A U.S.-built biometric system sparks concerns for Afghans | South Korea forces Google and Apple to allow third-party in-app payments | Australian powers to spy on cybercrime suspects given green light

Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.

• A biometric system containing the personal information of millions of Afghans is sparking concern among human rights advocates who worry it could be used by the Taliban to identify and potentially harm people who worked with the U.S.-backed Afghan government or international organizations that promoted women’s rights. NBC News

• South Korea legislators on Tuesday approved the first law in the world that requires app stores to let users pay for in-app purchases through multiple payment systems, a blow to the market dominance of Apple and Google, which opposed the bill. The New York Times

• A government bill to create new police powers to spy on criminal suspects online, disrupt their data and take over their accounts has been passed with the support of Labor. The identify and disrupt bill passed the Senate on Wednesday, despite concerns about the low bar of who can authorise a warrant, and that the government failed to implement all the safeguards recommended by the bipartisan joint committee on intelligence and security. The Guardian

ASPI ICPC

China’s vulnerability disclosure regulations put state security first
The Strategist
@D_Thorne @He_Shumei
On 1 September, new regulations will come into effect in China that tighten the requirements for reporting security vulnerabilities in network products (pertaining to ‘weaknesses or flaws’ in ‘software, hardware, or organizational processes’) to the government. When they were first published in July, the Regulations on the Management of Network Product Security Vulnerabilities incited a flurry of commentary about Beijing’s intentions. For example, some posited that the regulations would enable the government to ‘stockpile zero-days’, while others said the party-state might seek to ‘weaponize any discovered security vulnerabilities’. The regulations do create space for opportunistic offensive action, but they also have a defensive intent that has been largely overlooked.

Australia

Australian powers to spy on cybercrime suspects given green light
The Guardian
@Paul_Karp
A government bill to create new police powers to spy on criminal suspects online, disrupt their data and take over their accounts has been passed with the support of Labor. The identify and disrupt bill passed the Senate on Wednesday, despite concerns about the low bar of who can authorise a warrant, and that the government failed to implement all the safeguards recommended by the bipartisan joint committee on intelligence and security.

University students will be trained to spot foreign interference
The Age
@LisaVisentin
University students will be trained to spot foreign interference threats on campus and report them to authorities under proposed new rules aimed at significantly beefing up universities’ responsibilities for countering Chinese government influence on campuses. Academics and students involved in research collaborations with overseas institutions will also get specific training on how to “recognise, mitigate and handle concerns of foreign interference”, following security agencies’ concerns about critical research being stolen… The University of Technology Sydney, for example, updated its orientation program for international students this semester to include guidance on acceptable behaviour and how students could report intimidation or surveillance by other students.

China

Xi Jinping says Big Tech crackdown is making progress, calls for Communist Party to ‘guide’ companies
South China Morning Post
@shenxinmei
Beijing’s campaign to “prevent the irrational expansion of capital” and address “barbarous growth” in China’s technology sector is beginning to bear fruit in the wake of an accelerated antitrust campaign targeting internet platforms, Chinese President Xi Jinping said at a central leadership meeting on Monday afternoon.

With new privacy law, China could reshape cross-border data rules similar to Europe’s GDPR
South China Morning Post
@therealjoshye
China’s new privacy law, which takes effect in November, will have far-reaching implications for how companies that do business in the country handle cross-border data, possibly helping Beijing establish global standards for data management, according to legal experts.

USA

Biden administration aims to cut costs for solar, wind projects on public land
Reuters
@nicholagroom @ValerieVolco
The Biden administration plans to make federal lands cheaper to access for solar and wind power developers after the clean power industry argued in a lobbying push this year that lease rates and fees are too high to draw investment and could torpedo the president's climate change agenda.

Thousands of posts around January 6 riots go missing from Facebook transparency tool
POLITICO
@markscott82
Scores of Facebook posts from the days before and after the January 6 Capitol Hill riots in Washington are missing. The posts disappeared from Crowdtangle, a tool owned by Facebook that allows researchers to track what people are saying on the platform, according to academics from New York University and Université Grenoble Alpes.

CISA and FBI urge organizations to remain vigilant to ransomware threats on holidays, including this labor day
CISA
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a cybersecurity advisory today to highlight precautions and mitigation steps that public and private sector organizations can take to reduce their risk to ransomware and other cyber attacks, specifically leading up to holidays and weekends. This advisory is based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting.

North Asia

South Korea forces Google and Apple to allow third-party in-app payments
The New York Times
Jin Yu Young
South Korea legislators on Tuesday approved the first law in the world that requires app stores to let users pay for in-app purchases through multiple payment systems, a blow to the market dominance of Apple and Google, which opposed the bill.

• Google, Apple Hit by First Law Threatening Dominance Over App-Store Payments
  The Wall Street Journal
  @jiyoungjsohn
  South Korea will require the companies to allow competing payment systems, threatening their 30% cut of most in-app digital sales.

NZ & Pacific Islands

PM Bainimarama: Fiji will continue to improve digital connectivity in agriculture
The Fiji Times
Timoci Vula
Fiji will continue to work on improving digital connectivity in the agricultural sector. Prime Minister Voreqe Bainimarama said this will be done through universal access to high-speed internet networks and broadband until all areas of Fiji were digitally connected.

South & Central Asia

A U.S.-built biometric system sparks concerns for Afghans
NBC News
@aprilaser
A biometric system containing the personal information of millions of Afghans is sparking concern among human rights advocates who worry it could be used by the Taliban to identify and potentially harm people who worked with the U.S.-backed Afghan government or international organizations that promoted women’s rights.

• This is the real story of the Afghan biometric databases abandoned to the Taliban
  MIT Technology Review
  @eileenguo @noori1st
  By capturing 40 pieces of data per person—from iris scans and family links to their favorite fruit—a system meant to cut fraud in the Afghan security forces may actually aid the Taliban.

Europe

Google, Facebook, Microsoft top EU lobbying spending - study
Reuters
@FooYunChee
Alphabet Inc’s Google unit, Facebook Inc and Microsoft Corp are the three biggest lobbying spenders in Europe in a battle against tough new laws aimed at curbing U.S. tech giants’ powers, a study released on Tuesday showed.

• The lobby network: Big Tech's web of influence in the EU
  Corporate Europe Observatory
  As Big Tech’s market power grew, so did its political clout. Now, as the EU tries to rein in the most problematic aspects of Big Tech – from disinformation, targeted advertising to unfair competition practices – the digital giants are lobbying hard to shape new regulations.

Americas

Quebec could make changes to vaccination passport after flaws in system exposed
CBC News
Quebec could make obtaining QR code more complex in response to breaches, minister says.

Five Big Problems with Canada’s Proposed Regulatory Framework for “Harmful Online Content”
Tech Policy Press
The Department of Canadian Heritage has proposed a new legal framework to deal with “harmful” content. The framework would establish new regulatory entities with broad authority over speech and information shared on platforms like Twitter or Facebook. The rules it creates for platforms sound good on paper, but that’s about it. They disregard international experience with past laws and similar proposals around the world, as well as recommendations from legal and human rights experts inside and outside of Canada.

Misc

The Silent Partner Cleaning Up Facebook for $500 Million a Year
The New York Times
@satariano @MikeIsaac
The social network has constructed a vast infrastructure to keep toxic material off its platform. At the center of it is Accenture, the blue-chip consulting firm.

Scoop: Facebook's new moves to lower News Feed's political volume
Axios
@sarafischer
Facebook plans to announce that it will de-emphasize political posts and current events content in the News Feed based on negative user feedback, Axios has learned. It also plans to expand tests to limit the amount of political content that people see in their News Feeds to more countries outside of the U.S.

A popular smart home security system can be remotely disarmed, researchers say
TechCrunch
@zackwhittaker
A cybersecurity company says a popular smart home security system has a pair of vulnerabilities that can be exploited to disarm the system altogether. Rapid7 found the vulnerabilities in the Fortress S03, a home security system that relies on Wi-Fi to connect cameras, motion sensors and sirens to the internet, allowing owners to remotely monitor their home anywhere with a mobile app. The security system also uses a radio-controlled key fob to let homeowners arm or disarm their house from outside their front door.

SEC fines brokerage firms over email hacks, customer data exposure
CyberScoop
@timstarks
The Securities and Exchange Commission has fined several brokerages a total of $750,000 for exposing the sensitive personal information of thousands of customers and clients after hackers took over employee email accounts.

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection
Threat Post
Elizabeth Montalbano
Researchers discovered a novel ransomware emerging on the heels of the ProxyShell vulnerabilities discovery in Microsoft Exchange servers. The threat, dubbed LockFile, uses a unique “intermittent encryption” method as a way to evade detection as well as adopting tactics from previous ransomware gangs.

Here's How the Post Office's Internet Cops Describe Themselves
VICE
@josephfcox
The Postal Inspection Service says its Analytics Team's mission "is to identify and develop intelligence on targets operating on the clear and dark webs."

Research

No Access: LGBTIQ Website Censorship in Six Countries
Citizen Lab
This report is focused on the following countries: Indonesia, Malaysia, Iran, Russia, Saudi Arabia, and the United Arab Emirates (UAE). These countries are known for having some of the most challenging environments for the promotion and protection of human rights in the world. In addition to repressive laws, non-democratic rule, and lack of transparency and accountability, online censorship in these jurisdictions hampers the efforts of civil society who are fighting to create a more equal and just society. Furthermore, as LGBTIQ people often must contend with stigma, as well as societal, religious, or family condemnation, censorship increases their isolation and inhibits efforts to publicize rights violations and abuse. Nonetheless, LGBTIQ individuals continue to press forward in fighting for equality and mobilizing others in their community despite risking fines, assault, or imprisonment.

Disinformation, stigma and Chinese diaspora: policy guidance for Australia
First Draft
@estherswchan @stephszh
An examination of the social media landscape of the Chinese diaspora in Australia — the largest in Oceania — provides a useful case study for policymakers ahead of the next federal election. Findings aim to inform solutions to support and seek support from Chinese diaspora communities.

Events

Ariel Bogle @arielbogle

I will be talking about my recent report on Australian far-right fundraising tomorrow at the University of Canberra (online, of course). Monero, Buy Me a Coffee, crowdfunding and all the rest. Details here if of interest: https://t.co/utRpu6CTOV

Ariel Bogle @arielbogle

Hello! My report 'Buying and selling extremism' is out today. It looks at some of the online funding tools associated with the far-right content ecosystem in Australia. Cryptocurrencies like privacy coin monero, of course, but a lot more 👇 https://t.co/SSFiUAu3oa

10:48 PM ∙ Aug 31, 2021

---

Jobs

New ICPC Program on Critical Technologies - 3 positions
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for three exceptional and experienced senior analysts and analysts to join its large team from October 2021. These new roles will focus on original research, analysis and stakeholder engagement centred around international critical technology development, including analysis of which countries are leading on what technologies.

ICPC Pacific Islands Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has an outstanding opportunity for a talented and proactive Pacific Islands analyst who will work with the Centre’s information operations and disinformation program. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by actors in the Pacific Islands region. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies. Candidates must have a demonstrated background in, and strong knowledge of, the Pacific Islands region, including the region’s digital, media and social media landscape.

ICPC Analyst & Project Manager - Coercive diplomacy
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an Analyst and Project Manager to manage, and help lead, a project on coercive diplomacy in the Indo-Pacific region. This new role will focus on analysis, workshops and stakeholder engagement centred around coercive diplomacy, including how countries in the Indo-Pacific can work together to tackle this complicated policy challenge. Candidates must have excellent coordination, project management and stakeholder engagement skills.