Kia ora koutou,
Another short post on a couple of stories that have caught our attention here in the Issues team. Enjoy and have a great week!
Google appeals French demand for global ‘right to be forgotten’
A recent ruling from the French data protection authority looks seriously worrying for those of us that care about an open and uncapturable Internet, and Internet governance based on multi-stakeholder consensus. Under the new “right to be forgotten” rules the French Commission Nationale de l'Informatique et des Libertes (CNIL), France’s data protection fined Google for not delisting on google.com (as opposed to google.fr, google.de etc). They’re argument seems to be that google.com & other Google search sites is visitable from France, therefore they should be de-indexed. Google has, unsurprisingly, appealed the CNIL decision.
From a non-European perspective, clearly the EU and european governments don’t have the power to change global search engine results for everyone. In a world with virtual private networks, dns changers, and unblockers being popular, how feasible is it in practice to require a de-indexing and expect it to work 100% of the time? On the counter, are there further, more technical steps that Google could take to ensure that de-indexed search results are not visible to people in France?
Hopefully, through this latest appeal & some further refinement of what this new law means in practice we’ll get to an agreed position where the law means and how it should be implemented.
On the Internet, no-one knows if you’re a car
According to one recent report roughly a third of all new SIMs being activated in the US are in cars. That’s not super surprising when you think about it. The Internet of Things (IoT) needs connections. Mobile things like cars need mobile connections. Also, the majority of people in the US who want or can afford a cellphone already have one, so cell-based SIM activation is mostly reliant on replacement rates. Clearly the Internet of Things is going to keep SIM manufacturers in business for a wee while longer.
- Recode: connected cars cellular growth
Also, on a related note (IoT and cars), an automated truck built by some US academics has taught itself to powerslide around corners. Crazy cool!
SWIFT is losing money. Lots of money.
Firstly, I’m not talking about Taylor Swift, this is about SWIFT - the international funds transfer system that banks use to move money around the world. In February this year, a Bangladeshi bank had $81 million stolen through a group of criminals using their SWIFT system to transfer the money out. The weird thing was that they actually tried to get almost $1billion, but a spelling mistake and a sharp-eyed analyst meant they “only” got away with $81m or so.
One thing Adam Boileau said on Risky Business at the time was, to paraphrase: “no-one steals $1 billion on their first rodeo. This crew must have been thieving for a while.” Unsurprisingly, Adam is likely right. It turns out 12 more Bangladeshi banks are being investigated for SWIFT, the SWIFT corporation is doing a review and the Bank of England has asked for UK banks to look into SWIFT security.
Sounds like a LOT more than $81million has been stolen and I’m very confident that we’ll hear more about this over the rest of 2016.
Possibly time for SWIFT to replace their legacy transfer system? Yep. She’s a big job...
- Hacker News: SWIFT banking hack
- Register: SWIFT moves on security
- Ars Technical: 12 more banks being investigated over SWIFT
- Risky Business (an award winning infosec podcast)
Where did we put that torture report?
From the “too incompetent to believe” file, CIA Inspector General has inadvertently destroyed one of only a handful of the Senate CIA torture report. The thing is over 6000 pages long, contains CIA cables, locations of black sites etc and apparently the Inspector-General’s office forgot where they put it, and they had their only copy destroyed. Hopefully it just got mixed up alongside other important documents that were supposed to be destroyed.
But seriously team. Part 1 of the NIST Framework is Identify the information you need to protect. I’d’ve thought that report, given its sensitive and potentially politically damaging content, would make the cut for protective focus, or at least knowing where you put it?
What’s on our radar?
And, finally, some of the things we're attending, thinking about and looking forward to:
- Tuesday morning I’m at the Rotary Club’s Forum on Privacy and Security.
- Andrew is attending the Innovation Partnership’s quarterly meeting.
- Next Thursday is INZs speaker series event: Death and the Internet. Register now