TechLetters #9 - nukes vs access to social networks, gaining physical access at the Capitol systems, China-USA sanctions, suing TikTok, tracking with e-mail addresses...
Welcome to the 9th letter, and the first in 2021.
Éditorial
This week, technology platforms decided to lock the account of a Head of State (the president of the USA). This has many important consequences, not only for freedom of speech or representative democracy but also potentially sovereignty. Rather than taking any sides here (I’m not even an American), I merely note that this head of state was then acting (elected in 2016, ruling 2017-2021). This was a huge precedent. Technology platforms are powerful and societies still need to be wary of how this power is used. Digital platforms typically lacked the prerogatives of sovereign States. What happened was now seen by everyone, everywhere.
In different, but somehow linked news, when unaccounted for people gain physical access to your systems, entirely novel risks arise. The risk of course is having unaccounted software installed (backdoors, trojans, malware) to compromise the system, a data breach. This sometimes happens in quite unforeseen places. Like we saw this week, for example in the U.S. Capitol.
When it comes to close-access cyber operations, they do happen in practice:
Security
Chinese cyberattack?Group caught pursuing apparent for-profit campaigns. Not sure what the rationale is but similar suspicions about other state-supported groups in other countries (i.e. North Korea, Russia). Including cyberattacks domestically - in their own countries. An additional source of income, tolerance, or?
Privacy
A secondary use for contact tracing apps. Police forces in Singapore may use digital contact tracing data (TraceTogether) in criminal investigations. So secondary uses possible. It would be much more controversial in March-June. Now will just cause a shrug?
12yro vs TikTok. An unnamed 12-year old person in the United Kingdom sued TikTok over alleged abuse of children data). This will be an interesting GDPR complaint. The General Data Protection Regulation applies here, perhaps for the last time in the UK, because the case is filed before the end of 2020 when the UK left the European Union.
She intends to go to a Court asserting – rightly or wrongly – that her privacy rights and those of others like her have been infringed in ways that call for a remedy. But TikTok is a hugely popular app. This is a very early stage but, from what I have seen of it, the intended claim involves serious criticisms of what may be key aspects of the platform’s mode of operation. Opposition from some users of TikTok is only to be expected. It is fair to anticipate that some such opposition would be strongly-worded.
New tracking methods? Read in the privacy-news: "App developers are exploring surreptitious new forms of user tracking to evade Apple’s new privacy rules". Back in June, I saw it coming.
Tracking users with email address hashes? Advertisement Technology increasingly wants to track internet users with private data like hashed email addresses. There are many proposals currently considered, one is the so-called Unified ID 2.0, which may use people’s e-mail addresses to create identifiers, which is risky. Seeing the IAB data protection impact assessment guidelines: maybe they are actually unaware of the risks? For example, they mention rainbow tables as a potential attack on schemes using private-data. But this is not the risk source. The real risk source is that many/most web users use Gmail services, so the private e-mail is of the form '<USER>@gmail.com', and reversing a supposed one-way transformation from user@gmail.com to a supposedly pseudo-random string like 5a4cd0167fd2730dae4430fd5aaa4c79a89c18d4, is much easier than one thinks. This is something we will hear more about in 2021 (this is just the beginning).
Competition Privacy? The UK Competition and Markets Authority will investigate Google’s plan to remove third-party cookies and replace this tracking measure with new stuff that is geared better towards privacy. Specifically - and the impact of this technical change, including on website revenue... Where this process leads will be very interesting.
Technology Policy
Apps prohibition. The USA dropped new sanctions. Prohibition relates to popular apps like Alipay or WeChat Pay (in addition to CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, and WPS Office). This follows India, which issued similar sanctions months ago. The official reason: national security. Do we have a continuation of technology policy, or perhaps already geopolitics of technology?
No social networks, only nukes. It so happened that Facebook and Twitter locked the head of the USA (the president) from social networks. The guy cannot post anything, what a shame, right? However, it so happens that he still has access to nuclear weapons launch codes! What strange times to be alive. Someone noticed that detail, eventually. In other news, Twitter permanently suspended Trump’s account, the TeamTrump campaign account. Google and Apple banned the ‘alternative communication platform’ app called Parler, with Amazon considering to remove them from their cloud hosting services. Happening fast: examples of technology actors in just a few days. A growing list of digital platforms that so far banned or suspended Trump or groups related: Twitter, Facebook, Reddit, Shopify, Twitch, Youtube, Instagram, Snapchat, TikTok, Apple, Discord, Pinterest. An impressive demonstration of the powers wielded by the digital platforms. I am of course totally not referring to the domestic situation in the USA. Trump does not represent me, as I am not an American.
China countering US technology policy sanctions with new rules. Penalizing global (and domestic) companies participating (i.e. respecting) in the enforcement of 'foreign' sanctions. Conflict of rules clear. I wonder which rules will be respected by Western companies?
That’s it this time, thanks!
In case you decide to forward this letter further for any reason, I’ll leave this thingy below: