| Welcome to The Cybersecurity 202! We're going to be on an abbreviated schedule in August, so look for us in your inbox from Tuesday to Thursday over the next few weeks. Was this forwarded to you? Sign up here. Below: A key senator readies an alternative plan to address concerns with TikTok, and the NSA is lobbying to save a surveillance loophole. First: | Privacy figures big into pros and cons of COPPA 2.0, KOSA | Sen. Maria Cantwell (D-Wash.) talks with Sen. Edward J. Markey (D-Mass.) during a Senate hearing in 2021. (Jabin Botsford/The Washington Post) | | | A Senate panel advanced two bills on Thursday designed to protect children online, but opponents say the legislation will actually damage kids' privacy. The Senate Commerce Committee approved the two measures, the Children and Teens' Online Privacy Protection Act (COPPA 2.0) and the Kids Online Safety Act (KOSA), by unanimous voice vote, signaling their bipartisan support. President Biden has urged Congress to pass the bills. | - COPPA 2.0, an update to a 1998 law, would extend the original COPPA's prohibitions on internet companies collecting and using personal information from children younger than 13 to children as old as 16 without their consent.
- KOSA would establish a legal standard for internet companies to protect minors and require additional parental controls.
| | The dynamic is not dissimilar to the debate over encryption, and features some of the same opponents at each other's throats. Child safety advocates say encryption makes it harder to catch criminals distributing child sexual abuse materials, while end-to-end encryption supporters say weakening it makes everyone vulnerable. Consider this a primer on the debate for those who haven't kept up on it. | | Sens. Richard Blumenthal (D-Conn.) and Marsha Blackburn (R-Tenn.) are the lead sponsors of KOSA, and Sens. Edward J. Markey (D-Mass.) and Bill Cassidy (R-La.) are the lead sponsors of COPPA 2.0. The chairwoman of the Commerce panel, Sen. Maria Cantwell (D-Wash.) touted the bills on Thursday. | - "We know that children and teens are uniquely vulnerable in the online world and they can be overwhelmed with the complexities of online content that is manipulated and targeted at them," Cantwell said about COPPA 2.0. "This bill strengthens protections, closes loopholes, and makes sure that we are focusing on children in a broader range of ages. It also helps protect and empowers teens, requiring consent before their data can be collected. We must ensure that we can provide better protections."
- "We have listened to many parents about their support of KOSA legislation and making sure that parents are empowered with tools they need to help protect the well-being of their children," Cantwell said.
| | Childrens' advocates are also happy with the bills. "KOSA and COPPA 2.0 would finally hold social media platforms accountable for how they impact young users and contribute to a worsening youth mental health crisis," said Jim Steyer, founder and CEO of Common Sense Media. "Today's bipartisan committee vote is a big step forward for the mental health and overall well-being of kids and their families." | | Lining up against the bill are civil liberties advocates and tech trade groups. Aliya Bhatia, policy analyst for the Center for Democracy and Technology's Free Expression Project, explained how the bill could require more collection of information on children: | - "KOSA requires online services to limit by default minors' ability to communicate with other users and to enable a parent or caregiver account to manage their child's privacy and account settings," she wrote this week. "These sorts of settings would not be appropriate to apply to adult users' accounts, as they would limit key functionality for adult users and put adults' privacy and safety at risk by giving another user the ability to control their communications."
- "Applying these sorts of restrictive settings only to the accounts of minors, and not all users, will require online service providers to collect additional data from all users, in order to distinguish adults from minors," she wrote.
| | And here she is on COPPA 2.0: | - "COPPA 2.0 presents similar age verification and privacy issues," she explained. "It applies to websites that are directed to children (under the age of 13) and teens (between 13 and 16 years old), or are reasonably likely to be used by children and teens."
- "Under the original COPPA, the distinction between websites directed to *young* children and other websites was at least somewhat clear (think Dora the Explorer versus a sports drink website)," she wrote. "If COPPA 2.0 passes, that distinction will be much less clear because 16-year-olds engage with almost all of the internet."
| | Tech industry group NetChoice offered similar lines of opposition. "If passed, KOSA and COPPA 2.0 will create massive privacy and security problems for American families," said the organization's vice president and general counsel Carl Szabo. "When it comes to determining the best way to help kids and teens use the internet, parents and guardians should be making those decisions, not the government." Additionally, groups that focus on LGBTQ+ issues fear that state attorneys general could use KOSA to censor LGBTQ+ content. | | |  | The keys | | Twitter under fire for restoring account that posted child abuse material | Such material, even if partially obscured, still qualifies as illegal, experts told our colleagues. (Monica Rodman/The Washington Post) | | | Twitter faced renewed scrutiny on Thursday over handling of child sexual abuse material (CSAM) after it reinstated the account of a right-wing influencer that tweeted a partially obscured image from a notorious child abuse video, our colleagues Joseph Menn and Drew Harwell report. Our colleagues write: "After some of the account's more than 500,000 followers complained that the account had been suspended for its political messaging, Twitter owner Elon Musk responded Wednesday by saying that it was because of the image." | - "Only people on our CSE team have seen those pictures," Musk tweeted in reference to the company's child sexual exploitation staff. "For now, we will delete those posts and reinstate the account." The image received more than 3 million views and 8,000 retweets, according to statistics from a cached version of the tweet from Tuesday.
| | Such material, even if partially obscured, still qualifies as illegal, experts told our colleagues. "Generally speaking, even if it is redacted, if it's clear it's a child, it's still CSAM," said Gavin Portnoy, vice president of the National Center for Missing and Exploited Children. | - Twitter in recent months has missed dozens of CSAM images on its platform, according to Stanford Internet Observatory research.
- U.S. lawmakers have long tried to curb CSAM online by removing liability protections for tech companies if they knowingly let their users share CSAM. But cybersecurity experts fear such efforts could prompt tech companies to stop offering end-to-end encryption for users.
| Top senator readying alternate plan to address TikTok security concerns | Sen. Maria Cantwell said she is crafting an alternative proposal to address alleged security risks of foreign technologies like TikTok. (Anna Moneymaker/Getty Images) | | | Sen. Maria Cantwell (D-Wash.), who chairs the Senate Commerce Committee, said she is crafting an alternative proposal to address alleged security risks of foreign technologies like TikTok, our colleague Cristiano Lima reports. Cantwell said the effort "is intended to give the executive branch greater power to identify and address perceived risks while granting Congress the power to keep those actions in check," Cristiano writes. The announcement means that another legislative proposal to address TikTok security concerns will soon enter the playing field. A separate bill called the RESTRICT Act — led by Sens. Mark R. Warner (D-Va.) and John Thune (R-S.D.) — would empower the Commerce Department to evaluate the security risks of foreign technologies and make recommendations about whether they should be ejected from the United States. | - The tech industry has pushed for a more narrow version of RESTRICT, arguing it may inadvertently affect other tech companies a minor piece of Chinese-connected code or hardware causes them to undergo national security reviews. Cantwell said her office thinks the bill "needs work."
- "Senator Warner welcomes the opportunity to work with the leadership of the Senate Commerce Committee to address threats from foreign-based technology," Warner spokesperson Rachel Cohen said in an email to Cristiano.
- More assertive efforts to outright ban TikTok have also made appearances on Capitol Hill.
| | The Cantwell proposal would seek to address broader national security risks without running afoul of the First Amendment and isn't designed to ban TikTok directly, according to a Senate Commerce aide who spoke on the condition of anonymity to discuss the measure. | As defense bill showdown looms, NSA lobbies against phone surveillance ban | A sign stands at the National Security Agency campus in Fort Meade, Md. (Patrick Semansky/AP) | | | National Security Agency officials are lobbying Congress to jettison legislation that would prevent intelligence agencies from paying data brokers for Americans' domestic location data, Dell Cameron reports for WIRED, citing Republican and Democratic aides familiar with ongoing defense spending negotiations. | - "Introduced by US representatives Warren Davidson and Sara Jacobs, the amendment, first reported by WIRED, would prohibit US military agencies from 'purchasing data that would otherwise require a warrant, court order, or subpoena' to obtain," Cameorn writes. That amendment made it into the House version of the annual defense policy bill two weeks ago.
- The House Judiciary Committee last week advanced the Fourth Amendment is Not For Sale Act, which would similarly bar law enforcement officials from evading the Fourth Amendment — which protects against warrantless searches — when making such purchases from data brokers. A Senate version of it is also on the way.
| | The WIRED report adds: "The extent to which the NSA in particular uses data brokers to obtain location and web browsing data is unclear, though it has previously acknowledged using data from 'commercial' sources in connection with cyber defense." The NSA did not return multiple requests for comment from the outlet. A declassified report released last month found that the U.S. intelligence community has heavily relied on purchased data, including data protected by the Fourth Amendment. | - The report comes as the Senate late Thursday approved its version of the annual defense policy bill, as our colleague Abigail Hauslohner reports. Both chambers must reconcile their differences in the coming months to get the must-pass defense budget legislation to President Biden's desk.
| | |  | Hill happenings | | Rep. Dave Joyce: Cutting CISA funding "a red line" | | Rep. Dave Joyce (R-Ohio), who leads the House Appropriations Committee's homeland security subcommittee and is facing pushback from far-right colleagues over his appropriations bill, told our Early 202 colleagues that he believes cutting funding to the Cybersecurity and Infrastructure Security Agency (CISA) "is a red line" for him. Here's what he said about the appropriations bill: | - "I have worked hard on it. I get some pushback, because, obviously, we were exceeding the levels that [the Freedom Caucus] wanted. But my pushback on it is: You ran on homeland security and containing the border, you [want to] increase the number of beds — that costs money. You want [immigrants] to be monitored all the way through asylum — that costs money," he said.
- "And then they came back saying, 'We want to cut CISA.' That's a red line for me. We need to have a solid defense system in place in the cyber world. Because I think that's one of the future legs of war," Joyce said.
| | |  | Government scan | | | |  | National security watch | | | By Devlin Barrett, Perry Stein, Spencer S. Hsu and Josh Dawsey ● Read more » | | | | | |  | Industry report | | | |  | Global cyberspace | | | |  | Cyber insecurity | | | |  | Privacy patch | | | |  | Daybook | | - The FCC holds a workshop on Border Gateway Protocol security on Monday at 9 a.m.
| | |  | Secure log off | | | Thanks for reading. See you next week. | | |
No comments:
Post a Comment