Connect with us

Cybersecurity

Facebook Continues to Face Intense Congressional Scrutiny at House Financial Service Committee Hearing

Published

on

WASHINGTON, July 17, 2019 – Facebook’s digital currency platform Calibra continues to be the focus of intense congressional scrutiny. On Wednesday, it was from the House Committee on Financial Services.

Chairman Patrick McHenry, R-N.C., said the committee wanted to make sure that Libra isn’t just a “ploy” to send Facebook’s Twitter mentions “through the roof.”

David Marcus, head of Calibra at Facebook, said that the social network giant’s association with Libra aims to establish the “rules of the road” for the blockchain industry. Facebook will not interfere with the monetary policies of central banks, he said.

Calibra will not offer banking services, but wants Libra to become a globally recognized digital currency. Facebook will “take the time to get this right,” he said.

Marcus received pushback from both sides of the aisle regarding Libra’s specific role in the financial service industry and its possible exploitation for nefarious use.

“We need to get Mark Zuckerberg here,” said Rep. Brad Sherman, D-Calif. “This is an attempt to turn power from America to Facebook and its allies.”

Committee Chairwoman Maxine Waters, D-Calif., asked why Facebook should be trusted with spearheading the project. The company has allowed “malicious Russian state actors” to purchase ads in a campaign to influence the 2016 election, she said.

The creation of currency is a core government function and should be left to accountable, democratically elected members, said Rep. Carolyn Maloney, D-N.Y. Congress should “seriously consider” stopping the Calibra project from moving forward, she said, if Facebook does not at least launch a small pilot program to test the system.

Libra is a “complete overhaul” of the circulation system of America’s global economy, said Rep. Jim Himes, D-Conn.

Rep. Ann Wagner, R-Mo., said that Libra could have “significant geopolitical implications” regarding the enforcement of economic sanctions.

60 percent of the world’s population does not live in a country with stable currency, said Rep. Steve Stivers, R-Ohio. We want to encourage cryptocurrency innovation, but we need to address the application of cross-border payments, he said.

People will be able to connect bank cards with their Calibra wallets when making international payments, said Marcus, but he said he expects there to be limits on where money can be sent.

“I doubt people will be paying their rent with Libra anytime soon,” he said.

America needs to remain a leader in global financial services and innovation, said Rep. Gregory Meeks, D-N.Y. He expressed uncertainty of how Facebook should be regulated if it is acting similarly to a bank.

“Libra looks exactly like an exchange-traded fund, so why isn’t it?” said Rep. Bill Foster, D-Ill.

Neither Facebook’s white paper nor subsequent online post provided any concrete plans on how to provide safety for America’s financial system, said Rep. David Scott, D-Ga.

Rep. French Hill, R-Ark., asked Marcus whether users will be charged a fee in the Calibra system. Marcus said that Calibra is hoping to offer little to no price at all between consumers and a small fee for merchants. He also said that people will not be able to open accounts without a government issued identity document or a more traditional “know your customer” assessment.

Facebook will have a number of different payment types on the platform, said Marcus, including debit and credit cards.

Rep. Blaine Luetkemeyer, R-Mo., said he was concerned about who will share the profits of Libra’s reserve.

The value of the reserve will be proportional to the number of Libra coins in circulation, said Marcus. Returns will be used to fund operation costs and to reimburse investors in the Calibra System.

The main point that Marcus addressed was that the current banking is “not working” for most people. Going forward, Facebook needs to be “thoughtful” about Calibra’s project, as the company should not be in the business of deciding what people can do with their money, he said.

(Photo of David Marcus at Facebook F8 developer conference in 2015 by Maurizio Pesce used with permission.)

Cybersecurity

FCC Halts Authorization of Equipment That Threatens National Security

The FCC’s order prevents future authorizations of equipment on the commission’s “Covered List” of national security threats.

Published

on

Photo of FCC Commissioner Brendan Carr

WASHINGTON, November 28, 2022 – The Federal Communications Commission published Friday a modification of certification rules that will bar from United States markets technologies that are considered threats to national security.

The commission’s action seeks to prevent Chinese tech companies deemed to be national security threats – such as Huawei and ZTE – from gathering data on and surveilling American citizens. The Chinese Communist government can force, under law, private companies to hand over data from their products, thus putting Americans at risk, experts and government officials have said.

Friday’s action bars the commission from issuing further authorizations for covered technologies, without which those technologies may not be imported to or marketed in the United States. The action also closes loopholes that would allow certain products to skirt the authorization process.

“That does not make any sense,” said FCC Chairwoman Jessica Rosenworcel in a statement. “After all, there is little benefit in having these lists and these bans in place just to leave open other opportunities for this equipment to be present in our networks. So today we are taking action to align our equipment authorization procedures with the rest of our national security policies.”

The FCC already publishes a list of entities and products, on the advice of Public Safety and Homeland Security,  that pose national security risks. The commission has long shown skepticism toward such risky technologies, notably disallowing the use of universal service funds to buy certain products in 2019.

The rule covers many types of equipment, including base stations, phones, cameras, and Wi-Fi routers.

With this decision, the FCC has fulfilled a congressional mandate to enact a moratorium on equipment on the covered list within 12 months. The statute followed a notice of proposed rulemaking it issued last year.

Congress in 2017 forbade the Department of Defense from using telecommunications equipment or services from Huawei or ZTE. Building on that effort, Congress the next year expanded prohibitions on federal use of technology from those companies and three others. In 2019, in response to concerns over the integrity of communications networks and supply chains, the White House declared a national emergency.

In March 2020, then-President Donald Trump signed into law the Secure Networks Act, requiring the FCC to prohibit the use of moneys it administers for the acquisition of designated communications equipment. The act promoted the removal of existing compromised equipment through a reimbursement program – called Rip and Replace – and further directed the commission to create and maintain the covered list.

FCC Commissioner Brendan Carr, outspoken on national security issues, celebrated Friday’s decision, but called for further action.

“We must also vigilantly monitor compliance with the rules we’ve established today, including by ensuring that entities do not make an end run around our decision by ‘white labeling’ covered gear – a process that involves putting a benign or front group’s name on equipment that would otherwise be subject to our prohibitions,” Carr said in a statement.

Rosenworcel said in her statement that the order covers “re-branded or ‘white label’ equipment that is developed for the marketplace. In other words, this approach is comprehensive.”

Carr also once again called for federal action against TikTok, the Chinese built social media app. The video-sharing app gathers extensive data on users, and despite protestations to the contrary, the platform routinely feeds Americans’ information to the Chinese government, reports say.

“Secure networks mean little if insecure applications are allowed to run, sweep up much of the same sensitive data, and send it back to Beijing,” Carr said.

Continue Reading

China

Report Urges States, Local Governments Follow Federal Rules on Prohibited Equipment Purchases

Only a handful of states have crafted their purchasing decisions after federal rules banning certain companies’ equipment.

Published

on

Members of the Center for Security and Emerging Technology at Georgetown University

WASHINGTON, November 14, 2022 – A think tank is recommending state and local governments align their rules on buying technology from companies with federal guidelines that prevent agencies from purchasing certain prohibited foreign technology, such as ones from Chinese companies.

The Center for Security and Emerging Technology at Georgetown University notified the Federal Communications Commission late last month of a report released that month regarding what it said was a concerning trend of state and local governments having outdated procurement policies that are seeing them purchase equipment banned for federal purchase.

“State and local policymakers should not be expected to independently analyze and address the threats posed by foreign technology, but it would behoove them to align their own procurement practices with the rules set by the federal government,” the report recommends.

The FCC has a list of companies, as required by the Secure and Trusted Communications Networks Act of 2019, that it updates on a rolling basis through commission votes that it says pose a national security threat to the country’s networks. It last updated the list in September, when it added Pacific Network Corp. and China Unicom Operations Ltd. to the growing list that already includes Huawei and ZTE.

Chinese companies and following Communist Party directions

U.S. officials and experts have warned that Chinese companies operating anywhere in the world must follow directions of the Chinese Communist Party, which they say could mean anything from surveillance to American data falling into the hands of that government.

The report notes at least six state governments had their networks breached by a state-sponsored Chinese hacking group between May 2021 and February 2022.

The only states that have enacted local regulations aligned with federal provisions are Florida, Georgia, Louisiana, Texas, and Vermont, the report said. Provisions in Georgia and Texas prohibit private companies from entering into agreements with the covered companies. Vermont, Texas and Florida provisions block state entities from purchasing equipment from countries like China, Russia, Iran, North Korea, Cuba, Venezuela and Syria. Louisiana and Georgia provisions ban public-funded schools from buying prohibited technology.

The remaining 45 states do not explicitly target the equipment and services they produce, nor are they directly responsible for following federal provisions, the report said, leaving state entities vulnerable in obtaining equipment from third party contractors that could pose a security risk.

“Many government entities also lack the in-house technical expertise and procedures to understand and address such threats in the first place, and those that do may prioritize addressing immediate threats like ransomware over the more abstract risks posed by foreign ICTS,” the report said.

Section 889 of the 2019 National Defense Authorization Act is one out of four federal provisions addressing the issue, prohibiting federal agencies from using equipment and services from Huawei, ZTE, Hikvision, Dahua and Hytera as well as working with contractors that use the equipment.

Prohibited products finding their way in

In some cases, the report said, the listed companies will sell their products to third party contractors that are not listed on Section 889 to bypass regulations, according to the report. Due to the low cost of Chinese equipment, public schools and local governments will purchase from the third-party entities that are unknowingly selling prohibited equipment, it added.

“These ‘middle-man’ vendors can mask the origin of their products, which creates major challenges for organizations aiming to keep certain equipment and services off their networks”, the report reads.

“Currently, contractors are responsible for self-certifying that their products and internal networks do not contain covered [products]” and “… inspecting the IT infrastructure—equipment, services, and components – of every contractor that does business with the federal government would require a staggering level of resources, making it difficult for agencies to conduct effective oversight.”

Continue Reading

Cybersecurity

Internet of Things Devices May Provide a Weak Point for Cybersecurity, Says CableLabs

But every device is a potential way into its network, and the recent explosion of IoT devices presents security risks.

Published

on

Screenshot of Brian Scriber, vice president of security and privacy technologies at CableLabs.

WASHINGTON, November 9, 2022 – Since Internet-of-Things appliances are prime “landing spot[s]” for cyber-attackers looking for network access, industry standards and open-source resources are important to maintaining cybersecurity at the device level, said Brian Scriber, vice president of security and privacy technologies at CableLabs, a non-profit the innovation arm of the cable industrylab.

“The mark that we’re really shooting for is how do we get some industry-led initiatives to really make a difference on the… supply” (of IoT devices),” Scriber said Tuesday on during a cybersecurity panel at the American Enterprise Institute, a conservative think tank.

IoT refers to network-connected devices that can interact with their environments. IoT devices can be refrigerators, thermostats, home-security systems, health-monitoring devices, and much else. But every device is a potential way into its network, and the recent explosion of IoT devices presents security risks.

“If you are an attacker, finding a vulnerable device like a lightbulb is fantastic because it has power constantly, it has the computational ability to be able to engage, you gave it network credentials when you brought it on your network,” Scriber argued. And e

Even a secure network can’t protect against the cyber risks associated with vulnerable devices, he added.

In addition to device security, overall network security is crucial and can be enhanced by limiting communication between devices, suggested said Katerina Megas, program manager of the Cybersecurity for Internet of Things Program at the National Institute of Standards and Technology, a federal agency responsible for technical calibration and standard-setting.

“There has to be an ecosystem approach,” Megas said.

In October, President Joe Bidens administration announced preliminary steps towards a cybersecurity labeling system for IoT devices.

By developing and rolling out a common label for products that meet by U.S. Government standards and are tested by vetted and approved entities, we will help American consumers easily identify secure tech to bring into their homes,” the White House said.

Continue Reading

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Broadband Breakfast Research Partner

Trending