TechLetters #52 - Covid19 vaccine certificate forgeries, the EU wants to counter Russian proposals for a cybersecurity convention, Russia against information operations, espionage in the cloud
Security
Covid-19 certificate hiccup. First rumours that private keys leaked (not really, I hope) were already eye catching. But demonstrable misuses of the vaccination certificate system must raise some questions. Can the system be trusted? How is it possible that three, “real”, vaccination certificates are issued Adolf Hitler and Mickey Mouse? Considering the fact that this system is backed with laws in Europe, that it works at a large scale, and that use of certain fundamental rights and freedoms is conditioned on having the certificate, these are justified cybersecurity issue. Thread here.
Russia dislikes information operations? Looks like Russia is unhappy with the French doctrine of information operations: "seems that no one has yet dared to declare so openly about their intentions to turn the information space into a battlefield". Accusation of "militarisation of social media"?
Security guidance for 5G. Link.
Convention on cybercrime. European Union's negotiation strategy for the Russian-proposed international convention on cybercrime shows that the European Union is very afraid where this may go. The idea of this convention is largely unexpected to EU and US. Internet governance remains a highly contentious area. The EU considers that they must not let any "ambiguous" or "vague" statements put in the final treaty. Nothing should go against human rights & fundamental freedoms. The point is how to reach this: treaties are vague by design. Following West's call to Russia to take cybersecurity seriously, Russia pulled an essentially complete text out of the drawer. This was a surprising move. The proposed Russian draft contains many unacceptable clauses about traffic monitoring/blocking, etc. The leaked document is here. "future UN Convention must be clearly and narrowly defined, fully compatible with international human rights standards and a global, open, free, stable and secure cyberspace"
Privacy
Mozilla’s Privacy Preserving Measurement. Complex protocol.
Technology Policy
European Radio Equipment directive to be strengthened. Internet-connected devices to be put in the security/privacy requirements regime. Not much clarity what the requirements actually mean, though. (delegated act). Supported with new ETSI requirements Cyber Security for Consumer Internet of Things (with data protection rules).
Other
Cloud Espionage. GCHQ, MI5, MI6 secret services will store top secret data in Amazon's AWS cloud. Intention: build analytics/AI tools for espionage purposes.
In case you feel it's worth it to forward this letter further, I leave this thingy below:
You may also share here: