TechLetters #33 - ransom payments and tax deductions; US-EU ransomware task force; ransomware on the rise; ransomware PR; Chrome delays third-party cookie removal
Éditorial
“Clearing cookies” for good turns out to be a complex technical-regulatory exercise. In this case the Privacy Sandbox changes are fascinating to watch. Fascinating because the links between technology and policy/regulations are pretty strict, and things happen fast. It is probably the second time when a continuous interest from the regulators impacted on such a significant move of a technology player. The first was maybe the case of Facebook cancelling its cryptocurrency Libra.
Security
Financial support for ransomware? How can ransomware be supported even more? One way is paying ransoms, another… "the U.S. government also offers a little-noticed incentive for those who do pay: The ransoms may be tax deductible" (link)
Linux security in 2020. As we see on the slide below, considering where Linux is being used, and what parts of our world it runs, the security of Linux is an important societal problem in general. “Linux kernel is the most security-critical infrastructure component in the world.”
Russian concerns over cyberterrorism. Russian FSB's chief said that he is "concerned" with the growing links between "hacker communities" and "international terrorist structures". Keep in mind that “terrorists” do not have much cyber capabilities.
US and EU stronger against ransomware. US and European Union will join forces in combating terrorism and ransomware. Against ransomware payments: "...protect networks as well as the risk of paying the criminals responsible...". Discussed international treaty on cybercrime: "possible future United Nations international legal instrument on cybercrime" (statement).
Evolution of ransomware incidents. Well, is the thread rising? Nice graphic.
Ransomware PR. Ransomware operators (Conti) "cyber criminals who hacked Ireland’s health service IT system over a month ago likely handed over a decryption key as a “public relations move”". So there’s the sensitivity.
Continuous cyber threat. Nobelium' threat actor runs targeted attacks with a goal of stealing information. One of Microsoft's customer care agents was compromised to hack its clients. (link)
Privacy
Facial recognition ban. European Data Protection Supervisor and European Data Protection Board call for a ban on facial recognition in public places. And more: “the EDPB and the EDPS call for a general ban on any use of AI for automated recognition of human features in publicly accessible spaces, such as recognition of faces, gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals, in any context”. (opinion)
3p cookie sunset delayed. Busy with the significant standardisation and technical challenges of phasing out third-party cookies and replacing them with some other technologies (“Privacy Sandbox”), Google just delayed the change from 2022 to late 2023. This is amid the peaking interest on behalf of anti-competition investigations from the UK and EU. As an effect of the announcement, the the market shares/stocks of some Adtech companies increased.
Technology Policy
Technology regulators vs technology. What’s at the stake in the many anti-competition proceedings? "… functions – which many consider to be normal or even critical browser functions – are now subject to approval by the UK’s competition regulator, at least in the most popular Web browser…" (link).
EC vs Privacy Sandbox. European Commission will investigate Google's plan on phasing out third-party cookies, replacing them with Privacy Sandbox "...including the effects on online display advertising and online display advertising intermediation markets". Clash of privacy and anti-competition law? (link, link2)
In case you feel it's worth it to forward this letter further, I leave this thingy below: