Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,850 words, this briefing is about a 9-minute read.
At a Glance.
- US states that Iranian cyber operations are targeting both Trump and Harris campaigns.
- Courts block a key part of California's online children’s safety law.
Iran targets US campaigns and elections with cyber operations.
The News.
On Monday, the United States (US) accused Iran of conducting cyber operations against both the Trump and Harris campaigns as well as targeting the general US population with influence operations. With this announcement, the Federal Bureau of Investigation (FBI) stated that “we have observed increasingly aggressive Iranian activity during this election cycle.” More specifically, the US stated that the Iranian actors were using social engineering tactics to target “individuals with direct access to the presidential campaigns of both parties.” By targeting both campaigns, these actors aimed to steal and disclose sensitive information that could potentially influence the US elections. Regarding Iran’s influence operations, US officials stated that these efforts were looking to sow political divisions amongst the general population.
Iran’s mission to the United Nations responded to these claims stating that these allegations are “unsubstantiated and devoid of any standing.” The Iranian mission continued stating that “the Islamic Republic of Iran harbors neither the intention nor the motive to interfere with the US presidential election.”
The Knowledge.
With this most recent announcement, concerns surrounding international interference in US elections have continued to grow. While these concerns are not new, this topic has become a growing focal point as the November elections continue to draw nearer. In May, key security officials, including Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency, as well as Avril Haines, the Director of National Intelligence, met with Senate members to discuss these concerns. From this hearing, Director Haines discussed how Russia, China, and Iran all remain the three largest foreign threats to US elections. While Haines did state that Russia was the most concerning of the three, Haines did emphasize that “Iran is becoming increasingly aggressive in their efforts, seeking to stoke discord and undermine confidence in our democratic institutions.” Haines continued by stating that Iran has adapted “their cyber and influence activities, using social media platforms, issuing threats, and disseminating disinformation.”
Aside from the US government levying allegations against Iran, private firms have seconded these claims with their evidence. For example, last Friday, OpenAI stated that the company had blocked several ChatGPT accounts that were being used by Iran to target the US elections. OpenAI stated that these ChatGPT accounts were a part of an operation known as “Storm-2035” which was using the artificial intelligence service to create content aimed at influencing the US elections. From this investigation, OpenAI found that the Iranian actors were using the service to create both long-form and short-form content. While this most recent incident has been addressed, this is not the first time an incident like this has occurred. In May, OpenAI stated that it had stopped five other similar attempts to abuse the service. Here, these incidents also involved foreign actors, including Russia, China, Iran, and Israel, using the service to conduct deceptive operations that were aimed at manipulating public opinions and possibly influencing political outcomes.
The Impact.
Given the existing political division that already exists within the US, it is likely that hostile foreign actors are going to continue to exploit these tensions consistently until the general election concludes in November. While both the federal government and private companies have taken steps to mitigate the influence of these hostile actors, US citizens should continue to remain vigilant over the coming months as misinformation will likely continue to emerge, especially on social media platforms. Citizens should continue to verify all information they consume from trustworthy sources to ensure that they are making informed decisions when voting in November as well as not inadvertently spreading misinformation created by hostile actors.
For political campaigners as well as other governmental officials, people should be aware that these hostile actors are also aiming to exploit them through social engineering. By remaining overly cautious, these key figures can avoid falling for these scams that aim to exfiltrate sensitive information and use it for nefarious purposes.
Court blocks Californian law aimed at improving children’s online safety.
The News.
On Friday, the Ninth US Circuit Court of Appeals left a key part of an injunction blocking a California child’s online safety law intact. This legal issue emerged after NetChoice, a trade group for companies operating online, stated that the law violated free speech rights under the First Amendment. This law, also known as the California Age-Appropriate Design Code Act (CAADCA), was originally passed in 2022 but was later struck down in 2023 in a district court. For greater context, if the law were not struck down, it would have required businesses to create “Data Protection Impact Assessments” that would have assessed whether a company’s online platform could harm children and require these companies to actively reduce these risks. Additionally, the law would also require a business to estimate the ages of child users and configure stronger privacy settings. Lastly, the law imposed fines that could reach $2,500 per child for each negligent violation or $7,500 per child for each intentional violation. This most recent legal update involved an appeal to the 2023 ruling that struck down the act.
With this ruling Judge Milan Smith wrote on behalf of the three-judge panel stating that the bill was likely unconstitutional as California had less restrictive ways to protect children such as improving education for both children and parents, giving companies incentives to filter or block content, or by better enforcing criminal laws. In this brief, Judge Smith wrote that “the force creation and disclosure of highly subjective opinions about content-related harms to children is unnecessary for fostering a proactive environment in which companies, the state, and the general public work to protect children’s safety online.”
However, the Circuit court did set aside the rest of the 2023 injunction stating that the 2023 judge did not properly assess if the law could survive if the unconstitutional provisions were removed and returned the case to her.
The Knowledge.
This most recent case development marks another setback in legislatures’ attempts to better secure children’s online safety. Aside from this state law being sent back to be reassessed, federal laws including KOSA and COPPA 2.0 have hit substantial roadblocks in the House of Representatives. Here Representatives have cited concerns regarding the constitutionality of these bills as well as concerns regarding how much power these bills would give the Federal Trade Commission.
However, despite many of these bills being stalled or struck down, the public’s support to address these issues has only continued to grow. Since a January Senate hearing, where parents testified about the damages these platforms caused their children, took place, momentum to address how children are managed in online spaces has become a key issue across both sides of the political spectrum. Since this testimony, the bipartisan support behind this issue has been overwhelming as both KOSA and COPPA 2.0 passed the Senate with a 91-3 vote. Yet, despite this overwhelming bipartisan support no comprehensive legislation has been passed at the federal level and many of the bills passed in the state legislature have been challenged or have already been overturned as seen with CAADCA.
The Impact.
While support for children’s online safety will only continue to grow, it is unclear how this support will translate into tangible legislation at this current time. With both KOSA and COPPA 2.0 likely being delayed until after the November elections, how these bills look, if passed, could change dramatically if the majorities in the House or Senate were to change.
However, despite the numerous roadblocks that have slowed the resolution of this issue, some form of comprehensive legislation will likely be passed in the next administration given the overwhelming bipartisan support. In the meantime, parents should be prepared to understand the new rights that they may be given by any potential legislation and how these bills could impact their child’s online presence. Additionally, for online business platforms, companies should be aware and be prepared to comply with all of the provisions that these various bills are considering, especially for social media sites. While the exact details of the provisions will likely fluctuate over the coming months, companies should expect stronger requirements for data privacy and content exposure provisions to be implemented.
Highlighting Key Conversations.
In this week’s Caveat Podcast, our team took time to discuss the recent repeal of the Chevron Deference and the impacts that could be felt from this monumental decision. With the Supreme Court's ruling to overturn the 1984 Chevron v Natural Resources Defense Council decision, the court has ended the longstanding practice of allowing agencies to interpret and act on ambiguous federal laws. In this conversation, we sat down with Michael Listner to discuss this monumental change and the effect that it will have on the regulation of orbital debris.
Like what you read and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other noteworthy stories.
What: TikTok has filed a brief arguing that the company is a US company and has First Amendment protections.
Why: Last Thursday night, TikTok filed a brief stating that, despite the company’s foreign ownership, the company is still a US company and has legal protections. In this filing, the company wrote that “TikTok Inc., a US Company, is not stripped of First Amendment protection because it is ultimately owned by ByteDance LTD.” TikTok continued to write that “surely the American companies that publish Politico, Fortune, and Business Insider do not lose First Amendment protection because they have foreign ownership.” Lastly, TikTok wrote how the US government has also acknowledged that it has no evidence that China has ever manipulated the content seen by US citizens nor has the nation ever accessed any user data.
This legal battle emerged after the company sued the US government after the federal government passed legislation that will force TikTok’s owner, ByteDance, to divest from the social media application by January 19th.
What: Through the CHIPS and Science Act, Texas Instruments is set to receive up to $1.6 billion in funding to build three semiconductor plants in Texas and Utah.
Why: On Friday, the company announced this funding investment and their intention to build two fabrication plants in Sherman, Texas, and a third plant in Lehi, Utah. With this announcement, Haviv Ilan, the president and CEO of Texas Instruments, stated that “the historic CHIPS Act is enabling more semiconductor manufacturing capacity in the US, making the semiconductor ecosystem stronger and more resilient.”
Aside from this $1.6 billion investment, the company also stated that it expects to receive between $6 and $8 billion in tax credits and $10 million in funding for workforce development. With this investment, the CHIPS and Science Act has now provided nearly $53 billion to boost US chip production.