Cyber Week in Review: August 24, 2018

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. File under: "I'm not surprised in the slightest." The Australian government effectively banned Chinese telecom companies Huawei and ZTE from supplying equipment to develop the country's 5G wireless infrastructure. New legislation, which enters into force in September, requires Australian telecommunications carriers to protect their networks from national security threats, and notify the government of any changes to their equipment or services that could affect that obligation. In a joint statement, the ministers of communications and home affairs announced that "vendors who are likely to be subject to extrajudicial directions from a foreign government"—such as Huawei or ZTE, though unnamed in the statement—conflict with the new legislation. Having been banned from bidding on contracts for Australia's national broadband network in 2012, Huawei anticipated being shut out of the 5G rollout, and ran a public relations campaign hoping to stave it off. Beijing expressed concern with the decision, saying that it would harm relations between both countries, and urged Australia to "abandon ideological prejudices." 

2. They’re back at it. The Department of Justice is trying to force Facebook to decrypt voice calls on Messenger so that law enforcement can wiretap a suspect’s conversations. According to Reuters, the U.S. government put forward a motion in a federal court in California to hold Facebook in contempt for refusing to carry out the wiretap request. Facebook argues providing the government with access to the conversations is impossible given that they are encrypted end-to-end, and would need to rewrite Messenger's code to comply. The incident is similar to Apple-FBI fight over the San Bernardino phone in 2016, but differs in one critical respect. In this case, the government is relying on different legislation to compel disclosure, which according to Jennifer Stisa Granick limits the extent of technical assistance the government can require a company provide to activate a wiretap. According to the Verge, however, the government might have a more compelling argument, since it appears the Facebook could comply with the government’s request without a code rewrite.  

3. I need a dollar. Russia is considering legislation that would require foreign internet companies subsidize Russian telecom operators to assist them in complying with the country's data retention legislation, according to Reuters. Last year, a series of new anti-terrorism measures entered into force, one of which requires Russian internet service providers (ISPs) to retain all user data and traffic that passess accross their network for upwards of six months and make it available to Moscow upon request. Ever since, Russia's ISPs have complained about the compliance costs of the requirement—estimated at $1.8 billion in the first year, and expected to rise in subsequent years—which they are expected to shoulder. The new draft legislation would allow the ISPs to offload some of the cost to Facebook, Google, and others by asking them to pay for the costs of storing traffic from their services. 

4. Phishers gonna phish. Microsoft announced a phishing campaign aimed at Republican critics of President Donald J. Trump. The story grabbed headlines, but many cybersecurity experts were left scratching their heads at the extent of coverage the story got. "In short: spies are going to spy. That's true whether or not it's an election year," F-Secure security advisor Sean Sullivan said in a statement. Other experts also warned against reading too much into relatively routine cyberespionage. For its part, Motherboard was more cynical, arguing Microsoft was using the phishing campaign as a launching pad for its new account protection service for political parties and candidates this election season.

5. Player 2 has joined the game. Facebook announced that it had removed 652 pages from its platform as part of its effort to combat state-backed disinformation and influence campaigns. The social media giant said the pages targeted audiences in the United States, United Kingdom, the Middle East and Latin America posing as news sources peddling a mix of factual stories and conspiracy theories. Unlike previous takedowns that targeted the work of Russian state-sponsored actors, this one was novel in that some of the pages were controlled by actors in Iran and at least one was found to have links to PressTV, Tehran's equivalent of Moscow's RT network. FireEye, which worked with Facebook to identify the pages, said there was no coordination between the Iranian and Russian actors. Nevertheless, the incident shows that active measures and covert efforts to shape public perceptions are not limited to Russia.