House of Lords Passes Its Telecommunications (Security) Bill
ACCC releases second digital markets report this fall; Australia's House sends critical infrastructure bill to Senate; Key U.S. House chair issues Section 230 bill
Photo by Thomas Kelley on Unsplash
Last week, the United Kingdom’s (UK) House of Lords finished legislating on its version of the “Telecommunications (Security) Bill” (HL 15). A bill of the same name and on the same subject passed the House of Commons in May 2021 (see here for more detail and analysis.) Now that the House of Lords has acted, the ping pong stage of legislating has started. Next week, the House of Commons is supposed to consider the House of Lords’ changes, moving the legislation closer to enactment.
The genesis of this legislation lies in misgivings successive governments of the UK have had about the security of telecommunications products and services offered by companies from the People’s Republic of China (PRC), a process complicated by the United States (U.S.) increasingly hostile stance towards Beijing. At first, the UK planned to use Huawei and ZTE equipment on a limited basis, but a revolt by conservative Members of Parliament and a U.S. crackdown on semiconductors for the biggest PRC firms led to a course change. Prime Minister Boris Johnson’s government then pitched a plan to eliminate PRC equipment from all 5G networks and systems, which required legislation, a significant part of which entailed expanding the power of the Office of Communications (OFCOM) to regulate telecommunications companies to ensure fidelity to the new mandate.
As for the substance of the House of Lords’ bill, in a briefing memorandum, the reasoning for the legislation was laid out:
The House of Lords summarized the bill at a very high level:
The House of Lords went back and provided a bit more detail:
In terms of the changes made to the bill in the House of Lords, the chamber changed the procedure for codes of practice the Department of Culture, Digital, Media, and Sport (DCMS) may establish to guide telecommunications companies in complying with the new law. Previously, DCMS could publish and then submit a code to Parliament. The House of Lords changed this to a mandate that DCMS send the code to Parliament first and then if either chamber “resolves not to approve the draft of the code, the code may not be issued.”
The code of practice in question pertain to duties of care that the public electronic communications networks and providers must meet. OFCOM would determine which networks and providers qualify, and the codes would pertain to security measures, those security measures specified by the government, the steps these companies must take in regard to “security compromises,” and steps the government directs the companies to take in response to “security compromises.”
Requiring DCMS to submit codes of practice to Parliament for approval may politicize the process of implementing standards for public electronic communications and networks in the UK. Moreover, it would give industry and their lobbyists another bite at the apple in killing or seeking to modify codes they do not like. Of course, the opposite may prove true. A majority in either chamber may disapprove of what it sees as a lenient code of practice. As noted a revolt by hardline conservative MPs pushed the Johnson government to take a harder line.
The House of Lords also modified the bill to require DCMS to “publish an annual report on the impact of progress of the diversification of the telecommunications supply chain on the security of public electronic communication networks and services.” This report must “include an assessment of the effect on the security of those networks and services of—
§ progress in network diversification set against the most recent telecommunications diversification strategy presented to Parliament by the Secretary of State;
§ likely changes in ownership or trading position of existing market players;
§ changes to the diversity of the supply chain for network equipment;
§ new areas of market consolidation and diversification risk
§ including the cloud computing sector;
§ progress made in any aspects of the implementation of the diversification strategy not covered by paragraph (a);
§ the public funding which is available for diversification.”
The UK, like many of its allies, have concerns about the effects of having a supply chain stretching into the PRC. The reporting requirement would establish an annual pressure point that would force the government to detail the state of the UK’s attempts to create supply chains from countries aside from the PRC.
Finally, the House of Lords’ version of the Telecommunications (Security) Bill would mandate that DCMS act if another Five Eyes nation (Australia, Canada, New Zealand, or the U.S.) “bans the operation of a vendor of goods or services to public telecommunications providers in its country on security grounds.” DCMS would need to “review the United Kingdom’s security arrangements with that company, and…decide whether to issue a designated vendor direction or take similar action with regard to the United Kingdom’s arrangements with that company.”
Other Developments
Photo by Long Zheng
§ The Australian Competition and Consumer Commission (ACCC) released the latest interim report under its digital platform services inquiry. This report focused on the effects on competition and consumers of pre-installed search engines on devices that has resulted in Google’s dominance of this market in Australia. The ACCC thinks that “measures are required to address these harms and to facilitate increased competition in search.” The agency is calling for the Parliament to expand its powers to regulate this portion of digital markets alongside the powers the agency called for in its Digital Advertising Services Inquiry Final Report (the Ad Tech Report), which “found that competition for ad tech services is ineffective and that Google dominates the ad tech supply chain.”
§ House Energy and Commerce Committee Chair Frank Pallone, Jr. (D-NJ), Communications and Technology Subcommittee Chair Mike Doyle (D-PA), Consumer Protection and Commerce Subcommittee Chair Jan Schakowsky (D-IL), and Health Subcommittee Chair Anna Eshoo (D-CA) “announced new legislation today to reform Section 230 of the Communications Decency Act, which shields websites and online platforms from being held liable for third-party content.” They explained:
o The legislation, titled the “Justice Against Malicious Algorithms Act” (H.R.5596) would amend Section 230 to remove absolute immunity in certain instances. Specifically, the bill would lift the Section 230 liability shield when an online platform knowingly or recklessly uses an algorithm or other technology to recommend content that materially contributes to physical or severe emotional injury.
o Online platforms use a personal user’s history to recommend or prioritize content. The Justice Against Malicious Algorithms Act would remove Section 230 immunity if an online platform knowingly or recklessly uses an algorithm to recommend content to a user based on that personal information, and if that recommendation materially contributes to physical or severe emotional injury.
o The bill targets malicious algorithms but does not apply to search features or algorithms that do not rely on personalization. It would also not apply to internet infrastructure such as web hosting or data storage and transfer, or to small online platforms with fewer than five million unique monthly visitors or users.
§ Australia’s House of Representatives sent an amended “Security Legislation Amendment (Critical Infrastructure) Bill 2021” to the Senate. As the government explained in a Supplementary Explanatory Memorandum:
o The purpose of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 (the Bill) is to amend the Security of Critical Infrastructure Act 2018 (the Act) to introduce an enhanced regulatory framework, building on existing requirements under the Act. The Bill gives effect to this framework by introducing:
§ government assistance to relevant entities for critical infrastructure sector assets in response to significant cyber attacks that impact on Australia’s critical infrastructure assets.
§ additional positive security obligations for critical infrastructure assets, including a risk management program, to be delivered through sector-specific requirements, and mandatory cyber incident reporting;
§ enhanced cyber security obligations for those assets most important to the nation, described as systems of national significance; and
§ additional critical infrastructure assets, which means that the existing powers under the Act, and the new powers to be introduced under this Bill, will apply to a broader range of assets.
o However, the Parliamentary Joint Committee on Intelligence and Security (PJCIS) proposed a series of amendments in its late September report on the December 2020 bill, and the government explained in the Supplementary Explanatory Memorandum:
§ The amendments would:
· (a) omit the following proposed new Parts of the Act, and related provisions:
o (i) proposed new Part 2A of the Act – critical infrastructure risk management programs
o (ii) proposed new Part 2C of the Act – enhanced cyber security obligations
o (iii) proposed new Part 6A of the Act – declaration of systems of national significance.
§ (b) amend the proposed regime requiring the mandatory reporting of a cyber security incident by an entity to a relevant Commonwealth body to allow for the written report to be made within 84 hours (instead of 48 hours) of an oral report being made, and to empower a relevant Commonwealth body to exempt an entity from the requirement to provide a written report;
§ (c) Require the Secretary to give a written report to the PJCIS about a cyber security incident in relation to which directions or requests in relation government assistance measures are given or made under sections 35AK, 35AQ or 35AX . The report must describe each of the directions or requests made in relation to the incident;
§ (d) Allow the PJCIS to conduct a review of the operation, effectiveness and implications of the security of critical infrastructure legislative framework in the Act, to begin not more than three years from when the Bill receives the Royal Assent.
§ (e) Require any draft rules relating to the mandatory reporting obligations be provided directly to any entities which would reasonably be impacted by the draft rules and include an obligation that the Minister must formally respond to any submissions made by responsible entities;
§ (f) insert a definition of significant impact;
§ (g) In relation to a Ministerial authorisation under new section 35AD, if consultation is required, to inform relevant entities in writing and invite the entities to make a submission within 24 hours after receiving the draft authorisation;
§ (h) include an example of where a person is not entitled to cause access, modification or impairment of computer data or a computer program, being that if a person (including employees or agents of a responsible entity) exceeds their authority, then this will amount to such unauthorised access, modification or impairment for the purpose of the Act.
§ President Joe Biden signed the “K-12 Cybersecurity Act of 2021” (P.L. 117-47) into law. The legislation was unmodified after the Senate Homeland Security and Governmental Affairs Committee reported it to the Senate, and the committee summarized the bill in its committee report:
o S. 1917, the K-12 Cybersecurity Act of 2021, provides cybersecurity guidance to K-12 educational institutions across the United States. It directs the Director of the Cybersecurity and Infrastructure Security Agency (CISA) to conduct a study of cybersecurity risks and challenges facing schools. Following completion of the study, the bill directs CISA to use the findings to create a set of cybersecurity recommendations and an online toolkit for educational institutions. The bill also instructs CISA to consult with teachers, school administrators, Federal agencies, non-Federal cybersecurity entities, and private sector organizations when conducting the study and developing the recommendations and online toolkit and exempts such consultation from the Federal Advisory Committee Act.
o Additionally, S. 1917 requires CISA to make the findings of the study, its cybersecurity recommendations, and the online toolkit publicly available on the Department of Homeland Security (DHS) website. Finally, S. 1917 specifies that these K-12 cybersecurity recommendations are voluntary.
§ The House of Representatives has passed a number of technology bills over the last few weeks:
o The “Open RAN Outreach Act” (H.R.4032) that would “provide outreach and technical assistance to small providers regarding the benefits of Open RAN networks, and for other purposes” according to the committee report.
o The “Communications Security, Reliability, and Interoperability Council Act” (H.R.4067) that would “direct the Federal Communications Commission to establish a council to make recommendations on ways to increase the security, reliability, and interoperability of communications networks, and for other purposes” per the committee report.
o The “Secure Equipment Act of 2021” (H.R.3919) that would “ensure that the Federal Communications Commission does not approve radio frequency devices that pose a national security risk” according to the committee report.
o The “Information and Communication Technology Strategy Act” (H.R.4028) would “require the Secretary of Commerce to report on and develop a whole-of-Government strategy with respect to the economic competitiveness of the information and communication technology supply chain, and for other purposes” according to the committee report.
o “DHS Software Supply Chain Risk Management Act of 2021” (H.R.4611) that “direct the Secretary of Homeland Security to issue guidance with respect to certain information and communications technology or services contracts, and for other purposes” according to the committee report.
§ The Senate passed the “Secure Equipment Act of 2021” (H.R.3919), sending the bill to the White House. During debate in the House, Energy and Commerce Committee Chair Frank Pallone Jr. (D-NJ) stated:
o Two years ago, we came together on a bipartisan basis to enact the Secure and Trusted Communications Act, legislation that I proudly authored. That bill was an important first step toward securing commercial communications networks in the United States from untrusted foreign adversaries. Among other things, it prohibits certain funds provided by the Federal Communications Commission from being used to purchase or obtain network equipment and services from certain untrusted vendors.
o While that legislation established an important foundation and has made great strides in helping secure our communications networks, we have the opportunity today to take the next step by applying those same principles to the FCC's equipment authorization process. We know our adversaries will use any and all potential avenues to weaken our networks, and therefore, we must remain vigilant and prevent it before they can do so.
o H.R. 3919 simply requires the FCC to update its equipment authorization rules so that, going forward, the agency will no longer review or approve any application for equipment from vendors that have been determined to be a threat to our national security.
§ Facebook CEO Mark Zuckerberg announced a company rebrand as Facebook will now be known as Meta, “which brings together our apps and technologies under one new company brand” the company claimed. Facebook added that “Meta’s focus will be to bring the metaverse to life and help people connect, find communities and grow businesses.” Zuckerberg contended in a Founder’s Letter:
o The next platform will be even more immersive — an embodied internet where you’re in the experience, not just looking at it. We call this the metaverse, and it will touch every product we build.
o The defining quality of the metaverse will be a feeling of presence — like you are right there with another person or in another place. Feeling truly present with another person is the ultimate dream of social technology. That is why we are focused on building this.
o In the metaverse, you’ll be able to do almost anything you can imagine — get together with friends and family, work, learn, play, shop, create — as well as completely new experiences that don’t really fit how we think about computers or phones today. We made a film that explores how you might use the metaverse one day.
§ The European Data Protection Board (EDPB) has “decided to launch the proposal for its first coordinated action on the use of Cloud based services by the public sector” under its October 2020 Coordinated Enforcement Framework. EDPB stated:
o In a coordinated action, the EDPB prioritizes a certain topic for supervisory authorities to work on at the national level. The results of these national actions are then bundled and analysed, generating deeper insight into the topic and allowing for targeted follow-up on both the national and the EU level.
§ The United States (U.S.) Federal Trade Commission (FTC) a Notice of Penalty Offenses to more than 700 companies…placing them on notice they could incur significant civil penalties—up to $43,792 per violation—if they use endorsements in ways that run counter to prior FTC administrative cases” as explained in the agency’s statement. Alphabet, Amazon, Apple, Facebook, Microsoft, and many other of the largest United States (U.S.) corporations. This would not be the first time the FTC has addressed fake online reviews; last year, the agency settled an action against a makeup and skincare company for fake reviews. In a sample letter the agency released, the FTC explained:
o The notice of penalty offenses consists of Commission determinations in prior litigated cases that certain practices are deceptive or unfair and are unlawful under Section 5 of the Federal Trade Commission Act. As set forth in more detail in the notice, these acts and practices include: falsely claiming an endorsement by a third party; misrepresenting that an endorser is an actual user, a current user, or a recent user; continuing to use an endorsement without good reason to believe that the endorser continues to subscribe to the views presented; misrepresenting that an endorsement represents the experience, views, or opinions of users or purported users; using an endorsement to make deceptive performance claims; failing to disclose an unexpected material connection with an endorser; and misrepresenting that the experience of endorsers represents consumers’ typical or ordinary experience. Note that positive consumer reviews are a type of endorsement, so such reviews can be unlawful, e.g., when they are fake or when a material connection is not adequately disclosed.
§ The United Kingdom’s (UK) Government Communications Headquarters (GCHQ) Director Sir Jeremy Fleming sketched out how his agency may soon take offensive action to combat ransomware:
o I’m very confident that we are credible in this space so I think the work that I'm seeing accelerating very strongly in the States around cyber security is really impressive. I think the work that we and a number of European partners have done puts us in a good position and our challenge now is to make sure that that really is leveraged - that we are keeping up, having invested so heavily in those sorts areas, that we’re keeping up with that we're thinking about where it should go next and for me that is in the strategic space. It's around making sure we're designing in technology from security into technology from the start it's that we’re shaping the world and the standards world and the regulation world so that it is able better to implement our values.
o But in the shorter term we’ve got to sort out ransomware and that is no mean feat in itself. We have to be clear on the red lines and behaviours that we want to see, we've got to go after those links between criminal actors and state actors and impose costs where we see that, and beyond that I think we've got to make sure that we are doing all we can to de-simplify this and to take as much of it out of the hands of citizens as we can so that they can enjoy living in a safe and secure online world and when it happens of course that'll make it more prosperous, too. So that range of channels around here I'm not gloomy about the threat environment and I think I should finish there. I don't subscribe to the ‘it's the worst it's ever been the world's going to end’ argument. What I do believe is that the pace of change and the extent to which technology and cyber is at the heart of it is unprecedented and we obviously have to make sure that we take account of that. Sorting that out isn't anymore the preserve of spy agencies or niche security organisations it's a genuine public, private and international partnership and getting that right is probably the single most important thing we could do.
§ Senator Edward Markey (D-MA) and Representatives Kathy Castor (D-FL) and Lori Trahan (D-MA) wrote to the Federal Trade Commission (FTC) “urging the agency to use its full authority—including its authority under Section 5 of the FTC Act—to ensure [social media] companies comply ” provide the same protections to children and teens in the United States (U.S.) that their British contemporaries enjoy under the United Kingdom’s newly effective Age Appropriate Design Code (AADC). They asserted the new code “requires online services available to children and teens to meet 15 key children’s privacy standards, many of which are similar to legislative proposals to update Senator Markey’s 1998 law, the Children’s Online Privacy and Protection Act (COPPA), in the U.S.” Markey, Castor, and Trahan contended:
o In response to the AADC, Instagram publicly announced it is “defaulting young people into private accounts, making it harder for potentially suspicious accounts to find young people, [and] limiting the options advertisers have to reach young people with ads.” Google and its subsidiary YouTube announced they will be “tailoring product experiences for kids and teens” by changing to “private” the default video upload setting for teens between the ages of 13 and 17; turning off location history (without the option of turning it back on) for users under 18; and “block[ing] ad targeting based on the age, gender, or interests of people under 18,” among other changes. Last year — in a similar vein prior to the enactment of the AADC — TikTok stated that it had disabled messaging for the accounts of those under the age of 16 and increased parental controls.
§ The National Institute of Standards and Technology (NIST) released “the second public draft of Special Publication (SP) 800-161 Revision 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, for public comment.” NIST explained:
o The initial public draft was published in April of 2021 and preceded the release of the President’s Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity issued on May 12, 2021. This EO charged multiple agencies—including NIST—with enhancing cybersecurity through a variety of initiatives, but with a specific focus on the security and integrity of the software supply chain.
o We worked on making the implementation guidance more consumable by different audiences by revising the structure of the document and adding Audience Profiles. We also added two NEW appendices focused more specifically on Federal departments and agencies:
§ APPENDIX E: A Federal Acquisition Supply Chain Security Act of 2018 (FASCSA) appendix, which provides additional guidance tailored to federal executive agencies related to supply chain risk assessment factors, assessment documentation, risk severity levels, and risk response.
§ APPENDIX F: A Response to Executive Order 14028’s Call to Publish Preliminary Guidelines or Enhancing Software Supply Chain Security appendix, which seeks to provide a response to the directives outlined within Section 4(c) of the EO by outlining existing industry standards, tools, and recommended practices within the context of SP 800-161 Revision 1, as well as any new standards, tools, and recommended practices stemming from the EO and recent developments in the discipline.
§ Twitter issued “PROTECTING THE OPEN INTERNET: Regulatory principles for policy makers” and asserted:
o The pressures driving internet regulation around the world are wide- ranging, highlighting the diverse challenges, competing policy priorities, and the implications of widespread technological adoption that societies face. How these challenges are addressed will affect services of all sizes, the ability of billions of people to share information with the world and hear from others across borders, the future of the digital economy, and the survival of a free and secure Open Internet.
o The potential consequences are vast, go far beyond today’s headlines, and are bigger than any one company. There are no easy answers, and there are a lot of trade-offs. By designing regulation around the largest services today, or by only responding to the challenges faced in certain regions, the future of the internet will be defined by these choices, and the innovation needed to solve challenges and widen participation will fall short. The Open Internet is not something to be taken for granted, and in the coming years, decisions will be made that define its future. The risk that the rhetoric of policy and language of law will be co-opted and weaponised by those seeking to usher in an age of techno-nationalism is real.
o Regulatory approaches to new industries are often shaped by the policy responses designed in the aftermath of the industrial revolution, oriented towards frameworks that specify standards for outcomes of mechanical processes. This approach struggles to adapt to the unpredictable and rapidly evolving nature of human use of technology and expression. More broadly, the policy issues faced are often rooted in societal challenges. They demand a whole of society response and will not be solved by the removal of content online alone. Bad actors seeking to exploit online services to undermine elections, spread disinformation, and harm others will not be deterred by their accounts being removed.
§ Office of Science and Technology Policy (OSTP) Director Eric Lander and OSTP Deputy Director for Science and Society Alondra Nelson wrote an op-ed in WIRED in which they called for a “Artificial Intelligence (AI) Bill of Rights.” They asserted:
o In the 21st century, we need a “bill of rights” to guard against the powerful technologies we have created.
o Our country should clarify the rights and freedoms we expect data-driven technologies to respect. What exactly those are will require discussion, but here are some possibilities: your right to know when and how AI is influencing a decision that affects your civil rights and civil liberties; your freedom from being subjected to AI that hasn’t been carefully audited to ensure that it’s accurate, unbiased, and has been trained on sufficiently representative data sets; your freedom from pervasive or discriminatory surveillance and monitoring in your home, community, and workplace; and your right to meaningful recourse if the use of an algorithm harms you.
o Of course, enumerating the rights is just a first step. What might we do to protect them? Possibilities include the federal government refusing to buy software or technology products that fail to respect these rights, requiring federal contractors to use technologies that adhere to this “bill of rights,” or adopting new laws and regulations to fill gaps. States might choose to adopt similar practices.
§ The Government Accountability Office (GAO) issued a report requested by Congress on the Federal Communications Commission’s (FCC) implementation of the Broadband Deployment Accuracy and Technological Availability Act (Broadband DATA Act) (P.L. 116-130) and found:
o The Federal Communications Commission (FCC) was tasked in the 2020 Broadband Deployment Accuracy and Technological Availability Act (Broadband DATA Act) to create a location fabric, which is a dataset of all locations or structures in the U.S. that could be served by broadband, over which broadband deployment data can be overlaid. The purpose of this data collection effort is to improve the granularity and precision of FCC’s broadband deployment mapping, which will allow FCC to more precisely assess where Americans still lack access to broadband. As a start, FCC has hired a data architect and met with data companies and states to identify options. FCC has issued a request for proposals for a product to meet FCC’s location fabric needs. Additionally, FCC officials said that the data company that generates the location fabric will be responsible for developing a process for state, local, and tribal entities, and others to question and correct fabric location data to improve their accuracy, as required by the law.
o Stakeholders GAO interviewed identified challenges FCC faces with developing a location fabric, including incomplete or conflicting data sources, but said that such challenges can be overcome by using multiple sources of data. For example, according to stakeholders, there is no one source of location data that will be sufficient for FCC and its contract data company to develop a precise location fabric; therefore, it is necessary to integrate four main types of data to have a complete location fabric, as shown in the figure. These data can be sourced from federal, state, local, and commercial sources. State-level pilots have shown that overlaying these data increases the accuracy of the location fabric and addresses the limitation that some sources have incomplete data. FCC will need to manage other challenges as well, such as use restrictions.
Further Reading
Photo by Sogand Gh on Unsplash
§ “Hacker steals government ID database for Argentina’s entire population” By Catalin Cimpanu — The Record. A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles. The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons. The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen’s personal information
§ “I get abuse and threats online - why can't it be stopped?” By Marianna Spring — BBC. I'm the BBC's first specialist disinformation reporter - and I receive abusive messages on social media daily. Most are too offensive to share unedited. The trigger? My coverage of the impact of online conspiracies and fake news. I expect to be challenged and criticised - but misogynistic hate directed at me has become a very regular occurrence. Messages are laden with slurs based on gender, and references to rape, beheading and sexual acts. Some are a mish-mash of conspiracy theories - that I'm "Zionist-controlled", that I, myself, am responsible for raping babies. The C-word and F-word are repeatedly used.
§ “Pope Calls for Tech and Media Reforms” By Justin Hendrix — Tech Policy Press. Speaking from the Vatican to the World Meeting of Popular Movements, which according to Reuters is “a grouping of grassroots organizations and social movements which bring attention to inequality in labour, land ownership, health care and other social issues in the developing world,” Pope Francis called on tech firms and the media to make reforms in the name of human rights. Remarking that the “pandemic has laid bare the social inequalities that afflict our peoples,” the Pope said “it is clear that technology can be a tool for good, and truly it is a tool for good, which permits dialogues such as this one, and many other things, but it can never replace contact between us, it can never substitute for a community in which we can be rooted and which ensures that our life may become fruitful.”
§ “China Is Watching You” By Jonathan Hillman —The Atlantic. Even if you have never set foot in China, Hikvision’s cameras have likely seen you. By 2017, Hikvision had captured 12 percent of the North American market. Its cameras watched over apartment buildings in New York City, public recreation centers in Philadelphia, and hotels in Los Angeles. Police departments used them to monitor streets in Memphis, Tennessee, and in Lawrence, Massachusetts. London and more than half of Britain’s 20 next-largest cities have deployed them.
§ “Facebook plans to hire 10,000 in EU to build 'metaverse'” — Reuters. Facebook Inc plans to create 10,000 jobs in the European Union over the next five years, the social media giant said on Monday, to help build the so-called metaverse - an online world where people can use different devices to move and communicate in a virtual environment.
§ “YouTube Sued Over Animal Abuse Videos, Accused of Not Enforcing Ban” By Daisuke Wakabayashi — The New York Times. The videos are disturbing. A giant python wraps its thick body around the neck of a puppy, which thrashes and squeals in panic. A baby monkey, trembling and screeching in horror, is poked, prodded and pinched inside a basket. Another monkey is forced to fend off a giant snake slithering toward it while tied to the ground.
§ “At Amazon, Some Brands Get More Protection From Fakes Than Others” By Matt Day — Bloomberg. There are two classes of merchant on Amazon.com Inc.: those who get special protection from counterfeiters and those who don’t. The first category includes sellers of some big-name brands, such as Adidas, Apple and even Amazon itself. They benefit from digital fortifications that prevent unauthorized sellers from listing certain products—an iPhone, say, or eero router—for sale.
§ “Google faces a fine of up to 20% of Russian revenue this month” By Gleb Stolyarov — Reuters. Russia said on Tuesday it would this month seek to fine U.S. tech giant Google a percentage of its annual Russian turnover for repeatedly failing to delete content deemed illegal, Moscow's strongest effort yet to rein in foreign tech firms. Communications regulator Roskomnadzor said Google had failed to pay 32.5 million roubles ($458,100) in penalties levied so far this year and that it would now seek a fine of 5-20% of Google's Russian turnover, which could reach as much as $240 million, a significant increase.
§ “The days of U.S. tech companies fighting back against authoritarian regimes are long gone” By Gerrit De Vynck — The Washington Post. Last week, the makers of a globally popular Koran app said Apple had kicked them off its app store in China. The app is used by millions of Muslims around the world to study the Koran and track prayer times. Though Islam is legal in China, the government has for years been attempting to limit the activities of those living in the predominantly Muslim region of Xinjiang, taking steps like arresting imams and detaining hundreds of thousands of people in camps where they are sometimes tortured.
§ “Who Are the World’s Biggest Climate Polluters? Satellites Sweep for Culprits” By Timothy Puko — The Wall Street Journal. Satellites are emerging as a tool to fight climate change, exposing hidden sources of greenhouse gas emissions and allowing governments to monitor compliance with international pacts. Over the past three years, satellite images have been used to spotlight previously unreported leaks of methane—or to bump up estimates of known emissions—in Russia, Turkmenistan, Texas’ Permian Basin and elsewhere, in some cases triggering international scuffles.
§ “Commerce head out to save US jobs, 1 computer chip at a time” By Josh Boak — The Associated Press. Gina Raimondo only wears watches made by Bulova — a company that laid off her scientist father, closed its Rhode Island factory and moved production to China in 1983. The watches give Raimondo, the U.S. commerce secretary, a sense of mission as President Joe Biden’s de facto tech minister, a responsibility that is focused on adding the kinds of cutting-edge factory jobs that are now abroad. “It’s been a tribute to my dad,” Raimondo said of her watch choices in an interview, “and a reminder to me that we need to do more to get good manufacturing jobs in America.”
§ “Federal court dismisses bid protest brought against Navy by tech company Squire Solutions” By John Hewitt Jones — fedscoop. A judge at the U.S. Court of Federal Claims has dismissed an appeal brought by military technology company Squire Solutions after the Navy decided not to fund the company’s proposals for a prototype voice recognition system. Judge Richard Hertling in a written opinion last week dismissed the company’s allegations that the Navy’s evaluation and re-evaluation of its bid submission were arbitrary, and that its re-evaluation of the award was tainted with bias in retaliation for another agency-level protest.
§ “CBP Testing Thermal Body Scans at Pedestrian Border Crossings” By Aaron Boyd — Nextgov. International travelers moving through certain ports of entry on foot will be subject to passive thermal scanning as part of a technology demonstration testing a new ranged non-intrusive inspection system for pedestrian traffic. The Customs and Border Protection agency is piloting body scanning technologies at pedestrian border crossings to detect weapons and other contraband moving through ports of entry without having to stop every person in line for a physical search.
§ “Republican and Democrat Lawmakers Step Up Efforts to Adopt Tougher Tech Laws” By John McKinnon — The Wall Street Journal. Legislation to curb the influence of big technology companies, including putting new restrictions on online content, is starting to gain traction in Congress as lawmakers narrow their targets and seek to build on public attention. A bipartisan group of senators including Amy Klobuchar (D., Minn.) and Chuck Grassley (R., Iowa) came out last week in favor of legislation that would prohibit dominant platforms from favoring their own products or services, boosting similar efforts already under way in the House.
Coming Events
Photo by Jason Woodhead
§ 4 November
o The House Transportation and Infrastructure Committee will hold a hearing titled “The Evolving Cybersecurity Landscape: Industry Perspectives on Securing the Nation's Infrastructure.”
o The United Kingdom’s Draft Online Safety Bill (Joint Committee) will hold an oral evidence session as part of its legislative inquiry: Draft Online Safety Bill.
§ 8 November
o The National Institute of Standards and Technology (NIST) will hold a workshop to “discuss the approach that NIST is taking to support Section 4e of the President’s Executive Order (EO) on “Improving the Nation’s Cybersecurity (14028)” issued on May 12, 2021. This EO charged multiple agencies – including NIST– with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain.”
§ 16 November
o The Senate Judiciary Committee will hold a hearing titled “Oversight of the Department of Homeland Security.”