Over the new year, Congress overrode President Trump’s veto to enact into law the National Defense Authorization Act (NDAA) for fiscal 2021—an annual piece of legislation that lays out the budget, expenditures and policies of the Pentagon for the upcoming year. This year’s NDAA also contains numerous cyber-related provisions, among them § 1752, which establishes a new Office of the National Cyber Director (ONCD) within the Executive Office of the President (EOP). The head of the ONCD, the national cyber director (NCD), is subject to Senate confirmation and is tasked with serving as “the principal advisor to the President on cybersecurity policy and strategy relating to the coordination of” defensive strategies for federal and critical infrastructure organizations, incident response, diplomatic initiatives relating to cybersecurity, efforts to deter adversaries and industry engagement.
The legislation implements one of the signature recommendations of the Cyberspace Solarium Commission, which Congress established in 2019 to develop a strategic approach to combating future cyberattacks. The commission proposed the national cyber director concept as a remedy for what it assessed to be insufficient institutionalization of policymaking around cyber strategy and a lack of interagency coordination.
It will fall on the incoming Biden administration to implement the new office and send the first nomination for national cyber director to the Senate. The administration will have to create a new organization within the EOP and it will also need to immediately address what is clearly among the most damaging cybersecurity breaches in American history—a major hack of SolarWinds software perpetrated by Russia affecting hundreds of victims in the federal government and the private sector.
A federal judge indicated that a $110 million fee request is reasonable for attorneys who negotiated a $650 million settlement for Facebook users, who alleged that the social media giant’s facial recognition tool violated privacy laws. In a hearing over the final approval of the deal, U.S. District Judge James Donato of the Northern District of California, whose critique of the original $550 million settlement motivated Facebook to kick in another $100 million, said that the plaintiffs attorneys request for 16.9% of the total settlement amount made sense. One of the successes of this settlement was the roughly 22% claims rate. About 1.6 million class members will receive around $350.
On Thursday, January 14, 2021, a judge for the U.S. Court of Appeals for the Ninth Circuit hypothetically asked a Department of Justice attorney whether the president has the authority to issue an executive order shutting down a U.S.-based platform used to stage a coup against the federal government. Circuit Judge Ryan Nelson posed the question during a hearing over a preliminary injunction halting President Donald Trump’s executive order banning WeChat in the United States. However, the inquiry is increasingly relevant after a mob of Trump supporters stormed the Capitol last week and as governmental buildings and courts brace for more attacks ahead of the inauguration. The government sought to reverse a Sept. 19 preliminary injunction that U.S. District Magistrate Judge Laurel Beeler of the Northern District of California granted after finding WeChat users’ First Amendment concerns outweighed the national security interests presented by the government.
The highest legal adviser to the Court of Justice of the European Union said in a preliminary opinion that any EU country can take legal action against companies such as Facebook over violations of data privacy rules—not just the main regulator in charge of the company. “The lead data protection authority cannot be deemed as the sole enforcer of the GDPR in cross-border situations, and must, in compliance with the relevant rules and time limits provided for by the GDPR, closely cooperate with the other data protection authorities concerned,” the opinion said. If adopted by the Court of Justice, the ruling could have significant consequences for tech companies, as some EU countries are more aggressive than others on enforcement of the General Data Protection Regulation, known as GDPR, that was implemented in 2018. The companies could therefore face more investigations.
The White House announced Friday it has finalized a four-pronged strategy to help the U.S. roll out safe and effective 5G networks, including promoting "core security principles" in new wireless infrastructure and encouraging global allies to do the same. The strategy responds to a congressional mandate set forth in the Secure 5G and Beyond Act of 2020, which called for the president to chart a course ensuring that next-generation wireless networks do not leave easily exploitable vulnerabilities. Specifically, the White House said it will work on "facilitating domestic 5G rollout; assessing the risks to and identifying core security principles of 5G infrastructure; addressing risks to United States economic and national security during development and deployment of 5G infrastructure worldwide; [and] promoting responsible global development and deployment of 5G technology."
Epic Games has filed claims in the U.K. against Apple and Google over the booting of Fortnite from their respective app stores and restrictions placed on developers, similar to a pair of lawsuits the company lodged in the U.S. last year. The U.K. claims were filed with the Competition Appeal Tribunal in December and a hearing is set on them for next week, according to the tribunal's case register. Summaries of the claims published on Thursday said that Epic accuses Apple and Google of abusing their dominance over app distribution on their platforms and is seeking to have Fortnite returned to the stores in the U.K., along with changes to the rules imposed on developers.