Cyber Scene #77 - Take 2: The Red Balloon Around the World in X Days
Cyber Scene #77 -
Take 2: The Red Balloon Around the World in X Days
The world is amused and threatened of late by the new elephant in the room (or flying Dumbo): the red balloon, discovered above in commanding digital heights. The future is yesterday, and the U.S. has many compassionate continents worrying about Chinese overhead access as well. It is likely that China did not intend, in fact, for any discovery of their "oversight" and certainly not on the cusp of U.S. Secretary of State Antony Blinken's now postponed trip to China. It also seems that China was not in control of the exact flight path, and certainly not its descent. But here it is, shot down along South Carolina's coast and sending countries around the world examining their own skies.
On 14 February, an analysis of China's "balloon blunder" by the Atlantic Council's Mark Parker Young underscores horrid timing which "…stemmed from both operational miscalculations and bureaucratic shortfalls." While the article notes that the country's internal decision-making is "opaque" he believes that "…the composition of China's national security apparatus highlights factors that probably contributed to the misjudgment." He dismisses as not/not credible China's denial of any PLA intelligence collection and that the balloon had been blown off course to North and South America.
Internally, China's stove-piped structure led the PLA to not collaborate with its leader Xi, who had been working with the Biden administration on this "carefully choreographed series of exchanges." Young blames the PLA for not coordinating and cites their lack of posting senior military overseas, as the U.S. does, to understand the global picture. The "embarrassing exposure," Speaker of the House Kevin McCarthy's reported plans to visit Taiwan, and China's dismissing the U.S. warnings of Russia's invasion of Ukraine may raise XI's concern about the "uncertainties of aggressive military actions."
As reported on 12 February in the Economist's "What Tencent's rebound says about prospects for China's big tech," China's mega cyber company dropped in value from $900billion to $250billion over the last two years. The initial success was due to the company increasing video games—exceedingly lucrative-- and decreasing semiconductor work. Leader Xi wants to reverse this. The downside now is that "…closeness with the state could hurt foreign earnings, for example from Tencent's international gaming business. At home, cyberspace, media and antitrust agencies have gained new powers—and are willing to wield them. Censorship, always part of Chinese life, is intensifying as leader Xi entrenches his strongman rule."
On the other side of the Pacific, the U.S. is increasing warning about Chinese threats. The Hill on 16 February reported the FBI's Cyber Division Deputy Assistant Director, Cynthia Kaiser's statement at a Secretaries of States conference that Chinese hackers are a "growing threat" and that given their activity in the 2022 midterm elections, "significant Chinese cyber activity" is to be expected in 2024.
In the same above 16 February edition of The Hill, an overview by the Departments of Justice (DOJ) and Commerce (DOC) addresses technology threats from both Russia and China. The DOJ has the lead for the Disruptive Technology Strike Force to include experts from FBI (see above), the Department of Homeland Security (DHS) Investigations, and 14 U.S. attorneys' offices from 12 metro areas to attack cyber actors, prevent U.S. technologies from acquisition by adversaries, and strengthen U.S. supply chains.
On the home front, the Washington Post on 9 February published an Editorial Board Opinion on how Biden's challenge to Congress to rein in Big Tech might play out successfully. The most interesting angle is the fact that, as in the past, interest in Big Tech was a unifying force in Congress. But now this occurs for the opposite reason: right and left are not admiring Big Tech together, but trying to work, as bipartisans, to reform it. From this point on, there are, of course, expected disagreements. Biden has recently called for reform on three issues: Section 230 of the Communications Decency Act of 1996, antitrust, and privacy. The first appears as a chasm regarding Section 230 which widens rather than finding common ground and is troubled by political, logistical, and constitutional challenges. The second, antitrust, was discussed by Biden in his State of the Union address, proposing that big online platforms should stop making their own products disadvantaged. (There is more to follow shortly re antitrust.) The opinion piece notes that, "…no matter the reason for a lawmaker's animus toward Silicon Valley, limiting the companies' power seems to be an appealing solution." The third issue—privacy--is viewed as the "most likely to succeed." Biden broached the need "…to stymie technology companies in the 'experiment they are running' on kids "for profit." The Editorial Board believes that a new federal privacy law that covers everyone (especially kids) "…should be a slam dunk for this Congress." One issue—data collection—relates to how nearly everyone plies the internet with mounds of personal information. Biden is calling for Congress to impose "stricter limits on the personal data these companies (Big Tech) collect on all of us." The article closes by saying that although there are additional considerations regarding state vs. federal laws on such collection, "…an aggressive assist from the White House…might be the move that wins the game."
The first issue—Section 230--is pursued by The Economist on 16 February in a literary start. It cites author Jorge Luis Borges' 1941 "Library of Babel" whose books full of everything are so overwhelming they become "gibberish." This may apply to the Supreme Court's consideration of Gonzalez v Google and Taamneh v Twitter will which reach the Court just about when you will be reading this Cyber Scene. The cases involve cracking down on algorithm online platforms for curating purposes. The law of Section 230 provides that providers and users of an interactive computer service are immunized from liability for harmful posts created by other people. It also allows for platforms to remove posts that are "obscene…excessively violent, harassing or otherwise objectionable—even if they are constitutionally protected." This is hugely problematic. Both Presidents Trump and Biden initially called for repeal, but now Biden finds reform vice repeal a better option. Given the violence and death involved in both YouTube-related lawsuits cited above, voices are speaking loudly from many directions—the Anti-Defamation League, Sen. Ted Cruz (R-TX), law professors, Big Tech entities of course, and Thomas Wheeler, the former chair of the Federal Communications Commission who worries about tech companies' freedom where "conduct becomes content; Somebody has to draw a line." The big question is where.
Back to antitrust, the Federal Trade Commission (FTC) has been activity working on an antitrust lawsuit against Amazon as reported by Dana Mattioli and Brent Kendall with the Wall Street Journal on 3 February, four days before the State of the Union address. In fact, the FTC has been scrutinizing Amazon for years. One prominent issue is whether Amazon has been giving advantage to its own products over competitors on its own platforms. If this advances to court, the DOJ which shares antitrust authority with the FTC, has already advanced lawsuits against Google which are likely to move forward. The House Antitrust Subcommittee had been involved for 16 months ending in 2020 in investigation of Amazon, Apple, Google, and Meta. The article goes on to dig down into considerable conflict in Congress moving forward with the biggest of the Big Techs over the last 2 years.
Cyber Scene will keep a vigilant eye on the future of issue 3—privacy and how this challenge is resolved. Next Cyber Scene we will include the UK in widely global cyber issues. Before closing this Cyber Scene, it is imperative that we celebrate the success since July 2021 of the U.S. first National Cyber Director (John) Chris Inglis, who has resigned on 15 February. Although accolades arrive from many corners, starting with CNN in December 2022 with the announcement of Inglis' plans to pass the baton, Tim Starks' Cybersecurity reporting from the Washington Post 15 February seems to relay the history and the future since the Senate approved his appointment unanimously.
This readership is familiar with the Cyberspace Solarium Commission which had advocated for the creation of an Office of the National Cyber Director (ONCD). The creation of the ONCD was vetoed in 2020 by Trump but overturned on 1 Jan. 2021 by Congress. The creation of this 100-staffed organization in record time is for the books. Inglis is succeeded by his deputy, Kemba Walden, at least temporarily, as the Senate will have the last say if she is the candidate up for permanent confirmation. The Biden National Cybersecurity Strategy which Inglis initiated is in the last throes of finalization, and is expected any day now, and perhaps before you read this as a parting gift to us all.