Category Archives: Google

Facebook Shared your Data with 60+ Other Tech Companies

Posted on by

New privacy law forces some U.S. media offline in Europe

continue here where it has affected U.S. media.

It is a privacy war. It is data abuse. It is exploitation.

More than 50 companies including Apple and Amazon participated in the Facebook data-sharing partnership.

Have you noticed emails and terms of privacy has changed in volumes with those sites you often visit? Well we can thank Europe as the new privacy law went into effect in recent weeks.

On May 25, however, the power balance will shift towards consumers, thanks to a European privacy law that restricts how personal data is collected and handled. The rule, called General Data Protection Regulation or GDPR, focuses on ensuring that users know, understand, and consent to the data collected about them. Under GDPR, pages of fine print won’t suffice. Neither will forcing users to click yes in order to sign up. Read the details here.

But, it is suggested that you actually read what updates are in fact happening in the U.S., as it may not be all that protective. Fair warning and take caution, abuses may still continue.

Read on…it is no wonder that Facebook is running TV ads, but that still does not assure us our data is being abused.

Facebook: The Social Accelerator? | emergent by design photo

Facebook Gave Device Makers Deep
Access to Data on Users and Friends

The company formed data-sharing partnerships with Apple, Samsung and
dozens of other device makers, raising new concerns about its privacy protections.

As Facebook sought to become the world’s dominant social media service, it struck agreements allowing phone and other device makers access to vast amounts of its users’ personal information.

Facebook has reached data-sharing partnerships with at least 60 device makers — including Apple, Amazon, BlackBerry, Microsoft and Samsung — over the last decade, starting before Facebook apps were widely available on smartphones, company officials said. The deals allowed Facebook to expand its reach and let device makers offer customers popular features of the social network, such as messaging, “like” buttons and address books.

But the partnerships, whose scope has not previously been reported, raise concerns about the company’s privacy protections and compliance with a 2011 consent decree with the Federal Trade Commission. Facebook allowed the device companies access to the data of users’ friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users’ friends who believed they had barred any sharing, The New York Times found.

Most of the partnerships remain in effect, though Facebook began winding them down in April. The company came under intensifying scrutiny by lawmakers and regulators after news reports in March that a political consulting firm, Cambridge Analytica, misused the private information of tens of millions of Facebook users.

In the furor that followed, Facebook’s leaders said that the kind of access exploited by Cambridge in 2014 was cut off by the next year, when Facebook prohibited developers from collecting information from users’ friends. But the company officials did not disclose that Facebook had exempted the makers of cellphones, tablets and other hardware from such restrictions.

“You might think that Facebook or the device manufacturer is trustworthy,” said Serge Egelman, a privacy researcher at the University of California, Berkeley, who studies the security of mobile apps. “But the problem is that as more and more data is collected on the device — and if it can be accessed by apps on the device — it creates serious privacy and security risks.”

In interviews, Facebook officials defended the data sharing as consistent with its privacy policies, the F.T.C. agreement and pledges to users. They said its partnerships were governed by contracts that strictly limited use of the data, including any stored on partners’ servers. The officials added that they knew of no cases where the information had been misused.

The company views its device partners as extensions of Facebook, serving its more than two billion users, the officials said.

“These partnerships work very differently from the way in which app developers use our platform,” said Ime Archibong, a Facebook vice president. Unlike developers that provide games and services to Facebook users, the device partners can use Facebook data only to provide versions of “the Facebook experience,” the officials said.

Some device partners can retrieve Facebook users’ relationship status, religion, political leaning and upcoming events, among other data. Tests by The Times showed that the partners requested and received data in the same way other third parties did.

Facebook’s view that the device makers are not outsiders lets the partners go even further, The Times found: They can obtain data about a user’s Facebook friends, even those who have denied Facebook permission to share information with any third parties.

In interviews, several former Facebook software engineers and security experts said they were surprised at the ability to override sharing restrictions.

“It’s like having door locks installed, only to find out that the locksmith also gave keys to all of his friends so they can come in and rifle through your stuff without having to ask you for permission,” said Ashkan Soltani, a research and privacy consultant who formerly served as the F.T.C.’s chief technologist.

Details of Facebook’s partnerships have emerged amid a reckoning in Silicon Valley over the volume of personal information collected on the internet and monetized by the tech industry. The pervasive collection of data, while largely unregulated in the United States, has come under growing criticism from elected officials at home and overseas and provoked concern among consumers about how freely their information is shared.

In a tense appearance before Congress in March, Facebook’s chief executive, Mark Zuckerberg, emphasized what he said was a company priority for Facebook users.“Every piece of content that you share on Facebook you own,” he testified. ”You have complete control over who sees it and how you share it.”

But the device partnerships provoked discussion even within Facebook as early as 2012, according to Sandy Parakilas, who at the time led third-party advertising and privacy compliance for Facebook’s platform.

“This was flagged internally as a privacy issue,” said Mr. Parakilas, who left Facebook that year and has recently emerged as a harsh critic of the company. “It is shocking that this practice may still continue six years later, and it appears to contradict Facebook’s testimony to Congress that all friend permissions were disabled.”

The partnerships were briefly mentioned in documents submitted to German lawmakers investigating the social media giant’s privacy practices and released by Facebook in mid-May. But Facebook provided the lawmakers with the name of only one partner — BlackBerry, maker of the once-ubiquitous mobile device — and little information about how the agreements worked.

The submission followed testimony by Joel Kaplan, Facebook’s vice president for global public policy, during a closed-door German parliamentary hearing in April. Elisabeth Winkelmeier-Becker, one of the lawmakers who questioned Mr. Kaplan, said in an interview that she believed the data partnerships disclosed by Facebook violated users’ privacy rights.

“What we have been trying to determine is whether Facebook has knowingly handed over user data elsewhere without explicit consent,” Ms. Winkelmeier-Becker said. “I would never have imagined that this might even be happening secretly via deals with device makers. BlackBerry users seem to have been turned into data dealers, unknowingly and unwillingly.”

In interviews with The Times, Facebook identified other partners: Apple and Samsung, the world’s two biggest smartphone makers, and Amazon, which sells tablets.

An Apple spokesman said the company relied on private access to Facebook data for features that enabled users to post photos to the social network without opening the Facebook app, among other things. Apple said its phones no longer had such access to Facebook as of last September.

Samsung declined to respond to questions about whether it had any data-sharing partnerships with Facebook. Amazon also declined to respond to questions.

Usher Lieberman, a BlackBerry spokesman, said in a statement that the company used Facebook data only to give its own customers access to their Facebook networks and messages. Mr. Lieberman said that the company “did not collect or mine the Facebook data of our customers,” adding that “BlackBerry has always been in the business of protecting, not monetizing, customer data.”

Microsoft entered a partnership with Facebook in 2008 that allowed Microsoft-powered devices to do things like add contacts and friends and receive notifications, according to a spokesman. He added that the data was stored locally on the phone and was not synced to Microsoft’s servers.

Facebook acknowledged that some partners did store users’ data — including friends’ data — on their own servers. A Facebook official said that regardless of where the data was kept, it was governed by strict agreements between the companies.

“I am dumbfounded by the attitude that anybody in Facebook’s corporate office would think allowing third parties access to data would be a good idea,” said Henning Schulzrinne, a computer science professor at Columbia University who specializes in network security and mobile systems. Keep reading here for specific details.

Fed Gov Spent $76 Billion in 2017 for Cyber Security, Fail v Success

Posted on by

Go here for the Forum Part One

Go here for the Forum Part Two

Fascinating speakers from private industry, state government and the Federal government describe where we are, the history on cyber threats and how fast, meaning hour by hour the speed at which real hacks, intrusions or compromise happen.

David Hoge of NSA’s Threat Security Operations Center for non-classified hosts worldwide describes the global reach of NSA including the FBI, DHS and the Department of Defense.

NSA Built Own 'Google-Like' Search Engine To Share ... photo

When the Federal government spent $76 billion in 2017 and we are in much the same condition, Hoge stays awake at night.

With North Korea in the constant news, FireEye published a report in 2017 known as APT37 (Reaper): The Overlooked North Korea Actor. North Korea is hardly the worst actor. Others include Russia, China, Iran and proxies.

Targeting: With North Korea primarily South Korea – though also Japan, Vietnam and the Middle East – in various industry verticals, including chemicals, electronics, manufacturing, aerospace, automotive, and healthcare.
Initial Infection Tactics: Social engineering tactics tailored specifically to desired targets, strategic web compromises typical of targeted cyber espionage operations, and the use of torrent file-sharing sites to distribute malware more indiscriminately.
Exploited Vulnerabilities: Frequent exploitation of vulnerabilities in Hangul Word Processor (HWP), as well as Adobe Flash. The group has demonstrated access to zero-day vulnerabilities (CVE-2018-0802), and the ability to incorporate them into operations.
Command and Control Infrastructure: Compromised servers, messaging platforms, and cloud service providers to avoid detection. The group has shown increasing sophistication by improving their operational security over time.
Malware: A diverse suite of malware for initial intrusion and exfiltration. Along with custom malware used for espionage purposes, APT37 also has access to destructive malware.

More information on this threat actor is found in our report, APT37 (Reaper): The Overlooked North Korean Actor.

** NSA 'building quantum computer to crack security codes ...  photo

Beyond NSA, DHS as with other agencies have cyber divisions. The DHS cyber strategy is found here. The fact sheet has 5 pillars:

DHS CYBERSECURITY GOALS
Goal 1: Assess Evolving
Cybersecurity Risks.
We will understand the evolving
national cybersecurity risk posture
to inform and prioritize risk management activities.
Goal 2: Protect Federal Government
Information Systems.
We will reduce vulnerabilities of federal agencies to ensure they achieve
an adequate level of cybersecurity.
Goal 3: Protect Critical
Infrastructure.
We will partner with key stakeholders
to ensure that national cybersecurity
risks are adequately managed.
Goal 4: Prevent and Disrupt Criminal
Use of Cyberspace.
We will reduce cyber threats by
countering transnational criminal
organizations and sophisticated cyber
criminals.
Goal 5: Respond Effectively to Cyber
Incidents.
We will minimize consequences from
potentially significant cyber incidents
through coordinated community-wide
response efforts.
Goal 6: Strengthen the Security and
Reliability of the Cyber Ecosystem.
We will support policies and activities
that enable improved global cybersecurity risk management.
Goal 7: Improve Management of
DHS Cybersecurity Activities.
We will execute our departmental
cybersecurity efforts in an integrated
and prioritized way.

Related reading:National Protection and Programs Directorate

NPPD’s vision is a safe, secure, and resilient infrastructure where the American way of life can thrive.  NPPD leads the national effort to protect and enhance the resilience of the nation’s physical and cyber infrastructure.

*** Going forward as devices are invented and added to the internet and rogue nations along with criminal actors, the industry is forecasted to expand with experts and costs.

Research reveals in its new report that organizations are expected to increase spending on IT security by almost 9% by 2018 to safeguard their cyberspaces, leading to big growth rates in the global markets for cyber security.

The cyber security market comprises companies that provide products and services to improve security measures for IT assets, data and privacy across different domains such as IT, telecom and industrial sectors.

The global cyber security market should reach $85.3 billion and $187.1 billion in 2016 and 2021, respectively, reflecting a five-year compound annual growth rate (CAGR) of 17.0%. The American market, the largest segment, should grow from $39.5 billion in 2016 to $78.0 billion by 2021, demonstrating a five-year CAGR of 14.6%. The Asia-Pacific region is expected to grow the fastest among all major regions at a five-year CAGR of 21.4%, due to stringent government policies to mitigate cyber threats, and a booming IT industry.

Factors such as the growing complexity and frequency of threats, increasing severity of cyber security, stringent government regulations and compliance requirements, ubiquity of online communication, digital data and social media cumulatively should drive the market. Moreover, organizations are expected to increase IT spending on security solutions and services, as well. Rising adoption of technologies such as Internet of things, evolution of big data and cloud computing, increasing smartphone penetration and the developing market for mobile and web platforms should provide ample opportunities for vendors.

By solution type, the banking and financial segment generated the most revenue in 2015 at $22.2 billion. However, the defense and intelligence segment should generate revenues of $50.7 billion in 2021 to lead all segments. The healthcare sector should experience substantial growth with an anticipated 16.2% five-year CAGR.

Network security, which had the highest market revenue in 2015 based on solution type, should remain dominant through the analysis period. Substantial growth is anticipated in the cloud security market, as the segment is expected to have a 27.2% five-year CAGR, owing to increasing adoption of cloud-based services across different applications.

“IT security is a priority in the prevailing highly competitive environment,” says BCC Research analyst Basudeo Singh. “About $100 billion will be spent globally on information security in 2018, as compared with $76.7 billion in 2015.”

China is Buying America with and without CFIUS

Posted on by

Statistics found here.

When China is not buying America, they are busy in other parts of the globe buying places like Europe. That is how China is expanding, including stealing intelligence, espionage and hacking. The parts of Britain not owned by Russia are being gobbled up by China. Russia has a long plan and China has a long plan, not too sure about the United States, Britain or other allies.

There has been many discussions in Congress to reform CFIUS, Committee on Foreign Investment in the United States. The most widely noticed scandal with CFIUS was the Uranium One deal.

U.S. watchdog expands scrutiny to more Chinese deals ... photo

Anyway, John Carlin recently spoke with the National Law Journal about bipartisan legislation introduced in November in the U.S. Senate and House of Representatives by U.S. Sen. John Cornyn, R-Texas, and U.S. Rep. Robert Pittenger, R-North Carolina, respectively, to overhaul the CFIUS review process. CFIUS reviews, which are voluntary, are meant to protect the nation from business transactions that pose a national security or strategic risk to the United States. The panel has the authority to require the transaction’s parties to undertake risk mitigation, such as carving out a specific location or element of the deal.

The panel can also recommend that the president block a deal entirely. President Donald Trump, for example, in September blocked the sale of Oregon-based Lattice Semiconductor Corp. to a Chinese company. A deal by Anthony Scaramucci, briefly a White House communications director, to sell his stake in SkyBridge Capital to Chinese company HNA Group Co., which is partly government-owned, appears to be in jeopardy after not yet clearing its nearly yearlong CFIUS review, according to reports in financial media including Bloomberg News in mid-December.Treasury Secretary Steven Mnuchin, who chairs the panel, has urged toughening CFIUS reviews.

While leading the DOJ’s National Security Division, Carlin oversaw the indictment in 2014 of five Chinese military members for economic espionage for hacks against several big U.S. companies, among them United States Steel, Westinghouse, Alcoa Inc. and SolarWorld from 2006 through 2014. The division also investigated the cyberattack on Sony Pictures Entertainment in late 2014 that the U.S. government determined originated in North Korea; and brought charges with the FBI against seven Iranians working for computer companies under contract to the Iranian government and military that conducted cyberattacks between 2011 and 2013 against 46 financial institutions including Wells Fargo and JPMorgan Chase & Co. More here.

The CFIUS review process also appears to be affecting efforts by China Oceanwide Holdings Group Co. Ltd. to acquire Genworth Financial Inc.

BusinessInsider: In 2016, General Electric sold its appliances business to Qingdao-based Haier. China’s Zoomlion made an unsolicited bid for heavy-lifting-equipment maker Terex Corporation, and property and investment firm Dalian Wanda announced a deal to buy a majority stake in Hollywood’s Legendary Entertainment.

On Friday, a Chinese-led investor group announced it would buy the Chicago Stock Exchange. And then there’s ChemChina’s record-breaking deal for the Swiss seeds and pesticides group Syngenta, valued at $48 billion according to Dealogic.

There have already been 82 Chinese outbound mergers-and-acquisitions deals announced this year, amounting to $73 billion in value, according to Dealogic. That’s up from 55 deals worth $6.2 billion in the same period last year.

Last year was a record-breaker for Chinese outbound deals, with 607 deals valued at $112.5 billion in total. Just over one month into 2016, and China is more than halfway to breaking that record.

So what’s going on?

One interpretation is that Chinese companies are simply hungry for growth as that country’s economy slows, and they’re feeding themselves by buying other companies.

“With the slowdown of the economy, Chinese corporates are increasingly looking to inorganic avenues to supplement their growth,” Vikas Seth, head of emerging markets in the investment-banking and capital-markets department at Credit Suisse, told Business Insider.

Last year, investment bankers earned $558 million in revenue from Chinese outbound M&A deals, according to Dealogic. This year, that number is at $121 million to date.

But there are, of course, a number of challenge these deals will face — especially in the US.

M&A deals in the US are subject to scrutiny by the Committee on Foreign Investment in the United States, or CFIUS. It recently prevented the $3.3 billion sale of Philips’ lighting business to a group of buyers in Asia.

feb 5 total china m&a deal value
The 82 Chinese outbound deals announced so far in 2016 are worth more than half of 2015’s total Chinese outbound-deal value.
Andy Kiersz/Business Insider

“I would be very surprised if CFIUS did not have an interest in taking a look at this deal,” said Anne Salladin of law firm Stroock & Stroock, referring to the Chicago Stock Exchange deal.

Facebook Suggested Friends Feature Recruited for ISIS

Posted on by

Ooops, call it Artificial Intelligence or an automated outcome friend feature because Mark Zuckerberg thinks connecting people to be friends globally is a good thing. In this case, not so much and who was paying attention? Further, has it been fixed? Nah.

Remember the time when Islamic State has mastered social media to exploit their jihad successes including their videos and publications? The world was in shock and yet, it continues today.

What about al Qaeda, or other domestic militant groups? Facebook says there is no easy fix, what? Anyone considering other social media platforms or the tech companies such as Google?

Facebook (FB) is being accused of inadvertently helping Islamist extremists connect and recruit new members. A new report in The Telegraph cites research suggesting that the social media giant connected and introduced thousands of extremists through its “suggested friends” feature. One writer who spoke to CBSN says “it’s cause for concern.”

The research was conducted by the Counter Extremism Project, a non-profit organization that pressures companies to remove extremist content online. It plans to release its findings in an extensive report later this month.

“The failure to effectively police its platform has allowed Facebook to become a place where extensive (Islamic State of Iraq and Syria or ISIS) supporting networks exist, propaganda is disseminated people are radicalized and new supporters are recruited,” researcher Gregory Waters told The Telegraph.

Facebook is already facing criticism for failing to remove terrorist material from its platform. The platform has also been blamed for spreading disinformation that stokes violence in Myanmar.

“There is no place for terrorists on Facebook,” a Facebook spokesperson said in a statement. “We work aggressively to ensure that we do not have terrorists or terror groups using the site, and we also remove any content that praises or supports terrorism. 99 percent of ISIS and Al Qaeda-related content we remove is found by our automated systems.”

J.M. Berger, author of “Extremism” and a fellow with the Counter-Terrorism Strategic Communications program, told CBSN’s Elaine Quijano that this issue is something that’s been known for some time and says “it’s cause for concern,” but further analysis of the research is needed. Berger said that “the online environment for ISIS and other jihadist extremists is much more difficult than it was just a couple of years ago.”

“It’s a problem we’ve known about for a long time … I first wrote about it in 2013,” Berger said. “All of the social media platforms use algorithms that allow them to suggest content that you might be interested in. It’s a key, integral part of their functioning and what we’ve seen is that these algorithms will recommend whatever kind of content … whether it’s extremist content or normal content. Managing that is a slightly different problem than managing extremist content where you go in and look for keywords.”

“You can be on Facebook and be an ISIS supporter and not post content that would get you suspended — if you don’t put anything publicly than you’re not going to get caught,” Berger explained. “But if you’re part of a social network that supports ISIS, then once a person becomes friends with you — Facebook is going to suggest that they all become friends.”

Berger elaborated: “It used to be that it was extraordinarily easy to find this content — to find other people doing active recruiting who are being open supporters — now that is no longer the case. We can’t realistically hope for 100 percent elimination of this content on these platforms, but now the question is how much is left?”

Approval Process for Cyberwarfare Challenged

Posted on by

Cyber is a real battlefield and yet it gets almost zero ink in the media. The reason is due in part to exposing vulnerabilities, forced ransoms and stolen data.

NotPetya could be the beginnings of a new kind of ... photo

Just a couple of years ago: Chet Nagle, a former CIA agent and current vice president of M-CAM, penned an article in the Daily Caller, stating, “At FBI headquarters in July, the head of FBI counterintelligence, Randall Coleman, said there has been a 53% increase in the theft of American trade secrets, thefts that have cost hundreds of billions of dollars in the past year. In an FBI survey of 165 private companies, half of them said they were victims of economic espionage or theft of trade secrets — 95% of those cases involved individuals associated with the Chinese government.”

The threats all appear to have a foreign genesis and the United States does not have a real cyber policy due in part to debates over whether cyber attacks are acts of war. Can the United States fight back with her own cyber weapons? Not really, kinda, maybe.

Tracking the theft is left to the FBI, while responding is left to the U.S. Cyber Command. Army Lt. Gen. Paul Nakasone is the head of Cyber Command facing strategic threats from Russia, China, North Korea and Iran. During his confirmation hearings, Nakasone was grilled on how he would position the agencies to confront mounting Russian aggression in cyberspace, whether through attempted interference in U.S. elections or targeting the electric grid and other critical industrial systems.

Members of the White House’s National Security Council are pushing to rescind Presidential Policy Directive 20, an important policy memorandum that currently guides the approval process for government-backed cyberattacks, three current U.S. officials familiar with the matter tell CyberScoop.

The effort is driven in part by a desire from some NSC staff to create a more streamlined channel for military leaders to get their offensive cyber operations greenlit, insiders familiar with the matter said. The sources spoke under the condition of anonymity to freely discuss sensitive national security matters.

The move comes as lawmakers openly question whether U.S. Cyber Command, the nation’s premier cyber warfare unit, is hamstrung from responding to Russian meddling due to bureaucratic red tape. CyberScoop previously reported that multiple congressional committees are considering policies that could empower the military’s cyber mission.

But the push for change faces resistance from the intelligence community and several other federal agencies involved in cybersecurity.

Senior U.S. intelligence officials have expressed concerns over what rescinding the directive will mean for their own active computer spying missions. These covert operations, which are typically pursued by intelligence agencies like the CIA or NSA, could be exposed by the launch of “louder” disruptive-style attacks from the military. The presence of multiple hacking teams simultaneously targeting a single network often makes it easier for them all to be discovered by the victim.

Prior reporting by CyberScoop has shown that a long-running turf war exists between different federal agencies regarding the proper use of hacking tools in order to protect the homeland.

Even before Trump came to office though, the framework in question was considered a source of frustration inside the Pentagon.

Signed by President Barack Obama in 2012, the directive’s critics say that it was written in a confusing manner that leaves open-ended questions. In addition, critics tell CyberScoop that too many federal agencies are allowed to weigh in on proposed cyber operations, causing “even reasonable” plans to be delayed or outright rejected.

Insiders who are resistant to eliminating the directive admit that PPD-20 is flawed, but fear change because they’ve not seen a replacement plan.

“Better the devil you know, or something like that,” a former U.S. official said. “This is such a crucial decision because whatever comes next will dictate how arguments are settled inside government … you have the military on one side and the IC on the other.”

The NSC, CIA and Office of the Director of National Intelligence declined to comment. The NSA referred CyberScoop to U.S. Cyber Command, who in turn did not respond to a request for comment.

Currently, PPD-20 requires U.S. government agencies to run approvals for offensive operations through a chain of command that stretches across the federal government. The process is largely focused on controlling those operations that go beyond the confines of everyday digital espionage, or computer exploitation, to simply collect information.

According to PPD-20, if an operation is considered “of significant consequence,” it requires the direct blessing of the president in addition to the interagency group. Hacking operations that, for example, shut down a power grid or cause equipment to explode would fit into such a description. But experts say it also includes less flashy tactics like deleting data or corrupting software in a destructive manner.

“This directive pertains to cyber operations, including those that support or enable kinetic, information, or other types of operations,” PPD-20 reads. “The United States has an abiding interest in developing and maintaining use of cyberspace as an integral part of U.S. national capabilities to collect intelligence and to deter, deny, or defeat any adversary.”

After coming under scrutiny last month, outgoing NSA Director Adm. Michael Rogers told lawmakers that there’s an “ongoing policy discussion” about redrawing the regulations looming over military cyber operations. Unlike conventional military activities, the internet makes it difficult for policymakers to draw clear cut boundaries. This challenges also runs up against longstanding laws that underpin, and therefore divide, the work of soldiers and spies.

Historically, intelligence agencies — empowered by Title 50 of the U.S. Code — have led the way on U.S.-backed hacking that occur in countries like Iran or China; where armed conflict is absent. Military operations fall under the purview of Title 10 of the U.S. Code.

It’s not clear whether giving military leaders more leeway to conduct hacking operations will ultimately make those units more effective at their missions. The details surrounding these activities are always classified, which inhibits the public from having a substantive policy debate.

Ultimately, the decision to eliminate PPD-20 falls solely to the executive branch. Sources tell CyberScoop no final decision has been made.

What makes PPD-20 difficult to analyze is the fact that it remains a classified document, despite it being leaked by NSA whistleblower Edward Snowden. The classification means current officials are barred from publicly commenting on it.

Thomas Rid, a professor of strategic studies at Johns Hopkins University, said that Snowden’s PPD-20 leak was notable because it revealed the U.S. government’s thought process behind “the rise of unwanted norms caused by escalatory cyberattacks.”

“Reading between the lines, the framework acknowledges the negative effect on global cyber norms that events like Stuxnet can cause because of escalation,” said Rid.

Rid also believes the directive was “naïvely constructed,” relying too much on the idea that cyberattacks only impact other machines, and not people.

“When you look at what’s happened in 2016, and really since then, it makes the people who wrote PPD-20 seem like they don’t understand the current threat environment where Russia, and to some degree Iran, are combining active measures with cyber to change public perception,” he told CyberScoop. “Russia is basically kicking the U.S.’ ass.”