Cyber Week in Review: July 8, 2016

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. On the balance of probabilities, foreign actors probably read Hillary Clinton’s e-mail. In an unusual press conference, Federal Bureau of Investigation Director Jim Comey hinted that foreign actors probably had access to the former secretary of state’s e-mails. He said that despite "no direct evidence" that Clinton’s server was compromised, Clinton communicated with aides who had their commercial e-mail accounts compromised by "hostile actors" and routinely used her Blackberry in "the territory of sophisticated adversaries." Furthermore, the servers she used were not maintained by a full time security staff—her emails would have been better protected had they been hosted with Google’s Gmail. The FBI Director also took a shot at the State Department’s information security culture, saying it was lacking. That’s not entirely surprising given that Russia is suspected of having compromised State’s unclassified network since at least 2007. U.S. foreign policy boffins also have a reputation for lax handling of classified material according to Lawfare’s Susan Hennessey.

2. UN Human Rights Council tells countries to not shut off the internet. Last week, the United Human Rights Council adopted a resolution that "condemns unequivocally measures to prevent or disrupt access to or dissemination of information online in violation of international human rights law and calls on all states to refrain from such measures." TL;DR: states shouldn’t shut off internet access or censor information online. The new text builds on a previous resolution passed in 2012, which said that individuals have the same rights online as they do offline. China, Russia, and some Gulf states opposed the internet shutdown text, presumably because it did not explicitly outline that severing internet access should be permitted in certain circumstances such as protecting national security or public order. India, Indonesia, and South Africa raised some eyebrows by also opposing the new language on the same grounds as China et. al., a somewhat understandable position given their respective experience with communal violence. Longtime cyber watchers will recall that the United States very briefly flirted with the idea of an "internet kill switch" in the early years of the Obama administration.

3. News of hacker’s arrest sparks debate in China. In December 2015, a young security researcher named Yuan Wei discovered a vulnerability in the networks of online dating platform Jiayuan. The website fixed the problem, but then a few months later went to the police, claiming they had been hacked. A police investigation determined that Yuan was the culprit, and he was arrested in March 2016, news of which only broke this week. According to one Chinese lawyer, Yuan is not culpable if he did not damage or steal any data from Jiayuan’s computers. However, Yuan’s defenders argue that accessing data is often necessary to convince companies that the threat to their systems is real. The debate comes just as the Chinese legislature is reviewing a proposed cybersecurity law. While some Chinese experts claim the law will provide greater protections for white hat hackers like Yuan Wei, a straight reading of the current draft suggests that it would simply further criminalize hacking, even if done in the public interest.