Taiwan earthquake underscores chip industry risk | Google settles privacy lawsuit, will delete browsing data | Uber's lawyers confirm the use of spyware against competitor GoCatch
Good morning. It's Thursday 4th April.
The Daily Cyber & Tech Digest focuses on the topics we work on, including cybersecurity, critical technologies, foreign interference & disinformation.
Follow us on Twitter and on LinkedIn.
The world's largest chipmaker, TSMC, is recovering from Taiwan's recent powerful earthquake. This is reassuring news for industries relying on advanced semiconductors, such as electronics, automobiles, and appliances. Despite some disruptions and temporary evacuations, TSMC's facilities largely remain intact, and staff have returned to work. CNN
Google settled a lawsuit by agreeing to delete billions of data records, accused of secretly tracking internet use of users who believed they were browsing privately. Filed in an Oakland federal court, the settlement awaits Judge Yvonne Gonzalez Rogers' approval. Plaintiffs' lawyers valued the accord up to $7.8 billion, though Google isn't paying damages. However, users retain the right to sue the company individually. Reuters
Uber's lawyers confirm using spyware against competitor GoCatch, backed by James Packer. The practice, they argue, was lawful but not honorable. GoCatch accuses Uber of corporate espionage and illegal launch of UberX in Australia. The Australian
ASPI
Mine the gap: How Washington and Canberra can improve their asymmetric capabilities
War on the Rocks
Eric Lies
Mine warfare operations can play both offensive and defensive roles, and can be carried out at scale for what would amount to pocket change for the U.S. military budget. The very same autonomous vehicles that are being developed could serve as mine clearance or mine delivery vehicles, allowing for safer operations. The ability to threaten freedom of navigation for Chinese vessels would also help mitigate their greater numbers, potentially forcing them to operate in closer proximity to each other while they conduct counter-mine warfare and making them easier to track, target, and engage. Developing these capabilities alongside the Royal Australian Navy, with a focus on autonomous mine delivery units, would give the United States and Australia another valuable tool to counter China.
World
U.S., Japan to agree on subsidy rules on chips, batteries with China in mind
Nikkei Asia
The U.S. and Japan will agree on new subsidy rules for strategic goods such as semiconductors, storage batteries and permanent magnets, setting shared standards for the incentives they use to avoid overreliance on China, Nikkei has learned. The effort is expected to be included in a joint statement released when Japanese Prime Minister Fumio Kishida and U.S. President Joe Biden meet in Washington next week.
Australia
Uber lawyers confirm it used spyware against competitor GoCatch
The Australian
Joseph Lam
Uber has admitted to using spyware to gain an advantage against a competitor backed by James Packer, claiming it believed the practice was “not honourable but lawful”. The US rideshare giant’s lawyers have argued the company’s use of spyware was not the equivalent of “breaking and entering” an unlocked home, but rather uncovering missing text with “lemon juice” and a “candle”. Taxi Apps (GoCatch) is suing Uber, alleging serious misconduct that includes corporate espionage, hacking of competitor systems and knowingly launching UberX illegally in Australia without regulatory approval.
GoCatch unearths Uber’s secret emails as it seeks millions in damages
The Australian
Joseph Lam
A former Uber Australia boss once listed his relationships with politicians and his infiltration of local competitors to build his case in an end-of-year performance review, a Melbourne court has heard. The year was 2013 and David Rohrsheim, then chief executive of Uber Australia, had been asked to rate his “super pumpedness”, “innovation” and “fierceness”. According to documents read in the Supreme Court of Victoria on Tuesday, Mr Rohrsheim had befriended a number of influential people which he believed would help the company “hurt” its competition.
Time is up for our modest funding of serious tech
The Australian
Justin Burke
Barely a week goes by without more feverish debate about nuclear-powered submarines. But ironically it is AUKUS Pillar 2 – the part not concerned with submarines – which often seems to be operating in stealth mode. Encompassing a wide range of advanced defence technologies from hypersonics to quantum, Pillar 2 has so far missed out on the top-level political pageantry and big-ticket announcements. Nonetheless, significant work is going on across government and the research sector to realise the awesome potential of this agreement.
China
China topples US as SE Asia’s favored partner, survey shows
Bloomberg
Philip Heijmans
China has dethroned the US to become the top alignment choice for Southeast Asians as Washington loses ground on a range of key issues from regional economic engagement to the Israel-Hamas War, according to a new survey. A survey of 1,994 Southeast Asians by the ISEAS-Yusof Ishak Institute published Tuesday shows China’s popularity in a head-to-head race with the US climbing from 38.9% last year to 50.5% in 2024. Among individual nations, Beijing garnered some three out of four votes in Muslim-majority Malaysia, Indonesia and Brunei.
USA
US government review faults Microsoft for ‘cascade’ of errors that allowed Chinese hackers to breach senior US officials’ emails
CNN
Sean Lyngaas
Microsoft committed a “cascade” of “avoidable errors” that allowed Chinese hackers to breach the tech giant’s network and later the email accounts of senior US officials last year, including the secretary of commerce, a scathing US government-backed review of the incident has found. The hack “was preventable and should never have occurred,” says a report released Tuesday by the US Cyber Safety Review Board, a group of government and private cybersecurity experts led by the Department of Homeland Security.
US local news swamped by ‘pink slime’ as political influence ramps up
Financial Times
Hannah Murphy
The number of partisan news outlets in the US masquerading as legitimate journalism now equals genuine local newspaper sites, researchers say, as so-called pink slime operators gear up ahead of November’s presidential election. Pink slime sites mimic local news providers but are highly partisan and tend to bury their deep ties to dark money, lobbying groups and special interests.
Cyber board says Chinese hack of US officials was 'preventable'
iTnews
The US Cyber Safety Review Board said a targeted Chinese hack of top government officials' emails last year was "preventable", faulting technology giant Microsoft for its cyber security lapses and a deliberate lack of transparency. The board said in its report that it identified a series of decisions taken by Microsoft that had decreased enterprise security, risk management and trust from the customers to protect their data and operations.
Southeast Asia
The Taiwan earthquake is a stark reminder of the risks to the region’s chipmaking industry
CNN
Clare Duffy
The world’s biggest chipmaker is working to resume operations following the massive earthquake that struck Taiwan Wednesday — a welcome sign for makers of products ranging from iPhones and computers to cars and washing machines that rely on advanced semiconductors. A 7.4 magnitude earthquake struck the island’s east coast Wednesday morning, the strongest in 25 years, killing nine and causing landslides and collapsed structures. Taiwan Semiconductor Manufacturing Company, the leading chipmaker also known as TSMC, operates largely on the opposite side of the island, although the company said its facilities did experience some shaking. TSMC temporarily evacuated some manufacturing plants following the quake but said later Wednesday that staff were safe and had returned to their workplaces.
Europe
EU drops sovereignty requirements in cybersecurity certification scheme, document shows
Reuters
Foo Yun Chee
Amazon, Alphabet's, Google and Microsoft may find it easier to bid for EU cloud computing contracts after draft cybersecurity labelling rules scrapped a requirement that vendors should be independent from non-EU laws, according to the document seen by Reuters. The European Union has struggled to agree to a cybersecurity certification scheme to vouch for the cybersecurity of cloud services and help governments and companies in the bloc to select a secure and trusted vendor for their business.
Chinese firms targeted as EU launches probes into solar subsidies
South China Morning Post
Finbarr Bermingham
The European Commission is investigating whether two Chinese-linked companies used state subsidies to undercut rival bids in a Romanian solar project. Two probes have been launched under the European Union’s new foreign subsidies regulation, with the commission stating that it has “sufficient indications” that the firms bidding for procurement contracts “have been granted foreign subsidies that distort the internal market”.
UK
UK minister confirmed as 12th target in Westminster ‘spear-phishing’ scandal
POLITICO
Aggie Chambre and Dan Bloom
A serving government minister is among 12 men now known to have been targeted in a suspected "spear-phishing" scandal enveloping Westminster politics. POLITICO revealed Wednesday morning that at least six people working in Westminster — a senior Labour MP, four party staffers and a political journalist — had received unsolicited messages from two suspicious mobile numbers by users calling themselves alternatively “Abi” or “Charlie.”
Big Tech
Google to destroy browsing data to settle consumer privacy lawsuit
Reuters
Jonathan Stempel
Google agreed to destroy billions of data records to settle a lawsuit claiming it secretly tracked the internet use of people who thought they were browsing privately. Terms of the settlement were filed on Monday in the Oakland, California federal court, and require approval by U.S. District Judge Yvonne Gonzalez Rogers. Lawyers for the plaintiffs valued the accord at more than $5 billion, and as high as $7.8 billion. Google is paying no damages, but users may sue the company individually for damages.
The XZ backdoor: Everything you need to know
WIRED
Dan Goodin
On Friday, a lone Microsoft developer rocked the world when he revealed a backdoor had been intentionally planted in XZ Utils, an open source data compression utility available on almost all installations of Linux and other Unix-like operating systems. The person or people behind this project likely spent years on it. They were likely very close to seeing the backdoor update merged into Debian and Red Hat, the two biggest distributions of Linux, when an eagle-eyed software developer spotted something fishy.
WhatsApp, Instagram and Facebook apps hit by outage
BBC
Jemma Dempsey
WhatsApp, Facebook and Instagram have all gone down briefly as part of a major outage at parent company Meta. Thousands of app users reported issues accessing the three sites late on Wednesday, with people taking to other social media to air grievances. While Meta's status site indicates most issues are resolved, some of its business and messaging platforms are still experiencing "major disruptions".
Facebook will shut off its News tab this week, but the real threat to journalism is more serious
The Australian
Cameron England
In changes which started on Tuesday, Facebook parent company Meta will remove the News Tab from the social media site, after announcing it was pulling out of a deal with Australian media companies to fairly reimburse them for their content. Other changes on Instagram and Threads will also reduce the amount of content which is deemed “political” which is appearing in users’ feeds. Meta’s actions have drawn scathing rebukes from media outlets, politicians and academics, and raised fears that the company will go as far as blocking all news on their sites, as it has done in Canada.
Intel discloses $7 billion operating loss for chip-making unit
Reuters
Stephen Nellis and Max A. Cherney
Intel opens new tab on Tuesday disclosed deepening operating losses for its foundry business, a blow to the chipmaker as it tries to regain a technology lead it lost in recent years to Taiwan Semiconductor Manufacturing (2330.TW), opens new tab. Intel said the manufacturing unit had $7 billion in operating losses for 2023, a steeper loss than the $5.2 billion in operating losses the year before. The unit had revenue of $18.9 billion for 2023, down 31% from $27.49 billion the year before.
Artificial Intelligence
An A.I. researcher takes on election deepfakes
The New York Times
Cade Metz and Tiffany Hsu
For nearly 30 years, Oren Etzioni was among the most optimistic of artificial intelligence researchers. But in 2019 Dr. Etzioni, a University of Washington professor and founding chief executive of the Allen Institute for A.I., became one of the first researchers to warn that a new breed of A.I. would accelerate the spread of disinformation online. And by the middle of last year, he said, he was distressed that A.I.-generated deepfakes would swing a major election.
OpenAI debuts voice cloning tool, but deems it too risky for public release
Al Jazeera
OpenAI has unveiled a tool for cloning people’s voices but is holding back on its public release due to concerns about possible misuse in a key election year. Voice Engine can replicate a person’s voice based on a 15-second audio sample, according to an OpenAI blog post demonstrating the tool. But the ChatGPT creator is “taking a cautious and informed approach” to the technology and hopes to start a dialogue on “the responsible deployment of synthetic voices”, the company said in the blog post published on Friday.
‘Many-shot jailbreak’: lab reveals how AI safety features can be easily bypassed
The Guardian
Alex Hern
The safety features on some of the most powerful AI tools that stop them being used for cybercrime or terrorism can be bypassed simply by flooding them with examples of wrongdoing, research has shown. In a paper from the AI lab Anthropic, which produces the large language model (LLM) behind the ChatGPT rival Claude, researchers described an attack they called “many-shot jailbreaking”. The attack was as simple as it was effective.
US and UK announce formal partnership on artificial intelligence safety
The Guardian
The United States and Britain on Monday announced a new partnership on the science of artificial intelligence safety, amid growing concerns about upcoming next-generation versions. The US commerce secretary, Gina Raimondo, and British technology secretary, Michelle Donelan, signed a memorandum of understanding in Washington DC to work jointly to develop advanced AI model testing, following commitments announced at an AI safety summit in Bletchley Park in November.
Misc
Browsing in incognito mode doesn't protect you as much as you might think
The Associated Press
Although a private browsing mode known as “Incognito" in Google's widely used Chrome browser has been available for nearly a decade, a legal settlement involving the way it works has cast new attention on this commonly available setting. The settlement disclosed today in a US federal court is primarily designed to ensure that users who use Incognito mode in Chrome get more privacy while surfing the internet than they had been previously. Although Google isn't paying any money to consumers, the lawyers who filed the case in June 2020 believe the stricter safeguards will be worth $4.75 billion ($7.3bn) to $7.8 billion ($12bn), based on the estimated value of the personal information protected by the settlement.
Events & Podcasts
The Sydney Dialogue
ASPI
The Sydney Dialogue was created to help bring together governments, businesses and civil society to discuss and progress policy options. We will forecast the technologies of the next decade that will change our societies, economies and national security, prioritising speakers and delegates who are willing to push the envelope. We will promote diverse views that stimulate real conversations about the best ways to seize opportunities and minimise risks.
Jobs
Data Scientist
ASPI
ASPI is looking for an inquisitive and problem-solving open-source data scientist who will be responsible for developing and implementing automated techniques for a variety of open-source data collection requirements. We are open to experienced data scientists and those beginning their career. Role equivalency would be between levels 3 – 7 of Data Science category of SFIA 8. The closing date for applications is 15 April 2024– an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
Director of Cyber, Technology & Security (CTS)
ASPI
ASPI is looking for an exceptional and experienced leader to lead our largest team focused on emerging security challenges, particularly in cyberspace and the information domain. Director CTS leads ASPI’s largest team to develop and deliver a range of applied research projects on existing and emerging security challenges. CTS’ projects range across cyber and critical infrastructure security, critical and emerging technologies, national resilience and social cohesion, and hybrid threats. The closing date for applications is 22 April 2024 – an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
China Analyst or Senior Analyst
ASPI
ASPI has an exciting opportunity for an analyst or senior analyst to explore China's evolving foreign and security policy, political economy and impact on the Indo-Pacific and the world. ASPI’s China analysts conduct rigorous data-driven research, publish impactful reports that shape the public policy discourse and contribute to the wide catalogue of influential China work published by ASPI. The difference between the analyst and senior analyst levels will depend on experience level and demonstration of past work. The closing date for applications is 10 May 2024– an early application is advised as we reserve the right to close the vacancy early if suitable applications are received.
The Daily Cyber & Tech Digest is brought to you by the Cyber, Technology & Security team at ASPI.