At a glance.
- A critical look at Islamabad’s new data protection bills.
- NDAA calls for independent cyber service.
- DETOUR Act cracks down on dark patterns.
- Biden administration issues plan for bolstering cyber workforce.
A critical look at Islamabad’s new data protection bills.
Like so many world governments, Pakistan is working to improve its cybersecurity regulations, and last week the country’s cabinet approved two new measures: Personal Data Protection Bill 2023 and the E-Safety Bill 2023. However, the Atlantic Council reports, some industry leaders and digital rights activists say the new laws have not taken into account public feedback on the legislation. Stakeholders are concerned the new bills’ data categories definitions are too broad, and that the rules regarding cross-border data transfers could damage the tech ecosystem. Jeff Paine, managing director of the Asia Internet Coalition, stated that data localization requirements “will limit Pakistanis’ access to many global digital services” and the legislation “creates unnecessary complexities that will increase the cost of doing business and dampen foreign investment.” As well, some stakeholders have raised concerns about the powers and make-up of the National Commission for Personal Data Protection. Uzair Younus, Director at the Pakistan Initiative and Vice President at The Asia Group, writes, “Stakeholders have long agreed that legislation and regulation governing the technology ecosystem in Pakistan is necessary. The current draft legislation, however, falls significantly short of stakeholders’ expectations.”
NDAA calls for independent cyber service.
As we noted last week, the US Senate on Thursday approved the National Defense Authorization Act (NDAA), and it contains an amendment directing the Defense Department to have the National Academy of Public Administration look into establishing a seventh, cyber-specific military service. Sponsored by Senator Kirsten Gillibrand, the measure directs the Academy to “conduct an evaluation regarding the advisability of establishing a separate Armed Force dedicated to operations in the cyber domain” and how it would “compare in performance and efficacy to the current model.”
Although some Pentagon officials worry the creation of an independent cyber service could force existing military branches to downgrade their digital initiatives, lawmakers say current efforts to improve the cyber abilities of the six existing branches, especially when it comes to training and personnel, have fallen short. The Record notes that during last week’s confirmation hearing, Senate Armed Services Committee panel chairman Jack Reed stated, “It is widely understood that our Cyber Mission Forces are struggling with readiness shortfalls caused primarily by difficulties in training and retaining personnel in key positions requiring special skills. In order to mature the cyber force and advance our nation’s capabilities to conduct cyber operations and support intelligence operations, the military services must provide qualified and trained personnel to your Command on time and at the beginning of their tours.”
DETOUR Act cracks down on dark patterns.
A bipartisan group of US lawmakers led by Senator Mark Warner last week introduced the Deceptive Experiences To Online Users Reduction (DETOUR) Act. As a press release from Warner’s team explains, the bill would “prohibit large online platforms from using deceptive user interfaces, known as “dark patterns,” to trick consumers into handing over their personal data.
The bill would also require these platforms to obtain consent from users for covered research and prohibit them from using features that result in compulsive usage by children and teens.” The Record explains that the new bill would prevent online platforms with more than 100 million active users from using interfaces that “intentionally impair user autonomy, decision-making, or choice.” For instance, these platforms could no longer divide users into groups for behavioral experiments without consent, or design tools that compel minors to use their products. As well, platforms will be required to create independent review boards to supervise their consumer privacy efforts.
It’s worth noting that Warner also co-sponsored the Kids Online Safety Act. James P. Steyer, founder and CEO of Common Sense Media, applauded the DETOUR Act, stating, “Momentum is building, in Congress and across the states, to force tech companies to reduce the serious harm to kids and teens caused by the way that these companies design and operate their platforms. The reintroduction of the DETOUR Act comes at just the right time to add another important element of protection for children and their families.”
Biden administration issues plan for bolstering cyber workforce.
The White House today released the National Cyber Workforce and Education Strategy (NCWES), a plan for addressing the nation’s cyber workforce needs. A fact sheet on the new strategy says it presents a “first-of-its-kind, comprehensive approach” to filling the nation’s hundreds of thousands of vacancies in the cyber field. According to the strategy’s guiding principles, the NCWES aims to leverage adaptable ecosystems to effect change at scale, support the lifelong development of cyber skills, and improve diversity and inclusion in the cyber workforce. For more on the Strategy, see our coverage in CyberWire Pro.