FTC votes to fight back against right to repair restrictions

The US Federal Trade Commission has voted unanimously to tackle unlawful repair restrictions. In a policy statement published on Wednesday, the agency said it plans to devote additional resources to enforcing existing laws, such as the Magnuson-Moss Warranty Act, that protect small businesses and consumers from companies that would prevent them from fixing on their own products they purchased. In doing so, the FTC will take a five-part approach to the problem that will involve it collecting comments and complaints from the public, as well as working more closely with state law enforcement and policymakers to update existing regulations.     

"These types of restrictions can significantly raise costs for consumers, stifle innovation, close off business opportunity for independent repair shops, create unnecessary electronic waste, delay timely repairs, and undermine resiliency," recently confirmed FTC Chair Lina Khan said. "The FTC has a range of tools it can use to root out unlawful repair restrictions, and today’s policy statement would commit us to move forward on this issue with new vigor." 

The policy statement follows a July 9th executive order in which President Biden directed the FTC to tackle "unfair anti-competitive restrictions on third-party repair or self-repair of items" imposed by "powerful manufacturers" in the farming and technology industries. With Wednesday's announcement, the FTC didn't name any specific companies it will target as part of any enforcement action. However, a company like Apple is likely to be top of mind for the agency. The tech giant has consistently lobbied against state-level right to repair legislation, claiming those laws would put consumers at risk.        

Right to repair advocates were quick to praise the announcement. "The FTC sets the tone for the nation’s commerce. For too long, manufacturers have been bullying consumers and driving local repair shops out of business," iFixit CEO Kyle Wiens said in a blog post the company published following the policy announcement. "This landmark new policy changes that. There’s a new sheriff in town."

White House blames China for Microsoft Exchange cyberattacks

The Biden administration isn't hesitating to blame China for a string of Microsoft Exchange cyberattacks. The White House has declared "with a high degree of confidence" that hackers linked to China's Ministry of State Security (MSS) were responsible for a digital espionage campaign using the Exchange vulnerabilities. Officials have confronted senior Chinese leadership with this and "broader" hostile online activity, the White House said.

The US further accused China of running an intelligence operation that relied on "contract hackers" who frequently launched attacks meant solely for profit, such as ransomware schemes and crypto jacking. The Chinese government's reported unwillingness to tackle these abuses is believed to hurt businesses, governments and infrastructure with "billions of dollars" in damage, the White House said.

Accordingly, the Justice Department has revealed indictments of four MSS-affiliated Chinese men for allegedly conducting an extended hacking campaign meant to steal intellectual property and trade secrets, including health research. The initiative, which ran between 2011 and 2018, reportedly saw Ding Xiaoyang, Cheng Qingmin, Zhu Yunmin and Wu Shurong compromise comptuers worldwide to grab information ranging from autonomous vehicle technology and chemical formulas through to research on Ebola, AIDS and other diseases.

Biden's administration has already taken multiple actions in response to attacks, including "proactive network defense actions" like deleting backdoors on compromised Exchange servers. It added private companies to its Unified Coordination Group to bolster its security incident response. CISA, the FBI and the NSA also released an advisory outlining China's strategy for compromising US and ally networks using the Exchange holes and other methods.

This comes on top of stricter security rules for pipeline companies as well as a pilot to tackle vulnerabilities in sectors like electricity and water supply.

China has historically denied involvement in attacks like these, and it's doubtful the country will have a change of heart after this. The White House effort is more of a warning — the US will not only pin attacks on China, but respond to them in kind.

White House blames China for Microsoft Exchange cyberattacks

The Biden administration isn't hesitating to blame China for a string of Microsoft Exchange cyberattacks. The White House has declared "with a high degree of confidence" that hackers linked to China's Ministry of State Security (MSS) were responsible for a digital espionage campaign using the Exchange vulnerabilities. Officials have confronted senior Chinese leadership with this and "broader" hostile online activity, the White House said.

The US further accused China of running an intelligence operation that relied on "contract hackers" who frequently launched attacks meant solely for profit, such as ransomware schemes and crypto jacking. The Chinese government's reported unwillingness to tackle these abuses is believed to hurt businesses, governments and infrastructure with "billions of dollars" in damage, the White House said.

Accordingly, the Justice Department has revealed indictments of four MSS-affiliated Chinese men for allegedly conducting an extended hacking campaign meant to steal intellectual property and trade secrets, including health research. The initiative, which ran between 2011 and 2018, reportedly saw Ding Xiaoyang, Cheng Qingmin, Zhu Yunmin and Wu Shurong compromise comptuers worldwide to grab information ranging from autonomous vehicle technology and chemical formulas through to research on Ebola, AIDS and other diseases.

Biden's administration has already taken multiple actions in response to attacks, including "proactive network defense actions" like deleting backdoors on compromised Exchange servers. It added private companies to its Unified Coordination Group to bolster its security incident response. CISA, the FBI and the NSA also released an advisory outlining China's strategy for compromising US and ally networks using the Exchange holes and other methods.

This comes on top of stricter security rules for pipeline companies as well as a pilot to tackle vulnerabilities in sectors like electricity and water supply.

China has historically denied involvement in attacks like these, and it's doubtful the country will have a change of heart after this. The White House effort is more of a warning — the US will not only pin attacks on China, but respond to them in kind.

California’s upcoming open fiber network could make fast broadband more accessible

California might soon make it practical for small internet providers to deliver speedy broadband, not just well-heeled incumbents. Ars Technicareports that the state Assembly and Senate have unanimously passed legislation that will create a statewide open fiber network that promises truly fast internet access from smaller ISPs, particularly in rural or otherwise underserved areas.

The strategy will devote $3.25 billion to the construction of a "middle-mile" network that won't directly connect customers, but should make it much easier for ISPs to launch or upgrade their service. Another $2 billion will help those providers establish last-mile connections to users.

Governor Newsom has yet to sign the legislation into law, but that's considered a formality when he made agreements on details with legislators.

The network met resistance from larger ISPs that lobbied to block the reach of the open fiber network. It might have a significant impact on internet access in the state, however. While state and federal governments have pushed for improved rural broadband coverage for years, the focus has usually been on merely offering service rather than upgrading quality. This could bring truly competitive speeds to underserved areas and ensure they can access the same services as people subscribed to major broadband companies.

Virginia will use a $700 million grant to roll out statewide broadband

Virginia will use $700 million in American Rescue Plan funding to expedite broadband buildouts in underserved communities throughout the state, Governor Ralph Northam announced on Friday. With the investment, Virginia says it’s on track to become one of the first states in the US to achieve universal broadband access.

An estimated 233,500 homes and businesses throughout the Commonwealth fall under what the Federal Communications Commission would consider an underserved location. They don’t have an internet connection that can achieve download speeds of 25Mbps down. The state estimates the additional funding will allow it to connect those places to faster internet by the end of 2024, instead of 2028, as previously planned. What’s more, the “majority” of those connections will be completed within the next 18 months.

“It’s time to close the digital divide in our Commonwealth and treat internet service like the 21st-century necessity that it is — not just a luxury for some, but an essential utility for all,” Governor Northam said.

Across nine provisions, President Biden’s $1.9 trillion American Rescue Plan provides approximately $388 billion in funding for state and local governments to address the digital divide in their communities. Virginia is only one of the states across the country that plans to use that money to build faster internet infrastructure. In May, California Governor Gavin Newsom proposed a $7 billion investment in public broadband.

Iranian hackers used Facebook to target US military personnel

On Thursday, Facebook disclosed that a network of hackers with ties to Iran tried to use its platform to target US military personnel. At the center of the campaign was a group known as Tortiseshell. Facebook says the collective went after individuals and companies in the defense and aerospace industries. Its primary targets were in the US, but they also sought out people in the UK and parts of Europe.

“This activity had the hallmarks of a well-resourced and persistent operation, while relying on relatively strong operational security measures to hide who’s behind it,” Facebook said. "Our platform was one of the elements of the much broader cross-platform cyber-espionage operation, and its activity on Facebook manifested primarily in social engineering and driving people off-platform (e.g., email, messaging and collaboration services and websites), rather than directly sharing of the malware itself."

What went down appears to be unprecedented for Tortoiseshell. In the past, the group has primarily targeted IT companies throughout the Middle East. The methods it employed were similar to those that China’s Evil Eye used to target the Uyghur community earlier in the year.

Facebook says the group created “sophisticated online personas” to contact its targets and build trust with them before trying to convince them to click on malicious links. They had accounts across multiple social media platforms to make their ruse appear more credible. The group built fake recruiting websites and even went so far as to spoof a legitimate US Department of Labor job search tool. Facebook believes at least some of the malware the group deployed was developed by Mahak Rayan Afraz, a company with ties to the Islamic Revolutionary Guard Corps.

Iran has been accused of a variety of malicious online activities over the past year. Most notably, Microsoft said last September it was one of the countries that tried to meddle in the 2020 US presidential election.

Cuba blocks access to Facebook and Telegram in response to protests

As protests continue in Cuba over the country’s handling of the coronavirus pandemic and the surrounding economic fallout, the Cuban government has moved to restrict access to social media and messaging platforms. According to NetBlocks, an organization that tracks internet access, Facebook, Instagram, WhatsApp and Telegram have all been at least partially blocked on the Caribbean island since Monday. 

As of Tuesday afternoon, it appears the restrictions are still in place, with Reuters reporting that people in Havana don’t have access to mobile data at the moment. We’ve reached out to Facebook and Telegram for confirmation on the outages, and we’ll update this article when we hear back from the companies.

Mobile internet access is relatively new to Cuba. It was only in late 2018 that the country’s socialist government started rolling service out across the island. At the time, President Miguel Diaz-Canel, the politician protestors are demanding resign, said greater internet access would help Cubans “defend their revolution.” However, Cuba's approach to dissent is not new. We’ve seen governments in countries like Myanmar and Iran use similar strategies when they faced protests in the past.

Senate appoints former NSA official as head of US cybersecurity agency

A former NSA and White House official has been appointed to lead the Cybersecurity and Infrastructure Security Agency (CISA) at a time when ransomware and other kinds of cyberattacks are on the rise. The Senate has named Jen Easterly as the second person to head up the DHS agency, according to Politico. CISA provides cybersecurity tools and incident response services to government networks, and it also offers security advice to infrastructure operators and businesses. 

Politico previously reported that CISA has been struggling to handle one cybercrisis after another and that the agency is understaffed and overworked. It had to face multiple intrusions in the middle of the pandemic as bad actors attacked the healthcare industry with ransomware, forcing them to pay up to prevent delays that could cost lives. CISA also had to respond to the massive SolarWinds hack that the government is blaming on Russia, as well as the ransomware attacks on Colonial Pipeline, software giant Kaseya and meat supplier JBS

Easterly doesn't only have to lead response efforts to ongoing cyberattacks, it now also falls upon her shoulders to make sure CISA gains the ability to counter new threats as they come up. Before being named as the new CISA head, Easterly spent years as the number 2 official in the NSA's counterterrorism division and was also the National Security Council's senior director for counterterrorism under former President Barack Obama.

Judge dismisses Amazon’s legal challenge to JEDI after contract cancelation

After nearly two years, Amazon’s highly public legal feud with the US government over the Pentagon’s decision to award Microsoft a $10 billion cloud contract in 2019 is over. According to Reuters, a federal judge dismissed the challenge on Friday with no objection from the company. The dismissal follows Tuesday’s announcement that the Department of Defense had canceled JEDI, the program at the center of the legal battle, to pursue a new multi-vendor project that would see both Amazon and Microsoft awarded contracts.

"We understand and agree with the DoD’s decision,” an Amazon spokesperson told Engadget after the announcement. “Unfortunately, the contract award was not based on the merits of the proposals and instead was the result of outside influence that has no place in government procurement."

When Amazon first challenged the Defense Department’s handling of JEDI, it alleged the Pentagon had shown "unmistakable bias" in the evaluation process. The company accused former President Donald Trump of improperly pressuring the agency to award the contract to Microsoft due to his dislike of Jeff Bezos and The Washington Post. In 2020, The Pentagon’s inspector general released a report that said it had found no evidence that the Trump administration had interfered with the procurement process but noted at the same time that several White House officials had not cooperated with the probe.

Judge dismisses Amazon’s legal challenge to JEDI after contract cancelation

After nearly two years, Amazon’s highly public legal feud with the US government over the Pentagon’s decision to award Microsoft a $10 billion cloud contract in 2019 is over. According to Reuters, a federal judge dismissed the challenge on Friday with no objection from the company. The dismissal follows Tuesday’s announcement that the Department of Defense had canceled JEDI, the program at the center of the legal battle, to pursue a new multi-vendor project that would see both Amazon and Microsoft awarded contracts.

"We understand and agree with the DoD’s decision,” an Amazon spokesperson told Engadget after the announcement. “Unfortunately, the contract award was not based on the merits of the proposals and instead was the result of outside influence that has no place in government procurement."

When Amazon first challenged the Defense Department’s handling of JEDI, it alleged the Pentagon had shown "unmistakable bias" in the evaluation process. The company accused former President Donald Trump of improperly pressuring the agency to award the contract to Microsoft due to his dislike of Jeff Bezos and The Washington Post. In 2020, The Pentagon’s inspector general released a report that said it had found no evidence that the Trump administration had interfered with the procurement process but noted at the same time that several White House officials had not cooperated with the probe.