Trade secrets in the U.S. and EU: Two years after the decision of the European court of justice and the decision to close the US-EU Privacy Shield
For years, companies have been shuttling customer information between the two regions. “Transatlantic data flows are critical to enabling the $7.1 trillion EU-US economic relationship,” the White House said today. Two years ago, the EU court of justice ruled that if Europeans sent data to the US, it could be tracked by intelligence agencies. The agreement which allowed companies to transfer data between the US and Europe was ripped up because of this. Businesses instead had to make do with a costly and complex temporary replacement.
Before then, around 5,000 businesses had been sending data back and forth across the Atlantic under a system called Privacy Shield. Morgan Reed, president of the App Association, says that the pre-Schrems system worked. The EU court ruling caused thousands of companies to go into legal limbo.
Although the court decision did not stop transfers, it made them more complicated. A lot of small companies don’t have giant compliance departments and so they have standard contractual clauses that raise their costs and worry a lot. Standard contractual clauses are time-consuming data transfer agreements that force companies to take steps to assess whether they are safely moving data around the world.
The companies that have been wrestling with these clauses for the past two years are happy with the order and want to return to normal. The executive order is the next step in the US and EU reaching a new privacy agreement. The Computer and Communications Industry Association (CCIA), a lobbying group for tech companies, appreciates the action of President Biden to keep data flowing between the US and EU.
According to new details from an internal audit, FBI personnel have conducted illegal searches under the current intelligence authority, which is set to expire at the end of the year. The US Department of Justice called it a misunderstanding, and said agents requested information on journalists, a congressman, and a political party.
This week, WIRED spoke to the creator of Sinbad.io, a cryptocurrency privacy service popular among North Korean hackers and other cybercriminals that has facilitated money laundering for tens of millions of dollars. The officials from the UK and the US released the real-world names, addresses, and photos of seven alleged members of the “Continu” and “TrickBot” groups. The two governments made clear that they see evidence of links between the Russian cyber groups and the Kremlin’s intelligence services.
US President Joe Biden asserted in his State of the Union address this week that the US needs a bipartisan effort to “impose stricter limits on the personal data that companies collect on all of us.” After the speech in Washington, people were cautiously optimistic but realistic that it would prove too difficult to get a national privacy law in the US. Meanwhile, legal experts told WIRED this week that the US’s Fair Credit Report Act should already curtail the information about Americans that data brokers can collect and sell. A new letter was sent to the Consumer Financial Protection Bureau.
We looked at how Moscow’s expansive smart city initiative, launched with the promise of reduced crime rates, is increasingly being used for draconian AI-assisted surveillance in the city amid Vladimir Putin’s war in Ukraine. And if you were hoping to delete your Twitter DMs through GDPR requests for erasure, the company doesn’t seem to have any plans to comply.
The Northern Hacking-us-Hospitals (Nordkorea Hacking) – A Tale of Two Stories, Three Stories and More
Plus, there’s more. Each week we round up the stories we didn’t cover in-depth ourselves. The full story can be found on the headlines. Stay safe out there.
Hospitals have had to deal with disruptions due to the attacks that have been linked to the Andariel group, according to John, lead intelligence analysis at Mandiant. According to the advisory from the governments, the attackers would try to hide their involvement, use virtual private server to mask their location, and use common vulnerabilities to gain access to networks. The attackers used their own privately developed malware along with ransomware strains belonging to other groups, such as LockBit.
Graphika Discovered Deep Fake Videos on Twitter: How Android Devices are Hoovering up People’s Personal Information in the UK and Ireland
There is a proliferation of news videos on social media that decry gun violence in the US, and promote China’s world politics. There’s a twist to the propaganda that isn’t new. There are two news anchors in the videos and they are not real. They are commonly known as deepfakes. The videos were discovered last year by disinformation research firm Graphika, which says it is the “first time we’ve seen this in the wild.” The company says it believes the videos were created using a commercial AI video software service, and were low-quality overall. None of the videos had more than 300 views.
Researchers from universities in the UK and Ireland have discovered that leading Android phones in China are hoovering up people’s personal data. The University of Edinburgh and Trinity College Dublin did a study about how the pre-installed operating systems on devices can give third parties access to people’s location, history, and phone numbers. To measure network traffic generated by the devices, the researchers conducted research on the phones purchased in China. In many instances, they write, people aren’t notified about the data that’s collected or given any choices to opt out. The study shows how different privacy rules are in China compared to other parts of the world. “The data shared by the global version of the firmware is mostly limited to device-specific information,” the researchers conclude.
An Employee Password Change Strategy to Help Reddit Users Fail During a Phishing Attack: A Wired Analysis of the Disruption Incident
Reddit said on Thursday that hackers had accessed its source code after a successful phishing attack compromised an employee’s system credentials. The incident also exposed the contract information of hundreds of current and former Reddit employees and contacts. In regards to user passwords, the company that owns WIRED said that the incident did not impact user passwords and suggested users to change their passwords and use two-factor Authentication for their accounts. The lessons the company learned from the data breach five years ago are helpful in dealing with the recent incident.