At a glance.
- Database leaked from Chinese government contractor holds millions of foreigners' personal information.
- ByteDance seeks a solution short of sale for TikTok.
- Huawei effectively excluded from Canadian 5G infrastructure.
- Facebook calls for more regulation of itself and its tech peers.
Collection, or just market intelligence?
Probably collection. The Australian Broadcasting Corporation has obtained what appears to be a leaked database showing individuals against whom Chinese intelligence services is developing detailed target profiles. Some twenty-four-million people are on a list maintained by Shenzhen-based Zhenhua Data, believed to be a Ministry of State Security contractor.
The Washington Post’s account of the database focuses on collection of social media posts and other open source intelligence on US military, diplomatic, and government personnel. The Post puts the take at some two-million individuals, an order of magnitude less than ABC’s tally, but then the Post may be counting only the Americans who were targets. ABC explicitly calls out all Five Eyes--Australia, Canada, New Zealand, the United Kingdom, and the United States--as well as Malaysia, as figuring among the countries targeted.
The database is called the OKIDB, for “Overseas Key Information Database,” and it claims to offer insight into the individuals who figure in it, as well as information about their families. The Post observes that the material may be relatively old, and that it’s not entirely clear that it’s being used by the Ministry of State Security, but that in any case Zhenhua Data calls itself “a patriotic company” and numbers Chinese military and government agencies among its customers. Zhenhua Data’s product may be an aspirational one they hope to sell, or it may be in use.
ByteDance and Oracle's "trusted tech partnership:" will it pass CFIUS muster?
Microsoft announced yesterday that ByteDance had turned down Redmond's offer to buy TikTok's US operations. Oracle is the apparent winner in the competition for some form of control over TikTok in the US, but such control would appear to be more along the lines of a partnership structured to allay US security concerns than it would be an outright purchase, according to the Wall Street Journal. Computing says that ByteDance has "no interest" in selling the social media platform. The Committee on Foreign Investment in the United States will now review the proposed "trusted tech partnership" to see if it meets the requirements of the relevant Executive Order. (In any case, algorithms sold separately.)
Neal Dennis, threat intelligence specialist at Cyware sent us comments this morning on the development. "Absent additional details, it's difficult to tell just what Oracle's and Bytedances' plans really are. Oracle as a "technology partner" might do little to secure the overall app itself. Without access to the source code, or at least some ability to include code audits, or the ability to fully moderate and manage actual content on the platform, China will still have a vehicle to push their own media agendas and potential malware. Yes, there will be more control on actual user data and how it's secured inside the U.S. but this seems to have little bite in the overall security of the app. Until more details are made clear, there's not much more to be said."
For its part, according to Reuters, the Chinese government would rather see TikTok shut down than see it sold to a US firm.
Huawei appears effectively excluded from all Five Eyes' coming 5G infrastructure.
The other Five Eyes (Canada, New Zealand, and the United Kingdom) haven't been as directly confrontational as their Australian and American cousins, but they seem to have arrived at a similar place with respect to Huawei's participation in their 5G infrastructure. The Economic Times reports that Canada, the last remaining Eye to have refrained from a formal ban, has effectively excluded Huawei by slow-rolling its decision. The country's major wireless carriers have opted for equipment built by Sweden's Ericsson or Finland's Nokia Oyj.
Regulate me, quick...
Facebook has published its views on the sort of regulation the tech sector, and in particular social networks, need. "Every day we make decisions about what speech is harmful, what constitutes political advertising, and how to prevent sophisticated cyberattacks. These are important for keeping our community safe. But if we were starting from scratch, we wouldn’t ask companies to make these judgments alone," the post reads in part as it introduces a plea for the sort of controls Menlo Park would like to see governments implement. Facebook CEO Mark Zuckerberg argues that "we need new regulation in four areas: harmful content, election integrity, privacy and data portability." This is a long-term interest that it would be facile to dismiss this as so much rent-seeking. Social networks have long occupied a comfortable middle ground between public square and publisher, getting the best of both worlds, but that space has grown increasingly uncomfortable, and it's that growing discomfort from which Facebook would like to see some relief in the form of regulatory and legislative clarity. See this WIRED essay for an example of the kind of heat that warming the social network's seat.