4# International Privacy Landscape: Shifting Sands of Technology, Policy, and Security

?????Privacy in Politics

"Supreme Court Rules Platforms Have First Amendment Right to Decide What Speech to Carry, Free of State Mandates— Electronic Frontier Foundation"

• The Supreme Court in the USA upholds First Amendment rights of social media platforms to moderate content.
• Platforms have editorial discretion similar to newspapers, bookstores, etc.
• Government has a limited role in dictating content moderation policies.
• Users benefit from platform-led moderation, not government mandates.
• Ruling rejects core provisions of Texas and Florida laws that would force platforms to publish specific content.
• Court's decision aligns with EFF's long-standing advocacy on this issue.
• First Amendment right to curate content does not exempt platforms from other forms of regulation, such as competition and privacy laws.

??Link to the full story??

"ORG Publishes Digital Rights Priorities For Next Government"— Open Rights Group

? Open Rights Group (ORG) releases six priorities for the next UK government to focus on regarding digital rights.

? Priorities address attacks on encryption, mass surveillance, weakened data protection, and the hostile digital environment.

? ORG calls for a government that protects digital rights, safeguards privacy, and defends freedom of expression.

• SIX PLEDGES FOR DIGITAL RIGHTS:

1. Protect the right to use end-to-end encryption for secure communications.
2. Provide migrants with digital sanctuary and equal data/privacy rights.
3. Ban the use of "pre-crime" AI in policing.
4. Defend the right to freedom of expression online.
5. Strengthen data protection rights and ensure a capable watchdog.
6. End intrusive tracking by online advertisers and data brokers.

??Link to the full story??

EU Council discusses Digital Euro:?And how much privacy should it be?— NET POLITIK ORG

• Digital Euro Goals: Public, data-minimizing alternative to current payment services, both online and offline.
• Key Debate: Privacy protections for users, especially regarding data collection and sharing.
• Member State Positions: Support for privacy protections: Austria, Germany, Netherlands, France emphasize trust and confidence in the system.
• Data collection for specific purposes: Most agree on data collection to combat fraud, money laundering, terrorism, and tax evasion.
• Concerns about offline transaction exemptions: Lithuania, Portugal, and Italy want more data collection or elimination of exemptions.
• Proposed Solutions:Distance-based exemptions: France proposes exempting face-to-face transactions from monitoring, regardless of online/offline status.
• Single access point concerns: Germany questions the need for a central user identifier storage at the ECB due to privacy risks.
• Stronger central bank data protection: Belgium suggests mandating encryption, data minimization, and limitations on re-use for the ECB and national central banks.
• Explicit prohibition on user identification: Belgium proposes preventing central banks from directly identifying users.

??Link to the full story??

?????Privacy & Infosec in the Public Sector

Brazil Prevents Meta from Using People to Power Its AI— Human Rights Watch

• Brazil's National Data Protection Authority issues a preliminary ban on Meta using personal data of Brazilian users for AI training.
• Decision is based on imminent risk of harm to fundamental rights of those affected.
• Ban follows reports of children's photos being used to build AI tools without consent, potentially leading to harmful deepfakes.
• Decision reflects the importance of protecting children's data and respecting users' privacy expectations.
• Meta previously paused similar plans in Europe and the UK after objections.
• Ban imposes a daily fine on Meta for non-compliance.
• Meta claims the decision is a setback for innovation and AI development.
• Brazil's move is praised as proactive in protecting data privacy amidst evolving AI landscape.
• Decision aims to protect children from potential harm caused by misuse of their personal data.

??Link to the full story??

China Aims To Set New World Standards For Brain-machine Interfaces, Echoing Elon Musk’s Neuralink— The Debrief

• Goal: Develop national standards for BCI technology, rivaling Western advancements (like Elon Musk's Neuralink) and bolstering domestic competition.
• Strategy:Form a committee with diverse stakeholders (experts, companies, research institutions) to draft guidelines and standards of practice. Open call for public feedback by July 30th to ensure alignment with industry and management needs.
• Focus Areas:T echnical aspects: Data acquisition, encoding/decoding, communication, visualization.
• Applications: Healthcare, education, consumer electronics, clinical use.
• The Neucyber: A new, invasive BCI implant successfully tested on a monkey, showcasing mind-controlled robotic arm movement.
• Significance: Touted as China's first high-performance BCI, developed independently, and backed by state-owned entities.
• Comparison to Neuralink: While not explicitly mentioned, the Neucyber's debut at a major tech forum signals China's intent to compete in this cutting-edge field.
• China is making a concerted effort to establish itself as a leader in BCI technology.
• The country is prioritizing both technical standards and practical applications of BCIs.
• The development of the Neucyber demonstrates China's growing capabilities in this field.
• The move is likely to intensify the global race for BCI innovation and dominance.

??Link to the full story??

Serbian Authorities Intensify Biometric Surveillance of Critics: Report— Find Biometrics

• Extensive Surveillance: Serbian authorities are using biometric surveillance, including facial recognition technology, to monitor political opponents, activists, and journalists.
• Questionable Motives: The official justification of crime prevention is questioned, with evidence suggesting surveillance is aimed at suppressing dissent.
• Opaque Procurement: Surveillance equipment, often from Chinese companies, is acquired through non-transparent contracts, raising accountability concerns.
• Contradictory Actions: Serbia seeks EU membership while deepening ties with authoritarian regimes, acquiring advanced surveillance tech like drones.
• Spyware Attacks: State-sponsored actors have targeted civil society representatives and journalists with spyware to access data and control devices.
• Unauthorized Surveillance: The Serbian Security Information Agency (BIA) surveilled a former police director without a court order, using intrusive software.
• Legal Challenges: Efforts to legalize biometric surveillance faced public resistance, but installation of surveillance cameras continues.
• EU Regulations: The EU's AI Act may offer some relief, but concerns remain about Serbia's cybersecurity governance and ties to Chinese tech companies.
• Past Concerns: The Serbian data protection commissioner previously opposed facial recognition plans due to privacy concerns and inadequate legal frameworks.

??Link to the full story??

????Privacy & Infosec in the Private Sector

Proton launches a privacy-focused Google Docs rival— Techloy

• Privacy-Centric Design: Proton Docs prioritizes user privacy with end-to-end encryption for all content, including keystrokes and cursor movements.
• Familiar User Experience: Offers a Google Docs-like interface with white pages, top toolbar, and real-time collaboration features.
• Integration with Proton Suite: Joins Proton Mail, Calendar, Drive, and Password Manager, expanding the company's privacy-focused ecosystem.
• Features: Rich text editingReal-time collaborative editingMultimedia embedsCompatibility with Microsoft .docx formatMarkdown support and code blocks (inherited from Standard Notes acquisition)
• Availability: Currently web-only, optimized for desktops, with plans to expand to other platforms.
• Future Plans: Proton hints at developing a privacy-focused spreadsheet tool.
• Expected Growth: Proton aims to surpass its 100 million+ user base with the addition of Proton Docs.

??Link to the full story??

Global Police Operation Shuts Down 600 Cybercrime Servers Linked to Cobalt Strike— The Hacker News

• Cobalt Strike Server Takedown: Coordinated operation disrupted almost 600 servers used by cybercriminals for malicious activities.
• Focus on Unlicensed Versions: Targeted older, unlicensed versions of Cobalt Strike, a legitimate security tool abused by threat actors.
• International Collaboration: Led by the U.K. National Crime Agency, involved multiple countries, including the U.S., Canada, and Germany.
• Cobalt Strike's Dual Nature: While designed for security testing, cracked versions are used by cybercriminals for ransomware and espionage.
• Widespread Abuse: Cobalt Strike is a preferred tool for both cybercriminals and nation-state actors due to its versatility and effectiveness.
• Global Impact: Targeted countries include the U.S., India, Hong Kong, Spain, and Canada, with infrastructure hosted in China, U.S., Hong Kong, Russia, and Singapore.
• Technical Tactics: Attackers use Malleable C2 profiles to evade detection.
• Financial Impact: Cyberattacks facilitated by Cobalt Strike can cost companies millions in losses and recovery efforts.
• Spain and Portugal: 54 arrests for vishing schemes targeting elderly citizens, resulting in €2.5 million in losses.
• INTERPOL: Dismantling of human trafficking rings in Laos and other countries, rescuing victims forced into online scams.
• Operation First Light: Global police operation targeting online scams, leading to the arrest of 3,950 suspects and seizure of $257 million in assets.

??Link to the full story??

Report suggests organizations sacrifice client privacy to save money— Security Magazine

• Privacy vs. Cost: A significant number of security leaders believe organizations prioritize cost savings over customer privacy.
• AI's Impact: Security leaders anticipate AI will outpace security teams' capabilities, leading to potential job cuts.
• CISO Burnout: The demanding role, coupled with the constant pressure to balance security and business needs, contributes to burnout.
• Communication Gap: CISOs often struggle to effectively communicate risks to leadership, leading to misaligned priorities.
• Evolving Role: The CISO role is expanding beyond technical expertise to include strategic business decision-making.
• Diverse Backgrounds: CISOs come from various backgrounds, with increasing value placed on offensive security experience.
• Future Outlook: The future of CISOs depends on organizations prioritizing security, providing adequate resources, and integrating CISOs into strategic planning.

??Link to the full story??

* The information in this newsletter is for informational purposes only and does not constitute legal or professional advice.

While we strive for accuracy, we do not guarantee the completeness or accuracy of the content. The views and opinions expressed in linked articles and resources are those of the authors and do not necessarily reflect the views of The Privacy HawkEye and / or its authors.

#AIethics #AIdiscrimination #Cybercrime #dataprivacylaw #surveillance #databreach #spyware #privacyinpolitics #digitalprivacynews #techpolicy #privacyadvocacy #cyberlaw #privacynewsletter