Friday News Roundup — May 17, 2019: Huawei’s “Death Sentence;” Ransomware Hobbles Baltimore; Will SCOTUS Respect Precedent; plus News You May Have Missed
Greetings and happy Friday from Washington, D.C., where spring weather seems to be prevailing while heat and humidity are on their way. Despite the sunny weather, the mood in town is defined by tensions: between Congress and the White House as investigations continue; between the United States and China as trade negotiations remain at an impasse pending further dialogue; and between the United States and Iran (as well as between the president and his advisers) as concerns grow about the risk of conflict in the Middle East. This week, in addressing the first, Dan wrote in The Hill about how the tensions between the White House and Congress reflect a historical struggle over a fundamental principle of constitutional government — that Congress can exercise its oversight of the president.
In this week’s roundup, we look at other important stories. Dan covers the Trump administration’s hardline on Huawei and the need for a posture that emphasizes preparation for a long-term technological competition. Michael looks at how ransomware has paralyzed Baltimore and the lessons for security as more municipalities seek to become “smart cities.” Chris challenges the conventional wisdom about whether the court should recognize certain precedents on hot button topics. As always, we wrap with some of the stories that you may have missed.
As Trade Tensions Continue, Trump Administration Targets Huawei
At the same time when little clear progress is being made in trade negotiations between Washington and Beijing, the Trump administration has ratcheted up the pressure on China by issuing an executive order regarding the security of U.S. wireless networks while the Department of Commerce added Huawei to the “Entity List.” The addition of Huawei and 70 of its affiliates to this list places a licensure on the firm when it seeks to buy U.S. technology, effectively banning it from procuring from its U.S. suppliers.
As you may recall, the Trump administration was considering a similar approach to the Chinese firm ZTE, but backed off when President Trump decided to make a gesture towards Chinese President Xi as trade talks began. Now, with the talks at an impasse, some might consider this sanction on Huawei as a similar negotiating gambit. However, combined with the executive order on network security, it reflects a more robust and forceful approach — long needed — to addressing the security of vital network infrastructure.
In the immediate term, it will force Huawei — which purchases $11 billion a year in components from U.S. firms — to cease these purchases of hardware, software, and IT services. Even as Huawei has grown into a global powerhouse, it still relies on U.S. firms for key components. These components, generally microprocessors and wireless modems, are areas where China has yet to surpass U.S. technological expertise (though not for lack of effort to steal such technology.) This measure is referred to as a “death sentence” given the impact it has on purchases of U.S. technology.
Looking further into the future, it does represent the most forceful action taken thus far to push western countries toward forming a united front in terms of the security of their networks and reliance on Chinese suppliers. Even as the United States pressured European partners not to use Huawei equipment, the Europeans pointed to the fact that the U.S. had not instituted a similar ban. Also, those who are moving forward with Huawei purchases argue that there is no clear evidence, at least publicly available, about linkages between Huawei equipment and cyber espionage. That said, waiting for such evidence ignores the legal requirements, under Chinese law, that the firm must immediately cooperate with the government in any matter of national security, intelligence gathering, or cybersecurity. Without naming Huawei by name, Australia effectively banned the firm by banning any firm subject to extrajudicial influence from supplying that nation’s 5G network.
Still, even if Huawei isn’t integrated into the 5G networks, there are still plenty of western wireless carriers still using Huawei in their 4G and other legacy networks. Some of them include U.S. rural carriers who may lose access to U.S. government subsidies unless they remove the Huawei components.
The reach of Huawei demonstrates that two sides must be considered in dealing with the Chinese tech challenge: confrontation and competition. The Trump administration has done well so far to confront the Chinese about their practices, but we have yet to position ourselves for the long-haul competition.
Where the United States once led in technology and telecom innovations, we have seen that things like Bell Labs are long in the past, and we may soon rue the day when our wireless carriers decided to also become media companies rather than focusing on major capital investments in their network infrastructure and security. Consolidation has reduced the number of western 5G component suppliers, and many of these mergers have seen R&D as an easy place to cut costs. At the same time, government has yet to respond to this technological challenge with the same vigor in which we addressed the Space Race technological competition with the Soviet Union. Beyond preparing for a strategic reckoning with China, such a long-haul competitive vision requires government support for education and basic research, and a long-term vision from companies that are too-often beholden to short-term shareholder interests. While firms today can face a “death sentence” when they are barred from purchasing U.S. technology, the effectiveness of such a measure requires continued U.S. and allied technology leadership.
Banning Huawei can be one first step in addressing the immediate challenge, but we, not China, will determine the ultimate strength of American technology innovation.
Charm City Held Hostage by RobbinHood, Batman Nowhere to Be Found
For the last week, computer networks belonging to the City of Baltimore have been inaccessible because of a ransomware attack. According to the Baltimore Sun, email and voicemail accounts across the city’s government are not working, the Department of Finance can only conduct limited business, and the parking fines database is out of service, forcing the city to create a paper-based workaround for car owners to pay fines and release cars from the impound lot. The database of property liens is also down, preventing any real estate transactions from closing. Most of the bandwidth for cyber security focuses on private sector or national security targets, but local governments are appealing targets for cyber criminals as they tend to have valuable data and limited resources to protect them, a problem that will only grow as cities invest in big data solutions.
In a ransomware attack, cyber criminals implant a virus on a target’s machine that encrypts all of the information on that computer. The files can only be accessed by using a secure key — like the one in RSA tokens used for two-factor authentication — that the evildoers will gladly provide in exchange for money. The virus used to attack Baltimore’s systems is called “RobbinHood” and it appears to be installed by a trojan horse, another type of malicious software that appears innocuous until it is executed on a computer.
The hijackers who are holding Baltimore’s network hostage have demanded a ransom of 13 bitcoin to decrypt the files. When the ransom demand was first made on May 7, this was about $75,000, but movements in the dollar value of bitcoin mean that it is now over $100,000 (because bitcoin is not a stable store of value and fails to meet one of the basic criteria of “currency”), and the hackers claim that the information stored on those systems will become inaccessible after 10 days.
This is the second time in the last 15 months that Baltimore has been hit by a ransomware attack. Last March, during a brief window when the city’s firewall was offline for an unrelated maintenance issue, a ransomware attack struck the city’s 911 system. In that case, the computer-aided dispatch system that directs first-responders was taken offline over the course of a weekend to allow the city’s IT team to isolate the virus and reload the system. According to a spokesman for newly-installed Mayor Jack Young, this RobbinHood attack appears similar to one that hit Greenville, NC last month.
In March 2018, Atlanta was affected by a different ransomware virus that took city services offline for months and caused the city to spend over $2.7 million dollars to respond to the attack. Many cybersecurity experts, including the FBI, advise victims not to pay these ransoms. Unless the hijackers provide information about how they gained access, the victim’s systems will still be at risk and they will have gotten a reputation as an easy mark. On the other hand, not paying seems to have little effect on ransomware creators, who appear to have no problem finding other victims who will pay up.
The public dialogue around cyber security tends to focus on personal information collected by corporations and high-end national security threats, but these cases show that local governments can be extremely tempting targets. They collect vital personal identifying information and often have limited budgets for cybersecurity. During the WannaCry ransomware attacks in 2017, computers running Windows XP — a system that launched in 2001 and which Microsoft stopped supporting in 2014 — were particularly at risk. 3.6% of all desktops and laptops still run this hopelessly out-of-date operating system. Many of those belong to organizations with tight budget constraints that run specialized software procured back when XP was still being supported, a condition that applies to Baltimore and many other local governments, as well as healthcare organizations, industrial facilities and — as recently as 2016 — the United Kingdom’s quartet of nuclear-armed ballistic missile submarines.
A report from Deloitte describes “smart cities” that utilize advances in “digital technologies, data, and design thinking” as “the future of urban living.” The services have great potential to make cities more livable by making trash collection more efficient, redirecting rush hour traffic, and making infrastructure less expensive by predicting when systems will need repair. All of this, however, broadens a city’s attack surface for cyber criminals. If local governments do not acquire these systems all at once from a high-end supplier, they may not have common cyber security components. Multiple providers could have different levels of diligence for security patches and commercial off-the-shelf systems might not be perfectly integrated, which could present openings that a cyber attacker could exploit. Such a massive project, however, would be susceptible to graft and favor-trading, especially for local governments that struggle with transparency.
A majority of the most-populous cities in the United States already have or are currently investigating cyber security insurance that will pay future ransomware extortion demands and the remediation necessary to ensure the functioning of government systems. These policies are expensive; Houston is reportedly paying $471,400 per year for a policy that covers up to $30 million. They will become more appealing targets and their risk profiles will continue to grow if they do not stay focused on network maintenance and security, even as they invest in the “smart” future that could provide tangible benefits to local residents.
Does Precedent Really Take Precedence?
On May 14th, America received a lesson on how precedent affects the thinking of Supreme Court justices. At the hands of Justice Clarence Thomas, the Court overruled a longstanding precedent in Franchise Tax Board of California v. Hyatt that drew the ire of the bench’s liberal minority. The very same day, The Atlantic posted an opinion piece by former Justice John Paul Stevens that criticized the Court’s 2010 decision in District of Columbia v. Heller and advocated for its overturning. In these two cases, the views of liberal jurists seem diametrically opposed: one argues strongly in support of precedent and the other disregarding it completely. In fact, the actions are entirely understandable; the stare decisis doctrine is a tool that justices tend to use when it supports their policy preferences.
Stare decisis is a Latin term that translates to “stand by things decided.” In a legal context, it represents respect for precedent, whereby judges making decisions now should respect rulings in analogous cases from the past. During his tenure on the Court, Justice John Paul Stevens invoked stare decisis like any other justice. He often summoned it when refusing to overturn precedent, and even invoked precedent in his recent criticism of Heller. What he now ignores is that his fervent advocacy for overturning the 2010 case is advocacy against stare decisis. Justice Scalia’s opinion on the case was clear: the Constitution recognizes an individual right to bear arms. By consistently advocating for the Court to allow major gun control measures and for Congress to repeal the Second Amendment, he spits in the face of the philosophy he has claimed to adhere to.
Justice Stephen Breyer, on the other hand, was a fervent defender of stare decisis this week. In the aforementioned Hyatt case, the Court’s majority led by Justice Clarence Thomas overturned a 40-year-old precedent set forth in Nevada v. Hall. Justice Breyer seemed to recognize that the narrow issue in this case is not critical to the Court’s jurisprudence; whether or not states posses sovereign immunity in the courts of other states is not a question that arises all that often. What Breyer’s dissent in the case did take serious issue with was Thomas’ famous indifference toward — you guessed it — judicial precedent. Through a thinly veiled reference to the stare decisis considerations employed in Planned Parenthood v. Casey (a successor of Roe v. Wade), Justice Breyer implied that the Court will soon disregard that precedent to overturn precedent safeguarding access to abortion. It is clear that Breyer, along with the Court’s other liberals, is afraid that indifference toward precedent in this case will shape this Court’s future decisions.
So what resolves the apparent paradox between these two takes on stare decisis? It is evident that former Justice Stevens, ever the champion of precedent, is also a strident advocate for gun control. Rather than calling for the current justices to respect the precedent set forth in D.C. v. Heller, he calls it “unquestionably incorrect” and hopes it is thrown to the ash heap of history. When Justice Thomas did the same in Hall this week, precedent adherents quaked in their boots, including those who agree with Stevens’ assessments of Heller like Justice Breyer. On abortion, they say, precedent must be respected; if not, instability will reign and the future of the Court will be uncertain. The thread that connects these thoughts is that of liberal policy preferences. This is not a value judgement of these preferences themselves; it is fine to advocate for gun control and abortion rights in the public sphere. However, weaponizing Supreme Court precedent to protect your policy preference while disregarding it to attack your opponent’s is irresponsible, especially for a Supreme Court justice.
And what of stare decisis itself? Should precedent be held high above all other considerations? Justice Clarence Thomas is famous for his hostility to this suggestion, and has earned the ire of much of Washington’s legal elite because of it. The truth of the matter is that all justices are willing to disregard precedent when the controlling case was wrongly decided. Korematsu v. United States was (rightfully) overturned by the Roberts Court just last year, earning praise from legal scholars. When the Court historically contradicts the plain meaning of constitutional text, it is the duty of future Courts to correct their mistakes and protect the rights of the people. Stare decisis is important: it ensures that the legal order is generally stable. There are certainly areas where uniquely bad precedents (like Korematsu or Plessy v. Ferguson) deserve to be eliminated. We should always be skeptical, however, when justices replace their legal judgement with political judgement as they undermine the value of the Court in the constitutional system and leave all of their jurisprudence open to further questioning when the winds of politics shift.
News You May Have Missed
State Department Official Suggests Broader Civilizational Differences with China; Xi Jinping Claps Back
It is not often that the leader of a foreign power replies directly and publicly to remarks made by the State Department’s Director of Policy Planning, but recent remarks by President Xi suggest just that. In late April, Dr. Kiron Skinner, delivered remarks to the Washington think-tank New America, which described the competition with China as, “This is a fight with a really different civilization and a different ideology, and the United States hasn’t had that before.” Appearing to reply directly to Dr. Skinner, President Xi delivered remarks to a conference of Asian nations hosted in Beijing that stated, “There is no clash between different civilisations, [we] just need to have the eye to appreciate the beauty in all civilisations…today’s China is not only China’s China. It is Asia’s China and the world’s China. China in the future will take on an even more open stance to embrace the world.” While President Xi is taking the opportunity to present a stark contrast to Dr. Skinner’s remarks, a range of other Chinese actions suggest that any openness is likely to be, to borrow a phrase, “openness, with Chinese characteristics.”
While negotiations have been ongoing between U.S., Taliban, and international representatives to bring about a political solution to the protracted conflict in Afghanistan, Congress did not look kindly upon a DOD budget request to reimburse the Taliban for the costs of food and lodging incurred during negotiations held in Doha, Qatar. Congressional leaders blocked the reimbursement, citing existing laws preventing material support for groups designated as terrorist organizations. At the time of writing, the current dismal state of Pakistan’s fiscal footing suggests that the Taliban may now have to look further afield than their traditional supporters to cover their travel costs.
In describing the current geological era as the “anthropocene” — e.g. the era defined by the human impact on earth — some have pejoratively suggested calling it the “plasticene.” Given the impact of plastic waste on the environment from landfills to floating garbage patches, some see the pervasive, non-biodegradable impact of plastic as humanity’s most likely enduring legacy. Those in favor of the plasticene designation received more evidence for their position as Victor Vescovo, a Dallas entrepreneur and deep sea adventurer, dived to the bottom of the Marianas Trench, the deepest abysses in the oceans, and discovered a plastic bag and candy wrapper — along with some species of marine life that may have encountered our trash long before we ever encountered them.
The views expressed by contributors are theirs and not the view of CSPC.