Cyber Intelligence Weekly (May 28, 2023): Our Take on Three Things You Need to Know

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight an article where our very own Mitchell Sykes and Paul Matvey put together this great analysis and break down of the 2023 CrowdStrike Global Threat Report. This article offers invaluable insights into the ever-changing cybersecurity landscape.

Away we go!

1. Meta Hit with GDPR Record $1.3 Billion Fine for Privacy Violations

The European Union (EU) has imposed a record $1.3 billion privacy fine on Meta (formerly Facebook) and ordered the company to cease transferring users' personal information across the Atlantic by October. The landmark ruling was made by Ireland’s Data Protection Commission, which said that that the current legal framework for data sharing to the US “did not address the risks to the fundamental rights and freedoms” of Facebook’s EU users and ultimately violated the GDPR. This fine exceeds the previous largest EU record fine of $888 million levied against Amazon in 2021 for similar privacy violations.

This decision comes after a long-standing legal battle initiated by Austrian lawyer and privacy activist Max Schrems, who filed a complaint about Facebook's handling of his data in the wake of Edward Snowden's revelations about U.S. cyber-snooping. The EU's strict data privacy regime clashed with the comparatively lax U.S. regime, and an agreement called the Privacy Shield, as well as stock legal contracts, were deemed invalid. Meta plans to appeal the decision, but if it fails to comply with the order to erase data, it may face significant challenges.

The fine is the largest under the EU's data privacy regime, surpassing the previous record held by Amazon. Meta's European services could be at risk if it is unable to find a legal basis for data transfers, which could have a material impact on its business and operations. There is a possibility that a new transatlantic privacy agreement could be implemented, but even then, Meta may still face potential challenges from the EU's top court. In the meantime, other social media companies like TikTok are also under pressure regarding their data practices, highlighting the growing scrutiny faced by tech giants in relation to privacy and data protection.

Meta obviously disagrees with the ruling, stating, “The ability for data to be transferred across borders is fundamental to how the global open internet works,” in an open statement. Meta also plans to appeal the court's decision.

In my opinion $1.3 Billion Dollars means nothing to Meta. Meta’s Reality Labs lost $13.7 billion dollars on VR in 2022 alone, up from $10.2 billion the year before. This fine is like having a parking meter that costs $100 a day, but the fine for not paying the meter is $5. You know what will happen in a situation like that? People won’t pay the meter, they will accept the fine, because it’s not economically significant in comparison. We have the same situation here, and it won’t stop until something meaningful is done about it.

2. U.S. Surgeon General Issues New Advisory About Effects Social Media Use Has on Youth Mental Health

Were going to stick with the social media context here for a moment and talk about how social media can destroy young adult lives all in the name of selling more Nissan ads. Specifically, in a landmark announcement, the United States Surgeon General issued a detailed advisory about the effects of social media on youth mental health.

Social media has become an integral part of the lives of children and adolescents, with up to 95% of young people aged 13-17 using social media platforms, and a significant portion reporting near-constant usage. However, there is mounting evidence suggesting that social media use can pose risks to the mental health and well-being of young individuals. The Surgeon General of the United States, Dr. Vivek Murthy, is urging policymakers, technology companies, researchers, families, and young people themselves to address these concerns and create safer online environments for children.

The adolescent and childhood stages are critical for brain development, making young people more vulnerable to the potential harms of social media. Harmful content, including violence, sexual content, and bullying, is prevalent on these platforms, while excessive social media use can disrupt essential activities like sleep and physical exercise. Furthermore, research indicates a link between social media use and negative mental health outcomes, such as depression and anxiety. Body dissatisfaction, disordered eating behaviors, social comparison, and low self-esteem are also prevalent, particularly among adolescent girls.

While there are benefits to social media, such as feeling accepted, finding support during tough times, and expressing creativity, the risks cannot be ignored. The Surgeon General's Advisory emphasizes the need for urgent action. Policymakers are encouraged to strengthen safety standards, protect children's privacy, and fund research. Technology companies should assess their products' impact, share data with independent researchers, prioritize safety and health in design decisions, and improve complaint response systems. Parents and caregivers can establish tech-free zones, teach responsible online behavior, and report problematic content. Children and adolescents themselves can adopt healthy practices, such as limiting screen time and reporting abuse or harassment.

While more research is needed to fully understand the impact of social media on young people, waiting is not an option considering the current mental health crisis among youth. It is crucial to consider the Surgeon General's recommendations and for government institutions and tech companies to take collective action to protect children and adolescents from the potential harms of social media. By working together, we can ensure a safer and healthier online environment for the next generation.

3. Spain's Push to Ban End-to-End Encryption Raises Concerns for Online Privacy

EU privacy rights remain in full focus of this week’s summary. In a leaked document obtained by WIRED, it has been revealed that Spain is advocating for the banning of end-to-end encryption within the European Union (EU). The document discloses strong support among EU member states for proposals to scan private messages for illegal content. The motivation behind this proposal is to combat the spread of child sexual abuse material (CSAM) in Europe. However, the potential impact on end-to-end encryption has drawn criticism from cryptographers, technologists, and privacy advocates who argue that weakening encryption undermines users' right to privacy and poses risks to online security.

The leaked document and Wired’s investigation and follow up with each country provides insights into the views of EU countries regarding encryption regulation and reveals that Spain's position is the most extreme among the 20 countries represented. Spanish representatives expressed the desire to legislatively prevent EU-based service providers from implementing end-to-end encryption. While Spain argues that access to data is imperative, experts warn that breaking end-to-end encryption would not only be disproportionate but also ineffective in achieving the goal of protecting children from abuse.

Many EU countries expressed support for scanning end-to-end encrypted communications for illegal content, framing it as a crucial tool in the fight against child abuse. However, experts highlight the shallow understanding some countries have of encryption, as they seek both privacy and indiscriminate scanning of encrypted communications. The leaked document underscores the ongoing debate over encryption and its balance with law enforcement needs, with some countries advocating for backdoors and decryption mechanisms.

While countries like Spain, Cyprus, and Hungary view this proposed law as an opportunity to undermine encryption, others such as Germany, Finland, and Estonia demonstrate a more comprehensive understanding of the broader implications. They recognize that the regulation not only impacts criminal investigations but also citizens' privacy rights, data security, national security, and innovation. Striking a delicate balance between combating illegal content and preserving fundamental rights remains a challenge, emphasizing the need for thorough and thoughtful discussions on encryption regulation.

As the negotiations continue, it is essential to consider the potential consequences and unintended ramifications of any proposed measures. The preservation of strong encryption plays a crucial role in safeguarding online privacy and security for individuals, while effective methods to combat illegal activities should be explored without compromising the fundamental principles of end-to-end encryption.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about