Cyber Week in Review: June 24, 2022
Internal TikTok Meetings Show That U.S. User Data Has Been Repeatedly Accessed From China
Leaked recordings from more than eighty internal TikTok meetings reveal that China-based employees of the short video platform’s owner ByteDance have accessed nonpublic data about U.S. TikTok users on numerous occasions. According to fourteen statements from nine different TikTok employees, employees in China had access to this data at least from September 2021 to January 2022. Despite frequent reassurances from top executives that TikTok’s U.S.-based security team has sole control over access to this data, this leak describes situations where U.S. employees turned to their Chinese counterparts for clarity on where U.S. user data was going. In an effort to reassure U.S. regulators TikTok and Oracle were reportedly launching Project Texas, a program to store all U.S. user data in the United States. The revelations that employees outside the United States were accessing user data is sure to heighten U.S. government scrutiny.
China Wants to Increase Censorship on Social Media Platforms
Last week, the Cyberspace Administration of China (CAC) published a draft update on content moderation guidelines for social media platforms within the country. Under the new program, all online comments, including pictures and videos, will be reviewed by censors prior to being published. If passed, the bill would force Chinese platforms to drastically increase the number of employees overseeing content moderation, greatly increasing costs. In addition, the Chinese government intends to tighten censorship of commenters that “disturb the normal order and mislead public information” by requiring users to register social media accounts with their real IDs on platforms that track user’s IP addresses. The draft rules would further restrict the already limited space for discussion on the Chinese internet.
U.S. Law Against Forced Uyghur Labor Takes Effect
More on:
On Tuesday, the United States began enforcing the Uyghur Forced Labor Prevention Act (UFLPA), which requires companies operating in China’s Xinjiang region to provide evidence that their products are not made using slave labor. The rule is likely to pose problems for some U.S. companies, because of the complexity of their supply chains and reliance on factories in Xinjiang for materials and processing. Advocacy groups, including Human Rights Watch, applauded the move for its strong stand against force labor in Xinjiang. Chinese officials lashed out against the implementation, accusing the United States of disrupting the international trade order and of attempting to undermine China’s economic development.
Microsoft Stops Selling Emotion-Reading Tech to Limit Facial Recognition
Microsoft announced that it will stop selling technology that purports to analyze someone’s emotion based on facial images and that it will restrict access to other forms of facial recognition technology. The company said that since emotional expressions are not standardized and vary across use cases, regions, and demographics the company cannot determine whether emotion recognition systems are accurate or rooted in science. Current customers have a year before they lose access to the artificial intelligence tools that can infer emotion, gender, and age. The company also noted that customers must now obtain approval to use Microsoft facial recognition services which allow people to log onto websites or open locked doors with a face scan.
Cyberattack Delays Putin’s Forum Speech by One Hour
A distributed denial of service (DDoS) attack against the St. Petersburg International Economic Forum forced Russian president Vladimir Putin to delay his keynote address by over an hour, officials said. The networks were hit by the attack on Thursday, June 16, and appeared to disable internet access at the forum. The IT Army of Ukraine, a loose group of hacktivists coordinated by the Ukrainian government, claimed credit for the outage. The St. Petersburg International Economic Forum is typically a major gathering of international financiers, but nearly all western countries have refused to participate in this year’s edition, in light of the Russian invasion of Ukraine. The attack represents one of the most high profile attacks staged by the IT Army, which was first organized in February of this year, in the immediate aftermath of the Russian invasion of Ukraine. Research by Stefan Sosenato has raised questions about the impact of these attacks on the development of global cyber norms.
More on: