Kicking off this week, China has invited foreign tech corporations to join its government’s central technical committee. Technical Committee 260, which reports to the Cyberspace Administration of China, is responsible for establishing China’s cyber security standards and will now feature Cisco, IBM, Intel and Microsoft as members. The move comes after intense criticism of China’s cyber regulations for being tough on international business interests, and has been interpreted as an attempt to placate those concerns. Ostensibly, these companies will now play a role in drafting China’s cyber security legislation; however the extent of their influence is still an unknown.
Cyber cooperation isn’t all Beijing has on its mind however. Kaspersky stats show Chinese hacking of the defense, aviation and nuclear industries in Russia has almost tripled since the beginning of the year. The clear focus on cyber espionage targeting critical national interests, rather than financial cybercrime on corporations, suggests these activities were either approved or undertaken by official Chinese representatives. This uptick of Russia’s cyber suffering at the hands of the Chinese has interestingly coincided with a recent drop in Chinese targeting of the US in cyberspace. Russia and China have historically demonstrated a fair degree of cooperation on cyber security, creating and updating a code of conduct for information security through the Shanghai Cooperation Organisation in 2011 and 2015, signing a bilateral ‘non-aggression pact’ in May last year and releasing a joint statement in June this year. However, these recent hacking trends may have confirmed suspicions that such public comradeship may only be surface deep.
Privacy feathers have been ruffled this week, with WhatsApp announcing a new information sharing deal with Facebook. WhatsApp will now disclose phone numbers and user activity analytics to its parent company in order to facilitate more targeted advertising and friend suggestions on Facebook, as well as fight spam. The new policy has raised eyebrows across the world, representing WhatsApp’s first diversion from its famous privacy vow and Facebook’s first steps to monetise the platform since purchasing it for US$22 billion in 2014. The good news is that users have the choice to opt-out of this new policy change—but you’d better move fast because the window to do so is only open for 30 days. WhatsApp has provided a slightly awkward ‘how-to’ guide here.
The privacy battle between government and civil society continues in America. Last week, tech giants vocally rejected the Obama administration’s proposal to request the social media accounts of foreign visitors in an attempt to identify terrorist threats. The proposed change would create a field stating ‘please enter information associated with your online presence’ on the US’s ESTA and I-94W arrival/departure forms. The companies, including Google, Facebook and Twitter, warn that the proposed measure will ‘have a chilling effect on the use of social media networks, online sharing and, ultimately, free speech online’. Civil liberties advocacy groups have also argued in an open letter that beyond invading individuals’ personal privacy, this measure will be ‘ineffective and prohibitively expensive to implement and maintain’.
Across the Atlantic, France and Germany are pushing for a European crackdown on encryption technology in response to the recent wave of terrorist attacks in Europe. The German Interior Minister, Thomas De Maizière, and his French counterpart, Bernard Cazeneuve, put forward a joint proposal calling on the European Commission to draft a law obliging online messaging services to monitor content and assist law enforcement with decryption efforts when required. As expected, the move sparked opposition from European industry groups who argue that enforcing such backdoors ‘ultimately leaves online systems more vulnerable’. It seems Europe is following in the footsteps of the privacy–security debate that has unfolded in the US over the last year.
Debate continues over the identity, capability and credibility of the Shadow Broker hackers who several weeks ago hosted on online auction of programs apparently nabbed from the NSA. Importantly, this content was stolen from another hacking team, Equation Group, and is actually fairly old, containing no programs more recent than October 2013. The indirect leak supposedly reveals some of the top secret cyber tools used by the spy agency to surveil American security companies such as Cisco and Fortinet. However, recent realisations that these tools contain the ability to compromise the firewalls of Chinese tech manufacturer Huawei have given even deeper insight into the scope of NSA operations. The contents of the Shadow Brokers dump have seemingly been confirmed as authentic by correlations with previously unreleased Snowden documents. Learn more about the speculated ‘who and how’ of the hack with this Engadget article and read this Lawfare piece for a low down of the questions that should be asked of the NSA in response.
And finally, check out Monday night’s episode of Four Corners, boldly titled ‘Cyber War’. While it won’t teach well-informed cyber nerds anything new, it’s a welcome fourth estate attempt to raise public awareness of cyber security. You can read commentary on the episode here and here.