President Joe Biden Takes Action to Protect Personal Data
Анализ военных объектов России
Влияние России на гражданское пространство и средства массовой информации в Восточной Европе и Евразии
Оценка исследования общественного пространства в странах Центральной и Восточной Европы
В процессе консультации с внешними экспертами и тщательным обзором литературы мы разработали набор из 14 показателей-прокси, сопоставленных с четырьмя барометрами здоровья и устойчивости общественного пространства для 17 стран Центральной и Восточной Европы, чтобы обеспечить сравнимость и высокую степень всесторонности. Эти показатели оценивают внутреннюю среду для граждан для мирного собрания и свободного выражения своих взглядов без страха перед возмездием. Они также измеряют каналы, через которые Кремль может оказывать внешнее воздействие для искажения или ограничения общественного пространства. Мы опубликуем наши методы и подходы к выбору показателей и сбору данных в отдельном документе.
Наш процесс сбора данных включал в себя каталогизацию ограничений деятелей общественного пространства через, например, измерение числа случаев домогательств или насилия (физического или вербального), совершаемых против деятелей общественного пространства и случаев законодательства и политики (новоиспеченного или принятого), которые могут ограничить возможность деятелей общественного пространства встречаться, действовать или говорить свободно без страха перед возмездием. Мы также учитывали российское финансирование и в натуре в каждой из 17 стран, собирая данные о проектах, направленных российским правительством на институциональное развитие, управление, гражданскую правоохранительную деятельность, организации официального гражданского общества или неформальные гражданские группы в целевой стране. Исследователи AidData отслеживали упоминания деятелей общественного пространства российским государственным СМИ в целевой стране, а также их упоминания о таких терминах, как НАТО, США, Европейский союз, демократия и Запад.
В качестве примера применямых методов AidData продолжали строить на основе существующих глобальных наборов данных и поставщиков сторонней новостной информации запросы для извлечения соответствующих статей о сообщенных случаях домогательств/насилия, ограничительного законодательства и государственно-поддерживаемых юридических дел, зафиксированных в новостных базах данных. Дополняя данные новостной информации с открытым источником, AidData использовала данные сторонних опросов для понимания отношения граждан к политике, их готовности участвовать и уровня вовлеченности в общественную жизнь, а также доверия к институтам своей страны. Мы дополнили это дополнительными страноспецифическими данными из опросов, а также собственным переписью 2022 года и опросом избирателей AidData.
Захват устойчивости средств массовой информации к разрушительному воздействию
Понимание устойчивости средств массовой информации требует ответа на сложный вопрос: насколько общества готовы справляться с неумышленной или умышленной дезинформацией и манипуляцией? Заполняя этот пробел, AidData разработала диагностику и анализ, преодолевающий критический недостаток существующих данных о свободе СМИ и доверии к СМИ.
To assess how citizens view the domestic media environment, how they source and consume information, and in which ways they assess the credibility of their information sources, AidData designed and fielded a general population online survey for 10 countries. Finally, AidData analyzed the sentiment of news stories in a subset of domestic media over a 3-5 year period, flagging keywords relevant to foreign policy issues.
Creating the most comprehensive regional index to measure energy security in a comparable way
For this part of the research, AidData developed a comprehensive taxonomy for each of the 17 countries that included five dimensions: met energy need, energy supply, risk, resilience, and country characteristics. Analysts aggregated 22 categories, 51 concepts, and 144 indicators into a single index, facilitating trend measurement over time and comparability between countries.
Mainstream energy analysis rarely focuses on a country’s energy risk and resilience, and usually does not incorporate geo-political factors or developments. By “energy risk,” we mean factors like political stability, susceptibility to foreign leverage, and domestic shocks. The team defined “energy resilience” as energy system governance, financing, reliability, consumption patterns.
AidData’s energy research is also unusual in making the underlying data publicly available: sharing information is not embedded into the DNA of the energy business. While the invasion of Ukraine saw energy become a headline news for much of Europe and beyond—affecting lives, pocketbooks, financial markets, macroeconomics, and global security—how energy is generated, stored, supplied, and traded remains largely a mystery and is usually firmly locked behind commercial paywalls. Even when data is made available, it is often so complex that individuals without sufficient expertise are left behind. By putting our data and analysis in the public domain, we hope to help overcome this barrier and make insights on energy security more readily available to decision makers and the public.
Timeline
What can you expect and when? With the E&E region making headlines every day, we’re prioritizing the most timely research first, in order to help inform the global public debate. Here’s when we plan to publish our reports.
About the Foreign Policy Influence program
AidData’s Policy Analysis Unit leads the Foreign Policy Influence program, which asks: which economic and soft power tools do China, Russia, and the U.S. use, with whom, and towards what foreign policy objectives? States use a variety of non-military instruments—including money, information, technology, culture, and education—to advance their national interests. Yet, translating the instruments of economics or soft power into realized influence with foreign leaders or publics is neither straightforward nor quick. Foreign aid, trade, and investment may have cascading effects in the political, social, and security spheres. Public diplomacy initiatives may stoke new relationships, norms, and institutions which, in turn, shape future economic trajectories and alliances between countries. Policymakers in both the Global South and North seldom have reliable intelligence at their disposal to assess risks, increase resilience, and protect their interests in the face of foreign influence. AidData looks to fill these gaps with data and evidence, in the hope that these help produce informed decision-making.
Contact
President Biden is issuing an executive order that will for the first time propose guardrails that shield bulk biometric and healthcare data and financial information collected by businesses inside the U.S. and that are aimed at preventing the material from being transferred to foreign adversaries, including China, Russia, Iran, Cuba, Venezuela and North Korea. The data — including genomic and geolocation information — are collected by tech companies and sold by legal means to data brokers but can eventually make their way to scammers and intelligence agencies abroad.
Personal information collected by U.S. companies is an important resource that nations like China and Russia can leverage into malicious cyber campaigns or attacks on dissidents and activists who challenge their regimes, the officials said.
Data broker sales of personal information to nations like China and Russia will be prohibited outright, while security requirements will have to be met before companies can enter into vendor, employment or investment agreements in those countries.
"The Chinese government is not just hacking to gather our data," Deputy Attorney General Lisa Monaco said last year, as she announced the formation of the Disruptive Technology Strike Force. "If a company is operating in China and is collecting your data, it is a good bet that the Chinese government is accessing it." The year-old operation works to prevent Western technology from falling into the hands of bad actors.
Robert Legare is a CBS News multiplatform reporter and producer covering the Justice Department, federal courts and investigations. He was previously an associate producer for the "CBS Evening News with Norah O’Donnell."
US president Joe Biden will sign an executive order on Wednesday aimed at preventing a handful of countries, including China, North Korea, and Russia, from purchasing sensitive information about Americans through commercial data brokers in the United States.
The order will have few immediate effects, they said. The US Justice Department will instead launch a rulemaking process aimed at mapping out a “data security program” envisioned by the White House. The process affords experts, industry stakeholders, and the public at large an opportunity to chime in prior to the government adopting the proposal.
White House officials said the US Attorney General would consult with the heads of the Department of State and Department of Commerce to finalize a list of countries falling under the eye of the program. A tentative list given to reporters during Tuesday’s call, however, included China, Cuba, Iran, North Korea, Russia, and Venezuela.
The categories of information covered by the program will include health and financial data, precise geolocation information, and “certain sensitive government-related data,” among others, the officials said. The order will contain several carve-outs for certain financial transactions and activities that are “incidental” to ordinary business operations.
It’s unclear to what degree such a program would be effective. Notably, it does not extend to a majority of countries where trafficking in Americans’ private data will ostensibly remain legal. What’s more, it’s unclear whether the government has the authority or wherewithal (outside of an act of Congress) to restrict countries that, while diplomatically and militarily allied with the US, are also known to conduct espionage against it: close US ally Israel, for instance, was accused in 2019 of planting cell-phone-spying devices near the White House, and has served as an international marketplace for illicit spyware; or Saudi Arabia, which availed itself of that market in 2018 to covertly surveil a Washington Post contributor who was later abducted and murdered by a Saudi hit squad.
The restrictions imposed by the executive order are meant to protect against “direct” and “indirect transfers of data,” officials said. But data brokers are on the hook merely until they obtain “some type of commitment" from overseas customers—an “understanding”—when it comes to the possibility of data being sold or transferred to others down the line.
The important thing, the official said, is for data brokers to “get those assurances.”
To penalize a data broker for selling restricted information that finds its way into the hands of a banned country, the government has the burden of proving the company did so knowingly or negligently. These two circumstances, however, hardly cover the range of possibilities likely to lead to that outcome. The US government has little control over the internal security of foreign individuals or companies, and data brokers cannot reasonably be held responsible for customers who set out to deceive them or who simply fail to safeguard the data they’ve purchased from a sophisticated threat with superpower backing.
An American data security program that allows American data to be sold in a vast majority of foreign countries may only slightly reduce the odds of an incident—a piecemeal solution that seems inferior to the task it assumes in declaring the risk critical to national defense.
“The sale of Americans’ data raises significant privacy, counterintelligence, blackmail risks, and other national security risks—especially for those in the military or national security community,” the White House said in a statement.
The program, it adds, is not intended to be a substitute for actual privacy legislation, something the US Congress has repeatedly taken up but failed to achieve despite various attempts over the years. The most viable bill in the past decade, the American Data Privacy and Protection Act (ADPPA), was effectively dead on arrival when it debuted in 2022, with Republicans and Democrats failing to come to terms over a handful of provisions after five years of negotiation.
Yet even ADPPA was a fundamentally flawed bill that exempted all companies working for the government, up to and including technology startups that have penned contracts with local police agencies.
“I would not compare the way our government uses data to the way the ‘countries of concern’ are using data,” said another official on Wednesday when asked about the growing support in Congress to ban the US government from making the same purchases. “That’s not the topic of this EO,” they said.
Cybersecurity experts and intelligence chiefs acknowledge that the US government is under constant attack from professional hackers abroad, many of whom are aligned with, if not directly contracted by, the hostile nations that Biden’s new executive order aims to repel. Privacy advocates have long argued that, given this reality, it’s a counterintuitive strategy to allow the US government to remain one of the data broker industry’s top customers.
Notably, the efforts of US agencies to shore up their own cyber defenses against foreign threats are routinely revealed to be behind schedule, as has been the case for the past decade. Major hacks in recent years have targeted agencies whose biggest asset is personal information, including the Internal Revenue Service and Office of Personnel Management.
Data has not found a safe space in the hands of US spies either, with a former intelligence officer sentenced to 40 years in prison this month over what prosecutors called the “single biggest leak” in the history of the Central Intelligence Agency—data that was successfully stolen and delivered to WikiLeaks, which, like Biden’s “countries of concern,” the US government has accused of espionage.
In February 2022, the government’s own accountability watchdog reported publicly that agencies responsible for safeguarding critical infrastructure, including nuclear plants, dams, and emergency services, were among those that had failed to adopt even the procedures needed to determine how protected or vulnerable they really are.