Cyber Week in Review: May 18, 2018

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. What a time to be alive! President Trump flummoxed Washington by tweeting Sunday morning that he had instructed the Department of Commerce to find “a way to get [ZTE] get back into business, fast. Too many jobs in China lost.” Last week, ZTE had announced that it was ceasing operations due to a U.S. ban on sourcing components from U.S. companies as a result of its violating sanctions against doing business with Iran. President Trump later clarified that providing a lifeline to ZTE would be part of a larger trade deal in an effort to extract concessions from Beijing. The tweets caused confusion, to put it mildly. Top law enforcement and intelligence officials have called ZTE a national security threat, and giving the company a lifeline by turning a blind eye to its sanctions violations would set a bad precedent. On Thursday, a House committee unanimously adopted an amendment to an appropriations bill, which if adopted into law would prevent the Trump administration of rolling back sanctions against ZTE. How will the ZTE saga end? Will Trump let ZTE off the hook? Will the Chinese refuse to negotiate on trade if he does not? One person doesn’t seem worried: Trump. "Be cool, it will all work out!” Trump tweeted on Sunday.

2. They did it. They actually did it. The White House announced that it was eliminating the cyber coordinator role at the National Security Council (NSC). Politico first reported last week that new National Security Advisor John Bolton was considering eliminating the position. The cyber portfolio at the NSC will now consist of two senior directors, both of whom will report to Mira Ricardel, the deputy national security advisor: Grant Schneider who covers domestic cyber issues and Joshua Steinman who covers the international portfolio. Some in Congress were not impressed, with at least one congressman introducing legislation to re-establish the position and a top Senate Democrat criticizing the decision in a tweetstorm. The elimination of the cyber coordinator role also came the same week in which the Department of Homeland Security released its cybersecurity strategy. In a eulogy, Jason Healey provides a history of the cyber coordinator role and predicts that it will return in a future administration.

3. Sell laptops, but don’t sell out China. Lenovo is facing a public backlash in China after it came to light that the company voted against a 5G standard proposed by Huawei at a 2016 standard-setting meeting. While the minutia of standard-setting meetings like those held by the 3rd Generation Partnership Project (3GPP) is far from riveting, China is increasingly intent on shaping technical standards for emerging technologies like 5G, and techno-nationalists have turned Chinese influence over the standard-setting process into a point of national pride. Hence, news that Lenovo sided with U.S. firms against Huawei did not bode well for the company. Lenovo’s CEO Liu Chuanzhi responded to accusations that Lenovo ‘sold out China’ by pointing out that Lenovo ultimately voted in favor of the Huawei standard at the final meeting. Liu also brandished his credentials as a patriot, unleashing a corporate-Communist battle cry that left no doubt about where Lenovo’s loyalties lie.

4. Every move you make, every step you take, I'll be watching you. Two companies that provide clients with access to the location of any cellphone in the United States suffered embarrassing security incidents this week, only a week after their services were widely publicized in the New York Times. On May 10, the Times reported that a company called Securus Technologies sells a service that allows law enforcement to track the location of any cellphone in the United States with little judicial oversight. This week, Motherboard reported that hackers had broken into Securus' network, obtaining login credentials, customer lists, and promotional materials. A few days later, cybersecurity reporter Brian Krebs reported that LocationSmart, an intermediary that provides location data to Securus, had a flaw in a demo tool it offers on its website that allowed anyone to access the location data of any cellphone in the United States within a few hundred feet. Beyond the companies' security missteps, the incident has raised a number of privacy concerns, namely whether AT&T, Sprint, Verizon, and T-Mobile have obtained customer consent before providing location data to third parties, and how the third parties handle the data.