, tackles supply chain vulnerabilities to make more goods in America, turbocharges America’s scientific research and technological leadership, and strengthens America’s economic and national security at home and abroad.” The committees issues a section-by-section and a fact sheet.

Like the USCIA, the America COMPETES Act would revamp how the U.S. government funds, directs, and supports basic and applied science with an eye to maintaining U.S dominance. Title III of Division B, the National Science Foundation For The Future Act, would affect such changes, and the drafters of this section explained:

To address major societal challenges and sustain United States leadership in innovation, the Federal Government must increase investments in research, broaden participation in the STEM workforce, and bolster collaborations among universities, National Laboratories, field stations and marine laboratories, companies, labor organizations, non-profit funders of research, local policymakers, civil societies and stakeholder communities, and international partners.

Roughly $80 billion in appropriations would be authorized for the NSF with the catch always being appropriators would actually need to provide those funds. If, and this is a very big if, appropriators were to provide all the funds authorized for the NSF, in the first year, the agency’s budget would just about be doubled by the end of the five year period the bill covers.. his would entail a significant increase in this fiscal year as the America COMPETES Act would authorize $12.5 billion for FY 2022 whereas the House Appropriations Committee recommended $9.6 billion for the current fiscal year, and the Senate Appropriations Committee $9.5 billion. Finally, if appropriators do not provide the full amount of funding, then the NSF will have to necessarily have to scale back the programmatic changes the America COMPETES Act directs.

The NSF would receive a new range of duties with respect to PreK-12 Science, Technology, Engineering, and Math (STEM) education in order to increase the number of Americans versed in these fields.

The NSF would need to contract with the National Academies of Sciences, Engineering, and Medicine to study how advance and increase STEM education for children in PreK through high school.  The agency would also need to contract with the National Academies to conduct another study that would focus on existing research to identify gaps and obstacles in STEM research and education, enumerate winning strategies and programs, and make recommendations to a range of U.S. agencies on how to address barriers to adoption of successful methods and innovative approaches.

The NSF must award grants for three entities to establish Centers for Transformative Education Research and Translation that would focus on fostering STEM educational innovations. The agency would also need to make grants to universities or non-profits for research on programming that engages Pre-K through middle school students in STEM with an eye to increasing the number of students pursuing careers in STEM.

The NSF’s mission is expanded to encompass STEM, giving the agency a larger role in each field. Moreover, the NSF’s programs relating to the research and development of “advanced-technology” is expanded to include information technology, cybersecurity, micro and nano electronics, and other fields. Existing programs to better recruit, retain, and educate STEM teachers would be expanded further.

This section of the bill also has language on expanding cyber workforce, specifically NSF research on the current state of this sector of the U.S. labor market and how to expand it. Moreover, the already existing Federal Cyber Scholarship-for-Service Program would be broadened to include the “cybersecurity-related aspects of other related fields as appropriate, including artificial intelligence, quantum computing and aerospace.” There is an emphasis on increasing the number of people in STEM and technology fields from historically underrepresented groups, including people living in rural areas of the U.S.

The NSF is also charged with implementing measures to detect and deny “malign foreign talent” from entering the U.S. academic research system and to tighten the security at facilities funding, in whole or in part, by the U.S. government. Additionally, 12 months after passage, any institution seeking research or educational funding from the NSF will need to certify they are not employing or using any people from a “malign foreign government talent program.” In the same vein, there is a general requirement for all U.S. research agencies to establish a policy requiring all applicants for research grants to make the same certifications. To this end, a Research Security and Policy Office is to be established in the Office of the NSF Director. The NSF would need to develop and make available risk assessment and mitigation strategies for institutions of higher learning to protect their research from threats, which seem to be exfiltration and compromise from nations like the PRC, Russia, and others.

Among the many areas the NSF is directed to award merit-based, competitive research grants to:

·      increase understanding of social media and consumer technology access and use patterns and related psychological and behavioral issues, particularly for adolescents;

·      explore the role of social media and consumer technology in rising rates of depressive symptoms, suicidal ideation, drug use, and deaths of despair, particularly for communities experiencing long-term economic distress;

·      support basic research that will accelerate innovation to advance critical minerals mining strategies and technologies for the purpose of making better use of domestic resources and eliminating national reliance on minerals and mineral materials that are subject to supply disruptions.

NSF would also need to study the artificial intelligence research capacity at U.S. high education institutions.

The America COMPETES Act would establish inside the NSF a new Directorate for Science and Engineering Solutions “to advance research and development solutions to ad- dress societal and national challenges for the benefit of all Americans.” This new Directorate would “support use-inspired research, accelerate the translation of Foundation-supported fundamental research and to advance technologies, facilitate commercialization and use of federally funded research, and expand the pipeline of United States students and researchers in areas of societal and national importance.” The Directorate must periodically identify its five focus areas, which should pertain to a list of enumerated societal challenges, including global competitiveness and domestic job creation in critical technologies, cybersecurity, national security, STEM education and workforce,

The National Institute of Standards and Technology (NIST) must “establish a broadband research and development working group to address national research challenges and opportunities for improving broadband access and adoption across the United States.”

The White House’s Office of Science and Technology Policy (OSTP) must conduct a quadrennial review of the U.S. science and technology enterprise every four years, starting in 2022, based on the same idea that gave rise to the Department of Defense’s quadrennial review of defense policy and funding. In a year following the science and technology quadrennial review, OSTP must draft and submit to Congress a national science and technology strategy “to meet national research and development objectives for the following 4-year period.”

As in the USCIA, the America COMPETES Act would establish a regional innovation and innovation hub system administered by the Department of Commerce that would use federal funds and oversight to establish clusters of entities engaged in tech activities throughout the U.S. along the lines of Silicon Valley. Moreover, the agency is to go out of its way to look at establishing such centers in rural areas or in historically underserved communities. The Department of Commerce must also “carry out a program of data collection and analysis of technology and innovation sectors critical to realizing national objectives, including national security, economic prosperity, and social welfare.”

The Department of Energy would need to launch a program to ensure U.S. supremacy in the microelectronics of the future, starting with a “cross-cutting program of research, development, and demonstration of microelectronics relevant to the mission of the Department and in the service of the Nation’s global competitiveness in the field of microelectronics.” This means semiconductors, chips, and other components or devices. The agency will do so through grants to entities to conduct research. Additionally, the Department of Energy must “establish up to four Microelectronics Science Research Centers…to conduct mission-driven research to address foundational challenges in the design, development, characterization, prototyping, demonstration, and fabrication of microelectronics and to facilitate the translation of research results to industry.” This new program would be authorized at $475 million over the next five years.

Shifting back to the Department of Commerce, the National Telecommunications and Information Administration’s (NTIA) Public Wireless Supply Chain Innovation Fund, a program established in the FY 2021 National Defense Authorization Act (P.L. 116-283), would get $1.5 billion that would remain available until the end of FY 2031. The purpose of this new is to distribute funds to entities that will help the U.S. in the roll out of 5G, especially with respect to trusted equipment and trusted supply chains.

The NTIA and the Department of Homeland Security must submit to Congress “a report examining the cybersecurity of mobile service networks and the vulnerability of such networks and mobile devices to cyberattacks and surveillance conducted by adversaries.” NTIA would need to consider, among other factors, “the degree to which providers of mobile service have addressed, are addressing, or have not addressed cybersecurity vulnerabilities;” the degree to which customers consider cybersecurity a factor when buying devices, and the prevalence and efficacy of encryption and authentication algorithms. The Department of Commerce is also required to submit a “report on the information and communication technology (ICT) supply chain” that should identify the ICT critical to the U.S., the industrial capacity of U.S. ICT vendors and those who are considered part of the trusted supply chain, the extent to which U.S. vendors rely on untrusted supply chains, how the U.S. government can address competitiveness and trusted supply chains, and other factors.

NTIA must reach out and help small communications network providers regarding the benefits of Open Radio Access Network (RAN) technology. The agency must establish a 6G Task Force that would help position the U.S. in order to not be displaced from this next iteration of communications as it was by the PRC in setting international 5G standards. Additionally, there is language tasking the NTIA with leading an effort to enhance U.S. participation and leadership in the standards setting bodies that set standards for 5G networks and for future network standards.

NTIA is to “develop and conduct a cybersecurity literacy campaign (which shall be available in multiple languages and formats, if practicable) to increase the knowledge and aware- ness of the American people of best practices to reduce cybersecurity risks.” This is obviously intended to raise knowledge and use of cyber hygiene techniques to reduce the vulnerability of U.S. systems and data.

There is to be established inside the NTIA an Office of Policy Development and Cybersecurity headed by an Associate Administrator who “shall oversee and conduct national communications and information policy analysis and development for the internet and communications technologies.”

Other Developments

Photo by TOMMY VAN KESSEL on Unsplash

§  European Commission (EC) “approved under the EU Merger Regulation the proposed acquisition of Kustomer by Meta (formerly Facebook)…[which] is conditional on full compliance with commitments offered by Meta” according to the EC’s statement. The EC added:

o   Today's decision follows an in-depth investigation of Meta's proposed acquisition of Kustomer. Kustomer, although small, is an innovative, and fast growing, player in the customer service and support customer relationship management (‘CRM') software market. Such software applications are used by businesses for engaging with their customers by answering questions, solving problems and giving advice in the context of the business-customer relation. The popular messaging channels, WhatsApp, Instagram and Messenger of Meta, are important means through which businesses interact with their customers, and are inputs for customer service and support CRM software providers. Meta and Kustomer therefore operate in vertically-related markets. The Commission's investigation focused on whether Meta may disadvantage Kustomer's rival providers of customer service and support CRM software.

o   To address the competition concerns identified by the Commission, Meta offered comprehensive access commitments with a 10-year duration:

§  A public API access commitment: Meta commits to guarantee non-discriminatory access, without charge to its publicly available APIs for its messaging channels to competing customer service CRM software providers and new entrants.

§  A core API access-parity commitment: To the extent any features or functionalities of Messenger, Instagram messaging or WhatsApp that are used by Kustomer's customers today may be improved or updated, Meta commits to also make available equivalent improvements to Kustomer's rivals and new entrants. This would also hold for any new features or functionalities of Meta messaging channels in the future if used by a sizeable proportion of Kustomer's customers.

o   A trustee, to be appointed before the transaction can close, will monitor the implementation of the commitments. To fulfil its duties, the trustee will have far-reaching powers, including access to Meta's records, personnel, facilities or technical information, and can appoint a technical expert to assist in the performance of its duties. The commitments also include a fast track and binding dispute resolution mechanism that can be invoked by third parties. They also include the requirement for Meta to publish details of relevant APIs and functionalities on its website, in addition to quarterly reporting to the monitoring trustee on any ongoing beta testing of new messaging features.

o   The Commission concluded that the proposed transaction, as modified by the commitments, would no longer raise competition concerns. The Commission's decision is conditional upon full compliance with the commitments.

§  The United Kingdom (UK) launched its “[f]irst ever Government Cyber Security Strategy” that follows last month’s National Cyber Strategy 2022. The Cabinet Office explained in its press release:

o   The strategy will make core government functions, such as the delivery of essential public services, more resilient than ever before to cyber attack from malicious actors.

o   It follows the recent publication of the National Cyber Security Strategy, which called on all parts of society to play their part in reinforcing the UK’s economic strengths in cyberspace, through more diversity in the workforce, levelling up the cyber sector across all UK regions, expanding offensive and defensive cyber capabilities and prioritising cyber security in the workplace, boardrooms and digital supply chains.

o   Key announcements in the strategy include:

§  Establishing a new Government Cyber Coordination Centre (GCCC), to better coordinate cyber security efforts across the public sector. Building on successful private sector models, such as the Financial Sector Cyber Collaboration Centre, the GCCC will rapidly identify, investigate and coordinate the government’s response to attacks on public sector systems. The centre will be based in the Cabinet Office and will ensure that data is rapidly shared, allowing us to ‘Defend As One’.

§  A new cross-government vulnerability reporting service, which will allow security researchers and members of the public to easily report issues they identify with public sector digital services. This will enable organisations to more quickly fix any issues identified.

§  A new, more detailed assurance regime for the whole of government, which will include robust assessment of departmental plans and vulnerabilities. This will give central government a more detailed picture of government’s cyber health for the first time.

§  £37.8 million invested into local authorities for cyber resilience - protecting the essential services and data on which citizens rely on including housing benefit, voter registration, electoral management, school grants and the provision of social care.

§  An innovative project to reduce government risk through culture change, in partnership with small businesses and academia.

§  Stepped up work to understand the growing risk from the supply chains of commercially provided products in government systems, ensuring security is a key part of procurement and working with industry on cyber vulnerabilities.

§  The United States (U.S.) Office of Management and Budget (OMB) issued “M-22-09 Moving the U.S. Government Toward Zero Trust Cybersecurity Principles” that “sets forth a Federal zero trust architecture (ZTA) strategy, requiring agencies to meet specific cybersecurity standards and objectives by the end of Fiscal Year (FY) 2024 in order to reinforce the Government’s defenses against increasingly sophisticated and persistent threat campaigns.” OMB noted that the ZTA strategy flows from Executive Order (EO) 14028, Improving the Nation’s Cybersecurity. OMB provided an overview:

o   A transition to a “zero trust” approach to security provides a defensible architecture for this new environment. As described in the Department of Defense Zero Trust Reference Architecture, “The foundational tenet of the Zero Trust Model is that no actor, system, network, or service operating outside or within the security perimeter is trusted. Instead, we must verify anything and everything attempting to establish access. It is a dramatic paradigm shift in philosophy of how we secure our infrastructure, networks, and data, from verify once at the perimeter to continual verification of each user, device, application, and transaction.”

o   This strategy envisions a Federal Government where:

§  Federal staff have enterprise-managed accounts, allowing them to access everything they need to do their job while remaining reliably protected from even targeted, sophisticated phishing attacks.

§  The devices that Federal staff use to do their jobs are consistently tracked and monitored, and the security posture of those devices is taken into account when granting access to internal resources.

§  Agency systems are isolated from each other, and the network traffic flowing between and within them is reliably encrypted.

§  Enterprise applications are tested internally and externally, and can be made available to staff securely over the internet.

§  Federal security teams and data teams work together to develop data categories and security rules to automatically detect and ultimately block unauthorized access to sensitive information.

o   This strategy places significant emphasis on stronger enterprise identity and access controls, including multi-factor authentication (MFA). Without secure, enterprise-managed identity systems, adversaries can take over user accounts and gain a foothold in an agency to steal data or launch attacks. This strategy sets a new baseline for access controls across the Government that prioritizes defense against sophisticated phishing, and directs agencies to consolidate identity systems so that protections and monitoring can be consistently applied. Tightening access controls will require agencies to leverage data from different sources to make intelligent decisions, such as analyzing device and user information to assess the security posture of all activity on agency systems.

§  The United Kingdom’s (UK) Department for Digital, Culture, Media & Sport (DCMS) lauded the second reading in the House of Commons of the “landmark Product Security and Telecoms Infrastructure Bill [that] will prohibit UK sales of connectable digital products with poor cyber security.” The department asserted:

o   MPs are set to debate a new world-leading law to keep consumers’ phones, tablets, smart TVs, fitness trackers and other devices secure from cybercriminals.

o   It will place new cyber security requirements on the manufacturers and sellers of consumer tech which can connect to the internet or other devices.

o   Under the bill, easy-to-guess default passwords which come programmed into digital devices and present an easy target for cybercriminals will be banned.

o   Manufacturers will have to be more transparent to customers about the length of time products will receive security updates for connectable products and create a better public reporting system for vulnerabilities found in those products.

o   Failure to uphold the measures could result in fines ​​of up to £10 million or four per cent global turnover, plus up to £20,000 per day in the case of an ongoing breach.

§  The attorneys general of the District of Columbia, Indiana, Texas, and Washington have filed four separate suits against Google in their respective state courts, each alleging the company deceived and manipulated consumers “to gain access to their location data, including making it nearly impossible for users to stop their location from being tracked.” These suits follow the one filed by Arizona’s attorney general against Google last year on basically the same grounds; however, District of Columbia Attorney General Karl Racine claimed the four suits differed from Arizona’s because they focus more on Google’s alleged use of dark patterns. Each suit seeks remedies under state law and thus this set of suits differs from the other suit against Google brought by a number of attorneys general that alleges violations of United States (U.S.) antitrust and competition law.

§  The United States (U.S.) Department of State issued a fact sheet titled “Russia’s Top Five Persistent Disinformation Narratives” “that the Kremlin is currently readjusting in an attempt to fill the information environment with false narratives about its actions in Ukraine.” The agency named these five narratives:

o   Theme #1: “Russia is an Innocent Victim”

o   Theme #2:  Historical Revisionism

o   Theme #3: “The Collapse of Western Civilization is Imminent”

o   Theme #4: “Popular Movements are U.S.-sponsored ‘Color Revolutions’”

o   Theme #5:  Reality is Whatever the Kremlin Wants It to Be

§  As part of its support for stronger antitrust and competition enforcement, the White House “a listening session with entrepreneurs and small and mid-sized businesses about the importance of an innovative, dynamic tech sector and fair competition” per the administration’s press release. This meeting came in advance of the Senate Judiciary Committee’s consideration of legislation to address the behavior of large tech companies in having their products and services compete with third parties in their online platforms (see here and here for more detail and analysis.) The White House stated:

o   The meeting focused on the challenges entrepreneurs, brick-and-mortar retailers, and other businesses face competing in sectors dominated by a few large platforms.

o   Promoting competition—including in the tech sector—is a core part of the President’s economic agenda, as underscored by the President’s July Executive Order on Promoting Competition in the American Economy. As part of that effort, senior White House officials have been engaging with large and small businesses across the landscape of the technology sector to better understand opportunities and challenges, as we seek to promote a more dynamic, productive, and competitive economy.

o   In today’s conversation, participants explained the challenges their businesses encounter operating through third-party platforms to reach large numbers of customers. Among those challenges, several participants described issues with large platforms both operating a marketplace and selling products on the marketplace, including concerns that the dominant platforms rank their own products and services above those of the independent sellers that rely on them to reach customers. One company elaborated that this deprives consumers of the ability to find the products and services that best match their needs.

§  The United Kingdom’s (UK) National Cyber Security Centre (NCSC) updated its Cyber Essentials “following a major technical review which will help organisations maintain their minimum cyber hygiene in an evolving threat landscape.” The NCSC stated that “[a]mongst the main changes are revisions to the use of cloud services, home working, multi-factor authentication, password management, and security updates.” The NCSC stated:

o   Many of these changes have been developed by the NCSC based on the feedback of assessors and previous applicants to the scheme, as well as consultation with the Cloud Industry Forum. 

o   From today, the refreshed Cyber Essentials scheme will also incorporate a renewed pricing structure which better reflects the increasingly complex nature of assessments for some organisations. 

§  The United States (U.S.) Federal Communications Commission (FCC) Chair Jessica Rosenworcel announced in a press release that she had “shared with her colleagues a Report and Order and Declaratory Ruling that would promote competition and increase choice for broadband services for people living and working in multiple tenant environments (MTEs).” She asserted that “[t]he measures, if adopted, would halt practices that evade long-existing FCC rules intended to allow tenants to choose their own provider.”

§  The United States (U.S.) Cybersecurity and Infrastructure Security Agency (CISA) “released the finalized “IPv6 Considerations for TIC 3.0” guidance document today, providing federal departments and agencies with security considerations related to TIC 3.0 implementation as they transition to IPv6.” In its press release, CISA stated:

o   The Trusted Internet Connection (TIC) initiative was originally established to consolidate network connections throughout the federal government, limiting the number of threat vectors and increasing security. In its modernized form, TIC 3.0 is designed to account for shifts to cloud computing and other architectures. While the federal government embraces TIC 3.0, the internet as a whole is undergoing a shift to IPv6. IPv6 is the next generation of IP standards slated to replace the current IPv4. An IP address is a numerical identifier assigned to every device that connects to the internet. This IPv6 guidance is intended to broadly support the government-wide deployment and use of the IPv6 network protocol. This document explains the background of IPv6, lists security considerations for the protocol in relation to TIC 3.0 security capabilities, and provides awareness of IPv6 security features according to the TIC 3.0 guidance.

§  The United States (U.S.) Department of Commerce issued a request for information (RFI) “in order to inform the planning and design of potential programs to: Incentivize investment in semiconductor manufacturing facilities and associated ecosystems; provide for shared infrastructure to accelerate semiconductor research, development, and prototyping; and support research related to advanced packaging and advanced metrology to ensure a robust domestic semiconductor industry.” The agency stated:

o   In 2019, the United States accounted for 11 percent of global semiconductor fabrication capacity, down from 13 percent in 2015 and continuing a long-term decline from around 40 percent in 1990. Much of the overseas semiconductor manufacturing capacity is in Taiwan (led by Taiwan Semiconductor Manufacturing Company), South Korea (led by Samsung), and, increasingly, China.

o   Furthermore, the fragility of the current global semiconductor supply chain was put squarely on display in 2020. The industry faced significant disruptions as a result of the coronavirus pandemic, a fire affecting a major supplier in Japan, and a severe winter storm that disabled production in facilities in Texas for several days. Together these events and other factors such as pandemic-induced shifts in consumer demand contributed to a global semiconductor shortage that affected multiple manufacturing sectors which rely on semiconductors as critical components for their finished products. Especially severely hit was the automotive industry, which saw plants idled for months.

o   To strengthen the U.S. position in semiconductor R&D and manufacturing, Congress authorized a set of programs in Title XCIX (“Creating Helpful Incentives to Produce Semiconductors in America”) of the William M. (Mac) Thornberry National Defense Authorization Act (NDAA) for Fiscal Year 2021 (Pub. L. 116-283). This comprehensive set of programs is intended to restore U.S. leadership in semiconductor manufacturing by providing incentives and encouraging investment to expand manufacturing capacity for the most advanced semiconductor designs as well as those of more mature designs that are still in high demand, and would grow the research and innovation ecosystem for microelectronics and semiconductor R&D in the U.S., including the investments in the infrastructure necessary to better integrate advances in research into semiconductor manufacturing.

§  The National Institute of Standards and Technology (NIST) announced the approval of Federal Information Processing Standard (FIPS) Publication 201-3, Personal Identity Verification of Federal Employees and Contractors that “is applicable to identification issued by federal departments and agencies to federal employees and contractors for gaining physical access to federally controlled facilities and logical access to federally controlled information systems, except for “national security systems” as defined by 44 U.S.C. 3542(b)(2) and [SP 800-59].” NIST stated:

o   High-level changes include:

§  Alignment with current NIST technical guidelines on identity management, OMB policy guidelines, and changes in commercially available technologies and services

§  Accommodation of additional types of authenticators through an expanded definition of derived PIV credentials

§  Focus on the use of federation to facilitate interoperability and interagency trust

§  Addition of supervised remote identity proofing processes

§  Removal of the previously deprecated Cardholder Unique Identifier (CHUID) authentication mechanism and deprecation of the symmetric card authentication key and visual authentication mechanisms (VIS)

§  Support for the secure messaging authentication mechanism (SM-AUTH)

Further Reading

Photo by Dimitris Chapsoulas on Unsplash

§  “How the U.S. Messed Up Its New 5G Rollout: ‘It Wasn’t Our Finest Hour’” By Drew FitzGerald, Alison Sider, and Andrew Tangel — The Wall Street Journal. The Biden and Trump administrations had years of warnings. But the government failed this week to avoid a collision between U.S. telecom companies and airlines over the rollout of new 5G cellular networks. That failure, rooted in longstanding disagreements over potential risk and a lack of cooperation by U.S. regulators, led to a last-minute scramble that threatened the cancellation of thousands of flights and raised tensions between two powerful industries.

§  “Tech companies spent almost $70 million lobbying Washington in 2021 as Congress sought to rein in their power” By Cat Zakrzewski — The Washington Post. Seven large tech companies spent nearly $70 million lobbying the U.S. government in 2021 as policymakers from both parties weighed legislation to curtail their power and influence. The notable sum exceeds the roughly $65 million they spent in 2020, highlighting the companies’ mounting work to fight the efforts in the Biden administration and Congress to regulate the industry. And it’s roughly three times the amount they spent lobbying Congress a decade ago, underscoring how Silicon Valley has evolved into one of the most influential political forces in Washington.

§  “Facebook Promised Poor Countries Free Internet. People Got Charged Anyway.” By Justin Scheck, Tom McGinty, and Newley Purnell — The Wall Street Journal. Facebook says it’s helping millions of the world’s poorest people get online through apps and services that allow them to use internet data free. Internal company documents show that many of these people end up being charged in amounts that collectively add up to an estimated millions of dollars a month.

§  “Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected” By Cezary Podkul — ProPublica. Consider some of the episodes last year in which large quantities of personal data were stolen: 300 million customer and device records for users of a service that’s supposed to shield internet traffic from prying eyes; a 17.6-million-row database from a second organization, containing profiles of people who participated in its market research surveys; 59 million email addresses and other personal data lifted from a third company. These sorts of numbers barely raise an eyebrow these days; none of the incidents generated major press coverage.

§  “Microsoft avoided the latest round of Big Tech antitrust scrutiny. Then it bought a company for $69 billion.” By Sara Morrison — recode. If Microsoft is worried that the anti-Big Tech, pro-antitrust movement will finally come for it, you wouldn’t know it. The company announced on January 18 that it would make the largest acquisition in its history, buying up Activision Blizzard, one of the biggest video game publishers in the world. If the $69 billion deal goes through, Microsoft will become the third-largest gaming company in the world by revenue. Its library of games will expand significantly, potentially giving its Xbox console and Game Pass subscription program an edge over Sony’s PlayStation and rumored Game Pass rival.

§  “How Facebook Is Morphing Into Meta” By Sheera Frenkel, Mike Isaac and Ryan Mac — The New York Times. The Instagram engineer had already packed his bags for a December vacation when his boss pulled him into a virtual meeting to talk about job goals for 2022. Their conversation soon took an unexpected turn. Forget the goals, his boss told him. To succeed at Meta, the parent company of Facebook and Instagram, his boss said, he should instead apply to a new position in the burgeoning augmented reality and virtual reality teams. That’s where the company needed people, he said.

§  “Google stops serving ads on Fox News host Dan Bongino's website” By Ben Goggin — NBC News. Google dealt a major blow to conservative media personality and Fox News Channel host Dan Bongino on Friday, pulling Google ad services from his website Bongino.com. The action follows YouTube's decision Wednesday to ban Bongino from the video platform, citing its Covid-19 misinformation policy. (Google and YouTube are owned by the same company, Alphabet.) A Google spokesperson said in an emailed statement: "We have strict publisher policies in place that explicitly prohibit misleading and harmful content around the COVID-19 pandemic and demonstrably false claims about our elections. When publishers persistently breach our policies we stop serving Google ads on their sites. Publishers can always appeal a decision once they have addressed any violating content.”

§  “The Belgians getting the right to disconnect from work” By Jessica Parker — The BBC. Although she once hoped to be professional chef, in the end Delphine opted to be a civil servant. She still loves to make time to cook though: "It's one of my passions!" The 36-year-old is preparing dinner for her friends, Catherine and Roch. It's Hachis Parmentier, a dish of mince and mashed potato - sometimes likened to a shepherd's pie. As she stirs the onions, she tells me she welcomes the fact that many civil servants in Belgium are getting the right to disconnect. "Especially for young people it's not always clear when they have to be available or not.

§  “Spotify’s Joe Rogan Problem Isn’t Going Away]” By Kevin Roose — The New York Times. Stop me if you’ve heard this one before: A popular internet personality, beloved by millions for his irreverent, anti-establishment commentary, becomes the subject of a heated backlash after critics accuse him of promoting dangerous misinformation. The controversy engulfs the creator’s biggest platform, which has rules prohibiting dangerous misinformation and now faces pressure to enforce them against one of its highest-profile users. Hoping to ride out the storm, the platform’s chief executive publishes a blog post about the importance of free speech, declining to punish the rule-breaker but promising to introduce new features that will promote higher-quality information.

§  “End-to-end encryption protects children, says UK information watchdog” By Dan Milmo — The Guardian. The UK data watchdog has intervened in the debate over end-to-end encryption, warning that delaying its introduction puts “everyone at risk” including children. The Information Commissioner’s Office said strongly encrypting communications strengthens online safety for children by reducing their exposure to threats such as blackmail, while also allowing businesses to share information securely. The watchdog was responding to the launch of a government-backed campaign that said social media platforms would be “willingly blindfolding” themselves to child abuse if they pushed ahead with end-to-end encryption for private messaging.

Coming Events 

Photo by Jason Goodman on Unsplash

§  1 February

o   The United States Senate Homeland Security and Governmental Affairs Committee will hold a hearing on the nominations of Shalanda Young to be the Director of the Office of Management and Budget and Nani Coloretti to be the Deputy Director of the Office of Management and Budget.

o   The United States Senate Budget Committee will hold a hearing on the nominations of Shalanda Young to be the Director of the Office of Management and Budget and Nani Coloretti to be the Deputy Director of the Office of Management and Budget.

o   The United States House Rules Committee will hold a hearing on the “America Creating Opportunities for Manufacturing, Pre-Eminence in Technology and Economic Strength Act of 2022” (aka the America COMPETES Act of 2022) (H.R.4521).

o   The United States Senate Appropriations Committee’s Commerce, Justice, Science Subcommittee will hold a hearing titled “Expanding Broadband Access: Department of Commerce Broadband Programs in the Infrastructure Investment and Jobs Act.”

§  2 February

o   The United States Senate Commerce, Science, and Transportation Committee will hold a hearing to consider a number of nominations including:

§  Alvaro Bedoya, to be a Commissioner of the Federal Trade Commission

§  Gigi Sohn, to be a Commissioner of the Federal Communications Commission

o   The United States Senate Homeland Security and Governmental Affairs Committee will mark up a number of bills, including the “Improving Cybersecurity of Small Organizations Act of 2021” (S. 2483)

o   The United States House Oversight and Reform Committee will mark up a number of bills, including the “Federal Information Security Modernization Act of 2022” (H.R. 6497).

o   The United States House Transportation and Infrastructure Committee’s Highways and Transit Subcommittee will hold a hearing titled “The Road Ahead for Automated Vehicles.”

o   The United States Senate Judiciary Committee’s Competition Policy, Antitrust, and Consumer Rights Subcommittee will hold a hearing titled “Competition Policy, Antitrust, and Consumer Rights.”

§  3 February

o   The United States Senate Homeland Security and Governmental Affairs Committee will hold a hearing on the nominations of William Valdez to be the Under Secretary of Homeland Security for Management; Dimitri Kusnezov to be the Under Secretary of Homeland Security for Science & Technology; and Kenneth Wainstein to be the Under Secretary of Homeland Security for Intelligence & Analysis.

o   Canada’s House of Commons’ Standing Committee on Access to Information, Privacy and Ethics will hold a hearing titled “Collection and Use of Mobility Data by the Government of Canada” because of reports “of the Public Health Agency of Canada collecting, using or possessing Canadians' private cellphone data, without their knowledge or consent.”

o   The United States Senate Judiciary Committee will consider nominations and bills, including the Open App Markets Act (S. 2710) and the EARN IT Act of 2022.

o   The United States House Transportation and Infrastructure Committee’s Aviation Subcommittee will hold a hearing titled “Finding the Right Frequency: 5G Deployment & Aviation Safety.”

§  22 February

o   The European Data Protection Board will hold a plenary meeting.

§  16-17 June

o   The European Data Protection Supervisor will hold a conference titled “The future of data protection: effective enforcement in the digital world.”