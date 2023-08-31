Good morning. It's Thursday 31st August.

The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.



Have feedback? Let us know at icpc@aspi.org.au.

Follow us on Twitter and on LinkedIn.

Every day, reams of personal data flow through the subsea cable landing stations that have proliferated around India’s coast, connecting the communications of the world’s most populous country to the rest of the globe. In each of these, innocuous-looking hardware is installed to search, copy and pump that data to Indian security agencies on demand, with the help of AI and data analytics. Financial Times

The federal government will not force adult websites to bring in age verification following concerns about privacy and the lack of maturity of the technology. On Wednesday, the communications minister, Michelle Rowland, released the eSafety commissioner’s long-awaited roadmap for age verification for online pornographic material, which has been sitting with the government since March 2023. The Guardian

British officials are warning organisations about integrating artificial intelligence-driven chatbots into their businesses, saying that research has increasingly shown that they can be tricked into performing harmful tasks. In a pair of blog posts due to be published Wednesday, Britain's National Cyber Security Centre said that experts had not yet got to grips with the potential security problems tied to algorithms that can generate human-sounding interactions - dubbed large language models, or LLMs. Reuters

ASPI

Biden’s trilateral breakthrough at Camp David

The Strategist

Euan Graham

Many tea leaves have been read on the implications of the ground-breaking Japan–South Korea–United States summit, held at Camp David earlier this month. The first stand-alone meeting of the three countries’ leaders is a diplomatic milestone by any standard. Along with issuing a joint statement, Seoul, Tokyo and Washington agreed to a statement of principles and entered into a commitment to consult when coordinating ‘responses to regional challenges, provocations and threats’.

Australia

Australia will not force adult websites to bring in age verification due to privacy and security concerns

The Guardian

Josh Taylor

The federal government will not force adult websites to bring in age verification following concerns about privacy and the lack of maturity of the technology. On Wednesday, the communications minister, Michelle Rowland, released the eSafety commissioner’s long-awaited roadmap for age verification for online pornographic material, which has been sitting with the government since March 2023.

Global fact-checker defends RMIT FactLab against Meta, News Corp after suspension

Crikey

Cam Wilson

A global fact-checking body has defended one of Australia’s major fact-checkers, RMIT FactLab, after it was suspended from Meta’s program, saying the group is in “good standing” and that it expects to renew its membership imminently. The decision by Meta, which owns social media platforms Facebook, Instagram and Threads, comes after pressure by the Voice to Parliament’s No campaign and News Corp publications which accused RMIT FactLab of bias after becoming the subject of a debunking.

Why haven’t we regulated social media yet?

The Sydney Morning Herald

Chris Zappone

Seven years after the Donald Trump campaign exploited social media to upend liberal democracy and unleash a new paradigm of networked populist politics, the technology remains untouched by meaningful regulation. Even as China, Russia and Iran use Western platforms to disseminate propaganda, and democracies face waves of domestic misinformation, a strategic approach toward the technology by society and government is absent.

Telstra, Optus and Vodafone are shutting down their 3G networks. How can you prepare?

ABC

Molly Slattery

Australia's three largest telcos will begin shutting down the 3G network from December this year. The 20-year-old network is still relied on by older mobile phones, baby monitors and medical devices.

China

China exploring ways to make its own AI memory chips despite US sanctions, sources say

South China Morning Post

Che Pan

China is exploring ways to produce its own high-bandwidth memory, the next-generation of memory chips tailored for artificial intelligence processors, as it pushes ahead with a semiconductor self-sufficiency drive amid US sanctions, industry sources said. While it will be an uphill battle to catch up with global leaders like SK Hynix, Samsung Electronics and Micron Technology given the impact of Washington’s sanctions, the Chinese government has determined that the country must become self-sufficient in HBMs even though it may take years, they added.

USA

New AUKUS tech announcement coming in fall, Pentagon’s tech chief says

Breaking Defense

Jaspreet Gill

The White House is set to make a new announcement on the future of the trilateral security pact known as AUKUS sometime later this year, the Pentagon’s chief technology officer said today. Heidi Shyu, under secretary of defense for research and engineering, said she expected the announcement to come sometime in the “fall.” And while she did not give details about what the announcement would be, her role in the discussions and her technology portfolio means it likely has to do with the so-called Pillar 2 AUKUS track.

Democrat introduces bill to limit defense contractor, foreign government influence on Pentagon

The Hill

Brad Dress

Rep. Andy Kim announced Tuesday that he has reintroduced legislation that would limit the ability of major defense contractors and foreign governments to hire former Defense Department officials and influence the Pentagon as lobbyists. The Department of Defense Ethics and Anti-Corruption Act would impose a four-year ban on defense contractors hiring senior Pentagon officials and enact a similar ban on former Defense Department employees who managed their contracts.

US chip war not enough to deter China’s military ambitions

Asia Times

Christina Knight

Semiconductors comprise the battleground for US-China technology competition. On October 7, 2022, the Biden administration released a set of export controls to ensure the United States maintains “as large a lead as possible” in this emerging technology race. The restrictions attempt to constrain Beijing’s emerging technology development in two ways. First, they limit China’s access to advanced semiconductors necessary for data-intensive artificial intelligence models, supercomputers and hypersonic missiles.

Jordan subpoenas hate speech watchdog

The Hill

Rebecca Klar

House Judiciary Chairman Jim Jordan (R-Ohio) subpoenaed a hate speech watchdog group on Wednesday, ramping up the committee’s probe into the nonprofit organization. Jordan issued the subpoena to the Center for Countering Digital Hate for documents relating to its communication with the federal government. He also sent a letter to the group accusing them of refusing to “comply voluntarily” with the committee’s requests.

What happened to the TikTok ban?

Semafor

Morgan Chalfant

Five months ago, as lawmakers grilled TikTok’s CEO over his company’s ties to China, it seemed like Congress might actually try to ban the social media giant. But since then, Capitol Hill’s effort to delete the app from Americans’ phones has faded from public view, with multiple bills stalling out. Progress has been slowed by a combination of competing priorities, policy clashes, and concerns about political blowback, sources say. But lawmakers and aides insist a TikTok bill may still be in the cards later this year. “I don’t think the moment has passed,” said one Republican Senate aide. “It’s just a matter of catching lightning in a bottle, which is what you always need to move legislation.”

Americas

A victim’s perspective on international law in cyberspace

Lawfare

Chris Carpenter and Duncan B. Hollis

In the spring of 2022, two significant ransomware operations targeted 27 Costa Rican government bodies, in addition to the country’s health care system. Costa Rica’s government refused to pay the ransom demanded. In light of the hackers’ threats to leak sensitive information from the data they encrypted, many government-run systems had to be taken offline (including those related to tax collection, medicine, and social security). Costa Rica’s president, Rodrigo Chaves, declared that Costa Rica was “at war” with the attackers (who were affiliated with two Russian-language-speaking groups, known as Conti and Hive). The Costa Rican government has spent the last year working on recovery and remediation, with technical assistance from state governments (namely, the United States and Spain) and industry.

North Asia

Toyota halts all Japan assembly plants due to glitch

BBC

Peter Hoskins

Japanese motor industry giant Toyota has suspended operations at all of its assembly plants in its home country due to a glitch in its production system. The move has brought domestic production at the world's biggest-selling car maker to a standstill. The malfunction has meant the firm has not been able to order components.

Southeast Asia

Meta rejects own board’s request to suspend account of Cambodian strongman

The Washington Post

Regine Cabato

Social media giant Meta is rejecting a recommendation made by its own Oversight Board to suspend Cambodian leader Hun Sen’s Facebook account for inciting violence. The Oversight Board, created by Meta to adjudicate difficult content decisions, asked the company in June to suspend the account of then-Prime Minister Hun Sen based on a video he posted earlier this year where he threatened to “beat up” opponents, “send gangsters” to their homes and “arrest a traitor with sufficient evidence at midnight.”

South & Central Asia

India’s communications ‘backdoor’ attracts surveillance companies

Financial Times

Alexandra Heal, Anna Gross, Benjamin Parkin, Chris Cook and Mehul Srivastava

Every day, reams of personal data flow through the subsea cable landing stations that have proliferated around India’s coast, connecting the communications of the world’s most populous country to the rest of the globe. In each of these, innocuous-looking hardware is installed to search, copy and pump that data to Indian security agencies on demand, with the help of AI and data analytics. These so-called lawful interception monitoring systems help make up what one industry insider calls the “backdoor” that allow prime minister Narendra Modi’s government to snoop on its 1.4bn citizens, part of the country’s growing surveillance regime.

Europe

ChatGPT-maker OpenAI accused of string of data protection breaches in GDPR complaint filed by privacy researcher

TechCrunch

Natasha Lomas

Questions about ChatGPT-maker OpenAI’s ability to comply with European privacy rules are in the frame again after a detailed complaint was filed with the Polish data protection authority yesterday. The complaint, which TechCrunch has reviewed, alleges the U.S. based AI giant is in breach of the bloc’s General Data Protection Regulation — across a sweep of dimensions: Lawful basis, transparency, fairness, data access rights, and privacy by design are all areas it argues OpenAI is infringing EU privacy rules.

UK

British officials say AI chatbots could carry cyber risks

Reuters

Raphael Satter

British officials are warning organisations about integrating artificial intelligence-driven chatbots into their businesses, saying that research has increasingly shown that they can be tricked into performing harmful tasks. In a pair of blog posts due to be published Wednesday, Britain's National Cyber Security Centre said that experts had not yet got to grips with the potential security problems tied to algorithms that can generate human-sounding interactions - dubbed large language models, or LLMs.

Middle East

UAE launches Arabic large language model in Gulf push into generative AI

Financial Times

Simeon Kerr and Madhumita Murgia

An artificial intelligence group with links to Abu Dhabi’s ruling family has launched what it described as the world’s highest-quality Arabic AI software, as the United Arab Emirates pushes ahead with efforts to lead the Gulf’s adoption of generative AI. The large language model known as Jais is an open-source, bilingual model available for use by the world’s 400mn-plus Arabic speakers, built on a trove of Arabic and English-language data.

NZ & Pacific Islands

Preparing for digital transformation in Timor-Leste

The Strategist

Melissa Conley Tyler, Anders Hofstee and Kara Chesal

When Australian Foreign Affairs Minister Penny Wong visited Dili last month, one of the projects she highlighted was the Timor-Leste South Submarine Cable. This is a positive contribution to Timor-Leste’s digital infrastructure. However, to fully realise the social and economic benefits of digital approaches, Timor-Leste will need to undergo an inclusive digital transformation. This will mean implementing clear policies on privacy, security and interoperability, developing digital skills equitably across the population, building cybersecurity awareness, and promoting user-centric and inclusive design.

PNG and Pacific Countries facing cyber security threats

Tech Pacific

Papua New Guinea and fellow Pacific Island nations have a lot of work to do to deal with the challenges and connectivity gaps related to cyber security and environment threats, says a minister. Information and Communications Technology Minister Timothy Masiu told a Pacific ICT ministers’ dialogue in Port Moresby yesterday that they must implement the right ICT policies to keep their countries safe from the challenges and threats.

Big Tech

Microsoft joins opposition to current version of UN cybercrime treaty

The Record by Recorded Future

Jonathan Greig

Microsoft is the first large tech company to come out against the current draft of a cybercrime treaty being debated this week at the United Nations. In a LinkedIn post on Tuesday, a representative from the company’s cybersecurity policy wing warned that the current draft of the treaty is too broad in scope and leaves too much to interpretation. The critiques mirrored warnings aired last week by representatives from multiple human rights groups involved in the treaty negotiations.

Misc

Hackers shut down 2 of the world's most advanced telescopes

Space.com

Brett Tingley

Some of the world's leading astronomical observatories have reported cyberattacks that have resulted in temporary shutdowns. The National Science Foundation's National Optical-Infrared Astronomy Research Laboratory, or NOIRLab, reported that a cybersecurity incident that occurred on Aug. 1 has prompted the lab to temporarily halt operations at its Gemini North Telescope in Hawaii and Gemini South Telescope in Chile. Other, smaller telescopes on Cerro Tololo in Chile were also affected.

Voice deepfakes are coming for your bank balance

The New York Times

Emily Flitter and Stacy Cowley

This spring, Clive Kabatznik, an investor in Florida, called his local Bank of America representative to discuss a big money transfer he was planning to make. Then he called again. Except the second phone call wasn’t from Mr. Kabatznik. Rather, a software program had artificially generated his voice and tried to trick the banker into moving the money elsewhere. Mr. Kabatznik and his banker were the targets of a cutting-edge scam attempt that has grabbed the attention of cybersecurity experts: the use of artificial intelligence to generate voice deepfakes, or vocal renditions that mimic real people’s voices.

Streetlights as spyware

Tech Policy Press

Cities and towns across the United States have begun installing “smart” streetlights that promise public safety, environmental, and economic benefits while simultaneously laying the groundwork for a pervasive surveillance infrastructure. Smart streetlights put everyone’s civil liberties at risk, but they disproportionately impact the most vulnerable communities. Unlike more obviously intrusive technologies, like the Transportation Security Administration’s facial recognition at major airports, smart streetlights have largely escaped public scrutiny as they quietly become permanent fixtures of the urban landscape. Local policymakers must begin addressing smart streetlights like police body cams – not as mere safety infrastructure. Residents and civic organizations will need to begin engaging in local permitting processes to ensure that smart street light projects include protections over the collection and use of data from streetlights prior to approving budgets and implementation plans.

Events & Podcasts

Next War Online: Using cyber games to understand emerging threats

Center for Strategic and International Studies

Please join the Center for Strategic and International Studies for a discussion on the importance of cyber wargames and exercises. As the cyber threat landscape continues to evolve, it has become difficult for public and private sector entities to adequately anticipate and prepare for different types of threats that might impact their networks and trust in their respective institutions. That’s where cyber games come in. Today’s cyber games not only help educate players about the nature of different types of threats, but they also allow participants to clearly identify how they might adjust their real-world incident response plans to enhance resilience and mitigate the consequences of certain threats.

Share

The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.