US Executive Orders would ban WeChat and TikTok by late September.Texts announcing Rewards for Justice reach Russia, Iran.Industry sources express reservations about the US Clean Network program.US Executive Orders target TikTok and WeChat.
US President Trump yesterday issued two Executive Orders that impose new limitations on Chinese-owned social media apps TikTok and WeChat .WeChat is a subsidiary of Tencent, TikTok of ByteDance, and both parent companies are mentioned in the Orders.
The Wall Street Journal summarizes the effect of the orders as prohibiting anyone in the United States or subject to US jurisdiction from conducting “transactions” with the owners of the two services.
The ban will become effective forty-five days from the date of the Executive Orders, which, unless we’ve miscounted, puts the deadline on September 20th.This could prevent US citizens from downloading the apps from such sources as Google Play or the Apple store.It also puts a deadline on Microsoft’s possible acquisition of TikTok.
Both Executive Orders stated, as an official finding, that “additional steps must be taken to deal with the national emergency with respect to the information and communications technology and services supply chain declared in Executive Order 13873 of May 15, 2019 (Securing the Information and Communications Technology and Services Supply Chain).” Both of the apps represent a threat because they automatically capture “vast” amounts of information from their users, and the data they collect are in principle accessible to the Chinese Communist Party and Chinese government intelligence services.
The social platforms, the Orders say, actively censor domestic dissent in China, and the Order pertaining to TikTok finds that the platform has been active in spreading COVID-19 disinformation on behalf of the Chinese government.The Order affecting WeChat, in an aside, cites restrictions India and Australia have placed on the app as an indication that the US isn’t alone in seeing a problem with Chinese data collection practices.
The Secretary of Commerce will be in charge of implementation and enforcement.
TikTok, which has moved data formerly held in US servers to servers in Ireland, objected to the Executive Order in a strongly worded statement it issued this morning.The company sees what it views as a lack of due process as most objectionable.
“We are shocked by the recent Executive Order, which was issued without any due process,” the company said.“For nearly a year, we have sought to engage with the US government in good faith to provide a constructive solution to the concerns that have been expressed.What we encountered instead was that the US Administration paid no attention to facts, dictated terms of an agreement without going through standard legal processes, and tried to insert itself into negotiations between private businesses.”
The statement also includes an explicit denial of the specific accusations in the Order: “We have made clear that TikTok has never shared user data with the Chinese government, nor censored content at its request.” Rewards for Justice reaches Russians and Iranians by text message?
The US State Department reward being offered for information concerning attempts to hack US elections has been communicated in some surprising places.Reuters reports that text messages communicating the offer and a link to Rewards for Justice have been turning up in Iranian and Russian devices.
Who sent the texts isn’t clear, but there’s speculation that the messaging was done on behalf of the US Government.
US Cyber Command referred Reuters to the State Department, and State had nothing to say, so the origin of the texts remains unclear.While there are certainly grounds for thinking that Russian and Iranian Internet users might well be in a position to have noticed people up to no good with respect to elections, texting them and offering a reward may, some observers told Reuters, expose the recipients of the texts to risk.
Neither Moscow nor Tehran are known for a light hand or a tolerant view of interference with security and intelligence services.
Commenting on the reward program itself, and its application to the prevention of election interference, Ilia Kolochenko, ImmuniWeb founder and CEO, gives the program high marks, but notes that its likely outcomes are unclear: “I think it’s a smart move but the outcomes are highly uncertain for the time being.Most of the cybercriminals implicated in grand hacking campaigns will likely keep silent fearing arrest and prosecution for their past sins when communicating their details for payment.Moreover, in light of uncertain and ambiguous conditions of the bounty payment by the government.From the current context, it’s also a bit unclear whether the $10 million is to be apportioned for all of the reports or if it’s a per payment cap.”We will likely get a considerable volume of “false positives” or even fraudulent reports aimed to extort money from the government or frame up a rival.In the future, however, bounty awards for information about cyber criminals may become a formidable weapon of law enforcement.Frequently, technical sophistication, the unpreparedness of victims and crypto-currencies make data breaches technically uninvestigable and provide virtual impunity to cybercriminals.The sole tenable way to identify them is to get a hint from an ex-accomplice or a rival cyber gang.
Thus, we may see a gradual growth of such bounty payments by governments in the near future as the last resort to curb the uncontrolled proliferation of cybercrime.” Reactions to the US Clean Network program.
This week’s announcement of the US Clean Network program’s five lines of effort has drawn adverse comment from the Internet Society, a not-for-profit organization that takes as its mission the promotion and “open development, evolution and use of the Internet for the benefit of all people throughout the world.” Their statement deplores the measure as an unwelcome step toward autarky in cyberspace: “We’re very disappointed; The United States, the country that funded the early development of the Internet, is now considering policies that would fracture it into pieces.This is part of a larger disturbing trend where governments directly interfere with the Internet, attempting to score short-term political points without regard to the long-term damage that results.”The Internet is a global network of networks, where networks interconnect on a voluntary basis with no central authority.It is this architecture that has made the Internet so successful.
Today’s announcement of the Clean Networks program challenges this architecture at its very core.The ‘Clean Carrier’ and ‘Clean Cable’ programs alone would force vast amounts of Internet traffic to route into third countries, extending the distances data must traverse, increasing the potential for surveillance and manipulation of Internet traffic, increasing the risk of Internet outages, and in general increasing costs to everyone on the Internet.
“Having a government dictate how networks interconnect according to political considerations rather than technical considerations, runs contrary to the very idea of the Internet.Such interventions will significantly impact the agility, resiliency and flexibility of the Internet.If this approach were to spread further, the ability of the Internet to bring the broader benefits of collaboration, global reach, and economic growth will be significantly threatened.Interventions like these only increase the global momentum towards a ‘Splinternet’ — a fractured network, rather than the Internet we have built over the last four decades and need now more than ever.”
McAfee Senior VP and CTO Steve Grobman was less condemnatory, and acknowledged the legitimacy of the concerns behind Clean Network, but he also saw problems with moving decisions he regards as properly belong to the private sector to the government: “U.S.government agencies must identify and make public potential risks in software, especially software that may be utilized by nation states for purposes beyond an application’s seemingly benign handling of sensitive or personal data.
However, rather than banning these software applications, the government should advise organizations and individuals on the security and privacy implications associated with the developer’s technology supply chain and data management policy.
The U.S.government needs the ability to restrict the use of potentially dangerous applications on government devices; however, private organizations and individuals should be the final deciders on which applications should be used.” Selected Reading
How the US Can Prevent the Next ‘Cyber 9/11’ (Wired) In an interview with WIRED, former national intelligence official Sue Gordon discusses Russian election interference and other digital threats to democracy.
Cyber strategy a missed local opportunity (InnovationAus) If anyone were waiting on the Australian Government Cyber Security Strategy 2020 to include a set of industry policies that would help grow the local cyber security sector, they will have been massively disappointed.
Trump Executive Orders Target TikTok, WeChat Apps (Wall Street Journal) President Trump issued a pair of executive orders imposing new limits on Chinese social-media apps TikTok and WeChat, escalating tensions with Beijing and effectively setting a 45-day deadline for an American company to purchase TikTok’s U.S.operations.
Trump issues executive orders banning U.S.transactions with WeChat and TikTok in 45 days (CNBC) The ban will take effect in 45 days and may attract retaliation from Beijing.
Executive Order on Addressing the Threat Posed by TikTok (The White House) By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic
Executive Order on Addressing the Threat Posed by WeChat (The White House) By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic
Statement on the US Administration’s Executive Order (Newsroom | TikTok) TikTok is a community full of creativity and passion, a home that brings joy to families and meaningful careers to creators.
And we are building this platform for the long term.TikTok will be here fo
China focus might distract the U.S.from the possibility of a Putin surprise in Belarus and beyond (Atlantic Council) COVID-19 has shown both the nature and relentlessness of the Chinese Communist Party’s to place itself at the center of global power and influence.
Trump advisers urge delisting of U.S.-listed Chinese firms that fail to meet audit standards (Reuters) Trump administration officials have urged the president to delist Chinese companies that trade on U.S.exchanges and fail to meet U.S.auditing requirements by January 2022, Securities and Exchange Commission and Treasury officials said on Thursday.
It looks like Trump is beating Huawei (Light Reading) Infinera’s outgoing CEO described the situation as a ‘once-in-a-lifetime opportunity’ for companies that compete against the Chinese vendor.
CISA Finalized Directive on Vulnerability Disclosure Policies, Congressman Says (Nextgov.com) The binding operational directive would create a legal path for ethical hackers to report website vulnerabilities to government agencies.
State Department Official Who Lobbied Against Huawei to Resign (Bloomberg) Rob Strayer also part of effort to out hackers or indict them.
He becomes latest in string of Trump cyber officials to leave.
US Air Force links cyber, intel with new contract office (C4ISRNET) The 16th Air Force has realigned the mission for one of its contracting offices to better integrate cyber and intelligence capabilities.
Air Force cyber security experts expect reorganizations to help improve information warfare and cyber ops (Military & Aerospace Electronics) Combat mission teams conduct cyber operations on behalf of combatant commands and cyber support teams, and support the combat mission team.
Top secret telework ‘is not a thing’ (FCW) The National Security Agency is expanding its use of Microsoft Office 365 to support unclassified telework Pro.
