Tag Archive for: statement

Quad Foreign Ministers’ Statement on Ransomware

/in


We, the Foreign Ministers of Australia, India, and Japan and the Secretary of State of the United States, met in New York on September 23, 2022.  We reaffirm the Quad’s commitment to supporting Indo-Pacific countries’ advancement of a free and open Indo-Pacific, which is inclusive and rules-based.  We are committed to an open, secure, stable, accessible, and peaceful cyberspace and support regional initiatives to enhance the capacity of countries to implement the UN Framework for Responsible State Behavior in Cyberspace.  We strongly believe that focused initiatives for enhancing the cyber capabilities of Indo-Pacific countries would ensure the security and resilience of regional cyber infrastructure.

Recalling the last Quad Foreign Ministers’ Meeting on February 11, 2022, we commit to addressing the global threat of ransomware, which has been an obstacle to Indo-Pacific economic development and security.  The transnational nature of ransomware can adversely affect our national security, finance sector and business enterprise, critical infrastructure, and the protection of personal data.[1]  We appreciate the progress made by the 36 countries supporting the U.S.-led Counter Ransomware Initiative (CRI) and the regular, practical-oriented consultations against cybercrime in the Indo-Pacific region.

Call for State Action

The Ministers call on states to take reasonable steps to address ransomware operations emanating from within their territory.  We exercise responsibility to assist each other in the face of malicious cyber activity, including from ransomware, against critical infrastructure.

Resilience and Capacity Building in the Indo-Pacific

The Ministers signal our collective will to fight ransomware threats to the cyber infrastructure that enables Indo-Pacific economic development and security.  We commit to further cooperate on capacity building programs and initiatives that are aimed at enhancing regional cybersecurity and improve resilience against ransomware attacks in the Indo-Pacific.  The Ministers highlight that practical cooperation in countering ransomware among Indo-Pacific partners would result in denying safe haven to ransomware actors…

Source…

Joint Statement of the U.S.-Japan Economic Policy Consultative Committee: Strengthening Economic Security and the Rules-Based Order

/in


The text of the following statement was released by the Governments of the United States of America and Japan on the occasion of the inaugural ministerial meeting of the U.S.-Japan Economic Policy Consultative Committee.

Begin Text

United States Secretary of State Antony Blinken and Secretary of Commerce Gina Raimondo co-hosted Japan’s Minister for Foreign Affairs HAYASHI Yoshimasa and Minister of Economy, Trade and Industry HAGIUDA Koichi for the inaugural ministerial meeting of the U.S.-Japan Economic Policy Consultative Committee (EPCC) on July 29, 2022. The Ministers affirmed their shared resolve to present a positive economic vision that highlights the benefits of a rules-based international economic order and emphasized the need to make our economies more competitive and resilient.

The Ministers considered the complex global economic context that has produced increased levels of risk and uncertainty for all. They noted recovery from the COVID-19 pandemic remains incomplete, and the pandemic has contributed to various economic challenges including supply chain disruptions, increasing commodity prices, and greater inequalities, many of which have disproportionately impacted historically underserved communities. The Ministers strongly condemned Russia’s brutal, unprovoked, and unjustified aggression against Ukraine and shared the view that it has exacerbated such challenges and undermined energy and food security around the world. The Ministers affirmed the need to address the climate crisis in the face of complications due to energy insecurity.

The Ministers also recognized the pandemic has significantly altered social and economic life through accelerated adoption of various technologies, including digital transformation, providing new opportunities as well as challenges. They noted technological innovation – including in critical and emerging technologies such as artificial intelligence, quantum technologies, and renewable and circular technologies – presents transformative potential, as well as risks for our economies if abused. The Ministers committed to continue taking steps to realize a full and sustainable recovery from the pandemic and enhance…

Source…

Privacy International and the Electronic Frontier Foundation’s Statement on Unauthorized Access to Data

/in


Statement to the second session of the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communication Technologies for Criminal Purposes on Agenda Item 4: [illegal/unlawful/unauthorized] access

Addressing some of the first group of questions, we believe that any future Treaty should ensure that [illegal/unlawful/unauthorized] access does not criminalize security research, whistleblowers, and other novel and interoperable uses of technology that ultimately benefit all of usIn particular, the [unauthorized] access to a computer system provision should explicitly require the intention to access a computer system and the person’s intent to cause damage or defraud (malicious intent or mens rea). Without malicious intent, this future treaty risks harshly criminalizing “breaking security,” potentially without any need for harm or damage and seemingly without regard to whether the purpose was beneficial.

Some States have also interpreted unauthorized access laws so broadly as to put computer security researchers at risk of prosecution for engaging in socially beneficial security testing through standard security research practices. “Without authorization” should be defined more clearly to require the circumvention of a technical barrier like a password or other authentication stage. 

When it comes to whistleblowing, the 2015 report of the UN Special Rapporteur of freedom of expression noted that prosecution of whistleblowers generally deters whistle-blowing and recommended that States avoid it, reserving it, if at all, only for exceptional cases of the most serious demonstrable harm to a specific legitimate interest. 

The report states that “in such situations, the State should bear the burden of proving an intent to cause harm, and defendants should be granted (a) the ability to present a defense of an overriding public interest in the information, and (b) access to all information necessary to mount a full defense… Penalties should take into account the intent of the whistle-blower to disclose information of public interest and meet international standards of legality, due process, and proportionality.”…

Source…

App-etite for Notification: FTC Says “Welcome to the Jungle” to Mobile Health App Developers in Policy Statement on Health Breach Notification Rule | Wyrick Robbins Yates & Ponton LLP

/in


Last week’s news that the Federal Trade Commission is taking steps to begin rulemaking on consumer privacy and artificial intelligence drew plenty of attention from privacy professionals, and suggests 2022 could be an interesting year for federal regulation of privacy and data security. But that development is only one of a series of moves the Commission has recently made in this space.  In September, a divided Commission issued a Policy Statement that adopts a surprisingly broad interpretation of the FTC’s existing Health Breach Notification Rule, and suggests the FTC is seeking opportunities to use its existing authority to crack down on mobile health apps’ lax privacy and data security practices.

In that Policy Statement, the FTC takes the position that the Health Breach Notification Rule, which applies to “vendors of personal health records,” covers any mobile app that processes health information and that can draw personal information from multiple sources. The FTC also states that the Rule broadly requires notification of any unauthorized access to consumer health information, including the sharing of a consumer’s health information without the consumer’s authorization.

Mobile health app developers should take careful note of the Policy Statement’s interpretations and assess their offerings’ compliance posture accordingly.

Overview of the Health Breach Notification Rule

The FTC issued the Health Breach Notification Rule in 2009 to impose breach notification requirements on companies that process consumer health information, but are not subject to HIPAA. To that end, the Rule requires a “vendor of personal health records” to notify affected consumers and the FTC whenever  “unsecured [personal health record] identifiable health information [is] acquired by an unauthorized person” as a result of “a breach of security of unsecured [personal health record] identifiable health information.” A “vendor of personal health records” is an entity that (1) is not a HIPAA covered entity or business associate and (2) offers or maintains “personal health records.”

“Personal health records” are in turn defined under the Rule as electronic…

Source…