Welcome to the CAVEAT Weekly Newsletter, where we break down some of the major developments and happenings occurring worldwide when discussing cybersecurity, privacy, digital surveillance, and technology policy.
At 1,750 words, this briefing is about a 7-minute read.
At a Glance.
- NATO is aiming to boost efforts to counter Russian and Chinese sabotage acts.
- New bipartisan AI disclosure bill introduced to the House.
NATO looks to step up counter-sabotage efforts.
The News.
On Tuesday, Mark Rutte, North Atlantic Treaty Organization’s (NATO) chief, emphasized how the transnational organization plans to increase its efforts in the face of “hostile” acts of sabotage. With this announcement, Rutte stated that “over the past years, Russia and China have tried to destabilize our nations with acts of sabotage, cyberattacks, disinformation, and energy blackmail to intimidate us.” These comments come ahead of a meeting taking place this week where NATO’s foreign ministers are expected to create a new strategy to counter the hybrid threats they are facing. More specifically, this new strategy aims to cover propaganda, political interference, deception, key infrastructure sabotage, and other tactics.
The Knowledge.
This revised strategy meeting came after several major cyber incidents, attributed to Russia, have continued to occur. Perhaps the most impactful of these incidents involved damages to two Baltic Sea communications cables. For context, in the middle of November reports emerged after two fiber-optic telecommunication cables in the Baltic Sea were damaged in a suspected sabotage effort. After this incident, several European governments accused Russia of escalating its hybrid attacks. At the time, the foreign ministers of France, Germany, Italy, Poland, and Britain released a joint statement writing that “Moscow’s escalating hybrid activities against NATO and EU countries are also unprecedented in their variety and scale, creating significant security risks.” While Russia denied these accusations, multiple European nations launched investigations into the matter, which are still ongoing.
Aside from this incident, Western European officials have also pointed to a series of fires that occurred in courier depots across Britain, Germany, and Poland in early November. In this instance, several parcels exploded at logistics depots in an alleged “test run” for a Russian plot to trigger explosions on cargo flights. Kestutis Budrys, a national security advisor to the Lithuanian President, commented “I can state that this is part of unconventional kinetic operations against NATO countries that are being undertaken by the Russian military intelligence.” Budrys continued emphasizing that “we note that these operations are being escalated: their focus is moving…to harming infrastructure and actions that could end up killing people.”
These incidents echo a recent press briefing where Richard Moore, the chief of MI6, accused Putin and his allies of attempting to “sow fear about the consequences of aiding Ukraine” and conducting a “staggeringly reckless campaign of Russian sabotage.” Moore also commented on how these alleged sabotage efforts could embolden other hostile actors like China, North Korea, and Iran to engage in similar activities.
The Impact.
While this revised NATO strategy has yet to be released, this meeting signals a renewed effort within Europe to address Russia’s increasingly aggressive sabotage efforts. Despite many European leaders expressing their concerns about Russia, leaders remain conflicted regarding what is the best way to address this aggression. For example, NATO members have differing opinions on how much intelligence they need to share with other governments as each nation approaches intelligence gathering and handling differently with some preferring to make events known to the public whereas others prefer keeping intelligence classified. Another point of contention that will likely emerge is the strategy to use when responding to Russian attacks. While some nations have signaled a firm response, others have expressed concerns about further escalating tensions with Russia.
Regardless, it is unlikely that de-escalation will take place over the next several months especially if the comments around some of these attacks acting as “test runs” are accurate. European security practitioners should understand this dynamic and be aware of Russia’s increased hostilities and prepare themselves and their businesses accordingly.
New bipartisan bill would study AI’s impact on banking and housing.
The News.
A new bill, known as the Responsible Artificial Intelligence (AI) Disclosure Act of 2024, has been introduced to the House, and it would commission studies on the use of AI in the banking and housing sectors. This bill, which has bipartisan support, was introduced in response to lawmakers expressing concerns regarding how algorithmic price fixing and commercial misconduct are enabled by these new technologies. More specifically, the bill would look into how banks use AI in property valuations, loan underwriting, debt collection, and mortgage issuance, and how fair they’re being when it comes to extending credit. Through this bill, studies would be commissioned by the Federal Reserve, the Securities and Exchange Commission, and the Department of Housing and Urban Development among others.
Representative Maxine Waters commented on the bill after its introduction stating that “[AI] is growing rapidly, and people across America are already seeing its use in our nation’s housing and financial services sectors, with impacts on mortgage lending, credit scoring, and more.”
The Knowledge.
This bill has emerged in response to growing concerns that the banking and housing industries have been using these emerging technologies to gain unfair advantages over consumers. These studies would mark another instance where federal authorities have begun to address these concerns. In August earlier this year, the Department of Justice (DOJ) also began addressing these problems when they filed a lawsuit against RealPage, a property management software company.
In this lawsuit, the DOJ along with the Attorney Generals of North Carolina, California, Colorado, Connecticut, Minnesota, Oregon, Tennessee, and Washington alleged that RealPage utilized an unlawful algorithmic pricing scheme to take advantage of renters. For greater context, this lawsuit alleged that RealPage used contracts with landlords to gather nonpublic, competitively sensitive information to help train and run the company’s algorithmic pricing software, which in turn, generated recommendations on rental pricing, lease lengths, and other terms. The DOJ argued that this scheme and its collected data allowed RealPage to maintain a monopoly in the commercial revenue management software market. Aside from seeking to end this scheme, the DOJ is also seeking to restore competition in this business sector.
The Impact.
While this latest bill has yet to be passed and the lawsuit with RealPage is still ongoing, these instances mark the federal government’s growing attention to how AI is being utilized by private entities. Even if federal authorities do not get their desired outcome, these instances are representative of the growing pressures on the government to reign in algorithms and how they are used often at the expense of consumers.
While it is unlikely that consumers will see drastic changes in how AI is managed over the coming year, pressure is continuing to mount on the federal government to comprehensively address AI. Furthermore, given the strong emphasis placed on managing AI, it is likely that the incoming administration and new Congress will make AI legislation a top priority in 2025 whether that be through passing legislation or through executive actions.
Highlighting Key Conversations.
In this week’s Caveat Podcast, our team met with Pavlina Pavlova, a fellow with New America and a Cybercrime Expert at the UN Office on Drugs and Crime, to discuss her recent research. Throughout this conversation, our team and Pavlina talked about what is needed to shift the conversation in tech and how this shift can incorporate a greater emphasis on addressing gender-specific harms and how to promote a safer and more inclusive digital environment.
Like what you read and curious about the conversation? Head over to the Caveat Podcast for the full scoop and additional compelling insights. Our Caveat Podcast is a weekly show where we discuss topics related to surveillance, digital privacy, cybersecurity law, and policy. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you.
Other Noteworthy Stories.
Canada sues Google regarding control over online advertising.
What: Canada’s antitrust watchdog filed a lawsuit against Google over its alleged anticompetitive conduct in online advertisements.
Why: Last Thursday, Canada’s Competition Bureau filed a lawsuit that aims to have Google sell off two of its advertisement tech services as well as pay a penalty regarding the company’s alleged unlawful behavior. More specifically, the Competition Bureau aims to force Google to sell DoubleClick for Publishers, its publisher ad server, and AdX, its ad exchange services. Canada is arguing that Google’s dominance over the digital advertising space has discouraged rival companies from competing, inhibiting innovation and inflating costs. Matthew Boswell, the Commissioner of the Bureau, stated “Google has abused its dominant position in online advertising in Canada by engaging in conduct that locks market participants into using its own ad tech tools, excluding competitors, and distorting the competitive process.”
The lawsuit now heads to the Competition Tribunal, which will hear the case.
Australia passes social media ban for people under sixteen.
What: The Australian Senate passed a social media ban barring children under sixteen from using specific online platforms.
Why: Last Thursday, the Australian Senate passed legislation that would bar minors under sixteen from using the following social media platforms: Instagram, TikTok, Snapchat, Facebook, X, and Reddit. With this law, the listed platforms would be responsible for enforcing the restriction and will have one year to be compliant or face fines of up to $32 million. Australian Prime Minister, Anthony Albanese, stated that “we want Australian children to have a childhood, and we want parents to know the government is in their corner” when speaking about the bill. The Prime Minister continued stating that “this is a landmark reform.”
While some have argued that the ban fails to consider the positive traits of social media and is too stringent, the bill passed with support from both the Australian Labor Party and the Liberal Party.
US issues new restrictions on chip manufacturing exports to China.
What: The Biden administration has issued new restrictions that will limit exports of semiconductor chips and equipment to China.
Why: On Monday, the Biden administration implemented new export restrictions on over one hundred Chinese chipmaking tool manufacturers by placing them on the restricted trade list. This restriction will prohibit US companies from sending them equipment without explicit permission. Additionally, these restrictions will also block the sales of certain chips, called “high-bandwidth memory” chips, which are considered critical to artificial intelligence training.
Commerce Secretary Gina Raimondo commented on these restrictions stating that these new restrictions are aiming to impair China’s “ability to indigenize the production of advanced technologies that pose a risk to our national security.”