The new U.S.-China trade agreement includes provisions that are aimed at curbing forced technology transfers, in which companies hand over technical know-how to foreign partners. For many high-tech businesses, the intellectual property behind their products represents the bulk of their companies’ value.  To learn more about the risks of IP theft, Elizabeth Lee recently visited the Consumer Electronics Show in Las Vegas, where companies talked about the risks to their technology secrets.

A legal adviser at the European Union’s highest court said Wednesday that the bloc’s data protection rules should prevent member states from indiscriminately holding personal data seized from Internet and phone companies, even when intelligence agencies claim that national security is at stake.
In a non-binding opinion on how the European Court of Justice, or ECJ, should rule on issues relating to access by security and intelligence agencies to communications data retained by telecommunications providers, advocate general Campos Sanchez-Bordona said “the means and methods of combating terrorism must be compatible with the requirements of the rule of law.”
Commenting on a series of cases from France, the U.K. and Belgium — three countries that have been hit by extremist attacks in recent years and have reinforced surveillance — Sanchez-Bordona said that the ECJ’s case law should be upheld. He cited a case in which the court ruled that general and indiscriminate retention of communications “is disproportionate” and inconsistent with EU privacy directives.
The advocate general recommended limited access to the data, and only when it is essential “for the effective prevention and control of crime and the safeguarding of national security.”
The initial case was brought by Privacy International, a charity promoting the right to privacy. Referring to the ECJ’s case law, it said that the acquisition, use, retention, disclosure, storage and deletion of bulk personal data sets and bulk communications data by the U.K. security and intelligence agencies were unlawful under EU law.
The U.K.’s Investigatory Powers Tribunal referred the case to the ECJ, which held a joint hearing with two similar cases from France and another one from Belgium.
“We welcome today’s opinion from the advocate general and hope it will be persuasive to the Court,” said Caroline Wilson Palow, the Legal Director of Privacy International. “The opinion is a win for privacy. We all benefit when robust rights schemes, like the EU Charter of Fundamental Rights, are applied and followed.”
The ECJ’s legal opinions aren’t legally binding, but are often followed by the court. The ECJ press service said a ruling is expected within two months.
“Should the court decide to follow the opinion of the advocate general, ‘metadata’ such as traffic and location data will remain subject to a high level of protection in the European Union, even when they are accessed for national security purposes,” said Luca Tosoni, a researcher at the Norwegian Research Center for Computers and Law. “This would require several member states — including Belgium, France, the U.K. and others — to amend their domestic legislation.”

The National Security Agency has discovered a major security flaw in Microsoft’s Windows operating system and tipped off the company so that it can fix it.Microsoft made a software patch to fix it available Tuesday and credited the agency as the flaw’s discoverer.The company said it has not seen any evidence that hackers have used the technique discovered by the NSA.”Customers who have already applied the update, or have automatic updates enabled, are already protected,” said Jeff Jones, a senior director at Microsoft, in a statement.Priscilla Moriuchi, who retired from the NSA in 2017 after running its East Asia and Pacific operations, said this is a good example of the “constructive role” that the NSA can play in improving global information security. Moriuchi, now an analyst at the U.S. cybersecurity firm Recorded Future, said it’s likely a reflection of changes made in 2017 to how the U.S. determines whether to disclose a major vulnerability or exploit it for intelligence purposes.The revamping of what’s known as the “Vulnerability Equities Process” put more emphasis on disclosing unpatched vulnerabilities whenever possible to protect core internet systems and the U.S. economy and general public.Those changes happened after a group calling itself “Shadow Brokers” released a trove of high-level hacking tools stolen from the NSA.

It sounds like science fiction, but a number of tech wearables are letting users control devices with their thoughts. The implications for consumers and businesses are significant. But to start out, the goal of two developers is to simply enable more productivity. Tina Trinh meets the Brooklyn team behind a thought-powered headset.

China says its diplomats and government officials will fully exploit foreign social media platforms such as Facebook and Twitter that are blocked off to its own citizens.
Foreign Ministry spokesman Geng Shuang on Monday likened the government to “diplomatic agencies and diplomats of other countries” in embracing such platforms to provide “better communication with the people outside and to better introduce China’s situation and policies.”
Facebook, Twitter and other social media platforms have tried for years without success to be allowed into the lucrative Chinese market, where Beijing has helped create politically reliable analogues such as Weichat and Weibo. Their content is carefully monitored by the companies and by government censors.
Despite that, Geng said China is “willing to strengthen communication with the outside world through social media such as Twitter to enhance mutual understanding.” He also insisted that the Chinese internet remained open and said the country has the largest number of users of any nation, adding, “we have always managed the internet in accordance with laws and regulations.”
The canny use of social media by pro-democracy protesters in Hong Kong has further deepened China’s concern over the use of such platforms, prompting further crackdowns on the mainland, including on the use of virtual private networks.  

U.S. government officials are watching and waiting, with many believing it is only a matter of time before Iran lashes out in cyberspace for the U.S. drone strike that killed Quds Force commander Qassem Soleimani last week.According to the latest advisory from the Department of Homeland Security, there are still “no specific, credible threats” to the United States. But officials say Iran’s public assurances that it is done retaliating mean little.“Iran has been one of the most malicious actors out there,” a senior State Department official said Thursday. “We’re very concerned about Iran’s capabilities and activities.”U.S. government officials have been hesitant to comment in any detail on what Iranian cyber actors have been up to in recent days, though they note Iran’s capabilities are on par with Russia, China and North Korea when it comes to using cyber to target industrial control systems or physical infrastructure.“DHS [Department of Homeland Security] is operating under an enhanced posture to improve coordination and situational awareness should any specific threats emerge,” a department spokesperson told VOA.The spokesperson added DHS is coordinating with U.S. intelligence agencies, key private sector companies and organizations, and is ready to “implement enhanced security measures, as needed.”Iranian Cyber ActivityBracing for a ‘significant’ attackIntelligence officials say much of Iran’s cyber activity is driven by the Islamic Revolutionary Guard Corps (IRGC), sometimes using front companies or sometimes carrying out cyberattacks themselves.Past Iranian cyberattacks have ranged from distributed denial of service attacks (DDoS), which block access to websites by overwhelming the server hosting the site with internet traffic, to efforts to deface websites or attempts to steal personal data.An alert this week from the FILE – The Twitter and Facebook logos, Nov. 26, 2019.Ramping up disinformation campaignsAnd once the U.S. airstrike took out Soleimani, the Iranian disinformation machinery went into action.“As that news came out, we saw them ramp their program and start pushing that stuff out,” Hultquist said.The disinformation from Iran’s proxy forces in the Middle East further increased Tuesday during Iran’s retaliatory missile strike on Iraqi bases hosting U.S. and coalition forces — “in terms of reports coming in about certain hits that happened and numbers of casualties from the Iranian response,” said Phillip Smyth, an analyst with the Washington Institute for Near East Policy who has been tracking social media activity by the Iranian-backed militias.But Iran-linked cyber actors have also eyed more ambitious campaigns.In October 2018, for example, Facebook and Instagram removed 82 accounts, pages and groups from their platforms.The posts, Facebook said, focused on “politically charged topics such as race relations, opposition to the [U.S.] president and immigration.”Facebook Removes 82 Iranian-Linked Accounts

        Facebook announced Friday that it has removed 82 accounts, pages or groups from its site and Instagram that originated in Iran, with some of the account owners posing as residents of the United States or Britain and tweeting about liberal politics.At least one of the Facebook pages had more than one million followers, the firm said. The company said it did not know if the coordinated behavior was tied to the Iranian government. 

Analysts said while those Iranian disinformation efforts paled in comparison to the campaign run by Russia in the run-up to the 2016 U.S. presidential elections, the effort showed signs of increasing sophistication, which has continued to this day.Some former U.S. officials and analysts also suspect Iran may be targeting news outlets.The Kuwaiti government Wednesday said the Kuwait News Agency’s Twitter account was hacked after it posted false reports that the U.S. was withdrawing all troops based in the country.Separately, hackers claiming to be working on behalf of Iran defaced the website of the U.S. Federal Depository Library Program.Despite suspicions and concerns, though, officials have yet to definitely attribute either attack to Iran. And there is a risk that such attacks are actually the work of other cyber actors.For example, former officials said there have been instances in the past where Russian cyber operatives hijacked Iranian infrastructure or malware to launch intrusions of their own.Targeting AmericansIran, though, has other tools it can use to strike the U.S. and the West. “Iranian cyber actors are targeting U.S. government officials, government organizations and companies to gain intelligence and position themselves for future cyber operations,” U.S. intelligence agencies warned in their most recent threat assessment.Iran’s Cyber Spies Looking to Get Personal

        Iran appears to be broadening its presence in cyberspace, stealing information that would allow its cyber spies to monitor and track key political and business officials, including some in the United States.A new, U.S. intelligence report released Tuesday warned Iranian cyber actors "are targeting U.S. Government officials, government organizations, and companies to gain intelligence and position themselves for future cyber operations."The latest Worldwide Threat Assessment also said Tehran has been…

The U.S.-based cybersecurity firms FireEye and Symantec have said their research shows Iranian-linked cyber actors have paid particular attention to telecommunications and travel companies, mining them for personal data that could prove useful in such cyber campaigns.Not everyone, however, is convinced Iran is positioned to launch a major cyber offensive.“A lot of the doom and gloom headlines that are out there right now, I think, are overblowing or overhyping the immediate cyberthreat coming from Iran,” Hoover Institution Fellow Jacquelyn Schneider said.“The reality is that Iranians have been conducting these cyberattacks over the last year, if not longer,” she said, adding that while there may well be an uptick in attacks, “they’ve been trying this entire time.”Still, a former U.S. National Security Agency threat manager cautions even a small cyberattack can inadvertently do widespread damage.“There’s always the potential that an attack or an intrusion, which is physically or strategically designed to only impact a certain geography or certain network, creeps to other parts of the network,” said Priscilla Moriuchi, now head of nation-state research at the cybersecurity firm Recorded Future.

Vietnamese startups are heading into the new year looking to avoid the mistakes of such companies as Uber and WeWork, which disappointed investors in 2019 for failing to turn a profit after so much buildup.Investors and entrepreneurs in the communist nation are taking a more critical look at their businesses after seeing others get burned overseas. WeWork, which rents out shared workspaces, was seen as a cautionary tale of a startup that did not live up to expectations and was not profitable.For years, investors were willing to back losing businesses to gain market share. But now, there is more scrutiny of new investments.Benchmarks setThe Vietnam Innovative Startup Accelerator (VIISA) requires its technology startups to meet a list of benchmarks throughout their time in the program.“Apart from very intuitive selection criteria that all applying startups have to go through, the program has introduced a new development measurement method, which helps us to capture the progress of startups that are accepted into VIISA,” Hieu Vo, a board member and chief financial officer at VIISA, said. “I think this process will bring out the best in each person for the particular business they have founded and committed to.”Vo said his colleagues sit down with startups when they join the accelerator to discuss key performance indicators, or KPI, that will be set as goals. VIISA also does training for the young businesses so they have quantifiable skills, such as how to structure a business deal, or how to set up their accounting system.Having metrics and ratings, Vo said, supports “both business performance, as well as personal transformation of founders.”Founder scrutinyThe founder as an individual has become a point of scrutiny for investors, who used to be more forgiving of an eccentric or aggressive founder, seen as part of the package to have a tech genius head an innovative business. But there has been a backlash among those who think too much permissiveness can damage a business, from the sexual misconduct amid the workplace culture of Uber, to the conflicts of interest in business decisions at WeWork.It helps to not just think short term and to have an outside perspective, according to Pham Manh Ha, founder and chief executive officer of Beekrowd, an investment platform in Ho Chi Minh City.“As a first-time founder, it seems impossible for us to look beyond the first six months to a year of our business,” he said, adding that experienced third parties can help businesses take the long view. “They stand outside the trees that are blocking us from seeing the forest.”To see the forest, Vietnamese businesses like his are taking a more measured approach. Vietnam has seen an escalation of tech startups, as investors have rushed to put their money to work and take advantage of the economy’s fast growth.They also remember the dot-com bubble in the United States, and the more recent global tech bubble, two reminders for caution.

Building a tech startup is not easy, especially in countries with less-established tech industries. Nevertheless, many global entrepreneurs are determined to succeed, and the Consumer Electronics Show (CES) in Las Vegas is their chance to prove themselves to the rest of the industry. VOA’s Tina Trinh met with startup founders from Senegal, Ukraine and Thailand.