Montana’s Governor’s Changes To TikTok Ban Bill Would Ban All Social Media Entirely

Montana Governor Greg Gianforte has returned an “amendatory veto” to the legislature regarding the state’s unconstitutional “ban TikTok” bill, proposing alternative draft language that inadvertently could ban all social media platforms in the state due to poor drafting. The revised language targets any social media application that collects personal information and provides it to a foreign adversary, but since most social media networks collect such information and share it with entities in foreign countries, it would effectively ban all social media in Montana. Techdirt reports: As [1st Amendment lawyer Ari Cohn] points out, the new draft targets any “social media application” that allows for “the collection of personal information or data” and allows for “the personal information or data to be provided to a foreign adversary or a person or entity located within a country designated as a foreign adversary.” Now, some might think that sounds reasonable, but the details here matter. And the details reveal that EVERY social media network collects such information and provides it to people located in countries designated as a foreign adversary. And that’s because “personal information” is a very broad term, as is “provided.” [Ari writes:]

“‘Surely,’ you might think, ‘that just covers the data platforms amass by monitoring and tracking us, right?’ Perhaps not. The bill doesn’t define the term, so who knows what it means in their heads. But we have an idea of what it means out in the real (online) world, by way of the regulations implementing the Children’s Online Privacy Protection Act (COPPA). Those regulations include in the definition of ‘personal information’ things like: First and last name; Online contact information; A screen or user name where it functions in the same manner as online contact information. In other words, the types of information that accompany virtually every piece of content posted on social media. If a platform allows that kind of information to be provided to any foreign adversary or a person or entity located within a foreign adversary, it is banned from Montana.

Do you know who might be persons located within a country designated as a foreign adversary? Users. Users who are provided the kinds of ‘personal information’ that are inherent in the very concept of social media. So, effectively, the bill would ban any social media company that allows any user in China, Russia, Iran, or Cuba to see content from a Montana user (and this is a generous reading, nothing in the bill seems to require that the data/information shared be from a Montana resident). On top of it, each time a user from one of those countries accesses content, platforms would be subject to a $10,000 fine. Do you know which platforms allow people in those countries to access content posted in the United States? All of them. Congratulations, Montana Governor Greg Gianforte. You just managed to accidentally ban all social media for Montanans. Good work.”

Read more of this story at Slashdot.

Government Cybersecurity Agencies Unite to Urge Secure Software Design Practices

Several government cybersecurity agencies united to urge secure-by-design and secure-by-default software. Releasing “joint guidance” for software manufactuers were two U.S. security agencies — the FBI and the NSA — joined with the U.S. Cybersecurity and Infrastructure Security Agency and the cybersecurity authorities of Australia, Canada, the United Kingdom, Germany, Netherlands, and New Zealand. “To create a future where technology and associated products are safe for customers,” they wrote in a joint statement, “the authoring agencies urge manufacturers to revamp their design and development programs to permit only secure-by-design and -default products to be shipped to customers.”

The Washington Post reports:
Software manufacturers should put an end to default passwords, write in safer programming languages and establish vulnerability disclosure programs for reporting flaws, a collection of U.S. and international government agencies said in new guidelines Thursday. [The guidelines also urge rigorous code reviews.]

The “principles and approaches” document, which isn’t mandatory but lays out the agencies’ views on securing software, is the first major step by the Biden administration as part of its push to make software products secure as part of the design process, and to make their default settings secure as well. It’s part of a potentially contentious multiyear effort that aims to shift the way software makers secure their products. It was a key feature of the administration’s national cybersecurity strategy, which was released last month and emphasized shifting the burden of security from consumers — who have to manage frequent software updates — to the companies that make often insecure products… The administration has also raised the prospect of legislation on secure-by-design and secure-by-default, but officials have said it could be years away….

The [international affairs think tank] Atlantic Council’s Cyber Statecraft Initiative has praised the Biden administration’s desire to address economic incentives for insecurity. Right now, the costs of cyberattacks fall on users more than they do tech providers, according to many policymakers. “They’re on a righteous mission,” Trey Herr, director of the Atlantic Council initiative, told me. If today’s guidelines are the beginning of the discussion on secure-by-design and secure-by-default, Herr said, “this is a really strong start, and an important one.”
“It really takes aim at security features as a profit center,” which for some companies has led to a lot of financial growth, Herr said. “I do think that’s going to rub people the wrong way and quick, but that’s good. That’s a good fight.”
In the statement CISA’s director says consumers also have a role to play in this transition. “As software now powers the critical systems and services we collectively rely upon every day, consumers must demand that manufacturers prioritize product safety above all else.”

Among other things, the new guidelines say that manufacturers “are encouraged make hard tradeoffs and investments, including those that will be ‘invisible’ to the customers, such as migrating to programming languages that eliminate widespread vulnerabilities.”

Read more of this story at Slashdot.

Colorado Approves First-Ever Agricultural Right to Repair Bill

Denver legislators have just passed the first-ever agricultural Right to Repair bill. Today’s landslide 44-16 vote in the House follows a successful vote in the Senate last month. iFixit reports: Once the Agricultural Right to Repair bill passes, manufacturers will be required to share all the parts, embedded software, firmware, tools, and documentation necessary for repair. One critical step remains: a signature by Governor Polis, who has signaled that he supports the legislation.

To support Right to Repair legislation near you, find your state on Repair.org — or, if you’re outside the US, look for your country’s advocacy network here. The summary of HB23-1011 reads: “Starting January 1, 2024, the bill requires a manufacturer to provide parts, embedded software, firmware, tools, or documentation, such as diagnostic, maintenance, or repair manuals, diagrams, or similar information (resources), to independent repair providers and owners of the manufacturer’s agricultural equipment to allow an independent repair provider or owner to conduct diagnostic, maintenance, or repair services on the owner’s agricultural equipment.

The bill folds agricultural equipment into the existing consumer right-to-repair statutes, which statutes provide the following:
– A manufacturer’s failure to comply with the requirement to provide resources is a deceptive trade practice;
– In complying with the requirement to provide resources, a manufacturer need not divulge any trade secrets to independent repair providers and owners; and
– Any new contractual provision or other arrangement that a manufacturer enters into that would remove or limit the manufacturer’s obligation to provide resources to independent repair providers and owners is void and unenforceable; and
– An independent repair provider or owner is not authorized to make modifications to agricultural equipment that permanently deactivate any safety notification system or bring the equipment out of compliance with safety or emissions laws or to engage in any conduct that would evade emissions, copyright, trademark, or patent laws.”

Read more of this story at Slashdot.

The Fed Had Already Spotted Big Problems at SVB Before Its Collapse

And starting in 2021 — long before the run on Silicon Valley Bank — the Federal Reserve had “repeatedly warned the bank that it had problems,” reports the New York Times:

In 2021, a Fed review of the growing bank found serious weaknesses in how it was handling key risks. Supervisors at the Federal Reserve Bank of San Francisco, which oversaw Silicon Valley Bank, issued six citations. Those warnings, known as “matters requiring attention” and “matters requiring immediate attention,” flagged that the firm was doing a bad job of ensuring that it would have enough easy-to-tap cash on hand in the event of trouble.
But the bank did not fix its vulnerabilities. By July 2022, Silicon Valley Bank was in a full supervisory review — getting a more careful look — and was ultimately rated deficient for governance and controls. It was placed under a set of restrictions that prevented it from growing through acquisitions. Last autumn, staff members from the San Francisco Fed met with senior leaders at the firm to talk about their ability to gain access to enough cash in a crisis and possible exposure to losses as interest rates rose.

It became clear to the Fed that the firm was using bad models to determine how its business would fare as the central bank raised rates: Its leaders were assuming that higher interest revenue would substantially help their financial situation as rates went up, but that was out of step with reality. y early 2023, Silicon Valley Bank was in what the Fed calls a “horizontal review,” an assessment meant to gauge the strength of risk management. That checkup identified additional deficiencies — but at that point, the bank’s days were numbered. In early March, it faced a run and failed within a matter of days….

The picture that is emerging is one of a bank whose leaders failed to plan for a realistic future and neglected looming financial and operational problems, even as they were raised by Fed supervisors. For instance, according to a person familiar with the matter, executives at the firm were told of cybersecurity problems both by internal employees and by the Fed — but ignored the concerns.
The Federal Reserve Bank system has 12 distircts, and the one overseeing California had a board of directors which included SVB’s CEO Greg Becker, the article points out. “While board members do not play a role in bank supervision, the optics of the situation are bad.”

Read more of this story at Slashdot.

Justice Department Investigating TerraUSD Stablecoin Collapse

The U.S. Justice Department is probing last year’s collapse of the TerraUSD stablecoin, raising the possibility of criminal charges being filed against the stablecoin’s creator, Do Kwon, according to the Wall Street Journal, citing sources familiar with the matter. CoinDesk reports: The FBI and the Southern District of New York have interviewed former employees of Terraform Labs, the company behind TerraUSD, and sought to interview others, according to the Journal. Manhattan federal prosecutors are also examining chat-group discussions among prominent trading firms Jump Trading Group, Jane Street Group and failed FTX affiliate Alameda Research involving a potential bailout of TerraUSD, according to a separate report from Bloomberg, citing a person familiar with the matter.

Such a bailout never took place, but the investigation is seeking to determine whether the firms were involved in possible market manipulation. TerraUSD and its sister token, Luna, both eventually collapsed, setting off a series of high-profile failures of prominent crypto firms, including hedge fund Three Arrows capital, Voyager Digital and FTX. The Department of Justice previously alleged that an unnamed crypto firm — believed to be Jump — had bailed out TerraUSD once before, in an indictment against FTX founder Sam Bankman-Fried. In February, the SEC filed a civil fraud lawsuit against Kwon and Terraform Labs, accusing them of misleading investors about TerraUSD’s risks.

Read more of this story at Slashdot.