Welcome to Codebook, the cybersecurity newsletter with a line graph.
Today's newsletter is 1,308 words, a 5-minute read.
Illustration: Sarah Grillo/Axios
Chinese tech companies have ramped up efforts to set technical standards for facial recognition, raising concerns among business competitors, political observers and humanitarian advocates.
Why it matters: China has long made a systematic effort to set international standards on data and hardware compatibility across brands so that the standards reflect how Chinese products already work — giving its domestic industries a leg up in engineering races.
Driving the news: Several Chinese firms, including ZTE, Dahua and China Telecom, have sought approval at the International Telecommunication Union, a UN technical standards body, for technical standards allowing different companies' surveillance technology — including facial recognition — to work together.
To be clear: Technical standards do not commit atrocities.
But, but, but: China will likely use the technical standards to claim a UN seal of approval for its use of its products.
The big picture: China has tried to use this standards approach to corner entire industries, including telecommunications. Facial recognition techniques represent a particularly thorny part of a broader effort to control artificial intelligence standards.
Between the lines: Technical standards are conventionally seen as modular schematics for emerging technologies. For instance, they explain how to encode an MP3 file so it will play on any device — not what an MP3 file should be allowed to encode.
IBM's X-Force IRIS research team reports that Iran is using a new disk-deleting "wiper" malware in destructive attacks.
Why it matters: Wiper malware is behind some of the most destructive attacks in history. Iran's OilRig group used malware known as Shamoon to substantially disrupt operations at Saudi Aramco.
The newly discovered malware, dubbed ZeroCleare, uses legitimate data modification software known as EldoS RawDisk to delete systems.
IBM sees several similarities between ZeroCleare and Shamoon, and the company believes the same actor is behind both attacks.
Senate Intelligence Committee Chairman Richard Burr (R-N.C.) said this week that Ukraine meets the standard for election meddling that people first held Russia to. But that's not what the numbers show (we have a graph!).
Why it matters: While Burr didn't draw a moral equivalence between Russia — which committed several crimes on U.S. soil during the 2016 election — and what we know about Ukraine, he muddled the debate in that direction.
Driving the news: "You considered Russia meddling with just the preference they had before you knew the rest of it," said Burr. "Apply the same standard to Ukraine."
But, but, but: Codebook analyzed 1,847 news stories from 179 news sources that used the words "Russia," "election," "meddling" and their derivatives between Jan. 1, 2014, and Jan. 1, 2017. And it's pretty clear the concept of Russian election meddling didn't enter the American zeitgeist until the WikiLeaks email leaks on July 25.
Burr did not respond to a request for comment.
Voting machines break down during Pennsylvania elections (New York Times): Mechanical and design problems in voting machines in Northampton County, Pennsylvania, nearly gave the election to the wrong judicial candidate.
Researcher arrested after advocating cryptocurrency in North Korea (DOJ): Virgil Griffith, a developer for the Ethereum cryptocurrency, was arrested after presenting on cryptocurrency in Pyongyang for helping North Korea evade U.S. sanctions.
Hackers are evading an Outlook security patch (FireEye): Microsoft first patched a vulnerability in Outlook in 2017. But the patch can be dodged.
This is the last Codebook for 2019. We have decided there will be no more cyber news until next year.