Welcome to Codebook, the cybersecurity newsletter trying to bring back cargo pants.
A protester in Hamburg, Germany, objects to Article 13 (now 17) of the EU's pending copyright bill, March 26. Photo: Daniel Reinhardt/picture alliance via Getty Images
Europe's new copyright bill — the one many of the internet's inventors argue will jeopardize the network's future — is almost certainly destined to become law in each of the EU member countries, after an EU Parliament vote earlier this week. But some procedural hiccups left a sliver of doubt about the outcome, raising a glimmer of hope among the bill's ardent detractors.
Why it matters: The copyright bill has two controversial provisions that could fundamentally change how links and user-created content work online.
Background: The controversy stems from two sections:
But, but, but: In the final draft of the legislation, well after people started debating Article 11 and Article 13 under those names, the official name of Article 11 became Article 15 and Article 13 became Article 17.
The catch: Those provisions may have passed by accident.
Where it stands: In the EU, after Parliament passes a bill, the Council of the European Union votes on it. This vote is expected on April 9.
Meanwhile, the U.K. — which as of this writing is still in the EU — presents a stranger situation.
Once the bill passes, each member country of the E.U. will be required to pass a domestic version of the law. That could take years more.
A U.K. body set up to evaluate the security of Huawei telecommunications equipment has "not yet seen anything to give it confidence in Huawei’s capacity to successfully" address cybersecurity flaws, according to a blistering report released Thursday.
Why it matters: The U.S. is currently pushing foreign allies to avoid the use of Huawei 5G products due to security concerns. While the U.K. report did not find any intentional security flaws intended for use in espionage — which the U.S. has been warning against — it did find systemic unintentional security flaws.
Our thought bubble: The U.K. has been on the fence about formally banning Huawei products, arguing that it might be able to mitigate espionage attempts using technology. This report would be a reasonable excuse for Her Majesty's government to take up the U.S. line.
Background: The Huawei Cyber Security Evaluation Centre was set up by Britain in 2010 to evaluate the firm's wares as U.K. telecom firms purchased equipment.
Photo: Robert Michael/Getty Images
Grindr, a dating app marketed to the LGBTQ community often associated with casual sex, was at the center of two unrelated news stories Wednesday that could both have major impacts on cybersecurity.
Grindr unanimously won a federal appeals case against a man claiming the site should be liable for not preventing a malicious fake account from sending as many as 16 people a day to his home and workplace expecting sex, per Reuters.
Meanwhile: Grindr's Chinese owner will have to sell the site after the Committee on Foreign Investment in the United States determined its recent purchase was a national security risk, anonymous sources told Reuters. It's been suggested the issue may be blackmail.
India tested its first anti-satellite missiles Wednesday, making it the latest in a small group of countries with the potential to blow global communications equipment out of the sky.
Why it matters: India says the missiles are intended to fight the weaponization of space, not to attack telecommunications equipment or GPS satellites, which could cause disruptions to civilians. That doesn't mean the next nation to follow suit will be as judicious with its use.
As it stands, major military powers, including China, Russia and the U.S., have invested in similar technologies. Satellites are not really designed to dodge offensive weaponry.
The damages to one of the world's largest producers of aluminum caused by LockerGoga ransomware have topped $40 million, with the firm still not operating at full capacity a week after the attack, Norsk Hydro reported Wednesday.
The big picture: The ransomware is used in targeted extortion attempts, typically against industrial firms.
Codebook will be back Tuesday, after I pitch a help wanted section.