Washington DC's city council has approved the use of digital driver's licenses and IDs, joining Arizona, Georgia and other states, The Washington Post has reported. That gives the district's Department of Motor Vehicles (DMV) the authority to issue digital credentials that can be stored on a smartphone or other mobile device. They could then be presented for entering government buildings, to purchase liquor or in case of police stops, for example. 

Digital IDs and driver's licenses strongly entered the public conversation in September, when Apple announced that Wallet would hold driver's licenses and other IDs in iOS 15. The TSA was slated to be the first place iPhone owners could use their digital identity cards, and Apple subsequently announced that Arizona, Georgia, Kentucky and Oklahoma would be early adopters of the program. Last month, however, Apple said it would delay the release of digital ID cards until 2022, rather than the end of 2021 as scheduled.

Washington DC residents will have the option of using physical or digital credentials and will not be required to show a digital ID on a mobile device. The bill passage brings the city "a step closer to the reality of digital credentials," DC DMV director Gabriel Robinson told The Post. The DMV must now create a plan to to develop the credentials once the legislation is signed into law. 

The Federal Communications Commission now has its first permanent chairwoman. The Senate voted 68 to 31 to confirm President Biden’s nomination of Jessica Rosenworcel, converting her acting chair role into an official (and additional) five-year term. Her temporary position was due to expire within weeks.

Not surprisingly, Rosenworcel signalled plans to maintain her existing policies of making communictions accessible to “everyone, everywhere.” The chairwoman has been a proponent of net neutrality and other regulations meant to keep large technology companies in check, contrasting sharply with the anti-regulation stance of former chair Ajit Pai.

The move gives the FCC some extra stability. However, it might not be the most important nomination. The White House is still waiting on the confirmation of Gigi Sohn to fill an empty commissioner seat. If she’s accepted, the FCC will have a 3-2 Democrat majority that’s more likely to support Biden’s telecom-related priorities. Rosenworcel may have to temper her expectations if the Commission remains in its current stalemate.

On the same day Reuters published a report on how NSO spyware may have been used to target State Department officials, the Biden administration announced the US would work with other countries to limit the export of surveillance software and other technologies to authoritarian governments. In a media event involving The Wall Street Journal, White House officials said the administration wants to coordinate with allies on a code of conduct related to export-licensing policies. Those involved in the effort would share information on tools used against political dissidents, journalists and foreign government officials.

The Biden Administration will announce the effort at the upcoming Summit for Democracy. The event, set to run for two days between December 9th and 10th, will see national governments and the private sector meet to discuss some of the challenges facing democracies in 2021 and beyond. Notably, China and Russia weren’t invited to attend the meeting.

Officials told The Journal the effort is in part a response to a global increase in the use of digital surveillance tools. “Technology is being misused by governments to surveil and, in some cases— as in the case of the [People’s Republic of China] — to control their population,” an administration official told the outlet. The effort could include some of the existing members of the Wassenaar Arrangement, a pact that sets voluntary export controls on military and dual-use technologies.

The initiative would build on work the US government is already doing to limit the export and resale of cyber intrusion software to China and Russia. At the end of October, the Commerce Department announced a new set of rules that will require companies that want to sell their hacking tools to countries “of national security concern” to obtain a license from the department before they can do so.

On Friday, Reuters shed new light on the Biden administration’s recent decision to sanction Pegasus spyware developer NSO Group. Citing four people “familiar with the matter,” the outlet reports an unknown assailant used the firm’s software to infect iPhones belonging to at least nine US State Department officials.

The attacks reportedly targeted federal employees who were either stationed in Uganda or whose work involved the East African country. Reuters wasn’t able to identify who was behind the hacks. The State Department also declined to comment on the report. NSO says it will investigate the matter.

“If our investigation shall show these actions indeed happened with NSO's tools, such customer will be terminated permanently and legal actions will take place," a spokesperson for the company told Reuters. NSO said it would also “cooperate with any relevant government authority and present the full information we will have.”

NSO says its spyware can’t work on devices with US numbers that start with the country +1. But in the case of the State Department employees deployed to Uganda, they were reportedly using iPhones with local telephone numbers. They were also hacked before Apple released iOS 14.8, which addressed the CoreGraphics vulnerability NSO had exploited to allow its spyware to infect an iPhone without the victim even needing to tap on anything. On November 23rd, Apple sued NSO to “hold it accountable” for its actions.

Speaking on condition of anonymity, a senior Biden administration official told Reuters the threat to US officials is one of the reasons the White House is cracking down on NSO and working with allies to combat ransomware and other cybersecurity threats. On November 3rd, the Commerce Department added the company to its Entity List, preventing American companies from doing business with the firm. At the time, the company told Engadget it “dismayed” by the decision, and claimed its tools have helped the US by “preventing terrorism and crime.”

Amazon will have to redo the union election held at its Bessemer, Alabama fulfillment center back in April. According to Politico, Lisa Henderson, the National Labor Relations Board (NLRB) Region 10 Director, has ordered the e-commerce giant to hold another vote mostly due to the fact that Amazon installed a US Postal Service mailbox in front of the warehouse to collect ballots. 

The election results were 1,798 to 738, with workers voting against joining the Retail, Wholesale and Department Store Union (RWDSU). After those results came out, the RWDSU filed 23 objections, accusing the company of interfering with the elections. One of those complaints pointed out that Amazon installed the ballot box without approval from the NLRB and in view of security cameras that made workers feel they were under surveillance. The labor relations board sided with the union and found that Amazon interfered with the election by installing the mailbox and offering employees anti-union badges and signs. 

Henderson wrote in the documents ordering a new election:

"By causing the Postal Service to install a cluster mailbox unit, communicating and encouraging employees to cast their ballots using the mailbox, wrapping the mailbox with its slogan, and placing the mailbox at a location where employees could reasonably believe they were being surveilled, the Employer engaged in objectionable conduct that warrants setting aside the election.

The Employer’s flagrant disregard for the Board’s typical mail-ballot procedure compromised the authority of the Board and made a free and fair election impossible."

Amazon, of course, criticized the NLRB's decision. In a statement sent to The Washington Post, spokesperson Kelly Nantel said in a statement:

"Our employees have always had the choice of whether or not to join a union, and they overwhelmingly chose not to join the RWDSU earlier this year. It's disappointing that the NLRB has now decided that those votes shouldn’t count."

Australia could soon make life difficult for internet trolls — if at a significant cost. Reutersreports Prime Minister Scott Morrison has unveiled plans for legislation that, in some cases, could force social networks to reveal the identities of trolls and others making defamatory comments. A complaint mechanism would require online platforms to take these hostile posts down. If they don't, the court system could order a given site to provide details of the offending poster.

Morrison likened the current internet to a "Wild West" where anonymous attackers could "harm people." If that can't happen in real life, there's "no case" for it happening online, the Prime Minister said.

The proposed laws come weeks after Australia's High Court ruled media companies could be held liable for comments on Facebook posts. CNNlimited access to its Facebook pages in the country over those liability concerns. The intended legislation would take this a step further by mandating certain actions if a post is deemed harmful.

The move raises privacy questions. Anonymity might help trolls, but it also protects political dissenters and other innocuous critics — will Australia make sure any identity disclosure laws aren't used to discourage challenges to authority, as they are in China? And without examples of the legislation, it's unclear just what would constitute an offense serious enough to warrant revealing an identity.

Germany plans to phase out coal use by 2030, eight years earlier than previously planned, as part of its latest climate pledge. That same year, the country wants 80 percent of its electricity to come from renewable sources. Per the BBC, Olaf Scholz, the leader of Germany’s Social Democratic Party, announced the plan on Wednesday as part of a deal that will see the former vice-chancellor govern the country at the head of a three-party coalition made up of the Greens and Free Democrats.

Germany’s September 28th national election saw the Greens claim 118 seats in the Bundestag, making it the party’s best-ever showing. Scholz is expected to tap Greens leader Annalena Baerbock to serve as his foreign minister. Moreover, it’s likely Greens co-leader Robert Habeck will get the vice-chancellorship and the chance to oversee the country’s energy transition.

Notably, the coalition didn’t set a more aggressive emissions reduction target. By 2030, the country still plans to cut emissions by 65 percent from 1990 levels. According to an estimate from nonprofit Climate Action Tracker, Germany needs to reduce its greenhouse gas output by at least 70 percent by the end of the decade to meet the 1.5 degrees Celsius target put forward by the Paris Agreement. 

Additionally, in making a deal with the Social Democratic Party, the Greens made a significant compromise. Per Bloomberg, the country will use natural gas to ease the transition between coal and renewables. Critics also say the coalition had to do more to push electric vehicle adoption. The government only plans to have 15 million EVs on German roads by 2030. “This does not look like a coalition for progress,” Christoph Bautz, the head of Campact, told Clean Energy Wire. “The climate movement will have to keep pushing the coalition to truly make it a climate government."

Russian officials are investigating Netflix after the public commissioner for protecting families accused the company of violating a "gay propaganda" law, according to Reuters. The commissioner claimed that some Netflix content with LGBTQIA+ themes was rated suitable for those aged 16 and older. The country's laws do not allow the distribution of "propaganda on non-traditional sexual relations" among under 18s. 

The Interior Ministry is said to be looking into the complaint. If Netflix is deemed to have broken the law, it faces a fine of up to a million rubles ($13,390). More significantly, the service could be temporarily suspended.

A Netflix source told Vedomosti the company didn't find any LGBT content that was rated 16+ during a review earlier in November. The newspaper also reported this month that officials may ban streaming services from having shows and movies that depict "non-traditional sexual relationships and sexual deviations” in their libraries, including the likes of Fifty Shades of Gray and Billions.

The European Court of Human Rights determined in 2017 that the "propaganda" law, which was enacted in 2013, discriminates against LGBTQIA+ people and violates European treaty rules and the right to freedom of expression. Activists and Western states have also criticized the regulation.

Meanwhile, Russia is taking aim at foreign tech companies at a broader level. This week, it said the likes of Apple, Facebook parent Meta, Google, TikTok, Telegram and Twitter would need to set up official presences in the country by the end of the year, if they haven't already done so.

The European Commission, the executive branch of the European Union, has proposed a ban on some types of targeted political ads that employ sensitive personal data, including ethnic origin, religion, health status or sexual orientation, unless users give explicit consent. If the rules come into force, advertisers would have to provide clear details on the criteria they use for targeting, as well as the "amplification tools or methods" they harness.

Every ad would also have to be more transparent in terms of displaying the name of the person or organization that paid for it, as well as disclosing how much was spent, where the money came from and the ad's connection to an election or referendum.

The EC is hoping these measures will help protect election integrity, largely by making it more difficult for campaigns to target and mislead marginalized groups. It said people should be able to easily tell when they see a paid political ad, whether online or offline, and take part in political discussions without being impacted by interference, manipulation or misinformation.

“Elections must not be a competition of opaque and non-transparent methods. People must know why they are seeing an ad, who paid for it, how much, what micro-targeting criteria were used," the EC's vice-president for values and transparency Vera Jourová said in a statement.

If the bill becomes law, EU member states will need to determine fines for breaching the rules. National data protection authorities will be tasked with monitoring how personal data is used in ad targeting and imposing fines when appropriate. The EC is hoping to enact the rules, which build on the General Data Protection Regulation and planned Digital Services Act, by spring 2023, ahead of European Parliament elections the following year.

Political ads have been a hot button issue for online platforms for several years. Facebook and Google both temporarily banned them after polls closed in the 2020 US presidential election to stem the flow of misinformation. Earlier this month, Meta, the parent company of Facebook and Instagram, removed thousands of ad targeting options, including those related to ethnicity, health, religion, sexual orientation and political beliefs. Twitter banned all political ads in 2019.

The EC's proposed rules could also prevent some types of surreptitious data collection. Back in 2019, PR farms connected to the Republican party used Google's ad network to vacuum up email addresses of potential voters.

The UK has introduced the Product Security and Telecommunications Infrastructure (PSTI) Bill, a suite of new regulations designed to improve security on smart home devices, the government announced. The rules will ban easy-to-guess default passwords, require disclosure of security update release dates and more — under penalty of hefty fines. 

The new rules were originally proposed last year, following a long period of consultation, and are largely unchanged. The first one is a ban on easy-to-guess default passwords, including classics like "password" and "admin." All passwords that come with new devices will "need to be unique and not resettable to any universal factory setting," the law states.

"Most of us assume if a product is for sale, it’s safe and secure. Yet many are not, putting too many of us at risk of fraud and theft," said UK Minister Julia Lopez. "Our Bill will put a firewall around everyday tech from phones and thermostats to dishwashers, baby monitors and doorbells, and see huge fines for those who fall foul of tough new security standards."

Next, manufacturers must tell customers at the point of sale and keep them updated about the minimum time requirement for security patches and updates. If the product doesn't come with them, that fact must be disclosed. Finally, manufacturers must provide a public point of contact for security researchers to they can easily disclose flaws and bugs.

The government is hoping to curtail attacks on household devices, citing 1.5 billion attempted compromises of Internet of Things (IoT) devices in the first half of 2020 alone. As examples, it cited a 2017 attack in which hackers stole data from a casino by attacking an internet-connected fish tank. It added that "in extreme cases, hostile groups have taken advantage of poor security features to access people's webcams." 

The rules will be overseen by a regulator that will be appointed once the bill comes into law. Fines could hit up to £10 million ($13.3 million) or 4 percent of a company's gross revenue — with up to £20,000 a day levied for ongoing infractions. The law applies not only to manufacturers, but also businesses that import tech products into the UK. Products include smartphones, routers, security cameras, games consoles and home speakers, along with internet-enabled appliances and toys.