TechLetters #42 - cyberattacks as a useful excuse; systematic hacking of Belarus government and security facilities; UK to revamp their local GDPR (weaken?); AI weapons to decide who lives or dies?
Éditorial
Security
Cyberattack smokescreen. In Ireland the recent cyberattack and disruption of the public healthcare provider HSE might be used as a convenient reason in domestic politics. “A number of opposition TDs have vented frustration that parliamentary questions (PQs) about numerous health-related matters are not being responded to, and claim the HSE is now using the cyber-attack as "an excuse" to deny information.” (link)
Hacking the government. A group of concerned people (disclaimer: we don’t know who they are) are systematically hacking government systems in Belarus and leaking sensitive data. “compromised dozens of police and interior ministry databases as part of a broad effort to overthrow President Alexander Lukashenko’s regime”, “The information contains lists of alleged police informants, personal information about top government officials and spies, video footage gathered from police drones and detention centers and secret recordings of phone calls from a government wiretapping system” (link). The people responsible say that they want to undermine the regime at every level, via cyberattacks. they say they are IT experts doing ethical hacking. Belarusian government blamed the hacks on “foreign special services.". The regime government maintains that those responsible are “foreign special services in relation to the leaders of the vertical of power”
Google cybersecurity fund. They’re committing $10 billion. “expanding zero-trust programs, helping secure the software supply chain, and enhancing open-source security”
Privacy
Information flows for sale. “Internet service providers quietly give away detailed information about which computer is communicating with another to private businesses, which then sells access to that data to a range of third parties”. This is a huge privacy risk.
New UK data protection rules. After leaving the European Union, UK will work to relax some data protection aspects. In my comment in Telegraph I say that “everyone should be concerned with plans of relaxing data protection rules. It would be disappointing if the changes make the UK a data exploitation hotbed”. But one thing that the UK culture secretary Oliver Dowden has got right is the observation that third-party cookies are going away, and so the current data protection rules in Europe will soon be obsolete and difficult to adapt. For example, EU policymakers apparently still don't notice this.
Technology Policy
AI to decide on human life? Technology is quickly posing some inconvenient questions: “DO WE WANT ROBOT WARRIORS TO DECIDE WHO LIVES OR DIES?” (link). USA is considering a fully integrated system of autonomous weapons systems (from satellite communication, down to weapons, to other forms of interactions). Problem: today, encrypted data at rest must sometimes be destroyed manually. “The manned systems community often relies on an emergency destruct plan to ensure physical destruction of classified media, including DAR stored on hard drives, should an operator believe the classified media are at risk of compromise. As spinning hard drives are replaced by solid state drives and other media storage devices, the need for other methods of destruction becomes more critical. Other manned platforms face similar data destruction challenges. While NSA-approved data sanitization techniques are available, these techniques are either too time consuming for emergency scenarios or not approved for the sanitization of TS/SCI data. These "limitations drive programs to seek other protective measures, including encryption.”. Meanwhile. “market is expected to reach $20.31 billion in 2025; The autonomous military weapons market consists of sales of autonomous military weapons, which when activated, search, detect, evaluate the threat, track and attack enemy targets and work based on sophisticated algorithms without further intervention by a human operator”.
Samsung can remotely disable Smart TVs. “The ‘Television Block Function’ feature, which is pre-installed on all the company’s sets and enables the company to shut down any TV, provided it can be reached via the internet”. They’ll use the capability to some recently stolen sets.
Chip prices up. Technology development were supposed to guarantee the constant decrease of prices (or maintaining performance-price parity). But this year will be different, with TSMC raising the price by 20%.
Russia on fine spree. “Russia has fined Facebook ($200,000), Twitter ($228k) and WhatsApp ($53k) for failing to store the data of Russian users on local servers”. That’s the digital sovereignty law. “Roskomnadzor said Thursday that some companies have begun complying with the legislation, including Apple, Microsoft, LG Electronics, Samsung, PayPal and Booking.com, among others.” (link).
In case you feel it's worth it to forward this letter further, I leave this thingy below:
You may also share here: