View this email in your browser

Issue #77 – Friday, 18th March 2022

Dear readers, 

This week’s digest once again starts with a snapshot of the digital battlefield in Ukraine and Russia. More updates can be found on our dedicated page on the DW Observatory.

In other security developments, the UN Ad Hoc Committee started negotiations on drafting a new cybercrime convention by 2023, and the long-debated UK Online Safety Bill is now finally ready for parliamentary debate.

We round off this issue with data and chips as Ireland’s DPA fines Meta over GDPR breaches and Intel announces major investments in semiconductor R&D and manufacturing across the EU.

Stay safe,
The Digital Watch team

// THE HIGHLIGHTS //
THIS WEEK'S UPDATES

// UKRAINE //

Russia blocks Instagram

After giving Instagram users the weekend of 12–13 March to move their data and notify their followers, Russian telecoms watchdog Roskomnadzor blocked Instagram on 14 March

This was due to changes in the content policy guidelines of Instagram’s parent company, Meta Platforms, allowing Facebook and Instagram users in Ukraine to call for violence against Russian soldiers and to call for the death of Vladimir Putin

Meta has since narrowed its content policy guidance. Per President of Meta Global Affairs Nick Clegg, the company will ‘make it explicitly clear in the guidance that it is never to be interpreted as condoning violence against Russians in general’. Meta has likewise prohibited calls for the death of a head of state.

Russians' demand for VPNs skyrockets after Facebook and Instagram blocks

In the aftermath of the blocks, the demand for tools to bypass Russia’s restriction of Meta’s social media platforms Facebook and Instagram skyrocketed. According to data from monitoring firm Top10VPN, the demand for VPNs spiked 2,088% on the eve of the Instagram ban.

Rossgram – the Russian Instagram in the works

To fill the gap left by Instagram, Russian tech entrepreneurs began developing a Russian equivalent – Rossgram. The app will reportedly retain all the functions familiar to Instagram users and will contain additional monetisation tools. It will launch on 28 March, when well-known bloggers, investors, and sponsors can access it, while general users will be able to access it in April 2022.
Screenshot of the homepage of Rossgram, the Russian version of Instagram.

The slew of cyberattacks continues 

Researchers at ESET alerted that a new data wiping malware dubbed CaddyWiper hit Ukrainian networks on 14 March, erasing user data and partition information from any drives attached to a machine that has been compromised. Ukraine’s Computer Emergency Response Team (CERT-UA) cautioned that manipulative cyberattacks continue this week, with fake antivirus updates used to deploy malware. Western intelligence services are investigating a cyberattack that disrupted broadband satellite internet access provided by US telecoms firm Viasat on 24 February, the first day of the Russian invasion.

The hacker collective Anonymous, which has declared cyberwar on Russia, has reportedly hacked the German subsidiary of the Russian oil company Rosneft, the website of Rosatom State Nuclear Energy Corporation, and the websites of Moscow.ru, the Analytical Center for the Government of the Russian Federation, the Ministry of Sport of the Russian Federation, and Russia’s Federal Security Service (FSB). Websites of several Russian arbitration courts were also defaced in an apparent protest over Russia's actions in Ukraine.

Deep fakes are added to the fray

A fake video that appeared to show Ukrainian president Volodymyr Zelensky asking Ukrainian troops to lay down their weapons emerged on social media, in what could be the first weaponised use of deepfakes during an armed conflict. Zelensky himself promptly debunked the claims in a real video.
A still from the deep fake video showing Ukrainian president Volodymyr Zelensky
A still from the deep fake video.

// CYBERSECURITY //

Cybercrime negotiations at the Ad Hoc Committee

The first substantive session of the Russia-initiated UN Ad Hoc Committee was off to a rocky start, beginning just four days after the Russian invasion. Multiple countries questioned the possibility of negotiation with Russia in the UN, noting ‘these circumstances in the continued cyberattacks against Ukraine are not conducive to a constructive engagement with Russia on a legally binding convention in the cyber field.’ However, discussions unfolded in a constructive manner.

This session of the Ad Hoc Committee was dedicated to procedure and ended with member states adopting the draft report and its addendums one through seven.

Even though the main topic of the first substantive session was procedure, delegations also spoke about the substance of the proposed UN Cybercrime Treaty. This exposed diverging opinions on what differentiates cybercrime and cyber-dependent crime, whether and how human rights protections will apply and be reflected in the treaty, and implementation of the treaty through criminal justice and law enforcement mechanisms while upholding human rights.

The next steps in the negotiations are outlined in the Roadmap that the Committee adopted: The negotiations will be text-based and the states will provide specific drafts of the negotiating text before the second meeting (May/June 2022) and the third meeting (August/September 2022) of the Ad Hoc Committee. A consolidated negotiating document will be prepared on the basis of the outcomes of the second and third sessions. A second draft text of the convention will be prepared based on the outcomes of the fourth and fifth sessions.

Online safety bill introduced in UK parliament

In May 2021, the UK government presented the first draft of an Online Safety Bill, aimed at creating a safer online environment for users. Almost a year later, on 17 March 2022, the bill was introduced in the parliament in a modified form. 

The 225-page document proposes a wide range of obligations for internet companies in areas such as ensuring child safety, tackling illegal content, and limiting the spread of misinformation and disinformation. Among them:

  • All platforms are required to remove illegal online content related to terrorism and child sexual exploitation and abuse. 
  • Companies must report child sexual exploitation and abuse content detected on their platforms to the National Crime Agency.
  • Websites that publish or host pornographic content are required to introduce robust checks to ensure that users are 18 years old or over. 
  • The largest online platforms will have to address ‘legal, but harmful content’ accessed by adults (content related to abuse, harassment, eating disorders, etc.). The categories of legal, but harmful content will be stipulated in secondary legislation and approved by the parliament. The platforms will need to make sure that their terms of service are unambiguous about how they deal with such content and must enforce these terms consistently. The government hopes that such measures will help ensure that platforms’ processes are transparent and not arbitrary. 
  • Large platforms must introduce proportionate measures to prevent the publishing or hosting of fraudulent adverts on their services.
  • Internet companies must establish clear and accessible ways for users, including children, to report harmful content or challenge content takedown actions.
  • Companies that fail to comply with these obligations can be fined by Ofcom up to 10% of their annual global turnover.

The bill gives Ofcom powers to demand information and data from tech companies, including on the role of their algorithms in selecting and displaying content. Ofcom will also be able to set expectations for proactive technologies in content moderation.

As was the case with previous versions of the bill, controversy remains over the legislation’s implications for freedom of expression, the pressure it may put on startups, and enforcement challenges, among other issues.

DDoS attack takes Israeli government websites down 

Several government websites in Israel – including the websites of the ministries of interior, defence, and justice – were unavailable for over an hour on 14 March. The incident was caused by a distributed denial of service (DDoS) attack against a communications provider, according to the country’s National Cyber Directorate. Access to the affected websites was restored later in the day. 

No statements were made regarding attribution of the attack, although some media sources pointed to a possible Iranian involvement.

// CRYPTOCURRENCIES //

UK regulator orders crypto ATM operators to shut down

The UK’s Financial Conduct Authority (FCA) issued a warning to operators of cryptocurrency ATMs in the UK to ‘shut their machines down or face enforcement action’. The financial regulator noted that none of the crypto asset firms registered in the UK have been approved to offer crypto ATM services, and, as such, they operate illegally. 

The FCA highlights consumer protection in their statement, noting: ‘We regularly warn consumers that cryptoassets are unregulated and high-risk which means people are very unlikely to have any protection if things go wrong, so people should be prepared to lose all their money if they choose to invest in them.’

// CHIPS //

Intel announces new investments in EU semiconductor ecosystem

Intel has announced a series of investments of over €33 billion for research, development, and manufacturing of semiconductors in the EU. An initial €17 billion will be invested in a ‘leading-edge semiconductor fab mega-site’ in Germany, dubbed the ‘Silicon Junction’. Intel will also expand its existing fab in Ireland, invest in a ‘state-of-the-art back-end manufacturing facility’ in Italy, create a new R&D and design hub in France, and invest in R&D, manufacturing, and foundry services in Poland and Spain. 

These initiatives, the company notes, will contribute to increasing Europe’s chips supply chain resiliency, a goal highlighted by the European Commission in the recently published proposal for a EU Chips Act.
Mock-up of early plans for two new Intel processor factories in Magdeburg, Germany.
Mock-up of early plans for two new Intel processor factories in Magdeburg, Germany. Credit: Intel Corporation

// DATA PROTECTION //

Meta fined €17m by Irish privacy watchdog 

The Irish Data Protection Commission (DPC) imposed a fine of €17 million on Meta, following an inquiry into a series of data breach notifications from 2018. The commission found that Facebook did not have appropriate technical and organisational measures in place to demonstrate that it implemented necessary security measures to protect users’ data in line with the GDPR. 

The DPC took the  decision in consultation with the other data protection agencies (DPAs) across EU member states.
Was this newsletter forwarded to you, and you’d like to see more? Sign up for more.
Tweet it Tweet it
Share it Share it
Post it Post it
Forward it Forward it
Copyright © 2022 DiploFoundation, All rights reserved.



Want to change how you receive these emails?
You can update your preferences or unsubscribe from all our emails.