September 30, 2022

ITU Plenipotentiary Conference

The International Telecommunication Union (ITU) is having its Plenipotentiary meeting in Bucharest. These four-year events are always redolent with claims that Russia and China will somehow use the ITU to “take over the internet” (despite the fact that the ITU has no power over Internet standards, routing or identifiers and all repressive Internet policies are developed and enforced at the national level, not by intergovernmental organizations). This year’s meeting was dominated by the election of a new Secretary-General, in which the U.S.-backed Doreen Bogdan-Martin  defeated the Russian candidate Rashid Ismailov, by a vote of 139 to 25. For useful live-tweeting of the Plenipot, follow @sgdickinson on Twitter.

US Congress Pressures NTIA on Whois/Privacy

Four U.S. Senators and House representatives urged the U.S. National Telecommunication and Information Administration (NTIA) to “immediately cease the public disclosure of personal information about users of .US, the United States’ country-code top-level domain.” NTIA, which is the policy maker for the .US top level domain, is being asked to reverse two decades of U.S. policy favoring indiscriminate disclosure of the name, address, email address and phone number of domain name registrants. The passage of GDPR made ICANN redact personal data in gTLD domain name registration records, but since the US domain is a country code and not in European jurisdiction, it has not complied with basic privacy and consent protections, instead bowing to trademark and law enforcement interests who want easy access to that data. The U.S. legislators – all Democrats – are trying to end that.

Texas Content Regulation Law Headed to Supreme Court

An appeals court upheld Texas’s HB20 law, an attempt to regulate the content moderation practices of social media companies. NetChoice, a trade organization representing companies affected by the bill, challenged the law on constitutional grounds, arguing that content moderation is a form of editorial discretion, hence the Texas law would interfere with free speech. That argument succeeded in killing a similar law passed in Florida, but the federal 5th Circuit Court of Appeals rejected it. Bizarrely, its opinion shows that the Judges do not grasp the distinction between state actors and private actors; it claims that platforms are engaged in “censorship” when they remove a user’s post for violating the platform’s content guidelines. That reasoning blatantly disregards established First Amendment law, notably Miami Herald v. Tornillo. It also clashes with the 11th Circuit decision on the Florida law. So this issue is definitely headed to the Supreme Court for resolution. The problem is that conservative Justices Thomas and Alito have already signaled their willingness to ignore free expression principles because they believe the platforms are biased against conservatives.

Pentagon Audits US Info Operations

The Pentagon has ordered a sweeping audit of how it conducts clandestine information warfare after US-based social media companies identified and took offline fake accounts suspected of being run by the U.S. military in violation of the platforms’ rules. The dilemmas of a liberal democracy engaging in IO while committed to free speech and to insulating its citizens from state propaganda were explored in a paper published by IGP partners Milton Mueller and Karl Grindal in the May 2022 issue of the journal Cyber Defense Review. They noted that legal authorities were changed during Trump’s Presidency to enable military IO with few checks. The chickens are now coming home to roost, as the US engages in the same kind of disinformation and misinformation its political leadership tells us is a major problem.

Spies like US

China’s National Computer Virus Emergency Response Center has announced reports developed by Chinese threat intel firm 360 [1,2] concerning a June 2022 intrusion into the network of Northwestern Polytechnical University, a key national public research university in China that specializes in aeronautical, astronautical and marine engineering. Citing collaboration with European and Southeast Asian partners and detailing capabilities, technical identifiers, operational missteps and data stolen, it attributes the intrusion to the NSA’s Tailored Access Operations unit, including 13 unnamed individuals. This isn’t the first time Chinese firms have leveled accusations at USG intelligence agencies, but previous attempts lacked sufficient details to be credible. This one appears to be different, showing all the sophistication of Western threat intel reporting. Whether or not the Chinese gov’t takes the next step and pursues the current gold standard in attribution by indicting the suspects remains to be seen.

Twitter’s Ex Security Chief Rakes Up National Security Concerns

Twitter’s former security boss, Peiter “Mudge” Zatko, testified before the Senate Judiciary Committee September 13, alleging that Twitter provided its employees’ extensive and unsupervised access to live systems and data, to the detriment of users’ privacy and national security. Access to Twitter data is especially valuable for governments seeking to identify and censor critical voices, or keep track of internal developments at the company. Zatko said the Indian government had managed to place an agent on the executive team, who tried to find out whether Twitter’s negotiations with the Indian government over censorship were favorable for the ruling party. Zatko emphasized that not only was the Twitter leadership knowingly facilitating foreign government access but it also lacked the incentives and the capacity to restrict such access. When Zatko approached an executive about the person he believed was an Indian agent working at the company, the executive told him “since there was already one suspected foreign agent at the company, what did it matter if there are more?”. The testimony has united lawmakers across party lines who are redoubling their efforts to regulate social media companies.