At a glance.
- Apple's child protection move prompts another round in the crypto wars.
- Industry considers impact of US cyber regulations.
Apple’s child protection measures reignite the crypto wars.
As we’ve seen, Apple’s new child protection protocols have sparked thoughtful points and counter-points in the crypto debates. 9to5Mac straightens out some misunderstandings, like the fact that the greatest threats to privacy would come from future misuse by undemocratic powers, not current mechanisms. Apple has promised to weigh international rollout decisions carefully, and the company’s FAQ document says the firm “will not accede to any government’s request to expand” scanning and detection capacities. 9to5Mac thinks Apple can’t make this promise, since it’s beholden to and regularly abides by local laws. Chinese citizens’ iCloud data, for instance, is kept on a state-controlled server.
Stratechery observes that once a tool is built, only policies stand in the way of its abuse—while acknowledging that pending UK and EU child protection regulations might have forced Apple’s hand in the near future anyway. SecurityWeek recounts cryptography scholar Matt Blaze’s concerns that Apple will face “enormous pressure…to detect other kinds of 'bad' content,” in addition to piquing the interest of threat actors looking for loopholes.
CSO Online describes a swiftly shifting global legislative landscape, with blurring divides between digital authoritarians and digital democracies, and clear through lines from censorship and disinformation to mandated access. The majority of people are currently subject to regimes that require (or are thinking about requiring) access to encrypted data; whether Apple’s move will further tip the scales remains to be seen.
Considering the impact of recent US cybersecurity regulations.
SecurityWeek explains the zero-trust component of President Biden’s May cybersecurity Executive Order. While the Order binds only Federal offices, the hope is that industry will follow the Government’s lead on security priorities, and make use of the roadmaps developed. The Order communicated that “bold changes” are needed, and zero-trust is top of the list.
In short, zero-trust concerns “everyone seeking access to anything,” and entails inventorying and segmenting assets, authenticating users with MFA and minimum permissions, and safely storing keys. Thanks to the Order, SecZetta CEO David Pignolet says, “Private sector companies don’t all have to go build their own reference architecture with their own interpretation of zero-trust – there will be a resource provided by the Federal government that defines it.”
BIC Magazine looks at the implications for the oil and gas industry of the Order’s Internet of things labeling mandate and the Transportation Security Administration’s pipeline Security Directive. Some onlookers hope to see more affordable security solutions along with increased uptake of blockchain technology, and anticipate additional cybersecurity reporting requirements for midstream operators.