TechLetters #47 - UK to launch cyberattacks; Cyber top of the risks; anti-competition targets Google Privacy Sandbox; Google's Privacy Budget likely destroyed, too; China to regulate algorithms
Éditorial
Security
UK cyberwar. UK will conduct offensive cyberattacks against hostile states that will try to harm the UK "we have a right under international law". Official announcement of the Ministry of Defence (secretary). Will massively develop offensive cyber forces. Asked whether the National Cyber Force’s capabilities were intended to include attacking critical national infrastructure in a hostile state that launched a similar assault on this country, Mr Wallace said: “It would be a dereliction of duty if these capabilities weren’t on our shelves. Who knows where we’ll be in 20 years’ time, we haven’t had a tier-one cyber attack yet, a catastrophic cyber attack.””
Cyberattacks causing death? Hospitals "had increases in patient death rates in the aftermath" (of ransomware infections)? No direct indications - the study is just based on surveys - for the strong claims.
US cybersecurity breach notification. USA to compel critical systems owners to report cybersecurity breaches. Interesting to see how USA is importing European cybersecurity policy solutions. Even the 72h deadline is copy-pasted from EU. Great influence of European Values! (Bill). “COVERED CYBER INCIDENT REPORTS.— 11 covered entity shall report a covered cyber incident to the Director not later than 72 hours after the covered entity reasonably believes that a covered cyber incident has occurred.”
Cyber risk at the top. AXA's risk report puts cybersecurity as the top risks. "there is greater potential than ever before for cyber warfare and terrorism to have wide-ranging negative impacts on society. ". But beware stepping in the cyber insurance pitfall.
Privacy
India health ID. India will design, develop and deploy a "digital health identification" system for 1.3bn of users. Big technological challenge. I guess a lot of security and privacy challenges too. If these are treated seriously. "link all health records to ID app"
Competition vs Google. Anti-competition complaint vs Google in European Union for the intention to phase out support for third-party cookies? "complaint argues that Google’s curb on advertisers’ ability to gather information on web users will hurt revenue...". When Privacy and Competition collide. (link). Australian anti-competition authority just 'identified significant competition concerns and likely harms to publishers and consumers", "existing competition laws alone is not sufficient"? "significant risks of Privacy Sandbox" ? Regulator is concerned with the removal of cookies ... ?
Google’s Privacy Budget analysed. And destroyed. Fingerprinting is the act of interpreting and extracting users/systems 'look' to identify them. It tends to be difficult to fix. Mozilla’s privacy analysis of Google's Privacy Sandbox's Privacy Budget proposal claims that this idea to solve fingerprinting risk is missing the mark. The original idea looks simple: track accesses to certain variables/APIs, then block them when a threshold is exceeded. But this is likely problematic. First, it would be damaging to the web "deployment of the Privacy Budget proposal seems likely to cause unpredictable breakage of Web sites", "the site may just fail", “The unpredictable nature of breakage under these scenarios could make such breakage difficult for web developers to debug and for users to understand, potentially leading to a significant support burden as well”. It gets even worse. Google's Privacy Budget may even be used to track the user. This is because depleted variable/API access may become identifying fingerprints on their own (short-term, because being subject to change). The analysis did not mention a different risk which I add here: it is possible to bypass it. All the site needs to do is to redirect/refer the browser to a third-party site ‘service’ that is the 'privacy budget debtor'. The 3party site would then return a call with the read content to the original site. In the end the analysis recommends minimising the fingerprinting surface. Using the privacy analysis of past browser APIs I issued similar recommendations before (1, 2). While privacy is not simple, it is certainly interesting!
Technology Policy
China algorithm regulations. China plans to introduce regulations of algorithms (to support communist ideology). It seems their missions is strongly regulating technologies. Includes Cyber Administration and Propaganda Department of the Communist Party. “… Adhere to the guidance of Xi Jinping’s Thoughts on Socialism with Chinese Characteristics for a New Era, especially General Secretary Xi Jinping’s important thoughts on network power, thoroughly implement the 19th National Congress of the Party and the spirit of the 2nd, 3rd, 4th, and 5th Plenary Sessions of the 19th Central Committee … Adhere to the guidance of Xi Jinping’s Thoughts on Socialism ... monitor algorithm security risks ... establish correct orientation of the algorithm ... promote the core values of socialism, and adhere to the correct political direction ...prevent the risk of algorithm abuse"”
Other
In case you feel it's worth it to forward this letter further, I leave this thingy below:
You may also share here: