April 15 2022

This Week in Washington 

Washington Post The debate over a privacy bill is inching forward on Capitol Hill
Congress has tried and failed to pass a federal data privacy law for years. But behind the scenes, the debate around what those standards should be is evolving on Capitol Hill. Speaking at a panel at the Global Privacy Summit in Washington on Tuesday, a trio of top congressional aides talked about how the privacy landscape has shifted in recent years, even as lawmakers have struggled to advance any bills out of committee. The session offered a frank window into the state of talks around one of the biggest, yet slowest-moving, agenda items in U.S. tech policy.

Multichannel News NTIA Chief Alan Davidson: State Broadband Grants Aren’t One Size Fits All
Alan Davidson, head of the National Telecommunications & Information Administration, said his agency is taking a customer service approach to overseeing the $42.5 billion Broadband Equity, Access, and Deployment (BEAD) initiative going to the states for broadband buildouts. In a “fireside chat” at a Broadband Breakfast for Lunch event in Washington Wednesday, Davidson signaled that while the Biden administration has emphasized fiber, states will have the flexibility to use the money as they choose, as long as it is put toward the goal of getting broadband to the unserved and underserved. “We expect there will be flexibility,” he said. “Different states are going to run programs in different ways.”

The Hill DOJ seizes popular hacking forum
The Department of Justice said it seized control of RaidForums, an online marketplace criminals use to buy and sell data stolen in cyberattacks, including victims’ personal and financial information. DOJ also indicted Diogo Santos Coelho, RaidForums’ founder and chief administrator, on six counts including conspiracy, access device fraud and aggravated identity theft for his role in its operations.

NextGov FCC Chair Claims Cybersecurity Role Congress Crafted for CISA
The Federal Communications Commission is claiming a space for itself in cybersecurity policymaking that Congress has already designated for the Cybersecurity and Infrastructure Security Agency, for implementation of a new cyber incident reporting law, given various existing requirements at sector-specific agencies. “We’ll discuss how this group can work on achieving greater consistency in the reporting of cyber incidents,” FCC Chairwoman Jessica Rosenworcel said in a speech to the representatives of 30 regulatory and advisory agencies, according to a press release the commission issued Friday.

CNET FTC Chair Pushes Privacy Rules, Calls for Limits on Data Collection
Federal Trade Commission Chair Lina Khan said it is time that the agency, which is tasked with enforcing consumer privacy protections, “reassess” rules around what data companies can collect about consumers and how they secure that data. Khan, who was speaking Monday at an event hosted by the International Association of Privacy Professionals, called the current notice and consent framework “outdated and insufficient.”

Washington Post U.S. warns newly discovered malware could sabotage energy plants
A joint warning notice by the National Security Agency, the Energy Department, the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation said they had discovered a system that could hack into critical infrastructure and cause explosions at energy facilities. The government agencies did not say which country is behind the tool, but private security experts said it looked to be a Russian system that targets liquefied natural gas production facilities, and that it could take years to develop an effective defense against it.

Reuters U.S. judge in Google case seeks more information on attorney-client privilege
The federal judge hearing the U.S. Justice Department’s antitrust lawsuit against Alphabet’s Google asked for more information on Tuesday before deciding if he will sanction the search and advertising company for allegedly abusing attorney-client privilege. The department had asked for the sanction based on Google’s “Communicate with Care” program, which asked employees to add a lawyer to many emails. The government said it was sometimes a “game” to shield communications that should not have been protected.

Article Summary

CNBC Microsoft’s Brad Smith says tech regulation is coming, so industry should participate in shaping it
Tech regulation is coming whether the industry participates or not, according to Microsoft President Brad Smith, so companies might as well lean into those conversations now. “It doesn’t matter whether you like it or hate it,” Smith told CNBC’s Steve Kovach on “Tech Check” Wednesday. “And it’s right for people to point out the issues that cause concern, but more than anything, we need to lean in and figure out how to make this work, because it is not going to be a success unless we do that.” Smith’s message came after his keynote speech on the same topic at the International Association of Privacy Professionals conference in Washington, D.C.

The Hill Ukraine intercepts Russian cyberattack aimed at its power grid
Ukrainian officials on Tuesday said the country successfully thwarted a cyberattack by Russian-backed hackers intended to disrupt the country’s electrical grid, according to news reports. The attempted cyberattack, which occurred last week, was aiming to target computers controlling high-voltage substations of an energy company in Ukraine, the Computer Emergency Response Team of Ukraine said in a statement.

ZDNet Microsoft: We’ve just disrupted this ransomware-spreading botnet
Microsoft has carried out another takedown against cyber criminals, this time to dismantle the ZLoader botnet’s infrastructure. ZLoader malware has infected thousands of organizations, mostly in the US, Canada and India, and is known to have distributed the Conti ransomware. Microsoft has now received a court order from the US District Court for the Northern District of Georgia that allowed it to seize 65 domains the ZLoader gang had been using for command and control (C&C) for its botnet built from malware that infected businesses, hospitals, schools, and homes.

TechCrunch There are no laws protecting kids from being exploited on YouTube — one teen wants to change that
At just 17, Chris McCarty is taking matters into their own hands to protect children from being exploited for cash in family vlogs. In January, McCarty cold-emailed a number of local lawmakers, including Washington State Representative Emily Wicks, who serves on the Children, Youth & Families Committee. McCarty presented their research, convincing the representative why she should work with a teenager to draft a new bill at the very end of the legislative session.

Washington Post Newspapers keep eliminating print days. They say it’s for the best
For more than two decades, industry sages have been predicting the death of the printed newspaper. Now, a growing number of local publishers are cutting back on their print editions, pointing to rising costs and arguing consumers will prefer the immediacy and convenience of online news. Gannett, the largest chain in the country, last month eliminated one day of print per week at 136 of its newspapers, including at the Beacon Journal.

Tech Podcast of the Week 

WSJ Tech News Briefing

  • Podcast on Russia-Ukraine War
    Experts expected hacking to be a key weapon Russia used in its war against Ukraine, but until now Russians’ persistent cyber strikes have had a modest impact. That could be changing as Moscow pivots its strategy. WSJ cybersecurity and intelligence reporter Dustin Volz joins host Zoe Thomas to discuss why a full-scale cyberwar may be emerging. (Cyberwar in Ukraine Could Be Entering a New Phase – April 13, 2022)