TechLetters #63 - Cyberattacks in Central-Eastern-Europe: what exactly is going on here? Breach of Red Cross 500k sensitive-people data. #DigitalServicesAct adopted with privacy provisions.
TechLetters #63 - Cyberattacks in Central-Eastern-Europe: what exactly is going on here? Breach of Red Cross 500k sensitive-people data. #DigitalServicesAct adopted with privacy provisions.
Security
Cyberattacks in CEE. The recent cyberattacks and operations in Europe (CEE), Ukraine, etc., were certainly not cyberwarfare, not warfare. It's escalation. But on its lower ends of the scale. This brings up the risks of EU policymaker/politician overreaction. Overreacting is a risk of losing available response options in the future. Big problem. Meanwhile in Europe: "We have reached unity on the need to respond to a Russian attack, but now we lack it on what a Russian attack should be defined as".
ICRC breached. Cyberattack targeting Red Cross movements. Extremely sensitive data of over 500k of vulnerable ("due to conflict, migration and disaster, missing persons and their families, and people in detention", Restoring Family Links) people might be affected… Probably the biggest/most sensitive breach in history of all humanitarian organizations to date... ICRC should engage external private help and external governments for help. In general, this is very bad news of course. It highlights the risks of digital transformation. It is often a better choice to choose not to expose sensitive data that can’t be protected. Still, the operation was targeted: “We do not wish to speculate on any possible misuse of this data”.
NotPetya coverage: war? Insurer was ordered to pay $1.4 billion to Merck for losses due to NotPetya destructive wiper cyberattack in 2017. I don't think this was "war" with respect to USA but I don't know how Merck tried to build a case. From the public parts of the decision, the court views it as weak. The case seems to mainly be built over past insurance litigation, way back to early XX century (case: British Steamship vs The King, 1921). Still, I can imagine there is a way to construct a legal line of argumentation that it *was* war. Fascinating. Let's see what other identical (Mondelez, DLAPiper, ...) cases deliver.
US to probe Alibaba cloud services. To check the risks to “national security”
Fighting misinformation and censorship. “Decisions based on automated social media content analysis risk further marginalising and disproportionately censoring groups that already face discrimination (by amplifying social biases” (report)
USA boosting cybersecurity of important Services. Memorandum.
Privacy
Stricter consents. European Parliament in the adopted Digital Services Act formalised a GDPR interpretation to make consent strict. No dirty tricks allowed, and it must be as easy to give, as to reject, as to withdraw. This is pretty big. Despite the "without prejudice to GDPR…” clause: it is with prejudice, indeed. The adopted text also bans microtargeting based on sensitive GDPR traits (like religion, or disability, etc.).
Digital Services Act legalises the use of deep fakes. Like the Artificial Intelligence Act. The use of deepfakes will have to be “marked”. The legislator is apparently optimistic that marking false information works… My take also here.
Technology Policy
Digital Services Act. Few MEPs want to include provisions in #DigitalServicesAct so that digital platforms cannot remove content of politicians or political parties. Such accounts would be off limits to do whatever they want? “when very large online platforms allow for public debate to take place on its services it should not limit access to information from legal organisations of public interest, e.g. political parties or anon-profit organizations, by depriving them of access to its services. In that case removal of specific illegal online content may not result in a decision to suspend or terminate the recipients’ account.”
Germany 5000 qubits. Germany is deploying the "largest european quantum computer", "with more than 5,000 qubits". Such a quantum computer is limited: it cannot do useful computation. That’s not the point, too. It's mostly tests and getting familiar with the tech
UK to regulate crypto assets. Like NFTs. To protect citizens and increase transparency. (link). Russia is also skeptical: “Cryptocurrencies also have aspects of financial pyramids, because their price growth is largely supported by demand from new entrants to the market”.
Other
In case you feel it's worth it to forward this letter further, I leave this thingy below:
You may also share here: