Cyber Week in Review: March 23, 2018

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. One, two, three, four. I declare a trade war. U.S. President Donald J. Trump announced he would slap tariffs on roughly $60 billion-worth of Chinese imports to the United States in response to perceived unfair Chinese trade practices in the tech sector. For years, U.S. industry has complained about Chinese government policies that require U.S. firms to transfer technology to local firms through joint ventures, Chinese firms' easy access to capital, and state-sponsored cyber espionage for commercial gain. In a report justifying the tariffs, the Trump administration asserts that China has not lived up to the 2015 Obama-Xi cyber agreement and points to previously unknown instances in 2011 and 2012 where a Chinese state-owned oil company tasked the People's Liberation Army to target a U.S. company for intelligence collection. The Trump administration is expected to release a list of goods it will target within the next two weeks. Expect a lot of lobbying from the tech giants to ensure their products are exempt. China announced that it would respond with its own tariffs targeting U.S. agricultural products and would lodge a complaint at the World Trade Organization. 

2. Is my thesis worthy enough to be stolen? The U.S. government accused nine employees and contractors of the Manba Institute, an Iranian company, of a long-term and massive cyber espionage campaign that allegedly pilfered intellectual property and research from over 22 universities in over twenty-two countries. According to an indictment unsealed today, Manba exfiltrated at least thirty-one terabytes of data such as journals, theses, dissertations, and e-books from over 144 U.S. universities at the behest of the Iranian Revolutionary Guard Corps, Iranian universities, and individual clients who purchased the stolen goods. The Treasury department also sanctioned the company and individuals named in the indictment, preventing them from using the U.S. financial system or conducting any business with U.S. persons. Though some question the efficacy of charging people unlikely to ever step foot in a U.S. courtroom, the U.S. government sees it as a way to limit the hackers' travel, pierce any sense of anonymity state-sponsored hackers believe they have, and deter future cyber espionage. 

3. Here comes the ban hammer. Roskomnadzor, Russia's internet regulator, has given the popular messaging app Telegram fifteen days to hand over the private encryption keys of Russian users, a move that would allow Russian authorities to read their communications. Roskomnadzor recently classified Telegram as an "information disseminator" under new anti-terrorism legislation, requiring it to maintain the ability to decrypt messages for law enforcement purposes. Telegram fought the designation in court, along with an RUB800 million fine (about $14 million) but lost in a Russian supreme court ruling on Tuesday. In a tweet, founder Pavel Durov signaled that his company will not comply, setting up the possibility that the app could be banned in Russia. Telegram has over 200 million users worldwide, some 10 million of which are based in Russia.

4. Let me just slip this in here. The Clarifying Lawful Overseas Use of Data (CLOUD) Act, which would remove barriers preventing U.S. companies from complying with foreign requests for user data, was appended to a "must-pass" omnibus Congressional budget bill President Trump signed today. That means the CLOUD Act is now law, much to the delight of tech companies and the chagrin of certain privacy and civil liberties groups. Tech companies argue the bill is necessary to clarify how the U.S. government can access data held overseas (as in the Microsoft-Ireland case) and allow U.S. tech companies to comply with foreign requests for user data without going through the burdensome mutual legal assistance process. Civil liberties group argue the bill will lower the threshold by which foreign governments can request data from U.S. tech companies, weakening user privacy. Net Politics has its own assessment of the measure, which you can read here.

5. Oh, and this happened too. A string of exposés revealed how UK company Cambridge Analytica collected data from approximately 50 million Facebook accounts for use in political campaigns in the United States, Thailand, South Africa, India, Indonesia, Trinidad and Tobago, and Kenya. Expect legislative hearings on both sides of the Atlantic, regulatory action, and lawsuits. For those who haven't been on the internet all week or read a newspaper, you can get up to speed here, here, and here.