The Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security launched a task force Thursday to collaborate with government agencies and the private sector on cyber defense. CISA’s Joint Cyber Defense Collaborative will “integrate unique cyber capabilities” across agencies and companies. It will design U.S. cyber defense plans, implement coordinated defense efforts and support “joint exercises to improve cyber defense operations.”

The U.S. needs to do more to protect against Chinese theft of American data, Senate Intelligence Committee Chairman Mark Warner, D-Va., said at a hearing Wednesday. Sen. Ron Wyden, D-Ore., pushed for support for his Fourth Amendment Is Not for Sale Act (see 2104210053), which aims to end a legal loophole that allows data brokers to sell Americans’ personal information to law enforcement and intelligence agencies without Foreign Intelligence Surveillance Act court oversight. It would end the bulk sale of data to foreign entities, Wyden said. FTC Commissioner Christine Wilson recently endorsed the legislation. Evanina Group CEO Bill Evanina, an ex-director of the National Counterintelligence and Security Center, told the committee it’s unnecessary for China to buy the data because it can be taken for free due to the lack of cybersecurity defenses. He cited Equifax and other data breaches. Warner expressed frustration that U.S. companies are “giving up” on American values to gain access to Chinese markets, allowing the Chinese government to collect sensitive information about Americans. Vice Chairman Marco Rubio, R-Fla., agreed China is using American “corporate lust” against the U.S.

Amazon threw its weight into Section 301 litigation inundating the U.S. Court of International Trade, alleging in a complaint Monday that the Lists 3 and 4A tariffs are unlawful under the 1974 Trade Act. It said they violate Administrative Procedure Act rules against sloppy rulemakings and are unconstitutional because only Congress, not the executive branch, can levy taxes. Amazon reported 2020 revenue of $386.1 billion and is believed now to be the second largest Section 301 plaintiff behind Walmart, which sued March 8. Walmart reported $559.2 billion in revenue for the fiscal year ended Jan. 31. Both companies are the relatively few among the roughly 6,500 importer plaintiffs to challenge the tariffs on constitutional grounds. Crowell & Moring is representing Amazon. Walmart’s attorneys are from Hogan Lovells. Both law firms sit on the 15-member plaintiffs’ steering committee formed in March to help manage the litigation.

The International Space Station will host a demo of SpaceLink's high-capacity communications network between space and the ground, the company said Monday. It said this will validate use of a 10 Gbps optical terminal for voice, video and data exchange among ISS crew, onboard systems, experiments and terrestrial users. SpaceLink CEO David Bettinger said the demo's funding by the Center for the Advancement of Science in Space, which manages the ISS U.S. National Laboratory, "marks an important milestone in SpaceLink’s roadmap to providing massive bandwidth for organizations that need real-time connectivity between space and the ground.”

The Commerce Department's Bureau of Industry and Security is “very busy” working to implement semiconductor supply chain recommendations from the White House in June stemming from President Joe Biden’s Feb. 24 executive order on the chips shortage and other supply-chain issues, said Sahar Hafeez, a senior BIS adviser. The agency is studying closer federal collaboration with industry on semiconductor demand and supply and is reviewing how export controls and investment restrictions might exacerbate supply-chain problems, Hafeez told an Information Systems Technical Advisory Committee meeting Wednesday. Perhaps the most immediate priority for Commerce is pushing Congress to pass and fund the Chips Act, she said. The bill, which would provide funding and incentives for U.S. semiconductor R&D and manufacturing, has been funded by the Senate but hasn't been approved in the House (see 2107220005). “We're laser focused on the House, and we encourage you all to help us get that across the finish line,” Hafeez told the ISTAC. She said Commerce is “cautiously optimistic” the House will approve funding. Though the global chip shortage has persisted for months, it still remains unclear to BIS which chips are most severely affected, Hafeez said. She said “mature node chips” are being “severely impacted,” but the shortage is affecting newer nodes as well, she said: “We've been trying to get more clarity. I don't know if it exists, That's an issue that we're grappling with -- the lack of transparency.”

President Joe Biden signed a national security memorandum Wednesday directing the Department of Homeland Security and National Institute of Standards and Technology to “develop cybersecurity performance goals for critical infrastructure.” DHS’ Cybersecurity and Infrastructure Security Agency will work with NIST and other agencies. Those standards will help companies providing services for utilities to strengthen cybersecurity, the White House said. The NSM established the President’s Industrial Control System Cybersecurity (ICS) Initiative, a voluntary program between government and industry “to facilitate the deployment of technology and systems that provide threat visibility, indicators, detections, and warnings.” CISA issued an advisory Wednesday with the Australian Cyber Security Centre, U.K.’s National Cyber Security Centre and the FBI. It listed “top Common Vulnerabilities and Exposures (CVEs) routinely exploited by cyber actors in 2020 and those vulnerabilities being widely exploited thus far in 2021.” Four of the “most targeted vulnerabilities in 2020 involved remote work, VPNs, or cloud-based technologies,” CISA said. Federal agencies need to “strengthen efforts to address high-risk areas” in cybersecurity and information technology, GAO said Wednesday. The auditor noted agencies implemented about 73% of about 5,100 recommendations on cyber and IT since 2010: About 950 cybersecurity and approximately 300 IT recommendations remain.

MediaTek’s mobile phone business was 57% of Q2 revenue and grew 143% year over year mainly through increasing adoption of its 5G high-end SoCs “among our customer base,” said CEO Rick Tsai on a quarterly call Tuesday. The first high-end smartphone model built on MediaTek’s 5G “open resource architecture” is shipping, said Tsai: “More models for multiple customers will come in the next few months.” MediaTek is standing by projections that 5G smartphone shipments will exceed 500 million units globally this year, more than double the 2020 volume, he said: “We expect the 5G migration to accelerate and penetrate into more regions next year.” Also Tuesday, Corning CEO Wendell Weeks said 5G subscriptions are nearly 300 million, “on track to double that by the end of 2021” (see separate report in this issue).

The Information Technology Industry Council hailed the reprieve for U.S. importers from the threat of tariffs on goods from Vietnam. “ITI welcomes the U.S. government’s bilateral engagement -- rather than consideration of tariffs that harm U.S. competitiveness and jobs -- to address concerns with Vietnam’s currency valuation practices,” emailed Senior Policy Director Sam Rizzo Monday. The agreement the U.S. Treasury reached last week with the State Bank of Vietnam to address U.S. allegations that Hanoi was devaluing the dong against the dollar was a “satisfactory resolution” of the investigation launched in October, the Office of the U.S. Trade Representative said Friday. Vietnam plays a large and growing role in the consumer tech supply chain.

Pass consumer data privacy legislation this term, Rep. Suzan DelBene, D-Wash., told a Friday Brookings Institute webinar. Data flows are "critical to our shared economic future" and nowhere more important than EU-U.S., she said. The European Court of Justice (ECJ) ruling in Schrems II (see 2007160002) left thousands of smaller companies that relied on trans-Atlantic data transfer mechanism Privacy Shield scrambling, she said: The growing patchwork of state privacy laws won't work and won't lead to a PS alternative. Current tools such as standard contractual clauses, binding corporate rules and recent European Data Protection Board guidance are helpful but don't "take away the need for a successor framework," said Workday Chief Privacy Officer Barbara Cosgrove. Talks on a PS replacement are ongoing, said Sharon Bradford Franklin, a director of the Center for Democracy and Technology security and surveillance project: CDT has heard that one is the extent to which the U.S. government can enact measures by the executive branch or Congress to address ECJ concerns. A comprehensive U.S. consumer data privacy law would be helpful, but surveillance laws must change to benefit Europeans and Americans, she said. The big issue is individual redress, said lawyer Peter Swire. There's frustration on the U.S. side about the issue because the U.S. has a good system via Foreign Intelligence Surveillance Act courts, Swire said: "Get over it." He and other panelists said it might be possible to give Europeans an independent review and some pathway to redress in federal courts administratively, via an executive order on surveillance law. Most agreed any solution must ultimately become law. The U.S. looks "really different" from the rest of the world with regard to privacy protection, and it’s hard to make the case that it's a safe place for data, said Swire. The U.S. and EU are considering whether they can align on tech issues such as data governance and AI, and must get a handle on privacy law first because it underpins those areas, said Cameron Kerry, Brookings distinguished visiting fellow-Center for Technology Innovation. The idea of the recently created Tech and Trade Council is to bring like-minded democratic countries together, he said: The U.S. is "the outlier" because it lacks a privacy regime.

U.S. companies selling AI products into Europe will be subject to EU AI laws no matter where they're headquartered, European Commission Legal and Policy Officer Gabriele Mazzini said on a Thursday FCBA webinar. A legislation proposal, which the EC floated in April (see 2104210003), would affect anyone marketing AI into the EU, said Mazzini, of the Directorate-General for Communications Networks, Content and Technology. The EC made clear it wants to promote its vision of AI regulation globally, so similar policies may arise elsewhere, including in the U.S., said Verizon Senior Manager-EU Public Policy Marco Moragon. The proposal aims to address risks of AI technologies, such as enforcement of fundamental rights, consumer and other laws, said Mazzini. Protecting democratic rights and legal principles is a top priority for civil society, said Iverna McGowan, Center for Democracy and Technology Europe Office director: AI could disproportionately affect vulnerable people. Verizon operates in EU markets and wants a consistent, harmonized regime, said Moragon. CDT believes a risk-based and rights-based approach to AI isn't mutually exclusive, said McGowan. She seeks a baseline against which to assess the technology's possible impact on human rights, saying a rights-based approach should start by consulting people about how AI services affect their real-life experiences. The proposal divides AI systems into three groups: prohibited, where there's no societal value from their use; higher risk, which may pose problems but can have beneficial societal/economic benefits; and low risk, where no prior rules will be imposed, but companies will be subject to transparency requirements, said Mazzini. Companies must self-assess risk, which may be burdensome to smaller firms, said Moragon. When the measure refers to users, it means purchasers of AI systems, not end users, said McGowan: Accountability should be clearer on what rights and redress end-users get. A European Parliament decision on which committees will have jurisdiction here isn't likely before September, Mazzini added.