At a glance.
- Privacy concerns surrounding EU's Digital Identity Framework.
- US National Security Council to address identity theft.
- Possible regulation of targeted advertising.
Privacy advocates urge not to proceed with amendment to EU’s Digital Identity Framework.
A group of international cybersecurity experts, including non-profit digital rights group the Electronic Frontier Foundation (EFF), are calling on European lawmakers to scrap a proposed amendment to Article 45 in the EU’s Digital Identity Framework (eIDAS). The proposal would direct leading web browsers like Firefox, Google, and Safari to accept Qualified Website Authentication Certificates that circumvent typical security standards and could make it easier for threat actors to steal user data. As the EFF asserts, privacy advocates feel allowing these certificates would “put the entire website security ecosystem at risk by requiring browsers to trust third parties designated by the government without any security assurances.” A letter signed by the EFF’s leaders, along with nearly forty cybersecurity researchers, advocates, and practitioners from Belgium, Canada, France, Germany, Taiwan, the UK, and the US was sent yesterday to members of the European Parliament imploring they amend the revised Article 45.2 of the eIDAS. The letter reads, “While we understand that the intent of these provisions is to improve authentication on the web, they would in practice have the opposite effect of dramatically weakening web security.”
National Security Council addresses identity theft.
US President Joe Biden established the Executive Order on Preventing Identity Theft in Public Benefits Programs in May 2021, and now the National Security Council’s (NSC) cybersecurity team has begun directing its efforts to fulfilling the federal initiative. As the White House noted in the initiative’s announcement, the Federal Trade Commission reported a 3000% increase in public benefits identity theft from 2019 to 2020. FedScoop explains, the executive order requests that the American Rescue Plan coordinator and Office of Management and Budget work in consultation with the NSC, Pandemic Response Accountability Committee, inspectors general, and Government Accountability Office. During his State of the Union Address on Tuesday, Biden stated, “Under my administration the watchdogs are back. And we’re going to go after the criminals billions of relief money meant for small businesses and millions of Americans.” The Department of Justice will also be appointing a chief prosecutor to its COVID-19 Fraud Enforcement Task Force, a 30-agency team focused on pandemic fraud operations using next-generation data analytics tools for identifying fraud and wielding heightened penalties for cybercriminals. The task force will concentrate on recouping billions of stolen dollars from over two hundred fraud investigations, and over one thousand cases have already been charged.
The escalating battle against targeted advertising.
US President Joe Biden’s State if the Union Address covered the gamut, from identity theft to cyber protections for minors. Biden urged Congress to introduce stronger privacy regulations for online platforms to reign in “the national experiment they’re conducting on our children for profit.” Wired notes that Biden’s push to address targeted advertising to minors was met with applause, remarkable considering that until just recently, targeted ads were considered the inevitable price everyone must pay to use the internet. It’s only in the last year that lawmakers have really ramped up the fight against the use of “surveillance advertising,” known to collect private user information and reward the platforms that create the largest files on their users. As congress member Kelly Armstrong explained at a hearing last December, “The problem’s with the business model. One that is designed to attract attention, collect, and analyze what keeps that attention, and place ads.” Since then, lawmakers have introduced the Banning Surveillance Advertising Act, as well as a bipartisan bill that would treat regulation of the online ad market in a manner akin to the stock market, with the aim of making it more difficult for any one platform (ahem, Google) to squash competition.