Welcome to Codebook, the cybersecurity newsletter that makes vrooming noises whenever it uses a shopping cart.
If you've got tips or story ideas, I'd love to see. Just reply to this email.
Photo: AFP/Getty Images
In an interview with Reuters, President Trump suggested he might be willing to trade an arrested Chinese executive for a better trade deal. Such an offer, experts tell Axios, is uncomfortably transactional, dangerous to U.S. institutions and alliances, and quite likely a constitutional no-no.
Driving the news: The administration reportedly began discussing using Meng Wanzhou, chief financial officer of the global electronics giant Huawei, as a bargaining chip very soon after her arrest in Canada for violations of U.S. sanctions against Iran.
Answering a Reuters question about intervening in the Meng case, Trump said:
“Whatever’s good for this country, I would do. ... If I think it’s good for what will be certainly the largest trade deal ever made — which is a very important thing — what’s good for national security — I would certainly intervene if I thought it was necessary."
The Department of Justice bristles at the suggestion it pursues any arrest with the purpose of advancing political negotiations. But Trump's statement may give that charge weight in this case.
Presidential norms: It's worth noting that the president likely does not have the right to interfere with DOJ investigations. Trump has had a few other scuffles over this very issue.
Campaign promises: Trump campaigned as the tough-on-Iran candidate, with reinstated sanctions a centerpiece of that strategy. Yet Huawei would be the second company, after ZTE, that he's been willing to forgive violating those sanctions.
Relations with Canada: Canada did not arrest a high-profile Chinese executive thinking the U.S. mainly intended to use her in trade negotiations.
The rule of law: In this situation — in a striking parallel to the case of Jamal Khashoggi, the U.S.-based journalist murdered by Saudi Arabia — Trump's position forthrightly elbows aside the law for transactional needs.
The bottom line: If Canada faces Chinese retaliation, the U.S. might, too. Codebook spoke to one executive who had researched all of the countries with extradition treaties with China to keep his employees safe.
Why it matters: The hacking attempts started just as the Trump administration began to reinstate sanctions against Iran.
Details: The attacks used fake alerts of unauthorized attempts to access webmail accounts to convince victims to provide the hackers with login credentials.
McAfee discovered an apparent espionage hacking campaign targeting global defense, critical infrastructure and financial firms that looks "strikingly" like the work of known North Korean spies.
But, but, but: The attacks seem "too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags."
Details: Since Oct. 25, targets in North and South America (including the U.S., Mexico and Canada), Europe, Russia, India, Australia, the Middle East and Egypt received English-language invitations to apply for jobs.
Rolling Stone reported that Taylor Swift concerts used a facial recognition kiosk at the entrance to analyze anyone who looked its way.
The kiosk was intended to weed out Swift's stalkers, not track the mass of other fans.
The bottom line: There aren't really norms governing when bulk biometric identification is creepy and when it is valuable. IDing stalkers might be more on the socially acceptable side of the scale than, say, a store IDing its customers to send custom ads.
A horde of Democrats led by Sen. Brian Schatz (D-Hawaii) introduced the Data Care Act Wednesday, which seeks to drastically increase the Federal Trade Commission's ability to regulate privacy.
Details: If passed, the bill would allow the FTC to intervene when a company storing user data fails at any of three standards (as defined by the bill):
The bottom line: Given that the FTC is currently limited to regulating privacy based on whether a company is deceptive about its privacy practices, this would be a massive expansion of the commission's domain.
But, but, but: The bill's backers are all Democrats, and Republicans still control the Senate.
The House Committee on Oversight and Government Reform released its latest grades on government agencies' technology acquisition practices, known as the FITARA scorecard (after the law that mandates it). The results this time are, by and large, good news.
Stay with me here: Rep. Will Hurd (R-Texas) often notes that you never see protesters in the streets about technology acquisition, but modernizing systems is critically important to security, cost and the ability to provide services.
The FITARA scorecard is a biannual grading system for progress in setting up organizational structures and policies to modernize smartly. And, though there were no "A" grades given out, no agency did worse in these grades than in the last ones in May.
Agencies did particularly well in keeping track of software licensing, according to the report.
Codebook will return on Tuesday