Cyber Week in Review: December 6, 2019

Chinese Tech Groups Shaping UN Facial Recognition Standards

According to leaked documents, Chinese technology companies seek to open up new markets in the developing world by shaping new facial recognition and surveillance standards at the United Nations. Among the companies proposing new international standards in the United Nations’ International Telecommunication Union (ITU) were ZTE and Dahua, both of which have been blacklisted by the United States due to national security concerns. The ITU provides an opportunity for companies to influence regulatory frameworks for emerging technologies. In particular, because Europe and North America have their own regional standards-setting bodies, such as  the IETF, IEEE, and 3GPP, the ITU has been a space where companies outside of North America and Europe tend to drive standard development. In addition, on Sunday, a new law came into effect in China that requires all new cell phone users to have their face scanned. Some are concerned that the Chinese law could influence UN standards for facial recognition.

The United Nations Hosts Meeting of the Open-Ended Working Group on Global ICT Usage

The United Nations hosted an intersessional meeting of the Open-Ended Working Group (OEWG) this week where UN Member States, industry, non-governmental organizations, and academics met to discuss developments in information and communications technology (ICT) in the context of international security. Chaired by Mr. David Koh, Chief Executive of the Cyber Security Agency of Singapore, the meeting focused on cyberspace norms and the application of international law to digital technologies. The OEWG is one of two separate working groups aimed at developing rules for states in the cyber domain approved by the UN General Assembly in November 2018. The other group, the UN GGE, studies how international law applies to state actors in cyberspace, while the OEWG, sponsored by Russia, seeks to identify new norms and establish regular dialogue about the governance of ICT.

Russian Government and Search Engine Yandex Agree on New Governance Structure

Russian president Vladimir Putin has met with executives from Russia’s biggest search engine, Yandex, to discuss the creation of a new governance structure that will facilitate a balance between shareholder interests and the government’s desire to secure the data of Russian users. Under the new arrangement, a foundation with two seats on Yandex’s board will have the power to block transactions and temporarily remove Yandex’s management. The foundation will not be under the control of the Kremlin. The founder of Yandex will retain his control of the company with a bloc of privileged shares. Though President Putin had at one point described the internet as a “CIA project,” his recent praise of Yandex following the meeting propelled its stock price to a record high. The Kremlin has begun to consider the internet as a strategic sector on par with oil, gas, and finance, which are largely state-owned. Though Yandex has stood its ground to protect itself from government takeover thus far, pressure has heightened as the Russian government pushes for a “sovereign internet” and access to user data collected by telecommunications providers.

China Launches Cyberattack on Hong Kong Pro-Democracy Forum

For the first time since 2017, the Chinese government has deployed the “Great Cannon,” its state-operated distributed denial of service (DDoS) tool, in a cyberattack on an online forum where Hong Kong residents organize pro-democracy protests. DDoS attacks attempt to overwhelm servers with traffic in order to take them offline. LIHKG,  the site targeted, received more than 1.5 billion requests to access per hour during the attack, compared to normal traffic at 6.5 million requests per hour. The Great Cannon has enabled the government to launch attacks against platforms where users have attempted to undermine internet restrictions, such as Mingjingnews.com, a New York-based Chinese news site. However, its most famous act was its successful takedown of two repositories on GitHub belonging to GreatFire.org, which provided software to circumvent China’s Great Firewall.