Cyber Week in Review: March 1, 2024
from Net Politics and Digital and Cyberspace Policy Program
from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: March 1, 2024

A coal power plant is pictured in Walsum, a suburb of the western town of Duisburg October 2, 2012.
A coal power plant is pictured in Walsum, a suburb of the western town of Duisburg October 2, 2012. Ina Fassbender/Reuters

Biden signs data security executive order; PCAST issues report on critical infrastructure; DeSantis vetoes ban on social media for teens; Malawi stops issuing passports after hack; Meta creates new EU counter-disinformation group.

March 1, 2024 5:30 pm (EST)

A coal power plant is pictured in Walsum, a suburb of the western town of Duisburg October 2, 2012.
A coal power plant is pictured in Walsum, a suburb of the western town of Duisburg October 2, 2012. Ina Fassbender/Reuters
Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Biden issues Executive Order on U.S. data security

President Biden issued an Executive Order to protect Americans' sensitive data, including genomic data, biometric data, personal health data, geolocation data, and financial data, from exploitation by six countries of concern: China, Russia, Iran, North Korea, Venezuela, and Cuba. The order will limit or prohibit the sale of six kinds of data: precise geolocation data, biometric data, human genomic data, personal health data, and personal financial data. Sales of personal data for active duty military personnel and certain current or former government officials will be entirely banned under the order. The Department of Justice will be the lead implementing agency for the order, with consultation from other agencies, including the Department of Commerce, and enforcement may take a similar form to sanctions regimes supervised by the Office of Foreign Assets Control (OFAC). Other parts of the Biden administration have been cracking down on data brokers, including the U.S. Federal Trade Commission's decision on January 9 to ban data brokers X-Mode Social and Outlogic from selling sensitive geolocation data; however, while the FTC can take action against individual brokers, the order focuses on general trading and selling of bulk data to specific countries. The order will not affect data sales within the United States or to countries other than the six identified in the order. President Biden urged Congress to pass a more robust privacy legislation that would address domestic data broker concerns and protect children's privacy and safety.

President’s Council of Advisors on Science and Technology issues strategy for critical infrastructure

The President’s Council of Advisors on Science and Technology (PCAST) issued a strategy for ensuring resilience in critical infrastructure systems that blend cyber elements with physical controls earlier this week. PCAST’s goal in releasing the strategy is to shift the United States’ approach away “from a futile quest for absolute invulnerability to a more realistic strategy in which we control the impact of failures” caused by cyber attacks and natural or accidental disruptions. The report offers recommendations across four broad categories: establishing performance goals for critical services, bolstering and coordinating research and development on cyber-physical resilience, breaking down and strengthening silos across government, and developing greater accountability for cyber-physical resilience across industry. PCAST recommends that the National Risk Management Center create a classified National Critical Infrastructure Observatory, that will provide a better understanding of U.S. critical infrastructure and can be used to identify single points of failure or a high reliance on certain technologies or resources. Experts have previously called on the Biden administration to strengthen the role of the Cyber Safety Review Board by: granting it subpoena power, making its directors full-time government employees, and expanding the number of incidents it investigates. The PCAST report echoes those experts and calls for an expanded role for the CSRB to allow it to “drive more impactful assessments across systems and society.”

DeSantis vetoes ban on social media for kids under sixteen

More on:

Technology and Innovation

Cybersecurity

Influence Campaigns and Disinformation

Florida's Legislature passed a social media bill requiring social media platforms—primarily Facebook, Instagram, Snapchat, TikTok, and YouTube—to ban users who are sixteen and under and terminate existing accounts belonging to underage users by deploying a third-party verification system. Members of the legislature said they hoped the bill would provide stronger regulation that protects minors and to reduce the risk of mental health decline associated with social media use among teenagers. Snapchat and Instagram's existing policies already prohibit users under thirteen from using their platforms, although a group of states’ attorneys general filed a lawsuit last year alleging that Meta routinely ignores reports of underage users. Critics of the Florida bill state that it violates First Amendment protections for free speech and freedom of the press and that parents, not the government, should control their children's access to social media. The bill's passing coincides with the Supreme Court's ongoing findings regarding Moody v. NetChoice LLC and NetChoice LLC v. Paxton, which will determine if content-moderation restrictions comply with the First Amendment. On Friday afternoon, Florida Governor Ron DeSantis announced he was vetoing the bill, and said he was working with legislators on an unspecified alternative plan.

Malawi stops issuing passports after hack

Malawi's government has suspended the issuing of passports following an alleged hack of the Department of Immigration and Citizenship Services’ computer network. President Lazarus Chakwera said that the hackers asked for millions of dollars in ransom money. However, the president stated that "[Malawi is] not in the business of appeasing criminals with public money, nor are we in the business of negotiating with those who attack our country." However, the situation may be more complicated, as the Centre for Democracy and Economic Development Initiative (CDEDI) claims that the passport system wasn't hacked, and that the government is lying to avoid paying license fees or outstanding bills from external printing companies, disguising the maintenance contract fee as ransom to garner public sympathy. Reports circulated on social media that TechnoBrain, the main supplier of Malawi's passports from 2019 to 2023, had shut off access to the system. The company has denied its involvement and stated that it properly transferred operations by a settlement reached between Techno-Brain and the Government of Malawi following the termination of its e-passport contract in October 2022. Malawi’s government has previously faced intermittent difficulties issuing passports since 2021, largely due to failure to pay outstanding bills and a shortage of materials.

Meta to assign special teams in Europe to fight election disinformation and AI abuse

Meta, the parent company of Facebook and Instagram, announced a number of steps to confront potential election interference in the EU. Meta will launch an E.U.-specific Elections Operation Center that will focus on combating misinformation, tackling influence operations, and countering the abuse of generative AI in real time ahead of the European Parliament elections in June. Additionally, Meta has ramped up its fact-checking network—the largest of any platform—by expanding with three new partners: Bulgaria, France, and Slovakia. Adding the three countries brings the total number of independent fact-checkers in the EU to twenty six. David Agranovich, the director of global threat disruption at Meta, stated, “It’s not just the moment around the election that matters—it’s all the work you have to do in the months leading up to them.” Meta’s new EU initiative follows the announcement that twenty tech companies signed a pact at the Munich Security Conference highlighting companies’ commitment to prevent AI abuse from altering election integrity this year.

 

Cecilia Marrinan is the intern for the Digital and Cyberspace Policy Program.

More on:

Technology and Innovation

Cybersecurity

Influence Campaigns and Disinformation

Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail
Close