TechLetters #118 - TikTok bans are spreading; lawful cyberattacks; vendor disabling printers; new UK data protection law; prohibiting software with bugs, in Europe
Security
TikTok as a security threat. The Czech service for cybersecurity and information security warns against TikTok. The risk is classified as HIGH, and "very likely". It is a legal classification with respect to cybersecurity laws. Can't be ignored. “evaluated this threat as “High” – the likelihood of the threat is considered as likely up to very likely. … it is necessary to consider the non-technical aspects of the security of the technology … the Agency recommends that all natural persons whose data could be targeted by the activities of foreign intelligence services (so called persons of interest, i.e. persons who are e.g. in high political, public or decision-making positions) consider limiting or completely prohibiting the installation and use of the TikTok application on their personal devices.”. Can't be ignored. … Previously a ban in EU institutions, Belgium. Now UK is considering it.
Legality of cyberattacks during war. For cyberattack to be lawful it should not cause expected incidental loss of civilian life, injury, damage to civilian objects, or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated’. The principle of military necessity requires that a party to an armed conflict may only resort to those means and methods that are necessary to achieve the legitimate purpose of a conflict, i.e. ‘to weaken the military forces of the enemy’. Cyber operations that do not constitute attacks may be justified on the grounds that such seizure or destruction would be ‘imperatively demanded by the necessities of war’.
Software based printer ink blockade. An update to the firmware of HP printers made non-HP printer inks stop working. "Ink Cartridge Authentication" is a "security" mechanism. You know, "for the good of the user", the printer will stop working.
Privacy
New UK data protection bill. In the proposal for a new UK data protection law, relaxing GDPR level of protection, the UK government estimation a "cost-saving" measured in a few billion of pounds. Over 10 years. That's hand-waving presented in a skewed format. Or not? Bill. Not much changed since previous version. Further processing is to be made easier (but only in cases where it was not based on consent).
Technology Policy
New EU proposal for a regulation may mean the immediate prohibition of using products or apps if a security vulnerability is found. This is extreme and sounds like censorship. Huge control delegated to untransparent and unelected bodies.
Other
In case you feel it's worth it to forward this content further:
If you’d like to share: