Network security

Netflix fined for failing to inform customers about data usage

The Dutch Data Protection Authority (DPA) has imposed a €4.75 million ($4.98 million) fine on Netflix for not adequately informing its customers about how their personal data was being used between 2018 and 2020. The fine follows a detailed investigation that began in 2019, which revealed that Netflix’s privacy statement was insufficiently clear regarding the company’s data practices. Specifically, the DPA found that the streaming giant did not provide customers with enough information on how their data was being processed or used.

The investigation also uncovered that when customers sought to understand which personal data Netflix was collecting, they did not receive clear answers. This lack of transparency was deemed a violation of the General Data Protection Regulation (GDPR), which sets strict requirements on companies to protect user privacy and ensure clear communication about data usage.

In response to the findings, Netflix has since updated its privacy statement and improved how it informs customers about its data collection practices. Despite these changes, the company has objected to the fine, though it did not provide a comment when approached by the press.

This fine highlights the increasing scrutiny on companies to comply with GDPR and underscores the importance of clear, transparent data handling practices, especially for tech giants like Netflix that handle vast amounts of personal information.

TP-Link faces US ban amid cybersecurity concerns, WSJ reports

US authorities are weighing a potential ban on TP-Link Technology Co., a Chinese router manufacturer, over national security concerns, following reports linking its home internet routers to cyberattacks. According to the Wall Street Journal, the US government is investigating whether TP-Link routers could be used in cyber operations targeting the US, citing concerns raised by lawmakers and intelligence agencies.

In August, two US lawmakers urged the Biden administration to examine TP-Link and its affiliates for possible links to cyberattacks, highlighting fears that the company’s routers could be exploited in future cyber operations. The Commerce, Defence, and Justice departments have launched separate investigations into the company, with reports indicating that a ban on the sale of TP-Link routers in the US could come as early as next year. As part of the investigations, the Commerce Department has reportedly subpoenaed the company.

TP-Link has been under scrutiny since the US Cybersecurity and Infrastructure Agency (CISA) flagged vulnerabilities in the company’s routers, that could potentially allow remote code execution. This comes amid heightened concerns that Chinese-made routers could be used by Beijing to infiltrate and spy on American networks. The US government, along with its allies and Microsoft, has also uncovered a Chinese government-linked hacking campaign, Volt Typhoon, which targeted critical US infrastructure by taking control of private routers.

The Commerce, Defence, and Justice departments, as well as TP-Link, did not immediately respond to requests for comment.

US sanctions UAE individuals and companies linked to North Korean illicit digital assets

The US Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on two individuals and a company based in the United Arab Emirates (UAE) for allegedly aiding North Korea’s use of digital assets in illegal activities.

The sanctions target Lu Huaying and Zhang Jian, along with Green Alpine Trading, LLC, a front company linked to a broader scheme of money laundering. These actions aim to disrupt a network that, according to US authorities, funnels millions of dollars to North Korea’s nuclear weapons and missile programs.

North Korea has a history of using digital assets and cybercrimes to fund its military efforts, employing IT workers and hackers to generate funds that are often obscured through complex laundering operations. The sanctions focus on Sim Hyon Sop, a representative of North Korea’s state-run Korea Kwangson Banking Corporation, who has been previously sanctioned. Sim is accused of using a mix of cryptocurrency cash-outs and money mules to move funds back to the regime for its military projects.

Under the new sanctions, any property owned by the designated individuals or entities in the US is blocked, and US citizens and companies are prohibited from engaging in transactions with them. Non-compliance could lead to further enforcement actions, even against those outside the US. The move reflects a coordinated effort with the UAE to combat North Korea’s destabilizing activities. It highlights the importance of international cooperation in tackling illicit financial networks that exploit new technologies, including cryptocurrencies.

Meta data breach leads to huge EU fine

Meta has been fined €251 million by the European Union’s privacy regulator over a 2018 security breach that affected 29 million users worldwide. The breach involved the ‘View As’ feature, which cyber attackers exploited to access sensitive personal data such as names, contact details, and even information about users’ children.

The Irish Data Protection Commission, Meta’s lead EU regulator, highlighted the severity of the violation, which exposed users to potential misuse of their private information. Meta resolved the issue shortly after its discovery and notified affected users and authorities. Of the 29 million accounts compromised, approximately 3 million belonged to users in the EU and European Economic Area.

This latest fine brings Meta’s total penalties under the EU’s General Data Protection Regulation to nearly €3 billion. A Meta spokesperson stated that the company plans to appeal the decision and emphasised the measures it has implemented to strengthen user data protection. This case underscores the ongoing regulatory scrutiny faced by major technology firms in Europe.

Musk faces scrutiny over national security concerns

Elon Musk and his company SpaceX are facing multiple federal investigations into their compliance with security protocols designed to protect national secrets. According to reports, the reviews were initiated by the US Air Force, the Department of Defense Inspector General, and the undersecretary for intelligence and security. Concerns include Musk’s alleged failure to disclose meetings with foreign leaders and his reported contacts with Russian officials, including President Vladimir Putin.

The investigations follow longstanding concerns about Musk’s security practices. A previous review by the Pentagon was prompted in 2018 when Musk appeared on a live podcast and smoked marijuana, raising questions about his security clearance. Recently, the Air Force denied Musk high-level security access, citing potential risks.

SpaceX and Musk have declined to comment on the investigations. However, Pentagon officials emphasised the confidentiality of such probes, stating that the inquiries aim to protect the integrity of the process and those involved. National security concerns surrounding Musk have also been echoed by US allies and lawmakers.

Parliamentary panel at IGF discusses ICTs and AI in counterterrorism efforts

At the 2024 Internet Governance Forum (IGF) in Riyadh, a panel of experts explored how parliaments can harness information and communication technologies (ICTs) and AI to combat terrorism while safeguarding human rights. The session, titled ‘Parliamentary Approaches to ICT and UN SC Resolution 1373,’ emphasised the dual nature of these technologies—as tools for both law enforcement and malicious actors—and highlighted the pivotal role of international collaboration.

Legislation and oversight in a digital era

David Alamos, Chief of the UNOCT programme on Parliamentary Engagement, set the stage by underscoring the responsibility of parliaments to translate international frameworks like UN Security Council Resolution 1373 into national laws. ‘Parliamentarians must allocate budgets and exercise oversight to ensure counterterrorism efforts are both effective and ethical,’ Alamos stated.

Akvile Giniotiene of the UN Office of Counterterrorism echoed this sentiment, emphasising the need for robust legal frameworks to empower law enforcement in leveraging new technologies responsibly.

Opportunities and risks in emerging technologies

Panelists examined the dual role of ICTs and AI in counterterrorism. Abdelouahab Yagoubi, a member of Algeria’s National Assembly, highlighted AI’s potential to enhance threat detection and predictive analysis.

At the same time, Jennifer Bramlette from the UN Counterterrorism Committee stressed the importance of digital literacy in fortifying societal resilience. On the other hand, Kamil Aydin and Emanuele Loperfido of the OSCE Parliamentary Assembly cautioned against the misuse of these technologies, pointing to risks like deepfakes and cybercrime-as-a-service, enabling terrorist propaganda and disinformation campaigns.

The case for collaboration

The session spotlighted the critical need for international cooperation and public-private partnerships to address the cross-border nature of terrorist threats. Giniotiene called for enhanced coordination mechanisms among nations, while Yagoubi praised the Parliamentary Assembly of the Mediterranean for fostering knowledge-sharing on AI’s implications.

‘No single entity can tackle this alone,’ Alamos remarked, advocating for UN-led capacity-building initiatives to support member states.

Balancing security with civil liberties

A recurring theme was the necessity of balancing counterterrorism measures with the protection of human rights. Loperfido warned against the overreach of security measures, noting that ethical considerations must guide the development and deployment of AI in law enforcement.

An audience query on the potential misuse of the term ‘terrorism’ further underscored the importance of safeguarding civil liberties within legislative frameworks.

Looking ahead

The panel concluded with actionable recommendations, including updating the UN Parliamentary Handbook on Resolution 1373, investing in digital literacy, and ensuring parliamentarians are well-versed in emerging technologies.

‘Adapting to the rapid pace of technological advancement while maintaining a steadfast commitment to the rule of law is paramount,’ Alamos said, encapsulating the session’s ethos. The discussion underscored the indispensable role of parliaments in shaping a global counterterrorism strategy that is both effective and equitable.

DR Congo sues Apple subsidiaries over alleged use of conflict minerals, challenges ethical sourcing claims

The Democratic Republic of Congo (DRC) has filed criminal complaints against Apple’s subsidiaries in France and Belgium, accusing the tech giant of indirectly benefiting from conflict minerals sourced from the region. The DRC, a major supplier of tin, tantalum, and tungsten — essential components in electronic devices — alleges that minerals smuggled through its conflict zones fuel violence and atrocities, including mass rapes and killings, often perpetrated by armed groups.

While Apple claims to audit suppliers and maintain a transparent supply chain, international lawyers representing the Congolese government argue the company relies on minerals pillaged from Congo. The legal filings accuse Apple of covering up war crimes, handling stolen goods, and misleading consumers about the integrity of its supply chain. The complaints also criticise the industry-funded ITSCI certification scheme, claiming it falsely legitimises minerals sourced from conflict zones.

Belgium’s historical role in the exploitation of Congo’s resources was highlighted by Congolese lawyers, who called on Belgium to support their legal efforts. Both France and Belgium are seen as jurisdictions that emphasise corporate accountability. Judicial authorities in these countries will decide whether to pursue criminal investigations against Apple and its subsidiaries.

This legal action reflects Congo’s broader struggle to end the illicit trade of its resources, which has contributed to decades of violence. Millions have died or been displaced due to conflicts linked to mineral exploitation, underscoring the urgent need for stricter enforcement of ethical supply chain practices.

TikTok appeals to Supreme Court to block looming US ban

TikTok and its parent company, ByteDance, have asked the Supreme Court to halt a US law that would force ByteDance to sell TikTok by 19 January or face a nationwide ban. The companies argue that the law violates the First Amendment, as it targets one of the most widely used social media platforms in the United States, which currently has 170 million American users. A group of TikTok users also submitted a similar request to prevent the shutdown.

The law, passed by Congress in April, reflects concerns over national security. The Justice Department claims TikTok poses a threat due to its access to vast user data and potential for content manipulation by a Chinese-owned company. A lower court in December upheld the law, rejecting TikTok’s argument that it infringes on free speech rights. TikTok maintains that users should be free to decide for themselves whether to use the app and that shutting it down for even a month could cause massive losses in users and advertisers.

With the ban set to take effect the day before President-elect Donald Trump’s inauguration, TikTok has urged the Supreme Court to decide by 6 January. Trump, who once supported banning TikTok, has since reversed his position and expressed willingness to reconsider. The case highlights rising trade tensions between the US and China and could set a precedent for other foreign-owned apps operating in America.

Hundreds arrested in Nigerian fraud bust targeting victims globally

Nigerian authorities have arrested 792 people in connection with an elaborate scam operation based in Lagos. The suspects, including 148 Chinese and 40 Filipino nationals, were detained during a raid on the Big Leaf Building, a luxury seven-storey complex that allegedly housed a call centre targeting victims in the Americas and Europe.

The fraudsters reportedly used social media platforms such as WhatsApp and Instagram to lure individuals with promises of romance or lucrative investment opportunities. Victims were then coerced into transferring funds for fake cryptocurrency ventures. Nigeria’s Economic and Financial Crimes Commission (EFCC) revealed that local accomplices were recruited to build trust with targets, before handing them over to foreign organisers to complete the scams.

The EFCC spokesperson stated that agents had seized phones, computers, and vehicles during the raid and were working with international partners to investigate links to organised crime. This operation highlights the growing use of sophisticated technology in transnational fraud, as well as Nigeria’s commitment to combating such criminal activities.

US firm buys Israeli spyware company

Florida-based AE Industrial Partners has acquired Israeli spyware company Paragon for an estimated $500 million, with reports suggesting the deal could reach up to $900 million. Paragon, a competitor to NSO Group, is known for providing cybersecurity tools to government agencies that it claims meet “enlightened democracy” standards. The acquisition was completed on 13 December and reportedly approved by both US and Israeli officials.

Paragon, founded in 2019 by former Israeli intelligence officers and backed by ex-Prime Minister Ehud Barak, is merging with Virginia-based cybersecurity firm Red Lattice. This move aims to strengthen the firm’s presence in the global surveillance market. The US subsidiary of Paragon recently signed a one-year contract with US Immigration and Customs Enforcement, reflecting its growing footprint in government cybersecurity services.

The acquisition comes amid tightened scrutiny of spyware technologies after allegations of abuse involving competitors like NSO Group. In 2021, the US added NSO to its trade blacklist, citing its misuse in targeting activists and journalists. Paragon, however, positions itself as a provider of ethically guided surveillance tools, limiting its activities to messaging apps and governmental communications.