Studying Security Issues in the ByteDance Investigation of Iran’s Suicide Drone Attacks with the PAMELA Experiment
She says TikTok will continue to work with the federal government to try to “meaningfully address” security concerns. The company is currently negotiating with the Committee on Foreign Investment in the United States (CFIUS) over the terms of its operations in this country.
The ByteDance Internal Audit team was expected to surveil two Americans who had never worked at the company in the past, according to an article posted earlier on Thursday. Forbes did not include any information about who was going to be tracked, why ByteDance was planning on monitoring them, or how their sources could be at risk, even though the report was based on materials it reviewed.
As Russia’s war in Ukraine drags on, Ukrainian forces have proved resilient and mounted increasingly intense counterattacks on Kremlin forces. But as the conflict evolves, it is entering an ominous phase of drone warfare. Russia has begun launching a series of recent attacks using Iranian “suicide drones” to inflict damage that is difficult to defend against. With Russia threatening to use a nuclear weapon, and NATO watching for any signs that it is about to act, we examine what indicators are available to the world to assess whether or not Russia is preparing to use a nuclear weapon.
Why Don’t You Drop Your Passwords and Make sure You’re Safe? The Case for the Exchange Server on-Premises Email Hosting Service
The Exchange server on-premises email hosting service has a number of deeply problematic vulnerabilities that have left researchers to raise the alarm that the platform isn’t getting the development resources it needs anymore. And new research examines how Wikipedia’s custodians ferret out state-sponsored disinformation campaigns in the crowdsourced encyclopedia’s entries.
According to a new report, middle-of- the-pack groups such as the Vice Society maximize profits and minimize their exposure by Investing very little in technical innovation. Instead, they simply run the most sparse and unremarkable operations they can to target under-funded sectors like health care and education. If you’re looking to do something for your personal security, we’ve got a guide to ditching passwords and setting up “passkeys” on Android and Google Chrome.
But wait, there’s more! Each week, we highlight the news we didn’t cover in-depth ourselves. You can click here to read the full story. And stay safe out there.
The Microsoft Cloud Misconfiguration: A Security Dumpster Fire for the Internet of Things? The United States Taking a Step Towards a Security Labeling Scheme
Microsoft said that the data of prospective customers was exposed by a misconfiguration. Researchers from the threat intelligence firm SOCRadar disclosed the leak to Microsoft on September 24, and the company quickly closed the exposure. The information was exposed as far back as last year and up to this year, according to the report. The data was linked to more than 65,000 organizations from around the world. The information exposed by Microsoft included names, telephone numbers, email addresses, and files sent between customers and Microsoft or one of its authorized partners. Cloud misconfigurations are a longstanding security risk that have led to countless exposures and, sometimes, breaches.
The security dumpster fire is a longstanding problem that can’t be fixed with an easy answer. In recent years, Singapore and Germany have been able to add security labels to internet- connected video cameras, printers, toothbrushes, and more. The labels give consumers a better understanding of the protections built into different devices—and give manufacturers an incentive to improve their practices and get a gold seal. This week, the United States took a step in this direction. The White House is developing a labeling scheme for the internet of things. The administration held a summit with industry organizations and companies this week to discuss standards and guidelines for the labels. “A labeling program to secure such devices would provide American consumers with the peace of mind that the technology being brought into their homes is safe, and incentivize manufacturers to meet higher cybersecurity standards, and retailers to market secure devices,” National Security Council spokesperson Adrienne Watson said in a statement.
Source: https://www.wired.com/story/tiktok-bytedance-americans-data-security-roundup/
The Internet, Social Media, and the Security of the World: What Comes Beyond the Standard Models in the Era of the Donald Trump Era
Sources told The Washington Post this week that sensitive information related to Iran‘s nuclear program and the United States’ own intelligence operations in China were included in documents seized by the FBI this summer at former President Trump‘s Mar-a-Lago estate in Florida. Experts say that unauthorized disclosures of specific information in the documents would pose multiple risks. The Post wrote that people aiding US intelligence efforts could be at risk. The information could also potentially motivate retaliation by other countries against the US.
Open internet proponents were relieved last month when an American candidate beat a Russian challenger in an election to run the International Telecommunications Union, an important international standards body tasked with cross-boundary communications. We evaluated the vulnerability of the world’s internet infrastructure and examined the fragility of it.
The new legal climate for abortion in the US is suspected of promoting a culture of community surveillance, a hallmark of authoritarian states, where neighbors and friends are encouraged to report possible wrongdoing. Around the world there is an increase in the use of cameras in soccer stadiums. During the World Cup inQatar, eight stadiums will contain more than 15,000 cameras to keep an eye on spectators and to conduct facial recognition.
The more secure, “memory safe” programming language Rust is making inroads across the tech industry, offering hope that a massive swath of common vulnerabilities could eventually be preempted and eliminated. In the meantime, we’ve got a roundup of the most important vulnerabilities that you can—and should!—patch right now.
Source: https://www.wired.com/story/tiktok-eu-privacy-policy-security-roundup/
How Cash Apps End Their Role in Combating Russian-Bulk Attacks: Labor Party Leaders Call for an Empirical Investigation
Liz is having a hard time. Soon after her historically brief stint as the UK prime minister, the Mail on Sunday reported that agents working on behalf of Russia had hacked her personal cell phone when she was foreign minister. The Russian operatives were able to intercept messages about the Ukraine between Truss and officials in other countries. The report claims Boris Johnson and Simon Case suppressed the breech. Labor Party officials are calling for an urgent investigation into the Conservative opponents, who are suspected of having been involved in the breach. “There are immensely important national security issues raised by an attack like this by a hostile state which will have been taken extremely seriously by our intelligence and security agencies,” Labor Party shadow home secretary Yvette Cooper said last weekend. “There are also serious security questions around why and how this information has been leaked or released right now, which must also be urgently investigated.”
There is new heat on Jack Dorsey’s corporate creation this week. A study by Forbes showed that the Cash App was helping fuel sex trafficking in the US. Based on police records, “hundreds of court filings,” and claims by former Cash App employees, the investigation found rampant use of the Cash App in sex trafficking and other crimes. The company, which is owned by Dorsey-led Block Inc., maintains that it “does not tolerate illegal activity on Cash App” and has staff dedicated to working with law enforcement. Meanwhile, the National Center for Missing and Exploited Children says that although rival payment platforms like PayPal provide the the center with tips about potential child abuse facilitated by their services, Forbes writes, “Block hasn’t provided any tips, ever.”
In the past year, US financial institutions have been responsible for over one billion dollars in payments for ransomware, a 200 percent increase from 2020. A White House summit was taking place to tackle the rise of cyber crime, including the threat of Ransomware which can be downloaded for a fee and can be used to hold your files for a period of time. Himamauli Das, acting director of the Treasury Department’s Financial Crimes Enforcement Network, said in a statement that “ransomware—including attacks perpetrated by Russian-linked actors—remain a serious threat to our national and economic security. While $1.2 billion in payments is already painful enough, the number does not take into account the costs and other financial consequences that come with a ransomware attack outside of the payment itself.
Bipartisan Support for a Security Improvement Plan to Stop TikTok in the United States and Keep It Alive — The Case of the Biden Administration
Republicans are leading efforts to block TikTok on government computers, and the federal effort is progressing with bipartisan support.
The bill would ban all transactions from being made in the US by social media companies with more than one million monthly users that are based in or under the influence of countries that are considered foreign adversaries.
“Our administration takes security threats by China and China-based entities seriously,” Cox said on Twitter. This is the reason we’re banning all state-owned TikTok devices.
While infighting continues in the Biden administration, the video streaming giant is trying to convince the public that it is a safe platform.
The agreement will address any security concerns that have been raised at the federal and state level, Oberwetter said. “These plans have been developed under the oversight of our country’s top national security agencies—plans that we are well underway in implementing—to further secure our platform in the United States, and we will continue to brief lawmakers on them.”
The first version of this article appeared in a newsletter. You can sign up to get the daily digest on the evolving media landscape.
Where is the TikTok App? Why the U.S. should be banned from the Internet, social media, and social media censorship
But its widespread usage across the U.S. is alarming government officials. In November, FBI Director Christopher Wray raised eyebrows after he told lawmakers that the app could be used to control users’ devices.
The Senate-passed bill would provide exceptions for “law enforcement activities, national security interests and activities, and security researchers.”
TikTok is used by more than 100 million monthly active users in the U.S. alone, and its ability to create instant viral hits has put it at the forefront of internet culture, though concerns about data security have long dogged the app.
30 TikTok creators appeared on a White House call to discuss their response to Russia’s invasion of Ukraine. Jen Psaki, then the White House press secretary, and members of the National Security Council staff briefed the creators, who together had tens of millions of followers, on the latest news from the conflict and the White House’s goals and priorities. The previous summer, the White House recruited dozens of TikTokers to encourage young people to get vaccinations against Covid.
While the company denies it would ever be used for nefarious purposes, national security experts say China-based businesses usually have to give unfettered access to the authoritarian regime if information is ever sought.
The ban on federal government devices is an incremental restriction because most drastic measures have not advanced even though they lacked the political will.
The fear about TikTok is overstated. While some data concerns exist—though none more extreme than those over any US-based social media platforms—policies and discourse around TikTok in politics amount to a modern-day Red Scare. American politicians seem to be more interested in pointing fingers at China for a lack of data security than they are in regulating social media. With a federal ban on TikTok throughout the US, it is not possible to put the app back in its rightful place. These bans will do more harm than good, when it comes to educating good media citizens in college classrooms.
The China Investigation of ByteDance, a U.S. Social Media App that Tracks Private Information about Americans and the Chinese Government
There is no easy way to find out the extent to which ByteDance’s claim is true, and that is because it does not have an easy way to determine how much of a claim it is.
“While social media companies are certainly harvesting all kinds of data about users, I think it’s usually overblown to what extent they ‘know’ about users on an individual level,” he said.
The Committee on Foreign Investment in the United States (CFIUS), a powerful interagency federal panel that reviewing foreign investment in the U.S., began examining TikTok during the Trump administration and the probe is still underway.
Another possible resolution is that the committee is satisfied with the steps TikTok has taken to ensure there is a firewall between U.S. user data and ByteDance employees in Beijing and the Chinese government.
CFIUS deliberations are famously secretive and happen behind closed doors. It is not clear when the committee might finish its investigation, nor is it known which way it is leaning.
At least 14 states have recently banned the application from being used on government devices; some state-run public universities followed suit.
In fact, China’s 2017 National Intelligence Law requires Chinese companies to furnish any customer information relevant to China’s national security. TikTok collects astonishing amounts of user information, more than some other popular social media apps. There’s no evidence that ByteDance gave this information to the Chinese government. Yet in an episode that revealed the possibility of future government interference, ByteDance itself admitted in December that it had fired some China and U.S.-based employees for wrongfully snooping on American’s private information, including that of journalists, collected through TikTok.
“There is no more time to waste on meaningless negotiations with a CCP-puppet company,” Rubio said in a statement. Beijing-controlled TikTok should be banned for good.
U.S. Military Employees Have a Bad Idea: A Better Way to Take Down the Cyber Crime Against the Chinese-owned Video App
“It certainly makes sense, then, for U.S. soldiers to be told, ‘Hey, don’t use the app because it might share your location information with other entities,” said Chander. “But that’s also true of the weather app and then lots of other apps that are existing in your phone, whether they’re owned by China or not.”
A ban of TikTok throughout the United States, if it could actually be enacted, would immediately solve our national security concerns about the wildly popular Chinese-owned video app. The national security of our country could be put at greater risk by such a ban. Moreover, it would sidestep a broader problem — our nation’s overall failure to address concerns over the huge amount of personal data collected in our digital lives, especially when that data could be used by foreign adversaries.
“The truth of the matter is, if the sophisticated Chinese intelligence sector wanted to gather information on particular state employees in the United States, it wouldn’t probably have to go through TikTok.”
“It’s always easy – and this happens across the world – to say that a foreign government is a threat, and ‘I’m protecting you from that foreign government,’ he says. “And I think we should be a little cautious about how that can be politicized in a way that far exceeds the actual threat in order to achieve political ends.”
Brooke Oberwetter, a spokeswoman for TikTok, said to The Wall Street Journal that the move was a political signal rather than a practical solution for security concerns, and claimed that the ban would have minimal impact because very few House-managed phones have TikTok installed.
He thinks that the United States is in a position to consider the consequences of having so much commercial espionage taking place. We should do something to address it, but not in this ad hoc posturing way, but we should pass comprehensive privacy rules or laws, something the Federal Trade Commission seems very interested in doing.
Some tech companies have brought their CEOs to Capitol Hill in order to argue against the other side of the aisle. They’ve also leaned on help from trade associations they’re members of and relied on advertising campaigns to make the case against some of the biggest legislative threats to their business.
The tech industry’s largest players have faced a kitchen sink of allegations in recent years. From knee-capping nascent rivals; to harming children and mental health; to undermining democracy; to spreading hate speech and harassment; to censoring conservative viewpoints; to bankrupting local news outlets; Big Tech has been made out as one of Washington’s largest villains.
The Tech-Focused Antitrust Law: An Overview of ByteDance, Amazon, Google, and the Apple App Store
A TikTok official said under its new server reorganization as part of Project Texas, China-based employees would never have this kind of access to American accounts.
“We think a lot of the concerns are maybe overblown,” Beckerman told CNN’s Jake Tapper on Tuesday, “but we do think these problems can be solved” through the ongoing government negotiations.
In 2019, ByteDance had 17 lobbyists and spent $270,000 on lobbying, according to public records gathered by the transparency group OpenSecrets. The company spent over $5 million in lobbying last year and its lobbyist count more than doubled.
Last year, Meta spent around 20 million dollars on internet industry lobbying. Next was Amazon with $19 million, followed by Google with nearly $10 million. The parent company of TikTok spent less than $50 million in lobbying, which is more than 10 times what was spent by these two groups.
For much of this year, supporters of AICOA insisted the legislation had enough votes to pass, and they called on Senate Majority Leader Chuck Schumer to bring it to a floor vote. The bill never got the floor time supporters wanted because of intense tech lobbying and doubts about the votes. The same fate awaited other tech-focused antitrust bills, such as one that would have forced Apple to allow users to download iPhone apps from any website, not just its own app store.
There was a chance that the bill would pass this month, but it failed to do so. Meta warned that it could have to pull news content from its websites if the bill passed.
Source: https://www.cnn.com/2022/12/22/tech/washington-tiktok-big-tech/index.html
The State of the Digital Economy: Creating an Alternative Way for Students to Learn How to Write, Read and Share Information in a World Without Teasers
Time and again, Silicon Valley’s biggest players have maneuvered expertly in Washington, defending their turf from lawmakers keen to knock them down a peg.
By contrast, decisions about the rules government might impose on tech platforms have called into question how those regulations may affect different parts of the economy, from small businesses to individual users to the future of the internet itself.
Legislation that raises First Amendment issues as well as partisan divisions is possible with proposals to revise the tech industry’s decades-old moderation liability shield. Democrats and Republicans agree on one thing, Section 230 should be changed because it gives social media companies a free pass to make their own decisions in regards to hate speech and offensive content.
The cross-cutting politics and the technical challenges of regulating an entire sector of technology, not to mention the potential consequences for the economy of screwing it up, have combined to make it genuinely difficult for lawmakers to reach an accord.
It’s important to establish a Republican brand. A central tenet of what unites Republicans now is taking a strong stance [and] standing up to China,” says Thad Kousser, professor of political science at U.C. San Diego.
Social media research and teaching have become staples in academia and higher education curriculums. The app has changed the way modern communication works, with practices, stories and information-sharing.
How do professors teach students to be savvy content creators if they can’t teach a pillar of the modern media landscape? While students can certainly still access TikTok within the privacy of their own homes, professors can no longer put TikToks into PowerPoint slides or show TikTok links via classroom web browser. Brands, companies, and novel forms of storytelling all rely on TikTok, and professors will no longer be able to train their students in best practices for these purposes. Additionally, TikTok makes parts of the world more accessible, as students can see the things they are learning about in real time.
The world keeps turning as these states implement their bans, leaving their citizens disadvantaged in a fast-paced media world. The students from states will not have an advantage in applying for jobs, as their counterparts from other states will be able to receive education and training, while the students from the states will be at a disadvantage.
Professors also must do research. If the bans persist, the social media scholars hired to do what they are doing can’t do what they were hired to do. Who will foot that bill for a more expensive data plan on their phone if there are only bans on campus, according to the university compliance offices? The answer is no one. While working at home does remain an option, professors are also employees who are expected to be on campus regularly to show they are in fact working. This means that the research on TikTok will need to be done via video streaming and it can be quite expensive to go over one’s limit, either through having to pay for unlimited data or by accidentally going over one’s limit.
The Energy and Commerce Committee confirmed the hearing in a press release Monday announcing that the TikTok chief would testify on March 23rd. This upcoming hearing will be the first time a TikTok CEO has been summoned to Capitol Hill to face questioning, but it’s not the first time that Vanessa has testified before a congressional committee.
Earlier this month, Sen. Mark Warner (D-VA), chair of the Senate Intelligence Committee, was reportedly considering offering a bill to ban a broader “category of applications” that could be applied to other apps that pose security risks, according to Axios.
The app owned by ByteDance was under fire when the president signed an executive order to block the app from being used in the country.
Sen. Michael Bennet (D-CO) demanded that Apple and Google “immediately” remove TikTok from their app stores in a letter addressed to the companies’ chief executives, Tim Cook and Sundar Pichai, Thursday.
At a media briefing on Tuesday at its Los Angeles office, top TikTok officials described a data security plan, dubbed “Project Texas” because it relies on Austin-based software company Oracle.
The opportunity to set the record straight was welcomed by Brooke Oberwetter. Oberwetter said TikTok plans to discuss its “comprehensive plans” to protect US user safety during the March 23rd hearing.
The Apple/Apple Charm Odd: How the US and China are cooperating after the TikTok Appruptment Decree
Unlike Google, Apple has a lot to lose regarding its relationship with both the US and China. Cook is able to maintain good relations with the Chinese government and manufacturers, which helps him achieve his success at Apple.
Washington is expected to take action. “We will see limitations this year,” says Mira Ricardel, a former White House deputy national security adviser now at the Chertoff Group advising businesses on regulations. “There is a unanimity of view that will lead to doing something.” Here is what it may look like.
India has a blockade called TikTok. A few small ISPs permit access, according to NetBlocks. And Ram Sundara Raman, lead developer for the University of Michigan’s Censored Planet project, says he was able to watch videos during a visit to India using the app he had downloaded in the US. But the ban has forced many Indian users to turn toward rival services, including from Google and Facebook, and has caused turmoil for influencers who built businesses on TikTok.
In less than two months, the order would have caused app stores to stop distributing TikTok and cloud providers to stop doing business with the company. People or companies caught dodging the order could have faced fines or prison sentences. “We wanted to start at the root, where it comes into the US, and extract it that way,” says Ivan Kanapathy, who was China director for Trump’s National Security Council and is now vice president at policy consultancy Beacon Global Strategies.
The company recently launched a charm offensive, which included rapid-fire meetings in Washington with the CEO of TikTok, as well as new transparency tools on the app, and a first-ever tour to members of the media of its corporate campus.
Adam Segal is a Chinese technology policy expert at the Council on Foreign Relations. “It’s a desire to show toughness on China,” he said.
“But there’s also a lot of pent-up animosity toward social media broadly and its affect on children, U.S. democracy and misinformation, and it’s easier to take it out on Chinese-owned TikTok right now than it is, say, Facebook or Twitter,” Segal added.
TikTok’s relationship with Oracle started during the Trump administration, when the company was scrambling to find U.S.-based cloud servers as Trump pushed to have put the app out of business in the United States.
The U.S. Data Security Impact of the TikTok Experiment (PITK): A Brief Briefing on Project Texas
USDS is expected to hire 2,500 people who have undergone high-level background checks similar to those used by the U.S. government, TikTok officials said on Tuesday. Chinese nationals would not be hired.
Still, aggregate data, like what kind of content is trending on the app or in what regions certain kind of videos are popular, can be analyzed by corporate employees in Beijing who would need to be granted special permission from the U.S. data security team.
The plan addresses many security concerns, but that is no guarantee it will be approved, said Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies.
Lewis said that theOracle plan would work. “This kind of thing is pretty standard. It seems that a reasonable solution is not enough since TikTok has become so emotional.
Not reaching a deal would put TikTok in limbo and raise the possibility that ByteDance would completely spin it off, perhaps even selling it to an American tech firm.
Assuming the deal passes muster, though, Segal agreed that it resolves the bulk of the data security concerns by allowing inspections of its algorithm and transferring U.S. user data to Oracle.
Many details about Project Texas have been published in a variety of publications, but Tuesday’s gathering was one of the first times that the company had given an official briefing on the plan.
TikTok is planning on opening centers in Washington, Dublin and Singapore in order to give journalists, lawmakers and civil society groups a tour of how the app works.
There was a game where someone was put in the position of a content moderation, and had to decide if a video violated the rules on TikTok.
Visitors that sign confidentiality agreements can view TikTok’s source code in server rooms, though journalists are not given an opportunity to do this.
TikTok: Towards more action for content moderation in the era of e-mail monopolies and big bang
The content moderation game brought home how hard it is for the thousands of people who need to make trade-offs every day on an endless flood of videos but it is not much of an issue.
The TikTok said that it hoped that Congress could take a more deliberative approach to issues by sharing details of the comprehensive plans with the full Committee.