Dear all,
Last week was marked by a spike in criminal investigations, a major anticompetition lawsuit and Trump’s return to Facebook and Instagram after his two-year ban was lifted. Plus, it’s a busy time for legislators who are negotiating new rules, especially on AI and data.
Let’s get started.
Stephanie and the Digital Watch team
| Digital policy round-up (23–29 January) |
// CYBERCRIME //
UK raises concern over Russian and Iranian hacking groups
A hacking group called Cold River, based in Russia, and another group called Yellow Garuda, based in Iran, are attacking the UK government with phishing campaigns that both target and impersonate government officials, journalists, and academics.
The National Cyber Security Centre (NCSC), a division of the British government’s GCHQ spy agency (short for Government Communications Headquarters), warned that the groups are conducting their phishing campaign using false email accounts and social media profiles. The two groups are separate and are not collaborating.
The US Department of Justice announced that it seized the networks of a major international ransomware variant named Hive. The Hive ransomware was responsible for extorting and attempting to extort millions of dollars from victims in the USA and around the world, Attorney General Merrick Garland said. More than 1,500 victims worldwide were targeted, including hospitals, schools, financial firms, and critical infrastructure, with an estimated loss of more than $150 million.
Lazarus group responsible for virtual currency theft
The FBI confirmed that the DPRK cybercriminal group, Lazarus, is responsible for stealing $100 million of virtual currency from Harmony’s Horizon Bridge. The FBI found that the portion of the stolen Ethereum laundered during the June 2022 heist was sent to virtual asset providers and converted to bitcoins.
// CYBER DIPLOMACY //
USA, EU deepen collaboration on cyber resilience
The USA and EU have launched a series of workstreams and deliverables as part of the ongoing US-EU cyber dialogue. The deliverables involve (a) information sharing, situational awareness, and crisis response; (b) cybersecurity of critical infrastructure; and (c) cybersecurity of hardware and software.
One of the deliverables includes deepening structured exchanges of information on threats, threat actors, vulnerabilities, and incidents, to support a collective response to defend against global threats involving crisis management and support of diplomatic responses.
// SOCIAL MEDIA //
Trump’s return to Facebook and Instagram
Meta has decided to lift its Facebook and Instagram ban on former US President Donald Trump. The ban was placed two years ago after Trump publicly praised people engaged in violence at the Capitol, Washington DC, on 6 January 2021.
In usual circumstances, ‘the public should be able to hear what politicians are saying so they can make informed choices,’ the company announced. In Trump’s case, Meta said it had to take unprecedented action due to Trump’s social media messages posing a serious risk to public safety, in breach of the platform’s community rules. The first decision was upheld by the Oversight Board, an independent body set up by Meta to review the company’s decisions on moderated content.
Trump won’t be returning to Facebook or Instagram with a clean state. There are increased penalties in case of repeat offences and the risk of a new suspension.
// ANTITRUST //
Google faces antitrust lawsuit for abusing its dominance in ad business
The US Department of Justice (DoJ) and eight states filed a lawsuit against Google, accusing it of illegally abusing its dominant position in the internet advertising business, and of limiting fair competition. Google allegedly used anti-competitive methods to eliminate or drastically reduce competition.
There’s a long list of aggravations. The DoJ said: ‘Google now controls the digital tool that nearly every major website publisher uses to sell ads on their websites; it controls the dominant advertiser tool that helps millions of large and small advertisers buy ad inventory; and it controls the largest advertising exchange, a technology that runs real-time auctions to match buyers and sellers of online advertising.’
Its relevance. This lawsuit will be the second complaint filed by the DoJ against Google. The first case was filed in 2020.
// DATA GOVERNANCE //
Swedish presidency proposes new compromise text for Data Act
The Swedish presidency of the EU Council has circulated a new compromise text on the Data Act, a draft EU law that will regulate how data is accessed and shared. The text was obtained by news portal EurActiv.
Two main issues relate to the scope of the new rules and the interplay with the EU’s existing data protection regulation. The new text resolves the first issue by proposing that the rules focus on the function of data, rather than the product the data is used for. As for any overlaps with the GDPR, the next text does not create any new legal basis for processing data – that’s a purely GDPR aspect.
By the way. We’re opening a bracket here: The EU’s General Court ruled that EU Council working groups should grant people access to documents drawn up as part of the legislative negotiation process, if so requested. People ‘need to follow in detail the decision-making process within the institutions taking part in the legislative procedures and to have access to all relevant information.’
| The week ahead (30 January–5 February) |
31 January: Will IGF 2023 focus on a theme you feel strongly about? The IGF Secretariat’s call for thematic inputs for IGF 2023 is open until tomorrow, Tuesday, 31 January 2023. The themes we suggest will be discussed during the first open consultations and MAG meeting in March and could become one of IGF 2023’s main themes. Send your suggestions.
1–3 February: The Council of Europe’s Committee on AI (CAI) is meeting in plenary for the fourth time to negotiate a revised zero draft, which lays the groundwork for the world’s first binding international framework convention on AI and human rights democracy and the rule of law.
3 February: The Office of the Secretary-General’s Envoy on Technology has invited stakeholders to a series of open consultations on shaping the Global Digital Compact, an initiative of the UN Secretary-General. The consultations with civil society, youth, and academia will take place online on 3 February. These consultations form part of an intergovernmental process led by co-facilitators Rwanda and Sweden.
3 February: Deadline for tax pros to comment on the OECD’s Pillar Two consultations related to compliance and tax certainty aspects of the global minimum tax: GloBE Information Return and Tax Certainty for the GloBE Rules. Pillar Two sets a global minimum tax of 15% for multinationals earning more than €750 million a year and forms part of the new two-pillar global tax deal, which over 130 countries have signed.
| #READINGCORNER |
Freedom of expression: An index of indexes
Threats to freedom of expression show no signs of slowing down. This interactive map, an initiative of the nonprofit Index on Censorship, reconfirms which countries safeguard individual freedoms and which countries obstruct the right.
What’s interesting: The index uses data modelling to build on existing indices, including the World Press Freedom Index (compiled by Reporters Without Borders), the Varieties of Democracy research project (V-Dem), Committee to Protect Journalists, UNESCO’s Observatory of Killed Journalists, ITU’s Global Cybersecurity Index, and Netblocks’ Cost of Shutdown Tool (COST).
Was this newsletter forwarded to you, and you’d like to see more? Sign up for more.