Can you feel it? Does your coffee taste richer, the air smell a little sweeter, the sunlight shine a smidgen brighter—and is your inbox much, much fuller? The European Union’s General Data Protection Regulation, or GDPR, went into effect yesterday. After years of preparation (you have been preparing, right?), businesses with operations in Europe will now be forced to steward people’s data with greater care—or else.
You’ve probably been alerted to the regime change by an avalanche of emails regarding updated privacy policies and changes in terms of service agreements. (Please excuse my joking subject line.) Even if you are not an EU resident, you may benefit. Many tech firms, such as Facebook and Google, are extending protections across their user bases, so as to simplify matters for themselves. This decision to conform to Europe’s high standard is known, as my colleague Jeff John Roberts explains, as the “Brussels effect“; the phrase calls to mind, at least for me, a parent commanding a child to finish their Brussels sprouts. Quit complaining—they’re good for you.
Even though many companies are saying that they plan to abide by the new rules globally, the penalties for breaching a GDPR stipulation count only for EU residents. That means Americans will have no choice but to take these corporations at their word—and if anyone screws up, there will be little recourse outside Europe. Some people may criticize GDPR for its heavy-handed approach: see, fines of up to 4% of global revenues for compliance failures. But it is a necessary and overdue set of measures for safeguarding people’s privacy. The tech economy has been recklessly aslosh in our data for too long. It’s time they started taking responsibility for it.
Last weekend I ran a column by Oren Falkowitz, a cybersecurity entrepreneur, which applied the late scientist Richard Feynman’s warning about “cargo cult science” to the cybersecurity industry. The essay prompted me to pick up a book I’ve been meaning to read for years, Surely You’re Joking, Mr. Feynman! It struck me, while reading a chapter on the eminent physicist’s obsession with lock-picking and safe-cracking during his stint on the Manhattan Project, that if he had been born today, there’s no question in my mind he would have been a hacker. The man loved a technical puzzle as much as he loved outfoxing authorities. May your spirit live on, Mr. Feynman.
THREATS
A new sheriff in town. As mentioned above, the European Union’s General Data Protection Regulation, or GDPR, went into effect this weekend. Companies with EU operations now must abide by new strictures, like reporting data breaches within 72 hours, or delivering EU residents’ data to them upon request within 30 days. Otherwise, businesses could be forced to pay a penalty that can run as high as 4% of global revenues, or 20 million euros. Ouch.
Routers routed. Cisco’s threat research team, Talos, warned the public that it has discovered a malware campaign that compromised half a million routers in 54 countries. It is suspected that Russian spy services are to blame for the attack, which Talos dubbed “VPN Filter.” The FBI has recommended that people reboot their routers to help identify and disrupt the infection.
Alexa, quit eavesdropping. An Amazon Echo device erroneously recorded a private conversation between two people in Portland, Oregon, and then sent the file to an unauthorized third party. The device apparently misheard the couple’s verbal cues, causing it to go rogue. Amazon said in a statement, “As unlikely as this string of events is, we are evaluating options to make this case even less likely.”
I demand a recount. The Federal Bureau of Investigation repeatedly overstated the number of devices it has been unable to access due to strong data encryption features, the Washington Post reports. While the FBI has said that it has been prevented from accessing the contents of about 7,800 devices, it turns out the true figure is somewhere between 1,000 and 2,000. The agency is said to have inflated the numbers by counting the same devices more than once, a result of apparently poor database management.
On the Internet nobody knows you’re a…Bitcoin scammer?
ACCESS GRANTED
Splitting atoms. The New York Times published a delightful read on the “fusion centers” banks and other companies use to coordinate their cybersecurity defenses. With big-screen maps and other flourishes, these rooms are often designed to look cool—even if the accoutrements aren’t exactly necessary to get the job done. Well, these centers do serve at least one purpose: “They are especially useful, executives concede, to put on display when V.I.P.s or board members stop by for a tour,” as the Times writes.
ONE MORE THING
“The Edison of our age.” Not many people know the name of Stanford Ovshinsky, an Ohio-born inventor whose contributions to materials science overturned dogma about semiconductors in the ’60s. Today, Ovshinsky’s legacy extends to technologies that make CDs and DVDs, hybrid car batteries, and cheap solar panels possible. Now Intel and Micron are using the late tinkerer’s patents, which they’ve since purchased, to create the next generation of “phase-change” memory chips. Scientific American has a nice biography on the man and his work here.