At a glance.
- Greek Prime Minister bans spyware sales.
- Australia’s Redspice plan will add a generous helping of cybersecurity funding.
- Pennsylvania governor signs data breach notification law.
Greek Prime Minister bans spyware sales.
Amidst mounting accusations that the Greek government targeted politicians, journalists and businessmen with spyware, Prime Minister Kyriakos Mitsotakis on Monday announced that Greece will ban the sale of spyware, the New York Times reports. “We will be the first country to tackle this problem and enact legislation that will explicitly ban the sale of such software in our country. No other country has done it. All countries have the same problem,” Mitsotakis stated. Indeed, countries all over the globe have been grappling with recent revelations that citizens' devices have been infected with spyware like NSO Group’s Pegasus, or in the case of the Greek targets, Pegasus’s less expensive (and less regulated) cousin Predator, which are intended for use by governments and law enforcement engaged in criminal investigations.
As Gizmodo explains, the Greek spyware scandal began last summer when it was discovered that Nikos Androulakis, a politician and member of the European parliament, had been targeted with Predator, and in the months following, dozens of other targets surfaced. It all culminated this week with the revelation that news outlet Documento acquired a list of thirty-three individuals allegedly targeted by the spyware. The Greek government has denied it participated in any illicit surveillance, stating that any wiretaps it installed on citizens’ phones were completely legal. The latest move, this ban on sales, is not an admission of guilt, but rather a signal that Greek officials want to crack down on the use of spyware. A government spokesperson stated, “We won’t allow any shadow to remain on issues that poison Greek society.” Mitsotakis has not disclosed exactly how this ban on spyware sales will work, or how it might impact the use of already purchased surveillance software.
Australia’s Redspice plan will add a generous helping of cybersecurity funding.
Australia has suffered a surge of data breaches impacting high profile organizations in recent weeks, and in response, the government has been working to bolster the nation’s cybersecurity. As C4ISRNet notes, in March, then-Prime Minister Scott Morrison announced plans to invest AU$9.9 billion over the next decade in its cybersecurity plan, dubbed Redspice (which stands for Resilience, Effects, Defence, Space, Intelligence, Cyber, Enablers). The funding, the largest investment ever in Australia’s cybersecurity, is intended to triple the country’s current offensive capabilities, double its persistent digital hunting efforts, and quadruple the global footprint of the Australian Signals Directorate (ASD). The money will also be put toward the development of advanced artificial intelligence and machine-learning capabilities and the hiring of nearly two thousand new cybersecurity government employees. Then-Defence Minister Peter Dutton explained in March, “Redspice ensures Australia keeps pace with the rapid growth of cyber capabilities of potential adversaries. It provides new intelligence capabilities, new cyber defence capabilities to protect our most critical systems, and is a real increase in the potency to strike back in cyberspace,” he added.
Pennsylvania governor signs data breach notification law.
Governor Tom Wolf of the US state of Pennsylvania last week signed a new law requiring
state agencies and local governments to notify victims of data breaches of personal information within one week. As the Pittsburgh Post-Gazette explains, the passage of Act 151 of 2022, or SB 696, was in part motivated by recent incidents like last year’s data breach of data recruiting firm Insight Global Data, which exposed the contact tracing data of 72,000 Pennsylvania residents. The new legislation will apply to state agencies; county, municipal, public school agencies; and state agency contractors. Senator Dan Laughin, who sponsored the law, explained, “Pennsylvania’s recent experience with data breaches clearly shows the need for the state to act quickly to protect its citizens when a data breach occurs.