The world just received the newest pronouncement from the EU Court of Justice, in a decision known as Schrems II, and the legal opinion extends the data war declared on the United States in the first Schrems decision. Interpreting these decisions together, European privacy regulators are beginning to suggest that there will be no practical manner of transferring EU to the US that meets EU data privacy requirements.

If the Schrems II decision truly leads to a stoppage of data traffic from Europe, 1) this would be a logical conclusion to the dangerous, unnecessary and unprincipled arguments asserted in Schrems I, and 2) it could be disastrous to commerce between two of the worlds largest trading partners.

The Current Decision. Schrems II invalidated the EU/US Privacy Shield program that many US companies use to demonstrate compliance with EU data laws, leaving a scant few options within the control of U.S. companies wishing to serve EU customers not all of them practical. And the court in Schrems II even raised significant questions on the legally authorized methods of transfer that remained.

Many company data transfers from the EU to the US are effectuated under the Standard Contract Clauses approved for foreign data access by the EU. While the court in Schrems II upheld these clauses as valid, it also threw a wrench in the works, demanding that exporting parties must account for the relevant aspects of the data importers legal system, in particular any access by public authorities to the data transferred. If the exporter cannot guaranty a level of data protection that would be approved by the EU, the exporter is required to terminate the transfer and possibly be required to terminate the entire contract with the receiving party.

So the EU court is forcing all data controlling businesses to assess the trustworthiness of the U.S. government before any relevant transaction. How does that work? The Court of Justice has specifically held that the US government cant be trusted to keep its hands off of EU data, so are businesses supposed to find otherwise? Or do companies wait for their local Data Protection Authority to opine on the matter? In addition, the Court of Justice is requiring companies to breach their commercial contracts based on their evaluation not just of the data protection regime of the contracting company but of the U.S. government. Expect extensive litigation if this requirement is followed in real life (and EU regulatory attacks if it isnt).

Who decides whether regular commerce can be conducted with the U.S. now that the Court of Justice has allowed for use of Standard Contract Clause, yet thrown shade on whether the behavior of the U.S. government may invalidate the effectiveness of the clauses? Keep in mind, that unlike the U.S., the EU has a broad and deep privacy-focused system of city, state and national government bureaucracies who interpret and enforce the data laws. Already, some of these bodies are warning that Schrems II no longer allows transfers of data to the U.S., even under the Standard Contract Clauses.

The Data Commissioner in Berlin suggests that local companies storing personal data in the US immediately transfer the data to Europe and stop sending EU personal data to the US under current US law. The Hamburg data authority welcomed Schrems II castigation of the U.S. and wrote that the Standard Contract Terms are equally unsuitable to the Privacy Shield. The Dutch authority states that the clauses were ruled valid, but also notes they are only valid in places that adequately protect data under EU standards and the U.S. is not such a place. Even Ireland, where many U.S. tech companies are headquartered or have a significant corporate presence, saw its data protection commissioner question whether the Standard Contract Teems or other transfer mechanisms were still available for transfers to the U.S. OneTrust publishes a chart of EU Data Protection Authority reactions to Schrems II, complete with links, as does the IAPP.

Many of the various data protection authorizes wrote in a more business-friendly and conciliatory tone, including the UK, which stands in sort of legal data limbo in regard to EU policy after Brexit. But the logic of Schrems II is unavoidable: the U.S. government is willing and able to access private data, so EU data should not be placed in its clutches.

Schrems I. Shutting off all data EU personal data access to the U.S. follows the clear logic of conclusions offered by the Court of Justice in its first Schrems decision back in 2015. The first Schrems decision killed the EU/U.S. safe harbor system, a leaner predecessor to the Privacy Shield, and while it did not specifically address other forms of data transfer to the U.S., the decision clearly condemned the U.S. government for aggressively protecting its ability to access personal data.

Schrems I was written in the aftermath of Edward Snowdens disclosures about the depth of spying and data analysis performed by the United States government. The decision reads like the most intentionally boring temper tantrum ever put to paper. Buried deep in the midst of thousands of words of legal citation and analysis, the court found that the United States could not ensure that EU data residing in the U.S. would not be accessed for government reasons. It conceded that Mr. Schrems had no evidence that the NSA had accessed information about him, but noted that Edward Snowden had demonstrated a significant over-reach on the part of the NSA and other federal agencies. The court threw out the data privacy safe harbor because it found the U.S. government could access data beyond what was strictly necessary and proportionate to the protection of national security.

This decision was troublesome on multiple levels. The court could easily have invalidated the safe harbor simply for not being enforced effectively the safe harbor wasnt or for not providing EU citizens a practical appeal mechanism the safe harbor didnt. Decisions on these grounds would have restricted damage to only the safe harbor, which was quickly renegotiated to address some of these concerns. However, by speaking down from its high horse judging the U.S. governments anti-terrorism activity to be significant over-reach the court essentially questioned any method of transferring data to the U.S. If the government of the United States is hell-bent on data over-reach, nothing a U.S. company could do in contract terms or binding corporate rules could counter this deficiency from a European perspective. So the natural conclusion would be that no personal data should flow from the EU to the U.S.

This logic is dangerous in that it threatens the core of billions of Euros of commerce between the EU and U.S., and it is unnecessary because the same safe harbor invalidating result could have been reached based on a narrower set of reasons. It is also hypocritical and unprincipled because the security services of EU member countries were (and are) taking the same actions toward foreign (and probably local) data as the United States was taking. Immediately after the Schrems I decision was released, the French government enacted a new surveillance law similar to the USA PATRIOT Act that had so disturbed the EU Court of Justice.

According to Vox, the French law allows law enforcement to surreptitiously install keyloggers on suspects computers and requires Internet service providers to install black boxes that are designed to vacuum up and analyze metadata on the Web-browsing and general Internet use habits of millions of people using the Web and to make that data available to intelligence agencies. And the law allows the government to deploy what are called ISMI catchers to track all mobile phone communications in a given area. These catchers are basically designed to impersonate cell towers, but they intercept and record communications data from phones within its range, and can also track the movements of people carrying the phones. This is the very definition of collecting data indiscriminately beyond what is strictly necessary and proportionate to the protection of national security.

According to Human Rights Watch the French law provides little political oversight to police and vague triggers to its application. Sounds like over-reach to them, but apparently not to the EU Court of Justice, who has not questioned allowing personal data to be housed in France. I have not researched other EU member nation surveillance activities from the UKs millions of CCTV cameras to the Belgian general requirements for data to be held by providers for law enforcement but I am certain dozens of examples could be mined of anti-terror (or even politically-based) surveillance that deeply resemble what the Court of Justice decries about the U.S. system.

Political/Business Purposes? So what is the end-game? If the EU stops allowing personal data transfers to the US, what happens to this data? Maybe Europe is moving toward a method to keep the data under its own control. Politico reports that Germany and France have launched a platform of trusted cloud providers called Gaia-X. Launched in June with the backing of Berlin and Paris, Gaia-X is one of Europes most far-reaching attempts to assert sovereignty over how its data is stored and protected. The program seeks to give EU companies and edge over U.S. and Chinese cloud providers. 22 French and German companies and organizations are founding members of the project and they will write the projects by-laws and policy rules.

While Gaia-X currently involves some non-EU based cloud providers, its function seems be promotion of home-grown solutions. The Schrems logic judging the U.S. inadequate on a standard the EU courts are unwilling to apply to its own governments may be the basis of building an EU-based cloud for EU information.

Maybe the EU just plans to invalidate negotiated agreements with the U.S. twice each decade and then replace them with something more to Europes liking. Maybe it simply hasnt considered (or cared about) how law-abiding companies suffer when the EU changes the size and location of the goal posts at regular intervals during the match. Or maybe the EU just wants to build its own cloud industry with EU data and assistance from the regulators.

Data localization may be the next step.

Original post:
The Logical Conclusion to an Illogical Conclusion: Schrems May Forbid Data Commerce from the EU to the US - Lexology

Buchanans handy book offers a substantial and measured history of cyberattacks in recent decades. Buchanan traces the progression of hacking operations beginning with the early efforts of the U.S. National Security Agency and the United Kingdoms Government Communications Headquarters, or GCHQ, agencies that intercept all sorts of communicationsincluding those of supposedly friendly governments. Many countries now engage in hacking in the pursuit of their national interests. The joint U.S.-Israeli operation that transmitted the Stuxnet virus that sabotaged centrifuges in Iran was discovered in 2010. Russia easily shut down Ukraines energy supplies through hacking in 2016 and famously meddled in the U.S. presidential election that same year by hacking the email accounts of Democratic Party officials and the chair of Hillary Clintons campaign. China has used hacking for the purposes of industrial sabotage. The 2013 revelations of the former NSA contractor Edward Snowden showed how Western governments did their spying. Despite the growing ubiquity of cyberattacks, Buchanan also highlights their limits as a means of coercion or as a way of sending a message.

Loading...Please enable JavaScript for this site to function properly.

View original post here:
The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics - Foreign Affairs

An amendment that would codify the Federal Risk and Authorization Management Program, with some major new stipulations, is one of several areas where the next National Defense Authorization Act could shake up technology policy across the federal government and private industry.

Lawmakers again took the opportunity to attach all manner of amendments that affect agencies and programs outside the Defense Department to what is considered must-pass legislation.

Both chambers passed their versions of the annual authorization bill in July, and the House and Senate Armed Services Committees must now work in conference to iron out the differences in the two final bills. The White House already issued a July 21 veto threat for the House version, including an objection to a provision to rename military installations commemorating members of the Confederacy. The Senate version passed with similar language, though the vote came in at 86-14a veto-proof majority.

Here is a sample of what each side is bringing to the table to govern emerging technology opportunities and challenges now that the dust has settled from the amendment storm.

FedRAMP Reconstruction and Modernization

The House NDAA includes the full text of the FedRAMP Authorization Act, which passed the House in February, as an amendment from Rep. Gerry Connolly, D-Va., chairman of the House Subcommittee on Government Operations.

Through FedRAMP, instituted by the General Services Administration, cloud service providers can obtain certificates of security through a joint authorization board that theoretically pre-approves them to fulfill contracts across the government. But, the streamlining ambition has not been fully realized as individual agencies have their own security review avenues.

The Connolly measure would establish FedRAMP in statutes and deliver a lot of what industry has been asking for in the way of reciprocity for security validations from one agency to another.

There shall be a presumption of adequacy regarding the JABs authorization to operate, reads the legislations instruction to the heads of federal agencies.

The bill also calls for the administrator of GSA to hire staff as needed for a program management office in order to implement measures to automate the process and establish continuous monitoring. GSA is already moving in this direction. And the Defense Department, which has already committed to FedRAMP reciprocity, is leading its own revolution in facilitating continuous authority to operate. Bringing the rest of the federal government legally into the fold has significant implications for broader cloud adoption.

The standalone House-passed bill was referred to the Senate Homeland Security and Governmental Affairs Committeeanother avenue for it to eventually become law.

Connolly also squeezed in an amendment that would make permanent a pilot program at the U.S. Patent and Trademark Office initiated under the Telework Enhancement Act of 2010.

Agencies in general should consider how cloud migrationalong with artificial intelligence and better modeling and simulation meansmight factor into plans they would have to submit to the National Telecommunications Information Administration for more efficient spectrum management. Incumbent federal users of the nations airwaves are under pressure to release more of the finite resource for commercial purposes, and section 1084 of the Senate bill includes a plan for the agency to incorporate modernized infrastructure in its work administering it.

From Phone to Drone, More Bans on China-Based Tech

The fear of China dominating the U.S. through emerging technology is a central theme of the NDAA in both chambers.

An amendment included by Rep. Tom Malinowski, D-N.J., would buttress actions the Commerce Department took July 20. Commerce added 11 Chinese companies to its Entities List, forbidding U.S. engagement with them on account of human rights violations involving ethnic minority Uighers. President Trump has made the Commerce Department reverse such a listingagainst Chinese telecom ZTE in the past. Other successful amendments would bar federal employees from installing the recreational video application TikTok on government-issued devices and stop federal agencies from procuring foreign-made drones that threaten national security, including those from China.

TikTok critics fear its ownership by Chinese company ByteDance can help facilitate massive data collection by Beijing. A bill introduced by Sen. Josh Hawley, R-Mo., banning use of the app on federal devices passed unanimously through the Committee on Homeland Security and Governmental Affairs July 22. Rep. Ken Buck, R-Colo. attached an amendment with the same goal to the House NDAA. While President Trumps larger moves against TikTok will likely face legal challenges, the NDAAs coming instructions for the federal workforce on the issue seem in place.

Federal agencies use unmanned aircraft systems for cartography, surveillance and in emergencies to provide disaster relief and conduct search and rescue missions. Some authorities are using drones, which can be equipped with thermal sensors and megaphones to enforce social distancing during the pandemic. But more than 70% of the drones being sold in the U.S. are produced by the Chinese company DJI, which reportedly donated 100 drones to 43 agencies and 22 states.

Drone watchers would have seen such a ban coming. In October 2019, the Department of Interior grounded all of its newly acquired DJI drones. The Department of Homeland Security had earlier warned the private sector their data was vulnerable if they used the Chinese drones, and the Defense Department had stopped troops from using them too.

An amendment included in the House NDAA by Rep. Mike Gallagher, R-Wis., co-chair of the esteemed Cyberspace Solarium Commission, would apply the procurement ban across the federal government.

The Solarium Commission Wants a National Cyber Director

Two years ago, the 2019 NDAA established the nonpartisan Cyberspace Solarium Commissioncomprising members of Congress, the administration and the private sectorto come to an agreement about how the U.S. should defend against serious cyberattacks. In March, the commission revealed a comprehensive report of more than 80 recommendations with the express intention of making many of them law through this years NDAA process.

The commissions primary recommendation is the establishment of a Senate-confirmed national cyber director with an office within the Executive Office of the President. The individual would be the head cyber adviser to the president, coordinate defensive cyber strategy and policy across the government, and be the chief U.S. representative and spokesperson for cybersecurity. Sen. Angus King, I-Maine, co-chair of the commission said the position would provide the president with one throat to choke and encourage accountability.

But the Senate NDAA, stopped short of including the recommendation, calling instead for a report on whether it would be feasible. On the House side, commission member Rep. Jim Langevin, D-R.I., successfully attached an amendment with the recommendation to the bill. During a hearing of the House Oversight Committee on the Solarium Commissions proposal, some lawmakers withheld their support over concerns creation of the cyber directors officeto be staffed with about 75 full-time employeeswould be fiscally wasteful.

What Else the Solarium Commission Wants: Public-Private Partnership

Apart from the national cyber director, plenty of other Solarium Commission recommendations made it into the House and Senate NDAAs. The prospects for many of them look good, with similar language in both chambers bills. But the White House veto threat flagged language in a key cyber intel sharing provision.

The Solarium Commission is mostly betting on the public and private sectors working more closely together, especially as facilitated by the Homeland Security Departments Cybersecurity and Infrastructure Security Agency. In this vein, an amendment from Rep. Dutch Ruppersberger, D-Md., calls for a gap analysis at the agency to inform where it needs more resources, including personnel; amendments from Rep. Cedric Richmond, D-La., would institute a fixed five-year term with minimum requirements for the CISA director, establish a joint planning office for coordination on readiness among federal, state and local governments and critical infrastructure owners and operators, and require DHS to establish a cyber incident reporting program; and a Langevin amendment would give CISA the authority to subpoena internet service providers for identifying information of customers that appear to be under cyberattack so they can be warned. The subpoena authority is also included in the core text of the Senate NDAA.

An amendment from Rep. Sheila Jackson Lee, D-Texas, would also require the homeland security secretary to develop a strategy for all U.S.-based email providers to implement the Domain-based Message Authentication, Reporting, and Conformance standard. DMARC adherence has been mandatory for federal agencies since October 2017. The Solarium Commission argues the recommendation will scale the blocking of email from fraudulent domains and diminish the success of phishing attacks.

But there may be limits to all the proposed public-private collaboration at CISA. The White House takes issue with section 1631 of the House bill, which calls for the homeland security secretary to develop an information collaboration environment where private-sector stakeholders could access classified data, at the discretion of the secretary in consultation with the defense secretary. The White House advisers say the section does not adequately reflect the Director of National Intelligences statutory responsibility to protect intelligence sources and methods with regard to cybersecurity threat intelligence related to information systems operated by agencies within the Intelligence Community.

Other Solarium Commission recommendations included as House NDAA amendments authorize CISA to help federal agencies who ask for assistance in meeting Federal Information Security Modernization Act requirements and other agency functions, and to continuously hunt for cyber threats on the .gov domain.

In the Senate, an amendment included by Sens. Gary Peters, D-Mich., Ron Johnson, R-Wis., and Ben Sasse, R-Neb., tasks the president with creating a plan for the continuity of the economy in preparation for an event that severely degrades economic activity in the country, including a cyberattack. Under the amendment, the president must consult with the leaders of relevant agencies and economic sectors to come up with a plan to keep things running and submit it to Congress within two years. The plan would include consideration of ways to extend financial support to key participants in the economy.

Other Strictly Cyber Things: Cash, Workforce, States

Its challenging to find cybersecurity measures in the bills that arent somehow connected to the Cyberspace Solarium Commission. An amendment from Sen. Roger Wicker, R-Miss., chairman of the Senates Committee on Commerce, Science and Transportation, is the offshoot of a cybersecurity moonshot initiative, which the commission recommends investing in. It would crowdsource high-priority breakthroughs in cybersecurity by establishing prize challenges.

Another Wicker-led bipartisan measure included in the Senate bill is the Harvesting American Cybersecurity Knowledge through Education (HACKED) Act. This legislation would strengthen Americas cybersecurity workforce in both the public and private sectors by bolstering existing science education and cybersecurity programs within the National Institute of Standards and Technology, National Science Foundation, National Aeronautics and Space Administration, and the Department of Transportation, reads a press release on the bills introduction. It requires the NIST director to develop metrics to measure the success of federally funded cyber workforce programs based on their outcomes.

Language in the Senates NDAA also allows for the directors of the Office of Management and Budget and NIST to establish an exchange program where employees working in roles outlined in NISTs National Initiative for Cybersecurity Education could go between NIST and private sector institutions.

And from the Homeland Security and Governmental Affairs Committee, Sen. Maggie Hassan, D-N.H., sponsored an amendment in the bill that would require DHS to establish a federally funded cybersecurity coordinator in every state.

Authorizes Real Intelligence with 5G Virtualization and Whistleblower Rights

The Senates NDAA contains its entire Intelligence Authorization Act. The House Intelligence Authorization Act passed out of committee July 31. Members of the House and Senate Intelligence committees may also be brought into the conferencing process with members of the House and Senate Armed Services committees to reconcile differences.

Both intelligence authorization bills include a plan to enable competition against Chinese firms Huawei and ZTE in the development of fifth-generation networks. The idea is to eliminate reliance on the hardware those firms provide by turning their functions into independent software-defined operations. Various components of the network would be connected through open, interoperable interfaces, allowing a multitude of vendors to participate, instead of through proprietary links to the hardware. Among other things, the bills call for the authorization of $750 million over 10 years in appropriations to create a Treasury fund from which grants would be issued to develop the technology, and increased participation of U.S. entities in relevant standards-setting bodies.

The House and Senate Intelligence Authorization bills also both include protections for whistleblowers. Sen. Ron Wyden, D-Ore., was alone in voting against the Intelligence Authorization Act advancing out of committee, due to issues of overclassification of information in general. But in a statement following the vote he praised measures in the bill seeking to limit revocation of security clearances as reprisal for disclosures.

Sen. Mark Warner, D-Va., ranking member of the Senate Intelligence Committee, also highlighted the whistleblower protections, but included language that would require contracted employees to provide written consent for the federal government to share certain derogatory information about themselves with the chief security officer of their employer, as a condition of accepting a security clearance with the federal government. Warners spokesperson said this was to prevent the circulation of bad apples like Edward Snowden.

A Connolly amendment to the House NDAA would make it clear that whistleblower protections also apply to subcontractors and subgrantees for disclosures of gross mismanagement or waste of federal funds.

Industries of the Future

Speaking of funds, senators voted for the director of the Office of Science and Technology Policy to come up with a plan to double baseline investments in emerging technologies such as artificial intelligence and quantum information science by 2022 and to specifically increase civilian investments in such industries to $10 billion by 2025. The Senates NDAA leaves it up to the director to further define these industries of the future with the help of a designated government council, but there is a focus on physical, foundational technology components in both the House and Senate bills.

The Senate bill for example calls on the director of national intelligence to report on critical technology trends in the development of microchips, semiconductors and their related supply chains, in addition to artificial intelligence. It also outlines a semiconductor manufacturing incentive program, under which the commerce secretary would issue grants of up to $3 billion to entities that have a documented interest in constructing, expanding, or modernizing related facilities, for example. Rep. Doris Matsui, D-Calif., successfully attached identical language on the House side.

Artificial Intelligence Good, Deepfakes Bad

Lawmakers are smitten with artificial intelligence, but they also recognize the potential dangers of the technology.

The House NDAA includes the National Artificial Intelligence Initiative Act, a bipartisan measure introduced in March. Under the bill, the director of the Office of Science and Technology Policy would establish a coordination office to be known as the National Artificial Intelligence Initiative Office and the federal government would leverage its investments toward fulfilling the initiative. The energy secretary would determine the members of an advisory committee and in doing so, consider members of Congress, industry and academic institutions. Nonfederal members of the committee would have their travel and daily expenses paid.

The AI initiative would allow agency heads to fund research institutions. It specifically authorizes about $7 billion in appropriations over five years for Energy, the National Science Foundation and the NIST to partner with other parts of the government and the private sector on research on questions like how to ensure the technology is trustworthy.

The House NDAA would also create a national cloud for artificial intelligence research that Rep. Anna Eshoo, D-Calif., an original sponsor of the legislation, told Nextgov is needed because for the U.S. to maintain its global leadership in AI, researchers must be enabled to access high-power computing, large datasets, and educational resources.

Smaller efforts on the House side would also leverage artificial intelligence to help with addressing health issues affecting veterans through a research program at the Energy.

But lawmakers are especially wary of how artificial intelligence can be used in the creation of fake media. Famous examples include spurious videos of politicians, but the technology can also be used to forge documents and in other malfeasance.

An amendment from Rep. Derek Kilmer, D-Wash., would have the Science and Technology Directorate at DHS report on the state of digital content forgery technology, and one from the Rep. Yvette Clarke, D-N.Y., would instruct the director of national intelligence to report on the defense and military implications of deepfake videos.

Senators also want to know how deepfakes threaten U.S. national security, but theyre asking DHS to do an annual study on this.

Quantum Computing and Beyond

While were on the topic of overlapping report requests, the White Houses veto threat argues that work NIST is already doing on quantum computing technology would be undermined by the House bill asking the Defense Department to report on how the technology threatens national security.

But lawmakers are already also looking beyond the current reaches of the technology for ways it might help secure critical infrastructure. The Senate bill includes a provision requiring the administrator for nuclear security, in consultation with the energy secretary, to work through the National Academy of Science to review the future of computing beyond exascale computing to meet national security needs at the National Nuclear Security Administration.

New Rules for Acquisition

Last, but most certainly not least, both versions of the bill include a few provisions related to transparency and accountability in the way the federal government acquires its technology goods and services.

On the House side, an amendment from Rep. Jim Hagedorn, R-Minn., calls on the Small Business Administration to write rules that would eventually be reflected in Federal Acquisition Regulations to require a contracting officer to consider the past performance of first-tier subcontractors in the same way they would for prime contractors.

On the Senate side, an amendment from Sen. Mike Enzi, R-Wyo., would require the defense secretary to list on the publicly accessible Beta.sam.gov site any consortia it uses to announce or otherwise make available contracting opportunities using other transaction authorityi.e. transaction authority outside the confines of Federal Acquisition Regulations. An Enzi press release said this is needed because smaller contractors often arent aware of opportunities, putting them at a disadvantage.

Defense officials are also called on in the Senate bill to develop a code-review process to implement a pilot project at the Office of Management and Budget that could drastically change current software acquisition dynamics.

The pilot is part of an OMB policy aimed at creating a culture of software use that saves taxpayers money, reduces vendor lock-in and fosters innovation. It requires agencies commissioning new custom software, to release at least 20% of the new custom-developed code as open source software for three years. Under the August 2016, Federal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software, federal agencies and prospective vendors alike would be able to see more of the code already in use across the government and build on top of it, instead of wastefully duplicating efforts. The code-review process called for in the NDAA is meant to balance this new, open, collaborative system with security.

Original post:
What the Rest of Government Should Watch When the Defense Authorization Bill Goes to Conference - Nextgov

Joe Biden and his running mate, Kamala Harris, share goals such as raising corporate taxes and expanding health insurance to more Americans, but they disagreed during the 2020 Democratic primary campaign on how to approach policy areas including climate and trade.

Here is a guide to her positionsand Mr. Bidenson a variety of issues.

Ms. Harris has said she supports the Green New Deal, an overhaul of the economy to combat climate change. Mr. Biden has said he supports the goals behind the Green New Deal, but during the primaries, he backed a smaller investment than many progressives wanted.

Since becoming the partys presumptive nominee, he has called for a $2 trillion program to combat climate change over four years, more spending and a more ambitious timeline than he supported in the primaries.

Mr. Biden has proposed a fracking ban, but only for oil and gas production from federal lands. Ms. Harris, meanwhile, said during a CNN town hall last year: Theres no question Im in favor of banning fracking.

Follow this link:
Kamala Harris, Biden Differed on Trade, Medicare for All. Here's a Guide to Their Positions. - The Wall Street Journal

Photo illustration by Slate. Images by Fugacar/iStock/Getty Images Plus.

In January 2010, I sat in an auditorium at the Newseum in Washington and heard Secretary of State Hillary Clinton proclaim that the spread of information networks is forming a new nervous system for our planet. Clinton announced that internet freedom would be a new pillar of U.S. diplomacy and that as a country, we stand for a single internet where all of humanity has equal access to knowledge and ideas. She described access to global information networks as being like an on-ramp to modernity and argued that even in authoritarian countries, information networks are helping people discover new facts and making governments more accountable. Paying tribute to Franklin Roosevelts four freedoms speech, she articulated a principle of the freedom to connect:

the idea that governments should not prevent people from connecting to the internet, to websites, or to each other. The freedom to connect is like the freedom of assembly, only in cyberspace. It allows individuals to get online, come together, and hopefully cooperate.

This vision was in contrast to that of countries like China, with its infamous great firewall, and other repressive countries, which held that nations internets should be divided by borders and subject to government control just as their physical territories are. Under this vision, authoritarian countries could have equally authoritarian internets.

Last week, the Trump administration followed up on weeks of saber rattling over the Chinese-built social media network TikTok and a monthslong campaign to roll back the internet equipment firm Huaweis role in global 5G networks with an even further-reaching plan. Trumps new executive order will ban any U.S. company from interacting with the Chinese producers of the apps TikTok and WeChat, meaning they cant be offered in American app stores unless they are sold by their parent companies. Secretary of State Mike Pompeo also outlined plans for a so-called clean network, prohibiting Chinese companies from accessing American app stores, apps, cloud services, mobile carrier networks and undersea internet cables.

This was all part of an overall escalation of anti-Chinese rhetoric and policy from the Trump administrationand also based on some very legitimate concerns about Chinas surveillance practices. But another way to look at it is as a final surrender to Chinas vision of internet sovereignty.

Critics have been raising the alarm about the splinternet, the Balkanization of cyberspace, and the Westphalian web for years. Its now here. This may be a tragedy, but its one that the U.S. should have seen coming and that it partly enabled.

Clintons speech felt forward-looking and futuristic at the timeand briefly appeared prescient when the social mediaenabled Arab Spring protests broke out the following yearbut actually harkened back to notions from the earliest days of the internet about cyberspace as a domain separate from that of terrestrial nation-states.

The term cyberspace was coined by the science fiction writer William Gibson in novels set in a near future where national governments had been weakened and undermined by new communications technologies. Todays internet looks very little like the fully immersive domain Gibson envisioned, but the space part of cyberspace made it a useful metaphor in conversations about the role of the state in internet governance and freedom.

At the 1996 World Economic Forum in Davos, Switzerland, John Perry Barlow, the former Grateful Dead lyricist and founder of the Electronic Frontier Foundation, penned a Declaration of the Independence of Cyberspace, which begins:

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

Today, Barlows declaration serves a role similar to that of Francis Fukuyamas The End of History: an example of past conventional wisdom for writers to trot out and say, Well, thats not how it turned out. But for a long time, the notion that nations should not, and could not, control the internet was very pervasive, and not just among Silicon Valley libertarians. In 2000, Hillary Clintons husband likened Chinas efforts to censor the internet to trying to nail Jell-O to the wall. In the years since, China has gotten very good at nailing Jell-O.

Authoritarian governments have long rolled their eyes at American talk of internet freedom, and not entirely without reason. As with free trade, many look at the free internet and see a project of American power projection cloaked in platitudes. Is Vladimir Putin being paranoid when he says that the internet was originally a CIA project and is still developing as such? Undoubtedlybut theres some truth to the notion: The internet does trace its origins back to systems developed by U.S. intelligence, and the agency still dabbles in Silicon Valley investing.

After Edward Snowdens revelations about National Security Agency surveillance, even democratic leaders like thenBrazilian President Dilma Rousseff began talking seriously about the importance of internet sovereignty and, for a time, considered legislation mandating that Brazilian users data be stored within the countrys bordersit didnt happen there, but it did in Russia. Americas own history of mass data collection is why some see the TikTok ban as rank hypocrisy.

American officials forthright rhetoric about internet freedom may also have backfired. Its not exactly a surprise that authoritarian governments like Chinas viewed services like Google and Facebook as a threat when the secretary of state of the United States was giving high-profile speeches openly telling these governments that they should consider social media a threat to their power. (American concerns about TikTok and user privacy may be justified, but its not as if the Chinese foreign ministry isnt putting out statements boasting about how its harvesting Americans data.)

The big internet companies themselves have been almost comically cynical on the topic of internet freedom. Facebooks Mark Zuckerberg was once so anxious to gain approval from the Chinese government that he conspicuously left a copy of Chinese President Xi Jinpings book on his desk during visits by Chinese officials and asked Xi for suggestions on the name of his unborn child. Today, facing threats from government regulatorsand having given up on accessing Chinas markethe tells Congress that he is upholding democratic traditions like freedom of expression against his Chinese competitors. In 2006, Google agreed to cooperate with Chinese censors, arguing that it was necessary to fulfill its mission to provide the greatest access to information to the greatest number of people. In 2010, after the company moved its operations out of mainland China following a series of cyberattacks, Soviet-born co-founder Sergey Brin decried the forces of totalitarianism that made the move necessary and told the New York Times that the half an Internet approach of authoritarian countries would eventually fail: I think that in the long term, they are going to have to open. In 2018, it was revealed that Google was working on a new censored version of its search engine for the Chinese marketwhich it dropped after its own workers called out the project as a betrayal of Googles stated mission.

The ideal of an open internet suffered another setback in 2016 with the election of a president who evinced neither an interest in global democracy nor an understanding of how the internet works. Trump was mocked during his campaign in 2015 for suggesting he would combat ISIS by speaking to Bill Gates about in certain areas, closing that internet up in some way and preventing terrorists from using our internet. As with many of Trumps more outlandish utterances, it probably should have been taken more seriously. He will end his first term with the more closed-up internet he described, where national governments have a more proprietary right to their citizens data. Even if he loses in November, it could be a core part of his legacy. Its hard to imagine Joe Biden, who has run on being more of a China hawk than Trump, rolling back these restrictions, which are, after all, based on widely held concerns about Chinese data collection that arent just restricted to Trumps base. And if the new rules end up forcing a sale of TikTok to an American company, theres not much that can be done to reverse it.

Even if the open internet was always more of an ideal than a reality, that doesnt mean were better off simply acceding to a world of Balkanized national internets. National internet shutdowns during times of political crisis have become commonplaceBelarus on Sunday became just the latest example.

Chinas WeChatthe less discussed but probably more consequential Chinese app banned by the administration last weekcould be a preview of what these internets look like. For Chinese users, its a phenomenally convenient all-in-one platform for person-to-person messaging, social media sharing, payment, shopping, and gaming. Not only is this one app increasingly the internet for Chinese users, its the forum through which much of economic and social life is mediated, and daily lifeparticularly in large citiesis hard to live without it. (The international version of the app possesses little of this functionality and is similar to other messaging apps like WhatsApp.) Omni-apps like WeChat are the antithesis of the open internet idealglobal, unfettered, user-generatedand also function as the kind of surveillance tool that the totalitarian governments of the last century could only have dreamed of. If walled-garden internets become the norm, other countries will look for opportunities to follow Chinas lead.

National governments have always strived for what the anthropologist James Scott calls legibilityarranging their populations to simplify classic state functions like taxation, conscription, and preventing rebellion and crime. They dislike ambiguity when it comes to the territory under the states control or the people residing within it. In our era, the drive for legibility, fused with an ethnic nationalist political project, is behind the drive toward ever greater border security and crackdowns on undocumented migration.

The classical vision of cyberspace, as expressed by 90s-era visionaries like Barlow and Gibson, was supposed to be a threat to state legibilitya realm for communication and commerce outside the reach of terrestrial nation-states, and one in which authoritarian repression and censorship was ultimately impossible. Governments like Chinas were plainly hostile to this vision from the beginning. The U.S. supported it rhetoricallyif only up to a point and often opportunisticallyuntil now.

That doesnt mean this is the end of the story. National governments are taking on a greater role in the governance of cyberspace at a time when their ability to perform the basic functions of governance in the real world appears weaker than ever. Just because governments are building new walls on the internet, doesnt mean they will do a particularly good job guarding them.

The dream of the open internet may live on, but at the very least, its time to do away with a whole universe of metaphors. The Jell-O has been nailed to the wall, the weary giants of flesh and steel have elbowed their way into the home of the mind, and the nervous system of our planet will never be the same.

Future Tense is a partnership of Slate, New America, and Arizona State University that examines emerging technologies, public policy, and society.

More:
The End of Cyberspace - Slate

Ever since US President Donald Trump announced he was going to ban TikTok unless an American company bought it out by the middle of September, tech experts have raised alarm over the dangers of this prospect. They say this could fragment the internet along spheres of national interests and give rise to multiple ecosystems of the internet. In other words, it could mark the beginning of an American version of the internet similar to the ecosystem that exists in China.

The US plan to implement a clean networkwhich would block Chinese companies from accessing app stores and cloud services, among other thingshas invited a strong backlash because the internet, as a subcultural project of the 70s that had de-linked itself from its strong military-industrial complex roots, was intended for everyone. Techies in Silicon Valley, as Scott Malcomson has explained in his book Splinternet, were given a free rein to work on personal computers and the internet to empower the individual and free people, as it were, from the oppression of the state, a sign of the times of the culture that thrived in the Bay area in the backdrop of the Vietnam war. Silicon Valley ethos gradually sat well with the notions of the internationalist principles that resembled American values. But as time passed, tech giants, led by commercial interests, swallowed up the internet. So much so that we associate the internet today with, say, a Google or an Amazon. Thats all the more true for us in India because we adopted the US tech model. Other countries, such as Malaysia, Indonesia and Thailand, bought into the Chinese model. But even in the 80s, when American superiority was a given, computer pioneers like Jon Postel thought long and hard about the future of internet governance because they knew it had to be protected from getting caught up in government rivalries.

In 1988, computer scientist Leonard Kleinrock chaired a National Research Council committee that submitted a report. The Kleinrock report suggested bringing in the US government as a funder of the internet project because, as the report argued, foreign competitors are busy at work with their own national research networks. Clearly, the US was wary that everyone would want some degree of control over cyberspace. Even though the internet appeared largely free from state interference, the 2013 Edward Snowden revelations told another story. The US government was allegedly using American companies to spy on citizens and enemies, whether they knew about it or not. The tech industry was taken aback by what seemed like an admission of the defeat of the global internet project. Their role as gatekeepers of the global project was downsized to, as Splinternet mentions, that of the unwitting agent of the intensely anxious security apparatus of one particular nation at a time.

Tech companies retaliated by encrypting and re-encrypting services even though the US government said they wanted special access to the internet on national security grounds. This debate has remained a flashpoint between tech companies and governments across the world. It is also currently playing out in India, where the government has asked WhatsApp, owned by Facebook, to trace the originators of fake messages. But WhatsApp has declined to do so and said that while it could provide law enforcement agencies with users meta data, it could not directly trace conversations between users since it would be a breach of their encryption policy. This debate began in 2018 after the Indian government proposed a series of new rules for social intermediaries, asking them to remove unlawful content, among other things. The norms are also related to Indias data protection bill, which is yet to be enacted into law.

Similarly, when Facebook acquired a 9.99 per cent stake in Reliance Jio platforms, the deal caused a surprise over the fact that Facebook and Reliance had differing views on two major internet policies: data localisation measures and encryption policies. Arindrajit Basu, a researcher at the Centre for Internet and Society, explains that big tech companies were typically against data localisation measures whereas Indian companies heavily favoured it. In its integrated annual report in 2018-19, Reliance mentioned that keeping a copy of citizens data in servers within the country would also spur investment in creating server and cloud capacity in India, incentivising research and developing and creating employment in line with the governments Make in India initiative. Building cloud capacitythey can never crash unlike physical servers that can come under attack quite easilyis becoming the next sphere of geostrategic competition as every country rallies to co-opt the benefits of services bound to come as a result of the roll-out of 5G. Facebook is aware of the precedent it can set if it does agree with the governments rules to keep citizens data within the countryit can again be held hostage to the whims of a government agency.

Besides, the Indian government has on several occasions shut down internet services in parts of the country, which has caught the eye of the international community. Internet shutdowns are common in authoritarian countries like China, but not in democracies. Kashmir, which has about 7 million people, has not had 4G internet for close to a year, though the Centre has announced it will start restoring 4G internet on a trial basis after August 15. Similarly, India is now part of a democratic coalition of countries, dubbed the D10 by the British government, which aims to find alternative suppliers of 5G to cut reliance on Chinas Huwaei. D10 includes all the G7 economies, along with India, Australia and South Korea.

Though India has deferred its 5G plans for a year owing to the Covid pandemic and has not announced whether itll block Huwaei and ZTE in the 5G rollout, sources in the government say India is deliberating on the 5-G plan. Several factors are being weighed, the sources said, to dictate the coming up of a Great Wall of India against these companies.

Subscribe to the daily newsletter for sharp insights delivered straight to your inbox https://www.indiatoday.in/newsletter

More here:
The splintering of the internet and how it may affect India |India Today Insight - India Today