At a glance.
- EU prepares for new regulations for smart devices.
- Executive order calls for increased regulation of foreign tech investment.
- Social media leaders remain tight-lipped about security practices.
EU prepares for new regulations for smart devices.
EU lawmakers have issued a draft of a proposed set of security rules for producers of smart devices called the Cyber Resilience Act. TechCrunch explains that the regulation would introduce mandatory cybersecurity requirements throughout the life cycle of IoT products sold in the EU, and requires manufacturers to provide consumers with “sufficient and accurate information” about the security of the devices at the point of purchase. Those found in non-compliance could face penalties of up to €15M or 2.5% of worldwide annual turnover (whichever is higher). In a press release the European Commission stated, ”The new rules will rebalance responsibility towards manufacturers, who must ensure conformity with security requirements of products with digital elements that are made available on the EU market. As a result, they will benefit consumers and citizens, as well as businesses using digital products, by enhancing the transparency of the security properties and promoting trust in products with digital elements, as well as by ensuring better protection of their fundamental rights, such as privacy and data protection.” The proposed legislation would require manufacturers to demonstrate fulfillment of the regulation’s requirements either through self-assessment or by a third-party conformity assessment “depending on the criticality of the product in question.’ The European Parliament and Council will now examine the draft and have the opportunity to propose amendments before it becomes law.
Executive order calls for increased regulation of foreign tech investment. Social media leaders remain tight-lipped about security practices.
The White House issued an executive order yesterday ordering the Committee on Foreign Investments (CFIUS) to increase their scrutiny of financial deals that could endanger US supply chains and personal data. More specifically, the panel is being asked to deepen its focus on deals that could allow adversaries access to critical manufacturing capabilities, mineral resources, or technologies. Though the EO falls short of mentioning any foreign countries specifically, the EO calls for CFIUS to look for cases where a foreign company or country is trying to acquire multiple firms within a sector and minority investments by foreigners via venture-capital funds, an activity some officials say China has been undertaking. White House’s accompanying explanation discusses the risks presented by investors from “competitor or adversary nations.” An official told the Wall Street Journal, “Foreign investment is key to supporting American workers, businesses and growth in the United States. But…some countries exploit our open investment ecosystem to further their own national security priorities in ways that are directly contradictory to our values and interests.” When asked for comment on the EO, the Chinese embassy in Washington pointed to Ambassador Qin Gang’s recent remarks that US-China interests are “intertwined.”
Social media leaders remain tight-lipped about security practices.
On Wednesday executives from social media giants TikTok, Meta, Twitter, and YouTube testified at a Senate Homeland Security Committee hearing focused on the impact of social media on national security. The execs were asked to discuss decent data privacy issues the platforms have experienced, and as TechCrunch notes, the representatives were less than forthcoming when it came to answering the committee’s questions. Though the companies were asked to disclose the number of employees dedicated to trust and safety, most declined to answer. Committee Chair Sen. Gary Peters commented, “We’ve been trying to get this information for a long time. This is why we get so frustrated.” The executives also neglected to answer questions regarding safety of non-English language content and non-US users, another area of concern given fears of adversaries using such platforms to spread foreign influence. In his recent allegations, Twitter whistleblower Peiter “Mudge” Zatko said that half of the content flagged for review on the platform is in non-English languages, and Facebook whistleblower Frances Haugen noted that only 9% of Facebook users speak English, though 87% of its misinformation spending is devoted to English language moderation. It was TikTok COO Vanessa Pappas’s first time testifying, and she was as reticent as her predecessors, especially when questioned about TikTok’s well-known ties to China. At the conclusion of the hearing, Peters stated, “I’ll be honest, I’m frustrated that… all of you [who] have a prominent seat at the table when these business decisions are made were not more prepared to speak to specifics about your product development process, even when you are specifically asked if you would bring specific numbers to us today.”