The International Criminal Court (ICC) is examining alleged Russian cyberattacks on Ukrainian civilian infrastructure as potential war crimes, marking the first instance of such an investigation by international prosecutors. According to sources, this could lead to arrest warrants if sufficient evidence is collected. The investigation focuses on cyberattacks that have endangered lives by disrupting power and water supplies, hindering emergency response communications, and disabling mobile data services used for air raid warnings.
Ukraine is actively gathering evidence to support the ICC investigation. Although the ICC prosecutor’s office has declined to comment on specific details, it has previously stated its jurisdiction over cybercrimes and its policy of not discussing ongoing cases. It should also be noted that since the invasion began, the ICC has issued four arrest warrants against senior Russian officials, including President Vladimir Putin, for war crimes related to the deportation of Ukrainian children to Russia. Russia, which is not a member of the ICC, has rejected these warrants as illegitimate. Despite not being a member state, Ukraine has granted the ICC jurisdiction over crimes committed within its borders.
In April, the ICC issued arrest warrants for two Russian commanders accused of crimes against humanity for their roles in attacks on civilian infrastructure. The Russian defense ministry did not respond to requests for comment. Sources indicated that at least four major attacks on energy infrastructure are being investigated.
Why does it matter?
The ICC case could set a significant precedent in international law. The Geneva Conventions prohibit attacks on civilian objects, but there is no universally accepted definition of cyber war crimes. The Tallinn Manual, a 2017 handbook on the application of international law to cyberwarfare, addresses this issue, but experts remain divided on whether data can be considered an ‘object’ under international humanitarian law and whether its destruction can be classified as a war crime. Professor Michael Schmitt of the University of Reading, who leads the Tallinn Manual initiative, emphasised the importance of the ICC’s potential ruling on this issue. He argued that the cyberattack on Kyivstar could be considered a war crime due to its foreseeable consequences for human safety.
Facial recognition company Clearview AI has reached a groundbreaking class action settlement to address allegations of violating the privacy rights of millions of Americans. Filed in Chicago federal court on Wednesday, the agreement is notably unconventional as it does not specify a monetary payout upfront. Instead, it ties compensation to Clearview AI’s future financial outcomes, such as its potential IPO or merger valuation.
The lawsuit, rooted in Clearview AI’s alleged scraping of billions of facial images from the internet without consent, invoked Illinois’ biometric privacy law. Although Clearview denies any wrongdoing, the proposed settlement now awaits approval from US District Judge Sharon Johnson Coleman.
In a related development earlier this year, Clearview AI agreed with the ACLU to restrict access to its facial recognition database for private entities and government agencies in Illinois for five years. The plaintiffs’ attorneys acknowledged that this prior agreement influenced their approach to the class action settlement, adopting a structure that allows class members to share in potential future profits of Clearview AI.
The novel settlement approach, spearheaded by Loevy & Loevy, aims to provide meaningful relief to affected individuals while navigating Clearview AI’s financial constraints. Attorney Jon Loevy highlighted that this solution allows class members to reclaim some ownership over their biometric data, reflecting a unique attempt to compensate for privacy violations in the digital age.
Alphabet’s Google will avoid a jury trial over allegations of digital advertising dominance after paying $2.3 million to settle the US government’s monetary damages claim. The payment means the case, involving non-monetary demands, will be heard directly by a judge. Initially, the Justice Department and several states had sued Google, accusing it of monopolising digital advertising and overcharging users, seeking primarily to break up its advertising business.
US District Judge Leonie Brinkema scheduled the non-jury trial for 9 September, where she will directly hear arguments and decide the case. Google criticised the Justice Department’s damages claim as contrived, denying any wrongdoing and not admitting liability by making the payment. A Justice Department spokesperson declined to comment on the matter.
The Justice Department initially claimed more than $100 million in damages but later reduced the demand to less than $1 million. Google’s $2.3 million payment covers the interest and potential tripling of damages under US antitrust law. Google accused the government of inflating its damages claim to secure a jury trial, while the government contended that Google has worked to keep its anticompetitive conduct hidden from public scrutiny.
Europe’s top court has ruled in favour of tech giants Google, Amazon, and Airbnb in their legal battle against an Italian regulation requiring them to disclose information about themselves. The dispute arose over provisions implemented in 2020 and 2021, which compelled online service providers operating in Italy to register and furnish various details, along with paying a financial contribution or facing penalties.
The companies contested this requirement, arguing that it contradicted the EU law, which stipulates that online service providers are subject only to the regulations of the country where they are established. The Court of Justice of the European Union (CJEU) in Luxembourg concurred, stating that member states cannot impose additional obligations on online service providers established in other EU countries.
The ruling has significant implications, with Google and Airbnb having their European headquarters in Ireland and Amazon in Luxembourg. Expedia, a US-based online travel services provider headquartered in Spain, also objected to the requirement. The CJEU’s decision, which is final and not subject to appeal, has far-reaching implications for cross-border online services within the EU.
Why does it matter?
This ruling underscores the importance of adhering to the EU laws and regulations regarding online services. It sets a precedent for maintaining consistency in regulations across member states and reinforces the principle of mutual recognition among EU countries. As technology continues to transcend borders, legal clarity and harmonisation are essential for fostering a conducive environment for digital innovation and commerce across Europe.
Due to national security concerns, Canada has ordered the dissolution of two technology companies, Bluvec Technologies Inc and Pegauni Technology Inc. According to a statement from the innovation ministry, the companies were directed to cease all operations under the Investment Canada Act. As Innovation Minister Francois-Philippe Champagne stated, the decision followed an extensive review by Canada’s national security and intelligence community.
Minister Champagne emphasised that while Canada remains open to foreign direct investment, it will take decisive action when such investments threaten national security. The statement did not provide specific details about the security concerns or the nature of the investments involved. Bluvec Technologies is identified as a maker of drone detection devices, while Pegauni Technology, which appears to produce wireless security products, could not be reached for comment.
The Investment Canada Act, revised earlier this year, now includes stricter national security reviews for proposed foreign investments. The law applies to foreigners acquiring control of a Canadian business or establishing a new business within the country. Additionally, the enforcement of these regulations underscores Canada’s commitment to safeguarding its national security in the face of potential foreign threats.
Cryptocurrency entrepreneur Do Kwon has been approved for extradition from Montenegro to South Korea by the appeals court in Montenegro. This decision comes as a result of allegations of fraud linked to the collapse of his cryptocurrency company, Terra, which resulted in the loss of around $40 billion of investors’ money and shook global crypto markets. Kwon, whose real name is Kwon Do-hyung, had been on the run for months before being arrested in Montenegro in March last year for using a fake passport.
The Montenegrin appeals court rejected the appeal made by Kwon’s lawyers and upheld the extradition order issued by the Podgorica High Court. However, no specific timeline for the extradition transfer has been mentioned. This decision follows a previous court’s ruling against extraditing Do Kwon to the United States.
Kwon’s business partner, identified by his initials J.C.H., has already been deported to South Korea in early February, highlighting Montenegro’s cooperation with South Korea in this matter. The collapse of TerraUSD, a stablecoin, and its sister token Luna in May 2022 resulted in significant financial losses for many investors. Experts have described the collapse as a glorified Ponzi scheme set up by Kwon, which caused numerous investors to lose their life savings.
The news text also mentions the increasing scrutiny faced by cryptocurrencies, including the high-profile collapse of the exchange FTX, as regulators have become more vigilant in light of various controversies in the past year. This highlights the need for stricter regulations in the cryptocurrency sector to protect investors and ensure the legitimacy of these digital assets.
According to Meta, the change does not have any impact on users’ privacy settings and their ‘information will still be protected by UK data protection and privacy laws’.
On 16 November 2022, the Digital Services Act (DSA) came into force. The DSA applies to digital services connecting consumers to goods, services, or content. Online platforms will have until 17 February 2023 to report the number of active end users.
The European Commission suggests all online platforms notify it regarding these numbers. Then, the Commission will determine if the platform is a large online platform or a search engine. Following this determination, the platform will have four months to comply with the DSA. EU members will have until 17 February 2024 to accredit their Digital Services Coordinators.
