At a glance.
- US Department of Justice seeks clarity with respect to Internet companies.
- California's complex and contentious privacy regulations.
- European data regulation and US social media.
- US Federal agencies expected to report patching of Zerologon vulnerability.
US Justice Department seeks more accountability, fewer protections, for online companies.
Online platforms like Google, Facebook, and Twitter, have tended to occupy a kind of middle ground, neither purely neutral public square nor fully responsible publisher. The Wall Street Journal reports that the US Department of Justice has proposed that Congress change that, by enacting legislation to encourage the companies "to actively address illicit conduct and manage content on their sites in fair and consistent ways." No Congressional action is likely during the present election season, but Capitol Hill is likely to take these matters up next year. At the center of any of the reforms Justice wants would be revision of Section 230 of the Communications Decency Act.
The CCPA and CPRA spark debate between privacy experts.
In November, voters in the US state of California will be deciding whether or not to approve Proposition 24 to replace the California Consumer Privacy Act (CCPA) with the more restrictive California Privacy Rights Act (CPRA), but privacy advocates are divided on which of the two laws will be the most effective way to protect user data privacy, Wired reports. The CCPA, which was enacted this past January, aimed to give users control over how and when their data could be collected, used, and transferred by tech companies. However, tech firms were able to find loopholes in the law that rendered it far weaker than intended. The CPRA is intended to correct those weaknesses by more clearly defining what businesses can and cannot do with user data, and even establishing a brand-new entity completely devoted to privacy regulation issues called the California Privacy Protection Agency, reports Compliance Week. But critics like the ACLU say the extremely convoluted measure has its own shortcomings, such as a pay-for-privacy measure that could make privacy rights a luxury item for many users. Furthermore, the very existence of the debate raises a bigger question: if industry experts are unable to discern which measure is best, should the average California voter be tasked with making such a complicated decision? Burying privacy rights and permissions within a long, opaque end-user license agreement has long been a matter of complaint among privacy hawks. It would be unfortunate if privacy protection legislation itself became a state-written EULA.
Facebook fights for use of European user data.
Seeking Alpha reports that Facebook is pushing back against Ireland’s Data Protection Commission’s order demanding the social networking service cease sending European user data to the United States. Adhering to such an order would greatly hinder the social network’s operations and impede its ability to serve its European customers, but if Facebook fails to comply it could face a fine of up to 2.8 billion dollars. Facebook will go to court to challenge the order.
There have been reports that Facebook is threatening to exit Europe should it continue to find data regulation as onerous as it's been for the company. This seems to be overstatement, as Seeking Alpha also quoted the company as saying it has "absolutely no desire, no wish, no plans" to be shot of Europe.
CISA orders patch to protect against Zerologon: the deadline to report completion is midnight tonight.
The risk of the highly dangerous Zerologon vulnerability has compelled the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to announce an emergency directive ordering government agencies to immediately patch their domain controllers on Microsoft Windows Active Directory, Data Center Knowledge reports. Zerologon is especially dangerous because, once activated, it allows hackers to gain access to any system to which the Active Directory provides security. Making matters worse, following the publication of security research firm Secura’s whitepaper demonstrating just how Zerologon operates, researchers issued open source proof-of-concept codes, essentially giving hackers a step-by-step guide to employing Zerologon. The US Federal agencies under CISA's oversight are supposed to let the agency know by midnight that they've complied.