TechLetters #128 - breaking 256b encrypted communication systems. Facebook got a GDPR fine. Cookie lifetime limit.
Security
“256-bit encryption system by Motorola” breached? Allegedly: Russian EW apparently achieving real time interception and decryption of Ukrainian Motorola 256-bit encrypted tactical communications systems, which are widely employed by the Armed Forces of Ukraine. Now, it is impossible that properly implemented 256bit encryption system is being broken. So possible reasons (no details included): weak key generation, some side channel?
Volt Typhoon cyber actor group preparing grounds for the future? China’s cyber operator group is hacking US critical infrastructure. Espionage, but also buildup of disruption capabilities to be ready and in place to turn-off stuff “during future crises”
Privacy
Meta/Facebook with a record €1.2 BILLION GDPR fine. For violating European privacy rules. The company has now been given a 5/6-month DEADLINE to comply, so stop the transfer of user data to the United States, or have the arrangement negotiated between EU and US (but what happens to the data pre-arrangement, so since many years? To be purged? Go figure). This (if nothing changes!) may mean the SHUTDOWN OF Facebook and Instagram in Europe. Some reasons: 1) the data transfers in question were being carried out in breach of Article 46(1) GDPR; and 2) in these circumstances, the data transfers should be suspended; This means that Facebook/Instagram MUST SHUT DOWN in Europe. Unless something changes.
Privacy tech, or not. The above decision is also the end of “industry standard” technical hand-waving with “TLS” or “AES” acronyms, and arguing that these are sufficient technical measures. They are not sufficient. Keep that in mind when making data protection impact assessment (or contact me, … ehem? :-) …). In other words: welcome to privacy technologies and meaningful data protection impact assessments. Announcement of the decision: My 2020 analysis about technical-organisational-legal provisions after Privacy Shield has been invalidated.
Blocking the whole European means of GDPR compliance. Let’s remind the awkward compliance ideas from those years ago. This regulation changed a lot in data protection and privacy. 5 years ago it entered into force. And sparked many ‘GDPR hysteria’-like moments.
Cookie life limit. Web browser cookies may no longer have unlimited lifetime. The hard limit is capped at 400 days. It is already supported by e.g. Chrome browser
In case you feel it's worth it to forward this content further:
If you’d like to share: