Facebook fights fires on multiple fronts
Amid days of congressional testimony by Facebook CEO Mark Zuckerberg, the company faced several crises. The fallout from the Cambridge Analytica scandal continued this week, with Facebook confirming that 87 million users were affected (up from the original estimation of 50 million). Another data analytics firm was suspended from the platform after journalists raised questions about how the company used information gathered from online quizzes. Facebook admitted that most of its two billion users likely have had their public data scraped by third parties. The company is also under pressure to apply the European Union’s General Data Protection Regulation, which will enshrine greater privacy protection for its citizens, to Facebook users across the world (with the possible exemption of users in the United States).
In a bid to better monitor content on the site, Facebook deleted an additional 135 Facebook and Instagram accounts and 138 Facebook pages that were run by the Russia-based Internet Research Agency. The agency, labelled a ‘troll factory’, was indicted by the US Justice Department earlier this year for engaging in ‘operations to interfere with elections and political processes’.
After civil society groups in Myanmar criticised Facebook for its role in inciting violence against the Rohingya minority group, Zuckerberg took the unusual step of emailing an apology directly to the activists. Indonesia’s communications minister also voiced concerns about Facebook’s ability to manage fake news in the country’s upcoming presidential election, warning he would block the platform if necessary.
Not kidding about data
YouTube is coming under scrutiny for improperly collecting data on children. A coalition of child protection and consumer advocacy groups has filed a complaint with the US Federal Trade Commission alleging that Google, the owner of YouTube, is violating child protection laws. The group believes that Google has circumvented the US Children’s Online Privacy Protection Act (COPPA), which requires parental consent to collect personal information on children aged under 13, by claiming YouTube is ‘not for children under 13’. The advocacy group claims the site is used by about 80% of children aged 6–12 in the US and has become a source of popular cartoons, nursery rhymes and toy adverts.
Senator Ed Markey, author of the COPPA, asked Facebook CEO Mark Zuckerberg at Tuesday’s congressional hearing whether he would support a ‘child online privacy bill of rights for kids under 16’. Markey deemed inadequate Zuckerberg’s response that he agrees the issue ‘deserves a lot of attention’ but was ‘not sure if we need a law’.
Hackers flip Cisco’s switches
Vigilante hackers exploited a vulnerability in Cisco switches in a widespread attack, displaying the US flag with the warning ‘Don’t mess with our elections’ on affected computers. The switches were then disabled, causing some internet and website outages. Multiple countries were affected by the attack, including data centres and internet service providers in Russia and Iran, as well as critical infrastructure in other states. The low-skilled attack used a website that scans the internet for vulnerable devices and a publicly available script that automated the exploit process. It remains unclear who was behind the operation or how discriminate it was.
Chad blocks news and social media platforms
The Chadian government has blocked WhatsApp, Facebook Messenger, Viber, other social media platforms as well as the BBC for several weeks, according to internet watchdogs. The move seems to have come after a national conference recommended constitutional changes that would extend President Idriss Déby’s term by 15 years. Internet Without Borders, an advocacy organisation, believes the shutdown ‘suggests that the government is once again limiting digital rights of citizens, online freedom of expression in particular, for political reasons’. The Chadian government has used social media blackouts in the past, such as during the 2016 presidential election.
Other countries have used similar tactics during election season. To prevent foreign interference in its election, France implemented media controls in the final hours before voting booths opened. For about two days prior to the election, French citizens, journalists and politicians were forbidden from broadcasting ‘electoral propaganda’.
Trump slaps new sanctions on Russia
The White House announced a fresh round of sanctions on Russian entities on 6 April. Seven Russian nationals, 12 associated companies, 17 Russian government officials and a state-owned weapons-trading company were sanctioned for their roles in ‘advancing Russia’s malign activities’. The statement included several cyber-related rationales for the sanctions.
When Russian markets opened after the announcement, the companies of the targeted oligarchs lost up to US$16 billion and the Russian rouble fell to its lowest value against the dollar since the end of 2016.
UK’s warning on supply chain vulnerabilities
The United Kingdom’s National Cyber Security Centre (NCSC) released a report about ongoing cyber attacks targeting the country’s critical infrastructure supply chain. The report warns that hostile state actors are conducting espionage on a range of organisations, including industrial control system and engineering firms. Although the NCSC does not attribute the campaign to the Russian government, it links the activity to last month’s alert from the US Department of Homeland Security (DHS), which accused Moscow of conducting cyber operations against critical infrastructure sectors in the US.
Insight from Sean Kanuck, IISS Director of Cyber, Space and Future Conflict
This week witnessed important milestones in beginning to protect future US elections. The DHS conducted its biennial Cyber Storm policy exercise, and for the first time included cyber attacks aimed at state and local election systems in the simulated crisis scenario. Seven states, including Colorado and Texas, participated in advance of the primary and general elections they will be administering later this year. Speaking on 10 April, Colorado Secretary of State Wayne Williams welcomed the opportunity and stressed the importance of improved threat information sharing between the federal government and state election officials.
On 9 April, several philanthropic foundations announced a combined initiative to fund academic research regarding the role of Facebook in elections. Facebook has agreed to provide scholars with access to proprietary data, which meets the company’s security and privacy requirements, for independent studies. Like Cyber Storm, this is a new and unique step in developing a better understanding of how to safeguard democracy’s most important institution – the electoral process.