This is the free version of yesterday's post on the possibility that Congress might actually institute a data protection law for the United States.
Subscribe today for all the paywalled material posted on The Wavelength. Subscriptions are available for $250 a month and less for an annual subscription. I think you'll find the value to cost ratio is high with The Wavelength.
As analyzed in yesterday’s Wavelength, another Wall Street Journal (WSJ) article suggested that Democrats and Republicans are close to a deal on a United States (U.S.) national data protection/privacy bill. This dovetails with recent public remarks made by staff and the public posture of some of the large technology firms even though they continue to lobby at the federal and state levels for industry-favorable bills. These glimpses of the legislative state of play suggest what a final bill will look like with regard to a private right of action, whether state laws like California’s will be preempted, and other features of the bill. Of course, this is a political component that is discussed as well.
Subscribe to The Wavelength to read this full article and others.
And here are the Other Developments and Further Reading from a month ago. Of course, being a subscriber would mean receiving this sort of information in a much more timely manner.
The United States (U.S.) Senate agreed by a 51-50 vote to a motion to discharge the nomination of Alvaro Bedoya to a Commissioner on the Federal Trade Commission from the Senate Commerce, Science, and Transportation Committee which deadlocked on the nomination by a 14-14 vote. It is expected that the Senate will confirm Bedoya to be the third Democratic Commissioner on the FTC, allowing Chair Lina Khan to initiate more aggressive action.
The United States (U.S.) Department of the Treasury’s Office of Foreign Assets Control (OFAC)“designat[ed] 21 entities and 13 individuals as part of its crackdown on the Kremlin’s sanctions evasion networks and technology companies, which are instrumental to the Russian Federation’s war machine.”
The United States (U.S.) Department of Defense transmitted the classified 2022 National Defense Strategy (NDS) to Congress and in a fact sheet named as the top “Defense priority:” “Defending the homeland, paced to the growing multi-domain threat posed by the People’s Republic of China (PRC).”
The European Court of Auditors “found that, overall, EU institutions, bodies and agencies’ (EUIBA) level of preparedness is not commensurate with the threats, and that they have very different levels of cybersecurity maturity” and “recommend that the Commission improve EUIBAs’ preparedness by proposing the introduction of binding cybersecurity rules and an increase in resources for the Computer Emergency Response Team (CERT-EU).” The European Commission, CERT-EU, and the European Union Agency for Cybersecurity (ENISA) responded to the findings and recommendations.
The United Kingdom’s (UK) National Cyber Security Centre’s (NCSC) Technical Director Ian Levy updated 2017 advice on using Russian technology products and services and asserted that “[t]he war has proven many widely-held beliefs wrong and the situation remains highly unpredictable…[and] [i]n our view, it would be prudent to plan for the possibility that” “the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests.”
The United States (U.S.) Government Accountability Office (GAO)published reports titled “Artificial Intelligence: DOD Should Improve Strategies, Inventory Process, and Collaboration Guidance,” “Cybersecurity: OMB Should Update Inspector General Reporting Guidance to Increase Rating Consistency and Precision,” and “Defense Acquisitions: Cyber Command Needs to Develop Metrics to Assess Warfighting Capabilities.”
A United States (U.S.) federal court granted the U.S. Postal Service’s (USPS) motion to dismiss a suit brought by the Electronic Privacy Information Center (EPIC) alleging that the USPS used Clearview AI facial recognition technology without conducting a privacy impact assessment as the E-Government Act requires. In a memorandum opinion, the court explained its dismissal because EPIC “has not met its burden to show a cognizable injury in fact.”
The National Association of Attorneys General (NAAG) wrote TikTok and Snapchat urging the companies “to give parents the ability to monitor their children’s social media usage and protect their children from online threats using parental control apps.”
In his speech on the budget, Australia’s Treasurer Josh Frydenberg MP announced “a new 10 year, $9.9 billion AUD (roughly $7.4 USD) investment in Australia’s offensive and defensive cyber capabilities…the biggest ever investment in Australia’s cyber preparedness.”
The Integrity Institute issued a report analyzing Facebook’s Widely Viewed Content Report and found, among other conclusions, “[b]y empowering content producers that fail the most basic media literacy checks with huge audiences, Facebook is exposing communities and users on their platform to large risks from bad actors wishing to exploit them for narrow self interest.”
The United States (U.S.) Department of the Treasury’s Federal Insurance Office (FIO) is seeking input on the Terrorism Risk Insurance Program as part of its annual reporting requirements, in particular on the cyber insurance market.
The United States (U.S.) Information Security Oversight Office published a direct final rule “to permit digital signatures that meet certain requirements on the Standard Form (SF) 312, which is the non-disclosure agreement required prior to accessing classified information.”
The United States (U.S.) General Services Administration (GSA) Office of Government-wide Policy (OGP) announced the release of the modernized federal IT dashboard, “which provides public visibility into how the government spends IT dollars.”
The Tech Oversight Project has started a “Big Tech Wiki” with information about the lobbying and influence activities of the largest technology companies in the United States.
Irish Council for Civil Liberties released the European Data Protection Board’s “Internal EDPB Document 6/2020 on preliminary steps to handle a complaint: admissibility and vetting of complaints” obtained through a Freedom of Information request.
“Wyden Concerned Crypto Companies are Using Low-Income Zones As Tax Havens” By Alexandra Kelley — Nextgov
“Social media is a bad predictor of demographics in Latin America” By Alex González Ormerod — Rest of the World.
“Leaked Details of the Lapsus$ Hack Make Okta’s Slow Response Look More Bizarre” By Lily Hay Newman — WIRED
“Ukraine suffered two cyberattacks in the lead-up to Russia's invasion” By Aaron Schaffer — Washington Post
“A bilateral data-sharing deal with U.S. better than status quo, says privacy watchdog” By James McCarten — Toronto Star
“You Can Now Sign Away Rights to Your Biometric Data” by Janus Rose — Vice
“NSO says Israeli police got 'weaker' variant of Pegasus phone hacking tool” By Dan Williams — Reuters
“Hackers hit popular video game, stealing more than $600 million in cryptocurrency” By Steven Zeitchik — Washington Post
“Pentagon expects to award up to $9 billion in cloud contracts in December” By Amanda Macias and Jordan Novet — CNBC
“4,000 letters and four hours of sleep: Ukrainian leader wages digital war” By Cat Zakrzewski — Washington Post
“EU agencies must ramp up cybersecurity measures, auditors say” By Foo Yun Chee — Reuters
“Verizon blames ‘bad actors’ for the spam text you got from your own number” By Chris Welch — The Verge
“Proposal to Sanction Russian Cybersecurity Firm Over Ukraine Invasion Splits Biden Administration” By Vivian Salama and Dustin Volz — Wall Street Journal
“The real reason Will Smith’s Oscars outburst was censored on U.S. broadcasts” By Cristiano Lima — Washington Post
“Google Workspace will re-enable tracking for many users today” By Ron Amadeo — Ars Technica
“Russian regulators threaten YouTube with fines for ‘information war’” By Gerrit De Vynck — Washington Post
“Ben McKenzie Would Like a Word With the Crypto Bros” By David Yaffe-Bellany — New York Times
“Spyware Vendor FinFisher Claims Insolvency Amid Investigation” By Ryan Gallagher — Bloomberg