Cybersecurity

New Zealand central bank warns of AI risks

The Reserve Bank of New Zealand has warned that the swift uptake of AI in the financial sector could pose a threat to financial stability.

A report released on Monday highlighted how errors in AI systems, data privacy breaches and potential market distortions might magnify existing vulnerabilities instead of simply streamlining operations.

The central bank also expressed concern over the increasing dependence on a handful of third-party AI providers, which could lead to market concentration instead of healthy competition.

A reliance like this, it said, could create new avenues for systemic risk and make the financial system more susceptible to cyber-attacks.

Despite the caution, the report acknowledged that AI is bringing tangible advantages, such as greater modelling accuracy, improved risk management and increased productivity. It also noted that AI could help strengthen cyber resilience rather than weaken it.

The analysis was published just ahead of the central bank’s twice-yearly Financial Stability Report, scheduled for release on Wednesday.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

US lawmakers push for app store age checks

A new bill introduced by US lawmakers could force app stores like Apple’s App Store and Google Play to verify the age of all users, in a move aimed at increasing online safety for minors.

Known as the App Store Accountability Act, the legislation would require age categorisation and parental consent before minors can download apps or make in-app purchases. If passed, the law would apply to platforms with at least five million users and would come into effect one year after approval.

The bill proposes dividing users into age brackets — from ‘young child’ to ‘adult’ — and holding app stores accountable for enforcing access restrictions.

Lawmakers behind the bill, Republican Senator Mike Lee and Representative John James, argue that Big Tech companies must take responsibility for limiting children’s exposure to harmful content. They believe app stores are the right gatekeepers for verifying age and protecting minors online.

Privacy advocates and tech companies have voiced concern about the bill’s implications. Legal experts warn that verifying users’ ages may require sensitive personal data, such as ID documents or facial recognition scans, raising the risk of data misuse.

Apple said such verification would apply to all users, not just children, and criticised the idea as counterproductive to privacy.

The proposal has widened a rift between app store operators and social media platforms. While Meta, X, and Snap back centralised age checks at the app store level, Apple and Google accuse them of shifting the burden of responsibility.

Both tech giants emphasise the importance of shared responsibility and continue to engage with lawmakers on crafting practical and privacy-conscious solutions.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

TikTok faces a €530 million EU record fine over data concerns

TikTok has been handed a €530 million ($600 million) fine by Ireland’s Data Protection Commissioner (DPC) over data privacy violations involving user information transfers to China. 

The EU privacy watchdog highlighted that TikTok failed to ensure that the EU citizens’ data received sufficient protection against potential access by Chinese authorities, raising concerns among EU lawmakers.

The regulator has also set a tight six-month deadline for TikTok to align its data practices with the EU standards. If the platform cannot demonstrate compliance, particularly in safeguarding the EU user information from being accessed remotely by China-based employees, it could face a suspension of data transfers entirely.

TikTok strongly opposes the ruling, asserting it has consistently adhered to EU-approved frameworks that restrict and monitor data access. The platform also highlighted recent security enhancements, including dedicated EU and US data centres, as proof of its commitment. 

TikTok claims it has never received or complied with any request for the EU user data from Chinese authorities, framing the ruling as an overly strict measure that could disrupt broader industry practices.

However, the regulator revealed new concerns following TikTok’s recent disclosure that some EU user data had been inadvertently stored on servers in China, although subsequently deleted. 

The revelation prompted Ireland’s privacy watchdog to consider additional regulatory actions, underscoring its serious concerns about TikTok’s overall transparency of data handling.

The case represents the second major privacy reprimand against TikTok in recent years, following a €345 million fine in 2023 over mishandling children’s data. It also marks the DPC’s pattern of taking tough actions against global tech companies headquartered in Ireland, as it aims to enforce compliance strictly under the EU’s rigorous General Data Protection Regulation (GDPR).

Cyber incident disrupts services at Marks & Spencer

Marks & Spencer has confirmed that a cyberattack has disrupted food availability in some stores and forced the temporary shutdown of online services. The company has not officially confirmed the nature of the breach, but cybersecurity experts suspect a ransomware attack.

The retailer paused clothing and home orders on its website and app after issues arose over the Easter weekend, affecting contactless payments and click-and-collect systems. M&S said it took some systems offline as a precautionary measure.

Reports have linked the incident to the hacking group Scattered Spider, although M&S has declined to comment further or provide a timeline for the resumption of online orders. The disruption has already led to minor product shortages and analysts anticipate a short-term hit to profits.

Still, M&S’s food division had been performing strongly, with grocery spending rising 14.4% year-on-year, according to Kantar. The retailer, which operates around 1,000 UK stores, earns about one-third of its non-food sales online. Shares dropped earlier in the week but closed Tuesday slightly up.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

France accuses Russia of cyberattacks on Olympic and election targets

France has publicly accused Russia’s military intelligence agency of launching cyberattacks against key French institutions, including the 2017 presidential campaign of Emmanuel Macron and organisations tied to the Paris 2024 Olympics.

The allegations were presented by Foreign Minister Jean-Noël Barrot at the UN Security Council, where he condemned the attacks as violations of international norms. French authorities linked the operations to APT28, a well-known Russian hacking group connected to the GRU.

The group also allegedly orchestrated the 2015 cyberattack on TV5 Monde and attempted to manipulate voters during the 2017 French election by leaking thousands of campaign documents. A rise in attacks has been noted ahead of major events like the Olympics and future elections.

France’s national cybersecurity agency recorded a 15% increase in Russia-linked attacks in 2024, targeting ministries, defence firms, and cultural venues. French officials warn the hacks aim to destabilise society and erode public trust.

France plans closer cooperation with Poland and pledged to counter Russia’s cyber operations with all available means.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Microsoft Recall raises privacy alarm again

Fresh concerns are mounting over privacy risks after Microsoft confirmed the return of its controversial Recall feature for Copilot+ PCs. Recall takes continuous screenshots of everything on a Windows user’s screen and stores it in a searchable database powered by AI.

Although screenshots are saved locally and protected by a PIN, experts warn the system undermines the security of encrypted apps like WhatsApp and Signal by storing anything shown on screen, even if it was meant to disappear.

Critics argue that even users who have not enabled Recall could have their private messages captured if someone they are chatting with has the feature switched on.

Cybersecurity experts have already demonstrated that guessing the PIN gives full access to all screen content—deleted or not—including sensitive conversations, images, and passwords.

With no automatic warning or opt-out for people being recorded, concerns are growing that secure communication is being eroded by stealth.

At the same time, Meta has revealed new AI tools for WhatsApp that can summarise chats and suggest replies. Although the company insists its ‘Private Processing’ feature will ensure security, experts are questioning why secure messaging platforms need AI integrations at all.

Even if WhatsApp’s AI remains private, Microsoft Recall could still quietly record and store messages, creating a privacy paradox that many users may not fully understand.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Trump eases auto tariffs amid industry concerns

President Donald Trump has signed executive orders easing his controversial 25% tariffs on automobiles and parts, aiming to relieve pressure on carmakers struggling with rising costs.

The move follows warnings from manufacturers and analysts that the tariffs could inflate prices, harm domestic production and slow the industry’s recovery. Trump framed the measure as a temporary bridge, allowing automakers time to shift more manufacturing into the US instead of facing harsh penalties.

The changes include a short-term rebate system tied to the proportion of foreign parts used in vehicles assembled domestically. Automakers have been told they’ll have two years of reduced levies, giving them time to reconfigure supply chains and invest in new US-based facilities.

Officials claim announcements on job creation and plant expansion are expected soon, with companies like Stellantis, Ford, and GM praising the policy shift as a step toward competitiveness rather than an immediate fix.

However, some experts warn that the industry needs stability instead of unpredictable policy swings. They argue that relocating production takes years and billions in investment, not mere months.

With vehicle prices already high and supply chains stretched, economists question whether the tariff adjustments can offset the broader economic risks posed by Trump’s wider trade strategy.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

4chan returns after major cyberattack

After suffering what it called a ‘catastrophic’ cyberattack earlier this month, controversial image board 4chan has returned online, admitting its systems were breached through outdated software.

The attacker, reportedly using a UK-based IP address, gained entry by uploading a malicious PDF, allowing access to 4chan’s database and administrative dashboard. The intruder exfiltrated source code and sensitive data before vandalising the site, which led to its temporary shutdown on 14 April.

Although 4chan avoided directly naming the software vulnerability, it indirectly confirmed suspicions that a severely outdated backend—possibly an old version of PHP—was at fault. The site confessed that slow progress in updating its infrastructure resulted from a chronic lack of funds and technical support.

It blamed years of financial instability on advertisers, payment processors, and providers pulling away under external pressure, leaving it dependent on second-hand hardware and a stretched, largely volunteer development team.

Despite purchasing new servers in mid-2024, the transition was slow and incomplete, meaning key services still ran on legacy equipment when the breach occurred. Following the attack, 4chan replaced the compromised server and implemented necessary software updates.

PDF uploads have been suspended, and the Flash board permanently closed due to the difficulty in preventing similar exploits through .swf files.

Now relying on volunteer tech workers to support its recovery efforts, the site insists it won’t be shut down. ‘4chan is back,’ it declared, claiming no other site could replace its unique community, despite long-standing criticism over its content and lax moderation.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Apple to shift US iPhone assembly to India by 2025

Apple is preparing to assemble all iPhones sold inside the US in India by next year, aiming to produce over 60 million units annually in the country by 2026.

The move comes in response to mounting geopolitical tensions and renewed tariff threats under former President Donald Trump’s trade agenda, which once imposed duties as high as 145% on Chinese imports.

The decision marks a major shift in Apple’s supply chain strategy, which has long depended on China. By doubling production in India, Apple hopes to reduce its exposure to trade-related risks instead of relying on short-term tariff exemptions.

Foxconn’s plant in Tamil Nadu and Tata Electronics are leading the effort, with support from India’s government through manufacturing incentives and subsidies.

While Apple remains dependent on Chinese suppliers for many components, shifting final assembly to India reflects growing urgency. Trump-era tariffs triggered a $700 billion market loss for the company in early 2024, prompting Apple to act swiftly instead of waiting for further shocks.

Around 20% of all iPhones are now made in India, a figure expected to rise sharply in the coming years.

Although challenges remain, such as the complexity of relocating the broader supply chain, analysts believe the shift is crucial for Apple’s long-term growth.

With US production capacity lacking the scale and workforce needed, India presents a more viable solution to ensure continued momentum and price stability in Apple’s most important market.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Trump’s first 100 days show steady tech policy

In his blog post ‘Tech continuity in President Trump’s first 100 days,’ Jovan Kurbalija highlights that Trump’s approach to technology remained remarkably stable despite political turbulence in trade and environmental policy. Out of 139 executive orders, only nine directly addressed tech issues, focusing mainly on digital finance, AI leadership, and cybersecurity, reflecting a longstanding US tradition of business-centric tech governance.

Trump’s administration reinforced the idea of letting the tech sector evolve without heavy regulatory interference, even as international players like the EU pushed for stronger digital sovereignty measures. Content moderation policies saw a significant shift, notably with an executive order to curb federal involvement in online censorship, aligning with moves by platforms like Meta and X (formerly Twitter) toward deregulation.

Meanwhile, the prolonged TikTok saga underlined the growing intersection of tech and geopolitics, with ByteDance receiving a deadline extension to sell its US operations amid rising tensions with China. In AI policy, Trump steered away from Biden-era safety concerns, favouring economic competitiveness and educational reforms to strengthen American AI leadership, while public consultations revealed a broad range of industry perspectives.

Kurbalija also noted the administration’s steady hand in cybersecurity, focusing on technical infrastructure while minimising concern over misinformation, and in digital economy matters, where new tariffs and the removal of the de minimis import exemption pointed toward a potentially fragmented global internet. In the cryptocurrency sector, Trump adopted a crypto-friendly stance by creating a Strategic Bitcoin Reserve and easing previous regulatory constraints, though these bold moves sparked fears of financial volatility.

Despite these tactical shifts, Kurbalija concludes that Trump’s overarching tech policy remains one of continuity, firmly rooted in supporting private innovation while navigating increasingly strained global digital relations.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!