White House cracks down on forced labour in global supply chains | Australia passes controversial Online Safety Bill | US House committee approves major antitrust legislation to curb tech giants
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
At the recent G7 Summit in Cornwall, United Kingdom, the world’s leading democracies stood united against forced labor, including in Xinjiang, and committed to ensure global supply chains are free from the use of forced labor. The White House announced steps on Thursday to crack down on forced labor in the supply chain for solar panels in the Chinese region of Xinjiang, including a ban on imports from a silicon producer there. The White House
The federal government’s controversial Online Safety Bill is set to become law, with senators from both major parties supporting legislation that considerably expands Australian eSafety Commissioner Julie Inman Grant’s ability to censor the internet. Crikey
A House committee approved far-reaching legislation to curb the market dominance of tech giants, including Alphabet Inc.’s Google and Facebook Inc., but much of the effort faced intensive lobbying by affected firms that slowed the committee’s work and foreshadowed a pitched battle in the Senate. The Wall Street Journal
ASPI ICPC
How China is trying to limit births among Muslim populations in Xinjiang region
The Globe and Mail
@nvanderklippe
Family planning officials have demanded regular proof from women of child-bearing age that they are not pregnant – even among those legally permitted to have additional children. Government documents describe specific birth targets and a goal to “optimize the population structure.” That “means fewer rural Uyghur births and more Han urban births,” said James Leibold, a scholar at La Trobe University in Australia who has written extensively on birth policies in Xinjiang.
Read our report Family De-planning on our Xinjiang Data Project website.
Australia
Parties unite to deliver greater internet censorship powers to government-appointed official
Crikey
@cameronwilson
The controversial Online Safety Bill will give broad censorship powers to the eSafety commissioner, and experts warn that it could harm those it purports to save. The federal government’s controversial Online Safety Bill is set to become law, with senators from both major parties supporting legislation that considerably expands Australian eSafety Commissioner Julie Inman Grant’s ability to censor the internet. Late on Tuesday night the Senate passed the bill with support of Coalition, Labor and One Nation senators.
Home Affairs Minister Karen Andrews considering forcing businesses to report ransomware attacks
The Canberra Times
@sbasfordcanales
The government has said it's considering forcing companies to report ransomware attacks to its cyber security agency after conceding many were not forthcoming with details. Home Affairs Minister Karen Andrews told a Canberra business forum on Thursday the federal Australian Cyber Security Centre was well-equipped to handle ransomware attacks but many companies had preferred to keep information under wraps.
Zeroing in on the grey zone in the Indo-Pacific
The Strategist
@lesleyseebeck
The Indo-Pacific looms large as an arena of intensifying geopolitical competition. Typically, governments look to their militaries to balance competitors in such circumstances. But the great-power competition we’re seeing now is not merely military—it’s political, economic, technological and ideological. It’s a competition for strategic advantage, waged in the ‘grey zone’, the no-man’s land that sits between peace and war.
China
State Dept. fears Chinese threats to auditors looking for forced labor evidence
Axios
@BethanyAllenEbr
The State Department is concerned organizations performing supply-chain audits in China are coming under pressure from Chinese authorities. In April, at least seven people in China who work in partnership with Verité were interrogated by Chinese authorities for several days, several people familiar with the matter told Axios. Verité is a U.S.-based company that performs supply-chain audits around the world to ensure production is free of forced labor and other violations.
Read our report Uyghurs for Sale on supply chains, surveillance and forced labour beyond Xinjiang.
Solar industry ties to China's Xinjiang region raise forced labor concerns
The Washington Post
@lilkuo Pei Lin Wu @JeanneWhalen
According to company reports, local propaganda and other public documents, Hoshine Silicon, also known as Hesheng, recruits and employs Uyghurs and other minorities via state labor programs that aim to place them in factories. Researchers say these programs are a form of forced labor for residents who, faced with the threat of detention or other punishment, cannot refuse. The ubiquity of Hoshine’s main product, MGS — also used in construction materials, electronics, household chemicals and cars — underlines how difficult it is to divorce supply chains from claims of abusive practices. Chinese companies in the Xinjiang region, where officials stand accused of a campaign of repression against Muslims, produce almost half the world’s solar-grade polysilicon that goes into panels sold in the United States and elsewhere.
Tencent takes quiet path through China’s tech turbulence
The Financial Times
In a torrid year for Chinese Big Tech, it has been more or less business as usual for the country’s most valuable tech company, and its founder, now China’s second-richest man. Tencent, the $730bn social networking and gaming giant, and Pony Ma, its 49-year-old chief executive, have avoided significant public censure at a time when Alibaba, Ant Group and Meituan have faced serious questions from regulators over their businesses and market power.
Read more about Tencent in our Mapping China’s Technology Giants project.
China’s Major Bitcoin Crackdown Is Accelerating Global Shifts In Cryptocurrency
VICE
Bitcoin has been in the Chinese government’s crosshairs for years now, but a series of new bans on mining and impending restrictions on transacting the cryptocurrency have had a renewed impact across its ecosystem.
USA
New U.S. Government Actions on Forced Labor in Xinjiang
The White House
At the recent G7 Summit in Cornwall, United Kingdom, the world’s leading democracies stood united against forced labor, including in Xinjiang, and committed to ensure global supply chains are free from the use of forced labor. The United States is translating these commitments into action. The Biden-Harris administration is taking additional steps to hold those who engage in forced labor accountable and ensure that we continue to remove goods made with forced labor from our supply chains through actions by the Department of Homeland Security’s U.S. Customs and Border Protection, the Department of Commerce, and the Department of Labor.
U.S. Bans Imports of Some Chinese Solar Materials Tied to Forced Labor
The New York Times
@thomaskaplan @ChuBailiang @bradplumer
The White House announced steps on Thursday to crack down on forced labor in the supply chain for solar panels in the Chinese region of Xinjiang, including a ban on imports from a silicon producer there. Much of the world’s polysilicon, used to make solar panels, comes from Xinjiang, where the United States has accused China of committing genocide through its repression of Uyghurs.
Google, Facebook Pressure Falls Short as Antitrust Measures Advance in House Committee
The Wall Street Journal
@johndmckinnon
A House committee approved far-reaching legislation to curb the market dominance of tech giants, including Alphabet Inc.’s Google and Facebook Inc., but much of the effort faced intensive lobbying by affected firms that slowed the committee’s work and foreshadowed a pitched battle in the Senate.
Antitrust Overhaul Passes Its First Tests. Now, the Hard Parts.
The New York Times
@ceciliakang @dmccabe
Six bills that could reshape the power of the tech industry passed an important hurdle in the House. But the outcomes of the votes, and the debates before they took place, also showed divisions among lawmakers — and underscored why final passage of the package is expected to be difficult.What Congress Wants From Big Tech
The New York Times
@ShiraOvide
House lawmakers have gotten serious. A package of bills poses existential threats to the tech giants.
Energy wants $201 million to bolster cybersecurity in wake of attacks
CNBC
@amanda_m_macias
The Department of Energy is asking Congress for $201 million in its budget request for the fiscal 2022 to address digital vulnerabilities after a steady uptick in sweeping cyberattacks. The $201 million request, up from $157 million in 2021, will help bolster the federal agency’s cybersecurity efforts and address any “gaps” in the supply chain and tech infrastructure.
Rethinking Research Security
Lawfare
@_ainikki @emily_sw1
The U.S. government has rightfully identified the People’s Republic of China (PRC) as an adversary intent on stealing technology for its national interests, and the Department of Justice established the China Initiative as a countermeasure. But the China Initiative misses the mark on an effective approach to research security.
App Taps Unwitting Users Abroad to Gather Open-Source Intelligence
The Wall Street Journal
@ByronTau
A network of gig workers world-wide is unwittingly providing basic intelligence to the U.S. military using only a consumer app on their smartphones. Premise is one of a growing number of companies that straddle the divide between consumer services and government surveillance and rely on the proliferation of mobile phones as a way to turn billions of devices into sensors that gather open-source information useful to government security services around the world.
Silicon Valley Insiders Want a New Internet Protection Agency
Bloomberg
@mhbergen
Google’s former head of Trust and Safety has a few unorthodox ideas: Create a government agency to monitor social media companies as if they were polluters. Tax internet platforms that host user-generated content. Stop letting technology giants make content moderation decisions—and instead hand over moderation duties to independent auditors.
Hacker Reveals Smart Meters Are Spilling Secrets About Texas Snowstorm
The Daily Dot
@MikaelThalen
Power companies across Texas have refused to disclose which areas of the state were exempt from controlled blackouts after a devastating snowstorm crippled the power grid in February—but one hacker has found that smart meters, the electrical devices on the sides of homes and businesses that monitor energy consumption, are quietly broadcasting data that could be used to determine what infrastructure may have been protected.
North-East Asia
North Korean Cyberattacks Can Inspire Other Rogue Nations
Venafi
Yana Blackman
North Korea, officially the Democratic People’s Republic of Korea (DPRK), is one of the leading cyber threat actors out there today. The cyber capabilities are an extension of the state’s national objectives and military strategy. The lack of global safeguards, low-cost and low-risk with potentially high yield makes cybercrime a natural choice for the North Korean regime, who successfully pioneered a new model of state-sponsored cybercrime that could create a dangerous blueprint for other rogue states to follow.
South-East Asia
Kaspersky, BSSN ink MoU to develop Indonesia’s cybersecurity capability amid rapid digitalization
Back End News
Global cybersecurity company Kaspersky and Badan Siber dan Sandi Negara (BSSN), the Cyber and Crypto Agency of Indonesia, recently signed a Memorandum of Understanding (MoU) in line with their shared goal of beefing up the cybersecurity capability of the country. Amid Indonesia’s accelerated digitalization, the agreement aims to further enhance capacity development and institution building on cybersecurity within the government sector as it seeks to ensure public safety and security in the 21st century.
New Zealand & The Pacific
Pacific island turns to Australia for undersea cable after spurning China
Reuters
@barrett_ink
The Pacific island of Nauru is negotiating for the construction of an undersea communications cable that would connect to an Australian network, two sources with knowledge of the talks told Reuters, after the earlier rejection of a Chinese proposal. The United States and its Pacific allies have concerns that cables laid by China could compromise regional security. Beijing has denied any intent to use commercial optic fibre cables, which have far greater data capacity than satellites, for spying.
UK
Anglesey cyber-attack affects island's five secondaries
BBC News
All five secondary schools on the island of Anglesey have been hit by a cyber-attack. The council said the attack began on Wednesday. Officials said affected systems had been disabled to "contain the incident", but warned some personal data could have been compromised, including emails. The authority's chief executive Annwen Morgan said schools were likely to see disruptions.
Europe
EU wants emergency team for 'nightmare' cyber-attacks
BBC News
@joetidy
The European Commission has announced plans to build a Joint Cyber Unit to tackle large scale cyber-attacks. Recent ransomware incidents on critical services in Ireland and the US has "focused minds", the commission said. It argued cyber-attacks were a national security threat, as incidents in Europe rose from 432 in 2019 to 756 in 2020. A dedicated team of multi-national cyber-experts will be rapidly deployed to European countries during serious attacks, it said. Launching the proposals, European Commission vice-president Margaritis Schinas said last month's hack on US fuel supplies was 'the "nightmare scenario that we have to prepare against".
Dutch consumer assoc. claims €1.5 billion in damages from TikTok
NL Times
The Dutch consumers' association and the Take Back Your Privacy Foundation filed a 1.5 billion euros damage claim against TikTok parent company ByteDance. They want TikTok to pay all Netherlands children who use or used the social media platform compensation of around 1 thousand euros each.
Europe is running out of superconductors – here’s what it can learn from tech survivor Osram
The Conversation
@michaelweinold
The shortage of semiconductor chips has exposed the vulnerability of European high-tech manufacturers that rely heavily on chip imports from Asia. The automotive sector alone, traditionally a European high-tech stronghold, is expected to take a US$110 billion (£79 billion) hit over the coming years as a result.
Russia
Taming the cyber wild west
The Strategist
Richard N. Haass
During the Cold War, summit meetings between the United States and the Soviet Union were often dominated by agreements to set limits on nuclear weapons and the systems built to deliver them. The US and Russia still discuss these topics, but at their recent meeting in Geneva, US President Joe Biden and Russian President Vladimir Putin focused in no small part on how to regulate behaviour in a different realm: cyberspace. The stakes are every bit as high.
Misc
Accusing critics of malign foreign regimes of “racism” is a form of misinformation
DisinfoWatch
In this DisinfoWatch entry we analyse a recent Globe and Mail opinion piece titled “Anti-China sentiment is becoming anti-Chinese prejudices in Canada,” written by Senator Yuen Pau Woo, who was appointed by Prime Minister Trudeau in 2016, and Paul Evans, HSBC Chair of Asian Research at the University of British Columbia. The opinion piece conflates criticism of the Chinese regime’s policies with anti-Chinese racism.
Make ransomware payments illegal, say 79% of cyber pros
Computer Weekly
@alexscroxton
More than three-quarters of security professionals and consumers alike believe that making ransomware payments to cyber criminals should be made illegal to stem to tide of attacks, according to research produced on behalf of Talion, a managed security services provider (MSSP) and backed by the Research Institute for Sociotechnical Cyber Security (Riscs).
Twitter hired a team of tech critics to build ethical AI
Protocol
@anna_c_kramer
These hires are a massive coup for a social media platform desperate to escape the waves of vitriol and criticism enveloping Google and Facebook's work around algorithms, machine learning and artificial intelligence. While Google was forcing out prominent AI ethicists and researchers Timnit Gebru and Margaret Mitchell and Facebook was trying and failing to persuade politicians and researchers that it did not have the power to manipulate the way algorithms amplified misinformation, Twitter was giving Ari Font and Jutta Williams, the product manager in charge of helping operationalize META'S work, the resources and leeway to hire a team of people who could actually act on Twitter's promise to listen to its researchers.
The McAfee Virus: Suicide as a Viral Conspiracy Theory
Insight into Hate
@_MAArgentino
On June 23, 2021, a Spanish court made the ruling that John McAfee would be extradited to the United States on tax-evasion charges. Hours after the ruling, McAfee was found dead in his Jail cell of an apparent suicide. This fact alone would have been enough to satiate conspiracy theorists, as his jail cell suicide echoes that of Jeffrey Epstein. However, shortly after the announcement of his death, the @officialjohnmcaffee Instagram account posted a picture of a Q.
Rembrandt’s Damaged Masterpiece Is Whole Again, With A.I.’s Help
The New York Times
@nina_siegal
Rather than hiring a painter to reconstruct the missing pieces, the museum’s senior scientist, Robert Erdmann, trained a computer to recreate them pixel by pixel in Rembrandt’s style. A project of this complexity was possible thanks to a relatively new technology known as convolutional neural networks, a class of artificial-intelligence algorithms designed to help computers make sense of images, Erdmann said.
Big Tech’s Car Obsession Is All About Taking Eyes Off the Road
Bloomberg
Reed Stevenson @markgurman
Apple, Google and others are pushing into autonomous driving for a reason: to free up hours behind the wheel and precious screen time.
A New Approach To Security: Staying One Step Ahead Of Today’s Cyber Criminals
Forbes
2020 exposed the cybersecurity industry’s fundamental data problem. For years, cybersecurity was thought of as a problem only for the technology sector. However, as industries spanning education to government accelerated digital transformation with a focus on remote workforces, the data these organizations generated increased — and thus, so did the opportunity for cyberattacks.
Ad tech stocks surge as Google delays killing third-party cookies until 2023
CNBC
@megancgraham
Google is pushing back its timeline to deprecate third-party tracking cookies, giving the digital advertising industry more time to iron out plans for more privacy-conscious targeted ads. Google said last year it would end support for those cookies in Chrome by early 2022 once it figured out how to address the needs of users, publishers and advertisers and come up with tools to mitigate workarounds. Now, Google is updating that timeline.
Events
ASPI Webinar: In-conversation with Will Cathcart, Head of WhatsApp
ASPI
ASPI's International Cyber Policy Centre is delighted to invite you to the webinar 'In-conversation with Will Cathcart, Head of Whatsapp'. Join Fergus Hanson in a 'fireside chat' with the CEO of WhatsApp Will Cathcart as they discuss the big issues facing the world’s largest messaging service. This webinar will include Q&A with the online audience. How do we balance requirements for safety, privacy and security? Why does WhatsApp use end-to-end encryption and how has WhatsApp evolved to combat misinformation? Join us at 10am on Thursday, 8 July to take part in this important conversation.
Research
Artificial Intelligence diplomacy | Artificial Intelligence governance as a new European Union external policy tool
European Parliament
Artificial Intelligence (AI) has become a tool of power politics, and an element of state diplomacy. The European Union (EU), however, approaches AI primarily from an economic, social, and regulatory angle. This paper discusses the way that AI impacts the European Union’s geopolitical power and its relationship with other countries. It presents possible scenarios for how AI may change the international balance of power and recommends ways for the EU and its Member States to respond.
Lofty principles, conflicting incentives: AI ethics and governance in China
Merics
Given China’s rapid AI advancements, its expanding presence in global standards bodies and Chinese tech companies’ growing global reach, it will be critical for the EU to engage with Chinese actors. However, European policymakers must take the government’s rhetoric on AI ethics with great caution and push back against China’s use (and export) of AI for surveillance and other applications that threaten human rights and fundamental freedoms.
Capacity Building
Jobs
ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. Please note that interviews have commenced for this position and will continue until the end of June. This role will focus on policy relevant cybersecurity analysis, informed public commentary and either original data-heavy research and/or technical analysis. Analysts usually have around 7-15 years work experience. Senior analysts usually have a minimum of 15 years relevant work experience and tend to be involved in staff and project management, fundraising and stakeholder engagement.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.