Tag: electronic communications surveillance

Rand Paul Fast Facts | CNN Politics

CNN
—

Here’s a look at the life of Rand Paul, US senator from Kentucky.

Birth date: January 7, 1963

Birth place: Pittsburgh, Pennsylvania

Birth name: Randal Howard Paul

Father: Ron Paul, former presidential candidate and retired US representative from Texas

Mother: Carol (Wells) Paul

Marriage: Kelley (Ashby) Paul

Children: Robert, Duncan and William

Education: Attended Baylor University, 1981-1984; Duke University School of Medicine, M.D., 1988

Religion: Christian

Practiced as an ophthalmologist for 18 years.

Former president and longtime member of the Lions Club International.

Was active in the congressional and presidential campaigns of his father, Ron Paul.

1993 – Completes his ophthalmology residency at Duke University Medical Center.

1994 – Founds grassroots organization Kentucky Taxpayers United, which monitors state taxation and spending. It is legally dissolved in 2000.

1995 – Founds the Southern Kentucky Lions Eye Clinic, a non-profit providing eye exams and surgeries to those in need.

August 5, 2009 – Announces on Fox News that he is running as a Republican for the US Senate to represent Kentucky.

May 18, 2010 – Defeats Secretary of State Trey Grayson in the Kentucky GOP Senate primary.

May 19, 2010 – In interviews with NPR and MSNBC, while answering questions about the Civil Rights Act of 1964, Paul expresses strong abhorrence for racism, but says that it is the job of communities, not the government, to address discrimination. Paul later releases a statement saying that he supports the Civil Rights Act and would not support its repeal.

November 2, 2010 – Paul is elected to the Senate, defeating Jack Conway.

January 5, 2011 – Sworn in for the 112th Congress. It is the first time a son joins the Senate while his father concurrently serves in the House. Ron Paul retires from the House in 2013.

January 27, 2011 – Participates in the inaugural meeting of the Senate Tea Party Caucus with Senators Mike Lee and Jim DeMint.

February 22, 2011 – Paul’s book “The Tea Party Goes to Washington” is published.

September 11, 2012 – Paul’s book “Government Bullies: How Everyday Americans Are Being Harassed, Abused, and Imprisoned by the Feds” is published. He is later accused of plagiarism in some of his speeches and writings, including in “Government Bullies.” Paul ultimately takes responsibility, saying his office had been “sloppy” and pledging to add footnotes to all of his future material.

February 12, 2013 – Delivers the Tea Party response to President Barack Obama’s State of the Union address.

March 6-7, 2013 – Paul speaks for almost 13 hours, filibustering to stall a confirmation vote on CIA Director nominee John Brennan.

February 12, 2014 – Paul and the conservative group FreedomWorks file a class-action lawsuit against Obama and top national security officials over the government’s electronic surveillance program made public by intelligence leaker Edward Snowden. The lawsuit is later dismissed.

December 2, 2014 – Paul announces his bid for a second term in the Senate.

April 7, 2015 – Paul announces his candidacy for the Republican presidential nomination during an event in Louisville, Kentucky.

May 20, 2015 – After 10 hours and 30 minutes, Paul ends his “filibuster” over National Security Agency surveillance programs authorized under the Patriot Act. Paul’s speech wasn’t technically a filibuster because of intricate Senate rules, but his office insists it was a filibuster.

August 5, 2015 – The Justice Department indicts two officials from a Rand Paul Super PAC for conspiracy and falsifying campaign records. During the 2012 presidential primary season, Jesse Benton and John Tate allegedly bribed an Iowa state senator to get him to endorse Ron Paul. Benton and Tate go on to help run one of the Super PACs supporting Rand Paul, America’s Liberty PAC. Both men are later convicted.

February 3, 2016 – Announces that he is suspending his campaign for the presidency.

November 8, 2016 – Wins a second term in the Senate, defeating Democrat Jim Gray.

November 3, 2017 – A neighbor assaults Paul at his home in Bowling Green, Kentucky, which results in six broken ribs and a pleural effusion – a build-up of fluid around the lungs. The attorney representing Paul’s neighbor, Rene Boucher, later says that the occurrence had “absolutely nothing” to do with politics and was “a very regrettable dispute between two neighbors over a matter that most people would regard as trivial.” Boucher, who pleaded guilty to the assault, is sentenced in June 2018 to 30 days in prison with a year of supervised release.

August 2018 – Goes to Moscow and meets with Russian lawmakers, extending an invitation to visit the United States. While abroad, Paul tweets that he delivered a letter to Russian leader Vladimir Putin from US President Donald Trump. A White House spokesman later says that Paul asked Trump to provide a letter of introduction. After he returns, Paul says that he plans to ask Trump to lift sanctions on members of the Russian legislature so they can come to Washington for meetings with their American counterparts.

January 29, 2019 – A jury awards him more than $580,000 in his lawsuit against the neighbor who attacked him in 2017. The amount includes punitive damages and payment for pain and suffering as well as medical damages.

August 5, 2019 – Paul says part of his lung had to be removed by surgery following the 2017 attack by Boucher.

March 22, 2020 – Paul announces that he has tested positive for the novel coronavirus, becoming the first US senator to test positive for coronavirus.

August 10, 2021 – Paul is suspended from YouTube for seven days over a video claiming that masks are ineffective in fighting Covid-19, according to a YouTube spokesperson.

November 8, 2022 – Wins reelection to the Senate for a third term.

October 10, 2023 – Paul’s book “Deception: The Great Covid Cover-Up” is published.

Rand Paul’s political life

Source link

August 2, 2023
As Beijing’s intelligence capabilities grow, spying becomes an increasing flashpoint in US-China ties | CNN

Hong Kong
CNN
—

For the second time this year, concerns of Chinese spying on the United States have cast a shadow over a planned visit to China by the US’ top diplomat as the two superpowers try to improve fractured ties while keeping a watchful eye on each other.

US Secretary of State Antony Blinken is expected to land in Beijing over the weekend following the postponement of his earlier trip planned for February after a Chinese surveillance balloon meandered across the continental US, hovering over sensitive military sites before being shot down by an American fighter plane.

But with Blinken poised to make a trip seen as a key step to mend fractured US-China communications, another espionage controversy has flared in recent days following media reports that China had reached a deal to build a spy perch on the island of Cuba.

Beijing has said it wasn’t “aware” of the situation, while the White House said the reports were not accurate – with Blinken earlier this week saying China upgraded its spying facilities there in 2019.

The situation is just the latest in a string of allegations of spying between the two in recent months. They underscore how intelligence gathering – an activity meant to go on without detection, out of the public eye – is becoming an increasingly prominent flashpoint in the US-China relationship.

CIA Director Bill Burns secretly traveled to China in May to meet counterparts and emphasize the importance of maintaining open lines of communication in intelligence channels, CNN reported earlier this month.

“Crisis communications are arguably in their worst state since 1979. This puts a premium on both countries’ ability to gather intelligence to understand each other’s capabilities, actions, and strategic intent around the globe,” said Lyle Morris, a senior fellow at the Asia Society Policy Institute’s Center for China Analysis.

That pushes intelligence gathering itself to become “another factor that is complicating US-China relations,” he said.

That’s especially the case, experts say, as China continues to expand its own intelligence gathering capabilities – catching up in an area where the US has traditionally had an edge.

“It’s fair to say that we’ve been spying on each other at various scales for a long time,” said former Central Intelligence Agency (CIA) China analyst Christopher Johnson.

“No doubt there’s been an uptick from both sides, but probably more so on the Chinese side, simply because they’ve gotten larger, more influential, richer, and therefore have more resources to devote than they did in the past,” said Johnson, who is now president of the China Strategies Group consultancy.

Chinese leader Xi Jinping has also pursued a far more assertive foreign policy than his predecessors during his past decade in power.

That’s been accompanied by “a consistent emphasis on enhancing intelligence capabilities, modernizing technology, and improving coordination among different security agencies,” according to Xuezhi Guo, a professor of political science at Guilford College in the US.

China’s main intelligence activities fall under departments within the People’s Liberation Army and its vast civilian agency known as the Ministry of State Security (MSS). Other arms of the Communist Party apparatus also play a role in activities beyond conventional intelligence gathering, experts say.

The MSS, established in 1983, oversees intelligence and counterintelligence both within China and overseas. Its remit has encouraged analogies to a combined CIA and Federal Bureau of Intelligence. But the sprawling Beijing-headquartered MSS is even more secretive – without even a public website describing its activities.

The agency is “expected to play an even more significant role in China’s domestic and international security and stability” in the coming years, amid mounting challenges at home and abroad, Guo said.

In the context of both China’s growing clout and geopolitical frictions, experts say it’s no surprise Beijing is allegedly seeking to establish or expand surveillance facilities in Cuba – or other places around the world – with the US as a key target, but not the only one.

Meanwhile, intelligence gathering in China has become harder.

Xi has consolidated his power and become increasingly focused on security – including building out the state’s ability to monitor its citizens, both online and through China’s extensive surveillance infrastructure.

“The task of collecting intelligence in China is arguably harder than ever and yet more necessary than ever,” said Johnson, the former analyst, pointing to challenges of gaining insight into the government under the centralized leadership of Xi, who maintains a “very small circle of knowledge or trust.”

China’s building of a domestic “surveillance panopticon” has also enabled its counter-intelligence, according to Johnson.

US intelligence has difficulties having operational meetings or “going black” (dodging surveillance) within China, he said, especially during the Covid-19 pandemic when movement was tightly controlled and even more digitally monitored than usual.

CIA operations also suffered a staggering setback starting in 2010, according to The New York Times, when the Chinese government killed or imprisoned more than a dozen sources over two years.

In 2021, CNN reported that the agency was overhauling how it trains and manages its network of spies as part of a broad transition to focus more closely on adversaries like China and Russia.

This contrasts with what some US lawmakers and commentators believe has been a too relaxed approach to national security with regards to China, where even private businesses are beholden to the ruling Communist Party, which also seeks to keep tabs on its citizens overseas.

Experts have also warned about the overlap between espionage efforts and operations like those of China’s United Front – a sprawling network of groups that manage the party’s relationship with non-party industries, organizations and individuals around the world.

Heightened concern and awareness about Chinese intelligence gathering – or the potential for it – has exploded in the US in recent years.

That’s played out in debates about the use of Chinese telecoms equipment and social media platforms – think Huawei and TikTok – as well as in government efforts to prosecute economic espionage cases and prevent any influence campaigns from impacting American democracy.

Beijing has said repeatedly that it does not interfere in the “internal affairs” of other countries. Both Huawei and Tiktok have repeatedly denied that their products present a national security risk or would be accessed by the Chinese government.

In the US, there’s also been concern about over-hyping the threat and sparking anti-Chinese sentiment.

The US Justice Department last year ended its 3-year-old China Initiative, a national security program largely focused on thwarting technology theft, including in academia, after a string of cases were dismissed amid concerns of fueling suspicion and bias against Chinese Americans.

US intellectual property had long been a traditional target of Chinese espionage.

A survey of 224 reported instances of Chinese espionage directed at the United States since 2000, conducted using open source data by the Center for Strategic and International Studies (CSIS) think tank in Washington, found nearly half involved cyber-espionage, while over half were seeking to acquire commercial technologies.

Beijing appears to be increasingly pushing back on what it sees as a double standard – as the US’ international surveillance efforts have also been well-documented.

The 2013 leak produced by former National Security Agency contractor Edward Snowden, for example, revealed Washington’s vast global digital surveillance capabilities, against both rivals and allies alike. Meanwhile, the US intelligence community is widely understood to have its own overseas facilities for collecting signals intelligence.

Last month, Beijing released a report from a national cybersecurity agency titled “‘Empire of Hacking’: The US Central Intelligence Agency.” It accused the US of promoting the internet in the 1980s in order to further its intelligence agencies’ efforts to launch “Color Revolutions” and overthrow governments abroad.

“The organizations, enterprises and individuals that use the Internet equipment and software products of the USA have been used as the puppet ‘agents’ by CIA, helping it to be a ‘shining star’ in global cyber espionage wars,” the report also claimed.

China’s own internet is heavily censored with access limited by a “Great Firewall” – part of its extensive efforts to control the flow of information alongside its extensive digital surveillance of its own population.

China’s Foreign Ministry last month again pointed its finger at the US after Washington released a warning alleging that a Chinese state-sponsored hacker had infiltrated networks across US critical infrastructure sectors.

Earlier this month, the ministry also slammed the US for sending what it said were more than 800 flights of large reconnaissance aircraft “to spy on China” last year – though no assertion was made of crossing into Chinese airspace.

The comment came after each country’s military accused the other of misbehavior after a Chinese fighter jet intercepted a US spy plane in international airspace over the South China Sea.

Experts say this rhetorical back-and-forth over each other’s clandestine activities is likely only to continue as US-China competition drives both to ramp up their intelligence gathering – and China continues to expand its own prowess, including through technological advancements such as satellite networks, surveillance balloons and data processing.

“China increasingly has capabilities (that the US has been known for) … this is moving from a one way street historically to a two-way street,” said John Delury, author of “Agents of Subversion: The Fate of John T. Downey and the CIA’s Covert War in China.”

He pointed to how China had long been subject to US offshore surveillance and – prior to the restoration of diplomatic relations in the 1970s – direct aerial surveillance.

“There’s a psychological dimension to this as well,” Delury added, noting that the spy balloon incident earlier this year brought this to the fore – giving Americans the unnerving sense that China “can do this to us now, they have technical capabilities and can look at us.”

Meanwhile, there’s much at stake in how well the two governments can repair official communication – seen as a key element of Blinken’s expected visit on Sunday and Monday.

“When there’s less communication, the two intelligence communities inside the two governments have to do more and more guesswork,” said Delury. “Then there’s a lot more room for faulty assumptions.”

Source link

June 14, 2023
Lawmakers say TikTok is a national security threat, but evidence remains unclear | CNN Business

CNN
—

As TikTok CEO Shou Zi Chew prepares for his first congressional grilling on Thursday, much of the focus will undoubtedly be on the short-form video app’s potential national security risks.

Concerns about TikTok’s connections to China have led governments worldwide to ban the app on official devices, and those fears have factored into the increasingly tense US-China relationship. The Biden administration has threatened TikTok with a nationwide ban unless its Chinese owners sell their stakes in the company.

But more than two years after the Trump administration first issued a similar threat to TikTok, security experts say the government’s fears, while serious, currently appear to reflect only the potential for TikTok to be used for foreign intelligence, not that it has been. There is still no public evidence the Chinese government has actually spied on people through TikTok.

TikTok doesn’t operate in China. But since the Chinese government enjoys significant leverage over businesses under its jurisdiction, the theory goes that ByteDance, and thus indirectly, TikTok, could be forced to cooperate with a broad range of security activities, including possibly the transfer of TikTok data.

“It’s not that we know TikTok has done something, it’s that distrust of China and awareness of Chinese espionage has increased,” said James Lewis, an information security expert at the Center for Strategic and International Studies. “The context for TikTok is much worse as trust in China vanishes.”

When Rob Joyce, the National Security Agency’s director of cybersecurity, was asked by reporters in December to articulate his security concerns about TikTok, he offered a general warning rather than a specific allegation.

“People are always looking for the smoking gun in these technologies,” Joyce said. “I characterize it much more as a loaded gun.”

Technical experts also draw a distinction between the TikTok app — which appears to operate very similarly to American social media in the amount of user tracking and data collection it performs — and TikTok’s approach to governance and ownership. It’s the latter that’s been the biggest source of concern, not the former.

The US government has said it’s worried China could use its national security laws to access the significant amount of personal information that TikTok, like most social media applications, collects from its US users.

The laws in question are extraordinarily broad, according to western legal experts, requiring “any organization or citizen” in China to “support, assist and cooperate with state intelligence work,” without defining what “intelligence work” means.

Should Beijing gain access to TikTok’s user data, one concern is that the information could be used to identify intelligence opportunities — for example, by helping China uncover the vices, predilections or pressure points of a potential spy recruit or blackmail target, or by building a holistic profile of foreign visitors to the country by cross-referencing that data against other databases it holds. Even if many of TikTok’s users are young teens with seemingly nothing to hide, it’s possible some of those Americans may grow up to be government or industry officials whose social media history could prove useful to a foreign adversary.

Another concern is that if China has a view into TikTok’s algorithm or business operations, it could try to exert pressure on the company to shape what users see on the platform — either by removing content through censorship or by pushing preferred content and propaganda to users. This could have enormous repercussions for US elections, policymaking and other democratic discourse.

Security experts say these scenarios are a possibility based on what’s publicly known about China’s laws and TikTok’s ownership structure, but stress that they are hypothetical at best. To date, there is no public evidence that Beijing has actually harvested TikTok’s commercial data for intelligence or other purposes.

Chew, the TikTok CEO, has publicly said that the Chinese government has never asked TikTok for its data, and that the company would refuse any such request.

If there’s a risk, it’s primarily concentrated in the relationship between TikTok’s Chinese parent, ByteDance, and Beijing. The main issue is that the public has few ways of verifying whether or how that relationship, if it exists, might have been exploited.

TikTok has been erecting technical and organizational barriers that it says will keep US user data safe from unauthorized access. Under the plan, known as Project Texas, the US government and third-party companies such as Oracle would also have some degree of oversight of TikTok’s data practices. TikTok is working on a similar plan for the European Union known as Project Clover.

But that hasn’t assuaged the doubts of US officials, likely because no matter what TikTok does internally, China would still theoretically have leverage over TikTok’s Chinese owners. Exactly what that implies is ambiguous, and because it is ambiguous, it is unsettling.

In congressional testimony, TikTok has sought to assure US lawmakers it is free from Chinese government influence, but it has not spoken to the degree that ByteDance may be susceptible. TikTok has also acknowledged that some China-based employees have accessed US user data, though it’s unclear for what purpose, and it has disclosed to European users that China-based employees may access their data as part of doing their jobs.

Multiple privacy and security researchers who’ve examined TikTok’s app say there aren’t any glaring flaws suggesting the app itself is currently spying on people or leaking their information.

In 2020, The Washington Post worked with a privacy researcher to look under the hood at TikTok, concluding that the app does not appear to collect any more data than your typical mainstream social network. The following year, Pellaeon Lin, a Taiwan-based researcher at the University of Toronto’s Citizen Lab, performed another technical analysis that reached similar conclusions.

But even if TikTok collects about the same amount of information as Facebook or Twitter, that’s still quite a lot of data, including information about the videos you watch, comments you write, private messages you send, and — if you agree to grant this level of access — your exact geolocation and contact lists. TikTok’s privacy policy also says the company collects your email address, phone number, age, search and browsing history, information about what’s in the photos and videos you upload, and if you consent, the contents of your device’s clipboard so that you can copy and paste information into the app.

TikTok’s source code closely resembles that of its China-based analogue, Douyin, said Lin in an interview. That implies both apps are developed on the same code base and customized for their respective markets, he said. Theoretically, TikTok could have “privacy-violating hidden features” that can be turned on and off with a tweak to its server code and that the public might not know about, but the limitations of trying to reverse-engineer an app made it impossible for Lin to find out whether those configurations or features exist.

If TikTok used unencrypted communications protocols, or if it tried to access contact lists or precise geolocation data without permission, or if it moved to circumvent system-level privacy safeguards built into iOS or Android, then that would be evidence of a problem, Lin said. But he found none of those things.

“We did not find any overt vulnerabilities regarding their communication protocols, nor did we find any overt security problems within the app,” Lin said. “Regarding privacy, we also did not see the TikTok app exhibiting any behaviors similar to malware.”

TikTok has faced claims that its in-app browser tracks its users’ keyboard entries, and that this type of conduct, known as keylogging, could be a security risk. The privacy researcher who performed the analysis last year, Felix Krause, said that keylogging is not an inherently malicious activity, but it theoretically means TikTok could collect passwords, credit card information or other sensitive data that users may submit to websites when they visit them through TikTok’s in-app browser.

There is no public evidence TikTok has actually done that, however. TikTok has said the keylogging function is used for “debugging, troubleshooting, and performance monitoring,” as well as to detect bots and spam. Other research has shown that the use of keyloggers is extremely widespread in the technology industry. That does not necessarily excuse TikTok or its peers for using a keylogger in the first place, but neither is it proof positive that TikTok’s product, by itself, is any more of a national security threat than other websites.

There have also been a number of studies that report TikTok is tracking users around the internet even when they are not using the app. By embedding tracking pixels on third-party websites, TikTok can collect information about a website’s visitors, the studies have found. TikTok has said it uses the data to bolster its advertising business. And in this respect, TikTok is not unique: the same tool is used by US tech giants including Facebook-parent Meta and Google on a far larger scale, according to Malwarebytes, a leading cybersecurity firm.

As with the keylogging tech, the fact TikTok uses tracking pixels does not on its own transform the company into a national security threat; the risk is that the Chinese government could compel or influence TikTok, through ByteDance, to abuse its data collection capabilities.

Separately, a report last year found TikTok was spying on journalists, snooping on their user data and IP addresses to find out when or if certain reporters were sharing the same location as company employees. TikTok later confirmed the incident and ByteDance fired several employees who had improperly accessed the TikTok data of two journalists.

The circumstances surrounding the incident suggest it was not the type of wide-scale, government-directed intelligence effort that US national security officials primarily fear. Instead, it appeared to be part of a specific internal effort by some ByteDance employees to hunt down leaks to the press, which may be deplorable but hardly uncommon for an organization under public scrutiny. (Nevertheless, the US government is reportedly investigating the incident.)

Joyce, the NSA’s top cyber official, told reporters in December that what he really worries about is “large-scale influence” campaigns leveraging TikTok’s data, not “individualized targeting through [TikTok] to do malicious things.”

To date, however, there’s no public evidence of that taking place.

TikTok may collect an extensive amount of data, much of it quietly, but as far as researchers can tell, it isn’t any more invasive or illegal than what other US tech companies do.

According to security experts, that’s more a reflection of the broad leeway we’ve given to tech companies in general to handle our data, not an issue that’s unique or specific to TikTok.

“We have to trust that those companies are doing the right thing with the information and access we’ve provided them,” said Peiter “Mudge” Zatko, a longtime ethical hacker and Twitter’s former head of security who turned whistleblower. “We probably shouldn’t. And this comes down to a concern about the ultimate governance of these companies.”

Lin told CNN that TikTok and other social media companies’ appetite for data highlights policy failures to pass strong privacy laws that regulate the tech industry writ large.

“TikTok is only a product of the entire surveillance capitalism economy,” Lin said. “And governments around the world are ignoring their duty to protect citizens’ private information, allowing big tech companies to exploit user information for gain. Governments should try to better protect user information, instead of focusing on one particular app without good evidence.”

Asked how he would advise policymakers to look at TikTok instead, Lin said: “What I would call for is more evidence-based policy.”

Source link

March 21, 2023
Chinese city claims to have destroyed 1 billion pieces of personal data collected for Covid control | CNN

Hong Kong
CNN
—

A Chinese city says it has destroyed a billion pieces of personal data collected during the pandemic, as local governments gradually dismantle their coronavirus surveillance and tracking systems after abandoning the country’s controversial zero-Covid policy.

Wuxi, a manufacturing hub on China’s eastern coast and home to 7.5 million people, held a ceremony Thursday to dispose of Covid-related personal data, the city’s public security bureau said in a statement on social media.

The one billion pieces of data were collected for purposes including Covid tests, contact tracing and the prevention of imported cases – and they were only the first batch of such data to be disposed, the statement said.

China collects vast amounts of data on its citizens – from gathering their DNA and other biological samples to tracking their movements on a sprawling network of surveillance cameras and monitoring their digital footprints.

But since the pandemic, state surveillance has pushed deeper into the private lives of Chinese citizens, resulting in unprecedented levels of data collection. Following the dismantling of zero-Covid restrictions, residents have grown concerned over the security of the huge amount of personal data stored by local governments, fearing potential data leaks or theft.

Last July, it was revealed that a massive online database apparently containing the personal information of up to one billion Chinese citizens was left unsecured and publicly accessible for more than a year – until an anonymous user in a hack forum offered to sell the data and brought it to wider attention.

In the statement, Wuxi officials said “third-party audit and notary officers” would be invited to take part in the deletion process, to ensure it cannot be restored. CNN cannot independently verify the destruction of the data.

Wuxi also scrapped more than 40 local apps used for “digital epidemic prevention,” according to the statement.

During the pandemic, Covid apps like these dictated social and economic life across China, controlling whether people could leave their homes, where they could travel, when businesses could open and where goods could be transported.

But following the country’s abrupt exit from zero-Covid in December, most of these apps faded from daily life.

On December 12, China scrapped a nationwide mobile tracking app that collected data on users’ travel movements. But many local pandemic apps run by the municipal or provincial governments, such as the ubiquitous Covid health code apps, have remained in place – although they are no longer in use.

Wuxi claims to be the first municipality in China to have destroyed Covid-related personal data from citizens. On Weibo, China’s Twitter-like platform, users called for other local governments to follow suit.

Yan Chunshui, deputy head of Wuxi’s big data management bureau, said the disposal was meant to better protect citizens’ privacy, prevent data leaks and free up data storage space.

Kendra Schaefer, the head of tech policy research at the Beijing-based consultancy Trivium China, said the data collection related to local-level Covid apps was often messy, and those apps were difficult and expensive to manage for local governments.

“Considering the cost and difficulty managing such apps, coupled with concerns expressed by the public over data security and privacy – not to mention the political win local governments get by symbolically putting zero-Covid to bed – dismantling those systems is par for the course,” Schaefer said.

In many cases, she added, the big data departments at local governments were overwhelmed dealing with Covid data, so scaling back simply makes sense economically.

“Many cities have not yet deleted their Covid data – or have not done so publicly – not because I believe they intend to keep it, but because it simply hasn’t been that long since zero-Covid was halted,” Schaefer said.

Source link

March 3, 2023
US officials disclosed new details about the balloon’s capabilities. Here’s what we know | CNN Politics

CNN
—

Biden administration officials disclosed new information Thursday about the capabilities of the suspected Chinese surveillance balloon that traversed the United States last week and what they are learning as the FBI begins analyzing the recovered parts after the balloon was shot down Saturday.

US officials also detailed what they’ve discovered about the broader spying operation they say the Chinese government has undertaken using a fleet of high-altitude surveillance balloons across the globe.

But senior Biden officials faced pointed questions on Capitol Hill from lawmakers in public hearings and classified briefings as Congress is demanding more information about why the balloon wasn’t shot down sooner.

A senior State Department official said Thursday that the balloon “was capable of conducting signals intelligence collection operations” and was part of a fleet that had flown over “more than 40 countries across five continents.”

The Biden administration has determined that the Chinese balloon was operating with electronic surveillance technology capable of monitoring US communications, according to the official.

“We know the PRC used these balloons for surveillance,” the official said. “High-resolution imagery from U-2 flybys revealed that the high-altitude balloon was capable of conducting signals intelligence collection operations.”

Signals intelligence refers to information that is gathered by electronic means – things like communications and radars.

Lawmakers were told Thursday that the order to send the balloon was dispatched without Chinese President Xi Jinping’s knowledge, sources familiar with the briefing said.

The FBI has started its initial stages of evaluating the pieces of the balloon that were recovered and brought to the FBI lab in Quantico, Virginia for analysis, senior FBI officials said Thursday.

Only evidence that was on the surface of the ocean has been delivered to FBI analysts so far, one official said, which includes the “canopy itself, the wiring, and then a very small amount of electronics.” The official said analysts have not yet seen the “payload,” which is where you would expect to see the “lion’s share” of electronics.

The officials added that understanding the components of the balloon is vital intelligence and could be “important pieces of evidence for future criminal charges that could be brought.”

Despite the latest revelations about the capabilities of the spy balloon, the Pentagon has insisted since the vessel was first acknowledged publicly that it does not give China capabilities above and beyond what they already have from spy satellites or other means.

“We did not assess that it presented a significant collection hazard beyond what already exists in actionable technical means from the Chinese,” said Gen. Glenn VanHerck, the commander of US Northern Command and NORAD, on Monday.

Administration officials from the Pentagon, State Department and intelligence community briefed lawmakers on Capitol Hill Thursday on the balloon, which has prompted criticism from Republicans over allowing it to float across the US before it was shot down off the Atlantic coast.

The officials told lawmakers that the US has assessed that little new intelligence was gleaned by the Chinese balloon operation because the Chinese appeared to stop transmitting information once the US learned of the balloon, in addition to US measures to protect sensitive intelligence from China’s spying operations, according to the sources.

The US also believes what they have recovered from the shot-down balloon is beneficial to US intelligence, the sources said.

Another source familiar with the briefings said officials said the balloon would give the Chinese better photos and signals collection than satellites, as well as a better ability to steer and hover longer over collection targets.

The Biden officials told Congress that it’s still unclear what the motivation was for the flight of the balloon across the US, which prompted Secretary of State Antony Blinken to postpone his trip to China. One of the sources said that the US believes senior leadership of the People’s Liberation Army and Chinese Communist Party including Xi were also unaware, and the US believes the Chinese are still trying to figure out how this happened.

In the classified congressional briefings, the administration officials argued that the US didn’t move earlier to shoot down the balloon in part over fears it could provoke an escalation of military tensions with China or even a military conflict. Biden gave the order to shoot down the balloon whenever the Pentagon felt it was safe to do so, the sources said, so the Pentagon ultimately made the call on when to shoot it down.

The officials told lawmakers one of the reasons the balloon was not first shot down when it entered Alaskan airspace is that the waters there are cold and deep, making it less likely they could have recovered the balloon, according to the sources.

The House briefing Thursday morning was tense, the sources said, with several Republicans railing against the administration, including GOP Rep. Marjorie Taylor Greene of Georgia, who said that the Pentagon made the president – whom she noted she doesn’t like – look weak by their actions.

In response, the briefers tried to lay out a detailed timeline of the actions, the sources said.

“The Pentagon was telling us they were able to mitigate in real-time as this was taking place and I believe that’s accurate,” Rep. Mike Quigley, an Illinois Democrat, told CNN.”I believe the preeminent concern they had, as they expressed in real time, was the safety of US citizens.”

After the briefing, House Speaker Kevin McCarthy said it was wrong for the Biden administration to wait to shoot down the balloon.

“They should have never let it into our sovereignty, they should have taken it another time,” McCarthy told CNN.

But Republican Sen. Mitt Romney told CNN he believes the US made right decision to wait before shooting it down.

“I believe that the administration, the president, our military and intelligence agencies, acted skillfully and with care. At the same time, their capabilities are extraordinarily impressive. Was everything done 100% correctly? I can’t imagine that would be the case of almost anything we do. But I came away more confident,” Romney said Thursday.

Senators pushed defense officials at an Appropriations Committee hearing on Thursday over the military’s assessment of the Chinese surveillance, with Democratic Sen. Jon Tester of Montana telling officials that he did not know how they could unequivocally say it was not a military threat.

“You guys have to help me understand why this baby wasn’t taken out long before and because I am telling you that that this ain’t the last time. We’ve [seen] brief incursions, now we’ve seen a long incursion, what happens next?,” said Tester, the chairman of the Senate Appropriations Defense Subcommittee.

“We don’t understand because quite frankly, we have been briefed in his committee over and over and over again, about the risks that China poses, both economically and militarily,” he said. “China tends to push the envelope all the time until a line is set down.”“

Pentagon officials said at the hearing that the Defense Department was not concerned about the balloon gathering intelligence over Alaska as it was not near sensitive sites.

The balloon first crossed into US airspace over Alaska on January 28, Melissa Dalton, assistant secretary of defense for Homeland Defense and Hemispheric Affairs, said during the hearing. When the balloon was spotted, it was not determined to have “hostile intent,” Sims said, and officials did not believe it would impact aviation routes or present a significant intelligence gathering ability. That changed when the balloon began drifting over the lower 48 states, but while it was over Alaska, officials determined it was not over critical infrastructure.

The House on Thursday passed a symbolic resolution condemning China’s surveillance balloon with a vote of 419 to zero.

The FBI investigation into recovered balloon is the first of its kind in the bureau’s history, senior FBI officials familiar with the operation said Thursday as they described the initial stages and what’s been recovered so far.

The officials said that this is the first time the FBI has investigated a spy balloon of this nature and assisted with the processing of such a scene. The officials added that understanding the components of the balloon is vital intelligence and could be “important pieces of evidence for future criminal charges that could be brought.”

The parts of the balloon recovered on the surface of the ocean have been delivered so far, while recovering additional pieces of the balloon that sunk has been complicated by bad weather, officials said.

It’s not yet clear where the balloon’s parts were manufactured, the officials said, including whether any of the pieces were made in America. Because analysts have yet to look at the bulk of the equipment on the balloon, the officials said that there has not been a determination as to everything the device was capable of doing and its specific intent.

Of the small portion they have examined, analysts have not identified any sort of explosive or “offensive material” that would pose a danger to the American public.

The FBI was alerted to the balloon on February 1, the officials said, because the intelligence community had determined that the balloon had an electronic element to it. By late Sunday – the day after the balloon was shot down – agents had arrived at the scene, and the first pieces of recovered evidence arrived at the FBI lab in Quantico on Monday.

There was English writing on parts of the balloon that were found, one of the sources familiar with the congressional briefings said, though they were not high-tech components. The source declined to provide detail on what specific parts of the balloon contained English writing.

Bloomberg News first reported that components of the balloon had English writing on them.

The State Department official said the balloon was part of a Chinese fleet developed to conduct surveillance operations” with a manufacturer tied to China’s People’s Liberation Army (PLA), the official added.

The official suggested that the US is eyeing sanctions for the presence of the balloon in US airspace – which US officials have repeatedly called a violation of US sovereignty and international law – noting the US “will also explore taking action against PRC entities linked to the PLA that supported the balloon’s incursion into US airspace.”

A recovery operation to secure debris from the balloon is ongoing with analysis continuing at an FBI laboratory in Virginia, but the officials’ remarks suggest the US has already established the balloon was operating with electronic surveillance technology.

However, the US has said it has been able to prevent the balloon from intercepting US communications.

“The high-altitude balloons’ equipment was clearly for intelligence surveillance and inconsistent with the equipment onboard weather balloons. It had multiple antennas to include an array likely capable of collecting and geo-locating communications. It was equipped with solar panels large enough to produce the requisite power to operate multiple active intelligence collection sensors,” the official added.

“We could track the exact path of the balloon and ensure no activities or sensitive unencrypted comms would be conducted in its vicinity,” a senior administration official said this week. “The US military took immediate steps to protect against the balloon’s collection of sensitive information, mitigating any intelligence value to the PRC.”

President Joe Biden suggested Wednesday that bilateral relations with China had not been affected by the balloon fallout, but China reacted angrily to the shootdown, refusing a call with Secretary of Defense Lloyd Austin, and Secretary of State Antony Blinken canceled a high-stakes trip to Beijing on Friday. New sanctions in response to the balloon would likely further inflame tensions.

“We know these balloons are all part of a PRC fleet of balloons developed to conduct surveillance operations. These kinds of activities are often undertaken at the direction of the People’s Liberation Army (PLA),” the senior State Department official added.

China “has overflown these surveillance balloons over more than 40 countries across five continents,” the State Department official said, noting that “the Biden Administration is reaching out to countries directly about the scope of this program and answer any questions.”

The official said that based on China’s “messaging and public comments, it’s clear that they have been scrambling to explain why they violated US sovereignty and still have no plausible explanation – and have found themselves on their heels.”

“As we saw with the second balloon over Central and South America that they just acknowledged, they also have no explanation for why they violated the airspace of Central and South American countries,” the official said. “The PRC’s program will only continue to be exposed, making it harder for the PRC to use this program.”

Source link

February 9, 2023
What is a suspected Chinese spy balloon doing above the US? | CNN

Seoul, South Korea
CNN
—

News that the Pentagon is monitoring a suspected Chinese surveillance balloon in the skies over the continental United States raises a series of questions – not least among them, what exactly it might be doing.

US officials have said the flight path of the balloon, first spotted over Montana on Thursday, could potentially take it over a “number of sensitive sites” and say they are taking steps to “protect against foreign intelligence collection.”

But what’s less clear is why Chinese spies would want to use a balloon, rather than a satellite to gather information.

This is not the first time a Chinese balloon has been spotted over the US, but this seems to be acting differently to previous ones, a US defense official said.

“It is appearing to hang out for a longer period of time, this time around, [and is] more persistent than in previous instances. That would be one distinguishing factor,” the official said.

Using balloons as spy platforms goes back to the early days of the Cold War. Since then the US has used hundreds of them to monitor its adversaries, said Peter Layton, a fellow at the Griffith Asia Institute in Australia and former Royal Australian Air Force officer.

But with the advent of modern satellite technology enabling the gathering of overflight intelligence data from space, the use of surveillance balloons had been going out of fashion.

Or at least until now.

Recent advances in the miniaturization of electronics mean the floating intelligence platforms may be making a comeback in the modern spying toolkit.

“Balloon payloads can now weigh less and so the balloons can be smaller, cheaper and easier to launch” than satellites, Layton said.

Blake Herzinger, an expert in Indo-Pacific defense policy at the American Enterprise Institute, said despite their slow speeds, balloons aren’t always easy to spot.

“They’re very low signature and low-to-zero emission, so hard to pick up with traditional situational awareness or surveillance technology,” Herzinger said.

And balloons can do some things that satellites can’t.

“Space-based systems are just as good but they are more predictable in their orbital dynamics,” Layton said.

“An advantage of balloons is that they can be steered using onboard computers to take advantage of winds and they can go up and down to a limited degree. This means they can loiter to a limited extent.

“A satellite can’t loiter and so many are needed to criss-cross an area of interest to maintain surveillance,” he said.

According to Layton, the suspected Chinese balloon is likely collecting information on US communication systems and radars.

“Some of these systems use extremely high frequencies that are short range, can be absorbed by the atmosphere and being line-of-sight are very directional. It’s possible a balloon might be a better collection platform for such specific technical collection than a satellite,” he said.

Retired US Air Force Col. Cedric Leighton, a CNN military analyst, echoed those thoughts.

“They could be scooping up signals intelligence, in other words, they’re looking at our cell phone traffic, our radio traffic,” Leighton told CNN’s Erin Burnett.

Intelligence data collected by the balloon could be relayed in real time via a satellite link back to China, Layton said.

Analysts also noted that Montana and nearby states are home to US intercontinental ballistic missile silos and strategic bomber bases.

US officials say they have taken actions to ensure the balloon cannot collect any sensitive data. They decided against shooting it down because of the risk to lives and property by falling debris.

And if the US could bring down the balloon within its territory without destroying it then the balloon might reveal some secrets of its own, Layton added.

But maybe there are no secrets or spying involved. This could be just an accident, with the balloon blown off course or Chinese operators losing control of it somehow.

“There’s at least some possibility that this was a mistake and the balloon ended up somewhere Beijing didn’t expect,” Herzinger said.

For its part, China says it’s looking into things.

“We are aware of reports [of the balloon] and are trying to understand the circumstances and verify the details of the situation,” a Foreign Ministry spokesperson said Friday. “I’d like to stress that before it becomes clear what happened, any deliberate speculation or hyping up would not help handling of the matter.”

Source link

February 3, 2023
Zuckerberg weighed naming Cambridge Analytica as a concern in 2017, months before data leak was revealed | CNN Business

CNN
—

Mark Zuckerberg considered disclosing in 2017 that Facebook

(FB) was investigating “organizations like Cambridge Analytica” alongside Russian foreign intelligence actors as part of an election security assessment before ultimately removing the reference at his advisers’ suggestion, according to a 2019 deposition conducted by the Securities and Exchange Commission and reviewed by CNN.

The omitted reference provides insight into Zuckerberg’s thinking on Cambridge Analytica in the critical months before press reports would reveal that the data analysis firm affiliated with Donald Trump’s 2016 presidential campaign had improperly gained access to tens of millions of Facebook users’ personal information. The data leak prompted a global outcry that led to hearings, an apology tour from Zuckerberg and Facebook’s $5 billion privacy settlement with the US government.

The deposition transcript suggests that in 2017, Zuckerberg considered Cambridge Analytica a potential election concern on par with Russian election meddling efforts even though he said he did not know about the data leak first discovered by Facebook staffers in 2015. It also points to how Facebook staffers had opportunities to brief Zuckerberg on that leak, but chose not to, prior to reports about the incident that surfaced in 2018.

Zuckerberg’s remarks in the deposition offer the clearest picture yet of what Zuckerberg knew about Cambridge Analytica, and when. The timeline of events has previously been scrutinized intensely by US lawmakers, state attorneys general and investors who have sued Facebook, now known as Meta, for allegedly breaching its fiduciary duties in connection with the data leak incident.

Meta declined to comment on the release of the transcript, saying its case with the SEC involving the deposition had been settled for more than three years. The settlement in 2019 for $100 million resolved US government allegations that Facebook had misled investors for years after staffers first discovered the data leak.

The SEC deposition transcript was released Tuesday by the Real Facebook Oversight Board, a watchdog group, that had obtained the document via a public records request. The transcript was first reported on Tuesday by Reuters, which had obtained the document through a separate records request.

“This transcript reveals that something changed between January 2017 and September 2017 for Zuckerberg to deem Cambridge Analytica a threat commensurate with Russian Intelligence,” said Zamaan Qureshi, policy advisor at the Real Facebook Oversight Board. “But for reasons the Facebook CEO has still not disclosed, the world would only learn about Cambridge Analytica in March 2018.”

In September 2017, Zuckerberg released a public statement about Facebook’s efforts to safeguard election integrity, saying the company would look into the impact that foreign actors, “Russian groups and other former Soviet states,” and “organizations like the campaigns” had on Facebook during the 2016 elections.

But according to the court documents, Zuckerberg had originally proposed naming Russian foreign intelligence and Cambridge Analytica in the same breath.

“We are already looking into foreign actors including Russian intelligence, actors in other former Soviet states and organizations like Cambridge Analytica,” Zuckerberg initially wrote, according to the draft the SEC produced in the deposition and that Zuckerberg testified was authentic.

Zuckerberg testified that the reference to Cambridge Analytica was removed after a staffer recommended against naming specific organizations. “This was not something I think was particularly important to the overall communication,” he said, according to the transcript. “So I think when people raised this, I just took it out.”

The testimony suggests he became aware of Cambridge Analytica around the same time as the general public, through press reporting around the 2016 election on the firm’s marketing claims. But it also suggests that he was kept in the dark about the Cambridge Analytica-linked data leak that predated the election and would eventually lead to Facebook’s broader reckoning with regulators and policymakers.

The Cambridge Analytica saga began with a psychology professor who harvested data on millions of Facebook users through an app offering a personality test, then gave it to a service promising to use vague and sophisticated techniques to influence voters during a high-stakes election where the winning presidential candidate won narrowly in several key states.

A 2020 report by the UK Information Commissioner’s Office later cast significant doubt on Cambridge Analytica’s capabilities, suggesting many of them had been exaggerated. But the improper sharing of Facebook data triggered a cascade of events that has culminated in numerous investigations and lawsuits.

After hearing about Cambridge Analytica’s claims that it could use personal data to build “psychographic profiles” of voters who could then be targeted with effective political advertising, Zuckerberg began asking subordinates whether the firm’s marketing had any merit.

In one January 2017 email produced by the SEC, Zuckerberg asked staffers to “explain to me what they actually did from an analytics and ad perspective and how advanced it was.”

Explaining his thought process further, Zuckerberg testified: “Like, are these folks actually doing anything novel? Or are they just talking about data in a puffed-up way …. My understanding from those conversations is that, to summarize it very quickly, it was much closer to the latter.”

But even though Facebook as an organization knew by that point, in 2017, that Cambridge Analytica had obtained Facebook users’ personal information in violation of the platform’s policies, that incident was never raised to Zuckerberg as a piece of potentially relevant context, according to the deposition. Following Facebook’s discovery of the leak, the company required Cambridge Analytica to delete the data it had improperly obtained through a third party and ordered the firm to sign a certification indicating its compliance.

Zuckerberg testified that he did not get “fully up to speed” on the 2015 data leak, and Facebook’s response to it, until March 2018, when public reports about the incident emerged.

In the deposition, Zuckerberg explained that he was not briefed earlier likely because Facebook considered the 2015 incident a “closed case until 2018, when new allegations came up that suggested that maybe Cambridge Analytica had lied to us” about having deleted the Facebook data. (The UK ICO’s report later found that Cambridge Analytica did appear to take some steps toward deleting the data, but it also expressed doubts about whether those steps were effective enough.)

Zuckerberg reaffirmed in his testimony that had Facebook moved more swiftly to implement an existing and separate plan restricting app developers’ access to Facebook information, the data leak could likely have been avoided from the start.

Source link

December 23, 2022
UK bans Chinese surveillance cameras from ‘sensitive’ sites | CNN Business

Hong Kong
CNN Business
—

Hikvision, a leading Chinese surveillance company, has denied suggestions that it poses a threat to Britain’s national security after the UK government banned the use of its camera systems at “sensitive” sites.

The restrictions, announced Thursday, will prevent authorities from installing technology that is produced by companies subject to China’s National Intelligence Law, which requires Chinese citizens and organizations to cooperate with the country’s intelligence and security services.

In a statement to CNN Business on Friday, Hikvision said it was “categorically false to represent Hikvision as a threat to national security.”

The company said it was hoping to engage with UK officials “urgently” to understand the decision, and had previously spoken with the UK government to clear up what it saw as misunderstandings about its business.

“Hikvision is an equipment manufacturer that has no visibility into end users’ video data,” the Hangzhou-based company said. “Hikvision cannot access end users’ video data and cannot transmit data from end-users to third parties. We do not manage end-user databases, nor do we sell cloud storage in the UK.”

In a statement to the UK parliament on Thursday, Cabinet Office Minister Oliver Dowden said that after a security review, government departments had been instructed to stop deploying equipment produced by companies that are subject to the National Intelligence Law.

Dowden cited “the threat to the UK and the increasing capability and connectivity of these systems,” without specifying further.

Government departments have also been advised to consider whether to “remove and replace such equipment where it is deployed on sensitive sites rather than awaiting any scheduled upgrades,” he said. The minister added that departments could review whether sites not deemed sensitive should also be taking similar measures.

The move comes months after UK lawmakers called for a ban on technology by Hikvision and Dahua, another Chinese surveillance camera maker, citing allegations that the firms had been involved in enabling human rights abuses against Uyghurs in Xinjiang.

The United States in 2019 placed Hikvision and other Chinese companies on a trade blacklist, prohibiting them from importing US technology over similar allegations.

In a statement released in July by Big Brother Watch, a British nonprofit group that investigates the use of surveillance systems, 67 members of the UK parliament said the Chinese companies should be prohibited from selling their products in the country.

Big Brother Watch said at the time that it had “found that the majority of public bodies use CCTV cameras made by Hikvision or Dahua, including 73% of councils across the UK, 57% of secondary schools in England, 6 out of 10 National Health Service Trusts, as well as UK universities and police forces.”

Earlier this year, a UK health minister disclosed that there were 82 Hikvision products in use in his department.

Hikvision, in its statement, said its cameras were compliant with UK laws and “subject to strict security requirements.”

Dahua did not immediately respond to a request for comment.

Source link

November 25, 2022
Unconfirmed Liz Truss phone hack report prompts calls for investigation | CNN

London
CNN
—

The UK government is facing calls to investigate after an unconfirmed media report claimed former British Prime Minister Liz Truss’ phone was hacked while she was foreign secretary.

The UK’s Mail on Sunday newspaper reported that private messages between Truss and international foreign ministers, including messages about the war in Ukraine, as well as messages with former finance minister Kwasi Kwarteng fell “into foreign hands.”

The paper claimed that the hack was discovered during the Conservative Party leadership campaign over the summer, which ultimately saw Truss named prime minister.

The paper also claimed that “agents suspected of working for the Kremlin” were behind the hack, citing unnamed sources.

CNN cannot independently verify the Mail on Sunday claims, whether a hack occurred or who might have been behind it.

CNN has reached out to the Russian Ministry of Foreign Affairs for comment.

A UK government spokesperson told CNN that the government “do not comment on individuals’ security arrangements,” but added it had “robust systems in place to protect against cyber threats.”

Chair of the government’s Defense Select Committee, Conservative MP Tobias Ellwood, told Sky News on Sunday that Russia is “getting better and better at these cyber-attacks and hacking.”

“We take the most stringent measures to make sure it doesn’t happen,” he said adding that “it is something for the intelligence and security committee to investigate further.”

UK opposition parties have demanded an investigation into the reported claims.

The Labour Party’s shadow Home Secretary Yvette Cooper said in a statement the report raises, “immensely important national security issues… which will have been taken extremely seriously by our intelligence and security agencies.”

The Liberal Democrats foreign affairs spokesperson Layla Moran also called for an “urgent independent investigation to uncover the truth” in a tweet Saturday.

Source link

October 30, 2022
How Meta got caught in tensions between the US and EU | CNN Business

CNN
—

Facebook-parent Meta has perhaps become the most high-profile casualty of a long-running privacy dispute between Europe and the United States — but it may not be the last.

Meta has been fined a record-breaking €1.2 billion ($1.3 billion) by European Union regulators for violating EU privacy laws by transferring the personal data of Facebook users to servers in the United States. Meta said Monday it would appeal the ruling, including the fine.

The historic fine against Meta — and a potentially game-changing legal order that could force Meta to stop transferring EU users’ data to the United States — isn’t just a one-off decision limited to this one company or its individual business practices. It reflects bigger, unresolved tensions between Europe and the United States over data privacy, government surveillance and regulation of internet platforms.

Those underlying and fundamental disagreements, which have simmered for years, have now come to a head, casting a significant shadow over thousands of businesses that depend on processing EU data in the United States.

Beyond its huge economic implications, however, the fine has once again highlighted Europe’s deep mistrust of US surveillance powers — right as the US government is trying to build its own case against foreign-linked apps such as TikTok over similar surveillance concerns.

The origins of Meta’s fine this week trace back to a 2020 ruling by Europe’s top court.

In that decision, the European Court of Justice struck down a complex transatlantic framework Meta and many other companies had been relying on until then to legally move EU user data to US servers in the ordinary course of running their businesses.

That framework, known as Privacy Shield, was itself the outgrowth of European complaints that US authorities didn’t do enough to protect the privacy of EU citizens. At the time Privacy Shield was created, the world was still reeling from disclosures made by National Security Agency leaker Edward Snowden. His disclosures highlighted the vast reach of US surveillance programs such as PRISM, which allowed the NSA to snoop on the electronic communications of foreign nationals as they used tech tools built by Google, Microsoft, and Yahoo, among others.

PRISM relied on a basic fact of internet architecture: Much of the world’s online communications take place on US-based platforms that route their data through US servers, with few legal protections or recourse for either foreigners or Americans swept up in the tracking.

A 2013 European Parliament report on the PRISM program captured the EU’s sense of alarm, noting the “very strong implications” for EU citizens.

“PRISM seems to have allowed an unprecedented scale and depth in intelligence gathering,” the report said, “which goes beyond counter-terrorism and beyond espionage activities carried out by liberal regimes in the past. This may lead towards an illegal form of Total Information Awareness where data of millions of people are subject to collection and manipulation by the NSA.”

Privacy Shield was a 2016 US-EU agreement designed to address those concerns by making US companies certifiably accountable for their handling of EU user data. For a time, it seemed as if Privacy Shield could be a lasting solution facilitating the growth of the internet and a globally connected society, one in which the free flow of data would not be impeded.

But when the European Court of Justice invalidated that framework in 2020, it reiterated longstanding surveillance concerns and insisted that Privacy Shield still didn’t provide EU citizens’ personal information the same level of protection in the US that it enjoys in EU countries, a standard required under GDPR, the EU’s signature privacy law.

The loss of Privacy Shield created enormous uncertainty for the more than 5,300 businesses that rely on the smooth transfer of data across borders. The US government has said transatlantic data flows support the more than $7 trillion dollars of economic activity that occurs every year between the United States and the European Union. And the US Chamber of Commerce has estimated that transatlantic data transfers account for about half of all data transfers in both the US and the EU.

The Biden administration has moved to implement a successor to Privacy Shield that contains some changes to US surveillance practices, and if it is fully implemented in time, it could prevent Meta and other companies from having to suspend transatlantic data transfers or some of their European operations.

But it’s unclear whether those changes will be enough to be accepted by the EU, or whether the new data privacy framework could avoid its own court challenge.

The possibility that US-EU data transfers may be seriously disrupted is refocusing scrutiny on US surveillance law just as the US government has been sounding its own alarms about Chinese government surveillance.

US officials have warned that China could seek to use data collected from TikTok or other foreign-linked companies to benefit the country’s intelligence or propaganda campaigns, using the personal information to identify spying targets or to manipulate public opinion through targeted disinformation.

But US moral authority on the issue risks being eroded by the EU criticism, a problem for the US government that may only be compounded by its own missteps.

Just last week, a federal court described how the FBI improperly accessed a vast intelligence database meant for surveilling foreign nationals in a bid to gather information on US Capitol rioters and those who protested the 2020 killing of George Floyd.

The improper access, which was not “reasonably likely” to retrieve foreign intelligence information or evidence of a crime, according to a Justice Department assessment described in the court’s opinion, has only inflamed domestic critics of US surveillance law, and could give ammunition to EU critics.

The intelligence database at issue was authorized under Section 702 of the Foreign Intelligence Surveillance Act — the same law used to justify the NSA’s PRISM program and which the EU has repeatedly cited as a danger to its citizens and a reason to suspect transatlantic data sharing.

While the US distinguishes itself from China based on commitments to open and democratic governance, the EU’s concerns about the US are not much different in kind: They come from a place of deep mistrust of broad surveillance authority and suspicions about the potential misuse of user data.

For years, civil liberties advocates have alleged that Section 702 enables warrantless spying on Americans on an enormous scale. Now, the FBI incident may only further validate EU fears; add to the existing concerns that led to Meta’s fine; contribute to the potential unraveling of the US-EU data relationship; and damage US credibility in its push to warn about the hypothetical risks of letting TikTok data flow to China.

If a new transatlantic data agreement is delayed or falls apart, Meta won’t be the only company stuck with the bill. Thousands of other companies may get caught in the middle, and the United States will have to hope nobody looks too closely at why while still trying to make a case against TikTok.

Source link

April 12, 2021