At a glance.
- US Senate report finds Team Telecom wanting.
- Contact-tracing apps fade?
- Final CCPA regulations submitted to California Office of Administrative Law for review.
A US Senate report measures Team Telecom and finds it wanting.
The Departments of Justice, Defense and Homeland Security since the mid-2000s have worked together in an ad hoc group, "Team Telecom," which the Federal Communications Commission (FCC) relied upon for assessments of the national security implications of foreign provision of telecommunications goods and services in the US. That process, a Senate subcommittee report said, was inadequate, and failed to deliver the sort of oversight that would have drawn attention to the issues surrounding Chinese companies' participation in US markets (and the risk of espionage that participation represented).
The staff report, "Threat to U.S. Networks: Oversight of Chinese Government-Owned Carriers," concluded that Team Telecom's performance was lackluster, and probably doomed to being ineffectual by a lack of formal authority and poor organization. "These measures were ineffective as Team Telecom lacked formal statutory authority, leaving its operations unstructured and ad hoc. Because of the lack of statutory authority, Team Telecom had no formal, written processes for reviewing applications or monitoring compliance with security agreements. The informality also resulted in protracted review periods and a process FCC commissioners described as “broken” and an “inextricable black hole” that provided “no clarity for [the] future.”
The report's conclusion recommends treating Chinese companies with a firm hand:
"It is well understood that the national security environment evolves over time. It is this constant evolution that highlights a major flaw with the FCC’s Section 214 authorizations: once authorized, a company can operate indefinitely without any oversight. Without proper oversight, foreign carriers operating in the United States can expose the United States to potential economic, national security, and law enforcement risks. The federal government has highlighted the potential risks associated with Chinese telecommunications carriers operating in the United States. Three particular carriers have been operating in the United States for approximately 20 years, without sufficient oversight from the FCC and the Executive Branch. Especially when dealing with state-owned telecommunications carriers, greater controls are needed, and the Administration and Congress must work together to ensure sufficient safeguards and oversight mechanisms are in place."
Contact-tracing apps fade, with hoped-for promise and feared problems unrealized.
Nadav Argaman, head of Israel's Shin Bet domestic security service told the Israeli cabinet that he opposed further use of his organization's surveillance technology for COVID-19 contact tracing. The AP reports that this has apparently moved the cabinet to put a hold on legislation that would have expanded such use.
Singapore hopes to supplement its contact-tracing app, TraceTogether, with a wearable device, but these plans have drawn some popular resistance. The intention is to reach populations who haven't been enrolled in Bluetooth-based TraceTogether (also tried in Australia). That app couldn't be used by those without phones, and even those with phones experienced interoperability problems, Threatpost reports. The devices would be distributed to everyone in Singapore and would amount to an equivalent of TraceTogether, but with greater reach and fewer bugs. The proposed system has prompted popular objections: some 35,000 signing a petition “Singapore says ‘No’ to wearable devices for COVID-19 contact tracing.”
Polling suggests that a narrow majority of Canadians would be in favor of making use of a contact-tracing app mandatory, but that approval would appear to be conditional upon stringent privacy protections, Ryerson University pollsters say.
Prospects for the NHSX contact-tracing app appear to be fading. The UK had planned to it roll-out nationwide after trials on the Isle of Wight, but the problems of implementing it have proven more difficult than expected. The Telegraph has a summary of why contact tracing has proven more difficult to implement in practice than theory had expected it to be. The degree to which NHSX would have shared personal data with its industry partners, prominently including big data company Palantir, had also aroused skepticism.
California's Attorney General has submitted final CCPA regulations for Office of Administrative Law review.
In some ways this is a dog that hasn't barked, since this third version doesn't materially differ from the second. The California Attorney General has submitted the final version of the California Consumer Privacy Act (CCPA) for review. As Cooley points out in their blog, the big remaining question is when the regulations will actually go into full effect. The regulations have to pass review for their compliance with the state's Administrative Procedures Act. Once they pass, the Attorney General will begin enforcing them. He's said, "Businesses have had since January 1 to comply with the law, and we are committed to enforcing it starting July 1." Businesses ought to be ready, since after all cities, counties, and private plaintiffs have been able to bring actions under the CCPA since it took effect on January 1st. Right now the AG is simply preparing for his own bite at the privacy apple.