We're experimenting with a new schedule, so welcome to the last Tuesday edition of Codebook (at least, until we decide to change the schedule again). Starting next week, Codebook will move to a once-a-week schedule, publishing on Thursday mornings.
Tuesdays are for chumps.
Situational awareness: Kaspersky Lab released a third-party research report Tuesday arguing that the U.S.' publicly announced logic behind a federal ban on Kaspersky's wares is based on a faulty understanding of Russian law.
1 big thing: Courts won't block EU copyright law anytime soon
As a controversial EU copyright directive nears its final passage, opponents are already hoping the European courts will thwart it. Don't hold your breath, say experts.
Why it matters: Last week we covered how the copyright directive has the potential to fundamentally change how European citizens use the web and what services companies like Google can offer them. The directive has already passed the European Parliament and is likely to next win approval from the EU Council. Once that happens, it will take years for the courts to respond.
Driving the news: The EU copyright bill includes provisions that would require aggregation services — think Google News — to pay for copyrighted content they link to. It also requires platforms to monitor content that users upload to sites like YouTube for copyrighted material.
The intrigue: There's a lot of motion among opponents of the directive to suggest that the part of the bill requiring sites to monitor uploads is incompatible with earlier EU laws. That's a position held by the Electronic Frontier Foundation, opponents in the European Parliament and several academics across Europe.
- At issue is the eCommerce Directive, which explicitly says "Member States shall not impose a general obligation on providers ... to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity."
- Any requirement to digitally filter out copyright violators would appear to contradict this directive.
- It's hard to see how any law requiring digital firms to proactively monitor for copyright could work at the scale of YouTube without using a filter.
Also: There may be problems resolving the monitoring aspect of the directive with the Charter of Fundamental Rights — particularly the right "to receive and impart information and ideas without interference by public authority."
- Filtering, like any algorithmic process, will likely make errors, preventing some legitimate uploads entirely. That's especially true for people who legitimately sample from copyrighted works — computers will detect a copyrighted video clip but not that it's being used for commentary.
The catch: There may be legitimate grievances that citizens might have with the rules, said Vincenzo Tiani, EU affairs analyst for the Center for Democracy and Technology. But the realities of waging these kinds of fights make them unlikely.
- "It costs hundreds of thousands of dollars for an individual to seek an annulment with the EU courts," he said. "Most people who are held up from uploading a video won't spend that."
- Furthermore, there's a very limited group who can bring these cases directly to the courts, said Carlton Daniel, partner at Squire Patton Boggs, and Imogen West, trainee at Squire Patton Boggs, via email. It's more likely that a case would be referred by national court.
- But EU directives aren't laws themselves; they are requirements that countries pass laws consistent with the directives. That means the cases can't go through national courts until countries first pass their version of the laws, which can take months or (usually) years, said Daniel and West.
2. Australia proposes tough penalties for livestreaming terrorism
Australian Prime Minister Scott Morrison is looking to rush through laws penalizing internet companies for not taking down videos of violent attacks fast enough.
Driving the news: An Australian bill would punish companies that didn't take down videos like those of last month's shootings in Christchurch with penalties of up to 10% of yearly revenue and imprisonment of executives of up to 3 years.
The bill is already being criticized as impractical, hard to enforce and dangerous to Australia's standing in the tech world.
3. The FBI's old victim notification system was buggy and underused
The Department of Justice's Inspector General released a new report blaming typos, tech problems and other oversights for the FBI not notifying many victims of cybercrime that they were in danger.
The big picture: The issue was brought to light after the 2016 election hacking scandal, where many targets identified by the FBI only found out they were in Russia's crosshairs when contacted by reporters months later.
Details: The Cyber Guardian system designed to coordinate contact with victims across various agencies failed because of several problems:
- An abundance of typos that the system did not prevent hampered coordination.
- Victims were skipped because the system used outdated definitions of cyber crime.
- While criminal investigations often reached out to potential victims, counterterrorism investigations often did not.
Yes, but: Cyber Guardian is already being replaced by a new system, CyNERGY, which will debut this fiscal year.
4. Taiwan will ban Baido and Tencent ahead of elections
Citing fears that Beijing will use Baido and Tencent streaming services to impart propaganda to sway a contested nation, Taiwan announced it may ban the video services ahead of the election, according to the Nikkei Asian Review.
What they're saying: Taiwan could block two services, according to Chiu Chui-Cheng, deputy minister of Taiwan's Mainland Affairs Council: Baido's iQiyi, which is already available on the island, and Tencent, which planned to introduce its streaming service later this year.
- "If Tencent's streaming video service is trying to enter the Taiwanese market, it's very likely that it's a part of Beijing's propaganda campaign," Chiu told Nikkei Asian Review. "What if the company inserts some content that Beijing hopes to advertise? What if it implements messages linked to the Communist Party or its army? We should treat this seriously and carefully at a national security level."
5. Odds and ends
- A new phishing campaign is targeting Verizon users. (Lookout)
- Cloudflare's privacy-boosting secure DNS 22.214.171.124 now offers a VPN service. (Cloudflare)
- Government hacking contractor NSO group says that if Saudi Arabia hacked Jeff Bezos' cell phone, it wasn't involved. (Motherboard)
- Federal bills would let prisons block cellphone signals. (AP)
- If you ate at Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy!, Mixology or Tequila Taqueria between May and March, there's a chance your credit card information was stolen. (Earl Enterprises)
See you Thursday (and only Thursdays).