Cyber Month in Review: July 2024

CrowdStrike update causes global disruptions 

In mid-July, a coding error in a software update pushed by cybersecurity company CrowdStrike caused widespread computer outages worldwide, disrupting flights and hospitals and causing an estimated $5.4 billion in direct losses to companies. Delta Air Lines was particularly affected by the outage, being forced to ground most of its flights and suffering more than $500 million in losses before it was able to resolve some of the outages. An error in CrowdStrike’s internal validation system, which is used to test updates before they’re pushed to real users, allowed the flawed update to go out before it was retracted an hour and a half later. Recovering from the issues brought about by the update is a labor intensive process and in some cases requires a device to be manually rebooted in safe mode; repeating this process across the thousands or millions of computers that make up a corporate network can take days or weeks.   

Senate passes two child online safety bills 

The U.S. Senate is set to pass two major online safety bills aimed at protecting children and teens on social media platforms. The bills, the Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0), passed the Senate by a vote of 91-3. COPPA 2.0 would update a 1998 law of the same name which was aimed at reducing targeted advertising aimed at children, and would carry three key changes compared to the 1998 version: it would raise the maximum age of children covered under the law from thirteen to seventeen; update the law’s definition of personal information to include biometric indicators; and close a loophole that allowed companies to track children online if they didn’t have “actual knowledge” that their users were children. KOSA would require social media companies to implement stronger privacy settings by default for minors, cut back on addictive features such as notifications and auto-play, and provide tools for parents to control and monitor their children's online activity. KOSA has drawn pushback from privacy rights groups, who argue that it could lead to unintended censorship and constrain children’s rights to free expression.  

World Trade Organization members agree to ban tariffs on data flows 

Members of the World Trade Organization (WTO) have reached an agreement to ban tariffs on cross-border data transmissions for the next two years. The agreement has thus far been supported by ninety-one countries and comes after more than five years of negotiations; it prohibits tariffs on digital content and standardizes for e-documents and e-signatures, with the aim of reducing the need for physical documents to allow for easier and more efficient international trade. The agreement also includes provisions to help developing countries integrate into the global digital economy, promoting economic inclusiveness and job creation. Despite this progress, and its central role in parts of the negotiations, the United States has not endorsed the agreement due to concerns over security and data flow regulations, with full consensus among all 166 WTO members still needed for formal adoption.  

China’s internet regulator rolls out proposal for national internet ID system 

China is considering introducing a nationwide digital identification system for internet users which would be administrated by the government. Chinese companies are currently required to track users’ activity based on their phone numbers and personal IDs; however, new regulation, proposed by the Cyberspace Administration of China (CAC) and the Ministry of Public Security (MPS), would roll out a government version of this registration system. Centralizing an ID system would likely make the job of China’s censors easier, allowing them to track individuals across platforms via a universal ID. But regulators also said that the change would increase citizens’ privacy by reducing the amount of sensitive personal data companies need to collect and hold. Some experts in China pushed back on the government’s justification for the regulation, with Lao Dongyan, a law professor at Tsinghua University, arguing online that “the real purpose of the proposal is to tighten the control of individuals' online speech and behavior.” 

Bangladeshi government shuts off internet service for five days in response to protests 

The Bangladeshi government shut down internet access to large swathes of the country for five days between July 19 and 23 amid protests against the reinstatement of a system that reserves 30 percent of government jobs for descendants of veterans of the Bangladesh’s war for independence. The protestors and police have clashed frequently and more than 150 people have been killed since the start of the protests. The shutdowns, which have been paired with strong limits on traditional media reporting, have severely constrained the flow of information around the protests; experts and civil society organizations have said that the lack of information around the protests has created and exacerbated trust deficits among the public, especially among expatriate Bangladeshis, who may be seeking information about family members and friends still living in the country.  

DoJ releases report on government information-sharing with social media platforms 

The U.S. Department of Justice Office of the Inspector General (OIG) released a report on information-sharing between the government and social media companies. The report outlines U.S. efforts to combat Russia’s influence efforts via information-sharing and provides recommendations on creating new policies and procedures around information-sharing; the report outlines the FBI’s “actor-driven versus content-driven" approach to combatting misinformation. Instead of policing specific types of content or narratives, the FBI and DoJ instead seek to track and report on the activities of specific foreign actors. The report found that the FBI and other intelligence agencies had some classified procedures in place to govern information-sharing and that the information-sharing broadly carried no implications for First Amendment rights; however, the OIG also found that the FBI and DoJ would be best served by better articulating how they aim to curb the risks to the First Amendment and the policies and procedures that govern this work.