Chinese protestors evade internet censors amidst COVID protests
A series of protests spread across major Chinese cities last Friday after a fire in an apartment building in Urumqi took over two hours to extinguish. The fire killed ten people, and many internet users claimed the firefighters battling the blazer were slowed by China’s strict COVID control measures. Protestors have been posting videos and images of the protests on Chinese social media platforms like WeChat and Weibo, evading government censors through tactics like adding filters and taking videos of videos. The Cyberspace Administration of China, the government body responsible for internet regulation, ordered internet censors to clamp down on the videos and the use of virtual private networks (VPNs) within the country. China’s government may be responding to the protests, and general anti-lockdown sentiment, as it has recently signaled a slight relaxation in its approach towards COVID, including lifting the lockdown in the southern city of Guangzhou and pushing state media outlets to publish stories of mild COVID cases.
United States and United Kingdom restrict Chinese technology equipment sales
The United States and United Kingdom banned the sale of a variety of Chinese technology products last week. The Biden administration prohibited the sale of new telecommunications equipment from Huawei Technologies and ZTE, and surveillance technologies from Dahua Technology, Hangzhou Hikvision Digital Technology, and Hytera Communications over national security concerns. The United Kingdom banned the use of Chinese-made security cameras at sensitive government sites after a recent government security review. Hikvision, a leading Chinese surveillance company, has denied that it poses a threat to the UK’s national security. These actions escalate an ongoing crackdown on Chinese-origin technologies in both countries, after the United States banned the sale or use of Huawei and ZTE equipment on U.S. military bases.
Ireland’s Data Protection Commission fines Meta $275 million
On Monday, Ireland’s Data Protection Commission (DPC) imposed a fine of approximately $275 million on Facebook’s owner, Meta, for violating data privacy regulations. The fine stems from a data breach discovered in April 2021 when Facebook user’s personal data was found on a private cybercrime forum. The data set included more than five hundred million users’ mobile numbers, Facebook IDs, names, genders, locations, relationship statuses, occupations, dates of birth, and email addresses. Facebook says the data was exposed by a flaw, patched in 2019, in the “Contact Importer” tool, which checked users’ address books for people they may know on Facebook. Meta has faced a number of major fines recently, including a $405 million fine the European Union imposed in September 2022 for Facebook’s mishandling of children’s data.
European Union adopts new directive to strengthen cybersecurity across the Union
The European Union enacted new regulation on Monday known as the Network and Information Security Directive Two (NIS2) to strengthen cybersecurity standards across member states to improve resilience and incident response capabilities. It aims to harmonize cybersecurity standards between different pieces of legislation, both at the EU and member-state level, and provide a baseline for risk management measures and reporting obligations across economic sectors. NIS2 expands the scope of the previous network and information services (NIS) directive by including all medium-sized and large organizations operating within the sectors governed by NIS2 or providing services covered by the directive as well as clarifying the sectors NIS2 applies to, such as energy, transport, health and digital infrastructure. This change will increase the number of sectors regulated from nineteen under the NIS to thirty five under NIS2. The U.S. Chamber of Commerce has previously praised NIS2 for streamlining the cybersecurity process in the EU and for the EU’s willingness to take input from industry groups.
Australia passes new data privacy bill
Both houses of the Australian Parliament passed the Privacy Legislation Amendment (Enforcement and Other Measure) Bill 2022 earlier this week. The new bill will significantly increase the penalties associated with corporate data breaches 30% of a company’s turnover or up to to AUS$50 million. Previously, the penalties were only AUS$2.22 million in the case of a breach. Australia has been hit by a series of major ransomware attacks and data leaks over the past six months, including the theft of the personal data of more than ten million people, 40 percent of Australia’s population, from the telecommunications giant Optus and a ransomware attack against the healthcare company Medibank. After Medibank refused to meet the hackers’ ransom demand, they released the healthcare data of more than ten million customers, although it remains unclear exactly what data the hackers released. Australia’s government has promised to take a much stronger stance against criminal hackers following the attacks, including by launching a program which will allow Australian police and its main signals intelligence agency to disrupt ransomware operators’ networks.