FTC sues data broker. The EU opens a "Tech Embassy" in Silicon Valley. US will restrict export of chips to China and Russia.

FTC sues data broker. The EU opens a "Tech Embassy" in Silicon Valley. Industry perspective on cybersecurity and US Federal acquisition policy. US will restrict export of chips to China and Russia.

Summary

By the CyberWire staff

At a glance.

FTC sues data broker.
The EU opens a "Tech Embassy" in Silicon Valley.
Industry perspective on cybersecurity and US Federal acquisition policy.
US will restrict export of chips to China and Russia.

FTC sues data broker.

The US Federal Trade Commission has filed a lawsuit against Idaho-based data broker Kochava for allegedly "selling geolocation data from hundreds of millions of mobile devices that can be used to trace the movements of individuals to and from sensitive locations." The FTC stated, "Kochava’s data can reveal people’s visits to reproductive health clinics, places of worship, homeless and domestic violence shelters, and addiction recovery facilities. The FTC alleges that by selling data tracking people, Kochava is enabling others to identify individuals and exposing them to threats of stigma, stalking, discrimination, job loss, and even physical violence. The FTC’s lawsuit seeks to halt Kochava’s sale of sensitive geolocation data and require the company to delete the sensitive geolocation information it has collected."

According to TechCrunch, Kochava said in response: "This lawsuit shows the unfortunate reality that the FTC has a fundamental misunderstanding of Kochava’s data marketplace business and other data businesses. Kochava operates consistently and proactively in compliance with all rules and laws, including those specific to privacy. Prior to the legal proceedings, Kochava took the proactive step of announcing a new capability to block geo data from sensitive locations via Privacy Block, effectively removing that data from the data marketplace, and is currently in the implementation process of adding that functionality."

The EU opens a "Tech Embassy" in Silicon Valley.

Snell & Wilmer reports that the European Union today opened a liaison office in Silicon Valley, in order to help tech companies comply with the EU's Digital Markets Act (DMA) and Digital Services Act (DSA). Snell & Wilmer notes, "The DMA and DSA will transform the regulation of digital markets in the EU, and carry significant compliance risks in light of their global reach, broad scope, and the severe penalties for violations. The new legislation also raises significant data privacy and security concerns due to, most notably, the DMA’s platform interoperability and data portability requirements."

US will restrict export of chips to China and Russia.

The US has implemented new restrictions on the sale of high-end GPUs to China and Russia, the New York Times reports. The chips in question developed by Nvidia and AMD, and are used for advanced AI processing. Protocol quotes the US Commerce Department as saying, “While we are not in a position to outline specific policy changes at this time, we are taking a comprehensive approach to implement additional actions necessary related to technologies, end-uses, and end-users to protect U.S. national security and foreign policy interests. This includes preventing China’s acquisition and use of U.S. technology in the context of its military-civil fusion program to fuel its military modernization efforts, conduct human rights abuses, and enable other malign activities.”

Industry perspective on cybersecurity and US Federal acquisition policy.

Ken Walker, President and CEO at Owl Cyber Defense, outlines in an article for Meritalk that the effect of the recently passed Supply Chain Security Training Act (SCSTA) in the US. Walker states, “SCSTA directs the General Services Administration (GSA) to develop a training program for federal employees that will help them identify and reduce agencies’ supply chain risks. Extending security responsibilities in this way is practical and necessary to widen the resource pool for tackling cyber risks, particularly given the shortage of people with hard technical skills who are battling supply chain threats.”

Selected Reading

U.S. Restricts Sales of Sophisticated Chips to China and Russia (New York Times) Limits were placed on high-end GPUs that power supercomputers and artificial intelligence, said Nvidia and AMD, two Silicon Valley chip makers.

Nvidia, AMD warned of new US export restrictions on AI chips (Protocol) The U.S. government has issued new export licensing requirements to Nvidia and AMD for export to China and Russia of the advanced GPUs used for AI.

Australia’s New Anti-Encryption Law Is Unprecedented and Undermines Global Privacy (Foundation for Economic Education) If firms don't have the power to intercept encrypted data for authorities, they will be forced to create tools to allow law enforcement or government to have access to their users’ data.

Plugging Cyber Holes in Federal Acquisition (Meritalk) By Ken Walker, President & Chief Executive Officer, Owl Cyber Defense

The European Union Opens “Tech Embassy” in Silicon Valley Ahead of New Technology Regulations (Snell & Wilmer) Snell & Wilmer is one of the largest law firms in the western Unites States.

DHS watchdog digs into uneven cyber awareness training, outdated policies (FCW) Some DHS policies and procedures aren’t up-to-date with the latest cybersecurity standards, a new report from the Office of the Inspector General at DHS says. The department, however, says that it’s taking action to mature their training program.

FTC sues Kochava for sale of people’s sensitive location data (TechCrunch) The FTC aims to prosecute Kochava based on numerous violations of the FTC Act, including those involving the unfair sale of sensitive data and consumer injury.

The FTC May (Finally) Protect Americans From Data Brokers (WIRED) The agency’s lawsuit against Kochava should squash the industry’s core defense—and help keep sensitive info off the open market.

NSA, Cyber Command mobilizing Election Security Group to fight foreign cyberattackers (The Washington Times) The National Security Agency and Cyber Command have activated their Election Security Group tasked with disrupting foreign cyberattackers aiming to hack or interfere with the upcoming midterm elections, assembling a team to combat threats coming from China, Iran and Russia.

The IRS will be more like the NSA after Biden’s changes (The Hill) President Biden and the Democrats are setting up the IRS as the next three-letter intelligence agency, with the rapid expansion of the service’s power and payroll. Changes resulting from the improp…

US Army to launch offensive cyber capabilities office (Defense News) Offensive cyber is defined as “operations intended to project power by the application of force in or through cyberspace,” according to NIST.

Army to create new offensive cyber and space program office (FedScoop) The Army will create a new offensive cyber and space program office in 2023, spinning it off from its electronic warfare portfolio, according to officials. The new colonel-led, or O-6 level, program office will be under Program Executive Office Intelligence Electronic Warfare and Sensors and will be aptly called Program […]