At a glance.
- US digital currency Executive Order expected.
- Pending decision on Standard Contractual Clauses will affect Big Tech.
- US Department of Justice will prioritize protection.
- US IRS retreats from biometrics.
White House to issue digital currency executive order.
Yahoo reports that an executive order concerning digital currency regulation is expected from US President Joe Biden in the near future. The order will direct several federal agencies, including the Departments of Treasury, State, Justice, and Homeland Security, to examine cryptocurrencies and a central bank digital currency (CBDC) in order to establish a comprehensive digital currency regulation strategy. The Director of the Office of Science and Tech policy will also be asked to conduct a technical evaluation of the needed federal support for a CBDC system, and the Treasury Department will work with the Securities and Exchange Commission, the Commodities Futures and Trading Commission, to report on measures for safeguarding consumers, investors, and private companies. The Chairman of the Federal Trade Commission and the Director of the Consumer Financial Protection Bureau will focus on the privacy issues posed by cryptocurrency, and the Office of Science and Technology Policy will look at digital distributed ledger technology.
Looking globally, the State, Treasury, and Commerce Department and USAID will be tasked with creating a framework for engagement with foreign counterparts in an international forum to develop standardized rules for digital assets. As Cointelegraph explains, the timing of the executive order couldn’t be better, as a recent report from the US Financial Crimes Enforcement Network found that the crypto ecosystem is supporting ransomware operations, both by facilitating ransomware-as-a-service transactions, as well as providing a means for securing payouts from victims.
Tech giants await Irish DPA decision on SCCs.
Ireland’s data protection agency is set to make a decision regarding the legality of the standard contractual clauses (SCCs) that currently allow Meta, Google, and other tech giants to transfer user data to the US. Much is riding on the data watchdog’s determination, as Meta stated in its recent annual report that the company will “likely be unable” to offer its services in the EU if the clauses are deemed illegal. This would be a huge loss for the company, as Facebook’s EU market accounts for one quarter of the company’s global revenue and is its third largest money-maker behind only the US and Canada.
“What’s at stake here are the entire data transfers to the U.S. and the services that depend on them,” said Johannes Caspar, formerly a top data protection regulator in Germany. Much of the transferred user data supports Meta’s ad tracking processes, which have already been hindered by EU privacy laws. A Meta spokesperson told Bloomberg, “Ongoing uncertainty over data transfers is impacting a large number of businesses and organizations in Europe and in the US…The simple reality is that we all rely on data transfers to operate global services. We need a long-term solution to EU-US data transfers to keep people and economies connected and protect transatlantic trade.”
US DoJ to take a more proactive approach to fighting cybercrime.
At the Munich Cyber Security Conference last week, US deputy attorney general Lisa O. Monaco revealed that the Department of Justice (DoJ) will be going on the offensive when it comes to cybercrime, the Register reports. According to new policies from the DoJ aimed at decreasing risk to victims, prosecutors, agents, and analysts will be evaluating "whether to use disruptive actions against cyber threats, even if they might otherwise tip the cybercriminals off and jeopardize the potential for charges and arrests." Possible actions include providing decryptor keys for malware, or seizing servers known to facilitate cyberattacks. Monaco also put an emphasis on international collaboration, stating that the DoJ will use sanctions and export controls as deemed appropriate by private businesses and the DoJ’s international partners, and prosecutors handling cyberincident investigations will be required to confer with DoJ's international and cybercrime specialists. Monaco went on to explain that "more joint international law enforcement operations – more eyes from multiple law enforcement agencies around the world – to track money through the blockchain” would be supported by a new International Virtual Currency Initiative focused on educating staff about financial regulations and anti-money laundering requirements.
US Internal Revenue Service retreats from plans to use biometric identity management.
The US Internal Revenue Service (IRS), after public, industry, and Congressional pushback, has shelved plans to adopt a biometric identification system for taxpayers, Federal News Network reports.
Paul Bischoff, privacy advocate with Comparitech, explains why the IRS would have been interested in biometrics to begin with, and describes some of the privacy issues the technology presents:
“Fraudulent tax returns, in which a scammer files a tax return in another person's name, are on the rise. In such a scam, the scammer files ahead of the victim and requests a much larger tax return than the victim is actually eligible for. After the victim receives their inflated return, the scammer contacts them posing as the IRS, saying the extra money must be returned immediately. The scammer provides false payment information so the victim's money actually goes to the scammer instead of the IRS. The victim is now left without their tax refund and they are in trouble with the IRS for filing a fraudulent return.
"This is the sort of scam that the IRS hopes to avoid by requiring face verification. Although it may help quell fraud, it also introduces a number of privacy questions that should have been answered long before the system was put in place: who has access to biometric data, such as other government agencies or private vendors that work with ID.me? How accurate is ID.me's face recognition? Can it be tricked? How long will biometric data be retained for? What security is in place to ensure the safe transmission and storage of selfies?
"The sudden implementation and lack of discussion around these questions will put a lot of people off using ID.me this year. Giving people an option to do an interview is a nice gesture, but I question whether that's less intrusive or more secure.”