| Welcome to The Cybersecurity 202! I can't wait for the "Barbie" movie hype to die down. It's absolutely terrorizing my social media timelines. I don't doubt it will be good, but the level of enthusiasm seems disproportionate. Was this forwarded to you? Sign up here. Below: The European Union approves a key data transfer privacy pact with United States, and Spain's high court shelves a Pegasus spyware probe. First: | Minnesota and Pennsylvania secretaries of state share views on threats of disinformation |  Minnesota Secretary of State Steve Simon (D) in 2018. (Steve Karnowski/AP) | | | The fate of a preliminary injunction on federal agencies and officials communicating with social media companies is still up in the air, but what might happen on the state level? I spoke with two secretaries of state from both sides of the political spectrum on Monday who said the injunction wouldn't change their fight against disinformation and misinformation. They also shared their views on the threats that disinformation poses to the 2024 election. They were both in D.C. for the summer conference of the National Association of Secretaries of State. (I also tried to speak to some other GOP election officials, but one said they weren't up to speed enough on the lawsuit to comment and another declined to discuss it.) The interviews came on the same day a federal judge rejected a Justice Department filing to stay the injunction. The district judge, Terry A. Doughty, had called the federal government communications with social media agencies "an almost dystopian scenario" in a lawsuit that two Republican attorneys general brought against them, alleging that the agencies' work to counter misinformation and disinformation hampered Americans' First Amendment rights. The DOJ is now appealing Doughty's ruling with the U.S. Court of Appeals for the 5th Circuit. My colleague Cat Zakrzewski and I have a rundown of Monday's developments in a separate story. | The view on the injunction from Minnesota | | The legal challenge doesn't at all target state governments. And Minnesota's Secretary of State Steve Simon (D) said he expects it to stay that way. The suit argues in part that the federal communications with social media platforms amount to censorship because it can exert regulatory authority over the companies, and that's not an issue in states. "We don't occupy a regulatory lane for these companies," he told me. | - "We're not seeking that, at least I'm not," he said. "I wouldn't want anything from that decision to imply that secretaries of state are not within their rights to work with social media companies to make sure their platforms are free of outright disinformation."
- "We don't have guns and badges," Simon said. "There are no penalties we can impose. There is no license we can revoke or suspend. We're in the democracy business, not in the regulatory business."
| | Still, Simon said that his overall view of the injunction isn't a positive one. "It strikes me as overly broad and intentionally counterproductive in terms of the work that all of us do to push back against disinformation," he said. Furthermore, "It was not brought by the companies themselves. It's not as though the companies feel coercive elements of that. They're not saying that, at least not in court." In fact, the social media platforms have indicated they want to hear from states, Simon said. His office stays in touch with the companies and runs a fact versus fiction website about election disinformation. He has no plans to change that. "We want to keep all channels free of that often organized disinformation campaign," he said. "We want to be able to work with these partners in social media companies who say, and I believe them, that they want to keep their platforms free of that kind of thing. Who better than those of us in the democracy business to help them clear their channels of organized disinformation?" To be clear, Simon said, "I'm not talking about disagreement. That's as American as apple pie. … I see disinformation as a distortion of what is, not an argument about what the system ought to be." | The view on the injunction from Pennsylvania | | "It's too early to tell and too difficult to predict" whether legal challenges like this case will eventually develop to present obstacles at the state level, said Al Schmidt, the Republican Secretary of the Commonwealth of Pennsylvania. "It's certainly something that we're going to keep an eye on, but I don't anticipate right now it having any effect on our efforts to combat misinformation in the election space." | | (Democratic Gov. Josh Shapiro appointed Schmidt to the position.) While the suit doesn't apply to states, Schmidt also pointed out the eight exceptions to the injunction allowing federal communication with social media platforms, one of which is to counter foreign influence operations on elections. The efforts to combat influence campaigns are such that states can't let their guards down, Schmidt said. "I've seen some of the most absurd misinformation spread about elections that I would have otherwise had no concern about, because it was so not believable," he said. | | In Minnesota, Simon said he expects the 2024 disinformation threat to be roughly the same as in recent past elections. "Broadly speaking, disinformation aimed at corroding confidence, I would say well-earned confidence in our electoral system, thereby fanning the flames of doubt," he said. That means things like false claims that voting machines can switch votes from one candidate to another, Simon said. Pennsylvania has made significant changes to its electoral processes going back to 2020, and Schmidt said he thinks people interested in undermining the system will use it as fodder for disinformation campaigns going into the 2024 cycle. "There have been so many changes with elections in the last few years, especially in Pennsylvania — new voting systems for in-person voting, a whole new system of voting, with mail-in ballot voting — that a lot of voters are confused," he said. "And clearly these bad faith actors are seeking to exploit that lack of familiarity with elections for their own nefarious purposes." There's also been a lot of attention on artificial intelligence's ability to abet misinformation and disinformation campaigns. "It's certainly a concern and I know it's something the other secretaries and I have been talking about here at this conference," Schmidt said. "Because we saw far less sophisticated efforts at misinformation be very effective and misleading. So something as sophisticated as this certainly has the potential to do greater harm and to deceive more people." | | |  | The keys | | E.U. approves key data transfer privacy pact with U.S. |  The European Union signed off Monday on a new agreement over the privacy of people's personal information that gets pinged across the Atlantic, aiming to ease European concerns about electronic spying by U.S. intelligence agencies. (Virginia Mayo/AP) | | | The European Union on Monday greenlit a data transfer agreement with the United States that aims to ensure the privacy of European citizens' data when it is transferred across the Atlantic, Kelvin Chan reports for the Associated Press. Chan writes: "The EU-U. S. Data Privacy Framework has an adequate level of protection for personal data, the EU's executive commission said." | - "That means it's comparable to the 27-nation's own stringent data protection standards, so companies can use it to move information from Europe to the United States without adding extra security," the report adds.
| | The United States offered two previous versions of the deal that were rejected by European officials amid fears that American intelligence agencies could spy on European citizens. "Washington and Brussels long have clashed over differences between the EU's stringent data privacy rules and the comparatively lax regime in the U.S., which lacks a federal privacy law," the report notes. | | Some cybersecurity industry representatives have already signaled approval of the measure. "This marks an opportunity to accelerate the G7's Data Free Flow with Trust initiative and ensure defenders have the tools they need to defend against cyber attacks," said Drew Bagley, privacy and cyber policy counsel at CrowdStrike, in a statement to The Cybersecurity 202. | - The framework is expected to be challenged by privacy activists, Foo Yun Chee reports for Reuters.
- "We would need changes in U.S. surveillance law to make this work," privacy activist Max Schrems said to Reuters.
| HCA Healthcare data pilfered, sold by hackers online |  Health-care organizations have become major targets for cybercriminals. (Amber Bracken for The Washington Post) | | | The personal data on some tens of millions of HCA Healthcare patients is available for sale on a data breach forum, Rohan Goswami reports for CNBC. The breach was acknowledged by the company on Tuesday. HCA "warned patients that critical personal information had been compromised, including their full name, city, and when and where they last saw a provider," Goswami writes. | - The provider said no clinical data was exposed, though DataBreaches.net reported that a sample of allegedly stolen data mentioned a patient's test for lung cancer.
- It may be the biggest health-care breach of the year, Brett Callow, an analyst at New Zealand-based anti-virus software company Emsisoft told CNBC.
| | "That said, despite affecting millions of people, it may not be as harmful as other breaches as, based on HCA's statement, it doesn't seem to have impacted diagnoses or other medical information," Callow added. | - Health-care organizations have become major targets for cybercriminals, and in some cases repeat targets. Illinois-based St. Margaret's Health in Spring Valley closed down last month in part due to a devastating ransomware attack.
| Spain high court shelves Pegasus spyware probe, citing Israel's lack of cooperation |  Spain's high court shelved an investigation into the use of Israel-based NSO Pegasus spyware to surveil politicians, including Prime Minister Pedro Sánchez, citing a lack of cooperation from the Israeli government. (Demetrius Freeman/The Washington Post) | | | Spain's high court shelved an investigation into the use of Israel-based NSO Pegasus spyware to surveil politicians, including Prime Minister Pedro Sánchez, citing a lack of cooperation from the Israeli government, Emma Pinedo reports for Reuters. Pinedo writes: "Judge Jose Luis Calama, whose court investigates crimes against government ministers, said the lack of cooperation from Israeli authorities made it impossible to keep the probe open, in a case that had 'jeopardized the very security of the State.'" Sanchez's phone was allegedly hacked five times between October 2020 and December 2021, Spanish authorities say. | - "Calama said he had sent a letter of request to Israel several times asking for NSO Group's CEO to testify as a witness in the case, but there had been no response," according to the report.
- "This silence clearly shows a complete lack of legal cooperation on the part of the Israeli government. This leads us to presume that there will never be a response to the letter of request in question, which has been sent four times," Calama said.
| | NSO is also facing scrutiny in Israel. An Israeli parliamentary committee last month approved a draft resolution that asks the government to investigate police use of the spyware during a murder investigation. | | |  | Government scan | | | |  | Hill happenings | | | |  | Industry report | | | |  | National security watch | | | |  | Global cyberspace | | | |  | Cyber insecurity | | | |  | Privacy patch | | | |  | Daybook | | - Former OSTP deputy director Alondra Nelson speaks at a Washington Post Live event on AI and its impact on the workforce at 2 p.m.
- The Bipartisan Policy Center convenes a discussion on facial recognition technologies at 2 p.m.
- FBI Director Christopher A. Wray testifies to the House Judiciary Committee tomorrow at 10 a.m.
- The Senate Intelligence Committee considers Timothy Haugh to be NSA director and Michael Casey to be National Counterintelligence and Security Center director tomorrow at 2:30 p.m.
| | |  | Secure log off | | | Thanks for reading. See you tomorrow. | | |
No comments:
Post a Comment