The New York Times states that a ban on TikTok won’t make us more secure

How Many Americans Do You Think You Know? The Case of the TikTok, Microsoft, Microsoft Exchange Server and the Encyclopedia

TikTok has become a dominant force in pop culture in recent years, which has prompted growing concerns from government officials over its Chinese ownership.

The article, posted earlier on Thursday, said that ByteDance’s Internal Audit team — usually tasked with keeping an eye on those who currently work for the company or who have worked for the company in the past — planned on surveilling at least two Americans who “had never had an employment relationship with the company.” The report was based on materials it reviewed but didn’t include details of who would be tracked and why, which Forbes claimed might put its sources at risk.

As Russia’s war in Ukraine drags on, Ukrainian forces have proved resilient and mounted increasingly intense counterattacks on Kremlin forces. But as the conflict evolves, it is entering an ominous phase of drone warfare. Russia has begun launching a series of recent attacks using Iranian “suicide drones” to inflict damage that is difficult to defend against. NATO officials are watching closely for any signs that Russia is ready to use a nuke, and with Russian president Putin threatening to use a nuke, we look at what indicators are available to the global community.

Meanwhile, an unrelenting string of deeply problematic vulnerabilities in Microsoft’s Exchange Server on-premises email hosting service has left researchers to raise the alarm that the platform isn’t getting the development resources it needs anymore, and customers should seriously consider migrating to cloud email hosting. According to the new research, the custodians of the encyclopedia ferret out state-sponsored misinformation in their entries.

If you’re worried about the ongoing threat of ransomware attacks around the world, researchers pointed out this week that middle-of-the-pack groups like the notorious gang Vice Society are maximizing profits and minimizing their exposure by investing very little in technical innovation. Instead, they simply run the most sparse and unremarkable operations they can to target under-funded sectors like health care and education. We have a guide to get rid of passwords and set up “passkeys” on the internet if you are looking to protect yourself.

More on Cloud Misconfigurations: a Security Roundup for Microsoft (NYSE: TOKTONDANCE-americans). Rejoinder

But wait, there’s more! We highlight the news we did not cover in-depth. The full stories can be found below. Stay safe out there.

Microsoft said this week that some of its prospective customers’ data was exposed by a misconfiguration. The company quickly closed the exposure after researchers from the threat intelligence firm revealed the leak to Microsoft. SOCRadar said in a report that the exposed information stretched back to as far as 2017 and up to August of this year. The researchers linked the data to more than 65,000 organizations from 111 countries. Microsoft said the exposed details included names, company names, phone numbers, email addresses, and files sent between potential customers and one of its authorized partners. Cloud misconfigurations are a longstanding security risk that have led to countless exposures and, sometimes, breaches.

Source: https://www.wired.com/story/tiktok-bytedance-americans-data-security-roundup/

The United States as an Energy Star for Digital Security: Cybersecurity Labels, Cyber-Security, and Community Surveillance

Cheap, undefended internet of things devices are to blame for the longstanding security dumpster fire which has afflicted homes and businesses around the world. But after years of problems, countries like Singapore and Germany have found that adding security labels to internet-connected video cameras, printers, toothbrushes, and more. The labels give consumers a better understanding of the protections built into different devices—and give manufacturers an incentive to improve their practices and get a gold seal. The United States took a move in this direction this week. The White House announced plans for a labeling scheme that would be a sort of EnergyStar for IoT digital security. The administration met with industry organizations and companies to discuss guidelines for labels. The National Security Council stated that a labeling program to secure such devices would give American consumers with the peace of mind that the technology being brought into their homes is safe.

Sources told The Washington Post this week that sensitive information related to Iran’s nuclear program and the United States’ own intelligence operations in China were included in documents seized by the FBI at former President Trump’s Mar-a-Lago estate. According to experts, unauthorized disclosures of specific information in the documents pose multiple risks. People aiding US intelligence efforts could be endangered, and collection methods could be compromised,” the Post wrote. The information could make other countries retaliate against the US.

Open internet proponents were relieved last month when an American candidate beat a Russian challenger in an election to run the International Telecommunications Union, an important international standards body tasked with cross-boundary communications. Meanwhile, though, we took a look at the fragility of the world’s internet infrastructure and the vulnerability of crucial undersea cables.

Researchers see evidence that the US’s new legal climate for abortion access is promoting a culture of community surveillance, a hallmark of authoritarian states in which neighbors and friends are encouraged to report possible wrongdoing. Soccer stadiums around the world are now being monitored more and more. There will be a lot of cameras in the eight stadiums that will be used during the World Cup in Qatar.

Breaking a Wall: The Power of Rust to Protect the Library and the National Security of the World from Spyware Attacks

The more secure, “memory safe” programming language Rust is making inroads across the tech industry, offering hope that a massive swath of common vulnerabilities could eventually be preempted and eliminated. We have a list of the most important vulnerabilities that you can patch right now.

Liz is having a hard time. The Mail on Sunday has reported that when she was foreign minister, agents working for Russia hacked into her cell phone. The Russians were able to intercept messages between Truss and officials in other countries. The Mail report says that Boris Johnson and Simon Case suppressed the breach when he was prime minister. Labor Party officials are calling for an investigation into their Conservative opponents. “There are immensely important national security issues raised by an attack like this by a hostile state which will have been taken extremely seriously by our intelligence and security agencies,” Labor Party shadow home secretary Yvette Cooper said last weekend. There are many security questions around how this information ended up in the hands of other people and why, which must be thoroughly investigated.

Source: https://www.wired.com/story/tiktok-eu-privacy-policy-security-roundup/

The Cash App is Fueling Sex Trafficking in the United States, and Its Impact on the National Center for Missing and Exploited Children

Another of Jack Dorsey’s corporate creations is facing new heat this week. According to a Forbes investigation the Cash App is helping to fuel sex trafficking in the US. There was an investigation and it found rampant use of the Cash App in sex slavery and other crimes. The company is owned by Block Inc., and it maintains that it doesn’t tolerate illegal activity on the Cash App. Meanwhile, the National Center for Missing and Exploited Children says that although rival payment platforms like PayPal provide the the center with tips about potential child abuse facilitated by their services, Forbes writes, “Block hasn’t provided any tips, ever.”

The US Treasury Department said that US financial institutions contributed over $1 billion to the cause in just the past two years. The report landed amid an international White House summit aiming to combat the rise of ransomware, a type of malware that allows attackers to encrypt a target’s files and hold them for ransom until the victim pays. The acting director of the Treasury Department’s Financial Crimes Enforcement Network said that cyberattacks are a serious threat to the national and economic security. While $1.2 billion in payments is already painful enough, the number does not take into account the costs and other financial consequences that come with a ransomware attack outside of the payment itself.

The announcement comes weeks after Republicans officially took over as the majority party in the House. They wasted little time increasing their scrutiny of the Chinese-owned app that has over 80 million monthly active users in the US.

The proposed legislation would prohibit transactions in the United States by social media companies with at least one million monthly users that are located in or under the influence of countries that are considered foreign adversaries, including China, Russia, Iran and North Korea.

“South Dakota will have no part in the intelligence-gathering operations of nations who hate us,” South Dakota Gov. Kristi Noem said in a news release at the end of November that kicked off the recent wave of bans. “The Chinese Communist Party uses information that it gathers on TikTok to manipulate the American people, and they gather data off the devices that access the platform,” she continued.

The app is still operational in the US, but a deal has not yet been reached. Last month, The Wall Street Journal reported that talks between the two parties had stalled, delaying any expected deal.

Public Awareness and Social Security: The U.S. TikTok Problem Revealed During the 2018-2019 Sesame Day

McQuaide said they would continue to brief members of Congress on the plans that were developed under oversight of the country’s top national security agencies.

The article was first published in theReliable Sources newsletter. Sign up for the daily digest chronicling the evolving media landscape here.

But its widespread usage across the U.S. is alarming government officials. In November, FBI Director Christopher Wray raised eyebrows after he told lawmakers that the app could be used to control users’ devices.

The Senate-passed bill would provide exceptions for “law enforcement activities, national security interests and activities, and security researchers.”

TikTok is used by 100 million monthly active users in the US alone, but it has been hampered by concerns about data security, since it is able to create instant viral hits.

The administration’s contradictory approach to TikTok — its embrace of the app as a vital conduit to the public, and its fear of the app as a potential tool of foreign influence — is perhaps a fitting response to the utterly unique problem that TikTok poses. TikTok has remake American culture from low to high, from media and music to meme and celebrity, in its own image. Colleen Hoover’s book, TikTok, made her the number one best-sellers this year, with more copies sold than the Bible. TikTok coined “quiet quitting,” one of the hallmark phrases of 2022, and introduced a whole new dialect of algospeak — “seggs,” “unalive,” “le dollar bean” — that is now spreading across pop culture. Corporations and brands have utilized the platform in order to advertise billions of dollars of their products in order to turn decades-old products into must-have items. Last year, TikTok had more site visits than Google, and more watch minutes in the United States than YouTube. Nine years took Facebook to reach a billion users, while five took TikTok.

How Does Beijing Operate in the United States? The Security Impact of TikTok and CFIUS on the Chairman Rodgers’s Report

While the company denies it would ever be used for nefarious purposes, national security experts say China-based businesses usually have to give unfettered access to the authoritarian regime if information is ever sought.

So the ban on federal government devices is an incremental restriction: Most drastic measures have not advanced, since the efforts lacked the political will, or courts intervened to stop them.

“I think some concern about TikTok is warranted,” said Julian McAuley, a professor of computer science at the University of California San Diego, who noted that the main difference between TikTok and other social media apps is that TikTok is much more driven by user-specific recommendations.

“While ByteDance claims that it maintains its operations in the United States separately, there is no easy way to determine the extent to which that claim is true,” said Sameer Patil, a professor at the University of Utah who studies user privacy online.

“While social media companies are certainly harvesting all kinds of data about users, I think it’s usually overblown to what extent they ‘know’ about users on an individual level,” he said.

Responding to Chair Rodgers’s security claims, Oberwetter said Monday, “The Chinese Communist Party has neither direct nor indirect control of ByteDance or TikTok. Moreover, under the proposal we have devised with our country’s top national security agencies through CFIUS, that kind of data sharing—or any other form of foreign influence over the TikTok platform in the United States—would not be possible.”

Another possible resolution is that the committee is satisfied with the steps TikTok has taken to ensure there is a firewall between U.S. user data and ByteDance employees in Beijing and the Chinese government.

The secretive deliberations of CFIUS happen behind closed doors. It is not clear when the committee might finish its investigation, nor is it known which way it is leaning.

On the U.S. and Chinese-style Human Rights Violations: Commentary on an Israeli TV App on Xinjiang

The company has also been accused of censoring content that is politically sensitive to the Chinese government, including banning some accounts that posted about China’s mass detention camps in its western region of Xinjiang. The US State Department has estimated that more than one million Uyghurs and Muslim minorities have been held in these camps.

Security experts say that the data could allow China to find opportunities to influence Americans.

Beckerman said that there are many human rights violations in China and around the world. These are important, that’s for sure. I’m not here to be the expert on human rights violations around the world.”

It can take less than three minutes for someone to sign up for an account on TikTok and the Center for Countering Digital Hate found it can take more than five minutes for someone to find eating disorder content.

Some American parents are worried that the Chinese government may be trying to destroy our kids from within, but Beckerman doesn’t think so. The app has parental controls, but Beckerman called Tapper’s argument hypocritical.

They are suggesting that we apply Chinese-style media rules to the US because of complaints about employees in China and acts from China. “We have freedom of speech, among other things here in the United States.”

Why Should We Have a Ban on the TikTok App? Some Remarks on the U.S. Citizens’ Privacy and Security Concerns

All state devices have been banned in Nebraska since 2020. So has the Florida Department of Financial Services. Both Louisiana and West Virginia said they had partial bans.

China has a National Intelligence Law, which requires Chinese companies to give any customer information relevant to China’s national security. TikTok has an enormous amount of user information compared to other popular social media apps. There is no proof that ByteDance has turned over this information to the Chinese government. ByteDance fired some people from China and the U.S. for snooping on Americans, including journalists, in an episode that showed the possibility of future government interference.

China has banned the internet from this newspaper when it comes to its own citizens. We should be aware of the symbolic value of asymmetry, which is that America wins when it can show the world that it is open and democratic. Not surprisingly, banning TikTok on the grounds that it’s a threat to our security won’t be seen by other nations as much different from the People’s Republic of China’s actions to protect itself. It’s also not certain that the federal government can, under the First Amendment, simply prohibit access to a significant communications platform or that it can control online content so as to preclude disinformation. There is a political question about whether American fans of TikTok will allow it to be taken away.

It makes sense for the U.S. soldiers to be told not to use the app because it might give them location information to other entities. “This is also true of the weatherapp and many other apps in your phone, whether they’re owned by China or not.”

If a ban on TikTok were implemented, we would be able to solve national security concerns about the app. The national security of our country may be at greater risk if a ban is put in place. It would sidestep a bigger problem, which is our nation’s failure to address the concerns over the large amount of personal data collected in our lives, especially when it could be used by foreign adversaries.

“The truth of the matter is, if the sophisticated Chinese intelligence sector wanted to gather information on particular state employees in the United States, it wouldn’t probably have to go through TikTok.”

“It’s always easy – and this happens across the world – to say that a foreign government is a threat, and ‘I’m protecting you from that foreign government,’ he says. I think we should be careful about how that is politicized in a way that far exceeds the actual threat to achieve political ends.

Towards a Better First Amendment: How Communications are Used in the U.S. and How to Protect Our Citizens’ Privacy (Extended Abstract)

Calo thinks that banning a communication platform will raise First Amendment concerns even if the ban was to go forward. Calo thinks the conversation could push policy in a positive direction.

“I think that we’re right in the United States to be finally thinking about the consequences of having so much commercial surveillance taking place of U.S. citizens and residents,” he said. “And we should do something to deal with it, but not in this ad hoc posturing way, but by passing comprehensive privacy rules or laws, which is something the Federal Trade Commission seems very interested in doing.”

Tech giants have often deployed their CEOs to Capitol Hill in order to argue about the threat of Chinese competition. They rely on the help of trade associations and advertising campaigns to fight legislative threats to their business.

Tech industry’s largest players have faced allegations recently. Big Tech has been found to be one of Washington’s biggest villains, including being knee-capping competitors, harming children and mental health, and spreading hate speech.

There is no evidence that that has actually happened. China’s national security laws make it a possibility and it fits in with a broader anti-China narrative about issues including trade, human rights and authoritarianism. The concern was renewed after a report suggested US user data had been repeatedly accessed by China-based employees. TikTok does not agree with the report.

Tech lobbying and the AICOA bill failed to bring Schumer a floor vote: The case against a tech-focused antitrust bill that would have forced the sharing of news content with platforms

“We think a lot of the concerns are maybe overblown,” Beckerman told CNN’s Jake Tapper on Tuesday, “but we do think these problems can be solved” through the ongoing government negotiations.

In 2019, ByteDance had 17 lobbyists and spent $270,000 on lobbying, according to public records gathered by the transparency group OpenSecrets. The company spent nearly $5 million on lobbying last year and its lobbyist count more than doubled.

Meta was the biggest internet industry lobbying giant last year, spending upward of $20 million. Next was Amazon at $19 million, then Google at almost $10 million. TikTok’s parent spent more on lobbying than that, which put them at number four on the list.

Supporters of the AICOA legislation called for Senate majority leader Chuck Schumer to bring it to a floor vote, even though they insisted the legislation had enough votes to pass. It never got the floor time its supporters wanted, despite intense tech lobbying and doubts about whether the bill had the votes. Similar to the other tech-focused antitrust bills, it would have forced Apple to let users download its apps from any website, not just its own app store.

A bill that would have forced platforms to pay for news organizations a bigger share of their ad revenues fell through this month. But the legislation stumbled after Meta warned it could have to drop news content from its platforms altogether if the bill passed.

Source: https://www.cnn.com/2022/12/22/tech/washington-tiktok-big-tech/index.html

Tech Law, Tech Innovation, and the Reionization of Silicon Valley: What Does the Tech Industry Have to Tell Us? A State-to-State Perspective

Time and again, Silicon Valley’s biggest players have maneuvered expertly in Washington, defending their turf from lawmakers keen to knock them down a peg.

Since the government may impose some rules on tech platforms, it has raised questions about how they might affect different parts of the economy.

In some cases, the changes to the tech industrys content moderation liability shield may raise First Amendment issues, or partisan divisions, if they are approved. Democrats have said Section 230 should be changed because it gives social media companies a pass to leave some hate speech and offensive content unaddressed, while Republicans have called for changes to the law so that platforms can be pressured to remove less content.

The cross-cutting politics and the technical challenges of regulating an entire sector of technology, not to mention the potential consequences for the economy of screwing it up, have combined to make it genuinely difficult for lawmakers to reach an accord.

It’s important to establish a Republican brand. The principle that makes Republicans unified is taking a strong stance and standing up to China according to a professor of political science at U.C. San Diego.

Teaching and research about social media has become more and more popular in higher education. The app is changing the nature of communication with its aesthetic, practices, stories and information-sharing.

From an educational standpoint, how are media and communications professors supposed to train students to be savvy content creators and consumers if we can’t teach a pillar of the modern media landscape? While students still have access to TikTok within the confines of their own homes, professors cannot show up in a classroom with Tik Tok links in their web browser. Brands, companies, and novel forms of storytelling all rely on TikTok, and professors will no longer be able to train their students in best practices for these purposes. Students can see what they learn in real time when they visit TikTok, which makes parts of the world accessible.

The world keeps turning, as these states implement their bans, leaving their citizens disadvantaged in a fast-paced media world. Additionally, media and communications students in the states will be at a disadvantage in applying for jobs, showcasing communicative and technical mastery, and brand and storytelling skills, as their peers from other states will be able to receive education and training.

Professors also must do research. Social media scholars in these states quite literally cannot do what they have been hired to do and be experts in if these bans persist. While university compliance offices have said the bans may only be on campus Wi-Fi and mobile data is still allowed, who will foot that bill for one to pay for a more expensive data plan on their phone? The answer is no one. While working at home does remain an option, professors are also employees who are expected to be on campus regularly to show they are in fact working. It is going to cost a social media professor a lot of money if they attempt to research TikTok on campus, either through paying for unlimited data or accidentally going over one’s limit.

With TikTok’s future still unknown, lawmakers have started pursuing their own solutions. Earlier this week, the House Energy and Commerce Committee announced that Chew would appear at a March hearing focused on US user safety and security.

According to reports, Sen. Mark Warner was considering offering a bill to ban the entire category of applications that could be used to apply other applications that pose security risks.

ByteDance, Inc., owners of the app, sued over the Trump administration’s order to ban the app and it never went through.

The letter was sent to the companies’ chief executives on Thursday, asking that they immediately remove TikTok from their app stores.

At a media briefing on Tuesday at its Los Angeles office, top TikTok officials described a data security plan, dubbed “Project Texas” because it relies on Austin-based software company Oracle.

Responding to Monday’s hearing announcement, TikTok spokesperson Brooke Oberwetter welcomed “the opportunity to set the record straight.” During the hearing on March 23, TikTok will discuss its comprehensive plans for user safety in the US.

How Chinese App Stores Have a Chance: How Trump’s Anti-Two Years of Data Laws Can Come to an End

Apple’s relationship with both the US and China has a lot to lose on it’s part. Much of Cook’s success at Apple can be attributed to his ability to maintain working relationships with the Chinese government and manufacturers.

Washington is expected to take action. Mira Rodriguez, a former deputy national security adviser in the White House, says that there will be limitations this year. “There is a unanimity of view that will lead to doing something.” Here is what it might look like.

India’s TikTok blockade is permeable. A few small ISPs permit access, according to NetBlocks. And Ram Sundara Raman, lead developer for the University of Michigan’s Censored Planet project, says he was able to watch videos during a visit to India using the app he had downloaded in the US. But the ban has forced many Indian users to turn toward rival services, including from Google and Facebook, and has caused turmoil for influencers who built businesses on TikTok.

Trump’s order would have immediately prohibited app stores from distributing TikTok, and nearly two months later would have barred cloud providers and internet infrastructure services from doing business with the company. People or companies caught dodging the order could have faced fines or prison sentences. “We wanted to start at the root, where it comes into the US, and extract it that way,” says Ivan Kanapathy, who was China director for Trump’s National Security Council and is now vice president at policy consultancy Beacon Global Strategies.

The company recently launched a full-fledged charm offensive that has included rapid-fire meetings in Washington with TikTok CEO Shou Zi Chew, new transparency tools on the app and a first-ever tour to members of the media of its corporate campus in the Los Angeles area.

“There’s a lot of performative action going on,” said Adam Segal, a Chinese technology policy expert at the Council on Foreign Relations. “It’s a desire to show toughness on China,” he said.

“But there’s also a lot of pent-up animosity toward social media broadly and its affect on children, U.S. democracy and misinformation, and it’s easier to take it out on Chinese-owned TikTok right now than it is, say, Facebook or Twitter,” Segal added.

At this point, all US user traffic is routed through oracle’s server, as well as the source code that determines how videos go viral, according to TikTok officials. Third party monitors will inspect TikTok’s data in case oracle misses anything.

TikTok officials said on Tuesday that theUSDS would hire 2500 people who had undergone high-level background checks similar to the ones used by the US government. None of the hires would be from China.

Still, aggregate data, like what kind of content is trending on the app or in what regions certain kind of videos are popular, can be analyzed by corporate employees in Beijing who would need to be granted special permission from the U.S. data security team.

What’s the stake in selling the TikTok system to the Chinese government, and how to keep it from being sold: A cybersecurity expert’s perspective

The plan addresses many of the major security concerns U.S. officials have, said Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies, but that is no guarantee it will be approved.

Lewis said that the Oracle plan would work. It’s pretty standard. TikTok has become so emotional, however, that a reasonable solution may not be enough.”

A sale would face significant challenges, starting with a steep price tag that few tech firms could afford. TikTok could be worth tens of billions of dollars. There are some legal challenges that will likely be triggered by a forced sale. On top of that, selling TikTok could constitute a violation of China’s export control laws, said Segal from the Council on Foreign Relations.

Segal agreed that it resolves the bulk of the data security concerns by allowing the inspection of its algorithm and transferring the user data from the US to oracle.

One of the first times that the company has given an official briefing on the plan is Tuesday, when a gathering was held to hear about Project Texas.

What Should We Do With The Data? Senator Bennet and sen. Mike Rounds Reveal TikTok’s Behaviour

On Tuesday, TikTok officials led journalists through its Transparency and Accountability Center, which felt something like an interactive public relations museum.

People were put into the position of a TikTok content editor, where they had to decide if a video violated the rules or not.

Visitors will be able to review TikTok’s whole source code in the server rooms if they sign non-disclosure agreements.

Tech journalist Casey Newton of the newsletter Platformer said the content moderation game brought home just how tricky it is for the thousands of people who have to make trade-offs every day on an endless flood of videos, but it was largely beside the point.

The plan details can be shared with the full Committee to get a more deliberative approach to the issues at hand.

If you are willing to fly a balloon over the continental airspace and people can see it, what should you not do with the data? Senate Intelligence Committee vice chair Marco Rubio wants to use an app that is on the phone of 60million Americans to influence political debate.

Senator Mike Rounds of South Dakota says that even the most minuscule, small items can add up to more data for the government. There is a huge amount of data, which will never be used, but it is the small pieces that add up. They are working it. They are patient. They see us as a threat, and they are collecting data.

“None of the suggested … efforts were particularly relevant to my concerns,” senator Michael Bennet, a Democrat of Colorado, told congressional reporters after hosting Chew in his office last week.

Previous post Dyson and Therabody are the best online sales at the moment
Next post There is a case for software criticism