At a glance.
- Supreme Court will hear case related to Communications Decency Act.
- CISA directive requires federal civilian agencies to report network assets and vulnerabilities.
- FCC cracks down on service providers violating robocall rules.
Supreme Court will hear case related to Communications Decency Act.
NBC News reports that the US Supreme Court has agreed to hear a case concerning Section 230 of the Communications Decency Act, which states that internet companies can not be held responsible for transmitting content posted by others. The Washington Post explains that the plaintiffs are the family of Nohemi Gonzalez, a woman murdered in 2015 in a series of attacks carried out by militant Muslim group ISIS, and they allege that YouTube is liable for recommending videos promoting extremist Islamic State views to users. “Videos that users viewed on YouTube were the central manner in which ISIS enlisted support and recruits from areas outside the portions of Syria and Iraq which it controlled,” lawyers for the family argued in their petition. Lawyers at YouTube parent company Google say Section 230 shields the video-streaming platform from any liability. Passed in 1996, the law was created at a time when the internet was young, and in the years since it has come under much scrutiny from critics on both sides of the aisle who say that platforms like YouTube, Instagram, and Facebook forfeit their protections when employing the pervasive algorithms used to recommend videos and advertise products. The New York Times adds that the Supreme Court has also agreed to hear a second lawsuit, Twitter v. Taamneh, which questions whether the company can be liable under the Anti-Terrorism Act for the 2017 death of Jordanian citizen Nawras Alassaf during an ISIS-affiliated attack in Istanbul. Both cases stand to make a big impact in how internet companies are (or are not) held accountable for the content they distribute.
CISA directive requires federal civilian agencies to report network assets and vulnerabilities.
The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued Binding Operational Directive 23-01 - Improving Asset Visibility and Vulnerability Detection on Federal Networks. The measure establishes requirements for federal civilian agencies to better assess the assets and vulnerabilities that exist in their networks and provide this data to CISA on a regular basis. In a bulletin announcing the directive, CISA Director Jen Easterly stated, “Threat actors continue to target our nation’s critical infrastructure and government networks to exploit weaknesses within unknown, unprotected, or under-protected assets. Knowing what’s on your network is the first step for any organization to reduce risk. While this Directive applies to federal civilian agencies, we urge all organizations to adopt the guidance in this directive to gain a complete understanding of vulnerabilities that may exist on their networks. We all have a role to play in building a more cyber resilient nation.” Though the directive is required only for federal civilian agencies, CISA recommends local and state governments adhere to the requirements as well.
FCC cracks down on service providers violating robocall rules.
The Federal Communications Commission (FCC) has announced that seven voice service providers could be removed from the agency's robocall database for non-compliance with the FCC’s safeguards. “This is a new era. If a provider doesn’t meet its obligations under the law, it now faces expulsion from America’s phone networks. Fines alone aren’t enough,” FCC chairwoman Jessica Rosenworcel said in a statement accompanying the announcement. “Providers that don’t follow our rules and make it easy to scam consumers will now face swift consequences.” CyberScoop explains that robocall identification verification protocols known as “STIR/SHAKEN” went into effect this summer as part of the implementation of the 2019 Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act. The companies in question have received enforcement notices and now have two weeks to explain to the FCC why they should not be removed from the database. It’s possible similar action will be taken against companies sending SMS-based spam that also violate the STIR/SHAKEN requirements.