Pages

Search This Blog

Translate

Search Tool




Aug 13, 2020

Analysis | The Cybersecurity 202: The TikTok ban is just a proxy battle in the U.S.-China tech war


Joseph Marks


This administration appears to be moving toward forcing a rupture between the U.S. and China, at least in the tech space," Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies and a former official at the State and Commerce departments, told me.
The conflict has been bubbling for years as U.S. national security officials increasingly worried that Chinese tech firms simply can’t be trusted not to steal trade secrets and intellectual property from U.S. companies and personal information from American citizens under orders from the Chinese Communist Party. The rupture, Lewis said, is “unavoidable….given the scale of Chinese espionage.”
Officials also warn that the open doors the United States offers to Chinese companies haven’t been reciprocated in China, where U.S. tech firms are often shut out — especially if they won’t abide by Beijing’s requirements to share their source code or censor Web content. With the relationship between Washington and Beijing even more deeply damaged due to China’s early handling of the coronavirus pandemic, the Trump administration seems poised to escalate.
One potential outcome if the split continues: A world in which Chinese technology reigns in Asian and African nations that have strong ties to Beijing but is largely blocked in the West. 
“This is a conflict of two different visions of the world,” Jeff Moss, founder of the Black Hat and Def Con cybersecurity conferences told me on an episode of C-SPAN’s “Communicators” show that will air next week.
“There’s going to be ultimately, I believe, two spheres,” Moss said, “the rule of law, data protection Internet world and the ‘We don’t know why we were taken [offline], these are the banned words, don’t use them’ online world.”

TikTok is the lone major social media company owned outside the U.S. – and in a non-democracy to boot.

TikTok denies sharing any customer data with Beijing and has said its data and security practices are in line with other social media companies, but experts say it likely would be under scrutiny regardless. “If Russia had a big popular app that happened to be used in America we’d be having a similar discussion,” Robert Chesney, a former Justice Department official and University of Texas law professor, told me.
A change in administration won't necessarily change the track. Former vice president Joe Biden, the presumptive Democratic presidential nominee, has been highly critical of China as have Democratic leaders including Senate Minority Leader Charles Schumer (D-N.Y.).
By then, the TikTok ban, which Trump instituted by executive order, will have either taken effect or been challenged in court. That’s unless TikTok’s Chinese owner ByteDance manages to sell the app to a U.S. firm by Sept. 20. Microsoft is the leading contender.
The ban would also apply to the social app WeChat, which is widely used in China and by Chinese Americans to keep in contact with relatives back home.
Although there’s no smoking-gun evidence that the Chinese government has used TikTok to spy on Americans, there is substantial evidence that WeChat helps conduct surveillance on users outside China’s borders, according to research by the University of Toronto Group Citizen Lab. But WeChat is also so integral to Chinese communications that there’s no real option to keep it alive in the United States by selling some portion of it to a U.S. company.

There's a tit-for-tat element too because Facebook, Twitter and Google are all unavailable in China. 

“Yes, America’s taking action against TikTok, but this has never really been a level playing field in terms of access for one another’s companies,” Chesney told me.

Huawei is another prime battle in the U.S.-China tech war. 

In that case, U.S. officials launched a global pressure campaign urging allies to ban Huawei from their 5G networks after they essentially realized too late that the Chinese telecommunications company had a leg up on its European competitors to build next-generation 5G wireless networks that would span the globe.
They feared that would effectively allow Beijing to vacuum up troves of information to give Chinese companies a competitive advantage, slow down U.S. communications during vital moments or even sabotage Internet-dependent technology such as medical devices or connected cars. Huawei has steadfastly denied that it would aid Chinese spying.
TikTok doesn’t have near Huawei’s power. But it creates concerns of its own, especially as China, Iran and other nations are increasingly following Russia’s lead in using phony accounts on social media to surreptitiously promote their vision of the world and stoke conflict in the United States.
“The power of social media to shape the perspectives of the country and the idea that power is in the hands of a company beholden to the Chinese Communist Party gave everyone pause,” Stewart Baker, a former general counsel at the National Security Agency and top policy official at the Department of Homeland Security, told me. “TikTok became a trial case for how we feel about China succeeding in our social media environment, and nobody was comfortable with that.”

Apps probably are just the beginning. 

Secretary of State Mike Pompeo released a plan this month dubbed the “Clean Network” that lists five main areas where the administration wants to block out any connection to China. In addition to telecommunications networks and mobile apps, the list includes computer cloud services, and undersea cables that carry Web data between nations.
The plan also urges U.S. companies to remove their apps from Chinese app stores.
“Building a clean fortress around our citizens’ data will ensure all of our nations’ security,” the plan states.

Some experts say the bans would be counterproductive to U.S. technology goals. 

Josephine Wolff, an assistant professor of cybersecurity policy at Tufts University, called the TikTok and WeChat bans “deeply misguided and unproductive” in a New York Times op ed. The United States could protect its data much better by improving cybersecurity protections of U.S. companies than by banning Chinese ones, she argued.
Indeed, Chinese hackers have been accused of stealing reams of sensitive data, including from U.S. government agencies, without the help of companies, she notes.
The president’s executive orders are not about cybersecurity — they are a retaliatory jab in the ongoing tensions between China and the United States,” Wolff writes. “In fact, the ban’s greatest impact will probably not be on the bottom lines of TikTok and WeChat’s parent companies, but instead on promoting a fundamentally Chinese view of internet security.”
Times Wang, a human rights litigator, and Yang Jianli, a former Chinese political prisoner argued in a separate Times op ed that the WeChat ban will make it harder to get out information about Chinese government misdeeds and “threatens to bring the United States down to China’s level when it comes to free expression.”

Even some proponents of breaking ties with China warn there will be negative consequences. 

To begin with, China probably will strike back by punishing U.S. companies. In the longer term, U.S. and Chinese tech firms are less likely to have to adapt if they don’t face competition from one another, which could make the global technology sector less vibrant and innovative.
“China’s doing some remarkable research and development that’s similar to what Silicon Valley is doing and we’ll lose touch with that. Both sides are likely to be slower and less effective in their R&D,” Baker said.
And innovation may be harmed generally because the markets where any company can sell its products will be smaller.
But those consequences may be unavoidable if the United States wants to ensure that technology within the Western world remains as free as possible of Chinese influence.
“The fact that China loses doesn’t mean that America wins,” Lewis said. “A world where no one wins is the most likely outcome.”

The keys



Social media companies are touting their efforts to address voting misinformation ahead of the conventions.

Twitter will broaden its policies to limit misleading statements about voting by mail. So far the platform has cracked down on a case by case basis, leaving some misleading Trump tweets slammed by voting rights advocates untouched. An expansion of the policy could have big implications for Trump's tweets and his relationship with Silicon Valley.
Here's what other platforms have planned:
  • Facebook said it would start labeling posts about voting from any user with a link to its new voting information center. The center is designed to correct misinformation about voting and post relevant announcements about mail-in ballots, registration deadlines and other election issues. 
  • Google launched two search features that will allow voters to find information about how to register and vote based on their search location. 
  • YouTube will begin surfacing information panels when users search for 2020 congressional or presidential candidates. It will also provide fact-check panels on other election-related searches.

A Twitter user posed as a WHO official to spread racist lies about the United States' coronavirus testing.

The verified account, which posed as Dr. Jaouad Mahjour, assistant director-general of the World Health Organization, claimed the Trump administration wanted to test a vaccine on Black Americans without their consent. Twitter has since removed the account, Shannon Vavra at CyberScoop reports.
The disinformation scheme, first reported by the Daily Beast, also included tweets that implied the United States had lobbied the WHO to try vaccines on immigrants and prisoners.
The activity resembles the work of a network of Iranian disinformation actors who have previously posed as legitimate news outlets and public figures to spread fake news. The Defense Department has accused Iran as well as Russia and China of spreading coronavirus misinformation.

Israel says it stopped a cyberattack on its defense industry by hackers with ties to North Korea. 

The hackers posed as employers offering defense workers jobs, Rami Ayyub at Reuters reports. The group used LinkedIn to try to gather sensitive information from the defense workers that they later used to launch hacks against their companies’ websites. 
Israel’s Defense Ministry did not name the firms or when the incidents took place but said the attacks were stopped before they could disrupt networks. The ministry also did not name the foreign country backing the hacking group, known as Lazarus. But U.S. officials have tied the group to North Korea's intelligence bureau.

Securing the ballot



Facebook, Google, Twitter and Microsoft will partner with the government  to combat election interference. 

Other members of the group include Pinterest, Reddit, LinkedIn and the Wikimedia Foundation, Mike Isaac and Kate Conger at the New York Times report. Informal discussions between major tech companies and government agencies have been going on since U.S. intelligence reports revealed online interference played a part in the 2016 election. But this is the first time the tech industry has created a formal working group on the issue.
Government participants include the FBI, DHS and the Office of the Director of National Intelligence.
“We discussed preparations for the upcoming conventions and scenario planning related to election results,” the coalition's spokesman said of the first formal meeting. “We will continue to stay vigilant on these issues and meet regularly ahead of the November election.”
More election news:

Cyber insecurity



Hackers could have used vulnerabilities in Alexa to access private user data.

The vulnerability could have allowed hackers to swap out legitimate Alexa apps for malicious ones and to steal personal information such as users’ phone numbers and addresses and some information shared with their banks, researchers at Check Point found.
Amazon fixed the issues in June after researchers flagged them. (Amazon CEO Jeff Bezos owns The Washington Post.)

A leading institute for cybersecurity professionals was hacked. 

The breach compromised 28,000 records that included personal information such as addresses, Sean Lyngaas at CyberScoop reports. The hackers got in with a phishing email. SANS stopped the breach on Aug. 6.
The institute is still investigating the scope of the breach and who might be behind it. SANS works with more than 165,000 cybersecurity professionals around the world, making it one of the largest such organizations.
More news about hacks and bugs:

Chat room


Motherboard reporter Joseph Cox has a play-by-play behind his latest story on Russian SIM cards that can make a phone seem like it's calling from any location:

Daybook


  • The Democratic National Convention will take place Monday through Thursday.
You can suggest events for the Daybook by emailing tonya.riley@washpost.com.

Secure log off


Some comedy history behind the Democratic VP pick:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.