Cyber Week in Review: September 15, 2023

FTC says X (formerly known as Twitter) violated 2022 consent decree 

In a court filing earlier this week, the Federal Trade Commission (FTC) argued that Elon Musk’s management decisions since his October 2022 acquisition of Twitter, now called X, have violated a May 2022 consent decree between Twitter and the FTC designed to protect users’ privacy. Notably, Twitter entered into the 2022 consent decree after agreeing to pay a $150 million fine for failure to comply with its 2011 FTC consent decree. The FTC cites a number of instances as lack of compliance, such as a shut down of one of the company’s data centers in December 2022, an executive assistant’s broad access to internal systems without a security review, and a lack of security and privacy enforcement in the launch of Twitter Blue. Key employees tasked with ensuring Twitter’s FTC compliance quit the company in November 2022, stating publicly that the company was failing to comply with the decree.  

Hackers shut down systems at MGM casinos 

A cyberattack shut down systems at venues run by MGM Resorts across the United States earlier this week. The attack shut down slot machines and ATMs in Las Vegas and rendered digital keycards inoperable. ALPHV, a ransomware gang, reportedly used social engineering to gain access to MGM’s networks and lock the systems. MGM said in a statement that it was working to determine the depth of the intrusion, and whether sensitive data had been compromised. The same group used a similar social engineering attack last week against an IT vendor for Caesar’s Entertainment and stole the company’s loyalty rewards program database, which includes members’ driver’s license information and Social Security numbers.  

Senators meet with tech executives, researchers, and civil society leaders in closed session to discuss AI  

Several executives from major artificial intelligence developers met with senators in Washington, D.C. as part of a closed door summit on regulating AI. The meeting was organized by Senate Majority Leader Chuck Schumer (D-NY) and participants brought a number of different viewpoints to the meeting. Some executives, such as Mark Zuckerberg, emphasized the importance of open source AI models, others called for a federal agency to regulate AI, and AFL-CIO President Liz Shuler said that workers need to have a strong role in AI decision-making. Several senators criticized the summit, with Elizabeth Warren calling for senators to “put something real on the table instead of everybody agree[ing] that we need safety and innovation.”  

U.S. appeals court invalidates part of disinformation injunction  

The Fifth Circuit Court of Appeals partially struck down a July ruling by a lower court that had limited contact between the executive branch and several social media companies. The Fifth Circuit ruling agreed with the previous ruling in that some government officials violated the First Amendment through their participation in content moderation decisions, however, it found the original injunction issued by the lower court was significantly overbroad. The court ruled all provisions of the original injunctions were invalid, except for provision six, which bars officials from “threatening, pressuring, or coercing social-media companies in any manner to remove, delete, suppress, or reduce posted content of postings containing protected free speech.” The court also ruled that provision six was overly broad, and limited the provision such that it only prevents government officials from compelling platforms to act. 

Freedom Online Coalition advisory board pushes back on Global Digital Compact

The non-governmental Advisory Network to the Freedom Online Coalition—a partnership of thirty eight countries committed to human rights online—published a series of concerns regarding the UN Global Digital Compact process and its implications for the future of internet governance. The Advisory Network raised several concerns, including a shift from a multistakeholder governance model to a multilateral process, the exclusion of the technical community from the standards-setting process, and a major focus on the implications of big-tech business models without consideration for not-for-profit models and the obligations of countries to protect human rights. Ahead of the UN General Assembly next week, the FOC called on member states to avoid duplicating existing UN processes and to ensure that existing multistakeholder mechanisms remain in place.