May 24, 2024

ğŸ˜Ž TGIF, everyone. Welcome back to Codebook.

  • 🏖️ One last edition and then off to the beach — let's do this.
  • 📬 Have thoughts, feedback or scoops to share? [email protected]

Today's newsletter is 1,178 words, a 4½-minute read.

1 big thing: States turn against public masking amid pro-Palestinian protests

Illustration: Eniola Odetunde/Axios

State officials are increasingly targeting public mask-wearing in new legislation and prosecutions in an attempt to crack down on pro-Palestinian campus protests.

Why it matters: Wearing a mask can help protesters evade facial recognition cameras that police and campus officials use to identify participants in a campus demonstration.

  • Campus protesters are facing ramifications beyond possible arrest: Some faculty members have been fired and students face suspensions.

State of play: A handful of states are pursuing new legislation to ban public mask-wearing in most situations. Others are reviving old laws that they hadn't enforced in years to target protesters, experts say.

  • Jay Stanley, senior policy analyst for the ACLU's speech, privacy and technology project, told Axios that law enforcement argues that police officers should be able to identify everyone who's participating in a protest in case it turns violent.
  • But privacy experts and activists argue that the new moves are a tactic to help investigators and school administrators unjustly target protesters who want to protect themselves from COVID-19 and doxxing.

Driving the news: The North Carolina Senate passed a measure last week that would repeal a pandemic-era law allowing people to wear masks in public for health reasons.

  • N.C. Republican lawmakers have argued that the "Unmasking Mobs and Criminals" legislation would help police crack down on pro-Palestinian protesters who are using masks to hide their identities.

The big picture: The N.C. statehouse isn't the only political body that's started targeting protesters' face coverings, according to the ACLU.

  • In New York City, a state lawmaker introduced legislation this month to ban face coverings while protesting, rallying or participating in any other public assembly.
  • Ohio's attorney general sent a letter to the presidents of the state's public universities warning that students who wear a face mask at protests could face felony charges under a 1953 law that has seemingly never been enforced before.
  • Some protesters arrested during demonstrations at the University of Florida are facing charges for wearing a mask in public.

Catch up quick: States created their old anti-masking laws for a variety of reasons, including identifying Ku Klux Klan members.

  • During the initial years of the pandemic, many states added exemptions to these laws to allow people to wear masks to protect against COVID.

Zoom in: At UNC-Chapel Hill, organizers say many participants in demonstrations are immunocompromised and wouldn't be able to participate in the protests without a mask.

  • "We are still trying to be as COVID-conscious as possible and making sure that by masking, we are able to keep the broader community safe," Sophia Brown, a member of UNC Students for Justice in Palestine, told Axios.
  • Organizers told Axios they have noticed more cameras on campus in the last month of demonstrations, and UNC leaders sent an email in March asking students not to wear masks because the practice "is a violation of UNC policy and State law."

Facial recognition technology has gotten better at identifying people who are wearing a face covering, Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project, told Axios.

  • Yes, but: "The more expansive facial recognition becomes in these situations, the more errors that are going to be made," he said.

2. Privacy conundrum facing new Microsoft AI PC

Illustration: Annelise Capossela/Axios

A new memory-searching function in Microsoft's highly anticipated AI PCs is spurring concern among privacy-conscious executives and consumers.

Why it matters: Microsoft will have to address a growing list of questions about the functions of its new Recall feature in some Copilot+ PCs if it hopes to make the PCs a ubiquitous household and workplace device.

Driving the news: The U.K. Information Commissioner's Office has already contacted Microsoft about Recall's potential privacy issues, a spokesperson told the BBC this week.

Catch up quick: New Copilot+ PCs will come with a feature called Recall that lets users search through their past computer activity to help bring up any old files, photos, emails or browsing history.

  • The information is stored locally on a user's PC, so intruders would need access to the physical device, as well as a stolen password, to successfully break in.
  • AI PC owners can choose whether they want to participate in Recall, and participants can limit what screenshots Recall takes.

Cybersecurity experts warn that if a hacker can break into a PC, they could trick Recall into looking up users' sensitive information.

  • A hacker could still use trojan malware to trick a device into giving them remote access to Recall, security expert Kevin Beaumont alleges on X.
  • "Stuff may stay on your device, but that doesn't mean people can't get to it," Jen Golbeck, a professor focused on AI and data privacy at the University of Maryland, told CNN.

Between the lines: Recall poses unique challenges for enterprises that are looking to switch their workforce over to Microsoft's AI PCs.

  • Recall can't detect when sensitive information is included in a screenshot, like a user's password or medical information.
  • And it could pose a risk for employees who mix personal and corporate work on one computer. Confidential corporate data could end up in an employee's personal devices' Recall feature, for instance.

What they're saying: "The recall stuff is not a good idea," Phil Libin, co-founder and former CEO of Evernote, told Axios. "And I think it's not a good idea across many dimensions, not just security. I think it's a very bad idea for security and privacy."

Yes, but: Yusuf Mehdi, who leads consumer marketing for Microsoft, told Axios that when he showed Recall to Microsoft's CISO, he was excited by the feature — noting it could help security teams figure out when and how malware may have infected someone's device.

What we're watching: Microsoft is rolling out the feature as it overhauls its internal cybersecurity strategy, which prioritizes security features over speedy product development.

  • Microsoft president Brad Smith will testify before Congress about this plan and last summer's China breach next month.

3. Catch up quick

@ D.C.

🏛️ Jeff Greene, a former White House official and current senior director at Aspen Digital, is expected to take a top role at the Cybersecurity and Infrastructure Security Agency. (The Record)

☎️ New Hampshire prosecutors have filed 26 criminal charges against the political consultant who created a deepfake robocall that impersonated President Joe Biden. (CNN)

🪖 The U.S. Cyber Command said it deployed its first hunt-forward mission to Zambia last year to help detect network vulnerabilities and malicious cyber activity. (The Record)

@ Industry

💰 Lumos, an identity management startup, closed a $35 million Series B round led by Scale Venture Partners. (TechCrunch)

@ Hackers and hacks

🏥 Ascension, a health care organization that includes 140 hospitals across the U.S., is still down more than two weeks after a ransomware attack seized its networks. (New York Times)

ğŸŽ­ The person who allegedly ran the popular Incognito dark-web drug market also posed as a legitimate cryptocurrency and cyber crime consultant who trained governments on investigating these types of crimes. (Wired)

🇨🇳 China-linked hackers are starting to rely more on networks of virtual private servers and compromised smart devices to conceal their activity. (CyberScoop)

4. 💻 1 fun thing

Screenshot: @nixcraft/X

The memes have definitely been meme-ing this week over Microsoft's Recall feature.

☀️ See y'all Tuesday!

Thanks to Megan Morrone for editing and Sheryl Miller for copy editing this newsletter.

If you like Axios Codebook, spread the word.