At a glance.
- US NCSC warns of election influence threats.
- EU mulls the future of Huawei in the continent's infrastructure.
- Big Tech will testify before the US Congress on Wednesday.
- Senate version of the US National Defense Authorization Act would require state-level cybersecurity coordinators.
- No post-Privacy Shield grace period.
Election interference warning sounded.
The director of the US National Counterintelligence and Security Center warned late Friday that a number of state and non-state actors are actively working to influence the 2020 US elections, the Voice of America reports. Director William Evanina said that, while Russia, China, and Iran are all active, and are the best known threats, other players are working on the elections as well.
One risk to the conduct of US elections, the Verge reports, is the prospect of phishing attacks on local election officials. Their report is based on a study by Area 1 Security, which rummaged through the many local election authorities and found their security wanting, particularly with respect to the mom-and-pop style of email security so often found in local jurisdictions. The US voting system is highly decentralized, with decisions by state and local authorities having significant consequences for the effective and secure conduct of elections.
Huawei or the highway.
France clarifies that it's not banning Huawei, but simply phasing its equipment out, Bloomberg reports (via the Press Herald). That will strike many as a distinction without a difference. A Wall Street Journal editorial sees Germany's as the next government likely to struggle with its willingness to accept whatever risk Huawei may present.
A European Commission report issued Friday looked at the EU's progress implementing the joint EU toolbox of mitigations, agreed by the Member States and endorsed by a Commission Communication this past January. The report concludes that: "Progress is urgently needed to mitigate the risk of dependency on high-risk suppliers, also with a view to reducing dependencies at Union level. This should be based on a thorough inventory of the networks' supply chain and implies monitoring the evolution of the situation." As EuroNews reports, the Commission thinks that Nokia and Ericsson are fully capable of providing the EU everything it needs to build out a 5G infrastructure should Huawei eventually be excluded from the continent.
Big Tech preps for an appearance before Congress.
With hearings postponed until Wednesday, POLITICO reports (the US Congress is observing the passing of Representative John Lewis, who now lies in state in the Capitol), Microsoft, Facebook, Google, and Amazon executives are preparing for their testimony on anti-trust issues. The hearings are widely expected to be uncomfortable for the companies, although perhaps not as bad as the Telegraph (which compares them to the 1994 tobacco industry hearings, which proved a watershed in official attitudes toward smoking and the sale of smokes) seems to think. The hearings may well extend to the influence of social media in US political life, especially as, according to Seeking Alpha, both Democratic and Republican Presidential campaigns have recently found much to criticize in social media.
US Senate passes its version of the National Defense Authorization Act.
Last week the US Senate passed its version of the 2021 National Defense Authorization Act. The bill included an amendment sponsored by Senators Rob Portman (Republican of Ohio), Maggie Hassan (Democrat of New Hampshire), John Cornyn (Republican of Texas), and Gary Peters (Democrat of Michigan) that incorporated a requirement that the Department of Homeland Security establish a Cybersecurity State Coordinator in each state. The bill will now be reconciled, in conference, with the House version.
No Privacy Shield grace period, post-Schrems II European Court of Justice decision.
The European Data Protection Board warned organizations not to expect a grace period following the European Court of Justice's July 16th ruling that overturned Privacy Shield. Privacy Shield had governed data transfers between the EU and the US; that regulatory agreement is now effectively gone. TechCrunch says, "The EU-U.S. Privacy Shield is dead, and any companies still relying on it to authorize transfers of EU citizens’ personal data are doing so illegally is the top-line message." Neither Standard Contractual Clauses (SCCs) nor Binding Corporate Rules (BCRs) were in principle invalidated by the Court's decision in Schrems II, but organizations exporting data under either of those measures should conduct an immediate, "up-front assessment" to determine the legality of any transfers. There clearly remains room for litigation, but organizations that handle European protected personal data would do well not to sleep on compliance.