Cyber Week in Review: March 8, 2024

Nationwide internet connectivity restrictions following killing of opposition leader in Chad

On February 28, 2024, members of the Chad security forces killed Yaya Dillo, potential presidential candidate for the May 6 elections, leader of the Socialist Party Without Borders (Parti socialiste sans frontières, PSF), and cousin of current President Déby. The attack occurred at the PSF headquarters in Chad’s capital, N’Djamena, and follows similar acts of political violence in the 2021 election. After the attack, internet connectivity and telecommunications plummeted by 20 percent, with reports of mobile networks and internet networks being down. This isn’t the first time the internet has been disrupted in Chad during political unrest. Between 2018 and 2019, the Chadian government blocked social media and messaging platforms; in 2020, it limited WhatsApp access to prevent the “dissemination of messages of incitement to hatred and division.” Chad has been under military rule since 2021; however, the upcoming elections could return the country to constitutional rule. Dillo’s murder and the widespread internet outages reflect heightened political tensions that may affect the upcoming elections and the viability of political opposition to the current government.

EU Digital Markets Act takes effect

The European Union Digital Markets Act went into effect on Thursday, bringing with it a number of changes to the way the six companies classified as gatekeepers, Amazon, Apple, Google parent company Alphabet, Meta, Microsoft and TikTok owner ByteDance, operate their services and platforms. Gatekeepers will be required to increase operability between their services and third party apps; avoid favoritism toward their own products or services on their respective platforms; allow companies to use their own payments platforms on a gatekeeper’s platform or service, rather than relying on the gatekeeper’s internal payment service; and stop gathering user data outside of their core service. Companies that are found to be out of compliance with the DMA will face fines of up to 10 percent of their yearly global turnover, or 20 percent in the case of repeated violations. Apple iMessage and Microsoft’s Edge browser, Bing search engine, and advertising tools were all exempted from the DMA in February, after the European Commission concluded that the four services do not qualify as gatekeepers, and will be exempt from the DMA. The European Commission has already stepped up its enforcement of the act by announcing it was levying a two billion dollar fine against Apple for violating EU antitrust laws by preventing app developers from “informing iOS users about alternative and cheaper music subscription services available outside of the app;” in effect, intentionally pushing consumers to pay through apps on Apple’s App Store, which charged a 30 percent fee on downloads, and forbidding competitors like Spotify from notifying users about other ways of paying for the app.

Indian government now requires government approval for AI and LLM models

India’s Deputy IT Minister, Rajeev Chandrasekhar, announced that developers of AI models and platforms must now obtain government approval before releasing AI tools. The advisory is not legally binding, but Chandrasekhar said it signals the “future of regulation” in India. The ministry has requested that tech firms submit a report on their compliance with the advisory by March 16th, 2024. This new advisory also mandates that AI-generated content be labeled “under testing” or embedded with a unique metadata identifier, with the goal of informing users about potential deepfakes or disinformation. The new policy represents a significant shift from the government’s previous approach to AI regulation, which intended to prioritize growth by avoiding legislative action. Critics of the new legislation stated that the policy would only allow large, wealthy corporations to obtain government approval, restricting start-ups' access to the growing AI ecosystem. Minister Chandrasekhar clarified that the advisory would not affect start-ups by stating, “[The] advisory is aimed at the significant platforms, and permission seeking from MeitY is only for large platforms and will not apply to startups.” India is quickly scaling its AI usage, with about 59 percent of enterprises actively deploying AI.

Amazon announces $5.3 billion cloud computing investment in Saudi Arabia

Amazon Web Services (AWS) will launch three new “Availability Zones” (areas where Amazon provides increased cloud computing power and redundancy) in Saudi Arabia and invest over $5.3 billion in the Kingdom by 2026. The new centers will likely provide Saudi organizations with faster internet speeds and lower latency. Amazon also plans to invest resources in upskilling local students and cloud computing developers by training four thousand women on its AWS Cloud Practitioner Essentials and providing free cloud technology training and certifications to over thirty thousand Saudi citizens. The vice president of Infrastructure Services at AWS stated that the new availability zone “supports the Kingdom of Saudi Arabia’s digital transformation with the highest levels of security and resilience available on AWS cloud infrastructure.” In addition to the two centers in Saudi Arabia, AWS plans to launch eighteen more Availability Zones across Southeast Asia, Mexico, and New Zealand, and implement an AWS European Sovereign Cloud. This investment decision follows Huawei Technologies’ announcement that it will open a data center in Riyadh and invest $400 million in Saudi Arabia’s cloud infrastructure over the next five years.

U.S. Health Department intervenes in ALPHV ransomware attack against Change Health Care

On February 21, the Russian-backed ransomware group ALPHV, also known as BlackCat, attacked Change Health Care, a part of the UnitedHealth Group. The company, which processes 15 billion dollars in healthcare transactions annually for more than 100 million patients in the United States, was severely affected by the attack and has lost 30 billion dollars in market cap in the past month. The U.S. Health and Human Services Department (HHS) announced that it is implementing steps to mitigate the challenges facing Change Health Care after the cyberattack, such as encouraging Medicaid and Children’s Health Insurance Programs (CHIP) agencies to expedite or waive payments for certain program requirements. UnitedHealth Group was compelled to disconnect over one hundred systems at its Change Healthcare unit and halt insurance payments and other services, prompting the American Hospital Association to ask congressional leaders for government assistance. Though Change Healthcare states that “90 percent of claims are flowing uninterrupted for health providers,” BlackCat has indicated that it received a 22 million dollar transaction in Bitcoin as a ransomware payment.

Cecilia Marrinan is the intern for the Digital and Cyberspace Policy Program.