The Stroz Friedberg Cyber Brief

  FEATURED STORY            



The San Francisco-based ride-hailing company admitted on Tuesday to paying hackers a $100,000 ransom to keep quiet about the theft last year of private information pertaining to more than 50 million of its customers and drivers. “None of this should have happened, and I will not make excuses for it,” said Chief Executive Dara Khosroshahi, who’s been at the helm for only a few months. Travis Kalanick, Uber’s cofounder, was ousted as CEO in June amid pressure from investors who said he put the company at legal risk. Kalanick reportedly learned about the hack in question in November 2016.

Analysts say Uber’s attempts to keep the incident under wraps say may have defied data breach disclosure laws. An assortment of state and federal statutes compel companies to notify people and government agencies when breaches occur. Uber said it was obligated to report the hack and failed to do so. The company has attracted at least three more class-action lawsuits and separate investigations by the attorneys general of New York, Missouri, Massachusetts, Connecticut, and Illinois. (Bloomberg, WaPo, Wired, Reuters)


Exploited Children: A nonprofit called Thorn, which was founded by Demi Moore and Ashton Kutcher in 2009, is helping law enforcement combat sex trafficking. Software tools created by the group are helping investigators across the United States and Canada. (NYT)


Yahoo Hacker: Karim Baratov, a 22-year-old Canadian-Kazakh national, is expected to plead guilty Tuesday in a San Francisco federal court to criminal charges stemming from the massive 2014 breach of Yahoo. Baratov allegedly conspired with several Russians in the heist. (WSJ)

AT&T-Time Warner: The Department of Justice has sued to block AT&T’s $85 billion bid for entertainment conglomerate Time Warner, setting the stage for one of the biggest antitrust cases to hit Washington in decades. (WaPo)

  ON THE HILL                                    

Net Neutrality: The Federal Communications Commission unveiled a plan that analysts say would give Internet providers like Comcast, Verizon and AT&T extensive powers to determine what websites their customers see and use. The FCC’s effort would roll back its so-called net neutrality regulation, which was passed by the agency’s Democrats in 2015. (Reuters)


Drones: A Pentagon agency called the Joint Improvised-Threat Defeat Organization (JIDO) is focused on mitigating the risk presented by adversaries’ drones. JIDO is working with academia, start-ups, and venture capitalists to stay on top of the latest in drone technology. (WaPo)

  PRIVATE SECTOR                             

Social Media: Following recent revelations regarding Russian disinformation campaigns, shares in Facebook, Twitter, and Google have been relatively unfazed by fears over the potential costs of having to deal with unhappy advertisers and regulators. (FT)


ICOs: Joseph Grundfest, who was a commissioner at the SEC in the 1980s, has been warning his successors at the agency that initial coin offerings, which are custom-built virtual currencies that entrepreneurs have used to raise money for start-ups, are a “pervasive, open and notorious violation of federal securities laws.” (NYT)

Google: Russia’s telecom regulator said that it will retaliate against Google if it lowers the search rankings for the Kremlin-backed news outlets RT and Sputnik. The agency’s remarks come after Eric Schmidt, the executive chairman of Google's parent company, Alphabet, said that the company is working to curb misleading and exploitative content. (WaPo)

  THE WORLD                                     

EU: Bloc lawmakers overwhelmingly backed plans to restrict export of devices that foreign entities could use to intercept mobile phone calls, hack computers, or circumvent passwords. The proposed move is part of an effort to modernize the EU’s export control system to cover cyber-surveillance. (Reuters)

Germany: Government spies should have the authority to digitally strike back against hackers, the president of Germany’s new cyber security agency said. German officials have blamed APT28, a Russian hacker group, for the 2015 hack of the German lower house of parliament and other cyberattacks. (Reuters)


Uber: The Clean-Up After Kalanick Continues: “The cyber attack provides a case study in Uber’s sometimes self-defeating culture. The incident was not particularly unusual, but the cover-up could end up being costly. Hiding the breach has already attracted the ire of regulators from the US to Europe and could lead to lawsuits,” write Leslie Hook and Hannah Kuchler in the Financial Times.


Teaching AI to Watch Drone Footage: “With demand for more drone operations continuing unabated, the military should devise ways to review every second of drone video surveillance and manage the wealth of information that results. The answer to this quandary is a mix of emerging artificial intelligence, analytics, and compression technologies that would automate the review and initial analysis of drone video. In other words, the military should teach its machines how to watch TV,” write Ted Johnson and Charles F. Wald in Wired.

Cops, Cellphones and Privacy at the Supreme Court: “Smartphones have become an indispensable part of our daily lives, and sharing the data they generate automatically with a third party is not a meaningful choice. As Justice Sonia Sotomayor wrote in a 2012 case, the concept of voluntariness ‘is ill-suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks,’” write editors of the New York Times.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.