Chinese Hacking Threat Grows as FCC Scraps Cyber Rules; Gmail Trains AI With Your Data, SolarWinds Case Dropped
Top stories today include FCC eliminating telecom cybersecurity protections amid Chinese hacking threats, Gmail using emails to train AI unless users opt out, and SEC dropping the SolarWinds lawsuit.
FCC Moves to Scrap Cybersecurity Rules Amid Chinese Hacking Threats
The FCC’s recent decision to eliminate cybersecurity protections for telecom companies raises significant concerns following a major hacking campaign by a China-backed group.
Key Points:
FCC voted 2-1 to repeal cybersecurity rules established under the Biden administration.
The rollback occurs amid ongoing threats from the China-backed hacking group Salt Typhoon.
Senators express strong concern, warning it compromises national security and exposes citizens to risks.
Telecom industry praises the removal of what they call ‘counterproductive regulations’.
Democratic Commissioner Anna Gomez argues the repeal undermines meaningful cybersecurity efforts.
On Thursday, the Federal Communications Commission voted along party lines to repeal rules that mandated minimum cybersecurity standards for U.S. telecommunications companies. This decision comes despite the recent discovery of extensive hacks attributed to a group known as Salt Typhoon, which successfully infiltrated more than 200 telecom companies, including major players like AT&T and Verizon. The hacked organization provided a pathway for potential surveillance and data theft, illustrating the vulnerabilities faced by American communications networks.
Gmail can read your emails and attachments to train its AI, unless you opt out
Gmail has begun reading user emails and attachments to train its AI systems, with users able to opt out of this data collection practice.
Google’s Gmail service is now using the content of emails and attachments to train its artificial intelligence models. This practice has raised privacy concerns among users who may not be aware that their personal communications are being analyzed for AI development purposes. While Google has provided an opt-out option, the default setting allows the company to access this data, meaning users must take active steps to protect their privacy.
SEC Drops SolarWinds Lawsuit Over Cybersecurity Practices
The SEC has voluntarily dismissed allegations against SolarWinds concerning misleading investors about cybersecurity failures.
Key Points:
SEC’s dismissal follows a federal court ruling that weakened the case.
The lawsuit claimed SolarWinds misled investors about specific cybersecurity risks.
SolarWinds CEO expressed relief, asserting the company’s actions were appropriate.
The case stems from a significant cyberattack attributed to Russian hackers in 2020.
The SEC previously fined other companies related to the fallout from the SolarWinds incident.
The Securities and Exchange Commission announced it is voluntarily dismissing a lawsuit against SolarWinds Corp. and its chief information security officer, Timothy Brown. This decision follows a court ruling that dismissed most of the SEC’s claims, stating that the allegations relied on hindsight and speculation. The SEC initially charged SolarWinds with defrauding investors by failing to disclose serious cybersecurity risks, particularly in light of a major cyberattack that was discovered in 2020, where Russian hackers exploited vulnerabilities in SolarWinds’ software to penetrate various large corporations and federal agencies, notably the departments of Defense, Homeland Security, and Justice.
SolarWinds has publicly celebrated this outcome as a vindication of its actions. In their statement, the company emphasized that they believed the facts demonstrated they had acted appropriately and that this resolution would alleviate concerns voiced by Chief Information Security Officers regarding the chilling effects of such lawsuits on their operations. While the SEC chose not to comment on the dismissal, it highlights ongoing scrutiny and regulatory pressure in the realm of corporate cybersecurity practices, especially after the extensive fallout from the SolarWinds incident that led to prior fines and consequences for other firms involved.