TechLetters #134 cyberattack on WATER TREATMENT. GDPR reform. Competition authorities enforcement GDPR. France considers social network shutdown during unrest. Avast collects/sells customer data, and?
Security
Cyberattack on water treatment. Employee of water firm in California intentionally uninstalled the main operational and monitoring system for the water treatment plant and then turned off the servers running those systems causing a threat to public health. Whether there was a threat to health or life of residents is unclear.
Nagoya port cyberattack. Japan's biggest port hit with ransomware. "Unable to load and unload containers from trailers at all five container terminals, 20,000 containers affected". Recovery brought back the systems on 6th/7th. Backlog of trucks was long.
Ireland’s cybersecurity strategy statement. Ireland considers that a cyberattack attributable to a state will amount to a use of force if it results significant impairment of functionality of critical infrastructure. Such a cyberattack on critical infrastructure can constitute an armed aggression if its scale is high. Cyber operations that have similar effects to physical military operations constituting armed force will bring into existence an international armed conflict.
Cyberattacks on law firms on the rise. Client data theft in such sector is... painful (employee information, patent specifications, merger, acquisition plans — you name it). But at least they know how to defend/argue in court that it's not their fault.
Cybersecurity of CBDCs. Bank for International Settlements for defending central bank digital currencies (CBDC) has a baseline to defend cryptocurrencies from fraud and cyperattacks.
French riots and cyber element? Leak of personal data of 1,121 magistrates & current Minister for Equality between Women and Men, implicitly refers to urban violence. Unclear: hacking or scrapping. But addresses/etc were used in physical attacks already.
Privacy
Russia increases technical surveillance capabilities. One tool can identify when people make voice calls or send files via Telegram, Signal and WhatsApp. Another may determine if someone is using several phones.
Proposal for a GDPR reform to improve enforcement. New procedures. Complainants and parties under investigation will have access to the investigation details, including draft decisions. Will be able to offer feedback. Some other changes smoothing DPA cooperations.
Swedish Data Protection Authority is ordering companies to stop using Google Analytics. Here.
Competition authorities MAY use GDPR in proceedings. It also GIVES LEGAL GROUNDS to competition authorites cooperating with data protection authorities. This is a major news and a shift in EU law! Competition and data protection regimes are now close, and that is the new standard.
Lawsuit against the Avast antivirus company. It "downloaded" (hijacked?) the history of websites browsed by users. And sold it to buyers.
Technology Policy
After riots, French politicians issued amendments to its digital law. Politicians accused digital platforms (Twitter, Snapchat, TikTok, etc.) of supporting riots. So here’s a proposal: platforms would have max 2 hours to remove such content. For non-compliance: one year in prison and a fine of €250,000..
U.S. FTC to penalise fake reviews and testimonials (positive, negative). Including by influencers or celebrities. Penalising also unfair review suppression. $50,000 for evert time a consumer sees it.
China adopts export controls for critical semiconductor metals. Gallium and Germanic.
Other
Generative AI in education. Group of the best UK universities (like Oxford, Cambridge, Edinburgh) allows to use generative AI in education by students, etc. (with some exceptions) They will amend course work and assignments accordingly. They will also consider the risks of privacy and AI of generative AI. “whether a generative AI tool is designed to learn directly from its users’ inputs or not, there are risks to privacy and intellectual property associated with the information that students and staff may enter”
In case you feel it's worth it to forward this content further:
If you’d like to share: