At a glance.
- A skirmish in the Crypto Wars.
- Germany asks the EU to sanction Russian cyber operators.
- US money may go to domestic semiconductor manufacturing.
- Businesses seek to delay implementation of CCPA regulations.
- Hong Kong and China's national security law.
A skirmish in the Crypto Wars.
In what the Washington Post sees as a shift in the EARN-IT Act skirmish in the Crypto Wars, Reuters reports that members of the US Congress are seeking information on a 2015 backdoor incident at Juniper Networks. While Senator Wyden, Democrat of Oregon, has been prominently mentioned among the pro-crytpo lawmakers engaged in the inquiry, it’s a bipartisan move. Senator Wyden (of the Intelligence Committee) was joined by his Utah Republican colleague Mike Lee (of the Judiciary Committee) in a letter sent this Tuesday to Juniper Networks CEO Rami Rahim. They’re interested in what Juniper learned after it found what the networking shop called “unauthorized code” in its NetScreen security software in 2015. It was reported at the time that what they found was an NSA-designed backdoor. The FBI investigated, but the results of their inquiry haven’t been made public.
The other incident that’s prompted a revival of this particular contest is the Motherboard account, published earlier this week, of Facebook’s development of an exploit that enabled the FBI to make an arrest in a notorious case of child stalking and exploitation. Facebook and other Big Tech companies have resisted the Justice Depatment’s push for what Justice characterizes as responsible security, which is to say security systems that would permit some form of access to systems involved in criminal or national security investigations. The Washington Post characterizes the effect of the news like this: “It’s a rare public example of how law enforcement can use lawful hacking to gather incriminating evidence. It also helps beat back claims that police need backdoor access to encrypted communications for that information, which cybersecurity pros say would make everyone more vulnerable to malicious hacking.”
Germany asks the EU to sanction Russian cyber operators.
The Wall Street Journal has an update on the background to Germany's request that the European Union sanction those responsible for a 2015 cyber incursion into the Bundestag's networks during which more than 16 gigabytes of data were stolen. Berlin has named only one individual in the hack, Dmitri Badin, a Russian national regarded as having worked on behalf of the GRU, and whom Federal prosecutors in both Germany and US have indicted.
Sanctions, if imposed, would restrict travel in the EU and freeze any funds held there, but it's unclear what sort of effect this would have on a relatively low-ranking individual like Mr. Badin. He's unlikely to do much traveling (although Russian hackers have been collared when they've decided they'd rather honeymoon in a vacation destination abroad as opposed to, say, singing karaoke in Chelyabinsk) and he probably doesn't do much banking in Rotterdam, either. The Journal quotes intelligence expert Stefan Tanase of the Copenhagen-based CSIS Security Group A/S as saying “The operators of these attacks don’t travel, they stay at home and enjoy the full protection of their country. Slapping them with sanctions is like receiving a medal.”
But there's also a sense that the political signaling is important, and Berlin thinks hacking the Bundestag is a serious matter. They'll need unanimity among the twenty-seven European national governments to pass the sanctions, and that may be difficult to achieve.
Seed money for semi-conductor foundries.
A bipartisan group in the US Congress yesterday proposed appropriating $22.8 billion in aid for the domestic semiconductor industry, Reuters reports. The funding would serve further US disengagement from China's tech industry.
Businesses seek a delay in implementation of California Consumer Privacy Act regulations.
Businesses tell California's Attorney General that July 1st is too soon for the AG's regulatory implementation of the California Consumer Privacy Act (CCPA). Bloomberg sketches their position, which has some academic support: CCPA is a compliance nightmare, or at least "a headache," and implementation at the beginning of next month doesn't give businesses enough time to understand and comply with the new regulations.
Life in Hong Kong.
The Global Times reports that the new national security law for Hong Kong is only about a month away. The measure is widely regarded as marking the end of the one-nation, two-systems arrangement that's prevailed since the UK handed Hong Kong over to Chinese rule in 1997. The new, harder line is already being felt. Zoom cancelled accounts of two US-based critics of the Chinese regime "to comply with local law" (that is, Chinese law) Axios writes. According to the Washington Post, Zoom has come under widespread criticism for knuckling under to Beijing's censorship surrounding discussions of Hong Kong's future.