Cyber Week in Review: April 12, 2024

Lawmakers introduce the American Privacy Rights Act (APRA) 

Senator Maria Cantwell (D-WA) and Representative Cathy McMorris Rodgers (R-WA) released a draft national privacy standard on Sunday. The American Privacy Rights Act (APRA) would reduce the amount of data companies can collect about Americans; create a national registry of data brokers and allow individuals to request that their data be deleted; allow individuals to opt out of targeted advertising; give the Federal Trade Commission greater regulatory authority over privacy; and allow state attorneys general and individuals to file civil lawsuits against companies that violate their privacy rights. The APRA would carve out several exemptions, including for businesses that meet three criteria: less than $40 million in revenue, do not transfer data to a third party in exchange for revenue, and have fewer than 200,000 users; governments, and entities contracting with the government will also be exempt. The law gives the Federal Trade Commission (FTC) authority to oversee any potential misuse of consumer data collection, and authorizes the FTC to create a new bureau focused on monitoring privacy issues and issuing fines for privacy violations. The APRA would preempt a number of state privacy laws, such as California's Consumer Privacy Act (CCPA), while allowing states to set higher standards in areas around data security breaches, civil rights laws, and bank secrecy laws, among others. The APRA is closely modeled on the American Data Privacy and Protection Act (ADPPA) of 2022, which passed the House Energy and Commerce Committees in 2023 by a vote of 53-2. However, the ADPPA never advanced past the Senate Commerce Committee, which Senator Cantwell chairs, in part due to Cantwell’s belief that the ADDPA’s preemption of state laws and weak enforcement mechanisms would set an unacceptable privacy ceiling in the United States. The APRA, in contrast, appears to have a path forward, with Cantwell and McMorris Rodgers chairing the Senate and House commerce committees, respectively, both of which would be the first to vote on the bill. 

FCC will vote on reinstating net neutrality rules 

The U.S. Federal Communications Commission (FCC) announced it would vote to reinstate a national standard for net neutrality previously established under the Obama-Biden administration in 2015. The standard was repealed in 2017 by then-FCC chair Ajit Pai, who argued that net neutrality rules were unnecessary and blocked innovation. The new proposal would reclassify internet service providers (ISPs) from “information services” to “common carriers,” giving the FCC oversight of broadband services under Title II authority—which aims to guarantee fair pricing and non-discriminatory practices. The FCC hopes the proposal would provide federal oversight of broadband outages, boost the security of broadband networks, increase consumer protections, and restore a widely accepted national standard of broadband oversight. Restoring net neutrality has long been on the Biden administration agenda; President Biden signed a July 2021 executive order encouraging the FCC to reinstate the net neutrality rules previously established under the Obama administration. FCC Chairwoman Rosenworcel stated, "A return to the FCC’s overwhelmingly popular and court-approved standard of net neutrality will allow the agency to serve once again as a strong consumer advocate of an open internet.” The Commission will vote on the proposal on April 25 at its Open Meeting.  

Biden administration awards TSMC $6.6 billion to build semiconductor fab in Arizona 

The U.S. Department of Commerce announced that the Biden administration had signed a nonbinding agreement for a $6.6 billion dollar grant with the Taiwan Semiconductor Manufacturing Company (TSMC). The funding comes from the 2023 CHIPS and Science Act, which allocated $50 billion to encourage American semiconductor manufacturing, making Commerce’s award to TSMC the largest foreign direct investment of a new project in the United States thus far. TSMC, which produces over 90 percent of logic chips, will use the grant to help build an advanced chip fab in Phoenix, Arizona. The fab will produce two-nanometer chips, currently the most advanced chip any company can produce, and which are used in smartphones, autonomous vehicles, and AI data center servers, by 2028. U.S. Secretary of Commerce Gina Raimundo stated that the two nanometer chips are “necessary components for the technologies that we need to underpin our economy” and that for the first time in history, the United States would produce “the most advanced semiconductor chips on the planet.”  

Report outlines Israeli military’s use of AI to choose airstrike targets  

Two Israeli investigative groups, +972 magazine and Local Call, released an investigative report late last week claiming that the Israeli military uses artificial intelligence system—known as Lavender and “Where's Daddy”—to coordinate its airstrikes in Gaza, and that the Israeli Defense Forces’ (IDF) reliance on the system has increased the number of civilian casualties. The report focuses on six anonymous Israeli intelligence officers who have served in the army since the October 7 Hamas attacks. Lavender is designed to mark Hamas fighters as airstrike targets; however, sources said that Lavender was only accurate in identifying Hamas operatives in 90 percent of test cases, and that it can mistakenly flag civil defense workers and people with a name or nickname identical to a suspected Hamas operative as hostile. In some cases, Israeli officers only had to ensure the target was male before authorizing Lavender's target. The IDF has also used several pieces of AI-enabled tracking software, including a system known as “Where's Daddy?”, which alerts IDF officers when a Hamas operative arrives at a given location (in many cases their home), and allows the officers to order an airstrike. The report also states that the IDF has significantly increased its tolerance for civilian casualties, with sources claiming either fifteen or twenty civilian casualties were acceptable to kill a junior Hamas operative; as well claiming that before October 7, the IDF would not accept any possible civilian casualties when it targeted a junior operative.  

Biden administration may ban Kaspersky products in United States 

The Biden administration is reportedly finalizing an order that would ban the products of Russian cybersecurity firm Kaspersky from U.S. networks, according to a report in CNN. Kaspersky has faced scrutiny because of its origins in Russia, where its founder, Eugene Kaspersky, attended a KGB-sponsored technical college, and some experts have accused it of doing secret work for the Russian government; Kaspersky products are already prohibited on U.S. government networks, but the new order from the Department of Commerce would prohibit transactions between U.S. firms and Kaspersky, effectively banning its products from the United States. The U.S. government has previously warned companies about the potential for the Russian government to pressure Kaspersky, which is headquartered in Russia, to turn over sensitive data. Many of the government’s concerns with the company have centered around the use of Kaspersky products in privately-run critical infrastructure systems, which could be used to plant backdoors and other malicious code. The Biden administration has previously weighed a broad ban against Kaspersky products; the latest reporting indicates that process is nearly finalized. 

Cecilia Marrinan is the intern for the Digital and Cyberspace Policy Program.