Cross Border Data Flows: Could Foreign Protectionism Hurt U.S. Jobs?: Hearing Before the Subcomm. On Commerce, Mfg. & Trade of the H. Comm. on Energy & Commerce, 113th Cong., Sept. 17, 2014 (Statement of Laura K. Donohue)

Documents released over the past year detailing the National Security Agency’s telephony metadata collection program and interception of international content under the Foreign Intelligence Surveillance Act (FISA) directly implicated U.S. high technology companies in government surveillance. The result was an immediate, and detrimental, impact on U.S. firms, the economy, and U.S. national security. The first Snowden documents, printed June 5, 2013, revealed that the U.S. government had served orders on Verizon, directing the company to turn over telephony metadata under Section 215 of the USA PATRIOT Act. The following day, The Guardian published classified slides detailing how the NSA had intercepted international content under Section 702 of the FISA Amendments Act. The type of information obtained ranged from E-mail, video and voice chat, videos, photos, and stored data, to Voice over Internet Protocol, file transfers, video conferencing, notifications of target activity, and online social networking details. The companies involved read like a who’s who of U.S. Internet giants: Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL, and Apple. More articles highlighting the extent to which the NSA had become embedded in the U.S. high tech industry followed. In September 2013 ProPublica and the New York Times revealed that the NSA had enjoyed considerable success in cracking commonly-used cryptography. The following month the Washington Post reported that the NSA, without the consent of the companies involved, had obtained millions of customers’ address book data: in one day alone, some 444,743 email addresses from Yahoo, 105,068 from Hotmail, 82,857 from Facebook, 33,697 from Gmail, and 22,881 from other providers. The extent of upstream collection stunned the public – as did slides demonstrating how the NSA had bypassed the companies’ encryption, intercepting data as it transferred between the public Internet and the Google cloud. Further documents suggested that the NSA had helped to promote encryption standards for which it already held the key or whose vulnerabilities the NSA understood but not taken steps to address. Beyond this, press reports indicated that the NSA had at times posed as U.S. companies—without their knowledge—in order to gain access to foreign targets. In November 2013 Der Spiegel reported that the NSA and the United Kingdom’s Government Communications Headquarters (GCHQ) had created bogus versions of Slashdot and LinkedIn, so that when employees from the telecommunications firm Belgacom tried to access the sites from corporate computers, their requests were diverted to the replica sites that then injected malware into their machines. As a result of growing public awareness of these programs, U.S. companies have lost revenues, even as non-U.S. firms have benefited. In addition, numerous countries, concerned about consumer privacy as well as the penetration of U.S. surveillance efforts in the political sphere, have accelerated localization initiatives, begun restricting U.S. companies’ access to local markets, and introduced new privacy protections—with implications for the future of Internet governance and U.S. economic growth. These effects raise attendant concerns about U.S. national security. Congress has an opportunity to redress the current situation in at least three ways. First, and most importantly, reform of the Foreign Intelligence Surveillance Act would provide for greater restrictions on NSA surveillance. Second, new domestic legislation could extend better protections to consumer privacy. These shifts would allow U.S. industry legitimately to claim a change in circumstance, which would help them to gain competitive ground. Third, the integration of economic concerns at a programmatic level within the national security infrastructure would help to ensure that economic matters remain central to national security determinations in the future

Security for Cloud Environment through Information Flow Properties Formalization with a First-Order Temporal Logic

The main slowdown of Cloud activity comes from the lack of reliable security. The on-demand security concept aims at delivering and enforcing the client's security requirements. In this paper, we present an approach, Information Flow Past Linear Time Logic (IF-PLTL), to specify how a system can support a large range of security properties. We present in this paper how to control those information flows from lower system events. We give complete details over IF-PLTL syntax and semantics. Furthermore, that logic enables to formalize a large set of security policies. Our approach is exemplified with the Chinese Wall commercial-related policy. Finally, we discuss the extension of IF-PLTL with dynamic relabeling to encompass more realistic situations through the dynamic domains isolation policy.La principale cause de ralentissement de l'adoption du Cloud est le manque de sécurité fiable. Le concept de sécurité à la demande est de déployer et d'appliquer les demandes de sécurité d'un client. Dans ce papier, nous présentons une approche, Information Flow Past Linear Time Logic (IF-PLTL), qui permet de spécifier comment un système peut supporter un large ensemble de propriétés de sécurité. Nous présentons dans ce papier comment ces flux d'information peuvent être contrôler en utilisant les événements systèmes de bas niveau. Nous donnons une description compléte de la syntaxe de IF-PLTL ainsi que sa sémantique. De plus, cette logique permet de formaliser un large ensemble de politiques de sécurité. Notre approche est illustrée par la politique de sécurité de la muraille de Chine orienté vers le monde commercial. Finalement, nous montrons comment nous avons étendu notre langage pour supporter la relabélisation dynamique qui permet de supporter la dynamicité inhérante des systèmes. Nous illustrons cette extension par la formalisation d'une propriété de sécurité pour l'isolation dynamique de domaines

US technology policy in the age of the US-China tech war

My DPhil thesis critically examines the United States’ technology policy in the context of the US-China Tech War. I investigate how the US approach to tech policy, particularly in relation to the tech private sector, has affected its standing in this ongoing rivalry. The thesis is divided into two parts, encompassing a total of three articles. The first part, represented by Article 1, delves into the decline in US influence among its allies, evidenced by European Union member states adopting data localisation policies targeting US tech companies. I argue that these policies represent a form of soft balancing against US technological dominance, reflecting allies’ waning confidence in US leadership in the tech war. Recognising the strategic losses experienced by the US in Part 1, Part 2 examines one possible explanation for the US decline in the tech war. Building on existing scholarship pointing to the lack of a consistent, unifying approach to tech policy, I examine US tech policy in two key areas: alliance management and private sector management. Article 2 characterises US alliance management as non-cooperative, revealing the challenges of successfully influencing allies to counteract Chinese tech companies’ presence in their own critical national infrastructures. Article 3 characterises the US approach to its private sector as laissez-faire, showing that US Big Tech companies operate under rational profit maximisation irrespective of their alignment with the US government. My findings reveal that the US’s non-cooperative approach to alliance management and its laissez-faire approach to private sector management have negatively affected its standing in the tech war. This thesis provides insights into the foreign policy dimensions of tech policy and demonstrates the analytical benefits of anchoring technology-related studies in theoretical frameworks derived from International Relations

Infrastructuring Cyberspace: Exploring China’s Imaginary and Practices of Selective Connectivity

Connectivity and fragmentation coexist as two interlinked discourses on the relationship between infrastructures and societies. In response to the Digital Silk Road initiated by the Chinese government, Chinese companies have built numerous digital infrastructures globally. Simultaneously, China's government seeks to strengthen domestic internet governance through laws and administrative regulations, such as the Cyber Security Law. This paper utilises the interpretive framework of "sociotechnical imaginaries" to explore the controversial tension between digital fragmentations and connectivity in cyberspace along technical, institutional and political dimensions. Scrutinising two cases studies - New IP and smart city - the study finds that China's approach to infrastructuring cyberspace can be best understood as selective connectivity. China not only integrates into global cyber infrastructures to enhance its technological and regulatory capabilities, but also attempts to reshape global cyberspace governance to strengthen its political structures and enhance digital autonomy, seeking a balance between digital sovereignty, regime security and economic development. However, selective connectivity brings its own complexities and drawbacks

An Umbrella in a Hurricane: Cyber Technology and the December 2013 Amendment to the Wassenaar Arrangement

Scenes of near-apocalyptic devastation resulting from good software gone bad are no longer the stuff of science fiction flicks starring bodybuilders-cum-governors. Lightning-fast technological progress and the ubiquity of the Internet have made it easy for our imaginations, as well as our political leaders, to conjure up realistic images of cyber nightmares come true. Now that fears about what lurks inside cyberspace have gone mainstream, I examine one action ostensibly aimed to allay such fears: the December 2013 amendment to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (commonly known as the Wassenaar Arrangement). My analysis of the December 2013 amendment—which was passed to prevent certain dual-use cyber technologies from falling into the wrong hands—proceeds in three parts. First, I argue that history teaches that cyber products are not generally amendable to export controls. Second, I find that the Wassenaar Arrangement’s institutional flaws are so enfeebling that the Arrangement’s very utility is questionable. Third, I assert that economic incentives, globalization, and the intangibility of cyber technology all present formidable obstacles to the December 2013 amendment’s success. Although the December 2013 amendment is likely doomed to irrelevance, I conclude that concerted action—rather than passive pessimism—must be our response to cyber threats

An Umbrella in a Hurricane: Cyber Technology and the December 2013 Amendment to the Wassenaar Arrangement

Scenes of near-apocalyptic devastation resulting from good software gone bad are no longer the stuff of science fiction flicks starring bodybuilders-cum-governors. Lightning-fast technological progress and the ubiquity of the Internet have made it easy for our imaginations, as well as our political leaders, to conjure up realistic images of cyber nightmares come true. Now that fears about what lurks inside cyberspace have gone mainstream, I examine one action ostensibly aimed to allay such fears: the December 2013 amendment to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (commonly known as the Wassenaar Arrangement). My analysis of the December 2013 amendment—which was passed to prevent certain dual-use cyber technologies from falling into the wrong hands—proceeds in three parts. First, I argue that history teaches that cyber products are not generally amendable to export controls. Second, I find that the Wassenaar Arrangement’s institutional flaws are so enfeebling that the Arrangement’s very utility is questionable. Third, I assert that economic incentives, globalization, and the intangibility of cyber technology all present formidable obstacles to the December 2013 amendment’s success. Although the December 2013 amendment is likely doomed to irrelevance, I conclude that concerted action—rather than passive pessimism—must be our response to cyber threats

Germany's Role in Europe's Digital Regulatory Power: Shaping the Global Technology Rule Book in the Service of Europe

Four elements help to map the strengths and, at times, the limits of German power in digital rule-making. First, Germany anticipates EU ­digital regulation and attempts to establish facts on the ground. Second, Germany has outsized influence in the formal stages of EU digital regulatory policy­making. Third, the EU, in turn, provides ­Germany with a launch pad for influencing worldwide regulatory norms. Fourth, a belated reawakening of the capacity of the German private sector and affiliated technical standard bodies to influence global technical standards is occurring

The Future of China\u27s U.S.-Listed Firms: Legal and Political Perspectives on Possible Decoupling

There is a long history of Chinese firms raising capital on leading U.S. exchanges. These shares have proved attractive and are estimated at $1 trillion value, in spite of deep mismatches between Chinese internal approaches to corporate governance and those taken under U.S. securities regulations. Chinese listings of nonstate firms, particularly in the technology sector, had depended on a largely laissez-faire initial approach to the expansion through foreign listings, including tolerance of the opaque Variable Interest Entity (VIE) structures adopted as a means to bypass Chinese restrictions on foreign ownership. Concerns regarding data security had, however, prevented compliance by Chinese firms listed in the United States with audit inspection requirements, and these mismatches in the United States have now led to Chinese firms being on shaky ground on both sides of the U.S.-China fault-line. U.S.-listed Chinese companies have faced the looming threat of delisting under the Holding Foreign Companies Accountable Act (HFCAA), enacted in response to both non-compliance with audit inspection requirements and concerns about the opaque nature of VIEs and possibilities of Chinese state control. Admittedly, fears of mass delistings under the HFCAA in the near future have been allayed by Chinese agreement as to U.S. audit inspections, and the 2022 finding of two Chinese firms to be compliant with U.S. regulations. There remains, however, heightened levels of Chinese state involvement in the affairs of nonstate companies with further potential to bring strain, as Communist Party policies have changed dramatically in recent years, alongside heightened geopolitical tensions. The data concerns that had prevented audit inspections have not disappeared and, in fact, have grown. These, together with some other harmful Chinese state strategies impressed upon nonstate firms and preferences for Chinese firms to look inwards for capital, as well as a damaging trade war in semiconductors, present remaining concerns regarding investments in U.S.-listed Chinese firms. Immediate concerns regarding delistings under the HFCAA may have abated but there may be other firms for which compliance may be difficult, and there remains potential for future delistings, presenting risks for U.S. investors. These Chinese firms may find the exit voluntarily whilst the stream of U.S. listings by Chinese companies will slow. It will not yet amount to a decoupling, but investors should be wary

Imagining machine vision: Four visual registers from the Chinese AI industry

Machine vision is one of the main applications of artificial intelligence. In China, the machine vision industry makes up more than a third of the national AI market, and technologies like face recognition, object tracking and automated driving play a central role in surveillance systems and social governance projects relying on the large-scale collection and processing of sensor data. Like other novel articulations of technology and society, machine vision is defined, developed and explained by different actors through the work of imagination. In this article, we draw on the concept of sociotechnical imaginaries to understand how Chinese companies represent machine vision. Through a qualitative multimodal analysis of the corporate websites of leading industry players, we identify a cohesive sociotechnical imaginary of machine vision, and explain how four distinct visual registers contribute to its articulation. These four registers, which we call computational abstraction, human–machine coordination, smooth everyday, and dashboard realism, allow Chinese tech companies to articulate their global ambitions and competitiveness through narrow and opaque representations of machine vision technologies.publishedVersio