FEATURED STORY            

MAY 30, 2018


The European Union’s tough new digital privacy regime came into force late last week, closing a two-year window in which companies were to become compliant. The General Data Protection Regulation, or GDPR, allows Europe’s regulators to impose fines on violating businesses of up to 4 percent of revenue or 20 million euros (whichever is more).


While most privacy advocates praise the GDPR as a model for data protection in the digital era, critics say the new rules are overly burdensome, especially for small businesses. Given the global nature of the internet and the corporate giants that depend on it, the new law promises to have ripples far beyond the 28-member bloc. European officials are pushing foreign governments to replicate the GDPR, and some countries have already passed similar laws.


Legal analysts note that major challenges remain over how the GDPR will be enforced, as many national regulators in the EU have far fewer resources than the companies they will be overseeing. (NYT, Reuters, WSJ, FT)


Infected Routers: The FBI issued a report calling on the public to immediately reboot their routers. Foreign cyber actors using “VPNFilter malware” have reportedly compromised hundreds of thousands of networked devices worldwide, the Bureau said. (NYT, FBI)


Canadian Banks: Hackers may have stolen the data of nearly 90,000 customers of the Bank of Montreal and the Canadian Imperial Bank of Commerce, in what analysts say may be the first significant breach of Canadian financial institutions. (Reuters)


Crypto Theft: Cybersecurity researchers say that hackers have stolen more than $1 billion in cryptocurrencies since the beginning of 2017. Only about 20 percent or less has been recovered, they say. (Reuters)


Yahoo Hacker: The Canadian-Kazakh national accused of helping Russian agents break into billions of email accounts at Yahoo in 2014 was sentenced to five years in prison by a San Francisco federal court. Karim Baratov pleaded guilty to hacking charges last November. (WSJ)


Apple: The company said it received more than 16,000 national security requests from the U.S. government during the second half of 2017, an uptick of 250 percent from that period the year prior. (Reuters)

  ON THE HILL                                    

Foreign Tech Probes: Legislation proposed in the U.S. Senate would require U.S. tech companies to disclose if they allowed foreign governments, like Russia and China, to examine the inner workings of software sold to the U.S. military. (Reuters)


Dating Sites: Some analysts say that vague wording of a new law designed to prevent sex trafficking and prostitution could create legal liability for legitimate dating sites. The law’s supporters dispute these claims. (WSJ)

  PRIVATE SECTOR                             

Facebook: The social media giant launched a searchable archive of U.S. political ads showing who paid for them and other details. The archive tool will be rolled out to other countries in coming months. (Reuters) The start-up based in the Cayman Islands is on track to raise more than $4 billion through a yearlong sale of digital tokens. However, buyers reportedly still don’t know how the company plans to use those funds. (WSJ)

  THE WORLD                                     

EU: Policymakers are reviewing another strict privacy law-- the ePrivacy Regulation--which would protect the confidentiality of online communications. It was approved by the European Parliament last year, but some companies and trade groups are attempting to derail the legislation. (NYT)


South Africa: Authorities are investigating an alleged cryptocurrency scam that defrauded investors of some $80 million. The investigation follows a recent case where kidnappers demanded a ransom in bitcoin of nearly $120,000 to release a South African teenager. (Reuters)


The Test for GDPR Will Be Enforcement: “If the cost of complying is significant, that speaks less to the rule than to the fact that companies have collected and stored our data in ways that ought to make us uncomfortable. That said there remain serious questions about whether the law will have the intended impact, or what unintended consequences it may create. Most important of these is whether the burden of compliance will fall with equal weight on all technology companies,” write editors of the Financial Times.


How a Pentagon Contract Became an Identity Crisis for Google: “The company’s path to future growth, via cloud-computing services, has divided the company over its stand on weaponry. To proceed with big defense contracts could drive away brainy experts in artificial intelligence; to reject such work would deprive it of a potentially huge business,” write Scott Shane, Cade Metz, and Daisuke Wakabayashi in the New York Times.


Are Huawei and ZTE Real Threats? “Huawei and ZTE say the concerns about them are unfounded. But is the threat real? Telecommunications cybersecurity experts say yes—with caveats. A manufacturer could easily disable telecom equipment that it made, but using the equipment to spy would be difficult. And any incursion would be quickly detected and would work only once,” writes Stu Woo in the Wall Street Journal.


Center on National Security
Fordham University School of Law
150 W. 62nd St. 7th Floor
New York, NY 10023 US
Copyright © 2016 Center on National Security, All rights reserved.