At a glance.
- Contact tracing and privacy.
- Remote sessions of the US Congress and the UK's Parliament?
- CISA reacts to FCC decision on releasing L-band.
- GAO recommends cybersecurity measures to US State Department.
- Computer Fraud and Abuse Act will get US Supreme Court review.
- Britain's NCSC's action against COVID-19 scams.
- Australia's ACSC also working against COVID-19 fraud.
Contact tracing raises privacy concerns.
Foreign Policy thinks the swiftness with which norms and expectations have shifted under the pressure of the pandemic make the time right for a "digital bill of rights," and ideally an international one, that would serve as a barrier to further erosion of privacy.
Some have seen contact tracing as just another front in the privacy wars (the other being crypto). The French government has asked Apple to relax its products' Bluetooth privacy protections, ZDNet reports, because they're making it difficult for the government to deploy a contact tracing system it hopes to deploy by May 11th.
US Congress wary of remote sessions. UK Parliament considering partially virtual sessions to facilitate social distancing.
The US Congress has been unable to reach a consensus on whether to adopt rules that would facilitate remote sessions. The Washington Post reports that the two major parties are divided on the issue, with the Democrats generally favoring telesessions and the Republicans exhibiting more skepticism. In the UK, the Guardian says that Parliament is expected to approve "virtual sessions: up to one-hundred-twenty MPs would participate by Zoom, and up to fifty would sit (physically) in the chamber. (What the other four-hundred-ninety MPs would do is unclear). Some applaud the move as modernization that will suppress "boorish" traditions like backbench heckling, others wonder how they'll get the Speaker's attention when he can't see them "bob," and others are concerned that some of the energy that forces ministers to explain themselves will be lacking.
CISA's reaction to the FCC action on GPS spectrum.
The US Cybersecurity and Infrastructure Security Agency (CISA) this afternoon emailed the following statement on the Federal Communication Commission (FCC) decision to make the L-band portion of the spectrum available to Ligado Networks for 5G uses.
“The Department of Homeland Security recommended the FCC deny the Ligado license and remains concerned that an approval creates a high degree of uncertainty for our public and private sector partners, many of whom- along with the Departments of Homeland Security, Defense and Transportation, rely on precise and uninterrupted Positioning, Navigation and Timing (PNT) data from the Global Positioning System (GPS) to ensure the security and resilience of their infrastructure. Our critical infrastructure partners across the public and private sectors have similar dependence on PNT and GPS for the security and resilience of their operations.
"If the FCC moves forward with its proposed action on Ligado, we will work with our partners to ensure procedures are in place to identify interference with GPS and rapidly implement mitigation measures while supporting the domestic deployment of 5G.
"DHS will continue to work to manage risk to GPS receivers and promote the responsible use of PNT, in accordance with the President’s Executive Order.”
C4ISRNet reported that the FCC unanimously voted to grant access to the L-band yesterday. The US Department of Defense has for years opposed releasing the L-band, and it had the Department of Homeland Security on its side. The Department of Justice generally favored Ligado's request. As the email from CISA suggests, the task will now be to find ways of securing the availability of GPS signals.
US GAO recommends cybersecurity improvements to State Department.
A regular Government Accountability Office study proposed four improvements to cybersecurity at the US Department of State.
- "To complete the appropriate assignment of codes to their positions performing IT, cybersecurity, or cyber-related functions, in accordance with the requirements of the Federal Cybersecurity Workforce Assessment Act of 2015, the Secretary of State should take steps to review the assignment of the "000" code to any positions in the department in the 2210 IT management occupational series, assign the appropriate NICE framework work role codes, and assess the accuracy of position descriptions."
- "The Secretary of State should establish and document a process for coordination between cybersecurity risk management and enterprise risk management functions."
- "The Secretary of State should determine which of the unimplemented reform projects included in its fiscal year 2019 Congressional Budget Justification, if any, should be implemented and communicate this determination to Congress and appropriate State personnel."
- "The Secretary of State should establish a single dedicated team to manage the implementation of all reform efforts that the Secretary decides to pursue."
The State Department concurred with all four recommendations.
US Supreme Court will hear CFAA case.
Reuters reports that the US Supreme Court has agreed to hear a case that has the potential to limit the scope of the Computer Fraud and Abuse Act. The law prohibits accessing a computer without authorization, or exceeding your authorized level of access. The appellant, a former police officer in the US state of Georgia, claims he was authorized to access the information that he obtained. His motive in running a licence plate was to assist an acquaintance who offered the police officer $6000 to run a license plate to see if an exotic dancer was in fact really an undercover cop. The former officer, Nathan Van Buren, maintains that, whatever his purpose in doing so, he was still authorized to access the data necessary to run a plate. His motive, he argues, is irrelevant. The outcome of the case could limit expansive use of CFAA in both criminal and civil proceedings.
UK's NCSC takes down COVID-19 scammers, urges citizens to report fraud.
The UK's National Cyber Security Centre (NCSC) is urging people to report the COVID-19 related scam emails they've received. The agency has established an online reporting portal to make the process simpler and more convenient. The NCSC has, according to ZDNet, taken down more than two-thousand online scams related to the pandemic, "including 471 fake online shops selling fraudulent coronavirus-related items, 555 malware distribution sites, 200 phishing sites and 832 advance-fee frauds."
Australian Cyber Security Centre also working to disrupt COVID-19 fraud.
The Australian Cyber Security Centre's regular Threat update: COVID-19 malicious cyber activity outlines a set of problems similar to those seen in the UK and elsewhere. Since March 10th, ACSC has received roughly two reports a day of Australians losing money to coronavirus-themed online scams, and note that these are actual losses, not mere attempts. With their private-sector partners (including Google and Microsoft) ACSC has "disrupted" more than one-hundred-fifty COVID-19-themed websites that had been engaged in malicious activity.