Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,800 words, this briefing is about a 9-minute read.
At a Glance.
- Biden administration holds final talks with Xi Jinping.
- A bipartisan coalition of attorney generals pushes Congress to pass KOSA.
Biden meets with Xi Jinping to discuss major policy topics.
The News.
Over the weekend, Chinese President Xi Jinping met with President Biden in Lima, Peru to discuss multiple policy topics. The key policy topics discussed centered around a recent China-linked T-Mobile hack, Taiwan, and Russian-Chinese relations. While the two leaders were not able to make headway on many of these issues, the two did reach an agreement emphasizing that human beings, not artificial intelligence (AI), should make decisions regarding the use of nuclear weapons. Both leaders are in the city for the ongoing APEC summit.
After this meeting, President Xi released a statement emphasizing that “China’s goal of a stable, healthy, and sustainable China-US relationship remains unchanged.” President Xi also stated that “China is ready to work with the new US administration to maintain communication, expand cooperation, and manage differences.” President Biden also commented on these talks emphasizing that while the two may not have agreed on everything during these discussions, the conversations were both “frank” and “candid.”
The Knowledge.
While both leaders discussed many key topics throughout their meeting, a key point of tension revolved around a recent cyberattack that targeted T-Mobile last week. In this attack, hackers linked to a Chinese intelligence agency breached the telecommunications company and were able to spy on cellphone communications of several high-value intelligence targets. While details are still emerging regarding the attack and what information was taken, the Federal Bureau of Investigation (FBI) and other governmental agencies did release a statement saying that the hackers were able to intercept surveillance data intended for law enforcement agencies.
This most recent attack comes after months of reports emerging regarding Chinese-affiliated hackers targetting telephone communications of presidential candidates and other notable government officials. Aside from Biden discussing this most recent cyber incident with Xi Jinping, the United States (US) Senate Judiciary subcommittee overseeing technology also held a hearing this Tuesday to discuss these incidents. During this hearing, led by Senator Richard Blumenthal, members reviewed the threats that “Chinese hacking and influence pose to [the US’s] democracy, national security, and economy.” During this hearing, the subcommittee met with the CrowdStrike Senior Vice President, Adam Meyers, the Telecommunications Industry Association CEO, David Stehlin, the Strategy Risks CEO, Issac Stone Fish, and Sam Bresnick, a research fellow at Georgetown University.
However, with the incoming Trump administration, it remains unclear how federal authorities plan to counteract these repeated attacks, some of which targeted the Trump campaign directly. While the previous Trump administration did create the Cybersecurity and Infrastructure Security Agency (CISA), experts are not convinced that his second administration will follow a similar approach. Andrew Howell, a cyber lobbyist at Monument Advocacy, commented on this situation stating that “[we] could wind up seeing a very ad hoc approach to international engagement on cybersecurity in the Trump 2.0 [administration]” The Trump administration has not yet named who will lead its cybersecurity positions.
The Impact.
While the details of this most recent attack are still coming, this attack as well as the similar ones that preceded it have begun to raise widespread concerns regarding the security of the US telecommunications industry. As the US transitions from the Biden administration to the incoming Trump administration, it remains unclear how the nation will tackle these cybersecurity challenges and protect key infrastructure. For people operating in key infrastructure sectors or within the government, these attacks represent a developing and concerning pattern that has yet to be comprehensively addressed. In the meantime, people and organizations should remain vigilant and continue monitoring their infrastructure for any suspicious or unauthorized activity.
Bipartisan coalition urges Congress to pass KOSA.
The News.
On Monday, a bipartisan coalition of over thirty attorney generals wrote a letter to leadership in both the Senate and House urging members to pass the Kids Online Safety Act or KOSA. This coalition emphasized that the legislation would “establish better safeguards for minors online” as they expressed their concerns regarding the negative impacts the internet can have on children.
In this letter, Jonathan Skrimetti, Tennessee’s Attorney General, wrote that “we are acutely aware of the threats minors face on social media, [and how] many social media platforms target minors, resulting in a nation youth mental health catastrophe.” The letter continued highlighting how “these platforms make their products addictive to minor users, and then profit from selling minor user data to advertisers…[without disclosing] the addictive nature of their products, nor the harms associated with increased social media use.” Additionally, the attorney generals pointed to investigations and lawsuits against social media companies for their alleged harm to minors as support for their claims. These attorney generals also expressed that passing KOSA would aid their state-level efforts to better protect kids and empower parents.
The Knowledge.
This letter comes as KOSA’s future remains unclear as the bill has sat in the House for several months since the Senate overwhelmingly passed the bill over the summer in a 91-3 vote. The House’s leadership has expressed concerns regarding the bill stating that it could lead to the censorship of conservative voices or overstep governmental authority. While the House’s version of the bill did advance out of committee in October with some amendments, no movement has been seen since then.
For greater context, KOSA is a piece of legislation that was created by Senators Richard Blumenthal and Marsha Blackburn that aimed to better protect children online and give parents more rights when it comes to managing their children’s online presence. Several key aspects of this bill include:
- Requiring social media platforms to automatically set minor accounts with the highest privacy settings.
- Giving users the ability to opt out of personalized content recommendations.
- Providing stronger reporting mechanisms to flag harmful or abusive content.
- Providing enhanced monitoring tools for parents to better manage their child’s online activities.
- Requiring greater transparency requirements for companies that would fall under KOSA’s purview.
Aside from KOSA, another bill that passed the Senate around the same time was COPPA 2.0, or the Children’s Online Privacy Protection Act. This bill was a revised version of the original law, which was passed in 1998, and was also passed in the KOSA vote. Aiming to update the original law for the modern world, Senators Edward Markey and Bill Cassidy drafted the revised version to include the following provisions:
- Banning targeted advertising to children and teens
- Allowing parents to request the deletion of their children’s personal information.
- Banning online companies from collecting personal information from minors without parental consent.
Like KOSA, COPPA 2.0 has not seen any progress since being passed by the Senate over the summer.
The Impact.
Despite KOSA’s and COPPA 2.0’s large bipartisan support, both bills’ futures remain uncertain. While it is unlikely that either bill will be comprehensively revisited before the next administration takes office, this topic will remain a key tension point as it has seen substantial bipartisan support both within Congress and at the state level. While it is unclear what the final versions of these bills will look like given the amendments already made to KOSA, the major parts of these bills will likely remain relatively unchanged or be repackaged as part of another version of the law.
Parents with children under eighteen should take the time to understand this legislation and the rights that it would provide both themselves and their children if passed. Additionally, social media companies, data brokers, and online advertising companies should also understand these laws and what new regulations would apply to them if these laws were to be passed to ensure their regulatory compliance and avoid unnecessary legal or financial penalties.
Highlighting Key Conversations.
In this week’s Caveat Podcast, our team sat down with Danny Allen, Snyk’s CEO, to discuss AI and how AI tools are secured and the broader software ecosystem. During this conversation, special emphasis was placed on discussing compliance with various security standards. Additionally, our team also discussed the impact of the recent Crowdstrike hearing and the long-term implications that this hearing could have for businesses.
Like what you read and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other Noteworthy Stories.
Biden administration finalizes $6.6 billion in chip grants for TSMC.
What: The Biden administration has finalized an agreement with the Taiwan Semiconductor Manufacturing Company (TSMC) to invest billions into Arizona facilities.
Why: On Friday, the administration announced that it has completed a $6.6 billion grant agreement with TSMC through the CHIPS and Science Act. With this announcement, President Biden stated that this grant “is among the most critical milestones yet in the implementation of the bipartisan CHIPS & Science Act, and demonstrates how we are ensuring that the progress made to date will continue to unfold in the coming years, benefitting communities all across the country.”
With this new grant, the administration is expected to create $65 billion in private investment by TSMC, which will include three new facilities and the creation of tens of thousands of jobs by the end of the decade. The first of these new facilities is on track to open next year.
Eighteen states file lawsuits against SEC over crypto overreach.
What: Eighteen Attorney Generals have sued the Securities and Exchange Commission (SEC) and Chair Gary Gensler for allegedly overstepping the agency’s authority when enforcing the cryptocurrency industry.
Why: Last Thursday, eighteen states, led by Kentucky Attorney General Russell Coleman, filed a lawsuit against the SEC and Gary Gensler arguing that the agency aimed to “unilaterally wrest regulatory authority away from the States.”
With this lawsuit, the complaint stated that “instead of respecting that constitutional balance of power, and allowing States to develop and enforce their own tailored digital asset regulations based on their own policy priorities…the SEC’s assertion of sweeping jurisdiction without congressional authorization deprives States of their proper sovereign role.”
Gensler responded to this lawsuit stating that “court after court has agreed with our actions to protect investors and rejected all arguments that the SEC cannot enforce the law when securities are being offered whatever their form.”
Musk expands lawsuit against OpenAI, adding Microsoft and antitrust claims.
What: Elon Musk has expanded his lawsuit against OpenAI, adding federal antitrust and other claims and adding Microsoft as a defendant.
Why: Last Thursday, Elon Musk expanded upon his initial lawsuit against OpenAI. With this amended lawsuit, Musk is now alleging that Microsoft and OpenAI illegally sought to monopolize the market for generative AI and sideline competitors.
Musk’s original complaint was filed in August and accused OpenAI and Sam Altman, the company’s chief executive, of violating contract provisions by putting profits ahead of the public good. OpenAI responded to this latest lawsuit writing that the lawsuit “is even more baseless and overreaching than the previous ones.”