A law requiring internet companies in Vietnam to remove content communist authorities deem to be against the state came into effect Tuesday, in a move critics called “a totalitarian model of information control”. The new cybersecurity law has received sharp criticism from the US, the EU and internet freedom advocates who say it mimics China’s repressive censorship of the internet.
The law requires internet companies to remove content the government regards as “toxic”. Tech giants such as Facebook and Google will also have to hand over user data if asked by the government, and open representative offices in Vietnam.
The Australian government has passed new legislation that would allow law enforcement authorities to force tech companies to hand over user information, even if it’s protected by end-to-end encryption.
The Assistance and Access Bill 2018 has been criticized by Apple as well as other technology companies and academics who argue that the legislation will weaken the data security of all Australians, with a reach that could jeopardize the data of companies, citizens, and societies around the world.
Read more about the controversial Australian law on The Verge.
The French government announced on Monday a “Paris Call” for talks to lay out a common framework for ensuring internet security, following a surge in cyberattacks which has dented confidence in global networks. The move aims to relaunch negotiations on a “code of good conduct” which have stalled since last year.
Officials said the text, to be presented by President Emmanuel Macron as he opens UNESCO’s Internet Governance Forum in Paris on Monday, has been signed by most European countries. China, Russia and the United States have not yet joined, although a source in Macron’s office said a “critical mass” of US players support the call, including Microsoft and the NGO Internet Society.
Read more about the Paris Call for cybersecurity talks on SecurityWeek.
On September 20, 2018, the White House released a new cybersecurity strategy with several important changes in direction meant to give government agencies and law enforcement partners a greater ability to respond to cybercrime and nation-state attacks.
The new U.S. cyber strategy makes one message clear: America will not sit back and watch when attacked in cyberspace. On the contrary, in areas ranging from critical infrastructure to space exploration to intellectual property protection, the USA will respond offensively, as well as defensively in cyberspace.
Read everything you need to know about the new U.S. national cybersecurity strategy on Tripwire.
The Golden State’s governor just signed a law barring companies from selling Internet-connected devices with preprogrammed passwords that are easy to guess or crack and leave them vulnerable to malicious hackers. Starting in 2020, all Internet of Things devices made or sold in California must come equipped with unique passwords, or a feature that requires the user to set their own unique password.
However, eliminating weak default passwords is an elementary move that only offers a basic safeguard against a sliver of digital threats.
The U.S. government and the state of California are butting heads over a newly-passed state law that enforces net neutrality regulations on internet service providers (ISPs). And experts say that the outcome of the feud between federal and state law has long-standing implications for the future of net neutrality.
Senate Bill 822, passed into law on Sunday, mandates a thorough set of regulations on ISPs ensuring they don’t discriminate against various types of content. But as soon as the California bill passed, the Department of Justice promptly hit back with a lawsuit alleging that its regulations are unlawful.
Read more about the ongoing battle over net neutrality on Threatpost.
It’s no secret, consumers are increasingly mindful of who is accessing, collecting, receiving, storing and otherwise processing their personal data. In an effort to standardize data protection requirements across the European Union and improve trust in the rapidly expanding digital economy, the European Parliament and Council introduced the General Data Protection Regulation (GDPR), which went into effect this past spring.
The GDPR is effectively changing the way business is conducted around the world, with massive implications for global ecommerce. And we’re now seeing the push for data protection in the United States with the adoption of the California Consumer Privacy Act of 2018 (CCPA).
Worldwide spending on information security products and services will reach more than $114 billion in 2018, an increase of 12.4 percent from last year, according to the latest forecast from Gartner. In 2019, the market is forecast to grow 8.7 percent to $124 billion.
“Security leaders are striving to help their organizations securely use technology platforms to become more competitive and drive growth for the business,” said Siddharth Deshpande, research director at Gartner. “Persisting skills shortages and regulatory changes like the GDPR are driving continued growth in the security services market.”
Read more about the predicted rise in security spending, and the drivers for it, on Help Net Security.
In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that went into effect this past spring. The California law doesn’t have some of GDPR’s most onerous requirements, but in certain respects it goes even farther.
The California Consumer Privacy Act takes a broader view than the GDPR of what constitutes private data. The challenge for security, then, is to locate and secure that private data.
Read more about California’s new privacy law, AB 375, and learn how to be compliant on CSO.
With pressure to ensure consumer data is protected mounting, Gemalto today released the results of a global study which reveals that 65% are unable to analyze all the data they collect and only 54% of companies know where all of their sensitive data is stored. Compounding this uncertainty, 68% of organizations admit they don’t carry out all the procedures in line with data protection laws such as GDPR.
These are just some of the findings of the fifth-annual Data Security Confidence Index, which surveyed 1,050 IT decision makers and 10,500 consumers worldwide.
Read more about the findings of the fifth-annual Data Security Confidence Index on Help Net Security.