Cyber Week in Review: November 20, 2015

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

• The encryption debate, which had died down since the White House announced it would not pursue a legislative mandate to require communications providers to maintain an ability to decrypt communications, is back in the news in light of the Paris attacks. The debate was sparked in part by a New York Times report quoting anonymous French officials that alleged the perpetrators had used encryption tools to plan their attack, but was later retracted. That didn’t stop some U.S. members of Congress to rail against encryption by default, despite any publically available evidence that encryption thwarted authorities’ ability the disrupt the plot. In fact, it was an unencrypted phone found in a dumpster next to the Bataclan concert hall that led French police to find the attack’s ringleader in rowhouse outside of Paris. This isn’t to say that the so-called Islamic State and its ilk don’t use encryption tools like everyone else--they are known to use Telegram and their own software. But there’s no publically-available evidence that it has been a hindrance in disrupting terrorist activity. The lack of resources or manpower may be the bigger problem given that many of the Paris attackers and those who attacked Charlie Hebdo and Hyper Casher in January were known to the authorities.
• Following last week’s terrorist attacks in Paris, individuals associated with the Anonymous hacktivist group announced they would be stepping up their year-long campaign against social media accounts and websites affiliated with the Islamic State. Aiming to completely eliminate the Islamic State’s online presence, Anonymous has worked to identify social media accounts and IP addresses affiliated with the terrorist organization and report them to the relevant companies, who then take them offline. Or, at least, they usually do: members of Anonymous expressed anger at content-distribution service provider CloudFlare, saying the company was helping protect pro-Islamic State websites. CloudFlare’s CEO responded that it’s not his job to determine what online content doesn’t deserve free speech protections. Some critics have questioned the efficacy of the Anonymous efforts, arguing that terrorists’ online presence is a valuable source of information for intelligence officials working to fight those groups. This summer, the United States Air Force revealed that it was able to track the location of an Islamic State base using social media posts, bombing the target less than twenty-four hours after the posts first went online.
• Meeting in Turkey this week, leaders of the G20 affirmed a commitment to not conduct or support cyber-enabled theft of intellectual property with the intent of providing competitive advantages to domestic businesses. The wording of the agreement closely matches the language used in similar agreements between China and the United States, United Kingdom, and Germany. While some commentators have called the G20 statement “pointless,” it’s another step closer to global recognition of an international norm the United States has been promoting that would create a distinction between cyber-enabled espionage for political and commercial reasons.
• It emerged this week that Australia and Canada will be revising their respective cybersecurity strategies. According to IT News, Australian Prime Minister Malcolm Turnbull was unhappy with a new draft cybersecurity strategy developed by his predecessor Tony Abbott and ordered civil servants "back to the drawing board." The Australian government was originally looking to update it’s 2008 strategy before the end of the year, but given the new review, that seems unlikely. For its part, Canada’s new prime minister, Justin Trudeau, has requested that his minister in charge for cybersecurity conduct a whole-of-government review of existing measures to protect Canadians and the country’s critical infrastructure from cyber threats.