Last Week in Tech Policy #65: Fake News, Real Concerns

(by John Schoppert, Colorado Law 3L)

On Friday, February 16th, Special Counsel Robert Mueller announced the indictment of 13 Russian nationals on charges of conspiracy to defraud the United States. The announcement serves as the latest development in Mueller’s investigation into potential collusion between the Kremlin and the Trump campaign during the 2016 presidential election. More concretely, it provides further evidence that Russian operatives played a critical role in disrupting the 2016 election atop near-unanimous consensus among American intelligence agencies.

The indictments track the work of a so-called “troll factory” located in St. Petersburg, which designed and deployed divisive content over social media platforms to encourage collaboration within extreme groups online. More specifically, Russian operatives stole the identities of American citizens, posed as political activists, created posts affiliated with extreme ideologies and paid individuals to locally organize protests and rallies. While many debate over whether the Russians pushed for any one candidate over the other—as opposed to creating chaos more generally—based on internal documents, it appears that disruptive efforts were aimed at supporting the campaigns of Donald Trump and Bernie Sanders, and undermining that of Hillary Clinton.

Continue reading “Last Week in Tech Policy #65: Fake News, Real Concerns”

Last Week in Tech Policy #63: War Games: Nuclear Deterrence Against Cyberattacks

(by Alex Kimata, Colorado Law 3L)

Could a massive cyber attack start a nuclear war?  Early in February, after weeks of rumors, the Department of Defense released the 2018 Nuclear Posture Review and alluded to the idea that for the first time cyberattacks could be met with nuclear deterrence.

Continue reading “Last Week in Tech Policy #63: War Games: Nuclear Deterrence Against Cyberattacks”

TLPC Files Three DMCA Comments for Disability Services, Multimedia E-Books, and Security Research

Today, TLPC student attorneys filed three long form comments with the Copyright Office as part of the seventh triennial Section 1201 proceeding. Under Section 1201 of the DMCA, parties may petition the Copyright Office every three years to create or update exemptions when the DMCA adversely affects noninfringing activities.

Sophia Galleher filed a comment to enable better access to films and other copyrighted works for people with disabilities. Susan Miller and Angel Antkers, along with colleagues at the UC Irvine Intellectual Property, Art, and Technology (IPAT) Clinic, filed a comment to enable artistic expressions like fan fiction by expanding the allowed uses of multimedia e-books. Elizabeth Field and Justin Manusov filed a comment to better protect good faith security researchers.

Continue reading “TLPC Files Three DMCA Comments for Disability Services, Multimedia E-Books, and Security Research”

Last Week in Tech Policy #58: An Artificial You

In 2016, a group from Niessner Lab in Germany published a groundbreaking achievement in the world of computer facial manipulation. Their new technology, called Face2Face, captures one person’s facial expressions as they talk into a webcam and maps those facial expressions directly onto a separate individual’s face in real-time. In essence, this means that you can take a video of anyone and make their face show any expression you’d like. For example, in a demonstration video, footage of Vladimir Putin giving a serious speech becomes a video of him smiling, then frowning, with eyebrows up and then down.

Continue reading “Last Week in Tech Policy #58: An Artificial You”

Last Week in Tech Policy #57: Medjacking

(by Justin Manusov, Colorado Law 3L)

Hacking. Tapping. Cracking. Medjacking.

In the TV show Homeland episode Broken Hearts, a CIA informant  is forced to retrieve a serial number that corresponds to the American Vice President’s pacemaker. A terrorist gains access to the VP’s pacemaker, accelerates his heartbeat and induces a heart attack.

Former Vice President Dick Cheney revealed that when he had a device implanted to regulate his heartbeat in 2007, he had his doctors disable its wireless capabilities to prevent a possible assassination attempt.

The health IT community is beginning to take medjacking seriously.

Continue reading “Last Week in Tech Policy #57: Medjacking”

Last Week in Tech Policy #54: Challenges of Apprehending and Combating Cybercriminals

(by Jordan Demo, Colorado Law 2L)

The recent Equifax breach affecting approximately 143 million people has left many to call for justice—but justice for whom? After-the-fact investigations have tended to focus on whether the targeted entities took sufficient or reasonable measures to protect their systems. But what is the process for bringing attackers to justice? How are attackers who take the personal information of companies and individuals held accountable? What can be done to help deter this kind of behavior?

Continue reading “Last Week in Tech Policy #54: Challenges of Apprehending and Combating Cybercriminals”

Last Week in Tech Policy #53: Equifax and Data Breach in the Modern Era

(by Susan Miller, Colorado Law 2L)

A cyberattack on Equifax, a consumer credit reporting agency, was announced last week. The breach was especially problematic for a variety of reasons:

  1. Equifax’s job is to gather and maintain sensitive personal information. Yet it learned of the breach in July but failed to inform the public of the breach until September, taking more than two months to give consumers notice of the breach.
  2. The breach put the personal information of 143 million Americans, nearly one-third of the entire population, at risk. This personal information includes names, social security numbers, birth dates, addresses, driver’s license numbers, and in some cases, credit card numbers.
  3. Three Equifax executives sold their stock days only days after the company learned of the attack and before the public was notified.

Equifax is offering free credit monitoring and, thanks to angry consumers, waived fees for setting up credit freezes through Equifax.

Continue reading “Last Week in Tech Policy #53: Equifax and Data Breach in the Modern Era”

Last Week in Tech Policy #48: Playpen and Government Hacking

(by Sergey Frolov, University of Colorado Computer Science Ph.D candidate)

In the U.S., it is illegal to produce, distribute, and possess child pornography. Playpen is a now-defunct child pornography website. The FBI managed to trace the site’s operators, then obtained a warrant and seized the web server on which the site ran.

However, instead of shutting the server down immediately, the FBI continued to operate Playpen for an additional 13 days. During that time, according to the Electronic Frontier Foundation, the FBI sent malware to visitors to the site in order to identify and prosecute them for possession of child pornography.

Continue reading “Last Week in Tech Policy #48: Playpen and Government Hacking”

Autonomous Vehicle Cybersecurity Threats: Physical Layer Jamming and Spoofing Attacks

(by Zach Goldberg, TLPC Student Attorney)

Over the past month, the TLPC has researched autonomous vehicle technology and its susceptibility to physical layer cyber attacks, with the aim of encouraging research and development efforts to counteract such threats. We sought to gain deeper understanding of the communication systems that enable autonomous vehicle technology, the vulnerabilities of these systems to jamming and spoofing attacks, and possible defenses against such attacks. We explore these issues in the attached comment, filed in the National Highway Traffic Safety Administration’s latest proceedings relating to autonomous vehicle safety and vehicular cyber security.

Autonomous Vehicle Jamming and Spoofing Comment

Last Week in Tech Law & Policy, Vol. 36: Another Yahoo! Data Breach? Personal Consumer Information and the U.S. Government’s Intelligence Collection Practices

(by Zachary Goldberg, Colorado Law 2L)

Apparently Yahoo waited two full months to disclose to its customers the largest consumer data breach in history, which Yahoo officials claim went undetected for two full years

On September 22, 2016, Yahoo officials announced that 500 million of its customers’ email accounts were hacked in 2014. The Yahoo security team believes that “state-sponsored hackers” somehow managed to penetrate Yahoo’s system to target its email users’ identifying information, passwords, and security question responses. At this stage in their investigation, Yahoo officials have not indicated precisely when they discovered the breach, and they know neither specific details as to who orchestrated it, nor how they gained access to Yahoo’s email system.

Continue reading “Last Week in Tech Law & Policy, Vol. 36: Another Yahoo! Data Breach? Personal Consumer Information and the U.S. Government’s Intelligence Collection Practices”