American politicians aren't just restricting access to TikTok — they now hope to ban it outright. Members of the House and Senate have introduced matching bills that would block transactions from any social media company in or influenced by China, Russia, Cuba, Iran, North Korea or Venezuela. The ANTI-SOCIAL CCP Act (Averting the National Threat of Internet Surveillance, Oppressive Censorship and Influence, and Algorithmic Learning by the Chinese Communist Party) is meant to shut down access to TikTok and other apps that could theoretically funnel American user data to oppressive governments, censor news or otherwise manipulate the public.

The rationale echoes what US political leaders have argued for years. While TikTok has taken efforts to distance its international operations from those in China, such as by storing US data domestically, critics have argued that parent company ByteDance is ultimately at the mercy of the Chinese government. TikTok could potentially profile government workers and otherwise surveil Americans, according to the often-repeated claims.

Republican bill co-sponsors Sen. Marco Rubio and Rep. Mike Gallagher tried to draw links between some ByteDance leadership and the Chinese Communist Party in an opinion piece in The Washington Post this November. At the time, 23 directors had previously worked for state-backed media, and "at least" 15 employees still did. The bill is also sponsored by House Democrat Raja Krishnamoorthi.

In a statement, a TikTok spokesperson said it was "troubling" that members of Congress were putting forward legislation to ban the app rather than waiting for a national security review to wind down. The bills will "do nothing to advance" national security, according to the company. The firm added that it would "continue to brief" Congress on plans developed under the watch of security officials. The social network has consistently denied plans to track American users or otherwise deliberately assist Chinese surveillance efforts in the country.

TikTok already faces some legal action. The states of Maryland and South Dakota have banned TikTok on government devices over security concerns. Indiana, meanwhile, sued TikTok for allegedly deceiving users about China's data access and child safety violations. That lawsuit would fine TikTok and demand changes to the service's info handling and marketing claims.

Whether or not the bills become legislation isn't certain. President Biden revoked former President Trump's orders to ban TikTok downloads, and instead required a fresh national security review. He's not expected to override his own order. And while the bill sponsors characterize the measure as bipartisan, it's not clear the call for a TikTok ban has enough support to clinch the necessary votes and reach Biden's desk. To some degree, the ANTI-SOCIAL CCP Act is more a signal of intent than a practical attempt to block TikTok.

The Biden administration is reportedly drafting an executive order designed to modernize federal space regulations. According to Reuters, White House officials have hosted multiple “listening sessions” since November 14th. The goal of those meetings has been to hear from private space companies and the rules they would like to see introduced.

Reuters reports the White House wants to simplify licensing and approval procedures for more routine space activities, including things like rocket launches and satellite deployments. Among the measures the Biden administration is considering is an order that would task the Department of Commerce with creating an online tool that would guide companies through the licensing requirements from each federal agency. The team drafting the order is also looking for ways to push Congress to give certain federal agencies oversight of space activities that aren’t covered by current laws, including things like asteroid mining and space junk removal. The order could be ready for President Biden to sign by early next year.

The administration’s push to streamline space regulations comes as companies like Blue Origin prepare to spend billions on projects like Orbital Reef, a space station the firm hopes to start assembling in low Earth orbit by the end of the decade. The next decade is also likely to see a new space race between the US and China play out as the rival superpowers look to put humans back on the Moon. Private space firms are likely to be critical in the outcome of that conflict.

President Joe Biden has signed H.R. 7132 or Safe Connections Act of 2022 into law, and it could help domestic violence, sexual assault, stalking and human trafficking survivors ultimately cut ties with abusers. Under the new law, users can ask mobile service providers to separate their line — as well as their dependents' — from their abusers' if they have a shared contract. That would ensure that abusers no longer have access to their phone records and can't get their service cut. Carriers aren't allowed to charge fees to grant these requests, which they must do so within do two days. 

In addition, Safe Connections Act of 2022 will require the Federal Communications Commission (FCC) to create rules that would make it easier for survivors seeking separate mobile plans to enroll in its Lifeline Program for up to six months. This FCC initiative gives qualifying low-income consumers a discount on phone services, so they can remain connected to job opportunities, friends, family and emergency services while they're working to get back on their feet. The commission also has to establish rules that would prevent calls or texts to hotlines from appearing on call logs, presumably to keep survivors safe. 

In a blog post, the Electronic Frontier Foundation (EFF) celebrated the new law but also said that it would have "preferred a bill that did not require survivors to provide paperwork to 'prove' their abuse." For a request to be valid, a user must submit "appropriate documentation" to verify that the person they're sharing a contract with "committed or allegedly committed an act of domestic violence, trafficking, or a related criminal act against the survivor."

Having to provide paperwork may not be easy, depending on a person's circumstances, and it could retraumatize survivors trying to break free from abusive situations. "However, this new law is a critical step in the right direction," the EFF continued, "and it is encouraging that Congress and the President agreed."

The Department of Homeland Security said Monday it’s again pushing back the enforcement of Real ID requirements for state driver’s licenses and ID cards. The latest delay moves states’ compliance deadline to May 7th, 2025.

Passed by Congress in 2005 as a response to the Sept. 11th, 2001 terrorist attacks, the Real ID Act requires stricter documentation for boarding flights and entering federal or nuclear facilities. For example, to get a Real ID-compliant driver’s license or state ID card, you need to provide paperwork for your name, date of birth, address, Social Security card and birth certificate.

The DHS says the requirements increase state IDs' reliability and accuracy. Officials can quickly see whether a card is Real ID-compliant by looking for the gold star in the upper right-hand corner.

When the bill passed, states initially had a 2008 compliance deadline. But after some states and US territories refused to play ball, the cutoff faced delay after delay. Despite the ever-shifting deadlines, 13 states rolled out support in 2012. The list grew in the following years as reluctant states faced the prospect of having their residents blocked from flights. But the COVID-19 pandemic led to even more kicking of the can, and today’s cutoff point pushes it back from May 2023 to May 2025.

“DHS continues to work closely with US states, the District of Columbia, and the US territories to meet Real ID requirements,” said Secretary of Homeland Security Alejandro N. Mayorkas in a news release today. “This extension will give states needed time to ensure their residents can obtain a Real ID-compliant license or identification card. DHS will also use this time to implement innovations to make the process more efficient and accessible. We will continue to ensure that the American public can travel safely.” 

Some Florida residents may be keeping a close eye on their finances after a security incident. Researcher Kamran Mohsin tellsTechCrunch that Florida's Department of Revenue website had a flaw that exposed hundreds of filers' bank account and Social Security numbers. Anyone who logged in to the state business tax registration site could see, modify and even delete personal data just by modifying the web address pointing to a taxpayer's application number — you just needed to change the digits in the link.

There were over 713,000 applications in the Department's pipeline at the time of the discovery, Mohsin said. Mohsin warned the Department about the flaw on October 27th.

Department representative Bethany Wester said in a statement that the government fixed the flaw within four days of the report, and that two unnamed firms have deemed the site secure. She added there was "no sign" attackers abused the flaw, but didn't say how officials might have spotted any misuse. The agency contacted every affected taxpayers by phone or writing within four days of learning about the issue, and has offered a year of free credit monitoring.

Bugs like these, known as insecure direct object references, are relatively easy to fix. The damage might also be limited compared to other tax-related breaches, such as a Healthcare.gov intrusion that compromised about 75,000 people in 2018. However, the incident underscores the potential harm from weak security — even a small-scale exposure like this could be used to commit tax fraud and steal refunds.

Senator Ed Markey of Massachusetts is calling on Congress to pass new legislation to rein in tech companies after Twitter boss Elon Musk ignored an information request. “Elon Musk could respond to my tweets but failed to respond to my letter by yesterday’s deadline and answer basic questions about Twitter verification,” Markey tweeted on Saturday.

The senator sent a letter on November 11th about Twitter’s paid account verification feature. Following the initial rollout, trolls could impersonate celebrities, politicians and company brand accounts, the latter leading to real-world effects on stock prices.

Musk addressed one of Markey’s questions when he announced Twitter’s new verification system on Friday. It’ll feature manual authentication and different colored check marks for different types of users. "Gold check for companies, gray check for government, blue for individuals (celebrity or not) and all verified accounts will be manually authenticated before check activates," Musk said. He’s also said sign-ups have hit an all-time high.

– Mat Smith

The Morning After isn’t just a newsletter – it’s also a daily podcast. Get our daily audio briefings, Monday through Friday, by subscribing right here.

The biggest stories you might have missed

• Hitting the Books: Social media's long, pointless war against sex on the internet

• ‘Half-Life: Alyx’ mod adds four hours of single-player content

• ‘Slow Horses’ settles into a familiar but welcome groove

• Ferrari’s Vision hybrid race car arrives in ‘Gran Turismo 7’ on December 23rd

• The Internet Archive’s PalmPilot Emulation project lets you relive tech history

FCC bans telecom and video surveillance gear from Huawei and ZTE

The agency is implementing the rules from the 2021 Secure Equipment Act.

Getty Images

The FCC announced it's officially implementing the Secure Equipment Act, which means some future equipment from Huawei, ZTE, Hytera, Hikvision and Dahua won't be authorized for sale in the US. Existing equipment from those companies, all listed under the FCC's Covered List, aren't affected by the law. Last year, the Biden administration signed into law the Secure Equipment Act, which aimed to block the authorization of network licenses from several Chinese companies whose hardware has been deemed a national security threat.

Continue reading.

NASA’s Orion spacecraft breaks Apollo 13 flight record

The capsule traveled farther than any spacecraft designed to carry humans had before.

NASA

The Artemis 1 Orion crew vehicle has set a record for a NASA flight. On Saturday, Orion flew farther than any spacecraft designed to carry human astronauts had ever before, surpassing the previous record set by Apollo 13 back in 1970 – not that it was the aim of the mission. Funnily enough, it’s fitting that Artemis 1 was the one to do it. As Space.com points out, Apollo 13’s original flight plan didn’t call for a record-setting flight. It was only after a mid-mission explosion forced NASA to plot a new return course that Apollo 13’s Odyssey command module set the previous record at 248,655 miles (400,171 kilometers) from Earth.

Continue reading.

Charles Darwin's full correspondence is now available online

You can read over 15,000 letters from the evolutionary science pioneer.

The University of Cambridge has published all the evolutionary scientist's surviving correspondence online, including 400 letters that have either surfaced or are newly "reinterpreted." The searchable collection now covers over 15,000 letters written between 1822 and 1882, ranging from his influential time aboard the HMS Beagle to On the Origin of Species and his end-of-life reflections. The internet archive may even be the only way to see a fuller picture of Darwin's life. The university notes a print edition of his correspondence, due in early 2023, doesn't include letters that arrived too late to reach physical copies.

Continue reading.

UK aims to ban non-consensual deepfake porn

Critics say other aspects of the proposed legislation pose dangers to privacy and security.

The UK government will amend its Online Safety Bill with measures designed to prohibit abuse of intimate images, whether or not they're real. If the bill becomes law as is, it will be illegal to share deepfake porn without the subject's consent. This would be the first ban on sharing deepfakes in the country, and if the law comes into effect, violating this rule could lead to a prison sentence. Critics have pushed back against certain aspects of the bill, including a revived plan to verify a person's age before permitting them to access adult content online.

Continue reading.

Senator Ed Markey of Massachusetts is calling on Congress to pass new legislation to rein in Big Tech companies after Elon Musk ignored an information request. “Elon Musk could respond to my tweets but failed to respond to my letter by yesterday’s deadline and answer basic questions about Twitter verification,” Markey tweeted Saturday. “Congress must end the era of failed Big Tech self-regulation and pass laws that put user safety over the whims of billionaires.”

Musk had until November 25th to answer a letter the senator sent on November 11th about Twitter’s paid account verification feature. The initial rollout of the new Twitter Blue saw trolls use the service to impersonate celebrities, politicians and brands. Markey sent Musk a list of questions about the launch after The Washington Post created a “verified” account impersonating him. One day after Markey shared a copy of the letter on Twitter, Musk attacked the senator.

“Perhaps it is because your real account sounds like a parody,” Musk tweeted. “And why does your pp have a mask!?” he added a few hours later, referring to Markey’s profile picture, which shows the policymaker wearing a face covering. The exchange prompted Markey to chastise the billionaire. “One of your companies is under an FTC consent decree. Auto safety watchdog NHTSA is investigating another for killing people. And you’re spending your time picking fights online,” the senator said. “Fix your companies. Or Congress will.”

As of the writing of this article, Musk has yet to respond to Markey’s latest tweet. It’s hard to say whether the senator’s call will translate to legislative action, particularly with a split between the House of Representatives and Senate. Musk did appear to answer at least one of Markey’s questions when he announced Twitter’s new verification system on Friday. The latest iteration of the program will feature manual authentication and different colored check marks for different types of users. "Gold check for companies, grey check for government, blue for individuals (celebrity or not) and all verified accounts will be manually authenticated before check activates," he said.

Last year, the Biden administration signed the Secure Equipment Act into law, which aimed to block the authorization of network licenses from several Chinese companies whose hardware has been deemed a national security threat. Today, the FCC announced that it's officially implementing that ruling, which means some future equipment from Huawei, ZTE, Hytera, Hikvision and Dahua won't be authorized for sale in the US. Existing equipment from those companies, which are all listed under the FCC's "Covered List," aren't affected by the law.

“The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here,” FCC Chairwoman Jessica Rosenworcel said in a statement. “These new rules are an important part of our ongoing actions to protect the American people from national security threats involving telecommunications.”

To be clear, the FCC isn't completely blocking all hardware from these companies. And for some, like Hytera, Hikvision and Dahua, Rosenworcel writes that it's specifically focusing on gear related to "the purpose of public safety, security of government facilities, physical surveillance of critical infrastructure, and other national security purposes." If those companies can show that they're not marketing that equipment for government use — for example, directing it consumers instead — they may be able get authorized by the FCC.

This latest move follows years of conflict between the US and companies closely tied to Chinese governments. That's included placing several notable Chinese companies, including DJI, on the Department of Commerce's "Entity List," which prohibits US firms from selling equipment to them. The FCC is also calling for $5 billion to help US carriers with the massive task of replacing equipment from Huawei and ZTE.

The UK government will amend its Online Safety Bill with measures designed to prohibit abuse of intimate images, whether or not they're real. If the bill becomes law as is, it will be illegal to share deepfake porn without the subject's consent. This would be the first ban on sharing deepfakes in the country and if the law comes into effect, violating this rule could lead to a prison sentence.

Additionally, the Ministry of Justice aims to ban "downblousing," which it describes as an incident "where photos are taken down a woman’s top without consent." The country banned upskirt photos, which are exactly what the term suggests, in 2019. Furthermore, the government wants to make it illegal to install certain equipment, including hidden cameras, to capture images of someone without their consent.

The UK banned revenge porn in 2015 and the government is aiming to expand the scope to make it illegal for anyone to share any intimate image of someone without consent. As it stands, prosecutors have to prove that the perpetrator had "intent to cause distress." Based on recommendations from the Law Commission, the government also intends to establish two additional serious offenses, which are "based on intent to cause humiliation, alarm, or distress and for obtaining sexual gratification." Officials already intended to outlaw cyberflashing, or sending unsolicited nudes, as part of the Online Safety Bill.

"We must do more to protect women and girls, from people who take or manipulate intimate photos in order to hound or humiliate them," Dominic Raab, the deputy prime minister and secretary of state for justice, said. "Our changes will give police and prosecutors the powers they need to bring these cowards to justice and safeguard women and girls from such vile abuse."

The government hasn't yet released the text of the amended Online Safety Bill. "The government will bring forward the wider package of changes as soon as parliamentary time allows and will announce further details in due course," the Ministry of Justice said. The bill has been delayed several times but it's set to return to parliament in December. 

As TechCrunch notes, though, finding parliamentary time to formally read the amended bill, then to eventually debate and vote on it, may not be easy. It's unclear whether the government will be able to pass the legislation before the next general election is called within the next two years.

Critics have pushed back against certain aspects of the bill, including a revived plan to verify a person's age before permitting them to access adult content online. For many reasons, that measure may not be workable in practice.

The proposed legislation has also been described as a threat to free speech. On Thursday, an open letter to Prime Minister Rishi Sunak signed by 70 cyber security experts, organizations and elected officials laid out some of the dangers to privacy and security that the bill poses. Among other issues, the signatories argued that the Online Safety Bill includes "clauses that would erode end-to-end encryption in private messaging." The letter adds that UK businesses would have less data flow protection than counterparts in the US and EU, "leaving them more susceptible to cyberattacks and intellectual property theft."

"The bill is a deeply flawed censorship proposal that would allow UK residents to be thrown in jail for what they say online," the Electronic Frontier Foundation said this week. "It would also force online service providers to use government-approved software to search for user content that is deemed to be related to terrorism or child abuse. In the process, it will undermine our right to have a private conversation, and the technologies that protect that right, like end-to-end encryption."

Twitter's Brussels office is no more, according to reports, which could make it more difficult for the company to adhere to new European Union regulations regarding content moderation. The number of people employed at the office dropped from six to two after new owner Elon Musk cut the workforce in half. The remaining executives, Julia Mozer and Dario La Nasa, left Twitter last week, according to the Financial Times — just as Musk told employees to commit to his vision for a "hardcore" Twitter 2.0 or leave.

Mozer and La Nasa oversaw public policy for Twitter in Europe. They were in charge of efforts to make sure Twitter complies with the EU's disinformation code as well as the Digital Services Act. The DSA came into force last week and will apply to companies starting in February 2024. It gives EU governments more power over how platforms moderate content and when tech companies have to take down illegal content. Platforms will need to be transparent about the reasons for content moderation decisions. Affected users will have the right to challenge moderation decisions if their content is removed or access to it is restricted.

If Twitter fails to comply with the DSA's rules, it faces potentially heavy penalties. Regulators could fine Twitter up to six percent of its global turnover or even ban the platform. EU internal market commissioner Thierry Breton has warned Musk that Twitter needs to abide by the bloc's content regulations.

Twitter no longer has a communications department that can be asked for comment. Musk said early Thursday that the "general idea" is to limit moderation rules to "illegal content." Minutes earlier, he asked users to reply to him with "anything that Twitter needs to address" in terms of child exploitation on the platform. Regulations about which content is legal can vary significantly by jurisdiction (Germany has fairly strict social media edicts, for instance), and having fewer staff dedicated to ensuring Twitter plays by the rules could make it more difficult for the company to do so.

“I am concerned about the news of firing such a vast amount of staff of Twitter in Europe,” Věra Jourová, an EU vice president who is in charge of the bloc's disinformation code, told the Financial Times. “If you want to effectively detect and take action against disinformation and propaganda, this requires resources. Especially in the context of Russian disinformation warfare, I expect Twitter to fully respect the EU law and honor its commitments."

Meanwhile, several Democratic senators have asked the Federal Trade Commission to determine whether the company has broken consumer protection laws or violated a consent decree with the agency. Among other things, the latter requires Twitter to review new features for potential privacy issues. Earlier this month, it was reported that Twitter engineers have to "self-certify" that they're complying with FTC rules and other laws. The FTC recently said it's “tracking recent developments at Twitter with deep concern.”