Science, The Endless Frontier

EU Parliament passes law giving platforms one hour to take down terrorist content; UK and US agencies warn on Russian tactics

Photo by Lucky Cungwa from Pexels

A bill is reintroduced to significantly expand, fund, and speed up United States (U.S.) research to ensure continued world technological leadership. A Senate committee will take up the bill later this week.

Twitter

Made in the USA 2025 plan?

Cocktail Party

Few things focus minds and clear away partisanship in Washington like the People’s Republic of China (PRC). The “Endless Frontier Act” would authorize over $100 billion for research into key technology like artificial intelligence, machine learning, supercomputing, semiconductors, robotics, and the like. Much of the impetus for a paradigm shift in U.S. research policy and funding comes from the PRC’s efforts to boost its companies and research capacity. There is acute pressure in Washington to fend off the PRC and maintain the U.S. lead in developing technology.

Meeting

A rare area of bipartisan agreement has yielded a bill sponsored by Senate Majority Leader Chuck Schumer (D-NY), Senator Todd Young (R-IN), and Representatives Ro Khanna (D-CA) and Mike Gallagher (R-WI): the “Endless Frontier Act” (S.1260/H.R.2731). On 12 May, the Senate Commerce, Science, and Transportation Committee will hold a markup of the bill. And even if this bill should be enacted, funds would still need to be appropriated to achieve its goals.

Geek Out

The impetus for the bill is succinctly explained in the U.S.-China Economic and Security Review Commission’s recent annual report to Congress:

In China’s most recent industrial policy wave, set by the 2016 Innovation-Driven Development Strategy, which includes the Made in China 2025 plan, policymakers have promoted the development of China’s digital ecosystem and accompanying regulatory architecture. The CCP believes China faces a rare historic opportunity to establish control over a cluster of revolutionary, networked technologies, including high-speed internet, sensors, telecommunications, artificial intelligence, robotics, and smart city infrastructure. Doing so could allow Beijing to leapfrog the United States and other powerful competitors and lead in the next generation of global innovation.

But, there is more to the bill than just increasing research and technology funding and efforts. The Endless Frontier Act also seeks to germinate funds and organizations that could create new clusters of technological ferment and innovation in the U.S. beyond places like Silicon Valley, California and Austin, Texas that would ideally create good jobs and foster manufacturing in the U.S., thus lessening dependence on supply chains that often emanate in the PRC.

In order to navigate the long bill more easily, here’s the table of contents the bill’s drafters omitted:

§  Section 1: Short Title: Page 2

§  Section 2: Findings: Page 2

§  Section 3: Improving Technology and Innovation Research at the National Science Foundation: Page 5

§  Section 4: Endless Frontier Fund: Page 53

§  Section 5: Strategy and Report on Economic Security, Science, Research, And Innovation to Support The National Security Strategy: Page 56

§  Section 6: Supply Chain Resiliency Program: Page 65

§  Section 7: Regional Technology Hub Program: Page 83

§  Section 8: Comprehensive Regional Technology Strategy Grant Program: Page 116

§  Section 9: Manufacturing USA Program: Page 131

§  Section 10: Technology Commercialization Review: Page 151

§  Section 11: Study On Emerging Science And Technology Challenges Faced By The United States And Recommendations To Address Them: Page 154

§  Section 12: Coordination of Activities: Page 158

§  Section 13: Person or Entity of Concern Prohibited: Page 159

The bill authorizes $112.4 billion for its activities (i.e., an Endless Frontier Fund), but the appropriations process would ultimately determine how much funding is actually provided. For any such funds, the White House’s Office of Science and Technology Policy would administer the funding. While Congress would not direct OSTP or an administration on where funds must be spent, there are interesting hints as to where Congress thinks the money is to be spent. In a “Sense of Congress” section (which is not binding on the executive branch), the bill lists the places funds ought to be allocated:

§  $9,425,000,000 to the regional technology hub program under section 28 of the Stevenson-Wydler Technology Innovation Act of 1980

§  $575,000,000 to the comprehensive regional technology strategy grant program under section 29 of the Stevenson-Wydler Technology Innovation Act of 1980

§  $100,000,000,000 to the Directorate for Technology and Innovation of the National Science Foundation

§  $2,410,000,000 for the period of fiscal years 2022 through 2026 to the Manufacturing USA Program

The bill establishes a Directorate for Technology and Innovation (DTI) inside the National Science Foundation (NSF) to provide leadership in critical technologies, address and mitigate challenges to U.S. technological leadership, enhance U.S. competitiveness, accelerate the transition of basic research to technology transfer, and engage the U.S. workforce. The legislation suggests the NSF create DTI program managers similar to the Defense Advanced Research Projects Agency (DARPA) program but leaves the structure up to the NSF. The DTI would operate from the same authority as DARPA to pay scientists and other experts more than the civilian pay scale allows for.

The Endless Frontier Act requires the DTI to address “key technology focus areas,” a list the agency would need to revise every three years. The bill provides an initial list that contains all the technology fields one would expect given that the legislation is designed to address U.S. national competitiveness, especially against the PRC. The initial list is:

§  artificial intelligence, machine learning, and other software advances

§  high performance computing, semiconductors, and advanced computer hardware

§  quantum computing and information systems

§  robotics, automation, and advanced manufacturing

§  natural and anthropogenic disaster prevention or mitigation

§  advanced communications technology

§  biotechnology, medical technology, genomics, and synthetic biology

§  cybersecurity, data storage, and data management technologies

§  advanced energy, batteries, and industrial efficiency; and

§  advanced materials science, engineering, and exploration relevant to the other key technology focus areas

To revise the list every three years, the DTI would need to engage with other key agencies in the executive branch and make its revised list available to the public for comment. The White House’s Office of Science and Technology Policy (OSTP) would have the authority to allow the DTI to revise the list more frequently than the three-year interval in the case of “extraordinary circumstances.”

Nonetheless, the DTI award funds to recipients for research in key technology areas. Eligible recipients are universities and colleges, not-for-profit entities, and consortia led by one of the two previous classes of entities that may include a range of entities such as minority universities and colleges, “emerging research institution[s],” starts ups, small businesses, public private partnerships, and others. The DTI must also make awards to universities or colleges or consortia to establish university technology centers. Awards would also be made with the purpose of fostering the transfer of scientific breakthroughs in key technology areas from laboratories to the market. The DTI would work with the National Institute of Standards and Technology (NIST) “to establish and operate test beds and fabrication facilities to advance the operation, integration, deployment, and, as appropriate, manufacturing of new, innovative technologies in the key technology focus areas, which may include hardware or software” with the goal of accelerating “the movement of innovative technologies into the commercial market through the private sector.” Eligible entities operating such test beds could apply to the DTI for awards of funding. The bill spells out what percentage of funds must be used for which type of award (e.g., at least 35% of annual funding must be awarded to university test centers.)

The DTI could act in unison with other NSF entities and provide funds to other federal agencies and entities for research. The DTI would need to coordinate with other agencies in making awards, especially with NIST and the Department of Energy. The DTI must also provide scholarships for undergraduate, postgraduate, and postdoctoral research with an eye toward broadening participation among those populations that are underrepresented in the sciences.

The NSF would need to appoint a Chief Diversity Officer who would provide “advice on policy, oversight, guidance, and coordination with respect to matters of the NSF related to diversity and inclusion.”

Every year, OSTP would need to review, develop, and revise, as necessary, “strategy, programs, and resources” that “pertain to U.S. national competitiveness in science, research, innovation, and technology transfer, including patenting and licensing, to support the national security strategy.” OSTP would need to provide Congress with any new strategy that emerges from this review process. OSTP would also submit a report to Congress assessing many aspects of these efforts with an eye to determining how well these efforts are maintain the geostrategic position and national security of the U.S.

The Department of Commerce (Commerce) would establish “a supply chain resiliency and crisis response program.” This mission of the new program is to foster or establish resilient supply chains in key technology fields through partnerships with a range of U.S. stakeholders. Commerce would map and monitor key supply chains and look for opportunities for the U.S. and its allies to build more robust supply chains. Commerce would have latitude in how it achieved these goals. The agency would need to submit biennial supply chain resiliency and domestic manufacturing reports to Congress that identify problems and provide policy solutions

It is fairly obvious this supply chain effort, like most others, seeks to reduce U.S. dependence on supply chains rooted in the PRC as a means of reducing U.S. vulnerability to the PRC. It is also a response to supply chain issues exposed during the pandemic.

The Endless Frontier Act would establish a regional technology hub program through which Commerce would designate eligible consortia for awards to advance research in key technology in a region of the U.S. and other purposes of the bill. Key aims of this program are to foster the growth of regional technology centers to help the U.S. maintain its technological superiority that also create good paying jobs. The Secretary of Commerce would need to work through the Assistant Secretary of Commerce for Economic Development, in coordination with the Under Secretary of Commerce for Standards and Technology. Entities eligible to participate in consortia that may participate include universities and colleges, state, local or Tribal governments, economic development organizations, industry or firms, labor organizations, and others.

Commerce must designate between 10 and 15 regional technology hubs within the five years after enactment keeping rural and smaller areas in mind. The agency can award grants or enter into cooperative agreements with the federal share being a total of 90% in the first year and thereafter dropping by 5% a year except for tribal area where the federal match can be 100% or small and rural areas where the match can be 90%.

Commerce would also establish a comprehensive regional technology strategy grant program that would award funds to consortia to develop regional technology strategies, identify partners to execute these strategies, and other measures to achieve the larger goals of the Endless Frontier Act. The eligible consortia for this program are the same ones eligible for the regional technology hub program, and the cap on the federal share of financing these activities through a grant is similar to the regional technology hub program with 80% for most consortia, 100% for tribal led consortia, and 90% for small and rural areas.

The bill expands and reforms NIST’s Manufacturing USA Program “to support innovation and growth in domestic manufacturing.” Commerce must “establish policies to promote the domestic production of technologies developed by the Manufacturing USA Network.”

OSTP must review public private arrangements to develop and commercialize technology to determine the extent to which these efforts have benefitted U.S. and PRC manufacturing and technology. OSTP would also develop recommendations on how to maximize the benefit to the U.S. while minimizing the benefit to the PRC.  

Commerce would need to conduct a study on emerging science and technology challenges faced by the U.S. and make recommendations to address them. Commerce must contract with the National Academies of Sciences, Engineering, and Medicine to study “the 10 most critical emerging science and technology challenges facing the United States” and report on possible legislative or administrative action.

OSTP must coordinate all the activities established and funding by the Endless Frontier Act with the National Economic Council, the Office of Management and Budget, NSF, Commerce, and the Department of Energy. PRC entities identified as connected to or working with the PRC military would be barred from all funds and activities in the Endless Frontier Act.

Other Developments

§  The Facebook Oversight Board has “upheld” Facebook’s decision to shutter former President Donald Trump’s Facebook and Instagram account. The Board stated Facebook needs to decide within six months on a penalty appropriate to Trump’s violations instead of the indefinite suspension it levied after the attack on the United States Capitol on 6 January fomented by Trump’s lies. The Board stated:

o   However, it was not appropriate for Facebook to impose the indeterminate and standardless penalty of indefinite suspension. Facebook’s normal penalties include removing the violating content, imposing a time-bound period of suspension, or permanently disabling the page and account.

o   The Board insists that Facebook review this matter to determine and justify a proportionate response that is consistent with the rules that are applied to other users of its platform. Facebook must complete its review of this matter within six months of the date of this decision. The Board also made policy recommendations for Facebook to implement in developing clear, necessary, and proportionate policies that promote public safety and respect freedom of expression.

§  The European Union’s Parliament passed a law that will require online platforms to remove terrorist content within one hour after receiving a removal order. The Parliament explained:

o   The new regulation will target content such as texts, images, sound recordings or videos, including live transmissions, that incite, solicit or contribute to terrorist offences, provide instructions for such offences or solicit people to participate in a terrorist group. In line with the definitions of offences included in the Directive on combating terrorism, it will also cover material that provides guidance on how to make and use explosives, firearms and other weapons for terrorist purposes.

o   Terrorist content must be removed within one hour

o   Hosting service providers will have to remove or disable access to flagged terrorist content in all member states within one hour of receiving a removal order from the competent authority. Member states will adopt rules on penalties, the degree of which will take into account the nature of the breach and the size of company responsible.

o   Protection of educational, artistic, research and journalistic material

o   Content uploaded for educational, journalistic, artistic or research purposes, or used for awareness-raising purposes, will not be considered terrorist content under these new rules.

o   No general obligation to monitor or filter content

o   Internet platforms will not have a general obligation to monitor or filter content. However, when competent national authorities have established a hosting service provider is exposed to terrorist content, the company will have to take specific measures to prevent its propagation. It will then be up to the service provider to decide what specific measures to take to prevent this from happening, and there will be no obligation to use automated tools. Companies should publish annual transparency reports on what action they have taken to stop the dissemination of terrorist content.

§  The National Security Agency (NSA) issued a cybersecurity advisory (CSA) titled “Stop Malicious Cyber Activity Against Connected Operational Technology” “for National Security System (NSS), Department of Defense (DOD), and Defense Industrial Base (DIB) operational technology (OT) owners and operators.” The NSA asserted:

o   The CSA details how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. Information technology (IT) exploitation can serve as a pivot point for OT exploitation, so carefully evaluating the risk of connectivity between IT and OT systems is necessary to ensure unique cybersecurity requirements are met.

o   This guidance provides a pragmatic evaluation methodology to assess how to best improve OT and control system cybersecurity for mission success, to include understanding necessary resources for secure systems:

§  First, NSA encourages NSS, DOD, and DIB system owners, operators, and administrators to evaluate the value against risk and costs for enterprise IT to OT connectivity. While the safest OT system is one that is not connected to an IT network, mission critical connectivity may be required at times. Review the connections and disconnect those that are not truly needed to reduce the risk to OT systems and functions.

§  Next, NSA recommends taking steps to improve cybersecurity for OT networks when IT-OT connectivity is mission critical, as appropriate to their unique needs. For IT-OT connections deemed necessary, steps should be taken to mitigate risks of IT-OT exploitation pathways. These mitigations include fully managing all IT-OT connections, limiting access, actively monitoring and logging all access attempts, and cryptographically protecting remote access vectors.

§  The Institute for Security & Technology’s (IST) Ransomware Task Force (RTF) issued its report “Combating Ransomware: A Comprehensive Framework for Action: Key Recommendations from the  Ransomware Task Force.” The RTF consists of United States (U.S.) government agencies, industry groups, companies, and others. At the public rollout of the report, United States Secretary of Homeland Security Alejandro Mayorkas said his agency would work with RTF to implement recommendations. The RTF made the following priority recommendations:

o   Coordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.

o   The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House. In the U.S., this must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.

o   Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments; and require organizations to consider alternatives before making payments.

o   An internationally coordinated effort should develop a clear, accessible, and broadly adopted framework to help organizations prepare for, and respond to, ransomware attacks. In some under-resourced and more critical sectors, incentives (such as fine relief and funding) or regulation may be required to drive adoption.

o   The cryptocurrency sector that enables ransomware crime should be more closely regulated. Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading “desks” to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.

§  Senators Catherine Cortez Masto (D-NV) and Rob Portman (R-OH) introduced legislation (S.1498) “to make sure the United States is positioned to lead international standards-setting, counter the Chinese government's influence and protect American jobs.” They asserted “[t]his legislation would require the White House Office of Science and Technology Policy (OSTP) to create a task force that would counter Chinese influence and ensure the United States is leading the emerging technology standards-setting process, and builds on Cortez Masto and Portman’s bipartisan “Ensuring American Leadership over International Standards Act,”which was signed into law last year.” They added:

o   This legislation intends to stop the Chinese government from dominating international standards-setting – which would allow them to continue to lead in the development of new technologies – and protect American jobs by strengthening the United States’ position as a leader in this space. This legislation would protect American competitiveness and protect American jobs by creating an Emerging Technology Standards-Setting Task Force, led by OSTP, which would include representation from Department of Commerce, the National Institute of Standards and Technology (NIST), the Department of State, the Department of Defense, the Department of Energy, Department of Labor. The Task Force would engage with academia and the private sector to develop a long-term strategic plan to assess which technology standards (5G, artificial intelligence, etc.) have the greatest impact on national security and economic competitiveness, and to craft a strategy to credibility and engagement with international institutions on standards-setting.

§  The United Kingdom’s National Cyber Security Centre (NCSC), the United States (U.S.) Department for Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) “published a report to provide further details of Tactics, Techniques and Procedures (TTPs) associated with SVR cyber actors…known and tracked in open source as APT29, Cozy Bear, and The Dukes.” The agencies stated:

o   UK and US governments recently attributed SVR’s responsibility for a series of cyber-attacks, including the compromise of SolarWinds and the targeting of COVID-19 vaccine developers.

o   Alongside this attribution, the United States’ National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA) released an advisory detailing the exploits most recently used by the group. The FBI, Department of Homeland Security (DHS) and CISA also issued an alert providing information on the SVR’s cyber tools, targets, techniques and capabilities.

o   The SVR is Russia’s civilian foreign intelligence service. The group uses a variety of tools and techniques to predominantly target overseas governmental, diplomatic, think-tank, healthcare and energy targets globally for intelligence gain. The SVR is a technologically sophisticated and highly capable cyber actor. It has developed capabilities to target organisations globally, including in the UK, US, Europe, NATO member states and Russia’s neighbours.

o   The NCSC, NSA, CISA and CSE previously issued a joint report regarding the group’s targeting of organisations involved in COVID-19 vaccine development throughout 2020 using WellMess and WellMail malware.

o   SVR cyber operators appear to have reacted to this report by changing their TTPs in an attempt to avoid further detection and remediation efforts by network defenders.

o   These changes included the deployment of the open-source tool Sliver in an attempt to maintain their accesses.

o   The group has also been observed making use of numerous vulnerabilities, most recently the widely reported Microsoft Exchange vulnerability.

§  The United States Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) published Bug Bytes, “the second graphic novel in CISA’s Resilience Series, communicates the dangers and risks associated with threat actors using social media and other communication platforms to spread mis-, dis-, and malinformation (MDM) for the sole purpose of planting doubt in the minds of targeted audiences to steer their opinion.”

§  The Government Accountability Office (GAO) assessed the National Nuclear Security Administration’s (NNSA) $600 million acquisition of high-performance computing (HPC) “to analyze and predict the performance, safety, and reliability of nuclear weapons and to help certify their functionality in the absence of nuclear testing.” The GAO concluded:

o   For over two decades, the Advanced Simulation and Computing (ASC) program has played a key role in supporting NNSA’s Stockpile Stewardship Program by developing modeling and simulation capabilities and deploying HPC systems to analyze and predict the performance, safety, and reliability of nuclear weapons and help certify their functionality in the absence of nuclear testing. To support the Stockpile Stewardship Program, the ASC program has developed some of the world’s most powerful computers. The most recent computing system acquisition, El Capitan, is estimated to cost $600 million—more than NNSA’s three predecessor systems combined. Because of the importance and cost, it is imperative that NNSA follow best practices for HPC acquisition wherever practicable.

o   The ASC program conducted the El Capitan analysis of alternatives (AOA) process largely as a pro forma activity to meet management requirements because officials believed the only viable alternative was the acquisition of an HPC system. In doing so, they did not follow agency policy and guidance that state that AOA processes should be consistent with GAO best practices where possible and, if these practices cannot be followed, deviations must be justified and documented. In the future, the ASC program is likely to acquire additional HPC systems to meet the need to assess the performance of current and future weapons systems against the growing capabilities of adversaries to use advanced defensive systems. Without taking steps to ensure that the ASC program follows GAO best practices for its AOA processes, where possible, and justifies and documents any deviations, the ASC program cannot be assured that the AOA processes are high quality and reliable and that the chosen alternatives meet mission needs and are the best solutions to support the modeling and simulation of nuclear weapons in the absence of nuclear testing.

o   In addition, El Capitan’s AOA process was conducted by Livermore, the contractor managing and executing the El Capitan system, as well as managing and operating the site where the system will be installed. This runs counter to Defense Programs policy and guidance that AOAs must be conducted independently of the contracting organization responsible for managing or executing the program, and of any party that will benefit from the execution of the program, to avoid conflicts of interest and potential bias. By ensuring that ASC HPC acquisition programs’ AOA processes are performed by an independent entity, the agency can reduce the risk of conflicts of interest and potential biases that may lead to decisions that are not in the agency’s best interest.

o   In carrying out the El Capitan acquisition program, NNSA has fully implemented all five selected key practices related to program monitoring and control. However, NNSA has only partially implemented key practices related to managing changes, maintaining traceability, and ensuring that program plans remain aligned to requirements. Until NNSA officials update and maintain program documents to include current El Capitan requirements and clearly document the relationship between El Capitan’s mission requirements and functional requirements, agency officials may be limited in their ability to ensure that all mission requirements are met in the final system.

o   The GAO made three recommendations:

§  The Administrator of NNSA should take steps to ensure that, for future HPC acquisitions, the ASC program follows GAO best practices for AOA processes, where possible, and justifies and documents any deviations, as required by agency policy. (Recommendation 1)

§  The Administrator of NNSA should ensure that the ASC program’s future AOA processes are performed by an entity independent of the contractor organization managing and executing the program. (Recommendation 2)

§  The Administrator of NNSA should update and maintain its acquisition program documents to include current El Capitan requirements and clearly document the relationship between El Capitan’s mission and functional requirements. (Recommendation 3)

Further Reading

§  “What the Big Tech hearings really accomplished” By Margaret Harding McGill, Ashley Gold — Axios. t's easy to dismiss the Big Tech hearings as political spectacles with no concrete results. But even without new laws, company behavior has evolved under the heat of the spotlight.

§  “Epic v. Apple: Everything you need to know about the biggest trial in tech” By Nick Statt, Ben Brody, and David Pierce — Protocol. On Monday, Apple and Epic Games will meet in court to decide one of the most consequential antitrust arguments in the history of the tech industry. The trial has been nearly a year in the making, following Apple's removal of Fortnite from the App Store in August 2020. It's arguably the biggest courtroom showdown Apple has engaged in since its smartphone patent war with Samsung nearly a decade ago.

§  “Homeland Security Secretary Backs Call for Mandatory Disclosure of Ransomware Payments” By Mariam Baksh — Nextgov. The Department of Homeland Security will work with a private-sector think tank to implement a report of recommendations for slowing the scourge of ransomware, including one that would require victims to report when they give in and make a payment, according to DHS Secretary Alejandro Mayorkas.

§  “What I Learned on My Quest to Fix America’s Social Media Problem” By L. Gordon Crovitz — Politico. One of the humbling experiences of starting a company in a new industry is that sometimes you don’t know the industry you’re in. In the case of NewsGuard, which I co-founded with fellow journalism veteran Steven Brill three years ago to help people protect themselves from the misinformation being fed them on the digital platforms, it took a group of Stanford academics to tell us what we were doing.

§  “Apple's New Software Update Will Let You Opt Out Of Being Tracked For Ads” By Pranav Dixit — BuzzFeed News. Last week, Apple announced brand-new hardware — souped-up iPad Pros, revamped iMacs, a new Apple TV, and AirTags. Today, it dropped iOS 14.5, a new software update for your iPhone and iPad. To get the new update, head on over to Settings, then General, and tap Software Update on your iPhone or iPad.

§  “Your Smartphone Should Be Built to Last” By Damon Beres — The New York Times. Years from now, what creature will digest the new iPads and AirTags that Apple announced on Tuesday? What soil will absorb their metals? The shiny gadgets of today will be waste tomorrow. As you eye that upgraded tablet, consider that Apple shipped so many new iPads last year that if they were all laid flat and stacked, they would be about as tall as 862 Empire State Buildings. Then think about whatever old iPad of yours is languishing now in some unknown place. Manufacturers don’t talk much about this turnover when they announce the big new thing that will replace your mostly just as good old thing. This is all by design. There’s a term for it: planned obsolescence, or designing a product with an intentionally limited life span. Ever try to get your TV repaired?

§  “The Postal Service is running a 'covert operations program' that monitors Americans' social media posts” By Jana Winter — yahoo! news. The law enforcement arm of the U.S. Postal Service has been quietly running a program that tracks and collects Americans’ social media posts, including those about planned protests, according to a document obtained by Yahoo News. The details of the surveillance effort, known as iCOP, or Internet Covert Operations Program, have not previously been made public. The work involves having analysts trawl through social media sites to look for what the document describes as “inflammatory” postings and then sharing that information across government agencies.

§  “Basecamp implodes as employees flee company, including senior staff” By Kim Lyons — The Verge. After a controversial blog post in which CEO Jason Fried outlined Basecamp’s new philosophy that prohibited, among other things, “societal and political discussions” on internal forums, company co-founder David Heinemeier Hansson said the company would offer generous severance packages to anyone who disagreed with the new stance. On Friday, it appears a large number of Basecamp employees are taking Hansson up on his offer: according to TheVerge contributing editor Casey Newton’s sources, roughly a third of the company’s 57 employees accepted buyouts today. As of Friday afternoon, 18 people had tweeted they were planning to leave.

§  “U.S. banks deploy AI to monitor customers, workers amid tech backlash” By Paresh Dave and Jeffrey Dastin — Reuters. Several U.S. banks have started deploying camera software that can analyze customer preferences, monitor workers and spot people sleeping near ATMs, even as they remain wary about possible backlash over increased surveillance, more than a dozen banking and technology sources told Reuters.

§  “Report: China, Russia fueling QAnon conspiracy theories” By Michael Isikoff — yahoo! news. Foreign-based actors, principally in China and Russia, are spreading online disinformation rooted in QAnon conspiracy theories, fueling a movement that has become a mounting domestic terrorism threat, according to new analysis of online propaganda by a security firm.

§  “The Incredible Rise of North Korea’s Hacking Army” By Ed Caesar — The New Yorker. Shimomura was a member of the Yamaguchi-gumi, the largest yakuza crime family in Japan. When one of his superiors asked him if he wanted to make a pile of fast money, he naturally said yes. It was May 14, 2016, and Shimomura was living in the city of Nagoya. Thirty-two years old and skinny, with expressive eyes, he took pride in his appearance, often wearing a suit and mirror-shined loafers. But he was a minor figure in the organization: a collector of debts, a performer of odd jobs.

§  “Microsoft’s app store changes crank up the Apple pressure” By Tom Warren — The Verge. Microsoft shook up the PC gaming industry this week with the announcement that it was cutting the fee it takes from game sales on the Windows store. On the surface, it’s a welcome move, with Microsoft matching the 12 percent cut that Epic Games takes, and putting more pressure on Valve, which still takes a 30 percent cut on most Steam purchases. But the cut is also a tactical move: Microsoft wants to help pressure Apple, and this week’s changes could play a role in the bigger app store battles kicking off next week.

Coming Events

§  On 11 May, the Senate Homeland Security and Governmental Affairs Committee will hold a hearing titled “Prevention, Response, and Recovery: Improving Federal Cybersecurity Post-SolarWinds.”

§  On 12 May, the Senate Commerce, Science, and Transportation Committee will hold a markup to consider the following matters among others:

o   Nomination of Lina M. Khan, of New York, to be Commissioner of the Federal Trade Commission

o   Nomination of Leslie B. Kiernan, of Maryland, to be General Counsel of the Department of Commerce

o   S.1260, Endless Frontier Act; Sponsors: Sens. Chuck Schumer (D-NY), Todd Young (R-IN)

§  On 14 May, the House Armed Services Committee’s Cyber, Innovative Technologies, and Information Systems Subcommittee will hold a hearing titled “Operations in Cyberspace and building Cyber Capabilities Across the Department of Defense.”

§  On 20 May, the Federal Communications Commission (FCC) will hold an open meeting with this tentative agenda:

o   Reducing Interstate Rates and Charges for Incarcerated People – The Commission will consider a Third Report and Order, Order on Reconsideration, and Fifth Notice of Proposed Rulemaking that, among other actions, will lower interstate rates and charges for the vast majority of incarcerated people, limit international rates for the first time, and seek comment on further reforms to the Commission’s calling services rules, including for incarcerated people with disabilities. (WC Docket No. 12-375)

o   Strengthening Support for Video Relay Service – The Commission will consider a Notice of Proposed Rulemaking and Order to set Telecommunications Relay Services (TRS) Fund compensation rates for video relay service (VRS). (CG Docket Nos. 03-123, 10-51)

o   Shortening STIR/SHAKEN Extension for Small Providers Likely to Originate Robocalls – The Commission will consider a Further Notice of Proposed Rulemaking to fight illegal robocalls by proposing to accelerate the date by which small voice service providers that originate an especially large amount of call traffic must implement the STIR/SHAKEN caller ID authentication framework. (WC Docket No. No 17-97)

o   Section 214 Petition for Partial Reconsideration for Mixed USF Support Companies – The Commission will consider an Order on Reconsideration to relieve certain affiliates of merging companies that receive model-based and rate-of-return universal service support from a “mixed support” merger condition cap. (WC Docket No. 20-389) 

o   Enforcement Bureau Action – The Commission will consider an enforcement action.

o   Enforcement Bureau Action – The Commission will consider an enforcement action.

§  On 27 July, the Federal Trade Commission (FTC) will hold PrivacyCon 2021.