WhatsApp Remote Code Execution Triggered by Videos | The flaw can be trivially exploited.
The Trump administration on Monday issued a new 90-day extension allowing US companies to continue doing business with China's Huawei Technologies Co Ltd as US regulators continue crafting rules on telecommunications firms that pose national security risks.
After adding Huawei to an economic blacklist in May citing national security concerns, the US Commerce Department has allowed it to purchase some American-made goods in a series of 90-day license extensions that it says aim to minimize disruption for its customers, many of which operate networks in rural America.
Reuters on Sunday reported the planned 90-day extension after the Trump administration initially planned a short-term two-week reprieve, but ran into bureaucratic issues and opted instead to issue another 90-day extension.
"The Temporary General License extension will allow carriers to continue to service customers in some of the most remote areas of the United States who would otherwise be left in the dark,” said US Commerce Secretary Wilbur Ross in a statement. "The Department will continue to rigorously monitor sensitive technology exports to ensure that our innovations are not harnessed by those who would threaten our national security."
The US Commerce Department added Huawei to its "Entity List" in May after it concluded the company is engaged in activities "contrary to US national security or foreign policy interests."
Huawei said Monday the extension "won't have a substantial impact on Huawei's business either way. This decision does not change the fact that Huawei continues to be treated unfairly either."
The company argues the decision to "add Huawei to the Entity List has caused more harm to the US than to Huawei. This has done significant economic harm to the American companies with which Huawei does business."
In May, President Donald Trump also signed an executive order declaring a national emergency and barring US companies from using telecommunications equipment made by companies posing a national security risk. The Commerce Department was directed to draw up an enforcement plan by mid-October but has yet to publish one.
The Commerce Department is also considering whether to grant individual licenses for US firms to sell components to Huawei after receiving more than 200 requests. No action on those was taken on Monday.
The development comes amid discussions between the United States and China aimed at coming to an initial agreement to resolve a trade war that has lasted for over a year.
The international police organization Interpol plans to condemn the spread of strong encryption in a statement Monday saying it protects child sex predators, three people briefed on the matter told Reuters.
At the group’s conference in Lyon, France on Friday, an Interpol official said a version of the resolution introduced by the US Federal Bureau of Investigation would be released without a formal vote by representatives of the roughly 60 countries in attendance, the sources said.
Echoing a joint letter last month from the top law enforcement officials in the United States, United Kingdom and Australia, the larger group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants.
"Service providers, application developers and device manufacturers are developing and deploying products and services with encryption which effectively conceals sexual exploitation of children occurring on their platforms," a draft of the resolution seen by Reuters said.
"Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and useable format."
Interpol did not respond to a request for comment Sunday. The FBI referred questions to Interpol.
The cooperative law enforcement association is best known for helping countries assist one another in catching suspects outside their jurisdictions. The new statement will not have the force of law, but instead aim at increasing pressure on tech providers.
It could provide greater political cover for more countries to pass laws or regulations barring unbreakable encryption or requiring companies to be capable of hacking their own users, both of which are anathema to major US-based global providers including Apple and Google.
Both the United Kingdom and Australia have recently passed laws moving in that direction, though it is unclear how widely they are being wielded. US skirmishes have been fought in sealed court proceedings, without major congressional action.
Interpol joining the political fray is notable because the group includes Russia and other countries without rules against mass surveillance or spying on political minorities and activists.
"This proposal will endanger people who rely on strong encryption to keep them safe, including from hackers and repressive regimes," said a spokesman for Facebook, which was among the tech companies in Lyon for the conference. "It will also weaken the online security of over a billion people."
Facebook, owner of WhatsApp and Instagram, moved to the front of the political fight this year by announcing plans to make its popular Messenger communication service encrypted end-to-end, so that neither Facebook nor law enforcement can view content unless they have access to one of the endpoint devices.
Because Messenger has been one of the most valuable sources of information about child predators, the step provoked the October joint letter from three of the "Five Eyes" intelligence alliance, which also includes Canada and New Zealand.
Tech activists, pointing to past abuses of "exceptional access" for governments, have been alarmed at the political and legal trend, and that accelerated over the weekend. If an international company provides hacking capability under the legal system in one nation, they say, other countries will demand and get the same access, potentially across borders.
"The idea that the US is so concerned about having lawful exceptional access to end-to-end encryption that they are willing to spread that to nearly every jurisdiction in the world, including authoritarian states with which we would otherwise not share information, is unthinkable to me," said Andrew Crocker, an attorney at the nonprofit Electronic Frontier Foundation.
"To give that power to Russia, China and other authoritarian states is complete dereliction of duty of the US government to protect us."
Microsoft said on Monday it was updating the privacy provisions of its commercial cloud contracts after European regulators found its deals with European Union institutions failed to protect data in line with EU law.
The EDPS, the EU's data watchdog, opened an investigation in April to assess whether Microsoft's contracts with the European Commission and other EU institutions met data protection rules. It raised concerns about compliance in October.
In a statement on its website addressing the issue, Microsoft said: "We will increase our data protection responsibilities for a subset of processing that Microsoft engages in when we provide enterprise services."
The company, the only major cloud provider to offer such terms in the European Economic Area and beyond, expects to offer the new provisions to public sector and enterprise customers in early 2020.