Big Brother vs Big Tech: Porn hacks the Fed; will Biden’s “cyber-strategy” change anything?
It’s been a whirlwind week in politics and tech. President Biden launched a full-court press on national cybersecurity, data-sloppy health apps got slapped with millions of dollars in federal fines — and a digital porn-purveyor caused a Federal Reserve meeting to shut down.
Here’s the quick-and-dirty rundown on everything you need to know about tech politics this week.
U.S. cybersecurity strategy: The best defense is offense
The week’s main tech event arrived Friday when Biden unveiled his national cybersecurity strategy. The plan doesn’t offer new rules but calls out digital priorities for the Defense Department and a vast tangle of federal agencies. There are three key takeaways.
First, defenses need to be bolstered around critical infrastructure — from the U.S. water supply to oil pipelines, rail lines and power grids. Much of that work will rely on regulatory agencies to begin evaluating weaknesses, with the help of industry counterparts. Second, private software makers should face more liability for flawed software that places the onus of data privacy and general security on individual users. Third, the U.S. intends to go on the offensive with more Cyber Command disruption campaigns launched against foreign computer systems and networks. Who, exactly? Presumably China, Russia and Iran, but no specific malefactors were mentioned.
Of course the biggest hole in U.S. cyber-defenses is the government’s use of outdated technology. So IT modernization is a keystone of the Biden plan, including modernizing civilian agencies.
Chips, ahoy
With U.S. auto factories overflowing with cars they can’t finish building, consumer gadget demand falling as prices surge and national security concerns growing, the U.S. economy desperately needs an end to the years-long global computer chip shortage. That’s where Biden’s $39 billion shot-in-the-arm comes in.
Want a daily wrap-up of all the news and commentary Salon has to offer? Subscribe to our morning newsletter, Crash Course.
That sum was set aside in the CHIPS and Science Act of 2022 as a federal funding incentive aimed to spark the creation of a near nonexistent U.S. chipmaking industry. This will be a long-haul effort, made doubly necessary by supply-chain chokepoints worsened by politics.
On Tuesday, the race began for Commerce Department applicants. The first round of funds is expected to favor cybersecurity-facing companies — and chipmakers who take the money have to promise not to expand their capacity in China for at least a decade.
Data privacy: TikTok ban (not really); Dems’ post-Roe protection efforts
Lawmakers’ latest attempt to ban TikTok from all personal U.S. devices advanced another step this week in Congress. To be clear, it’s an idea that is both technologically implausible and politically infeasible.
Actual movement on data privacy came from the FTC on Thursday, when it hit the tele-therapy company BetterHelp with a $7.8 million fine for sharing sensitive patient data with advertisers, while lying to patients about it. Earlier in the week, the FTC also finalized a $1.5 million settlement from prescription e-coupon app GoodRx, which was sharing patient data with Facebook, Google and others.
These fines are barely a slap on the wrist for most companies. In a country where abortion-related internet searches are used as criminal evidence, Congress has yet to produce a privacy law barring apps from sharing users’ personally identifiable health data with subpoena-hungry tech giants. Senate Democrats began trying again on Thursday, introducing something called the (UPHOLD) Privacy Act, aimed at protecting health and online location data.
Speaking of people who aren’t completely off the hook, Mark Zuckerberg’s Cambridge Analytica nightmare may not be over yet. Meta’s lawyers said the $725 million settlement finalized last Wednesday signals the end the company’s scandal. “Not so fast,” said the state of New Mexico.
Big Brother: Can we please keep FISA?
Congress is weighing whether to once again renew the FBI and NSA’s ability to spy on U.S. citizens without a warrant.
The controversial Section 702 of the Foreign Intelligence Surveillance Act (FISA), which expires in December, lets intelligence agencies collect unknown amounts of data on Americans without ever telling them. Under the law, this is hypothetically aimed at surveillance of foreign nationals, but everyone understands that U.S. citizens’ communications are often swept up in the net for various reasons, offering the feds a backdoor into Americans’ emails, texts and data. All details and decisions about these troves of information are subject to the proceedings of FISA Court, conducted entirely in secret.
Hack reel: Porn hijack at the Fed; water supply threatened
In the face of alleged attempts by hackers to poison water supplies, the EPA issued a new mandate on Friday which requires states to take stock of their current cybersecurity defenses and begin planning upgrades.
Supposedly the FISA court can’t order the collection of Americans’ emails, texts and data. But that doesn’t mean it doesn’t happen — and intelligence agencies like it like that.
A virtual meeting of the Federal Reserve, with more than 220 attendees, was canceled just moments after it began Thursday when a Zoom-bomber hijacked the public teleconference and filled all participants’ screens with porn images. But this wasn’t high-level hacking, and the unwelcome intrusion could have been avoided if the hosts had enabled Zoom’s normal participant-muting settings, or had simply used the software’s webinar mode.
Ejecting hackers isn’t quite as easy for the White House and U.S. Marshals Service, however. On Monday, the Commerce Department greenlit the renewal of a Trump-era executive order aimed at keeping foreign hackers out of U.S.-contracted cloud service providers. And on Tuesday, the Marshals Service announced it’s hunting for cybercriminals who breached a Justice Department computer system with ransomware.
Bonus: Thanks, I hate it.
This week’s moment of tech-enabled dystopia is brought to you by the U.S. Air Force which, as reported by New Scientist, has signed a $800,000 contract with RealNetworks. The Seattle-based firm will equip military drones with AI-powered facial recognition tech that will “open the opportunity for real-time autonomous response by the robot.” If that means what we think it means, such drones could conceivably be authorized to kill without direct orders from a human operator.
Read more
from Rae Hodge on tech and politics