At a glance.
- CFIUS expands jurisdiction over access to data.
- US DoE grant supports development of cybersecurity for electric vehicle charging station.
- Nothing new in the Crypto Wars.
CFIUS codifies expanded jurisdiction over foreign access to US data.
Cooley reports that tomorrow, personal information will become a “strategic asset” under a Committee on Foreign Investment in the United States (CFIUS) final rule. With the aim of protecting national security and the side effect of hampering US industries, the regulation will enact new restrictions on international transactions. CFIUS has acted to protect US residents’ medical, financial, location, and biometric data in the past, preventing Beijing’s purchase of MoneyGram two years ago, for instance. Under the authority of the 2018 Foreign Investment Risk Review Modernization Act, the new rule systematizes CFIUS’s oversight of foreign “use, development, acquisition, safekeeping or release” of such data. Cooley warns of a “chilling effect” on external interest in US data-oriented enterprises.
US Department of Energy grant supports electric vehicle charging station cybersecurity.
The US Department of Energy (DOE) granted US state of Michigan R&D firm The Dream Team nearly $5 million to bolster electric vehicle (EV) and charging station cybersecurity, according to the American Center for Mobility (ACM). An industry match donation brings over $2 million more to the “first-of-its-kind” project, which will safeguard current systems as well nascent dynamic wireless technology. The Dream Team said this is the “perfect time” to protect the grid from emerging IoT vulnerabilities brought by nextgen transportation and the melding of energy and auto industries. The state of Michigan, ACM, Wayne State University, University of Michigan - Dearborn, DTE Energy, and NextEnergy are also partnering on the initiative.
Latest move in the Crypto Wars fails to gain ground from the opposition.
Yesterday the CyberWire Pro Policy reported on an international call for backdoors. Today, stakeholders react. Amsterdam’s TNW calls the proposal “idiotic” and raises concerns about New Delhi’s deficient legal oversight of police surveillance. Information Security Buzz quotes a Synopsys CyRC expert as saying weakening encryption diminishes our ability to authenticate identities, government-ordered backdoors open just the same for cybercriminals, and global variety in privacy laws is cause for pause. SC Media points out that this is the first time Japan and India have joined the decades-long conversation, while reflecting that the Statement does “not include any new arguments.” They position vulnerable groups, commercial interests, and security experts on one side of the debate, and law enforcement on the other, claiming the latter has plenty of other avenues for surveillance, and the former are not likely to budge with an election pending.
Ryan Polk, Senior Policy Advisor at the Internet Society, sent us comments on the proposal to install what amount to backdoors. It's representative of the pro-encryption side in the Crypto Wars, and worth quoting in full.
"Rehashing time-worn arguments, law enforcement officials of member countries of the “Five-Eyes” intelligence alliance, plus India and Japan, last weekend called on companies to create backdoors to their encrypted devices and services to provide law enforcement with exceptional access. The Internet Society, Global Partners Digital, and the Center for Democracy & Technology (CDT), members of the Steering Committee of the Global Encryption Coalition, issued the following joint statement:
"The Five Eyes(+) statement is yet another in a long line of ill-considered attempts to undermine use of end-to-end encrypted communications, which would have devastating consequences to the security of people and countries worldwide. While this time the Five Eyes were joined by the governments of Japan and India, their position remains incompatible with the technical reality of encryption.
"End-to-end encryption keeps communications confidential between the sender and receiver. This way, no third party can access the communications, including the company providing the service. Encryption also protects information stored on computers, cellular telephones, and other digital devices, and helps ensure that if the device is lost or stolen the information on the device is protected.
"Public safety can be protected without compromising privacy and cybersecurity, but not by undermining encryption. There is no encryption backdoor that only the good guys can access, and the bad guys cannot. The same backdoor placed in a system or a device for use by law enforcement could be exploited by criminals, putting everyone on that service at greater risk of harm and reducing safety of users. Forcing companies to build backdoors or preventing them from implementing end-to-end encryption on their products or services puts the safety of all their users at greater risk.
"With public health measures to combat COVID-19, the stakes are higher than ever. Individuals are increasingly reliant on Internet-based communications to conduct their daily lives. People rely on encryption to protect banking transactions, telehealth, and online purchases, in addition to connecting with friends and family. End-to-end encryption also “serves a vital purpose in repressive states to protect journalists, human rights defenders and other vulnerable people,” as noted by the Five-Eyes(+) in their statement.
"At a time when people need digital security more than ever, governments should support end-to-end encryption as the most effective way to ensure the personal security of billions of people and the national security of nations around the world."
Polk called the governments' arguments "time-worn," and indeed both sides' positions are as they seem to stand familiar, long-rehearsed, and probably irreconcilable.