At a glance.

  • CAC revises online comment rules.
  • Eurojust hosts ransomware defense workshop.
  • More on the White House task force on online abuse.
  • Comment on the RSOCKS takedown.

CAC revises online comment rules.

Last week the Cyberspace Administration of China (CAC) released a draft update to the Provisions on the Management of Internet Post Comments Services declaring that all online comments will have to be pre-reviewed before being published. As the MIT Technology Review explains, the change would impact a great range of online discussion including forum posts and replies, messages left on public message boards, and live video comments called bullet chats. The regulation in question first came into effect in 2017, and Jeremy Daum, a senior fellow at Yale Law School’s Paul Tsai China Center, explains, “The proposed revisions primarily update the current version of the comment rules to bring them into line with the language and policies of more recent authority, such as new laws on the protection of personal information, data security, and general content regulations.” Proponents see the update as another step toward full control of internet speech. Many platforms already employ or outsource work to censorship teams tasked with removing content deemed inappropriate before users can see it, and this new update could also make content creators responsible for flagging and reporting “illegal or negative” content. 

Eurojust hosts ransomware defense workshop.

Over one hundred EU and US judicial experts and practitioners gathered at the Hague last week for a two-day workshop focused on fostering collaboration in battling ransomware attacks. Organized by EU judicial cooperation agency Eurojust along with the US Department of Justice, the event gave participants the opportunity to attend presentations where experts shared best practices regarding topics like transnational cooperation during ransomware investigations, victim remediation, and prosecution of criminal organizations. 

Representing twenty-seven countries, attendees included attorneys from the US Justice Department’s Computer Crime and Intellectual Property Section, representatives from the US Federal Bureau of Investigation, the US Secret Service, the US Homeland Security Investigations, European Judicial Cybercrime Network, Eurojust’s Cybercrime Team, and Europol’s European Cybercrime Centre, as well as private sector and non-governmental organization representatives from the CyberPeace institute, Microsoft, and Bitdefender. Eurojust President, Mr Ladislav Hamran stated in his opening address, “Through this week’s workshop, we are fostering closer cooperation, not only between national authorities, but also between the public and the private sector. I am convinced that this will prove crucial in our efforts to protect our citizens against online and offline threats.”

More on the US task force on online abuse.

As we noted last week, US Vice President Kamala Harris on Thursday announced the launch of a new government task force aimed at preventing online abuse. The White House notes that the group will particularly focus on protecting women, girls, and LGBTQI+ individuals, drafting a blueprint over the next one hundred eighty days on a “whole-of-government approach” to stopping “technology-facilitated, gender-based violence.” The White House Gender Policy Council and National Security Council will co-chair the group, and the administration will also supply $3 million to support the initiative. The Register adds that the task force launch comes on the heels of the introduction of a bill that would ban the sale of health and location data in response to the Supreme Court’s draft proposal to overturn Roe v. Wade. In her remarks, Vice President Harris addressed the connection between private data and abortion rights. “So let us be clear: No one should be afraid that an abuser will use their private personal data — or that a person’s private personal data will be used against them,” she stated. 

WPMI notes that critics of the task force worry it’s simply the return of the White House’s Disinformation Governance Board, which was put on pause after critics expressed concerns that the group would be used to censor speech in opposition to the administration’s agenda. The White House, however, maintains that the First Amendment does not apply to violent and threatening speech (critics see the Administration as working from an expansive definition of violent and threatening speech), and that the task force will focus on illegal content like sex abuse and online human trafficking.

RSOCKS disruption.

Elizabeth Wharton, VP, Operations at SCYTHE, commented on the criminal utility of illicit proxy servers like RSOCKS, disrupted last week by international law enforcement. “Using these devices as proxy servers is another example of how threat actors weaponize internet connected devices to evade detection. For example, by using the device as a proxy server to create a local IP address, the malicious activity will likely go undetected because it doesn’t trigger an alert. Organizations should consider placing stronger external IP address restrictions to mitigate risk.”