Cyber Week in Review: September 22, 2017
from Net Politics and Digital and Cyberspace Policy Program
from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: September 22, 2017

An undated aerial handout photo shows the National Security Agency (NSA) headquarters building in Fort Meade, Maryland.
An undated aerial handout photo shows the National Security Agency (NSA) headquarters building in Fort Meade, Maryland. NSA Handout/Reuters

This week: Crypo researchers don't trust the NSA, Facebook ads under scrutiny, a new cybersecurity agency for Europe, and domain names caught in the crossfire of the Catalonian referendum.

September 19, 2017 11:10 am (EST)

An undated aerial handout photo shows the National Security Agency (NSA) headquarters building in Fort Meade, Maryland.
An undated aerial handout photo shows the National Security Agency (NSA) headquarters building in Fort Meade, Maryland. NSA Handout/Reuters
Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. I just can't trust you anymore. The National Security Agency (NSA) is withdrawing its bid to have two encryption specifications, known as Simon and Speck, approved by the International Organization of Standards. German, Japanese and Israeli cryptography experts examining the bid expressed concern that the NSA might have intentionally created a flaw in Simon and Speck's encryption algorithm that would allow the U.S. government to surreptitiously decipher communications. Some cryptographers are distrustful of the NSA's involvement in setting encryption standards since the disclosure of BULLRUN, an NSA program aimed at manipulating the standards process and advocating for technology it could penetrate. Similarly to Simon and Speck, the NSA forcefully advocated for the adoption of the Dual_EC_DRBG random number generator standard in 2006--despite concerns about possible flaws--and allegedly paid security company RSA $10 million to use it in its products. Once BULLRUN was made public, concerns over the flaws in Dual_EC_DRBG resurfaced and led many security experts to caution against its use.

More on:

Cybersecurity

Elections and Voting

2. Ads out of the bag. Mark Zuckerberg recently announced that Facebook will provide Congress with more than 3,000 Russia-linked ads to aide in the investigation of potential Kremlin interference. His announcement comes after the company’s recent admission that Russian groups bought nearly $150,000 worth of ads targeting U.S. voters that ran on the site in the months leading up to the election. Facebook previously disclosed the ads focused on polarizing political issues and originated from accounts associated with a Kremlin-linked troll farm, but attracted criticism in its initial reluctance to make the ads public. Facebook is not the only social media company taking heat. Twitter will appear in front of the Senate Select Committee on Intelligence next week about Russian bot accounts that may have propagated the spread of fake news stories on the platform. Although Facebook and Twitter undoubtedly played a part in shaping debate during the 2016 election, Oxford University's Jamie Collier and Monica Kaminska argue it's a mistake overemphasize Russia's ad spending and influence.

3. Europe could use some more cyber. The European Commission announced a series of proposals to improve the bloc's cybersecurity. Of note, Brussels wants to create an EU Cybersecurity Agency that would absorb the existing European Network and Information Security Agency (ENISA), assist member states in responding to cyber threats, and oversee the implementation of the EU Network and Information Security Directive. In addition, the Commission has suggested the creation of an EU-wide framework that would certify the cybersecurity of products and services, drawing a comparison to the EU's approach to food labeling. Last month, Annegret Bendiek argued in Net Politics that Europe's approach to cybersecurity was an alphabet soup of agency acronyms and competing mandates. The Commission's proposal seems to try to rectify that.

4. Crackdown on Catalonia. The upcoming referendum in Catalonia, deemed unconstitutional by Spanish authorities, is having ramifications online. This week, Spanish police raided the offices of PuntCat--the registry for .cat domain name, seized all of its computers and arrested the company’s head of IT, Pep Masolivier. The .cat domain name is intended to raise the online profile of the Catalan identity and develop online services for the Catalan-speaking population. A Spanish court recently ordered that PuntCat take down all .cat domain names being used to provide information about the referendum. PuntCat refused, and was raided to enforce the court order.

More on:

Cybersecurity

Elections and Voting

Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail
Close