Welcome back to Citizen Tech, InformationWeek’s monthly tech policy roundup column. This month we’re looking at:
- Ukraine’s war in the cyber domain
- US braces for energy crisis and cyber threats
- Trans-Atlantic data privacy
- More domestic chip manufacturing (maybe), and
- Crypto regulation
Ukraine war in the cyber domain
Let’s begin with the biggest news, the biggest and most devastating European war in three generations. The Ukrainian War is a high-tech affair. The panoply of modern war technology, from guided anti-tank rockets to attack drones, are only the beginning. This is also a cyber war, and its implications for tech and foreign policy are ominous.
The hacks are the most obvious example. They’re an old Russian specialty. In late February, for example, the US satellite communications firm Viasat saw major disruptions in domestic modem service to its European clients, thousands of whom live in Ukraine. Viasat attributed the “multifaceted and deliberate” attack to Russia. Around the same time, the New York Times reported that a data-wiping bug, called Foxblade, had appeared on Microsoft servers in Ukraine. Microsoft wasn’t the primary target; The malware was meant to delete data irretrievably from Ukrainian government and financial institutions. Microsoft only found itself in the crossfire. They managed to code a defense before Foxblade could inflict any significant damage; Anne Neuberger, President Biden’s deputy national security adviser, requested that Microsoft share the new defensive code with the governments of Ukraine and the Baltic republics.
“We are a company and not a government or a country,” complained Brad Smith, Microsoft’s president, in a blog post. That’s true, but it’s misleading: governments all over the world, certainly on both sides of this conflict, are aware that tech giants like Microsoft are quasi-states, shaping policy from afar and actively participating in this war, as combatants or as collateral.
This is an irregular war. It is, in part, a crowdsourced war, relying on volunteers, civilian web users, and mercenaries. The Ukrainian Ministry of Digital Transformation announced that an IT army would be established in March, setting up a free Telegram channel for digital volunteers. Some 300,000 people subscribed. As Euractiv grimly notes, it’s not exactly a productive strategy: Russian intelligence is likely using this open forum as a kind of white hat hacking course. But it’s the first time a war has been officially opened up in the home offices and smart phones of civilians worldwide. Defense policy, in America and elsewhere, is still catching up.
Tech policy has a ways to go as well. As Western companies abandon Russia, including major tech firms like Apple, Russia is retreating more and more into a kind of “splinternet,” overlapping with but largely separate from the worldwide web. “Russia’s Internet ecosystem is badly embedded into the global one,” says Alena Epifanova, a research fellow at the German Council on Foreign Relations (via Ars Technica). Any further separation of digital spheres of influence will be a nightmare for trade regulators and security professionals alike. Congress, at the moment, hasn’t addressed this problem in full.
US braces for cyberthreats, energy crisis
The Biden administration, chastened by the Colonial and SolarWinds hacks, has kept American companies apprised of the latest cyber risks, according to Anne Neuberger. Speaking at the White House on March 21, she refused to go into details about specific vulnerabilities, but urged common sense: “There’s a range of activity that malicious cyber actors use, whether they’re nation-state or criminals…Lock your digital doors. Make it harder for attackers. Make them do more work.”
The Ukraine War has forced countries all over the world to reexamine their dependence on Russian oil, petroleum, and liquid natural gas. Biden has taken an aggressive stance on this. On March 8 he signed an executive order banning all three, citing strong bipartisan support in Congress and from European allies. The ban covers investment and financing of Russia’s energy sector as well.
To counteract high costs, Biden has ordered the sale of some 90 million barrels of emergency reserve oil, and negotiated a further 60 million barrels from International Energy Agency (IEA) members states.
The end of the executive order contains some vague language about “reducing our dependence on fossil fuels,” but it seems mostly like a bone tossed to the dogs of the Democratic Party: there is no real talk about replacing Russian energy imports with sustainable energy. This reluctance is depressingly like Germany’s, where the Scholz government announced that no existing German nuclear facility would be renovated to prolong its life — that, effectively, they’re going to let nuclear energy die a natural death. Nord Stream 1, the oil pipeline from Russia, continues to run at 100 percent capacity.
Trans-Atlantic Data Privacy
On March 25, the White House and the European Commission announced a new framework for data privacy for commercial interactions between the States and the bloc. Expect the new privacy regulations, particularly for European users, to be more stringent, and potentially an additional headache for online merchants who chafed at GDPR. The framework will level the playing field in favor of European companies over American peers (although a few big Euro firms, like Booking.com, will likely by annoyed as well). The framework offers an international court of redress as well for complaints.
This is as much a diplomatic agreement as a trade pact. The White House briefing stresses “shared democratic values” as a major motivator, highlighting the importance, and weakness, of the EU in the face of its eastern competitors. It will have major antitrust implications as well, as POLITICO points out Big Tech firms, and states like California that host them, resent this perceived incursion on their territory; the merry liberals of the von der Leyen Commission, on the other hand, are happy to take them down a peg.
More domestic chips… eventually
One of the biggest ongoing stories in tech right now concerns the production of semiconductor chips: we need far more than we have. At the moment, 90 percent of chips come from Taiwan. Other countries are waking up to the need for domestic production, and the difficulties in establishing such an industry.
Both Houses of Congress discussed chips this month. Sen. Maria Cantwell (D-Wa) went as far as calling the need for domestic chips “as important as food security.” Noting that the 2021 United States Innovation and Competition Act (USICA) passed the Senate but continues to languish, Cantwell said that the US will need some 2 trillion new chips per year by 2031, which will require a massive investment in R&D.
Looming over Congressional semiconductor talk is the auto industry, already on the rocks from the COVID supply chain crisis and decades of decline. Electric cars will need chips, and lots of them. Sen. Gary Peters (D-MI) went to Detroit this month to support the CHIPS Act, saying, “This is not some abstract policy issue … Cars will become even more dependent on chips.”
Encouraged by these stirrings in Congress and by the European Commission’s European Chips Act, Intel is now opening or expanding semiconductor factories and R&D facilities in a number of European countries, an investment of 33 billion euros. The countries include Ireland, Italy, Poland, and Spain, according to Euractiv. This is a major victory for the von der Leyen Commission, which has been angling for this kind of big international investment for some time. Intel told press it can create about 3,000 jobs. Intel is trying to negotiate some public funding from the governments of Germany and Italy; These funds would theoretically fall under the EU’s General Block Exemption Regulation, and thus safe from antitrust hawks on the European Commission. This could well be a major first step in a much-needed wave of chip production.
Who will domesticate crypto?
Governments from India to the UK have spent the last few years in a tense stalemate with the cryptocurrency market, but the US is taking another stab at regulation. On March 9, President Biden issued an executive order “Ensuring Responsible Development of Digital Assets,” directing financial regulators to keep pace with an “explosive growth” in crypto and digital ledger tools. Worryingly for crypto enthusiasts, and to the relief of the skeptics, the order contemplates the creation of a kind of digital dollar, which would capture and tame the various Bitcoins and Dogecoins.
As the New York Times points out Biden has been circling this issue patiently for a year, including crypto-scrutinizing measures in his major infrastructure bill. So far he’s barked more than bitten, but barking is better than nothing. A cast of unlikely supporters has applauded him in this, including Republicans like Sen. Patrick Toomey (PA) and even, begrudgingly, the Blockchain Association, a trade group; the Association sees the new regulation as Biden’s acknowledgment of crypto’s importance. The potential to abuse crypto is massive, from money laundering to human trafficking; but expect increased resistance as the crypto lobby gets comfortable in Washington.