The Digital Services Act and the Digital Markets Act have just been presented in Brussels. These proposed policies aim to revise all the principles that apply to digital services within the 27 member states — from the publication of illegal content on social networks to the sale of products online.Big Tech companies will not be allowed, for example, to stop users from uninstalling preinstalled software or apps, nor will they be able to use data from business users to compete against them.To do so, the European Union governing body would allow fines of up to 10% of annual global revenue. Another part of the European plan is to make sure e-commerce platforms take more responsibility for their goods and services.European Commission Executive Vice President Margrethe Vestager said these new regulations are the right tools to bring “order to chaos” on the internet and to rein in the online “gatekeepers” that dominate the market.“The two proposals, they serve one purpose: to make sure that we, as users, customers, businesses, have access to a wide choice of safe products and services online, just as well as we do in the physical world,” Vestager said. “Whether from our streets or from our screens, we should be able to do our shopping in a safe manner. Whether we turn pages or we just scroll down, we should be able to choose and trust the news that we read. Of course, what is illegal offline is equally illegal online.”After the announcement, some companies criticized the move. A spokesperson for Google said the company was concerned that the measures “seem to specifically target a handful of companies.”Thierry Breton, European commissioner for internal market, denied those allegations.“We respect companies, but we say the bigger they are, the more obligations they may have to fulfill,” Breton said. “What is important to us is that everybody is welcome in Europe, but our responsibility is to decide and give directions and rules to protect what is important to us. These are not two acts where we would say that these companies are too big, and we propose a dismantle. Not here, not on this side of the ocean.”The coming new regulations announced in Brussels echoed the concerns over the world about the influence of big technology companies. In the United States, regulators have increased scrutiny on Google and Facebook, and antitrust cases are looming.  
…

On an earnings call two months ago, SolarWinds Chief Executive Kevin Thompson touted how far the company had gone during his 11 years at the helm. There was not a database or an IT deployment model out there to which his Austin, Texas-based company did not provide some level of monitoring or management, he told analysts on the October 27 call. “We don’t think anyone else in the market is really even close in terms of the breadth of coverage we have,” he said. “We manage everyone’s network gear.” Now that dominance has become a liability – an example of how the workhorse software that helps glue organizations together can turn toxic when it is subverted by sophisticated hackers. On Monday, SolarWinds confirmed that Orion – its flagship network management software – had served as the unwitting conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers. SolarWinds Corp. CEO Kevin Thompson celebrates his company’s IPO on the floor of the New York Stock Exchange (NYSE) in New York, Oct. 19, 2018.And while the number of affected organizations is thought to be much more modest, the hackers have already parlayed their access into consequential breaches at the U.S. Treasury and Department of Commerce. Three people familiar with the investigation have told Reuters that Russia is a top suspect, although others familiar with the inquiry have said it is still too early to tell. A SolarWinds representative, Ryan Toohey, said he would not be making executives available for comment. He did not provide on-the-record answers to questions sent via email. In a statement issued Sunday, the company said, “we strive to implement and maintain appropriate administrative, physical, and technical safeguards, security processes, procedures, and standards designed to protect our customers.” Cybersecurity experts are still struggling to understand the scope of the damage. Sending the malicious updates from March to June, when America was hunkering down to weather the first wave of coronavirus infections, was “perfect timing for a perfect storm,” said Kim Peretti, who co-chairs Atlanta-based law firm Alston & Bird’s cybersecurity preparedness and response team. Assessing the damage would be difficult, she said. “We may not know the true impact for many months, if not more – if not ever,” she said. US Cybersecurity and Infrastructure Security Agency logoThe impact on SolarWinds was more immediate. U.S. officials ordered anyone running Orion to immediately disconnect it. The company’s stock has tumbled more than 23% from $23.50 on Friday – before Reuters broke the news of the breach – to $18.06 on Tuesday. SolarWinds’ security, meanwhile, has come under new scrutiny. In one previously unreported issue, multiple criminals have offered to sell access to SolarWinds’ computers through underground forums, according to two researchers who separately had access to those forums. One of those offering claimed access over the Exploit forum in 2017 was known as “fxmsp” and is wanted by the FBI “for involvement in several high-profile incidents,” said Mark Arena, chief executive of cybercrime intelligence firm Intel471. Arena informed his company’s clients, which include U.S. law enforcement agencies. Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123.” “This could have been done by any attacker, easily,” Kumar said. Neither the password nor the stolen access is considered the most likely source of the current intrusion, researchers said. Others – including Kyle Hanslovan, the cofounder of Maryland-based cybersecurity company Huntress – noticed that, days after SolarWinds realized their software had been compromised, the malicious updates were still available for download. The firm has long mooted the idea of spin-off of its managed service provider business and on Dec. 9 announced that Thompson would be replaced by Sudhakar Ramakrishna, the former chief executive of Pulse Secure. Three weeks ago, SolarWinds posted a job ad seeking a new vice president for security; the position is still listed as open. Thompson and Ramakrishna could not be reached for comment. 
…

The U.S. government’s suit against Facebook for illegally stifling competition and limiting consumer choice will be watched worldwide, particularly by the social network’s more than two billion users. Tina Trinh reports. 
Produced by: Tina Trinh  
 
…

Lawmakers in Britain have proposed legislation that would fine social media companies if they do not quickly take action to remove illegal content like child pornography or terrorist materials. U.S. based Facebook and Twitter and China-owned TikTok could be fined up to 10% of turnover, according to Reuters. CNBC reported that Ofcom, a British media watchdog, would have the power to enforce the laws if they are enacted. Under the proposal, which will be introduced next year, social media companies must establish clear terms and conditions about content, CNBC reported. FILE – Britain’s Secretary of State for Digital, Culture, Media and Sport Oliver Dowden arrives for a Cabinet meeting, at Downing Street in London, Britain, July 21, 2020.”We are entering a new age of accountability for tech to protect children and vulnerable users, to restore trust in this industry and to enshrine in law safeguards for free speech,” Britain’s Digital Secretary Oliver Dowden said Tuesday. In addition to fines, some sites could be blocked from the British market if they fail to act. Dowden left open the possibility for criminal charges against companies that permit illegal content, according to Reuters. “These measures make this the toughest and most comprehensive online safety regime, and they will have a clear and immediate effect,” he told lawmakers.  But the proposals don’t stop at illegal content. According to Reuters, the proposed legislation would require companies to have clear policies against misinformation that could cause “harm,” such as information about COVID-19 vaccines. “We already have strict policies against harmful content on our platforms, but regulations are needed so that private companies aren’t making so many important decisions alone,” said Rebecca Stimson, Facebook’s head of Britain public policy. Other Big Tech companies echoed Facebook. Under the proposed laws, online journalism and user comments on news sites would be exempt to “safeguard freedom of expression,” Reuters reported. Britain’s move comes as the European Union was also set to unveil a slate of similar proposals on December 15.
…

Apple on Monday began adding labels that reveal what user data is gathered by games, chat or other software offered in the App Store for its popular mobile devices. The iPhone maker announced plans for such privacy labels when it first unveiled the new version of its iOS mobile operating system, which it released in September. “App Store product pages will feature summaries of developers’ self-reported privacy practices, displayed in a simple, easy-to-read format,” Apple said in a blog post when iOS 14 launched. “Starting early next year, all apps will be required to obtain user permission before tracking.” Apple began pushing out the labels Monday, with the rule applying to new apps for iPhones, iPads, Apple Watch, Apple TV and Mac computers. The labels will contain information provided by developers when they submit apps for approval to appear on the App Store’s virtual shelves, according to the Silicon Valley-based company. Apple last week began requiring developers to submit privacy information for use in labels. “Apple recently required that all apps distributed via their App Store display details designed to show people how their data may be used,” Facebook-owned smartphone messaging service WhatsApp said in a blog post explaining what data the app gathers. “We must collect some information to provide a reliable global communications service,” it said. The aim, according to Apple, is for users to be able to easily see and understand what apps do with their data, from lists of contacts to where they are. Data types added to labels will include tracking in order to target advertising or sharing with data brokers, as well as information that could reveal user identity. Apple and Android mobile operating systems provide tools for controlling the kinds of data apps can access once they are installed. 
 
…

After nearly an hour of widespread global outages of Google services, most users were again able to access their Gmail, Google Drive and YouTube accounts Monday morning.
 
“Update — We’re back up and running! You should be able to access YouTube again and enjoy videos as normal,” YouTube tweeted once service was restored.
 
Google, a subsidiary of Alphabet Inc., has not said what caused the outage.
 
Some users of Google Home Services, which can control lighting and other smart devices, reported outages, as well.
 
“I’m sitting here in the dark in my toddler’s room because the light is controlled by @Google Home. Rethinking … a lot right now,” tweeted one user.I’m sitting here in the dark in my toddler’s room because the light is controlled by @Google Home. Rethinking… a lot right now.— Joe Brown (@joemfbrown) December 14, 2020 
According to Bloomberg, Google search and advertisements were not affected by the down time.
 
While outages among Big Tech companies are not uncommon, this outage was notable because it impacted so many different Google products, Bloomberg reported. 
…

The head of the European Union’s medical agency confirmed Friday it had been the subject of a cyberattack for the past two weeks but said it will not impact its ongoing evaluation of COVID-19 vaccines.The cyberattack was originally announced Wednesday, with the agency providing few details. During an online meeting with the European Parliament, European Medicines Agency (EMA) executive director, Emer Cooke, said the agency had “launched a full investigation in close cooperation with the law enforcement officials and other relevant entities.”In a brief statement on its website, Pfizer partner BioNTech said it had been informed that some of the documents related to regulatory submission for its COVID-19 vaccine candidate, which has been stored on an EMA server, had been “unlawfully accessed.” The company said it did not believe any personal data of trial participants had been compromised.Cooke said Friday, “We can assure you that the timelines for the evaluation of the COVID-19 vaccines and treatments are not impacted. And the agency as you see today continues to be fully functional.”The Amsterdam–based agency is evaluating the Pfizer-BioNTech’s COVID-19 vaccine already approved by Britain and Canada, as well as the vaccine candidate from Moderna. The agency said it will make a decision on conditional approval at a meeting to be held by December 29, while a decision on Moderna’s version should follow by January 12.Cooke said based on the data for the two vaccines so far, “the safety and efficacy look very promising, and we have not seen the adverse events coming up that would be a concern.”Earlier this week, Cooke said the vaccine developed by Oxford University and AstraZeneca is also being considered but complete data for that vaccine has not yet been submitted. 
…

The head of the European Union’s medical agency confirmed Friday it had been the subject of a cyberattack for the past two weeks but said it will not impact its ongoing evaluation of COVID-19 vaccines.The cyberattack was originally announced Wednesday, with the agency providing few details. During an online meeting with the European Parliament, European Medicines Agency (EMA) executive director, Emer Cooke, said the agency had “launched a full investigation in close cooperation with the law enforcement officials and other relevant entities.”In a brief statement on its website, Pfizer partner BioNTech said it had been informed that some of the documents related to regulatory submission for its COVID-19 vaccine candidate, which has been stored on an EMA server, had been “unlawfully accessed.” The company said it did not believe any personal data of trial participants had been compromised.Cooke said Friday, “We can assure you that the timelines for the evaluation of the COVID-19 vaccines and treatments are not impacted. And the agency as you see today continues to be fully functional.”The Amsterdam–based agency is evaluating the Pfizer-BioNTech’s COVID-19 vaccine already approved by Britain and Canada, as well as the vaccine candidate from Moderna. The agency said it will make a decision on conditional approval at a meeting to be held by December 29, while a decision on Moderna’s version should follow by January 12.Cooke said based on the data for the two vaccines so far, “the safety and efficacy look very promising, and we have not seen the adverse events coming up that would be a concern.”Earlier this week, Cooke said the vaccine developed by Oxford University and AstraZeneca is also being considered but complete data for that vaccine has not yet been submitted. 
…

The U.S. added China’s biggest computer chipmaker SMIC to a blacklist of alleged Chinese military companies last week, a move that will further widen the gap between China’s chip technology and the rest of the world.Despite its status as the world’s factory, China has never figured out how to make advanced chips. In recent years, Beijing has been planning a series of sweeping government policies and pouring billions of dollars into the industry to fulfill its chip self-sufficiency goal.So far, under ever-tightening international export controls, however, the country has only found itself mired in some of the most embarrassing industrial failures in its recent history. Most notably, one of the nation’s most high-profile chipmakers was taken over by municipal authorities in its home city of Wuhan, and a Beijing-based chipmaker, the Tsinghua Unigroup, defaulted on a corporate bond.FILE – A Chinese microchip is seen through a microscope set up at the booth for the state-controlled Tsinghua Unigroup project which is driving China’s semiconductor ambitions during the 21st China Beijing International High-tech Expo in Beijing.In this highly internationally integrated industry, experts say, no country can manufacture chips on its own, and China’s efforts to develop its semiconductor sector remains out of reach.Highly globalized chainSemiconductor production is considered one of the most sophisticated manufacturing processes in the world, involving more than 50 disciplines. Billions of transistor structures must be built within a few millimeters.The core equipment used to manufacture computer chips includes lithography machines. A Dutch company called ASML is the only company in the world currently capable of producing high-end extreme ultraviolet lithography machines. Of its 17 core suppliers, though, more than half are from the United States, and the rest are companies located throughout Europe.The company is jointly owned by shareholders from dozens of countries. According to its official website, among the top three major shareholders, two are from the United States and one is from the United Kingdom. Capital Research and Management Co. is the largest shareholder, and the second largest is the BlackRock Group; both are in the U.S. Additionally, Taiwan’s TSMC and South Korea’s Samsung also hold shares in ASML, allowing these two manufacturers to enjoy the priority right to purchase the machine.   In Bid to Rely Less on US, China Firms Stockpile Taiwan Tech HardwareChina wants to become technologically self-reliant in 10 years but needs help for nowWhile ASML may dominate the chipmaking machine market, it is only one part of the long chain in the industry. The lens of its lithography machine is manufactured by Zeiss of Germany, the laser technology is owned by Cymer of the United States, and a French company provides key valves.Jan-Peter Kleinhans, a senior researcher at the Berlin think tank New Responsibility Foundation and director of the Technology and Geopolitics Project, said no country can make chips without foreign companies’ technology. He told VOA in a telephone interview that it took ASML more than two decades to develop their machines, and “they rely themselves on a network of around 5,000 suppliers to build this machine.”Kleinhans said that without the participation of any one of these companies, the entire global semiconductor chain would break.Kobe Goldberg, a researcher at the New American Security Research Center, told VOA that what China is trying to do is to build a totally nationalized supply chain in a highly internationalized industry. “That is much more difficult in an industry like semiconductors since it is so internationally integrated.”John Lee, a senior researcher at the Mercator Institute for China Studies, a think tank in Germany, said several Chinese firms already have the capacity to manufacture or fabricate some semiconductors. But they can easily face a crackdown by the U.S. government since American companies have a very strong dominance in the upstream segment of the supply chain, such as chip design.
 Huawei’s Survival at Stake as US Sanctions LoomStarting Sept. 15, China’s telecom giant Huawei will be cut off from essential supplies of semiconductors and without those chips, Huawei cannot make smartphones or 5G equipment on which its business depends, business analysts say”The dominance of U.S.-origin technology in upstream sectors of the global semiconductor supply chain means that Chinese ICT [information and communications technology] firms across the board are exposed to U.S. export controls, regardless of what happens to SMIC or Huawei as individual companies,” Lee added.Multilateral export controlThe multilateral export control implemented by democratic countries can be traced back to the informal multilateral regime called the Coordinating Committee for Multilateral Export Controls (CoCom).  Established in 1949, the 17-member organization, including the United States, the United Kingdom, Japan, France and Australia, attempted to coordinate controls over the export of strategic materials and technology to communist countries. In 1952, a separate group was established to scrutinize exports to China.US Imposes Curbs on Exports by China’s Top Chipmaker SMICNew Commerce Department requirements mean American suppliers of certain technology products to SMIC must apply for individual licenses before they can exportAlthough CoCom ceased to function on March 31, 1994, the list of prohibited items it formulated was later inherited by another multilateral export agreement, the Wassenaar Arrangement, which was signed in 1996. As many as 42 European, American and Asian countries joined the program, which allows member states to exercise control over their own technology exports, and China is again included in the list of targeted countries.Last December, the group reached an agreement to add chip manufacturing technology to the list of items subject to export controls.  While this revision does not explicitly target China, it points out that export restrictions are targeted at nonmember states, while China, along with Iran and North Korea, are not member states. Some Chinese observers called the jointly implemented move a “collective action” against China by countries that dominate the chip manufacturing supply chain.The Bureau of Industrial Security of the U.S. Commerce Department also announced in October of this year that six emerging technologies would be included in a new export control under the Wassenaar Agreement. All these technologies are directly related to chip manufacturing, including extreme ultraviolet lithography necessary for advanced chip manufacturing.Martijn Rasser, a senior researcher at the Center for New American Security’s Technology and National Security Project, told VOA the world’s liberal democracies have a huge advantage in their network of alliances and partnerships, adding: “It’s something that China just completely lacks, and that’s a big, a big headwind for them.”
…

Getting a COVID test can mean long lines and delayed results. Matt Dibble looks into recent breakthroughs that may have more of us performing a test at home.
Camera: Matt Dibble       Producer: Matt Dibble
…