Skip to content Skip to navigation

Friday Cyber News, September 29 2017

Cyber technology-related news and links from around the web, for the week of 9/23 - 9/29:

1. Facebook is playing catch-up in its attempts to find and remove political disinformation on its platform, despite early warnings from Obama and others that the scope of the problem was larger than ISIS' Facebook activity, which had proven relatively easier to identify. Russian operatives posed as American Muslims and Black Lives Matter activists, attempting to sow discord in swing states. Facebook wants to remain exempt from FEC policies regulating political advertising disclosures, but its changing responses to, and insufficient control over, "fake news" have led lawmakers to consider regulation (and covert infiltration). Facebook admitting that it doesn't have full control over its tools--which it, by necessity, does not in order to use AI to discover, for example, advertising categories that wouldn't necessarily jump out at a human employee--sounds to legislators like a company that can't control its products, or what racists, Russians, and right-wing trolls are doing with them. In the coming weeks, Facebook, Google, and Twitter executives will be testifying to Congress about Russian election-related information operations. [Washington Post x2; The Hill; Buzzfeed; NY Times; Reuters]

2. Cyber Initiative faculty co-director Mike McFaul outlines a four-point plan for regaining our cyber sovereignty after Russian attacks, including strengthening cybersecurity overall, requiring foreign government-supported media organizations to register their activities and prohibiting foreign agents from purchasing election ads to run in the US. Pair with the Cyber Initiative's 5 ways to improve cybersecurity, based on ongoing research. [Washington Post; Medium]

3. China blocked the use of WhatsApp within the country, as part of a crackdown on internet activity (see also: cryptocurrencies; following China's lead, South Korea has also banned ICOs as of this week) in advance of a Communist Party Congress to be held in mid-October. The US has asked China, through the WTO, not to implement a new cybersecurity law that would require foreign firms operating within the country to submit to security checks and store data domestically, over concerns about its effect on global trade. Russia also wants tech companies to store their data in-country, and is threatening to block Facebook if it doesn't do so. [NY Times; Gizmodo; Reuters; The Hill] 

4. European users of apps like Tinder are allowed to request a copy of all the data stored about them. For one Tinder user, that was 800 pages, which came with some uncomfortable realizations about how much a company can know and infer about a user, how seamlessly information is given up on these platforms (it's not just Tinder that collects and stores all of the information it can grab, of course), and how little recourse a user has to prevent that collection. [Schneier]

5. Want to know what the nitty-gritty of regulating a tech company looks like? Here's a long--LONG--read on Uber's recent "ban" from London (its license to operate in the city will not be renewed when it expires on Saturday); the convoluted ways in which the company--actually, multiple companies--operates to evade regulatory bodies, tax collectors, and price setting; and what lessons less combative tech companies can learn about working with regulators who are in worse cases beholden to, and in better cases imaginatively constrained by, offline models of business. [London Reconnections]

6.​ Deloitte revealed this week that it had suffered a cyber attack focused on an insecure administrator account for its Azure cloud server, exposing confidential client information and emails. On the opposite end of the privacy spectrum, Signal explains how it is using server-side SGX to provide privacy-preserving contact discovery (finding out which of your on-phone contacts are already Signal users, without revealing your contact list to Signal). [Guardian; Signal]

7. Some of the scariest cyber attacks aren't really attacks at all; they're coincidences, "own goals" resulting from software mistakes or misconfigurations that result in airplane fleets being grounded, stock trading platforms reporting incorrect numbers, or 911 systems being unreachable for hours. Is model-based design the future of code, allowing computers to write code while humans are responsible for writing rules? It's more fun for the humans, but will writing code for large systems in this way make them more reliable, and more secure? [The Atlantic] 

8. A UK activist who refused to turn over the passwords to his electronic devices at the border, claiming that they contained confidential information related to a client's pending lawsuit, has been found guilty of a Terrorism Act offense. [Intercept]

9. A survey by the BBC world service found that China and the UK have the highest populations of citizens who believe the government should have a substantial role in regulating the internet. [Business Insider]

10. Twitter's abuse prevention process suspended the account of a user who threatened (and killed) a mosquito. Don't they know their whole company is built around the image of the insect-eating bluebird?  [BBC; All About Birds]

Thanks for reading,

Allison
Stanford Cyber Initiative

(To suggest an item for this list, please email aberke@stanford.edu. You can view news from past weeks, subscribe, and unsubscribe at https://tinyletter.com/CyberNewsBytes)