CAC revises online comment rules. Europjust hosts ransomware defense workshop. More on the White House task force on online abuse. Comment on the RSOCKS takedown.

Summary

By the CyberWire staff

At a glance.

CAC revises online comment rules.
Eurojust hosts ransomware defense workshop.
More on the White House task force on online abuse.
Comment on the RSOCKS takedown.

CAC revises online comment rules.

Last week the Cyberspace Administration of China (CAC) released a draft update to the Provisions on the Management of Internet Post Comments Services declaring that all online comments will have to be pre-reviewed before being published. As the MIT Technology Review explains, the change would impact a great range of online discussion including forum posts and replies, messages left on public message boards, and live video comments called bullet chats. The regulation in question first came into effect in 2017, and Jeremy Daum, a senior fellow at Yale Law School’s Paul Tsai China Center, explains, “The proposed revisions primarily update the current version of the comment rules to bring them into line with the language and policies of more recent authority, such as new laws on the protection of personal information, data security, and general content regulations.” Proponents see the update as another step toward full control of internet speech. Many platforms already employ or outsource work to censorship teams tasked with removing content deemed inappropriate before users can see it, and this new update could also make content creators responsible for flagging and reporting “illegal or negative” content.

Eurojust hosts ransomware defense workshop.

Over one hundred EU and US judicial experts and practitioners gathered at the Hague last week for a two-day workshop focused on fostering collaboration in battling ransomware attacks. Organized by EU judicial cooperation agency Eurojust along with the US Department of Justice, the event gave participants the opportunity to attend presentations where experts shared best practices regarding topics like transnational cooperation during ransomware investigations, victim remediation, and prosecution of criminal organizations.

Representing twenty-seven countries, attendees included attorneys from the US Justice Department's Computer Crime and Intellectual Property Section, representatives from the US Federal Bureau of Investigation, the US Secret Service, the US Homeland Security Investigations, European Judicial Cybercrime Network, Eurojust's Cybercrime Team, and Europol's European Cybercrime Centre, as well as private sector and non-governmental organization representatives from the CyberPeace institute, Microsoft, and Bitdefender. Eurojust President, Mr Ladislav Hamran stated in his opening address, “Through this week’s workshop, we are fostering closer cooperation, not only between national authorities, but also between the public and the private sector. I am convinced that this will prove crucial in our efforts to protect our citizens against online and offline threats.”

More on the US task force on online abuse.

As we noted last week, US Vice President Kamala Harris on Thursday announced the launch of a new government task force aimed at preventing online abuse. The White House notes that the group will particularly focus on protecting women, girls, and LGBTQI+ individuals, drafting a blueprint over the next one hundred eighty days on a "whole-of-government approach" to stopping "technology-facilitated, gender-based violence." The White House Gender Policy Council and National Security Council will co-chair the group, and the administration will also supply $3 million to support the initiative. The Register adds that the task force launch comes on the heels of the introduction of a bill that would ban the sale of health and location data in response to the Supreme Court's draft proposal to overturn Roe v. Wade. In her remarks, Vice President Harris addressed the connection between private data and abortion rights. "So let us be clear: No one should be afraid that an abuser will use their private personal data — or that a person's private personal data will be used against them,” she stated.

WPMI notes that critics of the task force worry it’s simply the return of the White House’s Disinformation Governance Board, which was put on pause after critics expressed concerns that the group would be used to censor speech in opposition to the administration’s agenda. The White House, however, maintains that the First Amendment does not apply to violent and threatening speech (critics see the Administration as working from an expansive definition of violent and threatening speech), and that the task force will focus on illegal content like sex abuse and online human trafficking.

RSOCKS disruption.

Elizabeth Wharton, VP, Operations at SCYTHE, commented on the criminal utility of illicit proxy servers like RSOCKS, disrupted last week by international law enforcement. "Using these devices as proxy servers is another example of how threat actors weaponize internet connected devices to evade detection. For example, by using the device as a proxy server to create a local IP address, the malicious activity will likely go undetected because it doesn’t trigger an alert. Organizations should consider placing stronger external IP address restrictions to mitigate risk."

Selected Reading

Now China wants to censor online comments (MIT Technology Review) A draft update of rules would dramatically increase the power of China’s censorship machine, but platforms will pay the price.

Video: China’s Surveillance State Is Growing Bigger and More Invasive. These Documents Reveal How. (New York Times) A Times investigation analyzing over 100,000 government bidding documents found that China’s ambition to collect digital and biological data from its citizens is more expansive and invasive than previously known.

Increasing China’s U.S. Cyber Espionage Allegations Support Internet Governance Aspirations (OODA Loop) Recently, Chinese media has published articles about a report provided by Burmese-based Anzer, a cybersecurity company that detailed alleged U.S. military and government agencies efforts to remotely steal more than 97 billion pieces of global Internet data, and 124 billion phone records in the last 30 days.

Courtney Fung on China's Role in Crafting Global Governance in Cyberspace (The Wire China) Courtney Fung talks about China crafting global governance in cyberspace through multilateral organizations such as the UN.

Is Russia-India Cyber Cooperation on the Horizon? (OODA Loop) A formalized cyber agreement between Russia and India is a logical progression for Moscow both in appearance as well as from a practical standpoint. After all, both countries are known for their technological sectors and experienced IT workforce, and both have adopted multistakeholder bases and scientific cooperation. Therefore, it comes as little surprise that the idea has long been in development, though moving toward a more concrete agreement up until recently has stalled. Russia-India interest in establishing a formal cyber cooperation relationship started in 2016 when both governments signed a “Memorandum of Understanding on Information Security” agreement during a BRICS summit.

U.S. Restraint Has Created an Unstable and Dangerous World (Foreign Policy) Decades of ignoring the menaces posed by Russia and China has led the West to a precipice.

White House pushes back against online harassment (Register) 'No one should have to endure abuse just because they are attempting to participate in society'

Readout of the White House Task Force to Address Online Harassment and Abuse Launch (The White House) Yesterday, the Gender Policy Council and National Security Council launched the White House Task Force to Address Online Harassment and Abuse. The Task

FAR updates that would mandate cyber incident reporting for contractors a year or more away (FedScoop) OMB has submitted two proposals for updating contract language to the FAR Council, which will be opened for public comment soon.

Senators seek boosts for JADC2, cyber mission, hypersonics in defense bill (Defense News) The Senate Armed Services Committee on June 16 published its summary of the annual defense bill, tackling everything from future network development to supply chain challenges, electronic warfare integration to hypersonic weapons development.

A new report by the Cyberspace Solarium Commission (Federal News Network) The national cyber workforce shortage is still a major problem. But it’s a problem that can start to be solved with the help of a new national cyber director.

Proposed SEC Rules Will Force Boards to Double Down on Cyber (BankInfoSecurity) Publicly traded companies will need to beef up their cybersecurity knowledge since the the U.S. Securities and Exchange Commission is proposing rules and guidelines

Calif. Privacy Agency Signals Strength With Rules Proposal (Law360) California's new consumer privacy agency proposed strict guardrails in its first foray into rulemaking for topics such as global opt-out signals and dark patterns that other regulators have yet to touch, with reactions from digital advertisers and other businesses expected to follow.