Jurisdiction

Meta faces lawsuit over hiring practices

A US judge ruled that Meta must face a lawsuit alleging it prioritises hiring foreign workers to pay them lower wages. The proposed class action involves three US citizens who claim they were repeatedly rejected despite being qualified for roles at the company.

The plaintiffs argue that Meta systematically favours visa holders, citing statistics showing a significant portion of its US workforce holds H-1B visas. The company denies the claims, stating there is no evidence of intentional discrimination or that the plaintiffs would have been hired otherwise.

A 2021 settlement saw Meta agree to pay up to $14.25 million over similar government allegations. The latest ruling follows a 2023 appeals court decision, which cited a Civil War-era law protecting US citizens from discrimination in contracts.

Plaintiffs hope the lawsuit will expose widespread hiring biases in the tech sector. Their legal team suggests further enforcement or legislative action may be necessary to address the issue.

For more information on these topics, visit diplomacy.edu.

Apple to sell iPhone 16 in Indonesia after key agreements

Apple is set to begin selling its iPhone 16 in Indonesia following a new agreement with the government, which includes the establishment of a manufacturing plant and a research and development centre. The country’s industry minister, Agus Gumiwang Kartasasmita, confirmed on Wednesday that Apple would soon receive the required local content certificate to allow sales of the device. However, he did not specify when the certificate would be issued.

Indonesia had previously banned the iPhone 16 due to Apple’s failure to meet the local content requirement, which mandates that a certain percentage of parts must be sourced domestically or through local partnerships. Although Apple has no manufacturing facilities in Indonesia, it has been operating developer academies in the country since 2018. Indonesia, with its population of 280 million, is keen to attract more tech-related investment.

Analysts have warned that the local content ban could harm investor confidence and fuel concerns about protectionism, but the new agreements between Apple and the Indonesian government may help address these issues.

For more information on these topics, visit diplomacy.edu.

UK Home Office’s new vulnerability reporting policy creates legal risks for ethical researchers, experts warn

The UK Home Office has introduced a vulnerability reporting mechanism through the platform HackerOne, allowing cybersecurity researchers to report security issues in its systems. However, concerns have been raised that individuals who submit reports could still face legal risks under the UK’s Computer Misuse Act (CMA), even if they follow the department’s new guidance.

Unlike some private-sector initiatives, the Home Office program does not offer financial rewards for reporting vulnerabilities. The new guidelines prohibit researchers from disrupting systems or accessing and modifying data. However, they also caution that individuals must not ‘break any applicable law or regulations,’ a clause that some industry groups argue could discourage vulnerability disclosure due to the broad provisions of the CMA, which dates back to 1990.

The CyberUp Campaign, a coalition of industry professionals, academics, and cybersecurity experts, warns that the CMA’s definition of unauthorized access does not distinguish between malicious intent and ethical security research. While the Ministry of Defence has previously assured researchers they would not face prosecution, the Home Office provides no such assurances, leaving researchers uncertain about potential legal consequences.

A Home Office spokesperson declined to comment on the concerns.

The CyberUp Campaign acknowledged the growing adoption of vulnerability disclosure policies across the public and private sectors but highlighted the ongoing legal risks researchers face in the UK. The campaign noted that other countries, including Malta, Portugal, and Belgium, have updated their laws to provide legal protections for ethical security research, while the UK has yet to introduce similar reforms.

The Labour Party had previously proposed an amendment to the CMA that would introduce a public interest defense for cybersecurity researchers, but this was not passed. Last year, Labour’s security minister Dan Jarvis praised the contributions of cybersecurity professionals and stated that the government was considering CMA reforms, though no legislative changes have been introduced so far.

For more information on these topics, visit diplomacy.edu.

Sweden considers law requiring encrypted messaging backdoors, Signal threatens to exit

Swedish law enforcement and security agencies are advocating for legislation that would require encrypted messaging services such as Signal and WhatsApp to implement technical measures allowing authorities to access user communications, according to a report by SVT Nyheter.

If introduced, the bill would mandate that these platforms retain messages and provide law enforcement with access to the message history of criminal suspects. Minister of Justice Gunnar Strömmer stated that such measures are necessary for authorities to carry out investigations effectively.

Signal Foundation President Meredith Whittaker told SVT Nyheter that if the proposed legislation requires the company to introduce backdoors, Signal would withdraw from the Swedish market rather than comply. The Swedish Armed Forces have also expressed concerns, warning that implementing such access mechanisms could introduce security risks that might be exploited by unauthorised parties.

The bill could be considered by Sweden’s parliament, the Riksdag, next year if it moves forward in the legislative process.

Similar legislative efforts have been introduced in other countries. In the UK, Apple recently disabled end-to-end encryption for iCloud accounts in response to government demands for access to encrypted data.

For more information on these topics, visit diplomacy.edu.

EU Commission proposes enhanced cyber crisis management framework

The EU Commission introduced a proposal aimed at strengthening the EU’s response to large-scale cyber attacks. This recommendation to the Council of Ministers seeks to update the existing EU framework for crisis management in cybersecurity and outline the roles of relevant EU actors, including civilian and military entities as well as NATO.

Specifically, the proposal aims to establish coordination points with NATO to facilitate information sharing during cyber crises, including interconnections between systems. If Member States deploy defense initiatives during a cybersecurity incident, they must inform EU-CyCLONe and the EU Cyber Commanders Conference.

The High Representative, in collaboration with the Commission and relevant entities, should facilitate information flow with strategic partners during identified incidents and enhance coordination against malicious cyber activities using the cyber diplomacy toolbox. Joint exercises should be organized to test cooperation between civilian and military components during significant incidents, including those affecting NATO allies and candidate countries.

The Commission noted that a significant cybersecurity incident could overwhelm the response capabilities of individual Member States and impact multiple EU countries, potentially leading to a crisis that disrupts the internal market and poses risks to public safety. It encourages the establishment of voluntary collaborative clusters to foster cooperation and trust in cybersecurity. Member States can create these clusters based on existing information-sharing frameworks, focusing on common threats while adhering to the mandates of participating actors.

The document emphasizes the importance of a comprehensive and integrated approach to crisis management across all sectors and levels of government. It highlights that if cybersecurity incidents are part of a broader hybrid campaign, stakeholders should collaborate to develop a unified situational awareness across sectors.

Within twelve months of adopting the cybersecurity blueprint, Member States must develop a unified taxonomy for cyber crisis management and establish guidelines for the secure handling of cybersecurity information. The proposal emphasises avoiding over-classification to promote the sharing of non-classified information through established cooperation platforms.

To enhance preparedness for crises and improve organizational efficiency, Member States and relevant entities should conduct ongoing cyber exercises based on scenarios derived from EU-coordinated risk assessments, aligning with existing crisis response mechanisms. Smaller exercises should test interactions during escalating incidents, while the Commission, EEAS, and ENISA will organize an exercise within eighteen months to evaluate the cybersecurity blueprint, involving all relevant stakeholders, including the private sector.

The proposal also recommends that Member States and critical infrastructure operators integrate at least one Union-based DNS infrastructure, such as DNS4EU, to ensure reliable services during crises. ENISA and EU-CyCLONe are tasked with creating emergency failover guidelines for transitioning to Union-based DNS in case of service failures.

While the cybersecurity blueprint does not interfere with how entities define their internal procedures, each entity should clearly define the interfaces used for working with other entities. These interfaces should be jointly agreed upon between the entities concerned and documented.

National and cross-border cyber hubs should share threat information to bolster protection against Union-specific threats, and Member States are encouraged to engage in a multistakeholder forum to identify best practices and standards for securing critical Internet infrastructure. Public and private entities should implement threat-informed detection strategies to proactively identify potential disruptions. They must share information about covert operations with partners before crises escalate and report potential cyber crises to relevant networks, while the CSIRTs Network and EU-CyCLONe establish procedures for coordinating responses to large-scale incidents.

For more information on these topics, visit diplomacy.edu.

Australia bans Kaspersky software on government systems over security risks

The Australian government has issued a directive prohibiting the use of cybersecurity software and web services from Kaspersky on government systems, citing national security considerations. Under the new policy, government agencies are required to remove existing Kaspersky products by April 2025 and refrain from installing them on government devices in the future.

According to a statement from Stephanie Foster, Secretary of the Department of Home Affairs, the decision follows a threat and risk assessment that identified security concerns related to the use of Kaspersky products and web services. The directive notes ‘unacceptable security risks arising from threats of foreign interference, espionage and sabotage’. The directive doesn’t provide details on threats and risks that have been recently identified and led to this decision.

In response to the decision, a Kaspersky spokesperson stated that the company was not given prior notice or an opportunity for engagement before the ban was issued. The company reiterated that the decision was influenced by geopolitical factors rather than technical assessments of its products. Despite the restriction on government use, Kaspersky confirmed that it will continue to provide services to other customers in Australia and remains open to discussions with authorities.

The move follows Australia’s earlier decision to prohibit the use of Chinese artificial intelligence firm DeepSeek’s technology in government systems, citing security risks.

Kaspersky has faced restrictions in multiple countries, with the US implementing a ban on its products in June 2024, followed by sanctions on several company executives. European nations, including Germany and the Netherlands, have also taken steps to limit the use of Kaspersky software in government infrastructure.

For more information on these topics, visit diplomacy.edu

Google loses European court battle over Android Auto access

Europe’s top court has ruled that Google’s decision to block an Enel e-mobility app from Android Auto could be considered an abuse of market power. The judgment reinforces competition rules and may push major tech firms to allow easier access for rival apps.

The case stemmed from a €102 million fine imposed by Italy’s antitrust authority in 2021 for restricting access to Enel’s JuicePass app.

Google challenged the penalty, arguing security concerns and the absence of a specific app template. However, the Court of Justice of the European Union backed the Italian regulator, stating that dominant companies must ensure interoperability unless valid security risks exist.

The court clarified that companies should develop necessary templates within a reasonable timeframe.

Although Google has since introduced the requested feature, the ruling may set a precedent for similar cases. Legal experts see it as aligning with EU competition law, citing past decisions against IBM and Microsoft.

The ruling also supports the objectives of the Digital Markets Act, which aims to regulate dominant digital platforms.

The decision is final and unappealable, meaning the Italian Council of State must now rule on Google’s appeal in line with the court’s findings.

For more information on these topics, visit diplomacy.edu.

Italy demands 12.5 million euros from X over tax probe

Italy is demanding 12.5 million euros ($13 million) from Elon Musk’s social network X following a tax probe linked to a broader investigation into Meta. The case, which focuses on value-added tax (VAT) claims for the years 2016 to 2022, is significant as it raises questions about how social networks provide access to their services. Italian tax authorities argue that user registrations on platforms like X, Facebook, and Instagram should be considered taxable transactions, as they involve the exchange of personal data for a membership account.

This case could have major implications for the tech sector in Europe, potentially altering the way business models are structured in the 27-nation European Union, as VAT is a harmonised EU tax. Although the claim of 12.5 million euros is a small amount for X, the outcome of this case could influence future tax policies across the region. Both X and Meta must respond to the tax authority’s observations by late March or early April, with the option to either accept the charges or challenge them in court.

The investigation also comes at a sensitive time, as US President Donald Trump has criticised digital taxes in countries like Italy that target US tech firms. Musk, who has strong ties with Italian Prime Minister Giorgia Meloni, is also keen to expand his Starlink business in the country. If no agreement is reached, Italy’s Revenue Agency may pursue a lengthy judicial review, which could take up to 10 years to resolve.

For more information on these topics, visit diplomacy.edu.

Nvidia takes legal action against EU antitrust investigation

Nvidia has filed a lawsuit against the European Commission for accepting a referral from Italy to review its acquisition of AI startup Run:ai. The US chipmaker argues that the Commission violated a recent court ruling that restricts its powers over minor transactions. This case follows growing concerns over the Commission’s use of Article 22, which allows it to review smaller mergers that fall below EU merger thresholds, a move companies have criticised as overreach.

While the case will not impact the approval of the AI‘s deal, which was cleared in December, a ruling in favour of Nvidia could curb the European Commission’s ability to regulate similar transactions in the future. Nvidia argues that the decision breaches legal principles, including proportionality and equal treatment, and undermines legal certainty for businesses operating in the EU.

For more information on these topics, visit diplomacy.edu.

Indonesia and Apple close deal to end iPhone 16 ban

Indonesia and Apple have reportedly reached an agreement to lift the country’s ban on iPhone 16s, with a potential deal expected to be signed this week. The ban was imposed in October after Apple failed to meet the requirement that smartphones sold in Indonesia must include at least 35% locally-made parts.

As part of the agreement, Apple will invest $1 billion into a manufacturing plant in Indonesia, focused on producing components for smartphones and other products. Additionally, Apple will commit to training local workers in research and development, expanding beyond its existing Apple academies. However, Apple has no immediate plans to begin iPhone production in the country.

Neither Apple nor Indonesia’s Ministry for Industry have responded to requests for comment on the matter.

For more information on these topics, visit diplomacy.edu.