Cyber Week in Review: July 24, 2015

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

• The Obama administration will not publically attribute the Office of Personnel Management hacks to China according to the Washington Post. Some pundits and Congressional republicans have been pressuring the White House to call out China for the incident like it did for the North Korean attacks against Sony. As reported elsewhere, the U.S. government wasn’t going to denounce China for two reasons. First, it would require the United States to divulge evidence linking China to the hack, revealing U.S. intelligence capabilities. Second, the U.S. government is trying to draw a distinction between acceptable espionage, like one state pilfering information from another, and unacceptable espionage, like the theft of intellectual property to benefit a country’s domestic industry. Denouncing China on what was essentially a state-on-state espionage incident would muddy U.S. attempts at making that distinction.

• Telecommunications providers are balking at proposed amendments to Australia’s Telecommunication Act that would require them to provide any information about their networks and suppliers to the Australian government. The amendments would also empower the Australian government to order telecommunications companies to take measures to protect their networks. According to an Australian government backgrounder, the proposed changes are required to protect Australia from "increasingly sophisticated national security risks" that can arise from supply chain vulnerabilities or outsourcing. Failure to comply with government requests for information or orders could result in up to $10 million in fines. Telecommunications companies argue the proposed measures amount to regulatory overreach, fail to clearly outline the threats the amendments are intended to mitigate, and lack measures to appeal government decisions. Australia famously barred Huawei from bidding to supply the country’s national broadband network, and the new rule can easily be interpreted as a way to keep Huawei and other untrusted telecommunications suppliers out of the country.

• The Department of Labor issued a policy guidance document urging companies to reevaluate the workplace protections availed to independent contractors that essentially operate as employees. The guidance comes a few weeks after a California court ruled last month that an Uber driver was an employee rather than an independent contractor, entitling her to a  minimum wage, overtime compensation, unemployment insurance and workers’ compensation. The ruling sparked a debate over the way in which individuals working for companies in the sharing economy, such as Uber, Lyft, TaskRabbit, and Instacart, ought to be treated.
• U.S. tech companies and security experts made a concerted effort to push back against the U.S. government’s proposed export restrictions on vulnerabilities and intrusion software. Tech giants like Google argue that the rules are “dangerously broad and vague” and that the provisions would hamper security research while also slowing the process whereby security researchers report vulnerabilities, bugs, and exploits. The company was joined by NGOs such as the Center for Democracy & Technology, Access, and the Electronic Frontier Foundation, who all argued that the rules pose significant threats to human rights. The U.S. government is proposing the rules to implement a 2013 decision by the Wassenaar Arrangement to limit the proliferation of software and tools that could be used for offensive cyber activity and espionage.