Cyber Week in Review: January 26, 2018

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. It’s crunch time for GDPR compliance. With only four months left until the European Union’s General Data Protection Regulation (GDPR) comes into effect, only Germany and Austria have implemented appropriate legislation to enforce it. The European Commission is urging the remaining twenty-six EU members to enact the domestic legislation necessary to implement the GDPR by May 2018. U.S. companies with EU operations are racing to become GDPR compliant given that violations are punishable by twenty million euros or four percent of a company’s annual turnover. As part of its compliance efforts, Facebook COO Sheryl Sandberg announced in Brussels that all Facebook users--not only those in Europe--will have access to improved privacy controls to "make it much easier for people to manage their data." That is unlikely to soothe Facebook antagonist Max Schrems, who received the green light from the Court of Justice of the European Union to sue Facebook over its tracking of users around the web and how it provides user data to U.S. intelligence agencies. 

2. The thank you cards are in the mail. According to Dutch news outlet de Volkskrant, Dutch intelligence played a critical role in the U.S. intelligence community's attribution of the hack of the Democratic National Committee (DNC) in 2016 and State Department in 2015 to the Kremlin. Shortly after the downing of flight MH17 by Russian-backed rebels in Ukraine in 2014, the Dutch General Intelligence and Security Service (AIVD) managed to compromise the networks used by Cozy Bear, a cyber threat actor believed to be the SVR--Russia's foreign intelligence agency. That compromise gave them full access to Cozy Bear's operations, allowing them to see what its hackers were doing in real time. In 2015, the AIVD tipped off their U.S. counterparts about the targeting of the U.S. State Department, which according to one account led to "hand-to-hand combat." The same thing happened again, sans combat, in 2016 with the compromise of the DNC. This is the third known instance in which a U.S. ally has provided critical information to Washington warning it of Russia's attempts to meddle in the election. According to the New York Times, British intelligence tipped off the United States of Russia's intentions as early as 2015, and an Australian diplomat relayed a conversation he had with a Trump campaign staffer who indicated Russia had "dirt" on Hillary Clinton. 

3. The challenges of being a Russian telecom. Russian telecoms are finding it challenging to comply with the Yaravoya law, a suite of counter-terrorism and surveillance legislation passed in 2016. Under the law, Russian telecoms are required to store all user data and traffic for up to six months and make it available to government officials for search purposes. It seems like Moscow is taking a page out of Washington's playbook, learning from the National Security Agency's upstream collection programs, like PRISM, disclosed by Edward Snowden. According to Kommersant, Russian telecoms were unsuccessful in trying to get the Kremlin to pay a portion of the massive infrastructure and storage costs required to comply with the law. Three of the biggest telecoms in Russia have argued that their compliance costs would likely reach $1.8 billion for the first year. The Yaravoya law enters into force in October 2018.