OUR PICKS Regulating Commercial Spyware | New AI Laser System to Guard U.S. Capital | Internet-of-Things Malware Attack Cycles Are Accelerating, and more

Published 10 August 2023

Regulating Commercial Spyware (Asaf Lubin, Lawfare)

The rapid evolution of spyware technologies and their abuse by both democratic and autocratic governments has been the subject of increased international scrutiny. Spyware has been used to target the computers and phones of world leaders, human rights advocates, journalists and attorneys uncovering corruption, and political dissidents. As these sophisticated tools become more pervasive and intrusive, the potential for misuse and infringement of individual rights is only exacerbated.

To address this problem a set of traditional legal and policy tools have been employed: (a) industry self-regulation, (b) ad hoc public enforcement and sanctions, (c) private litigation by victims, (d) moratoriums and tech bans, and (e) international cooperation. Each of these solutions—and the ways they have been structured—have suffered from significant limitations. These limitations reduce the effectiveness of each of the measures in deterring and preventing human rights violations.

US Launches Contest to Use AI to Prevent Government System Hacks (Reuters / VOA News)

The White House on Wednesday said it had launched a multimillion-dollar cyber contest to spur use of artificial intelligence to find and fix security flaws in U.S. government infrastructure, in the face of growing use of the technology by hackers for malicious purposes.

Virginia Becomes Eighth U.S. State to Exit Voter Data-Sharing Pact (Josephine Walker, Reuters)

Virginia on Thursday became the eighth Republican-led U.S. state to leave a non-partisan voting-integrity partnership that has been undermined by unsubstantiated far-right charges that it favored Democrats.

Member states of the Electronic Registration Information Center, or ERIC, partnership share voter registration and identification data to avoid having people registered to vote in multiple states.

While voter fraud is vanishingly rare in U.S. elections, the nation’s state-by-state elections system raises the risk that people who move from one state to another may remain registered to vote in two states at once.

Virginia follows Ohio, Iowa, Florida, Missouri, West Virginia, Louisiana and Alabama in leaving the partnership.

Former U.S. President Donald Trump’s false claims that his 2020 election defeat was the result of widespread fraud have been echoed by many of his Republican allies. Trump said without evidence in a March post on his Truth Social site that ERIC “pumps the rolls” for Democrats.

New AI Laser System to Guard U.S. Capital Region from Unauthorized Aircraft (Patrick Tucker, Defense One)

A decades-old government system to monitor unauthorized aircraft over the U.S. capital region is about to get an AI overhaul to speed up operations.

Teleidoscope, a company out of California that specializes in automated targeting software for augmented-reality games, has won an up-to-$100 million contract to replace portions of the National Capital Region-Integrated Air Defense System, or NCR-IADS, following an 18-month prototype phase led by the Defense Innovation Unit, or DIU.

Teleidoscope founder Matt Rabinovitch said the system applies AI to full-motion-video threads to spot aircraft that aren’t operating in a safe way, then identify the type of aircraft and tell operators which way it’s heading. It also has “all kinds of image-enhancement features” such as defogging and decluttering, Rabinovitch said in an interview.

America Must Create a Multilateral Semiconductor Supply Chain Security Agreement (Nicholas A. Henderson, National Interest)

The United States, Taiwan, the Netherlands, Korea, and Japan should consider forming a multilateral supply chain tracing and customs agreement to prevent crucial technology from falling into the wrong hands.

Panasonic Warns That Internet-of-Things Malware Attack Cycles Are Accelerating (Lily Hay Newman, Wired)

Internet-of-Thins devices have been plagued by security issues and unfixed vulnerabilities for more than a decade, fueling botnets, facilitating government surveillance, and exposing institutional networks and individual users around the world. But many manufacturers have been slow to improve their practices and invest in raising the bar. At the Black Hat security conference in Las Vegas today, researchers from Panasonic laid out the company’s strategy for improving IoT defenses based on a five-year project to gather and analyze data on how the company’s own products are attacked.

The researchers use Panasonic home appliances and other internet-connected electronics made by the company to create honeypots that lure real-world attackers to exploit the devices. This way Panasonic can capture current strains of malware and analyze them. Such IoT threat intelligence work is rare from a legacy manufacturer, but Panasonic says it would like to share its findings and collaborate with other companies so the industry can start to compile a broader view of the latest threats across products.