China is investing “tremendous resources” in its cyber program with the sole purpose of disrupting critical infrastructure to gain competitive advantage, National Cyber Director Harry Coker said Tuesday. Speaking at CYBERUK in Birmingham, England, Coker recommended international partners use their “collective strength, focus and determination” to combat China’s global cyber effort. He noted the Biden administration is also prioritizing efforts to thwart Russian cyberattacks in Ukraine. Russia’s cyber campaign in 2024 “marks a new standard of aggression, persistence, and operational agility,” he said. "For Ukraine, improving the security of networks and communications will be fundamental to their battlefield success."
The Biden administration recognizes the federal government’s cybersecurity strategy must factor in all emerging technology, including AI, quantum computing, wireless systems, satellites and cable, Nathaniel Fick, State Department ambassador-cyberspace and digital policy, said Monday. In the past, cybersecurity was narrowly defined, Fick said during an Atlantic Council panel discussion with NTIA Administrator Alan Davidson and Cybersecurity and Infrastructure Security Agency Director Jen Easterly. The administration is focused on an “affirmative” and “inclusive” vision for cybersecurity that “many people can opt into,” said Fick. The administration’s national cybersecurity strategy (see 2303020051) and the State Department’s U.S. International Cyberspace & Digital Policy Strategy support this vision, he said. Davidson said NTIA is focused on tech issues like building out broadband infrastructure, establishing “good internet governance” and strengthening privacy and AI policies, efforts that will inform U.S. cyber policy. President Joe Biden last week reiterated that AI is the “most consequential technology of our time,” said Davidson: It will affect every aspect of the economy and needs responsible development. Easterly said there’s “promise” for using AI-driven language models for detecting cyber threats to critical infrastructure. CISA is expecting to publish related findings soon, she said. AI should be designed with safety in mind at the start, not on the backend, said Easterly.
Congress should remove federal preemption language from the American Privacy Rights Act (see 2405080055) and allow state attorneys general to continue enforcing state laws, 15 Democratic AGs wrote Congress Wednesday. AGs signing the letter were from California, Connecticut, Delaware, Hawaii, Illinois, Maine, Massachusetts, Maryland, Minnesota, Nevada, New York, Oregon, Pennsylvania, Vermont and Washington, D.C. “We encourage Congress to adopt legislation that sets a federal floor, not a ceiling, for critical privacy rights and respects the important work already undertaken by states,” they wrote. California AG Rob Bonta (D) said his state is “at the forefront of privacy protections and must retain the ability to respond to privacy concerns as tech rapidly innovates. We urge Congress not to undercut the important protections that states have established.”
The Office of U.S. Trade Representative’s decision to abandon digital trade demands at the World Trade Organization will lead to more restrictive international data flows, tech and open-internet advocates said Monday. USTR Katherine Tai in October withdrew U.S. support for Trump-era proposals at the WTO, which addressed data localization restrictions and other impediments to data flow in places like China. Tai said the USTR withdrew to allow Congress to better regulate domestically. Her decision has left a vacuum where the U.S. used to influence data governance frameworks around the world, said Natalie Dunleavy Campbell, a senior director at Internet Society. This “highly regulated approach to the internet” resembles policies in places like China and Russia, and it will influence other countries to shift in the same direction, she said during a Congressional Internet Caucus Academy panel. Hopefully, the USTR will shift toward a more balanced set of rules that helps foster the benefits of the internet but provides domestic regulatory policy space to “deal with real harms,” said Lori Wallach, director of Rethink Trade. The administration hasn’t “articulated the reason for the pullback very well,” and the U.S.’s position on international data flows doesn’t appear to be heading in a “positive direction,” said Jonathan McHale, vice president-digital trade at Computer & Communications Industry Association. USTR didn’t comment.
The FTC’s actions against Amazon’s deal to buy iRobot show the agency will work outside U.S. antitrust law and achieve its goals through European enforcers, House Oversight Committee Chairman James Comer, R-Ky., said Tuesday in a letter to the agency. Comer announced his office is investigating the FTC’s collaboration with European antitrust enforcers on the Amazon transaction (see 2402010063). The FTC filed a second request for information on the deal in September 2022, opening a probe of the agreement, and an EU investigation soon followed, Comer said. EU enforcers announced an in-depth investigation in July and told Amazon it was blocking the deal in January, he said: “The FTC’s actions indicate to American businesses that the FTC will work outside of U.S. antitrust law by using the EC to realize its desired outcomes.” It appears the agency “actively coordinated” with foreign enforcers to block a deal that “could have saved American jobs and promoted American innovation and standing in a vital market,” he said. The FTC declined comment Wednesday.
Meta may be violating the EU Digital Services Act (DSA) by failing to address deceptive advertising and political content, the European Commission said Tuesday. The EC is also concerned about Meta's decision, before the June European Parliament elections, to reduce use of CrowdTangle. The tool enables researchers, journalists and civil society to conduct real-time election monitoring. Meta did not announce a replacement for CrowdTangle. The EC also suspects that Meta's mechanism for flagging illegal content on Facebook and Instagram, and its user redress and internal complaint systems, don't comply with the DSA. Meta, Facebook and Instagram were designated Very Large Online Platforms as they have more than 45 million monthly active users in the EU (see 2311100001). Meta has "a well-established process for identifying and mitigating risks on our platforms," said a spokesperson. The company will give the EC more details, he added. Opening formal investigations into Facebook and Instagram's compliance with the DSA, and the April 29 designation of Apple's iPadOS as a gatekeeper under the Digital Markets Act are good news, Agustin Reyna, European Consumer Organisation director-legal and economic affairs, said in an email. These decisive EC actions show that the measures "must be complied with in an effective way."
The public can comment through June 2 on the National Institute of Standards and Technology’s continued efforts to improve the safety and trustworthiness of AI systems, Commerce Secretary Gina Raimondo announced Monday. NIST issued four draft documents in support of President Joe Biden’s executive order on AI. The first draft document seeks comment on mitigating risks related to generative AI. This includes AI tools for accessing chemical, biological and nuclear weapons. The agency is interested in risks associated with cybersecurity attacks and AI-driven hate speech. NIST is gathering feedback for a second draft document analyzing how data is used to train AI systems, particularly when technology is used for malicious purposes such as the perpetuation of human bias. The agency is studying technical approaches for identifying AI-created fake content. Detection methods include digital watermarking and metadata recording. A fourth NIST document outlines approaches for global development and implementation of AI standards for detecting AI content. NIST is “working hard to research and develop the guidance needed to safely harness the potential of AI, while minimizing the risks associated with it,” said Raimondo.
The White House doesn’t want a TikTok ban, its goal is protecting the privacy of American users, Press Secretary Karine Jean-Pierre told reporters Thursday. She and National Security Adviser Jake Sullivan held a news briefing on the foreign aid package President Joe Biden signed into law Wednesday (see 2404240060). “This is not a ban” of the popular Chinese-owned social media app, Jean-Pierre said. "This is about divestment. This is about our national security. We are not saying that ... we do not want Americans to use TikTok. ... We want to make sure that Americans are protected.” Sullivan was asked if Biden’s campaign or other political entities should use TikTok. He said the administration is focused on implementing the new law in a manner consistent with its national security justification. “I'm going to let campaigns decide for themselves what they're going to do.”
Two formal proceedings against TikTok demonstrate the EU's priority for protecting minors online under the Digital Services Act, EC officials said Monday during a briefing. TikTok, which the EC designated a Very Large Online Platform under the DSA, must submit a risk assessment report, including mitigation measures for potential systemic risks, before launching apps that are likely to affect those risks, the EC noted. In February, it opened a first DSA noncompliance case against the Chinese company that owns TikTok to gauge whether it breached the law in areas linked to protection of minors, advertising transparency, data access for researchers and risk management of addictive design and harmful content; that probe continues. On Monday, it filed a second proceeding, this one to determine whether the company violated the act when it launched TikTok Lite in France and Spain in March. The issue, EC officials said, is that TikTok Lite creates a financial incentive for users, particularly minors and vulnerable people, to spend extra time on the site. An EC request for an explanation of what TikTok was doing before it launched the app went unanswered, and the required risk assessment wasn't filed. The platform has until today (April 23) to provide the risk assessment and until May 3 to send additional information requested. TikTok's reward program appears to amount to prima facie infringement of the DSA and a threat to users' mental health, the EC said. The "task and reward" system lets users earn points as they view more content, invite friends and like content, for example. After accumulating points, they can convert them into vouchers. The system is designed to keep users on the service as long as possible, EC officials said. The EC ordered TikTok to suspend the Lite rewards program in the EU. The suspension, which could take place as early as Thursday, will go into effect if warranted after the company has had 48 hours to exercise its right of defense under the DSA. The two proceedings are the first to take advantage of enforcement tools available under the DSA, officials noted. DSA authorities in France, Spain and Ireland conducted the investigation. Ireland is TikTok's European headquarters. The penalty for failure to respond to the EC request for information is up to 1% of total annual income; the fine for failing to suspend TikTok Lite is up to 6% of total annual income. "We are disappointed with this decision," emailed a TikTok spokesperson. "The TikTok Lite rewards hub is not available to under 18s, and there is a daily limit on video watch tasks." The company will continue talks with the EC, the spokesperson added.
The New York legislature agreed to spend $275 million over 10 years to develop an AI computing center at the University of Buffalo, Gov. Kathy Hochul (D) announced as part of the fiscal 2025 budget, as expected (see 2401080047). Private partners pledged an additional $125 million. “Whoever is at the forefront of artificial intelligence will dominate the next chapter of human history – and I’m committed to seizing that opportunity here in New York,” said Hochul.