Jurisdiction

SEC drops Gemini case

The US Securities and Exchange Commission has closed its investigation into the crypto exchange Gemini without taking enforcement action, marking another regulatory retreat in the ongoing battle over digital assets. Gemini co-founder Cameron Winklevoss welcomed the decision but argued the damage had already been done, with the exchange losing millions in legal costs and productivity. He criticised the SEC’s aggressive stance, which he claims has stifled innovation and economic growth.

The case stemmed from the SEC’s allegations that Gemini’s ‘Earn’ programme constituted an unregistered securities offering. While the regulator has now dropped its probe, it warned that this does not prevent future action. The move follows a pattern, with the SEC also abandoning cases against Coinbase, OpenSea, Uniswap Labs, and Robinhood Crypto in recent weeks.

Winklevoss has called for legislative reform to prevent baseless investigations, suggesting that regulators responsible should be held accountable. His remarks come amid a shifting political landscape, with former SEC Chair Gary Gensler stepping down as Donald Trump began his second presidential term. Many in the crypto industry see these developments as a turning point, though Winklevoss insists the fight is far from over.

For more information on these topics, visit diplomacy.edu.

UK unveils crime bill to tackle crypto-related crime

The UK government has introduced the Crime and Policing Bill, aiming to enhance its ability to recover proceeds from cryptocurrency-related crime. The bill sets out provisions for valuing cryptocurrency, establishes procedures for courts to recover illicit funds, and expands powers for the Crown Court to issue seizure orders. It addresses various criminal issues, including anti-social behaviour, sexual offences, and terrorism, with a specific focus on confiscating criminal assets tied to cryptocurrencies.

The legislation will grant the Crown Court additional authority to manage and confiscate money, cryptocurrency, and personal property in criminal cases. Provisions within the bill also introduce measures for the destruction of seized cryptocurrency, ensuring that the market value at the time of destruction is taken into account, with adjustments made for any changes in value.

The bill further amends existing laws, replacing magistrates’ courts with the Crown Court in handling cryptocurrency assets. These updates aim to streamline the management of confiscation orders, ensuring that cryptocurrencies can be more effectively seized, valued, and recovered in cases involving criminal activity.

For more information on these topics, visit diplomacy.edu

ASIC launches inquiry into WiseTech Global

Australia’s corporate regulator, the Australian Securities and Investments Commission (ASIC), has launched ‘preliminary inquiries’ into WiseTech Global amid a turbulent week for the logistics software company. This comes after a series of executive changes, including the surprise return of founder Richard White as chairman. Four non-executive directors resigned earlier this week, citing differing opinions on White’s previous role as CEO, which led to his reappointment as executive chairman.

Joe Longo, ASIC’s chairman, confirmed the inquiry and stated that decisions on the next steps would be made shortly. However, WiseTech has yet to comment on the situation. The company, founded by billionaire White, has been facing mounting challenges, including media reports of misconduct, governance issues, and a declining share price.

Since October, WiseTech’s stock has dropped by approximately 14%, following news of an internal review concerning White’s actions. However, following his return, shares rose by 2.1%, reaching A$96.5 per share. The company now faces intense scrutiny as it navigates these turbulent times.

For more information on these topics, visit diplomacy.edu.

Canada to charge Google for news law enforcement

Canada’s telecommunications regulator, the CRTC, announced on Wednesday that it will impose a fee on Google to cover the costs of enforcing the Online News Act, which requires large tech platforms to pay for news content shared on their sites. The levy, which will be implemented from April 1, will vary each year and has no upper limit. This move comes amid rising tensions between Canada and the US over issues like trade and a digital services tax on American tech firms.

The CRTC stated that most of its operations are funded by fees from the companies it regulates, and the new charge aims to recover costs related to the law. Google, which had previously raised concerns about the fairness of such a rule, had argued that it was unreasonable to impose 100% of the costs on one company. Despite this, Google has agreed to pay C$100 million annually to Canadian publishers in a deal that ensures its search results continue to feature news content.

The law, which is part of a global trend to make internet giants pay for news, was introduced last year in response to concerns that tech firms were crowding out news businesses in the online advertising market. While both Google and Meta were identified as major platforms required to make payments, Meta chose to block news from its platforms in Canada instead. Google, however, has continued to negotiate with the Canadian government, although it has yet to comment further on the CRTC’s decision.

For more information on these topics, visit diplomacy.edu.

Meta faces lawsuit over hiring practices

A US judge ruled that Meta must face a lawsuit alleging it prioritises hiring foreign workers to pay them lower wages. The proposed class action involves three US citizens who claim they were repeatedly rejected despite being qualified for roles at the company.

The plaintiffs argue that Meta systematically favours visa holders, citing statistics showing a significant portion of its US workforce holds H-1B visas. The company denies the claims, stating there is no evidence of intentional discrimination or that the plaintiffs would have been hired otherwise.

A 2021 settlement saw Meta agree to pay up to $14.25 million over similar government allegations. The latest ruling follows a 2023 appeals court decision, which cited a Civil War-era law protecting US citizens from discrimination in contracts.

Plaintiffs hope the lawsuit will expose widespread hiring biases in the tech sector. Their legal team suggests further enforcement or legislative action may be necessary to address the issue.

For more information on these topics, visit diplomacy.edu.

Apple to sell iPhone 16 in Indonesia after key agreements

Apple is set to begin selling its iPhone 16 in Indonesia following a new agreement with the government, which includes the establishment of a manufacturing plant and a research and development centre. The country’s industry minister, Agus Gumiwang Kartasasmita, confirmed on Wednesday that Apple would soon receive the required local content certificate to allow sales of the device. However, he did not specify when the certificate would be issued.

Indonesia had previously banned the iPhone 16 due to Apple’s failure to meet the local content requirement, which mandates that a certain percentage of parts must be sourced domestically or through local partnerships. Although Apple has no manufacturing facilities in Indonesia, it has been operating developer academies in the country since 2018. Indonesia, with its population of 280 million, is keen to attract more tech-related investment.

Analysts have warned that the local content ban could harm investor confidence and fuel concerns about protectionism, but the new agreements between Apple and the Indonesian government may help address these issues.

For more information on these topics, visit diplomacy.edu.

UK Home Office’s new vulnerability reporting policy creates legal risks for ethical researchers, experts warn

The UK Home Office has introduced a vulnerability reporting mechanism through the platform HackerOne, allowing cybersecurity researchers to report security issues in its systems. However, concerns have been raised that individuals who submit reports could still face legal risks under the UK’s Computer Misuse Act (CMA), even if they follow the department’s new guidance.

Unlike some private-sector initiatives, the Home Office program does not offer financial rewards for reporting vulnerabilities. The new guidelines prohibit researchers from disrupting systems or accessing and modifying data. However, they also caution that individuals must not ‘break any applicable law or regulations,’ a clause that some industry groups argue could discourage vulnerability disclosure due to the broad provisions of the CMA, which dates back to 1990.

The CyberUp Campaign, a coalition of industry professionals, academics, and cybersecurity experts, warns that the CMA’s definition of unauthorized access does not distinguish between malicious intent and ethical security research. While the Ministry of Defence has previously assured researchers they would not face prosecution, the Home Office provides no such assurances, leaving researchers uncertain about potential legal consequences.

A Home Office spokesperson declined to comment on the concerns.

The CyberUp Campaign acknowledged the growing adoption of vulnerability disclosure policies across the public and private sectors but highlighted the ongoing legal risks researchers face in the UK. The campaign noted that other countries, including Malta, Portugal, and Belgium, have updated their laws to provide legal protections for ethical security research, while the UK has yet to introduce similar reforms.

The Labour Party had previously proposed an amendment to the CMA that would introduce a public interest defense for cybersecurity researchers, but this was not passed. Last year, Labour’s security minister Dan Jarvis praised the contributions of cybersecurity professionals and stated that the government was considering CMA reforms, though no legislative changes have been introduced so far.

For more information on these topics, visit diplomacy.edu.

Sweden considers law requiring encrypted messaging backdoors, Signal threatens to exit

Swedish law enforcement and security agencies are advocating for legislation that would require encrypted messaging services such as Signal and WhatsApp to implement technical measures allowing authorities to access user communications, according to a report by SVT Nyheter.

If introduced, the bill would mandate that these platforms retain messages and provide law enforcement with access to the message history of criminal suspects. Minister of Justice Gunnar Strömmer stated that such measures are necessary for authorities to carry out investigations effectively.

Signal Foundation President Meredith Whittaker told SVT Nyheter that if the proposed legislation requires the company to introduce backdoors, Signal would withdraw from the Swedish market rather than comply. The Swedish Armed Forces have also expressed concerns, warning that implementing such access mechanisms could introduce security risks that might be exploited by unauthorised parties.

The bill could be considered by Sweden’s parliament, the Riksdag, next year if it moves forward in the legislative process.

Similar legislative efforts have been introduced in other countries. In the UK, Apple recently disabled end-to-end encryption for iCloud accounts in response to government demands for access to encrypted data.

For more information on these topics, visit diplomacy.edu.

EU Commission proposes enhanced cyber crisis management framework

The EU Commission introduced a proposal aimed at strengthening the EU’s response to large-scale cyber attacks. This recommendation to the Council of Ministers seeks to update the existing EU framework for crisis management in cybersecurity and outline the roles of relevant EU actors, including civilian and military entities as well as NATO.

Specifically, the proposal aims to establish coordination points with NATO to facilitate information sharing during cyber crises, including interconnections between systems. If Member States deploy defense initiatives during a cybersecurity incident, they must inform EU-CyCLONe and the EU Cyber Commanders Conference.

The High Representative, in collaboration with the Commission and relevant entities, should facilitate information flow with strategic partners during identified incidents and enhance coordination against malicious cyber activities using the cyber diplomacy toolbox. Joint exercises should be organized to test cooperation between civilian and military components during significant incidents, including those affecting NATO allies and candidate countries.

The Commission noted that a significant cybersecurity incident could overwhelm the response capabilities of individual Member States and impact multiple EU countries, potentially leading to a crisis that disrupts the internal market and poses risks to public safety. It encourages the establishment of voluntary collaborative clusters to foster cooperation and trust in cybersecurity. Member States can create these clusters based on existing information-sharing frameworks, focusing on common threats while adhering to the mandates of participating actors.

The document emphasizes the importance of a comprehensive and integrated approach to crisis management across all sectors and levels of government. It highlights that if cybersecurity incidents are part of a broader hybrid campaign, stakeholders should collaborate to develop a unified situational awareness across sectors.

Within twelve months of adopting the cybersecurity blueprint, Member States must develop a unified taxonomy for cyber crisis management and establish guidelines for the secure handling of cybersecurity information. The proposal emphasises avoiding over-classification to promote the sharing of non-classified information through established cooperation platforms.

To enhance preparedness for crises and improve organizational efficiency, Member States and relevant entities should conduct ongoing cyber exercises based on scenarios derived from EU-coordinated risk assessments, aligning with existing crisis response mechanisms. Smaller exercises should test interactions during escalating incidents, while the Commission, EEAS, and ENISA will organize an exercise within eighteen months to evaluate the cybersecurity blueprint, involving all relevant stakeholders, including the private sector.

The proposal also recommends that Member States and critical infrastructure operators integrate at least one Union-based DNS infrastructure, such as DNS4EU, to ensure reliable services during crises. ENISA and EU-CyCLONe are tasked with creating emergency failover guidelines for transitioning to Union-based DNS in case of service failures.

While the cybersecurity blueprint does not interfere with how entities define their internal procedures, each entity should clearly define the interfaces used for working with other entities. These interfaces should be jointly agreed upon between the entities concerned and documented.

National and cross-border cyber hubs should share threat information to bolster protection against Union-specific threats, and Member States are encouraged to engage in a multistakeholder forum to identify best practices and standards for securing critical Internet infrastructure. Public and private entities should implement threat-informed detection strategies to proactively identify potential disruptions. They must share information about covert operations with partners before crises escalate and report potential cyber crises to relevant networks, while the CSIRTs Network and EU-CyCLONe establish procedures for coordinating responses to large-scale incidents.

For more information on these topics, visit diplomacy.edu.

Australia bans Kaspersky software on government systems over security risks

The Australian government has issued a directive prohibiting the use of cybersecurity software and web services from Kaspersky on government systems, citing national security considerations. Under the new policy, government agencies are required to remove existing Kaspersky products by April 2025 and refrain from installing them on government devices in the future.

According to a statement from Stephanie Foster, Secretary of the Department of Home Affairs, the decision follows a threat and risk assessment that identified security concerns related to the use of Kaspersky products and web services. The directive notes ‘unacceptable security risks arising from threats of foreign interference, espionage and sabotage’. The directive doesn’t provide details on threats and risks that have been recently identified and led to this decision.

In response to the decision, a Kaspersky spokesperson stated that the company was not given prior notice or an opportunity for engagement before the ban was issued. The company reiterated that the decision was influenced by geopolitical factors rather than technical assessments of its products. Despite the restriction on government use, Kaspersky confirmed that it will continue to provide services to other customers in Australia and remains open to discussions with authorities.

The move follows Australia’s earlier decision to prohibit the use of Chinese artificial intelligence firm DeepSeek’s technology in government systems, citing security risks.

Kaspersky has faced restrictions in multiple countries, with the US implementing a ban on its products in June 2024, followed by sanctions on several company executives. European nations, including Germany and the Netherlands, have also taken steps to limit the use of Kaspersky software in government infrastructure.

For more information on these topics, visit diplomacy.edu