Privacy

Pegasus Spyware Should Be Banned, EU Data Agency Warns (bloomberg.com) 26

NSO Group's controversial Pegasus spyware should be banned in the European Union, the bloc's in-house privacy watchdog warned on Tuesday. From a report: "The ban on the development and the deployment of spyware with the capability of Pegasus in the EU would be the most effective option to protect our fundamental rights and freedoms," the European Data Protection Supervisor said in a statement on Tuesday. The warning comes amid increasing scrutiny of abuses of surveillance technologies meant to help intelligence and law enforcement agencies fight serious crime and terrorism. While the EU regulator doesn't make decisions for member countries, its influence at the top echelons of the bloc's institutions may encourage other authorities to crack down on surveillance software.
Power

France To Cut Carbon Emissions, Russian Energy Influence With 14 Nuclear Reactors (arstechnica.com) 110

An anonymous reader quotes a report from Ars Technica: France is planning to build up to 14 nuclear reactors in an attempt to shore up the country's aging nuclear fleet while also reducing the country's carbon emissions. And while the first reactors won't open for years, the announcement could serve to undercut Russia's attempts to keep Europe dependent on natural gas. President Emmanuel Macron announced the decision last week, saying that state-backed Electricite de France, also known as EDF, will build six new plants starting in 2028, with the option to build another eight by 2050. EDF estimates that six next-generation pressurized water reactors will cost around $57 billion. The first could be commissioned as early as 2035.

The move is a sharp reversal of Macron's earlier pledge to close several reactors over the next decade or so. National politics almost certainly play a role -- the nuclear power sector in France employs around 220,000 people, according to one estimate. "What our country needs is the rebirth of France's nuclear industry," Macron said at a nuclear turbine factory that EDF had just purchased from GE. "The time has come for a nuclear renaissance," he said. Macron also said that EDF will build a prototype small modular reactor, or SMR, by 2030. SMRs are fission reactors that are designed to be built in a factory and transported to their final destination. They generally produce less than 1 MW of power and are intended to be more economical than traditional reactors, which are constructed on-site. EDF will face stiff competition from numerous companies, from heavyweights like Westinghouse to startups like NuScale and Chinese firms like China Huaneng Group, which are pushing to commercialize SMRs.

France's new plans were announced less than two weeks after the EU announced that nuclear power would be considered "sustainable," a decision that was subject to intense lobbying by the French government. It also comes at a time of heightened tensions with Russia and its president, Vladimir Putin. Russia has flooded the EU with cheap natural gas, leaving the bloc dependent on the country for much of its energy. In 2020, the EU received more than 40 percent of its natural gas from Russia. The Nord Stream 2 pipeline, which could double Russian exports to the region, appears likely to increase the bloc's dependence. Macron's announcement, while possibly coincidental, could signal that France is interested in taking over as Europe's power center.

Power

Declaring 'Renaisance' for French Nuclear Industry, French President Promises Up to 14 New Reactors by 2050 (theguardian.com) 326

France president Emmanuel Macron "has announced a 'renaissance' for the French nuclear industry," reports the Guardian, with plans to build at least six new reactors by 2050 and as many as 14, "arguing that it would help end the country's reliance on fossil fuels and make France carbon neutral by 2050...." Atomic energy provides about 70% of French electricity, and low-cost nuclear power has been a mainstay of the French economy since the 1970s, but recent attempts to build new-generation reactors to replace older models have become mired in cost overruns and delays. Presidential candidates on the right have supported more nuclear power plants saying France should have "sovereignty" over its electricity, while detractors on the left have warned of the cost and complexity of building new reactors. Environmentalists have raised safety concerns over radioactive waste that remains deadly for tens of thousands of years.

Macron said French nuclear regulators were "unequalled" in their rigour and professionalism and that the decision to build new nuclear power plants was a "choice of progress, a choice of confidence in science and technology".

He also announced a major acceleration in the development of solar and offshore wind power. He said France had no choice but to rely on renewables and nuclear and that the country would also have to consume significantly less energy in the next decades.

He said he would seek to extend the lives of all existing French nuclear plants where it was safe to do so....

The French government lobbied hard and successfully to get the European Commission to label nuclear power "green" this month in a landmark review which means it can attract funding as a climate-friendly power source.

EU

France's Privacy Watchdog Latest To Find Google Analytics Breaches GDPR (techcrunch.com) 59

An anonymous reader quotes a report from TechCrunch: Use of Google Analytics has now been found to breach European Union privacy laws in France -- after a similar decision was reached in Austria last month. The French data protection watchdog, the CNIL, said today that an unnamed local website's use of Google Analytics is non-compliant with the bloc's General Data Protection Regulation (GDPR) -- breaching Article 44 which covers personal data transfers outside the bloc to so-called third countries which are not considered to have essentially equivalent privacy protections. The U.S. fails this critical equivalence test on account of having sweeping surveillance laws which do not provide non-U.S. citizens with any way to know whether their data is being acquired, how it's being used or to seek redress for any misuse.

France's CNIL has been investigating one of 101 complaints filed by European privacy advocacy group, noyb, back in August 2020 -- after the bloc's top court invalidated the EU-U.S. Privacy Shield agreement on data transfers. Since then (indeed, long before) the legality of transatlantic transfers of personal data have been clouded in uncertainty. While it has taken EU regulators some time to act on illegal data transfers -- despite an immediate warning from the European Data Protection Board of no grace period in the wake of the July 2020 CJEU ruling (aka 'Schrems II) -- decisions are now finally starting to flow. Including another by the European Data Protection Supervisor last month, also involving Google Analytics. In France, the CNIL has ordered the website which was the target of one of noyb's complaints to comply with the GDPR -- and "if necessary, to stop using this service under the current conditions" -- giving it a deadline of one month to comply.

"[A]lthough Google has adopted additional measures to regulate data transfers in the context of the Google Analytics functionality, these are not sufficient to exclude the accessibility of this data for U.S. intelligence services," the CNIL writes in a press release announcing the decision. "There is therefore a risk for French website users who use this service and whose data is exported." The CNIL does leave open the door to continued use of Google Analytics -- but only with substantial changes that would ensure only "anonymous statistical data" gets transferred. The French regulator is also very emphatic that under "current conditions" use of Google Analytics is non-compliant -- and may therefore need to cease in order for the site in question to comply with the GDPR. The CNIL also suggests use of an alternative analytics tool which does not involve a transfer outside the EU to end the breach. Additionally, it says it's launched an evaluation program to determine which website audience measurement and analysis services may be exempt from the need to obtain user consent (i.e. because they only produce anonymous statistical data which can be exported legally under GDPR). Which suggests the CNIL could issue guidance in future that recommends GDPR compliant alternatives to Google Analytics.

EU

Pan-European 'Supergrid' Could Cut 32% From Energy Costs (techxplore.com) 219

A European wide 'supergrid' could cut almost a third from energy costs according to a new study from the UCD Energy Institute. TechXplore reports: Evaluating the capabilities of Europe's energy network, the study, commissioned by SuperNode, found that a pan-European transmission system would reduce energy costs by 32 percent compared to the current approach. The 32 percent cost reduction identified is borne primarily from the expansion of European power flows -- derestricting them to allow the location of renewable generation to be optimized, thereby significantly decreasing the total installed capacity. While this scenario proposes an increase in transmission capacity, the costs were found to be insignificant compared to the cost savings in generation investment over the same period.

This study was an extension of work carried out by SuperNod, based on their Energy Scenario for Europe 2050 modeling -- which aims to predict future energy trends across the continent. Its modelling work, validated and extended by the UCD study and facilitated through ConsultUCD, demonstrates the net benefit of large investment into the development of new transmission assets to ensure more efficient utilization of Europe's renewable resources; highlighting bottlenecks where investment is required, such as higher levels of grid storage. [...] Another key finding from the UCD study is that the existing transmission system is not fit for purpose for Europe's energy future. Without accelerated investment in infrastructure, Europe will face challenges with load shedding, generation curtailment and excessively high emissions. The failure to achieve decarbonisation targets will not just undermine international climate efforts but will adversely affect Europe's economies and ability to compete on a global scale, the report notes.
The study has been broken into two parts (PDFs).
Facebook

Facebook Says It Is 'Absolutely Not Threatening' To Leave Europe After Many Welcomed the Move 153

Markus Reinisch, Vice President of Public Policy Europe at Meta, writing on company's blog: There has been reporting in the press that we are "threatening" to leave Europe because of the uncertainty over EU-US data transfers mechanisms. This is not true. Like all publicly-traded companies, we are legally required to disclose material risks to our investors. Last week, as we have done in our previous four financial quarters, we disclosed that continuing uncertainty over EU-US data transfers mechanisms poses a threat to our ability to serve European consumers and operate our business in Europe. We have absolutely no desire to withdraw from Europe; of course we don't. But the simple reality is that Meta, like many other businesses, organisations and services, relies on data transfers between the EU and the US in order to operate our global services. Further reading: We're Fine Without Facebook, German and French Ministers Say.
Businesses

Softbank's Sale of ARM To Nvidia Collapses, ARM To IPO (reuters.com) 23

According to Reuters, SoftBank's sale of ARM to U.S. chipmaker Nvidia has collapsed. Instead, SoftBank is planning to proceed with an initial public offering (IPO) with ARM CEO Simon Segars expected to resign, handing the job to president Rene Haas. From the report: The deal, announced in 2020, had faced several regulatory hurdles. The U.S. Federal Trade Commission sued to block it in December, arguing that competition in the nascent markets for chips in self-driving cars and a new category of networking chips could be hurt if Nvidia carried out the purchase. The buyout is also under the scrutiny of British and EU regulators amid concerns that it could push up prices and reduce choice and innovation.

The sale would have marked an early exit from Arm for Softbank, which acquired it for $32 billion. Chief Executive Masayoshi Son has lauded the potential of Arm, but is slashing his stakes in major assets to raise cash. The Financial Times was the first to report that Softbank's Arm-Nvidia deal had collapsed. The Japanese investment giant would receive a break-up fee of up to $1.25 billion, FT quoted one of the people as saying.

Transportation

Nissan Is Ending Engine Development, Except For US-Bound Vehicles (arstechnica.com) 162

Nissan is pulling the plug on its internal combustion engine development, except for the United States. Ars Technica reports: According to Nikkei Asia, the Japanese automaker has looked at the likely next set of European emissions rules and has decided it would be too expensive to design a new generation of engines that comply. Nissan is also not planning on any new internal combustion engines for Japan or China, although it will apparently keep refining existing engines and continue to work on hybrid powertrains. However, this new policy isn't a global one -- it doesn't apply to the US. That's because here, the automaker expects continuing demand for internal combustion engines, particularly in pickup trucks. If Nikkei Asia's reporting is correct, Nissan is just making explicit the fact that electrification of light passenger vehicles is going to be much more rapid in regions where governments create strong policy incentives.
EU

EU May Struggle To Fund $48 Billion Chips Act (appleinsider.com) 29

Europe's ambitious plans to quadruple processor production are facing problems securing the required $48 billion without disrupting state aid and other existing projects. Apple Insider reports: Following the US Senate's allocating of $52 billion to boost domestic semiconductor production, the European Union is aiming to make similar investment. However, under EU laws, funding is chiefly already committed to projects until 2027. Nonetheless, according to Bloomberg, EU internal market commissioner Thierry Breton, has said that the plans will be "commensurate" with the US. At the same time, Commission President Ursula von der Leyen said the total investment would be $48 billion.

Plans for the EU Chips Act are due to be published on February 8, 2022, but it is already known that it requires investment from both public and private resources. Bloomberg says that $30 billion has been earmarked from public sources, and the remainder will include at least $12 billion from private companies. It's not clear where the rest of the shortfall will come from, but reportedly according to documents seen by Bloomberg, the larger question is over the bulk of the public funding.

The investment allegedly depends on EU countries with already over-stretched budgets. It's also possible that previously allocated funds may be changed, plus there are concerns about the loosening of state aid rules in order to finance the plan. EU plans reportedly say that state aid, "must be necessary, appropriate and proportionate." They go on to say that the EU will monitor state aid use to ensure it doesn't "adversely affect trading conditions."

Google

Google Sued in Europe for $2.4 Billion in Damages Over Shopping Antitrust Case (techcrunch.com) 9

Google is being sued in Europe on competition grounds by price comparison service PriceRunner which is seeking at least ~$2.4 billion in damages. From a report: The lawsuit accuses Google of continuing to breach a 2017 European Commission antitrust enforcement order against Google Shopping. As well as fining Google what was -- at the time -- a record-breaking antitrust penalty (2.42 billion euro), the EU's competition division ordered the search giant to cease illegal behaviors, after finding it Google giving prominent placement to its own shopping comparison service while simultaneously demoting rivals in organic search results. Immediately following the order, Google made some initial tweaks to how its product search service works -- doubling down on an auction model. But complainants were instantly critical of the changes, arguing they neither remedied the unfairness nor complied with the EU's requirement for equal treatment of price comparison services. The following year, an investigation by Sky News also accused Google of trying to circumvent the EU antitrust ruling by offering incentives to ad agencies to create faux comparison sites filled with ads for their clients' products which Google could display in the Google Shopping box to present the impression of a thriving marketplace for price comparison services.
Facebook

Mark Zuckerberg and Team Considering Shutting Down Facebook and Instagram in Europe if Meta Cannot Process Europeans' Data on US Servers (cityam.com) 120

An anonymous reader shares a report: If Meta is not given the option to transfer, store and process data from its European users on US-based servers, Facebook and Instagram may be shut down across Europe, the social media giants' owner reportedly warned in its annual report. The key issue for Meta is transatlantic data transfers, regulated via the so-called Privacy Shield and other model agreements that Meta uses or used to store data from European users on American servers. The current agreements to enable data transfers are currently under heavy scrutiny in the EU. In its annual report to the U.S. Securities and Exchange Commission, Meta warns that if a new framework is not adopted and the company is no longer allowed to use the current model agreements "or alternatives," the company will "probably" no longer be able to offer many of its "most significant products and services," including Facebook and Instagram, in the EU, according to various media reports, including in iTWire, The Guardian newspaper and Side Line Magazine.

Sharing data between countries and regions is crucial for the provision of its services and targeted advertising, Meta stressed. Therefore, it previously used the transatlantic data transfer framework called Privacy Shield as the legal basis to carry out those data transfers. However, this treaty was annulled by the European Court of Justice in July 2020, because of data protection violations. Since then, the EU and the US did stress they are working on a new or updated version of the treaty.

EU

Meta Threatens To Pull Facebook and Instagram From Europe If It Can't Target Ads (itwire.com) 252

"Facebook is threatening it will simply pull out of Europe altogether if it is no longer able to share data about European users with its U.S. operations, applications, and data centres," reports ITWire.

It's customary for regulatory filings to preemptively declare a wide variety of possible future hazards, and in that spirit a recently-filed Meta financial statement cites a ruling by the EU's Court of Justice (in July of 2020) voiding a U.S. law called the Privacy Shield (which Meta calls one legal basis for its current dara-transferring practices). Though courts are now determining the ruling's ramifications, ITWire notes that "with the European General Data Protection Regulation (GDPR) well in force, the U.S. Privacy Shield principles were found non-compliant and consequently invalid." So while that ruling affects every American company, including cloud companies like Google, Microsoft, and Amazon, it's Facebook/Meta that "says stopping transatlantic data transfers will have a devastating impact on its targeted online advertisements capabilities."

Read it yourself, in Meta's own words:

"If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on Standard Contractual Clauses [now also subject to new judical scrutiny] or rely upon other alternative means of data transfers from Europe to the United States, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe, which would materially and adversely affect our business, financial condition, and results of operations."

Of course, the filing also cites other hazards like the possibility of new legislation restricting Facebook's ability to collect data about minors, complaining that such legislation "may also result in limitations on our advertising services or our ability to offer products and services to minors in certain jurisdictions."

And in addition, "We are, and expect to continue to be, the subject of investigations, inquiries, data requests, requests for information, actions, and audits by government authorities and regulators in the United States, Europe, and around the world, particularly in the areas of privacy, data protection, law enforcement, consumer protection, civil rights, content moderation, and competition..."

"Orders issued by, or inquiries or enforcement actions initiated by, government or regulatory authorities could cause us to incur substantial costs, expose us to unanticipated civil and criminal liability or penalties (including substantial monetary remedies), interrupt or require us to change our business practices in a manner materially adverse to our business, result in negative publicity and reputational harm, divert resources and the time and attention of management from our business, or subject us to other structural or behavioral remedies that adversely affect our business."

(Thanks to Slashdot reader juul_advocate for sharing the story!)
Earth

Thousands of Planes Are Flying Empty and No One Can Stop Them (wired.com) 119

"A pre-pandemic policy on airport usage is pressuring airlines to keep 'ghost flights' in the air," Wired reported this week — adding "The climate impact is massive." Lufthansa, Germany's national airline, which is based in Frankfurt, has admitted to running 21,000 empty flights this winter, using its own planes and those of its Belgian subsidiary, Brussels Airlines, in an attempt to keep hold of airport slots. Although anti-air travel campaigners believe ghost flights are a widespread issue that airlines don't publicly disclose, Lufthansa is so far the only airline to go public about its own figures.... Lufthansa's own chief executive, Carsten Spohr [said] the journeys were "empty, unnecessary flights just to secure our landing and takeoff rights." But the company argues that it can't change its approach: Those ghost flights are happening because airlines are required to conduct a certain proportion of their planned flights in order to keep slots at high-trafficked airports.

A Greenpeace analysis indicates that if Lufthansa's practice of operating no-passenger flights were replicated equally across the European aviation sector, it would mean that more than 100,000 "ghost flights" were operating in Europe this year, spitting out carbon dioxide emissions equivalent to 1.4 million gas-guzzling cars. "We're in a climate crisis, and the transport sector has the fastest-growing emissions in the EU," says Greenpeace spokesperson Herwig Schuster. "Pointless, polluting 'ghost flights' are just the tip of the iceberg."

Aviation analysts are split on the scale of the ghost flight problem. Some believe the issue has been overhyped and is likely not more prevalent than the few airlines that have admitted to operating them. Others say there are likely tens of thousands of such flights operating — with their carriers declining to say anything because of the PR blowback.

EU

Regulators Find Europe's Ad-Tech Industry Acted Unlawfully (engadget.com) 17

After a years-long process, data protection officials across the European Union have ruled that Europe's ad tech industry has been operating unlawfully. Engadget reports: The decision, handed down by Belgium's APD (.PDF) and agreed by regulators across the EU, found that the system underpinning the industry violated a number of principles of the General Data Protection Regulations (GDPR). The Irish Council for Civil Liberties has declared victory in its protracted battle against the authority which administers much of the advertising industry on the continent: IAB Europe. At the heart of this story is the use of the Transparency and Consent Framework (TCF), a standardized process to enable publishers to sell ad-space on their websites. This framework, set by IAB Europe, is meant to provide legal cover -- in the form of those consent pop-ups which blight websites -- enabling a silent, digital auction system known-as Real-Time Bidding (RTB). But both the nature of the consent given when you click a pop-up, and the data collected as part of the RTB process have now been deemed to violate the GDPR, which governs privacy rights in the bloc.

The APD has ruled that any and all data collected as part of this Real-Time Bidding process must now be deleted. This could have fairly substantial implications for many big tech companies with their own ad businesses, including Google and Facebook, as well as big data companies. It may also have a large impact on many media platforms and publishers on the continent who will now need to address the fallout from the finding. Regulators have also handed down an initial fine of 250,000 euros to IAB Europe and ordered the body to effectively rebuild the ad-tech framework it currently uses. This includes making the system GDPR compliant (if such a thing is possible) and appoint a dedicated Data Protection Officer. Until now, IAB Europe has maintained that it did not create any personal data, and said in December that it was a standards setter and trade association, rather than a data processor in its own right.
IAB Europe says the ruling did not ban the use of Transparency and Consent Frameworks, adding that it's looking to reform the process and "submit the Framework for approval as a GDPR transnational Code of Conduct."

According to Engadget, [I]t may launch a legal challenge to fight the accusation that it is a data controller, a decision it says will "have major unintended negative consequences going well beyond the digital advertising industry."
EU

EU Drafts Counteroffensive To China, US on Technology Rules (politico.eu) 34

The EU is taking a "Europe First" approach to technological standardization. From a report: The European Commission on Wednesday presented a plan to bolster its influence in creating global technology standards, as the bloc currently risks falling behind in global standardization organizations, where tech giants, government regulators and experts gather to set rules for how emerging technology works -- everything from the internet to batteries, connected devices and beyond. Faced with the U.S.' market dominance and China's aggressive attempts to rewrite global rules, the EU wants to raise its game. "We need to make sure we're not just a standard-taker. We need to be a standard-setter," said Thierry Breton, the EU's industry commissioner.

The new strategy comes at the start of a bumper year for standard-setting, which often happens out of the public eye, in industry-dominated groups packed with technical experts. Deals struck in organizations like the U.N.'s International Telecommunications Union (ITU) and the International Organization for Standardization (ISO) define how technology is implemented across the world. The ITU's flagship conference is scheduled for September in Budapest, when a new secretary-general will be named. Meanwhile, other international groups are working quickly to set standards for artificial intelligence, green technology and other major sectors, with companies and government officials tussling over which technologies will dominate the digital economy in the coming decade. The EU's plan follows its industrial strategy, released in March 2020, which already showed the bloc wants to set up competing policy initiatives to defend its companies against rivals from China and the U.S. that benefit from large-scale investment and subsidy schemes.

Privacy

Website Fined By German Court For Leaking Visitor's IP Address Via Google Fonts (theregister.com) 210

Earlier this month, a German court fined an unidentified website $110 for violating EU privacy law by importing a Google-hosted web font. The Register reports: The decision, by Landgericht Munchen's third civil chamber in Munich, found that the website, by including Google-Fonts-hosted font on its pages, passed the unidentified plaintiff's IP address to Google without authorization and without a legitimate reason for doing so. And that violates Europe's General Data Protection Regulation (GDPR). That is to say, when the plaintiff visited the website, the page made the user's browser fetch a font from Google Fonts to use for some text, and this disclosed the netizen's IP address to the US internet giant. This kind of hot-linking is normal with Google Fonts; the issue here is that the visitor apparently didn't give permission for their IP address to be shared. The website could have avoided this drama by self-hosting the font, if possible.

The decision says IP addresses represent personal data because it's theoretically possible to identify the person associated with an IP address, and that it's irrelevant whether the website or Google has actually done so. The ruling directs the website to stop providing IP addresses to Google and threatens the site operator with a fine of 250,000 euros for each violation, or up to six months in prison, for continued improper use of Google Fonts. Google Fonts is widely deployed -- the Google Fonts API is used by about 50m websites. The API allows websites to style text with Google Fonts stored on remote servers -- Google's or a CDN's -- that get fetched as the page loads. Google Fonts can be self-hosted to avoid running afoul of EU rules and the ruling explicitly cites this possibility to assert that relying on Google-hosted Google Fonts is not defensible under the law.

EU

WhatsApp Gets EU Ultimatum After New Terms Spark Backlash (bloomberg.com) 8

Meta Platforms' WhatsApp was given a month to answer European Union concerns over new terms and services that sparked outrage among consumers and privacy campaigners. From a report: WhatsApp must provide "concrete commitments" to address EU concerns about a possible lack of "sufficiently clear information" to users, or the exchange of user data between WhatsApp and third parties, the European Commission said Thursday. "WhatsApp must ensure that users understand what they agree to and how their personal data is used," EU Justice Commissioner Didier Reynders said in a statement. "I expect from WhatsApp to fully comply with EU rules that protect consumers and their privacy."

WhatsApp announced the policy changes a year ago, but was forced to delay their introduction until May after a backlash over what data the messaging service collects and how it shares that information with parent Facebook. European consumer association BEUC complained to the EU, saying the new terms and services were opaque. "WhatsApp bombarded users for months with persistent pop-up messages," BEUC said in reaction to the commission announcement. "WhatsApp has been deliberately vague about this, laying the ground for far-reaching data processing without valid consent from consumers."

Intel

Intel Wins Historic Court Fight Over EU Antitrust Fine (bloomberg.com) 22

Intel won a historic victory in its court fight over a record 1.06 billion-euro ($1.2 billion) competition fine, in a landmark ruling that upends one of the European Union's most important antitrust cases. From a report: The EU General Court ruled on Wednesday that regulators made key errors in a landmark 2009 decision over allegedly illegal rebates that the U.S. chip giant gave to PC makers to squeeze out rival Advanced Micro Devices (AMD). While the surprise ruling can be appealed one more time, it's a stinging defeat for the European Commission, which hasn't lost a big antitrust case in court for more than 20 years. The Luxembourg-based EU court said the commission provided an "incomplete" analysis when it fined Intel, criticizing it for failing to provide sufficient evidence to back up its findings of anti-competitive risks.
Security

Hacktivists Say They Hacked Belarus Rail System To Stop Russian Military Buildup (arstechnica.com) 71

Hacktivists in Belarus said on Monday they had infected the network of the country's state-run railroad system with ransomware and would provide the decryption key only if Belarus President Alexander Lukashenko stopped aiding Russian troops ahead of a possible invasion of Ukraine. Ars Technica reports: Referring to the Belarus Railway, a group calling itself Cyber Partisans wrote on Telegram: "BelZhD, at the command of the terrorist Lukashenko, these days allows the occupying troops to enter our land. As part of the 'Peklo' cyber campaign, we encrypted the bulk of the servers, databases and workstations of the BelZhD in order to slow down and disrupt the operation of the road. The backups have been destroyed [...]." The group also announced the attack on Twitter.

A representative from the group said in a direct message that the Peklo cyber campaign targets specific entities and government-run companies with the goal of pressuring the Belarus government to release political prisoners and stop Russian troops from entering Belarus to use its ground for the attacks on Ukraine. "The government continues to suppress the free will of Belarusians, imprison innocent people, they continue to unlawfully keep... thousands of political prisoners," the representative wrote. "The major goal is to overthrow Lukashenko's regime, keep the sovereignty and build a democratic state with the rule of law, independent institutions and protection of human rights."

At the time this post went live, several services on the railway's website were unavailable. Online ticket purchases, for instance, weren't working [...]. The representative said that besides ticketing and scheduling being disrupted, the cyberattack also affected freight trains. According to reports, Russia has been sending military equipment and personnel by rail into Belarus, which shares a border with Ukraine. @belzhd_live, a group of Belarus Railway workers that tracks activity on the 5,512-km railway, said on Friday that in a week's time, more than 33 Russian military trains loaded with equipment and troops had arrived in Belarus for joint strategic exercises there. The worker group said at the time that it expected a total of 200 so-called echelons to arrive in the coming days.

EU

The EU Approves Sweeping Draft Regulations On Social Media Giants (openaccessgovernment.org) 105

"The European Union took a significant step Thursday toward passing legislation that could transform the way major technology companies operate," reports the Washington Post, "requiring them to police content on their platforms more aggressively and introducing new restrictions on advertising, among other provisions...."

"The legislation is the most aggressive attempt yet to regulate big tech companies as the industry comes under greater international scrutiny." The version approved Thursday would force companies to remove content that is considered illegal in the country where it is viewed, which could be Holocaust denials in Germany or racist postings in France. And it would significantly shape how companies interact with users, allowing Europeans to opt out of targeted advertising more easily and prohibiting companies from targeting advertisements at children.... The legislation would also ban companies from employing deceptive tactics known as dark patterns to lure users to sign up or pay for services and products. And it would allow users to ask companies which personal characteristics, such as age or other demographic information, led them to be targeted with certain advertisements.
The two legislation bodies of the 27-nation bloc "are expected to debate the contents of the legislation for months before voting on a final version," the Post adds. But they add this a vote on "initial approval" of the legislation passed "overwhelmingly". "With the [Digital Services Act] we are going to take a stand against the Wild West the digital world has turned into, set the rules in the interests of consumers and users, not just of Big Tech companies and finally make the things that are illegal offline illegal online too," said Christel Schaldemose, the center-left lawmaker from Denmark who has led negotiations on the bill.

The Post adds this quote from Gianclaudio Malgieri, an associate professor of technology and law at the EDHEC Business School in France. "For the first time, it will not be based on what Big Tech decides to do," he said. "It will be on paper."

In fact, the site Open Access Government reports there were 530 votes for the legislation, and just 78 against (with 80 abstentions). "The Digital Services Act could now become the new gold standard for digital regulation, not just in Europe but around the world," they quote Schaldemose as saying, also offering more details on the rest of the bill: Algorithm use should be more transparent, and researchers should also be given access to raw data to understand how online harms evolve. There is also a clause for an oversight structure, which would allow EU countries to essentially regulate regulation. Violations could in future be punished with fines of up to 6% of a company's annual revenue....

The draft Bill is one half of a dual-digital regulation package. The other policy is the Digital Markets Act (DMA), which would largely look at tackling online monopolies.

Thanks to long-time Slashdot reader UpnAtom for sharing the story.

Slashdot Top Deals