When Big Tech meets Hacker: A Case Study in the ByteDance Detection of Spontaneous Data Loss

Rodgers saidAmericans deserve to know how these actions impact their privacy and data security as well as what actions TikTok is taking to keep their kids safe. We made our concerns clear with TikTok. It is now time to continue the committee’s efforts to hold Big Tech accountable by bringing TikTok before the committee to provide complete and honest answers for people.”

Forbes reported in December that ByteDance employees obtained data from US users. At least two reporters had their data viewed by ByteDance employees who were investigating past leaks of internal company documents. Byte Dance fired all of the employees who participated in the scheme and two of them were from China.

The U.S. War in Ukraine: How to Stay Safe in the Era of Cyber-attacks, Nuclear Insurrections, and Drones

As Russia’s war in Ukraine drags on, Ukrainian forces have proved resilient and mounted increasingly intense counterattacks on Kremlin forces. drones are entering an ominous phase as the conflict progresses. Russia recently began using Iranian “suicide drones” to wreak destruction that is difficult to defend against. NATO is watching closely for any signs of a potential Russian nuclear strike, which is why we look at what indicators the global community has available to assess whether Russia is actually preparing to use nuclear weapons.

Customers should seriously consider shifting to cloud email hosting because the platform isn’t receiving the development resources it needs anymore, due to the various vulnerabilities in Microsoft’s Exchange server. And new research examines how Wikipedia’s custodians ferret out state-sponsored disinformation campaigns in the crowdsourced encyclopedia’s entries.

If you’re concerned about the ongoing risk of ransomware attacks around the world, you need to know that middle-of-the-pack groups such as the Vice Society maximize profits and minimize their exposure by investing very little in technical innovation. They don’t target sectors like education or health care, they just run sparse and unremarkable operations. We’ve got a guide to change passwords and set up “passkeys” on your browsers, if you’re looking to improve their security.

But wait, there’s more! Each week, we highlight the news we didn’t cover in-depth ourselves. You can read the full stories by clicking on the headlines. And stay safe out there.

The American Cloud Security Roundup: A Labeling Plan for a Smart Internet of Things Security – A Giant Stream of Security Labels?

Some prospective customers of Microsoft’s cloud services were made aware of a misconfiguration. Researchers from the threat intelligence firm SOCRadar disclosed the leak to Microsoft on September 24, and the company quickly closed the exposure. According to a report by SOCRadar, the exposed information stretched as far back as last year and up to this year. The researchers linked the data to more than 65,000 organizations from 111 countries. Microsoft said the exposed details included names, company names, phone numbers, email addresses, email content, and files sent between potential customers and Microsoft or one of its authorized partners. Cloud misconfigurations are a longstanding security risk, and have led to countless exposures.

There are no easy answers to improve the longstanding security dumpster fire created by cheap, undefended internet of things devices in homes and businesses around the world. But after years of problems, countries like Singapore and Germany have found that adding security labels to internet-connected video cameras, printers, toothbrushes, and more. The labels give consumers a better understanding of protections and manufacturers an incentive to improve their practices and get a gold seal. This week, the United States took a step in the right direction. The White House announced plans for a labeling scheme that would be a sort of EnergyStar for IoT digital security. The administration held a summit with industry organizations and companies this week to discuss standards and guidelines for the labels. “A labeling program to secure such devices would provide American consumers with the peace of mind that the technology being brought into their homes is safe, and incentivize manufacturers to meet higher cybersecurity standards, and retailers to market secure devices,” National Security Council spokesperson Adrienne Watson said in a statement.

Source: https://www.wired.com/story/tiktok-bytedance-americans-data-security-roundup/

Internet Security and Privacy Issues in the U.S. After the Mar-A-Lago Paper, the Washington Post Learns What You Shouldn’t Know

The Washington Post was told this week by sources that sensitive information about Iran and the United States were included in documents taken from the Mar-a-Lago estate by the FBI. “Unauthorized disclosures of specific information in the documents would pose multiple risks, experts say. People aiding US intelligence efforts could be endangered, and collection methods could be compromised,” the Post wrote. The information could make other countries retaliate against the US.

Open internet proponents were relieved last month when an American candidate beat a Russian challenger in an election to run the International Telecommunications Union, an important international standards body tasked with cross-boundary communications. Meanwhile, though, we took a look at the fragility of the world’s internet infrastructure and the vulnerability of crucial undersea cables.

There is evidence that the new legal climate for abortion in the US is promoting a culture of community scrutiny, which is a hallmark of authoritarian states. And surveillance is on the rise in soccer stadiums around the world as well. The eight stadiums in the 2022 World Cup in Qatar will be filled with thousands of cameras to screen spectators and conduct iris scans.

The more secure, “memory safe” programming language Rust is making inroads across the tech industry, offering hope that a massive swath of common vulnerabilities could eventually be preempted and eliminated. We have a database of the most important vulnerabilities that you should be patching right now.

Source: https://www.wired.com/story/tiktok-eu-privacy-policy-security-roundup/

Investigation of Jack Dorseys’ Cash App, a Social Media Fraudster, and the Rise of Ransomware in the United States

Liz is going through a tough time. Soon after her historically brief stint as the UK prime minister, the Mail on Sunday reported that agents working on behalf of Russia had hacked her personal cell phone when she was foreign minister. The breach allegedly allowed these Russian operatives to intercept messages between Truss and officials in other countries, including messages about Ukraine. The Mail report says that former prime minister Boris Johnson suppressed the incident. Labor Party officials called for an immediate investigation into the Conservative opponents, despite the fact that the breech is unconfirmed. “There are immensely important national security issues raised by an attack like this by a hostile state which will have been taken extremely seriously by our intelligence and security agencies,” Labor Party shadow home secretary Yvette Cooper said last weekend. There are security questions about why and how this information has just been released, which should be quickly investigated.

This week another of Jack Dorseys corporate creations is facing new heat. The Cash App is helping fund sex trafficking in the US according to a Forbes investigation. Based on police records, “hundreds of court filings,” and claims by former Cash App employees, the investigation found rampant use of the Cash App in sex trafficking and other crimes. The company is owned by Block Inc., and has staff who are dedicated to working with law enforcement. Forbes writes that Block has never provided any tips to the National Center for Missing and Exploited Children about child abuse, despite the fact that other payment platforms give the center tips.

The US Treasury Department this week said US financial institutions facilitated ransomware payments totaling nearly $1.2 billion in 2021—a 200 percent increase since 2020. The report landed amid an international White House summit aiming to combat the rise of ransomware, a type of malware that allows attackers to encrypt a target’s files and hold them for ransom until the victim pays. The acting director of the Financial Crimes Enforcement Network said that there is still a serious threat to our national and economic security. While $1.2 billion in payments is already painful enough, the number does not take into account the costs and other financial consequences that come with a ransomware attack outside of the payment itself.

TikTok: Stop Telling Us What You Don’t Know About Social Media, or Stop Talking with Us About China and Other Strangers

“American users have yet to receive any meaningful action from the federal government to protect them against TikTok,” he said in a statement. “There is no more time to waste on meaningless negotiations with a CCP-puppet company. It is time to ban Beijing-controlled TikTok for good.”

The proposed legislation would “block and prohibit all transactions” in the United States by social media companies with at least one million monthly users that are based in, or under the “substantial influence” of, countries that are considered foreign adversaries, including China, Russia, Iran, North Korea, Cuba and Venezuela.

The app doesn’t work on state- issued devices, according to several governors. This week, Alabama, Georgia, Idaho and Utah joined four other states — Maryland, South Dakota, South Carolina and Nebraska — in issuing such bans.

One reason the discussions have lagged is a split in the White House. Senior national security officials say TikTok needs to seperate from its parent company, ByteDance. Yet others say the new safeguards TikTok is implementing are enough to ameliorate most concerns about Chinese influence.

McQuaide said that they will brief members of congress on the plans that have been developed under the oversight of our country’s top national security agencies.

The first version of the article appeared in the newsletter. Sign up for the daily digest chronicling the evolving media landscape here.

The Rise of TikTok: The U.S. Pop Culture After Wray, Berkman and Wray Revisited

But its widespread usage across the U.S. is alarming government officials. In November, FBI Director Christopher Wray raised eyebrows after he told lawmakers that the app could be used to control users’ devices.

The Senate passed a bill that provides exceptions for law enforcement, national security interests and activities.

Berkman acknowledges that it would be hard to get users off the app. More than one billion users flock to its site each month, it was reported last year.

The administration is against TikTok as a tool of foreign influence and in favor of it as a conduit to the public, but that seems like a fitting way to respond to the problem that TikTok poses. TikTok has reinvented American culture from media to music to meme to celebrity, in its own image. TikTok turned Olivia Rodrigo into a household name and propelled the author Colleen Hoover to the top of the best-seller list, with more copies sold this year than the Bible. TikTok’s “quiet quitting” and the new dialects of “Seggs,unalive” and “le dollar bean” are becoming more and more popular in pop culture. Corporations and brands, from Goldfish crackers to Prada, have redirected billions of dollars worth of advertising to the platform in recognition of its all-encompassing reach, which can, at seemingly any moment, turn even a decades-old product into a must-have item. Last year, TikTok had more site visits than Google, and more watch minutes in the United States than YouTube. Facebook took almost nine years to reach one billion users; TikTok did it in five.

On the Pseudoscalar Nature of TikTok: What Have We Learned to Stop the Big Tech Lobbyists from Exploring User Data Privacy?

National security experts say that China-based businesses are usually required to give unfettered access to the authoritarian regime if information is ever sought.

So the ban on federal government devices is an incremental restriction: Most drastic measures have not advanced, since the efforts lacked the political will, or courts intervened to stop them.

Yet the panic about TikTok is overblown. While some data concerns exist—though none more extreme than those over any US-based social media platforms—policies and discourse around TikTok in politics amount to a modern-day Red Scare. The politicians in the U.S. are so focused on blaming China for not having good data security that they don’t notice that the Big Tech Lobbyists are blocking any attempts at federal social media regulation. Without a federal ban on TikTok throughout the United States (which remains staunchly unlikely), it is impossible to put the app back in the proverbial Pandora’s box. These TikTok bans will cause more harm than good when it comes to educating media citizens in college classrooms.

“While ByteDance claims that it maintains its operations in the United States separately, there is no easy way to determine the extent to which that claim is true,” said Sameer Patil, a professor at the University of Utah who studies user privacy online.

“I think it’s overblown to what extent they know about users on an individual level,” he said.

TikTok, Oberwetter said, has faith in the CFIUS process, which is centered on making sure the video app does not become manipulated by the influence of the Chinese government.

Another possible resolution is that the committee is satisfied with the steps TikTok has taken to ensure there is a firewall between U.S. user data and ByteDance employees in Beijing and the Chinese government.

CFIUS deliberations are famously secretive and happen behind closed doors. It is not known when the committee will finish its work or which way it is leaning.

Can the App Store Get in the Way of China? The American View of TikTok, a Mobile App that is Owned by a Foreign Government

The state of Nebraska has had a ban on all devices since 2020. So has the Florida Department of Financial Services. Louisiana and West Virginia had partial bans.

Chinese law requires Byte Dance to help the government by sharing user data from anywhere in the world.

It’s a question of whether you can make a service such as TikTok that’s owned by a Chinese government that doesn’t get in the way of China’s government. I’m not sure if what we saw on the site this week spoke to that.

“For the US soldiers to be told not to use the app because it could show their location to other entities would be sensible,” said Chander. “But that’s also true of the weather app and then lots of other apps that are existing in your phone, whether they’re owned by China or not.”

A ban of TikTok throughout the United States, if it could actually be enacted, would immediately solve our national security concerns about the wildly popular Chinese-owned video app. The national security of our country may be at greater risk due to such a ban. Moreover, it would sidestep a broader problem — our nation’s overall failure to address concerns over the huge amount of personal data collected in our digital lives, especially when that data could be used by foreign adversaries.

“The truth of the matter is, if the sophisticated Chinese intelligence sector wanted to gather information on particular state employees in the United States, it wouldn’t probably have to go through TikTok.”

“It is easy for people to say a foreign government is a threat and protect yourself from that foreign government,” he says. I believe we should be a little cautious about how politicized that is in order to achieve political ends.

The Tech Industry is Doomed: Why a TikTok-Based Anti-Telbergy Server Reorganization is Undermining Democracy, Children and Mental Health

Brooke Oberwetter, a spokeswoman for TikTok, said to The Wall Street Journal that the move was a political signal rather than a practical solution for security concerns, and claimed that the ban would have minimal impact because very few House-managed phones have TikTok installed.

He said that citizens in the US should be wondering about the consequences of having so many commercial security companies in the country. “And we should do something to address it, but not in this ad hoc posturing way, but by passing comprehensive privacy rules or laws, which is something that, for example, the Federal Trade Commission seems very interested in doing.”

But it isn’t just lobbying that has made some of these bills difficult to pass. It is much more difficult to impose standards on an entire industry than a bill to govern how the US government handles technology.

The tech industry’s largest players have faced a kitchen sink of allegations in recent years. From knee-capping nascent rivals; to harming children and mental health; to undermining democracy; to spreading hate speech and harassment; to censoring conservative viewpoints; to bankrupting local news outlets; Big Tech has been made out as one of Washington’s largest villains.

A TikTok official has said that China-based employees will never have this kind of access to American accounts under the new server reorganization.

Beckerman thinks a lot of the concerns are overblown but he thinks the problems can be solved through government negotiations.

ByteDance, Google, Amazon, TikTok, and Meta are Fighting Wall Street Monopoles Against Wall Street Wall Street Laws

ByteDance spent $270,000 on lobbying in the year 2019, according to public records obtained by the transparency group OpenSecrets. By the end of last year, its lobbyist count had more than doubled and the company had spent nearly $5.2 million on lobbying.

Last year, Meta spent up to $20 million on internet industry lobbying. Next was Amazon at $19 million, then Google at almost $10 million. The parent company of TikTok spent more in lobbying than the combined figure, which was almost 10 times the amount.

One of those bills, the American Innovation and Choice Online Act (AICOA), would erect new barriers between tech platforms’ various lines of business, preventing Amazon, for example, from being able to compete with third-party sellers on its own marketplace. A House investigation in 2020 found many of the biggest tech companies to be effectively monopolies.

A bill that would have made platforms pay news organizations more was passed this month, but then was taken off the table. But the legislation stumbled after Meta warned it could have to drop news content from its platforms altogether if the bill passed.

Time and again, Silicon Valley’s biggest players have maneuvered expertly in Washington, defending their turf from lawmakers keen to knock them down a peg.

Government decisions about rules imposed on tech platforms have called into question how those rules will affect different parts of the economy from small businesses to individual users.

In some cases, as with proposals to revise the tech industry’s decades-old content moderation liability shield, Section 230 of the Communications Decency Act, legislation may raise First Amendment issues as well as partisan divisions. Section 229 should be changed so that social media companies have more latitude to leave out hate speech and offensive content, said Democrats, while Republicans said that the law needs to be changed so that platforms can be pressured to remove less content.

The cross cutting politics and technical challenges of regulating an entire sector of technology, not to mention the possible consequences for the economy of messing it up make it difficult to reach an accord.

What if social media and communications professors are banned from using TikTok for learning, teaching, and accessing content in the 21st century?

It’s important to establish a Republican brand. A central tenet of what unites Republicans now is taking a strong stance [and] standing up to China,” says Thad Kousser, professor of political science at U.C. San Diego.

Social media research and teaching have become staples in academia and higher education curriculums. The app has fundamentally changed the nature of modern communication with its aesthetics, practices, storytelling, and information-sharing.

From an educational standpoint, how are media and communications professors supposed to train students to be savvy content creators and consumers if we can’t teach a pillar of the modern media landscape? While students can certainly still access TikTok within the privacy of their own homes, professors can no longer put TikToks into PowerPoint slides or show TikTok links via classroom web browser. Due to the change in TikTok’s use by brands, companies and novel forms of story telling, professors will not be able to train their students in the best practices for these purposes. Additionally, TikTok makes parts of the world more accessible, as students can see the things they are learning about in real time.

The world keeps turning as these states implement their bans, leaving their citizens disadvantaged in a fast-paced media world. Additionally, media and communications students in the states will be at a disadvantage in applying for jobs, showcasing communicative and technical mastery, and brand and storytelling skills, as their peers from other states will be able to receive education and training.

Professors are also doing research. Social media scholars in these states quite literally cannot do what they have been hired to do and be experts in if these bans persist. One may be able to use mobile data at the university, but not all of the people will pay for a data plan on their phone. The answer is no one. While working at home does remain an option, professors are also employees who are expected to be on campus regularly to show they are in fact working. If a professor wants to research TikTok on campus they will have to use mobile data, which can be expensive, or accidentally going over one’s limits, so they choose to use video streaming via mobile.

TikTok CEO Shou Zi Chew is expected to appear before Congress in March to face questions from lawmakers over US user safety and security on the popular video app, as first reported by The Wall Street Journal.

A bill was being considered by the chairman of the Senate Intelligence Committee to ban applications that pose security risks, according to a report.

The app, owned by ByteDance, Inc., has been under fire since the Trump administration, when the former president signed an executive order to enforce a nationwide ban of the app, but ByteDance sued and it never went through.

In his letter to the companies, Bennet demanded that Apple and Google take TikTok off their app stores.

The CEO of TikTok chatted with the New York Times last year about the company’s plan to move its data from Virginia and Singapore to a US based server called “Project Texas.”

Responding to Monday’s hearing announcement, TikTok spokesperson Brooke Oberwetter welcomed “the opportunity to set the record straight.” Oberwetter said TikTok plans to discuss its “comprehensive plans” to protect US user safety during the March 23rd hearing.

The China-US Connection: A Charm Offensive: TikTok, Inc. vs. App Stores, Cloud and Internet Services

Unlike Google, Apple has a lot to lose regarding its relationship with both the US and China. Cook has a good relationship with the Chinese government and they are believed to be the reason for his success at Apple.

Some people think Washington will take action. Mira Ricardel is a former White House deputy national security adviser now at the Chertoff Group. “There is a unanimity of view that will lead to doing something.” Here is what that something may look like.

India’s blockade of TikTok is slowly coming down. A few small ISPs permit access, according to NetBlocks. And Ram Sundara Raman, lead developer for the University of Michigan’s Censored Planet project, says he was able to watch videos during a visit to India using the app he had downloaded in the US. The ban has caused many Indian users to move away from TikTok, and has caused turmoil forInfluencers who built businesses on the platform.

Trump’s order would have immediately prohibited app stores from distributing TikTok, and nearly two months later would have barred cloud providers and internet infrastructure services from doing business with the company. The companies could have been fined or sentenced to prison if caught dodging the order. “We wanted to start at the root, where it comes into the US, and extract it that way,” says Ivan Kanapathy, who was China director for Trump’s National Security Council and is now vice president at policy consultancy Beacon Global Strategies.

The company recently launched a full-fledged charm offensive that has included rapid-fire meetings in Washington with TikTok CEO Shou Zi Chew, new transparency tools on the app and a first-ever tour to members of the media of its corporate campus in the Los Angeles area.

“There’s a lot of performative action going on,” said Adam Segal, a Chinese technology policy expert at the Council on Foreign Relations. “It’s a desire to show toughness on China,” he said.

“But there’s also a lot of pent-up animosity toward social media broadly and its affect on children, U.S. democracy and misinformation, and it’s easier to take it out on Chinese-owned TikTok right now than it is, say, Facebook or Twitter,” Segal added.

All US user traffic is routed through an oracle server, as well as all the source code of TikTok which includes the powerful algorithm that determines how videos go viral. A third party monitor will be hired to look at TikTok’s data in the event that Oracle misses anything.

TikTok officials said that USDS would hire 2,500 people who’ve undergone background checks similar to those used by the US government. None of the people hired were from China.

Employees in Beijing can analyze aggregate data from the app or videos that are popular in certain countries, but they have to get permission from the U.S. data security team.

TikTok and Project Texas: The First Media Briefing on the Project’s Cybersecurity Problems in the U.S. (with an Appendix by J. Lewis)

The plan addresses many of the major security concerns U.S. officials have, said Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies, but that is no guarantee it will be approved.

Lewis said the Oracle plan would work. “This kind of thing is pretty standard. TikTok has become so emotional, however, that a reasonable solution may not be enough.”

Not making a deal would leave TikTok in limbo and raise the possibility that Byte Dance would spin it off into an American tech firm.

Assuming the deal passes muster, though, Segal agreed that it resolves the bulk of the data security concerns by allowing inspections of its algorithm and transferring U.S. user data to Oracle.

It was the first time the company has given an official briefing on Project Texas, a plan many details have been spilled out about in the media.

Reporters were given a tour of the TikTok’s Transparency and Accountability Center which felt like a museum.

There was a game where people were put in the position of a TikTok content editor and had to decide if a video violated TikTok’s rules.

The facilities will also feature server rooms where visitors who sign non-disclosure agreements can review TikTok’s entire source code, though journalists are not given an opportunity to do this.

Source: https://www.npr.org/2023/02/02/1153448116/tiktok-la-media-briefing-project-texas

How often do you trade-offs on videos? A Comment on Casey Newton’s Theoretical Exploration of the Content Moderation Game

Tech journalist Casey Newton of the newsletter Platformer said the content moderation game brought home just how tricky it is for the thousands of people who have to make trade-offs every day on an endless flood of videos, but it was largely beside the point.