At a glance.
- Implications of China's data privacy law.
- Conti says it regrets doxing Arab royals.
- DDoSecrets leaks police surveillance videos.
The global ramifications of China’s PIPL.
Wired discusses China’s new data privacy law, the Personal Information Protection Law (PIPL), and how it will impact companies beyond the country’s borders. Coming into effect on November 1, the law is intended to improve data protections for Chinese consumers by regulating how companies handle user data and curtailing illicit data trading and theft. However, the PIPL will also allow the government to blacklist any overseas businesses that violate the law or threaten national security.
Yahoo, calling China an “increasingly challenging business and legal environment,” already preemptively closed down its remaining operations in the country, and LinkedIn did the same. While in many ways the PIPL mirrors other nations' data laws, the main difference is that it’s colored by China’s all-encompassing political vision. Omer Tene, a partner specializing in data, privacy, and cybersecurity at law firm Goodwin, summarizes, “If European data protection laws are grounded in fundamental rights and US privacy laws are grounded in consumer protection, Chinese privacy law is closely aligned with, and I would even say grounded in, national security.”
Conti eats a slice of humble pie (maybe).
The Conti ransomware gang, the hackers behind the recent attack on UK jewelry seller Graff, has released an apology letter to the individuals exposed in the incident. As Vice reports, it’s likely no coincidence that the mea culpa comes after Conti learned that the attack’s victims included UAE, Qatar, and Saudi royalty, some of the most influential and (allegedly) dangerous people in the world. The apology states, “We found that our sample data was not properly reviewed before being uploaded to the blog...Conti guarantees that any information pertaining to members of Saudi Arabia, UAE, and Qatar families will be deleted without any exposure and review.”
As always, statements from cybercriminals should be treated with caution. While some experts feel this is an obvious attempt to avoid retaliation, possibly in response to pressure from Russian officials, Emsisoft’s Brett Callow says “that seems unlikely. A public apology like this would simply cause further embarrassment to the individuals it names. Also, Conti has hit Saudi-based companies in the past, so obviously has no problems operating in that part of the world.”
DDoSecrets leaks police helicopter surveillance footage.
Wired reports that hacktivist group Distributed Denial of Secrets, aka DDoSecrets, published a 1.8-terabyte cache of surveillance footage from US police helicopters on their website on Friday. The footage allegedly belongs to the Dallas Police Department in Texas and Georgia's State Patrol that was being stored in an unprotected cloud database. The use of police drones for video surveillance has faced scrutiny from privacy advocates who see it as a violation of citizens' rights, and the released footage includes everything from wide aerial shots to closeups of individuals in their yards.
DDoSecrets co-founder Emma Best told Wired, “Not only is the surveillance itself problematic and worrisome, but the data is not handled in the ideal conditions we're always promised.” Dallas Police Department public information officer Brian Martinez said that, for security reasons, he can’t discuss the department’s data storage policies, but explained that the footage “is available to any person requesting the video through the Open Records Act.”