Author Topic: Cyberwar, Cyber Crime, and American Freedom  (Read 199841 times)

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 51412
    • View Profile
GPF: America's Chinese Tech Conundrum
« Reply #550 on: November 20, 2019, 01:11:26 PM »

Washington’s Chinese Tech Conundrum
By: Phillip Orchard

In early November, the budding U.S.-China “tech cold war” took a rather surreal turn. The U.S. government announced a national security review on the threat posed not by Chinese telecommunications giants like Huawei or Chinese artificial intelligence firms developing battlefield applications for the People’s Liberation Army, but rather by TikTok, a wildly popular Chinese social media platform best known for 15-second clips of Gen Zers (those born between 1996 and 2010) doing very Gen Z things. Last week, U.S. Senate Minority Leader Chuck Schumer pressed the secretary of the Army to refrain from using TikTok as a recruiting tool.

The supposed threat has to do with data. With some 500 million users, including 80 million in the United States, TikTok is collecting a ton of data. TikTok is owned by ByteDance, a private Chinese firm, and it’s not even available inside China. But since even private firms in China have little choice but to cooperate with the Communist Party of China’s demands, Beijing could ostensibly use the app to, say, monitor the movements of intelligence targets. Such concerns are not wholly invalid. After all, even U.S.-based tech giants are under mounting scrutiny over the oceans of user data they can hoard.

This illustrates a fundamental feature of U.S.-China competition: Given the blurring lines between commercial and military or intelligence technologies, it’s not hard to come up with reasons why just about any emerging Chinese technology could threaten U.S. interests. Chinese 5G infrastructure, for example, could ostensibly be weaponized to divert sensitive data to Beijing or wreak havoc on U.S. military logistics and communications lines just as the PLA makes its move on Taiwan. Chinese-made train cars could be rigged to paralyze major U.S. cities. Chinese-made smart refrigerators could be programmed to become sentient en masse and stage an ice boxer rebellion. (Theoretically, at least.)

As a result, Washington is scrambling to develop a coherent approach to managing an array of threats that’s extremely unclear in both scope and severity. Just as problematic, Washington’s ability to mitigate such threats without doing more harm than good to U.S. interests is similarly murky. Bottom line: The U.S. will struggle to strike an ideal balance, but the broader geopolitical competition will push the U.S. to err on the side of mitigating worst-case scenarios – however real or imagined.

Three Uncertainties

Over the next few months, using new powers granted by the Export Control Reform Act of 2018, the U.S. Commerce Department is expected to clarify what Chinese “emerging and foundational technologies” it truly considers problematic. It will also continue laying the groundwork for concrete measures to address them, including export controls, import bans, restrictions on investment and research and development collaboration, and so forth. This task is complicated by three sources of uncertainty.

The first question, of course, is just how much any particular Chinese technology – or even U.S. technologies manufactured in China – can realistically harm U.S. national security. Some are fairly obvious; the U.S. has ample interest in keeping Chinese nationals from swiping research from U.S. biotech labs, for instance, or in depriving Chinese weapons-makers of cutting-edge U.S. semiconductors and software. Undeniably, Chinese advances in quantum computing, artificial intelligence, robotics, aeronautics, space and so on have the potential to diminish the U.S. military’s conventional edge over the PLA.

But with most other Chinese tech and advanced manufacturing firms in the U.S. crosshairs, the threat is largely theoretical at this point. Even concerns about 5G hinge largely on a range of assumptions about how quickly and widely the technology will be adopted, what sorts of applications it spawns, and the difficulty developing sufficient cybersecurity measures such as encryption. There’s also a tendency to overrate China’s innovative capacity. Beijing is helping Chinese firms narrow the gap with the U.S. in R&D spending, sure, but the innovation record of Chinese firms (particularly bloated state-owned enterprises) has been mixed, at best. The U.S. and its high-tech allies in Northeast Asia and Europe have a decadeslong lead in most sectors, and China cannot close the gap through forced technology transfers or cyberespionage alone.
 
(click to enlarge)

The second question is whether the U.S. really has the tools to address potential threats. U.S. tools can be lumped into two categories: defensive and offensive. Implementing most defensive measures would be relatively straightforward. The U.S. could, for example, simply prohibit members of its military, intelligence community, and other sensitive departments from using data-hoarding Chinese apps like TikTok – or just ban such apps from the U.S. altogether. Already, it’s effectively banned Chinese telecommunications equipment from U.S. networks. It’s also likely to do more to encourage the development (and widespread adoption) of more sophisticated encryption and cybersecurity practices.

But defensive measures won’t cover everything. All telecommunications networks, with or without Chinese tech, will be inherently vulnerable to Chinese cyber operations. Moreover, U.S. interests aren’t confined to U.S. shores. Thus, the U.S. is also toying with offensive measures effectively aimed at taking down potentially problematic Chinese firms altogether. This is the point of the on-again, off-again controls on exports of U.S. components and software to Huawei, which relies overwhelmingly on U.S. semiconductors, software and chip design – as well as the diplomatic offensive aimed at keeping Huawei equipment out of places the U.S. relies on for military logistics. When the U.S. briefly slapped an export ban on Huawei’s state-owned rival, ZTE, in May 2018, it nearly brought the firm to its knees.

However, there are several reasons to doubt the effectiveness of offensive measures like export controls. For one, it only really works if a Chinese firm is truly dependent on U.S. technology, market access or funding. And the U.S. has near-total dominance over only a small number of sectors, such as semiconductors. For another, as demonstrated this summer when several U.S. suppliers announced that they had exploited loopholes in the soft ban on sales to Huawei, private multinational firms would have overwhelming incentives to find ways to continue selling to China – even if it requires moving operations overseas. Finally, it’s unclear how long Chinese dependence on U.S. firms will actually last. A core reason why Chinese firms like Huawei and ZTE have struggled to make the leap in sectors like semiconductors is that it just always made more sense to keep buying from the U.S. and focus their resources on what they’re actually good at (or on serving Beijing’s political and diplomatic goals). Cut off from critical suppliers, such firms would come under enormous pressure to develop suitable replacements – while Beijing ensures that they don’t wither and die in the meantime. It may sound trite, but necessity really is the mother of innovation.

More Harm Than Good?

This highlights the third source of uncertainty: Can the U.S. go after Chinese firms without doing more harm than good to U.S. interests in the process? The reality is: Most proposed U.S. measures would carry major potential risks and costs – to U.S. consumers, to U.S. diplomatic relationships, or to the health and innovative capacity of the U.S. firms that Washington would ostensibly be trying to protect. It’s estimated, for example, that between 10 percent and 30 percent of the revenues of leading U.S. firms like Intel, Advanced Micro Devices and Qualcomm come from China. Every semiconductor they can’t sell to Huawei is less revenue for them to sink into R&D. As mentioned, there’s also the thorny fact that the U.S. has a monopoly on only a handful of technologies. So, there’d be little point in banning sales to China in industries where tech is already widely available.
Indeed, U.S. export controls on globally available satellite technologies in the 1990s were deemed counterproductive.
Meanwhile, Silicon Valley startups would suffer from the loss of Chinese investment. A core U.S. strength, moreover, is its ability to attract the best and brightest from other countries, so a U.S. crackdown on Chinese immigrants, students and research collaboration wouldn’t be cost free. Already, the threat of additional U.S. tariffs, along with potential bans on federal procurement of ITC equipment with components made in China, has forced U.S. electronics makers with manufacturing operations in China to spend billions rerouting complicated supply chains elsewhere. Chinese retaliation would be inevitable, whether in the form of reciprocal sanctions, nationalist consumer boycotts, harassment of U.S. firms in China or the ever-looming ban on rare earths exports.

Finally, there could be costs to the U.S. diplomatic and alliance structure. With 5G, for example, the U.S. has effectively threatened to curtail intelligence and military cooperation with countries that use Huawei telecommunications equipment. For most countries, caving to the U.S. would be breathtakingly expensive and delay their 5G rollout by several years. (Many use Huawei for 4G, meaning they’d need to rip out old infrastructure in addition to taking on the vast buildout required for 5G – and do so with more expensive suppliers.)
 
(click to enlarge)

The underlying problem for the U.S. is that preparing for potential tech threats means estimating the power of technological applications that often don’t even yet exist – and tech innovation moves fast. When faced with an unclear emerging threat, the U.S. tends to ignore the problem before overcorrecting to overwhelm it with blunt power. Ideally, the solution for the U.S. would be a “small yard, high fence” approach that preserves national security without undermining its own ability to innovate and compete in global markets – and without upending its invaluable global alliance structure. But the threat environment is simply too murky, too dynamic and too laden with potential for unintended consequences for the U.S. realistically to be able to strike an optimal balance anytime soon.

The problem for China, meanwhile, is that it can do little to allay U.S. fears of worst-case scenarios. Chinese firms can promise to refuse state demands for cooperation, but it’d be naive to put much faith in that. They can open up their source code to foreign inspectors, but source code can quickly change. China certainly can’t abandon its attempt to scramble up the manufacturing value chain or turn the PLA into a high-tech fighting force. So, the issue cannot be separated from the broader suspicions and colliding interests that will define U.S.-China relations for decades to come. To the U.S., in other words, it’s perfectly rational to consider depriving a potential adversary of capabilities that might prove dangerous – however blunt and potentially destructive. And given the trajectory of Chinese firms and the possibility that U.S. leverage may soon evaporate, Washington will be tempted to strike fast and ask questions later.   






Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 51412
    • View Profile
Stratfor: The growing power and threat of government imposed internet blackouts
« Reply #553 on: November 29, 2019, 12:11:08 PM »


The Growing Power and Threat of Government-Imposed Internet Blackouts
4 MINS READ
Nov 21, 2019 | 10:00 GMT
During the latest protests, the government of Iran has shut off access to the internet in most of the country.
(MAXIMUMM/Shutterstock)

HIGHLIGHTS

The government of Iran has shut off access to the internet in most of the country amid recent protests, a tactic also used to control civil unrest in India, Ethiopia, Iraq and Sudan.

Such restrictions are aimed at preventing protesters from organizing, halting the spread of misinformation, quelling communal violence and even obstructing communications among coup plotters.

Governments are likely to continue to use internet blackouts for the foreseeable future, especially as they gain more control over internet and mobile networks.

Editor's Note: ­This security-focused assessment is one of many such analyses found at Stratfor Threat Lens, a unique protective intelligence product designed with corporate security leaders in mind. Threat Lens enables industry professionals and organizations to anticipate, identify, measure and mitigate emerging threats to people, assets and intellectual property the world over. Threat Lens is the only unified solution that analyzes and forecasts security risk from a holistic perspective, bringing all the most relevant global insights into a single, interactive threat dashboard.

Amid the recent bout of nationwide protests in Iran, government-enforced blackouts have taken more than 90 percent of the country's internet offline and blocked most Iranians from communicating with the outside world. The move has drawn substantial international media attention, and #Internet4Iran has been a worldwide trending topic on Twitter. Tehran blocked the internet during protests in late 2017 and early 2018, but the scale of the current blackouts is unprecedented in Iran. The government has been working toward greater control of its networks by building an intranet, similar to what China and Russia have done or plan to do. With it, Tehran can also block external influence. Such internal networks give governments more power when shutting down internet connections — permitting local services to continue while cutting off access to external networks and channels. 

Iran isn't the only country that has limited or cut internet access in response to domestic unrest. Government attempts at control have ranged from the shutdown of social networks such as Facebook and WhatsApp to the blockage of all online activity. The restrictions are aimed at preventing protesters from organizing, halting the spread of misinformation, quelling communal violence and even obstructing communications among coup plotters. Though governments can use their control over networks for other corrupt purposes, including economic espionage, the use of that power to black out the internet has been particularly disruptive and pronounced during 2019. Some examples include:

India used internet blockages to quell communal violence during its elections in May 2019.

Ethiopia used them during a regional coup in June 2019, the latest instance of many by the government.
Iraq implemented partial and complete internet shutdowns in Baghdad and much of southern Iraq during strong civil unrest in October and November.

Sudan used them during a crackdown by security forces in June 2019.

Governments are likely to continue to use internet blackouts for the foreseeable future, especially as they gain more control over internet and mobile networks. The internet restrictions create problems for travelers and businesses by blocking communication with others within a country and, notably, with partners outside a country. Moreover, businesses that rely on the mobile internet — such as ride-hailing services (Uber, Careem, Lyft) — are unable to function, disrupting a significant portion of road traffic. Multinational companies reliant on internet access are unable to process transactions, and roadside stalls and other local businesses that need to process credit card transactions are also unable to operate.

The restrictions are aimed at preventing protesters from organizing, halting the spread of misinformation, quelling communal violence and even obstructing communications among coup plotters.

The following measures can help businesses and travelers anticipate and mitigate internet outages:

Understanding the local political climate and whether significant events, such as elections, are likely to trigger such measures.
Gauging whether the government has the capability and intent to impose such a blackout — for example, authoritarian governments are more likely to use them, countries that have imposed them are likely to do so again and nations with their own intranet face fewer internal disruptions from cutting external connections.

Developing contingency plans for operations to continue in the event of an internet blackout.

Securing alternative means of communication, particularly devices that aren't reliant on an internet connection.


Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 51412
    • View Profile
Schnier
« Reply #555 on: December 16, 2019, 10:58:33 PM »



Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 51412
    • View Profile
GPF: UK and Huawei
« Reply #558 on: January 28, 2020, 10:42:25 AM »
The U.K. lets Huawei in. The U.K. has decided once and for all to allow cellular carriers to use equipment made by Chinese telecom giant Huawei and other “high-risk vendors” in their 5G buildouts. The announcement isn’t exactly a surprise; some British carriers had already been moving forward with Huawei. Still, it’s important, in part because the U.S. has continued threatening to curtail intelligence-sharing with countries that include Huawei in their 5G networks. Just yesterday, Senate Republicans introduced legislation that would turn such threats into a formal ban. As a core “Five Eyes” member, the U.K. boasts a robust intelligence relationship with the U.S., so London’s decision, especially if the U.S. proves to be bluffing on the matter, will likely serve as a de facto green light to other countries that have been reluctant to do business with the Chinese. The Pentagon's move last week to block Commerce Department plans to ban exports of components and software to Chinese telecom firms will further undermine the U.S. campaign to isolate Huawei.

It’s worth noting that the U.K. isn’t exactly embracing Huawei wholeheartedly. It’s effectively limiting Huawei gear to what’s known as the “edge” of 5G networks – think base stations, routers and antennas – where the security vulnerabilities are arguably the lowest and the buildout costs are certainly highest. It’s also limiting the market share of “high-risk vendors” to 35 percent in order to address sabotage concerns, while banning their equipment from networks around military bases and other sensitive installations.

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 51412
    • View Profile

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 51412
    • View Profile
WSJ: 5G
« Reply #560 on: February 08, 2020, 11:22:40 AM »
Winning a 5G Battle but Not the War
An FCC chief outsmarts the swamp but the U.S. has not solved the puzzle of competing with China.

By Holman W. Jenkins, Jr.
Feb. 7, 2020 6:28 pm ET
SAVE
PRINT
TEXT
12

FCC Chairman Ajit Pai in Washington, April 12, 2019.
PHOTO: EVAN VUCCI/ASSOCIATED PRESS
This column hereby rescinds its Tom Wheeler award to Ajit Pai, chairman of Federal Communications Commission. (Don’t misunderstand. The award is distinctly uncoveted.)

It doesn’t matter if a cat is black or white as long as it catches mice, and Mr. Pai’s newly announced solution to a vexed satellite spectrum puzzle would effectively catch the 5G mice. Most important is a point stressed by New Street Research’s Blair Levin, himself a former federal broadband czar: The plan likely avoids a replay of World War I in the courts that would tie up desirable spectrum for years.

Everyone understands that more spectrum is needed if the U.S. is to compete with China in 5G. Yet, out of respect for the populist grousing of a single GOP senator, the White House in recent weeks scuttled an FCC proposal that would have rewarded a handful of satellite companies for giving up part of their licensed U.S. spectrum. Why scuttle it? Because they are foreign-owed satellite companies.

Tom Wheeler was the Obama FCC chief bigfooted by the White House over his own carefully crafted net-neutrality plan. Mr. Pai seemed destined for similar ignominy. Then, a day after Mr. Trump secured his Senate acquittal, Mr. Pai undid much of the damage by announcing his own proposal to dangle $9.7 billion in incentive payments in front of the license holders.

Understand: His goal was not to induce ecstasy in the satellite companies, but to elicit their cheerful, non-litigating cooperation in adapting their businesses to allow about half their spectrum to be shifted quickly to 5G. (In contrast, the major wireless carriers were ecstatic.)

Insiders credit fellow Commissioner Michael O’Rielly with much of the legwork, but the chairman’s support was crucial. In a well-received speech on Thursday, Mr. Pai stressed the importance of speed to keep pace with China. He cited the encouragement the deal would give other spectrum holders to cough up underutilized spectrum.

He didn’t mention, but might have, a related issue: If taken as a signal that more spectrum will be coming to the market in the future, it could help alleviate the inflated pricing and hoarding that has bedeviled wireless providers.

The FCC understandably is torn on this point—it likes to report fat spectrum auction proceeds to Congress. But the original goal of allocating the airwaves through auctions was to make sure spectrum is efficiently priced and used. Artificially high prices aren’t only bad for the economy and downstream users but contribute to Washington’s difficult 5G conundrum.

The Chinese government is not handcuffed by such concerns. By declaring “let there be 5G,” it creates opportunities for Huawei and other Chinese companies speedily to climb the learning curve in developing equipment for the new networks. The U.S. deprives itself of Huawei’s learning when it closes off its market. The U.S. might have acted sooner to capture Huawei by forcing it to become a trusted U.S. supplier in return for access to then-leading Western networks. Unfortunately, that mouse has long since eluded the cat. Yet we kid ourselves in thinking we are very much safer. Anybody’s equipment can be compromised and Chinese spies are constantly looking for ways (as are Western spies).

In the meantime, high spectrum prices and equipment costs compound a problem for our major telecommunications companies. We may quiver in anticipation of driverless cars and virtual reality, but these 5G-enabled goodies are not just around the corner. In the first phase, companies will roll out 5G so everyday mobile broadband doesn’t break down under constantly growing consumer demand. Guess what? This won’t be remunerative. Consumers have demonstrated their unwillingness to pay higher bills for service that isn’t noticeably improving. Though companies are desperately trying, hanging on a 5G label probably isn’t going to change that.

Throw in the collision that 5G necessarily invites between the wireless and cable giants. Throw in the evident need of the wireless industry, directly and indirectly, to subsidize the streaming wars that gobble up ever more bandwidth. AT&T has its own WarnerMedia streaming service about to launch in May. Verizon and T-Mobile have been subsidizing their customers to consume, respectively, Disney+ and Netflix.

The crystal ball does not state categorically that another episode of value destruction lies ahead for the telecom industry like the one that engulfed it in the late 1990s (rest in peace, Bernie Ebbers ). But investors and policy makers might want to be alert to the possibility. The ability of our telecom companies to finance the ambitious rollout Washington wants ought to be part of our 5G conversation too.

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 51412
    • View Profile
WSJ: Pentagon shifts stance on Huawei
« Reply #561 on: February 15, 2020, 06:59:53 PM »


Pentagon Shifts Stance on Sales to Huawei
Defense Department drops opposition to tightening Chinese company’s access to shipments from U.S. chip makers

National-security concerns prompted the U.S. Commerce Department to put Huawei on an export-control list last year.
PHOTO: GEERT VANDEN WIJNGAERT/BLOOMBERG NEWS
By Katy Stech Ferek, Bob Davis and Asa Fitch
Updated Feb. 14, 2020 7:49 pm ET
SAVE
PRINT
TEXT
43
The Pentagon has dropped its opposition to efforts within the Trump administration to make it harder for U.S. chip makers and other companies to supply China’s Huawei Technologies Co. from their overseas facilities, according to people familiar with the situation.

The Defense Department’s shift on a potential rule comes as the U.S. steps up its campaign to persuade allies that Huawei’s gear poses a security threat. Adding to the pressure, a federal indictment was unsealed this week charging Huawei and two U.S. subsidiaries with racketeering conspiracy and conspiracy to steal trade secrets. Huawei says the charges are unfounded.

Huawei is the world’s largest telecommunications-equipment manufacturer and a leader in next-generation 5G wireless networks. The U.S. contends its equipment could be used for Chinese government espionage, a claim that Huawei has repeatedly denied.

The Trump administration has been moving to further restrict U.S. companies from selling to Huawei, even while granting some suppliers temporary exemptions from restrictions imposed last spring.

In discussions within the administration, Department of Defense officials had voiced concerns that cutting off sales to Huawei would deprive U.S. chip makers of vital revenue needed to fund advanced research. The Pentagon itself spends heavily on research to stay on the cutting edge of weaponry and defensive capabilities.

The change in the department’s stance, which was reported earlier by Politico, removes a hurdle for a new export-control measure designed to reduce the flow of U.S.-made products to Huawei out of national-security concerns.

But the potential tightening still faces opposition within the administration. Treasury objected to the possible change and successfully lobbied for the scheduling of a cabinet-level meeting on the matter and other China issues later this month. Also National Economic Council director Larry Kudlow has signaled his opposition.

Most significantly, President Trump hasn’t weighed in. At the Group-of-20 meeting in Japan last summer he said he wanted U.S. companies to continue to supply Huawei so long as the products don’t compromise national security.

Pentagon spokeswoman Sue Gough declined to comment on the Defense Department’s position on the potential rule. She said generally the Pentagon “supports a collaborative interagency process that allows the facts and concerns of all parties to be heard before adopting potential major regulatory changes.”

Citing national security, Commerce Department officials put Huawei on an export blacklist in May, cutting it off from some U.S. semiconductor makers and other companies that have sent billions of dollars’ worth of components to Huawei. U.S. companies supplying chips to Huawei, which is also a major smartphone maker, have included Micron Technology Inc., Qualcomm Inc. and Intel Corp.

Some Trump administration officials have been frustrated that the move doesn’t appear to have hurt Huawei financially. Shortly after the ban, some semiconductor makers resumed shipments to Huawei by relying on overseas production—using what some say is a loophole in Commerce Department regulations. Huawei leaders, meanwhile, have boasted about finding ways to make its equipment without U.S.-made semiconductors.

The possible new rule would tighten the regulation of shipments to the Chinese company. Without a Commerce Department license, the existing rules allow continued shipments to blacklisted companies for products made overseas and with less-than-25% U.S. content. The rule change reduces the threshold to 10% for Huawei shipments, which would sharply limit the items that U.S. companies could sell the Chinese company without an export license.

On Friday, Sen. Rick Scott (R., Fla.) proposed a bill that would force the Commerce Department to implement the 10% rule.

“We know Huawei is supported and controlled by the communist regime in Beijing, which continues to violate human rights and steal our data, technology, and intellectual property,” Sen. Scott said in a statement. “Companies in the United States should not be allowed to sell to Huawei.”

Related Video
Why It's Almost Impossible to Extract Huawei From Telecom Networks

Why It's Almost Impossible to Extract Huawei From Telecom Networks

Allies are under U.S. pressure to shun Huawei. But the company's prevalence in existing telecom networks and dominance in 5G technology make that nearly impossible. Illustration: Crystal Tai

Meanwhile, tensions between Huawei and U.S. officials flared Friday at a global security gathering in Munich.

John Suffolk, a Huawei senior vice president, dismissed the new U.S. charges against his company, saying they were predominantly recycled from civil disputes over the past 20 years that had been litigated and settled.

“They are hoping that if they throw enough mud, some of the mud will stick,” Mr. Suffolk said at the Munich Security Conference.

Senior U.S. officials pushed back against Huawei’s defense in a press conference of their own.

“Over the last couple of years there’s been more than enough evidence of the way the Chinese government has been using its national champions, so really the onus is on Huawei now. They have to show they are a trustworthy partner. They have to separate themselves from the Chinese government,” said Robert B. Blair, U.S. special representative for international telecommunications policy.

As a part of the Trump administration’s campaign, U.S. officials allege that Huawei has maintained a so-called backdoor in its equipment that allows it access normally reserved for law enforcement. The accusation was first reported by The Wall Street Journal.

Mr. Suffolk said that it was impossible for Huawei to access networks because the equipment was contained in a box that isn’t part of Huawei gear and is under strict control of the operator.

“We don’t run the networks, so we don’t know what equipment has been installed,” he said. “So we don’t have access to this equipment. We provide one side of the box, which is blind to the other side of the box.”

“If you’ve got evidence, publish it. Let the world see it,” Mr. Suffolk said.

The escalating war of words comes as the U.S. government is struggling to convince European allies to shut Huawei out of future superfast 5G mobile networks. Britain, the closest U.S. ally in Europe, decided to allow Huawei to bid for 5G contracts with some limitations, while Germany’s government is putting forward legislation that, if adopted, would have a similar effect.

—Bojan Pancevski contributed to this article

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 51412
    • View Profile
WSJ: Internet Shutdowns
« Reply #562 on: February 27, 2020, 10:36:11 AM »
Internet Shutdowns Become a Favorite Tool of Governments: ‘It’s Like We Suddenly Went Blind’
Governments increasingly order telecoms to turn off web access in neighborhoods, regions or whole countries, sometimes for months
By Feliz Solomon
Updated Feb. 25, 2020 12:02 pm ET
SAVE
SHARE
TEXT
112 RESPONSES
PONNAGYUN, Myanmar—Last June, the Myanmar subsidiary of telecom Telenor Group received an urgent government order it was told it must not disclose. Turn off the internet in nine townships.

Hans Martin, a senior executive at the Norwegian company, saw red flags. He said Myanmar’s justification—that people were using the internet to “coordinate illegal activities”—was vague, and no end-date was given. The telecom said it had little legal basis to refuse the order, and complied.

Nearly 250 days later, western Myanmar has become the site of one of the longest internet shutdowns documented anywhere in the world.

From autocratic Iran to democratic India, governments are cutting people off from the global web with growing frequency and little scrutiny. Parts or all of the internet were shut down at least 213 times in 33 countries last year, the most ever recorded, according to Access Now, a nonprofit that advocates for a free internet and has monitored the practice for a decade. The shutdowns were used to stop protests, censor speeches, control elections and silence people, human-rights advocates said.

Pakistan tailored shutdowns to isolate and control specific neighborhoods, while Iraq automated internet curfews at certain times of the day. Venezuela blocked social media apps, such as Facebook and Twitter. Bangladesh throttled mobile data speeds to 2G levels, making it impossible to share photographs, watch videos or even load most websites.

“What I’m seeing is a definite increase in the shutting down of the internet for political reasons,” said David Kaye, the United Nations’ special rapporteur for the protection of free expression, who monitors rights violations across the globe and reports to the U.N.’s Human Rights Council.


Dozens of interviews with telecom officials, diplomats, researchers and rights advocates revealed how very little stands in the way of governments that want to block the internet, even for long periods.

No global agreements explicitly cover internet freedoms, though the right to information is guaranteed under the Universal Declaration of Human Rights, a nonbinding set of principles adopted by the U.N. Telecom companies, which rely on government licenses and agree to follow a nation’s laws, rarely push back. Those that try to ask questions or negotiate find they don’t have much leverage.

Myanmar’s telecom ministry didn’t respond to requests for comment.

Across the world, hundreds of companies offer access to the internet, including private-sector multinationals and state-owned firms. Their control over who can do what online makes them valuable to governments. The companies can pinpoint user locations, block apps and websites, and turn off access within minutes.

Growing Disconnect
More countries are cutting people off from the global web, often to quell protests andsilence critics.

Number of countries where shutdowns have occurred
2016
’17
’18
’19
0
10
20
30
40
The total number of internet shutdowns is increasing. India used the practice more than any other country.

Number of internet shutdowns

Source: Access Now
India
Other
2016
’17
’18
’19
0
50
100
150
200
250
Companies emerging as prominent players in markets across Africa, Asia and the Middle East—including India’s Bharti Airtel Ltd., Malaysia’s Axiata Group Bhd. and Qatar’s Ooredoo QPSC—disclose little information about how they handle government orders or when and why they turn the internet off. The companies didn’t respond to requests for comment.

Only a few telecom firms publish data on the number of government requests they receive to intercept messages, shut down networks, restrict content and share user details. Even those reports leave out orders or actions that authorities want to keep secret.

“We’re often restricted by law to disclose the details or acknowledge any requests received,” said Laura Okkonen, the senior human-rights manager for U.K.-based Vodafone Group PLC. “We have, as a company, tried to be as transparent as legally possible.”

In the U.S., major telecommunications companies such as AT&T Inc. and Verizon Communications Inc. publish reports disclosing the number and nature of demands they receive from government and law-enforcement bodies. These can include subpoenas for subscriber information, court orders for wiretaps, emergency requests for information and in some cases rough estimates of National Security Letters issued by the FBI.

To uncover or confirm shutdowns that aren’t disclosed, some internet monitoring groups rely on diagnostic tools that measure changes in network activity. Access Now and U.K.-based NetBlocks track dips in network data to call attention to disruptions, such as in Venezuela and Iran in recent months.

After Iran ordered a shutdown in November, a research lab in California, the Center for Applied Internet Data Analysis, ran tests measuring connectivity. It produced a detailed sequence of the weeklong blackout, including how devices were severed from the global internet, though users could visit Iranian websites, which are largely government controlled.

The first time it’s known that a government ordered a nationwide internet blackout was Jan. 28, 2011. Internet trackers call it a turning point. The popular revolts of the Arab Spring were spreading to Egypt, and protests against then-President Hosni Mubarak were growing. Twitter, Facebook and messaging apps were being widely used to share information and coordinate protests. The government ordered all internet providers to disconnect, and almost immediately, 80 million people were offline.


Egypt’s internet shutdown in 2011, during protests of the Arab Spring, was the first known nationwide web blackout.
PHOTO: MARCO LONGARI/AGENCE FRANCE-PRESSE/GETTY IMAGES

After services were out, soldiers armed with machine guns barged into the office of Mobinil—majority owned by French telecom company Orange SA —and demanded that they blast out a text message praising the president’s glory, according to Yves Nissim, a corporate social responsibility officer at Orange. Staff sent out the message, at gunpoint, but insisted that it be attributed to the army.

“This was just unheard of before,” Mr. Nissim said. “We decided after that we couldn’t face this alone.”

Over the next two years, seven multinational telecom companies, including Orange, Telenor and Vodafone, formed a group to compare their experiences and align arguments used to negotiate with authorities. They said they established standards to disclose government requests, and that they have made some orders less severe through negotiations.

But the practice is more widespread than ever. On Nov. 16, Iran switched the entire nation offline as authorities carried out a deadly crackdown on antigovernment protesters. Iraq did the same in October, and again a few weeks later. Sudan did it in June. Zimbabwe in January 2019.

India’s government has faced criticism for blocking the internet in Kashmir after its decision in August to end the region’s partially autonomous status. Officials argue the move is required for public security, which they said trumps the right to internet access. Critics said the shutdown is aimed at blocking protesters.

India’s Supreme Court ruled in January that the blackout was unconstitutional. Authorities have restored limited fixed-line services while leaving mobile data and social media cut off.


India’s Supreme Court ruled in January that the internet blackout of Kashmir was unconstitutional. The government has restored limited services.
PHOTO: MUZAMIL MATTOO/NURPHOTO/ZUMA PRESS

“India is a swing state in the future of democratic governance of the internet,” said Adrian Shahbaz, research director for technology and democracy at Freedom House, a U.S.-based human rights group. “When a massive democracy like India resorts to such a blunt tool, it normalizes the approach of shutting down the internet.”

In Myanmar, the internet only became widespread over the past five years, after the country’s telecom sector opened up as part of a transition from military rule toward democracy. Mobile towers sprang up across the countryside, and the price of SIM cards—the chips that connect phones to a mobile network—dropped from about $250 to $1.50 almost overnight.

Going Dark

Researchers documented a sharp drop in network connectivity among Iran's telecoms that began Nov. 16 and lasted a week, a sign the government had intervened amid last year's protests.

Number of network blocks, each of which contains 256 IP addresses, determined to be connected.

ITC

IranTelecomCo

Shatel

ParsOnline

PTE

6,000

5,000

4,000

3,000

2,000

1,000

0

Nov. 16

4 p.m.

8 p.m.

Midnight

Source: Internet Outage Detection and Analysis, a project of the Center for Applied Internet Data Analysis
In rural Ponnagyun, in the western state of Rakhine, residents said the internet’s arrival had just started to transform their impoverished communities. E-commerce and digital services such as money transfers were trickling in, and travel operators and farmers had adopted new ways of working.

San Naing, a 40-year-old rice farmer, said he could communicate with buyers more efficiently, send them photographs and arrange large deliveries. Since the shutdown, he has returned to his old practice of bringing huge hauls of rice to the nearest town by boat, hoping to unload it at the market. “It’s like we suddenly went blind,” he said.

In this part of the country, Myanmar’s military, which has been widely criticized for its violent operations against the country’s many insurgent groups, is fighting a group of ethnic rebels called the Arakan Army. Clashes intensified in early 2019 and surged again in recent weeks.



The shutdown affects areas that are home to both Rakhine Buddhists and a few hundred thousand Rohingya, a persecuted Muslim minority. Myanmar is facing genocide allegations at the U.N.’s top court after military operations in 2017 forced more than 700,000 Rohingya to flee to Bangladesh.

It was after hours on June 20 when the Myanmar subsidiary of Telenor, Norway’s state-owned telecom firm, received the government’s email. It had until 10 p.m. the next day to turn off the internet in nine townships, including Ponnagyun, according to Mr. Martin, Telenor’s chief corporate affairs officer in Myanmar.

The order, parts of which were read to the Journal, cites the country’s telecommunications law, which allows the government to suspend services “when an emergency situation arises.”



The company’s regulatory officer had already begun quiet preparations after a heads-up from a government source a few days earlier, according to the company’s head of technology operations, Abdur Raihan. Over two days, a small team of engineers identified the towers whose antennae transmit signals into the relevant townships. An engineer wrote a piece of code that would instantly disable the antennae, Mr. Raihan said.

Mr. Martin said his first thought on the morning after the order arrived was that obeying it could set a bad precedent, signaling to authorities that they would face little resistance if they tried to do the same elsewhere. The Arakan Army is only one of more than 20 armed groups in Myanmar, which is home to one of the world’s longest and most complex civil wars.

The company’s legal and sustainability officers weighed in with concerns that the order was too open-ended and might disproportionately affect civilians. Telenor representatives communicated with the telecom ministry several times throughout the day, pressing for details on why the shutdown was necessary and how long it would last. They were told the government had nothing to add.

Despite its concerns, Telenor decided to comply because the company’s lawyers found the order to be legal, Mr. Martin said. But it told a top bureaucrat in the telecom ministry, Soe Thein, that the company would alert customers with a text message and a public statement. Mr. Thein was clearly displeased, according to Telenor, but didn’t try to forbid it.

At 10 p.m., service went down. Telenor customers’ mobile phones in the blackout zone lit up with a message saying the government had ordered the disruption, and service would be restored “as soon as possible.”

The government order was also addressed to the country’s three other telecom providers—state-owned Myanmar Posts and Telecommunications, state-controlled MyTel and Qatar-based Ooredoo—who also complied. The companies didn’t respond to requests for comment.

In September, the government lifted restrictions in five townships, while four remained offline. In early February, the government reimposed the blackout in the five townships, citing “security requirements and public interest,” Telenor said.

Locals said that within days of the renewed blackout a major offensive against the rebels was under way in the region. On Feb. 18, the U.N. expressed grave concern over a surge in civilian casualties and urged the government to end the internet shutdown.

—Myo Myo in Yangon contributed to this article.

Write to Feliz Solomon at feliz.solomon@wsj.com

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 51412
    • View Profile


ccp

  • Power User
  • ***
  • Posts: 10703
    • View Profile
I thought the cloud is safe
« Reply #565 on: March 23, 2020, 01:11:04 PM »
do not google apple msft amzn fb and the rest tell us the cloud is safe?

https://www.tomshardware.com/news/a-mysterious-database-exposed-200-million-americans-personal-info

someone(s) and some companies need to be held accountable.
and not a 2 cent fine

G M

  • Power User
  • ***
  • Posts: 17941
    • View Profile

ccp

  • Power User
  • ***
  • Posts: 10703
    • View Profile
Nouriel Roubini
« Reply #567 on: March 26, 2020, 04:49:00 AM »
he makes some good point .

noted:

"In its quest for global economic and geopolitical domination, America has made many enemies."

"America’s enemies are in no position to fight a hot war  – for the time being. They know that. In the meantime, President Trump has continually stepped up trade wars and financial sanctions that some countries are now finding too much and are soon to fight back."

"Nouriel Roubini, Professor of Economics at New York University was Senior Economist for International Affairs in the White House’s Council of Economic Advisers during the Clinton Administration. He has worked for the International Monetary Fund, the US Federal Reserve, and the World Bank."

Well he is a globalist , child of Iranian jews , grew up in Turkey, influenced by the Reagan hater , Carter loving JEff Sachs, prof of economics at NYU,graduated from Havard, so let me guess ,

he is a democrat......

DougMacG

  • Power User
  • ***
  • Posts: 12595
    • View Profile
Re: Nouriel Roubini
« Reply #568 on: March 26, 2020, 06:11:03 AM »
"In its quest for global economic and geopolitical domination, America has made many enemies." 

   - Nonsense.  Our quest is for peace, liberty, prosperity and excellence, not domination of ANYONE.  Do we run Germany or Japan who we defeated?  Did we take Iraq's oil when we deposed their bloody tyrant?  Do we "dominate" the South China Sea?  Are we too harsh on rogue nations who openly threaten and terrorize us? 


"Nouriel Roubini, Professor of Economics at New York University was Senior Economist for International Affairs in the White House’s Council of Economic Advisers during the Clinton Administration. He has worked for the International Monetary Fund, the US Federal Reserve, and the World Bank."


Post his resume under definition of failure.  See WRM today.  Past governance by people like this is why we have Trump.  A resume is supposed to list what you accomplished, not just where you parked you rear end.

ccp

  • Power User
  • ***
  • Posts: 10703
    • View Profile
Re: Cyberwar, Cyber Crime, and American Freedom
« Reply #569 on: March 26, 2020, 07:00:19 AM »
Doug,

I "mistyped"

I meant he made a few good points BUT he also is quoted as saying what I wrote in parenthesis.

He is obviously of the America is to blame for everything lib school.

I notice he had no problem leaving Iran Turkey to come here .

Yet the USA  is baaaaaaaaad


DougMacG

  • Power User
  • ***
  • Posts: 12595
    • View Profile
Re: Cyberwar, Cyber Crime, and American Freedom
« Reply #570 on: March 26, 2020, 08:27:11 AM »
ccp, I understood that from the rest of your comments.

These academics like to make deep study on false assumptions.  If they think America is the problem, cf. Prof Obama, they really aren't paying attention.  They start with a (false) narrative / conclusion, then find the exception data to support it.

We could have just said, we need to do a lot more as a country on cybersecurity.  But no...

We spend too much on defense?  Right as China is passing us up in major categories and making offensive, militaristic moves?

"American taxpayer spent $620 billion on defence, $69 billion for ‘war-funding’ and $10billion on cybersecurity."

Interesting observation or warning, but does he really know for certain none of the mentioned defense spending goes to the 'protection of computer systems and networks'?  Part of what we do in defense isn't effective if you tell it to your enemy, so there are expenditures and capabilities I hope we are developing that we cannot disclose.

"America’s enemies are in no position to fight a hot war  – for the time being. They know that. In the meantime, President Trump has continually stepped up trade wars and financial sanctions that some countries are now finding too much and are soon to fight back. The cold war between China and America is just one. Russia, North Korea and Iran are obvious allies of China, so are a number of other countries across the Mid-East, Africa and Asia – weary of endless American intervention in their affairs."

Good grief.  On the first part, that is the exact "peace dividend" thinking Clinton, who he advised, used in the aftermath of the cold war to cut our intelligence around the globe, directly resulting in 9/11 and the massive spending that followed that he whines about now.

On the second part, they steal from us, we try to stop them, and WE are intervening in THEIR affairs?  How do I say nicely, what a dickhead.  He and his ilk are why we have Trump.  The 'intellectuals, the establishment, the  insiders... they didn't fail, they turned against us.

Coincidentally, it was the blame America, de-fund defense crowd that left us vulnerable and hacked in the last election.

Professor of Economics at New York University:  Oddly, the more time you spend in the upper levels of "higher education", the less able you are to see what is clearly in front of you.



Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 51412
    • View Profile
GPF: Iran vs. Israel Cyberwar
« Reply #573 on: May 19, 2020, 09:01:29 AM »
Israeli and Iranian cyberattacks. The Washington Post reports that Israel was responsible for a May 9 cyberattack on private operating systems in the Iranian port of Shahid Rajaee. The attack disrupted the port’s computer systems, leading to major backups on waterways and roads leading to it. The move was reportedly made in response to an Iranian cyberattack on water distribution systems in rural Israel in April. It’s a notable development because Israel and Iran tend to attack each other through proxy forces in Syria rather than directly.

The incident comes as Israel undertakes a security campaign that has led to the arrest of several Palestinians after they protested the Israeli government’s plans to annex large portions of the West Bank this summer. Iran's supreme leader has thrown fuel on the fire, taking to Twitter to encourage Palestinians to arm themselves and to criticize the Israel-backed U.S. peace plan that he says destroys Palestinian identity. Watch for more direct attacks, rhetorical or otherwise.

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 51412
    • View Profile

C-Kumu Dog

  • Power User
  • ***
  • Posts: 568
    • View Profile
Pro Publica: Law Enforcement Files Discredit Brian Kemp's Accusation ...
« Reply #575 on: June 02, 2020, 10:34:48 PM »
It's been while...... (since I've posted anything....)

This is from the SANS Newsletter found at:
https://www.sans.org/newsletters/newsbites/xxii/44

Lots of good stuff in there but this may be of more interest.

--Georgia (US) Bureau of Investigation Found No Evidence of Hacking in Voter Registration System

(May 29, 2020)

An investigation into allegations of hacking targeting the US state of Georgia's voter registration system found "no evidence of damage to (the Secretary of State's office) network or computers, and no evidence of theft, damage, or loss of data." The Georgia Bureau of Investigation recently released the case files from the closed investigation.


Read more in:

Pro Publica: Law Enforcement Files Discredit Brian Kemp's Accusation That Democrats Tried to Hack the Georgia Election

https://www.propublica.org/article/law-enforcement-files-discredit-brian-kemps-accusation-that-democrats-tried-to-hack-the-george-election

The Register: Remember when Republicans said Dems hacked voting systems to rig Georgia's election? There were no hacks

https://www.theregister.com/2020/05/29/georgia_voting_hacking/
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 568
    • View Profile
Open Letter Calls on Governments to Work Together ...
« Reply #576 on: June 02, 2020, 10:38:20 PM »
More cool info via the SANS newsletters

https://www.sans.org/newsletters/newsbites/xxii/43

--Open Letter Calls on Governments to Work Together to Stop Cyberattacks Targeting Healthcare Organizations

(May 25, 26, & 27, 2020)

In a joint statement, the International Committee of the Red Cross and the Cyber Peace Institute have called for governments to take steps to help prevent cyberattacks against healthcare organizations. The signatories of an open letter "call on the world's governments to take immediate and decisive action to stop all cyberattacks on hospitals, healthcare and medical research facilities, as well as on medical personnel and international public health organizations."


Read more in:

ICRC: Call to governments: Work together to stop cyber attacks on health care

https://www.icrc.org/en/document/governments-work-together-stop-cyber-attacks-health-care

Cyber Peace Institute: A Call to All Governments: Work Together Now to Stop Cyberattacks on the Healthcare Sector

https://cyberpeaceinstitute.org/campaign/call-for-government

The Register: If someone could stop hackers pwning medical systems right now, that would be cool, say Red Cross and friends

https://www.theregister.co.uk/2020/05/26/red_cross_coronavirus_hacking/

ZDNet: Cyberattacks against hospitals must stop, says Red Cross

https://www.zdnet.com/article/cyberattacks-against-hospitals-must-stop-says-red-cross/

SC Magazine: Execs, dignitaries call on nations to help end cyberattacks on health care orgs

https://www.scmagazine.com/home/government/execs-dignitaries-call-on-nations-to-help-end-cyberattacks-on-health-care-orgs/
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 568
    • View Profile
Re: Cyberwar, Cyber Crime, and American Freedom
« Reply #577 on: June 03, 2020, 12:09:31 PM »
Just in case yall are running blogs on WordPress.

Quote
Attacks on WordPress sites have soared in recent days to more than 30 times the normal volume. This week researchers from WordPress firewall provider Defiant reported observing attack attempts on more than 900,000 websites since April 28.

Read more @
https://www.darkreading.com/attacks-breaches/attacks-on-wordpress-sites-surge/d/d-id/1337755

Quote
Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data.

Read more @
https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 51412
    • View Profile
Stratfor: Trump's war against taxing tech goes global
« Reply #578 on: June 16, 2020, 08:38:16 PM »
Trump’s War Against Taxing Tech Goes Global
8 MINS READ
Jun 16, 2020 | 10:00 GMT
An image depicting the global economy.
An image depicting the global economy.

(Pushish Images/Shutterstock.com)
With international negotiations stalled, many governments are choosing to unilaterally implement digital services taxes (DSTs). The United States — which is home to the majority of tech giants that would be subject to such taxes, including Amazon, Apple and Google — is using the threat of tariffs to both limit the global expansion of DSTs and push international negotiations toward the proposed reforms it backs. But with so many countries against Washington's preferred outcome, which critics say would allow U.S. tech companies to opt out of tax obligations in international markets, the risk of negotiations failing to reach an agreement this year is high, as is the risk of the United States implementing tariffs on its growing number of trade partners implementing DSTs.

Washington vs. the World

On June 2, the administration of U.S. President Donald Trump announced it was launching investigations into the European Union and nine countries that have implemented or are considering implementing DSTs to determine whether or not they unfairly target U.S. tech companies.

The targeted countries include Austria, Brazil, the Czech Republic, India, Indonesia, Italy, Spain, Turkey and the United Kingdom.

The investigations will be conducted under Section 301 of the Trade Act of 1974, which gives the White House the ability to impose significant tariffs on imported goods (the tariffs deployed by the Trump administration in its trade war with China are also reliant on Section 301).

The U.S. investigations are open-ended and may take months to complete, but will almost certainly find that each national DST treats American tech companies unfairly. The vast majority of the DSTs that are being introduced only target internet and digital services companies with a large global and domestic revenue. France’s new DST, for example, only applies to companies that generate at least 750 million euro ($850 million) and 25 million euro ($28.3 million) a year in global revenue. Washington’s 2019 investigation into the French tax already found that it unfairly targeted the U.S. companies, noting that of 27 companies that would be subject to France’s DST, 17 were American while just one was French. Many of the other countries introducing DSTs are using revenue benchmarks similar to France, meaning their taxes will disproportionately target U.S. tech companies as well, and will thus similarly risk drawing Trump’s ire.


Over the last decade, however, most countries have realized that existing global norms around corporate taxes are inadequate in taxing the digital economy and allocating profits between different jurisdictions. Today's international tax system is rooted in policies established long before the existence of a "digital" economy. It focuses heavily on a company's physical presence in order to allocate profit margins between different jurisdictions for tax purposes. But while it works well for physical goods, this view is outdated for DST proponents because many digital companies create "value" from the data that they collect from their online user base. Thus, their user base itself plays a role in adding value to the corporation and therefore the jurisdiction(s) where the user base is located should have the ability to tax that the value added by their citizens.

The different views on how to tax tech companies have created a sharp divide between the United States — which is home to the majority of the world's tech giants — and the rest of the world. Amid the rising global political backlash against major tech companies due to issues such as privacy, it should be no surprise that most countries without large tech companies of their own have supported adopting a DST, as it increases their tax base. Equally, it should be no surprise that the United States has taken a more narrow view on the matter in an effort to protect both U.S. companies from unilateral taxes overseas, as well as the size of the U.S. government’s tax base through limiting foreign tax credits. After President Emmanual Macron signed France’s DST into law in 2019, U.S. President Donald Trump famously tweeted that, "France just put a digital tax on our great American technology companies” and that if “anybody taxes [those companies], it should be their home country, the [United States].”

Fighting Taxes With Tariffs

The United States hopes that the threat of tariffs will force countries to wait until international negotiations before moving forward with unilateral DSTs. France and other countries have all argued that their national DSTs are meant to be temporary and will be repealed as soon as an international agreement is reached. But the protracted negotiations to reach such an agreement means that these DSTs may remain in place for several years — thus resulting in higher taxes for U.S. companies in the meantime, as well as an inefficient system where U.S. companies are taxed multiple times for the same activities. The United States has also expressed concerns that these national digital taxes may still become permanent regardless of whether an international agreement is reached, since many countries’ DSTs lack sunset clauses that would allow them to expire.

The split between the United States and virtually every other country over how to tax the digital economy — and in particular, how to handle the allocation of profits — means reaching a new global consensus on the matter by the end of the year is highly unlikely. Negotiations are being led by the Group of 20 (G-20) and the Organization for Economic Cooperation and Development (OECD)’s 137-member Inclusive Framework on Base Erosion and Profit Shifting (BEPS). The Inclusive Framework aims to meet one final time in October before sending over a proposed framework for approval at this year’s G-20 leaders summit in November.

Countries with proposed or adopted digital services taxes could soon face U.S. tariffs, should the White House’s fight against taxing U.S. tech companies impede progress in international negotiations.

Current negotiations are centered around two pillars:

Pillar 1: A unified global approach on defining a global reallocation of digital profits and what types of activities are subject to such taxes.

Pillar 2: A global minimum tax for digital companies.

To protect U.S. companies from having their revenue disproportionately targeted, the United States has proposed that multinational companies opt-in, on a global basis, to be subject to Pillar 1. Opponents of Washington’s approach, however, have argued that if given the choice, most companies would simply avoid taxes. But to that end, the United States has argued that companies would still, in fact, opt-in to Pillar 1 because it gives them tax certainty as opposed to the uncertainty that the current system has created.

While the approval of both pillars is unlikely, it is entirely possible that the Inclusive Framework and the G-20 are able to make limited progress by the end of the year. Pillar 2 is far less controversial to the United States conceptually, as it is similar to tax reforms for global multinationals that the United States introduced in its 2017 tax reform to limit tax avoidance overseas. But international negotiations thus far have focused more on Pillar 1 and the proposals for Pillar 2 are less concrete. To ensure companies can continue to implement DSTs without prompting the United States to impose tariffs, the Inclusive Framework may back a narrow proposal for Pillar 1 that largely leaves the details unresolved and up for continued negotiations in order to have something G-20 members can sign in November. But countries will likely continue to move forward with unilateral DSTs, regardless of whether or not progress is made on Pillar 1 in the next six months. France, for example, has already announced that it will move forward with implementing its DST as planned at the end of 2020 if an international agreement is not reached.

The Battle Continues

If an international agreement over Pillar 1 is delayed and talks continue into 2021, and if Trump is re-elected in November, the United States will likely move forward with its threatened tariffs. Countries that agree to delay implementing their DSTs or the tax payments tech companies have to make beyond 2021 may be spared of the Trump administration’s economic wrath. But the willingness of countries to make such a compromise in order to avoid U.S. tariffs will likely vary.

If former Vice President and Democratic candidate Joe Biden wins the U.S. presidential election, it would reduce the immediate threat of tariffs, though the impasse in international negotiations would likely still continue. Trump would be far more willing to impose retaliatory tariffs against DSTs than Biden. Given his campaign pledge to reassert the United States’ status as the overseer of international order, Biden may also be more open to compromise. At the end of the day, however, a Biden administration would still steek to protect U.S. interests in international tax negotiations. But instead of deploying tariffs, he’s more likely to challenge national DSTs that have already been implemented through WTO and other dispute mechanisms.

C-Kumu Dog

  • Power User
  • ***
  • Posts: 568
    • View Profile
--Cybersecurity Bills Introduced in US Senate
« Reply #579 on: June 18, 2020, 11:42:45 AM »
Source: https://www.sans.org/newsletters/newsbites/xxii/48

--Cybersecurity Bills Introduced in US Senate

(June 15, 2020)

US Senator Gary D. Peters (D-Michigan) has introduced two bills aimed to improving the country's cyber security defenses. The Continuity of Economy Act would direct the White House to "develop a plan to ensure essential functions of the economy are able to continue operating in the event of a cyberattack." The bill grew out of a recommendation made by the Cyber Solarium Commission. The National Guard Cybersecurity Interoperability Act of 2020 would help ensure that the National Guard could provide remote cybersecurity support in the event of a cyber incident.


Read more in:

MeriTalk: Two Bills to Bolster Cyber Defenses Introduced in the Senate

https://www.meritalk.com/articles/two-bills-to-bolster-cyber-defenses-introduced-in-the-senate/

 
« Last Edit: June 18, 2020, 11:49:43 AM by C-Kumu Dog »
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 568
    • View Profile
--Senate Report: Chinese Telecoms Were Allowed to Operate in US ...
« Reply #580 on: June 18, 2020, 11:46:03 AM »
SOURCE: https://www.sans.org/newsletters/newsbites/xxii/47

--Senate Report: Chinese Telecoms Were Allowed to Operate in US with Minimal Oversight


(June 9, 2020)


A staff report from the US Senates Permanent Subcommittee on Investigations found that the Federal Communications Commission (FCC) and other US agencies failed to adequately oversee Chinese telecommunications companies operating in the US for more nearly 20 years. The report notes that the team of officials from the Departments of Justice, Homeland Security, and Defense who were supposed to monitor the Chinese-owned carriers had scant resources and no statutory authority.
[Editor Comments][Pescatore] Over this same time frame, back in 2003 British Telecom selected Huawei for the UK national network upgrade, and the British government dedicated resources to (and required Huawei to help fund) the Huawei Cyber Security Evaluation Centre to test all software and firmware from Huawei before allowing in on production systems. The UK has mitigated the risk successfully for 17 years with that supply chain security approach.Read more in:
Senate: Portman, Carper: Bipartisan Report Reveals How Three Chinese Government-Owned Telecoms Operated in the U.S. for Nearly 20 Years with Little-to-No Oversight from the Federal Government

https://www.hsgac.senate.gov/subcommittees/investigations/media/portman-carper-bipartisan-report-reveals-how-three-chinese-government-owned-telecoms-operated-in-the-us-for-nearly-20-years-with-little-to-no-oversight-from-the-federal-government

HSGAC: Threats to U.S. Networks: Oversight of Chinese Government-Owned Carriers (PDF)
https://www.hsgac.senate.gov/imo/media/doc/2020-06-09%20PSI%20Staff%20Report%20-%20Threats%20to%20U.S.%20Communications%20Networks.pdf

Ars Technica: FCC failed to monitor Chinese telecoms for almost 20 years: Senate report
https://arstechnica.com/tech-policy/2020/06/fcc-failed-to-monitor-chinese-telecoms-for-almost-20-years-senate-report/

Cyberscoop: Shoddy US government review of Chinese telcos endangered national security, Senate panel finds
https://www.cyberscoop.com/chinese-telecommunications-national-security-team-telecom-senate/

FNN: Investigation finds interagency group lacked authority to oversee Chinese telecom companies
https://federalnewsnetwork.com/technology-main/2020/06/investigation-finds-interagency-group-lacked-authority-to-oversee-chinese-telecom-companies/

GovInfosecurity: Senate Report: Chinese Telecoms Operated Without Oversight
https://www.govinfosecurity.com/senate-report-chinese-telecoms-operated-without-oversight-a-14409
« Last Edit: June 18, 2020, 11:48:04 AM by C-Kumu Dog »
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 568
    • View Profile
Researchers Find Serious Security Issues in OmniBallot Online Voting System
« Reply #581 on: June 18, 2020, 11:54:18 AM »
Source: https://www.sans.org/newsletters/newsbites/xxii/46

--Researchers Find Serious Security Issues in OmniBallot Online Voting System

(June 7 & 8, 2020)


Researchers from the Massachusetts Institute of Technology (MIT) and the University of Michigan have released a report detailing their findings about the security of the OmniBallot Internet voting and ballot delivery system. OnmiBallot, which is produced by Democracy Live, has been used in the past to let voters print ballots, complete them by hand, and return them by mail. For the 2020 election, the system will include online ballot return. The researchers, J. Alex Halderman and Michael Specter, write that the safest option is to avoid using OmniBallot. They note that OmniBallot is vulnerable to vote manipulation by malware on the voters device and by insiders or other attackers and that it appears not to have a privacy policy.
[Editor Comments][Pescatore] Two analogies here: (1) A few years ago, I had rotator cuff surgery and the morning of the operation the surgeon came to the prep room with a black marker and wrote This arm and his signature on my right arm; (2) I have never seen, and never want to see, a traffic light that is showing green in all four directions. Errors in presidential elections are pretty much up there with operations on the wrong body part or cars colliding at intersections. There needs to be both manual mechanisms and auditing and safety interlocks built-in to any software-based voting system, just as it is built into surgical procedures even though we have Electronic Health Records, and in traffic signal controller hardware even though we have online light control systems. Every state has rigorous control of traffic lights and there are national standards for them, as well. Since election systems are considered part of the critical national infrastructure, they should be treated just as rigorously.[Neely] If you must use OmniBallot, the most secure option for remote voting remains printing, hand marking, and then returning a paper ballot by mail. The electronic ballot return mechanisms dont include sufficient anti-tampering protections, and even when printing paper ballots, if youre using the application to mark your ballot, OmniBallot collects and sends privacy information from the voters for tabulation. As electronic voting continues to move forward, rigorous testing and validation of security is essential to election integrity and voter confidence.[Murray] There is a fundamental flaw in all such systems. If one makes the ballot unique, even though it would require collusion between the issuer and the counter of ballots, the voter cannot be sure that it cannot be identified with him.  Read more in:

Internet Policy: How to Protect Your Vote
https://internetpolicy.mit.edu/omniballot-advice/

Internet Policy: Security Analysis of the Democracy Live Online Voting System (PDF)
https://internetpolicy.mit.edu/wp-content/uploads/2020/06/OmniBallot.pdf

Statescoop: Researchers say OmniBallot online voting platform is vulnerable to manipulation
https://statescoop.com/researchers-say-omniballot-online-voting-platform-is-vulnerable-to-manipulation/

NYT: Amid Pandemic and Upheaval, New Cyberthreats to the Presidential Election
https://www.nytimes.com/2020/06/07/us/politics/remote-voting-hacking-coronavirus.html
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

G M

  • Power User
  • ***
  • Posts: 17941
    • View Profile

It's not a bug, it's a feature.


Source: https://www.sans.org/newsletters/newsbites/xxii/46

--Researchers Find Serious Security Issues in OmniBallot Online Voting System

(June 7 & 8, 2020)


Researchers from the Massachusetts Institute of Technology (MIT) and the University of Michigan have released a report detailing their findings about the security of the OmniBallot Internet voting and ballot delivery system. OnmiBallot, which is produced by Democracy Live, has been used in the past to let voters print ballots, complete them by hand, and return them by mail. For the 2020 election, the system will include online ballot return. The researchers, J. Alex Halderman and Michael Specter, write that the safest option is to avoid using OmniBallot. They note that OmniBallot is vulnerable to vote manipulation by malware on the voters device and by insiders or other attackers and that it appears not to have a privacy policy.
[Editor Comments][Pescatore] Two analogies here: (1) A few years ago, I had rotator cuff surgery and the morning of the operation the surgeon came to the prep room with a black marker and wrote This arm and his signature on my right arm; (2) I have never seen, and never want to see, a traffic light that is showing green in all four directions. Errors in presidential elections are pretty much up there with operations on the wrong body part or cars colliding at intersections. There needs to be both manual mechanisms and auditing and safety interlocks built-in to any software-based voting system, just as it is built into surgical procedures even though we have Electronic Health Records, and in traffic signal controller hardware even though we have online light control systems. Every state has rigorous control of traffic lights and there are national standards for them, as well. Since election systems are considered part of the critical national infrastructure, they should be treated just as rigorously.[Neely] If you must use OmniBallot, the most secure option for remote voting remains printing, hand marking, and then returning a paper ballot by mail. The electronic ballot return mechanisms dont include sufficient anti-tampering protections, and even when printing paper ballots, if youre using the application to mark your ballot, OmniBallot collects and sends privacy information from the voters for tabulation. As electronic voting continues to move forward, rigorous testing and validation of security is essential to election integrity and voter confidence.[Murray] There is a fundamental flaw in all such systems. If one makes the ballot unique, even though it would require collusion between the issuer and the counter of ballots, the voter cannot be sure that it cannot be identified with him.  Read more in:

Internet Policy: How to Protect Your Vote
https://internetpolicy.mit.edu/omniballot-advice/

Internet Policy: Security Analysis of the Democracy Live Online Voting System (PDF)
https://internetpolicy.mit.edu/wp-content/uploads/2020/06/OmniBallot.pdf

Statescoop: Researchers say OmniBallot online voting platform is vulnerable to manipulation
https://statescoop.com/researchers-say-omniballot-online-voting-platform-is-vulnerable-to-manipulation/

NYT: Amid Pandemic and Upheaval, New Cyberthreats to the Presidential Election
https://www.nytimes.com/2020/06/07/us/politics/remote-voting-hacking-coronavirus.html