This week we celebrated International Tech Policy Week, which happens every year around this time, when the American policymakers, the American execs who follow them, and the U.S. journalists who report on them all go home to eat turkey with their families and leave tech policy to the rest of the world.
Leading off a review of China’s contribution to the week, Paul Rosenzweig and Jordan Schneider cover Beijing’s pressure on Didi to delist from a S. stock exchange. If you believe it is about data security, I have a Chinese unicorn tech stock, soon to be half a unicorn, to sell you.
Jordan explains why China is also taking Tencent to the woodshed for not quite getting the message about who make the rules. In case you’re not getting the message, he also covers China’s decision to impose fines on tech firms for a decade’s worth of M&A deals.
Paul and I dig into a story that starts in the U.S. but soon moves abroad, Apple’s slightly weird computer fraud and abuse lawsuit against the international exploit firm, NSO Group. I point to other stories that seem to me to signal that tech hubris on this issue is out of control. Facebook is trying to stop undercover cops from using fake accounts to collect quasipublic information. And Apple is telling its customers when it discovers that they are the targets of state-sponsored malware. This is wholesale interference with law enforcement activity that in other contexts would simply be unexceptionable undercover work or lawful interception of communications. In Apple’s case, it’s egregious, since the company has not explained how it will manage to avoid blowing up legitimate counterterrorism and criminal investigations that are using malware because Apple has already foreclosed less dramatic options.
Meanwhile, in Israel, the demonization of NSO Group has led authorities to dramatically cut the number of countries to which spyware can be exported. Iran may not be on the list, but Israel seems to have exported plenty to that country, which is now returning the favor, as cyberconflict begins hitting ordinary citizens in both countries.
David, Paul, and I reveal our history-based prejudices as we examine the latest miniflap that briefly detained Congress’s proposed cyber incident reporting mandate – its failure to require simultaneous reporting to the FBI. That is a dumb idea, and the Senate seems to have treated it with exactly the amount of deference it deserved. At least that’s my view from inside the locker.
Jordan touches briefly on a Chinese province’s plan to construct a surveillance system for foreigners. He thinks there’s more (or maybe less) to the story than it appears. He also covers the U.S. decision to blacklist Chinese quantum computing companies, giving me a chance to divert him to coverage of the Endless Frontier Act and China’s peculiar decision to turn it into a BFD.
David and I dig into a proposed (and likely to pass) new UK law on IOT security that looks a lot like California’s law on the same topic.
In quick hits and updates, I note that Meta will have trouble delivering end-to-end encryption on Facebook and Instagram before 2023. And despite efforts to toxify the entire field and this company in particular, Clearview AI’s face recognition tool is performing very well against international competition. I also note that my research suggests that the whole “AI bias” narrative about face recognition, has been stuck in 2016 and has ignored the remarkable accuracy (and debiasing) strides the industry has made in recent years.