Cyber wrap
Posted By
Zoe Hawkins
on December 21, 2016 @ 12:56
This week we continue our look back at some of the year’s biggest cyber stories in our final cyber wrap for 2016!
China finally
adopted its controversial new cybersecurity law on 7 November, much to the dismay of the international community. The law states that companies must provide
‘technical support’ and data access to the government on matters of crime and national security, the vague definition of which has led to concerns that encryption back doors will be demanded. Any data gathered by companies in China will now have to be stored in-country—a requirement known as
data-localisation—and companies will be subject to invasive security certification processes, which some believe could pose a
threat to intellectual property rights. Despite official denials from the Chinese Foreign Ministry, such concerns sparked an
outcry from the international business community and a petition to Premier Li Keqiang from more than 40 global business groups.
The legislation also requires
real-name registration for instant messaging services and criminalises online content that
undermines ‘national honour’ or subverts China’s sovereignty.
Online privacy advocates are worried that the law will further repress freedom of online expression in China, and lead to increasing self-censorship. The implementation rules are still to be formulated, and are expected to
come into force on 1 June 2017. Watch this space.
Privacy and data protection took a front seat in the European debate in 2016. The new US–EU data sharing agreement, Privacy Shield, was
agreed in June this year. The agreement regulates the transatlantic transfer of EU data by US companies,
in place of the ‘Safe Harbour’ model that was
struck down last October by the European Court of Justice. The scheme features ‘
a number of additional clarifications and improvements’ in response to concerns about US mass surveillance of European citizens. The new data transfer pact, designed by the US Department of Commerce and the European Commission, and which includes stronger restrictions was
brought into force on 12 July.
Europe’s data protection focus continued with string of crackdowns on various corporations. Microsoft received a
formal notice in July for collecting ‘excessive’ user data through Windows 10 and failing to comply with the French Data Protection Act. The Chair of the National Data Protection Commission, France’s privacy watchdog,
accused the company of continuing to transfer data to the US under the provisions of the old Safe Harbour agreement.
Privacy feathers were also ruffled in August when WhatsApp
announced a new information sharing deal with Facebook, involving the disclosure of user phone numbers. However, 28 European data collection authorities pushed back with an
open letter to WhatsApp’s CEO. This protest, along with investigations in the
UK, France and Italy prompted Facebook to
stop collecting WhatsApp user data from its European customers. Other companies, including
Google, also had run-ins with European privacy regulators this year, and the continent’s focus on data protection is likely to continue into 2017.
The rift between the US government and Apple over access to the iPhone used by Syed Farook, one of the
San Bernardino attackers, became the focal point of the encryption debate this year. US law enforcement's
push for Apple to build a back door into the smart phone was resisted and
described by Apple CEO Tim Cook as dangerous government ‘overreach’. But in an unexpected twist, the Department of Justice revealed that a third party had provided an
alternative method to access Farook’s phone data that ultimately rendered Apple’s cooperation unnecessary.
The divisive court case prompted the release of controversial
draft legislation intended to
outlaw end-to-end encryption, and the creation of a
bipartisan encryption working group under the House Judiciary Committee and House Energy and Commerce Committee. The group just released its
year-end report, concluding that ‘any measure that weakens encryption works against the national interest’, laying the ground work for further debate next year.
Russian efforts to influence the US Presidential election campaign caused a major splash this year. The media coverage was dominated by the leak of Democratic National Committee (DNC) donor lists and opposition research
by supposed lone-hacker Guccifer 2.0 and the dissemination of more than 20,000 confidential DNC emails
via Wikileaks. In October, the US Intelligence Community released a statement that it was
‘confident’ that the Russian government was behind these incidents, which were allegedly designed to undermine Hillary Clinton’s candidacy and ensure a more
Putin-friendly administration under Donald Trump. While Trump continues to dismiss the intel agencies’ conclusion as a
‘laughing point’, President Obama is pushing in the opposite direction,
suggesting that Russian President Vladimir Putin had a direct hand in these operations and ordering a
full investigation into the issue. The US has been
criticised for its lack of response to these incidents and Obama says the US will respond ‘
at a time and place of our own choosing’. The key question is how these tensions will play out under the new Trump administration.
There are a whole range of interesting cyber developments on the horizon so be sure to follow ICPC’s commentary in 2017. See you next year!
Zoe Hawkins is an analyst in ASPI’s International Cyber Policy Centre. Image courtesy of Pixabay user SIXTY.
Article printed from The Strategist: https://www.aspistrategist.org.au
URL to article: https://www.aspistrategist.org.au/cyber-wrap-148/
[1] adopted: http://www.reuters.com/article/us-china-parliament-cyber-idUSKBN132049
[2] ‘technical support’: http://www.itnews.com.au/news/concerns-raised-over-chinas-new-cyber-security-laws-440929
[3] data-localisation: https://techcrunch.com/2016/11/06/chinas-new-cybersecurity-law-is-bad-news-for-business/
[4] threat to intellectual property: https://www.theguardian.com/world/2016/nov/07/chinas-new-cybersecurity-law-sparks-fresh-censorship-and-espionage-fears
[5] outcry from the international business community: http://fortune.com/2016/08/17/china-cybersecurity-law-foreign-business/
[6] undermines ‘national honour’: http://www.securityweek.com/china-passes-controversial-cybersecurity-law
[7] Online privacy advocates: https://www.hrw.org/news/2016/11/06/china-abusive-cybersecurity-law-set-be-passed
[8] come into force: https://www.bloomberg.com/news/articles/2016-11-07/china-passes-cybersecurity-law-despite-strong-foreign-opposition
[9] agreed in June this year: http://www.wsj.com/articles/u-s-eu-agree-final-adjustments-to-data-privacy-shield-1466764267
[10] in place of the ‘Safe Harbour’: http://www.theinquirer.net/inquirer/news/2462940/safe-harbour-20-privacy-shield-could-come-into-force-next-month
[11] struck down last October: https://techcrunch.com/2015/10/06/europes-top-court-strikes-down-safe-harbor-data-transfer-agreement-with-u-s/
[12] a number of additional clarifications and improvements: http://fortune.com/2016/06/24/privacy-shield-improvements/
[13] brought into force: https://www.privacyshield.gov/Program-Overview
[14] formal notice: https://www.cnil.fr/en/windows-10-cnil-publicly-serves-formal-notice-microsoft-corporation-comply-french-data-protection
[15] accused: http://www.gizmodo.com.au/2016/07/france-is-mad-about-microsoft-collecting-windows-10-user-data-without-their-consent/
[16] announced: https://www.whatsapp.com/faq/en/general/28030012
[17] open letter: https://www.cnil.fr/sites/default/files/atoms/files/20161027_letter_of_the_chair_of_the_art_29_wp_whatsapp.pdf
[18] UK, France and Italy: http://thehill.com/policy/technology/306619-facebook-pauses-whatsapp-data-collection-in-europe
[19] stop collecting WhatsApp user data: http://www.theverge.com/2016/11/17/13662804/facebook-stops-collecting-whatsapp-data-government-pressure
[20] Google: http://www.reuters.com/article/us-alphabet-eu-idUSKBN13B2LB
[21] San Bernardino attackers: http://www.ibtimes.com/san-bernardino-shooting-syed-rizwan-farook-tashfeen-malik-get-muslim-burials-fbi-2229577
[22] push: http://fortune.com/2016/02/17/apple-backdoor-order/
[23] described: http://www.apple.com/customer-letter/
[24] alternative method: http://www.politico.com/story/2016/03/feds-move-to-cancel-iphone-hearing-221062
[25] draft legislation: http://techcrunch.com/2016/04/08/feinstein-and-burrs-draft-encryption-bill-would-essentially-make-all-encryption-illegal/
[26] bipartisan encryption working group: https://www.wired.com/2016/03/apple-fbi-battle-crypto-wars-just-begun/
[27] year-end report: https://judiciary.house.gov/wp-content/uploads/2016/12/20161220EWGFINALReport.pdf
[28] by supposed lone-hacker Guccifer 2.0: https://guccifer2.wordpress.com/2016/06/15/dnc/
[29] via Wikileaks: https://wikileaks.org/dnc-emails/
[30] ‘confident’: https://www.dni.gov/index.php/newsroom/press-releases/215-press-releases-2016/1423-joint-dhs-odni-election-security-statement
[31] Putin-friendly: http://www.theatlantic.com/international/archive/2016/07/clinton-trump-putin-nato/492332/
[32] ‘laughing point’: http://www.reuters.com/article/us-usa-election-cyber-russia-idUSKBN13Z05B
[33] suggesting: https://www.theguardian.com/world/2016/dec/15/white-house-putin-russia-hacking-us-election-trump
[34] full investigation: https://www.bloomberg.com/politics/articles/2016-12-09/obama-orders-investigation-into-election-related-hacking-attacks-iwhy9nww
[35] criticised: https://www.theguardian.com/us-news/2016/dec/18/robert-gates-russia-election-interference-donald-trump-hillary-clinton
[36] at a time and place of our own choosing’: http://www.npr.org/2016/12/15/505775550/obama-on-russian-hacking-we-need-to-take-action-and-we-will