Proof of work protocols have been applied in cryptography and security literature to a variety of settings, but its most impactful application has been its role in the design of blockchain protocols.

Getty Images

The advent of blockchains has ignited much excitement, not only for their realization of novel financial instruments, but also for offering alternative solutions to classical problems in fault-tolerant distributed computing and cryptographic protocols. Blockchains are managed and built by miners and are used in various settings, the best known being a distributed ledger that keeps a record of all transactions between users in cryptocurrency systems such as bitcoin.

Underlying many such protocols is a primitive known as a proof of work (PoW), which for over 20 years has been liberally applied in cryptography and security literature to a variety of settings, including spam mitigation, sybil attacks and denial-of-service protection. Its role in the design of blockchain protocols, however, is arguably its most impactful application.

As miners receive new transactions, the data are entered into a new block, but a PoW must be solved to add new blocks to the chain. PoW is an algorithm used to validate bitcoin transactions. It is generated by bitcoin miners competing to create new bitcoin by being the first to solve a complex mathematical puzzle, which requires expensive computers and a lot of electricity. Once a miner finds a solution to a puzzle, they broadcast the block to the network so that other miners can verify that its correct. Miners who succeed are then given a fixed amount of bitcoin as a reward.

However, despite the evolution of our understanding of the PoW primitive, pinning down the exact properties sufficient to prove the security of bitcoin and related protocols has been elusive. In fact, all existing instances of the primitive have relied on idealized assumptions.

A team led by Juan Garay has identified and proven the concrete properties either number-theoretic or pertaining to hash functions. They were then used to construct blockchain protocols that are secure and safe to use. With their new algorithms, the researchers demonstrated that such PoWs can thwart adversaries and environments, collectively owning less than half of the computational power in the network.

Garays early work on cryptography in blockchain was first published in the proceedings of Eurocrypt 2015, a top venue for the dissemination of cryptography research.

The techniques underlying PoWs transcend the blockchain context. They can, in fact, be applied to other important problems in the area of cryptographic protocols, thus circumventing well-known impossibility results, a new paradigm that Garay calls Resource-Restricted Cryptography.

Its a new way of thinking about cryptography in the sense that things do not have to be extremely difficult, only moderately difficult, said Garay. And then you can still do meaningful things like blockchains. Cryptocurrencies are just one example. My work, in general, is understanding this landscape and coming up with the mathematics that explain it and make it work.

Excerpt from:
Cryptography In The Blockchain Era - Texas A&M University Today

Open source is becoming mainstream technology, and thats reshaping how it will affect daily life.

An example of this trend can be found in Mays announcement by Red Hat Inc. of an In-Vehicle Operating System in partnership with General Motors Co. While the GM news attracted a great deal of attention, Red Hat also generated buzz during its recent annual Summit event in Boston with the release of RHEL 9 after a three-year wait, deployment of new solutions for securing the software supply chain, and the delivery of managed Ansible Automation for Microsoft Azure.

TheCUBE, SiliconANGLE Medias livestreaming studio, covered the Red Hat Summit event through exclusive interviews with company executives and partners. (* Disclosure below.)

Here are three additional insights you might have missed:

There was a time when computer processing was all about the CPU. Not anymore. This has become the era of the GPU, NPU, DPU and assorted alternative processors to power applications in the modern infrastructure. Edge computing was a significant topic of discussion at this months Summit, and Red Hat has positioned its portfolio to capitalize on this growing space through partnerships with Arm, Nvidia and Intel.

Edge to me is the epitome of a white-space opportunity where ecosystem is essential, said Stefanie Chiras(pictured), senior vice president of partner ecosystem success at Red Hat, during an interview with theCUBE. Edge is pulling together unique hardware capabilities from an accelerator all the way out to new network capabilities and then to AI applications. The number of ISVs building AI applications is just expanding.

An example of this evolution can be seen in the use of the DPU, or data processing unit. Where the CPU handled general-purpose computing, and the GPU accelerated compute, the DPU will play a central role in moving data.

Tushar Katarki, director of product management for OpenShift at Red Hat, envisions a growing role in importance for the DPU, especially as cryptography becomes more essential in network security.

Cryptography is going to take off to new levels, Katarki said in a discussion with theCUBE during the Summit. The DPU can be used to offload your encryption and firewalling. There are a lot of opportunities from an application point of view to take advantage of this capacity.

When Red Hat unveiled RHEL 9 during the Summit, the company noted that it was the first production release built from CentOS Stream. The back story on this was that CentOS Stream replaced the Community Enterprise Linux Operating System acquired by Red Hat in 2014 and discontinued in 2020, a move that was not positively received by CentOS users.

The friction over this issue stems from the fact that CentOS was widely used in the enterprise world. An executive from MongoDB Inc. claims that CentOS runs most of the telecom infrastructure in China. A significant portion of Facebooks operation is CentOS-based as well. Over a decade ago, open-source CentOS was the most popular Linux distribution for web servers.

Red Hat made it clear in 2020 that it would cease supporting CentOS starting from 2022 and would focus its efforts on the new upstream RHEL version, called CentOS Stream. The problem for some in the open-source community was a belief that the newer version lacked the stability of the original CentOS offering.

In theCUBEs Summit interview with Gunnar Hellekson, general manager of the Enterprise Linux Business Unit, the Red Hat executive explained the companys rationale for the switch from CentOS to CentOS Stream with the latest RHEL release.

We need a better way to allow partners to work together with us further upstream from the actual product development, Hellekson said. Thats why we created CentOS Stream the place where we host the party and people can watch the next version of Red Hat Enterprise get developed in real time. Partners can come in and help; customers can come in and help.

In his keynote address during the Summit this month, Red Hat Senior Vice President and CTO Chris Wright described how the placement of processors in his ski boots made him a better skier.Wrights example can be extrapolated to use cases where compute and hardware combine to create a better outcome. Chips help make driving an automobile safer today and improve the ability of diagnostic devices to provide critical information for heart patients.

The edge revolution is doing more than creating compute processing in standalone devices. It is reshaping the meaning of the hybrid world to include the melding of physical and virtual. This will be a key part of Red Hats strategy in the future.

Because of the compute capabilities that we have in hardware, hardware gets more capable with lower power that can bring certain types of accelerators into the mix, said Wright, during his appearance on theCUBE. You create this world where whats happening in a virtual context and whats happening in a physical context can come together through this distributed computing system. Our view is: Thats hybrid. Thats what weve been working on for years.

You can catch up on SiliconANGLEs and theCUBEs complete coverage of the Red Hat Summit event on theCUBEsdedicated event channel.

(* Disclosure: TheCUBE is a paid media partner for Red Hat Summit. Neither Red Hat, the sponsor of theCUBEs event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Go here to see the original:
Three insights you might have missed from the Red Hat Summit event - SiliconANGLE News

Ransomware has grown to become a potential threat for all organizations, sparing no industry or size bracket in its goal to capture files and other company assets. Where theres data, theres an opening for threat actors to hold this sensitive information ransom and demand payment for its release.

Its imperative for all organizations to have a plan for how to prevent and respond to ransomware attacks. But in order to understand how to prepare today, its also necessary to understand how ransomware has evolved to reach its current state.

The first ransomware attack is generally regarded as the AIDS trojan. It is named for the 1989 World Health Organization (WHO) AIDS conference, at which biologist Joseph Popp handed out 20,000 infected floppy discs to event participants. After a user had booted up ninety times, the names of the users files would be encrypted and the below message would appear, asking victims to send US$189 to a PO box in Panama. The ransomware was relatively easy to remove using online decryptor tools.

After this first event, no notable developments in the field of ransomware took place until 2005, when ransomware reemergedthis time using secure asymmetric encryption. The Archiveus trojan and GPcode were the most notable of these early ransomwares. GPcode attacked Windows operating systems, first using symmetric encryption and later, in 2010, using the more secure RSA-1024 to encrypt documents with specific file extensions.

The Archiveus trojan, the first ransomware to use RSA, encrypted all files in the My Documents folder. They could be decrypted with a thirty-digit password provided by the threat actor after the ransom was paid.

Despite the effectiveness of these encryption algorithms, early ransomware variants had relatively simple code, which allowed antivirus companies to identify and analyze them. The Archiveus password was cracked in May 2006, when it was found in the source code of the virus. Similarly, until GPcode switched to RSA, file recovery was often possible without a password, leading cybercriminals to prefer hacking, phishing, and other threat vectors.

In 2009, the Vundo virus emerged, which encrypted computers and sold decryptors. Vundo exploited vulnerabilities in browser plugins written in Java, or downloaded itself when users clicked on malicious email attachments. Once installed, Vundo attacked or suppressed antimalware programs such as Windows Defender and Malwarebytes.

Shortly after, in 2010, the WinLock trojan emerged. Ten cybercriminals in Moscow used the software to lock victims computers and to display pornography until the victims sent them roughly $10 in rubles. The group was arrested in August the same yearthough the scheme first garnered US$16 million.

In 2011, the software was upgraded to pretend to be the Windows Product Activation system. The malware seemed to be requiring a reinstall of the software due to fraudulent use, and ultimately extorted data from victims.

Reveton ransomware, which emerged in 2012, was a type of scareware that displayed messages to its victims claiming that it was US law enforcement and that the user had been detected viewing illegal pornography. In some cases, it activated the users camera to imply that the user had been recorded. It also demanded that the victim pay in order to avoid prosecution.

A variant of this ransomware also emerged for Mac, although it was not cryptographic. It was made up of 150 identical iframes that each had to be closed, so the browser appeared to be locked.

As more ransomware variants emerged, the number of recorded ransomware attacks increased nearly fourfold from 2011 to 2012.

In the second half of 2013, CryptoLocker emerged. CryptoLocker was a pioneer in several ways: It was the first ransomware to be spread by botnetin this case the Gameover Zeus botnetthough it also used more traditional tactics, such as phishing. Also notable was that CryptoLocker used 2048-bit RSA public and private key encryptions, rendering it especially difficult to crack. CryptoLocker was not stopped until its associated botnet, Gameover Zeus, was taken down in 2014.

The first true ransomware for Mac, FileCoder, was also discovered in 2014, although it was later found to have originated as early as 2012. The malware was never finished, as, although it encrypted files and demanded payment, the only files it encrypted were its own.

Other noncryptographic attacks on Mac infrastructure were more successful that year. 2014 also saw the Oleg Pliss attack, in which a threat actor used stolen Apple account credentials to log in to accounts and then used those accounts to remotely lock iPhones, using the find my iPhone feature. They then demanded a ransom for the phone to be unlocked.

Just as Oleg Pliss targeted iPhones, 2014 also saw the first cryptographic attack on mobile devices, with Spyeng targeting Android. Spyeng also sent messages to everyone in the victims contacts list with a download link to the ransomware.

The first successful cryptographic ransomware attack on Mac was in 2016, and was known as KeRanger. Tied to version 2.90 of the torrenting client Transmission, the ransomware locked a victims computer until 1 bitcoin (US$400 at the time) was paid to threat actors.

Another ransomware for Mac, Patcher, aka filezip, emerged in February 2017. It also infected users via torrenting, in this case by pretending to be a cracker for popular software programs such as Office 2016 or Adobe Premiere CC 2017. Notably, due to flaws in its design, Patcher could not be decrypted, whether the ransom was paid or not.

The success of CryptoLocker led to a significant increase in ransomware varieties. CryptoWall emerged as a successor to CryptoLocker, becoming known in 2014, although it had actually been circulating since at least November 2013. Spread largely through spam phishing emails, by March 2014 CryptoWall had become the leading ransomware threat. CryptoWall proved especially tenacious, and some reports suggest that by 2018 it had caused US$325 million of damage.

By 2016 ransomware variants were becoming increasingly frequent. The first ransomware- as-a-service (RaaS) variants emergedpartnerships in which one group writes the ransomware code and collaborates with hackers, who find vulnerabilities in systems. Some of the better-known were Ransom32 (the first ransomware to be written in JavaScript), shark (which was hosted on a public WordPress site and made available on the basis of an 80/20 split, distributors favor), and Stampado (which was available for just $39).

2016 also saw the emergence of the well-known Petya ransomware. Initially the ransomware was less successful than CryptoWall, but on June 17, 2017, a new variant emerged, dubbed notPetya by Kaspersky to differentiate it from the original version. It began in Ukraine and quickly spread worldwide via the EternalBlue Windows vulnerability discovered by the NSA. According to the White House, NotPetya was responsible for US$10 billion in damage. The governments of the United States, United Kingdom, and Australia blame Russia for the malware.

LeakerLocker, a mobile ransomware for Android, also emerged in 2017. Unlike more traditional ransomware, LeakerLocker did not actually encrypt any files. Embedded in malicious applications on the Play Store that requested elevated permissions, LeakerLocker displayed sample data from the users phone and claimed it would send the users entire phone contents to every person in their contacts list if a ransom was not paid.

WannaCry ransomware, one of the best-known crypto ransomwares, also emerged in 2017. Like notPetya, WannaCry spread via the EternalBlue exploit. After emerging in May 2017 it infected about 230,000 computers in 150 countries, causing $4 billion in damage. Although Microsoft had already released a patch for this exploit two months before the emergence of WannaCry, many users had not updated their systems, so the ransomware was able to spread.

Related Reading: Linguistic Analysis of WannaCry Ransomware Messages Suggests Chinese-Speaking Authors

The ransomware would likely have been far more damaging had it not been halted a few days after the attack began by the efforts of Marcus Hutchins, who discovered that the ransomware had a built-in kill switch that could be activated. Despite Hutchins role in stopping the global outbreak of WannaCry, he was subsequently arrested and imprisoned by the FBI for unrelated hacking charges. Several major governments attributed WannaCry to North Korea.

January 2018 was a watershed moment for ransomware, marking the emergence of GandCrab. Although GandCrab by itself was not particularly unusual, the developers continued to release more and more advanced versions and eventually integrated it with the Vidar information-stealing malware, producing a ransomware that both stole and locked a victims files. GandCrab quickly became the most popular RaaS, and the most active strain of ransomware between 2018 and 2019.

Team Snatch, a team of threat actors that emerged in 2018, was a partner of GandCrab, and ushered in the new trend of publishing victim data in order to extort payment. Team Snatch began to publish victim data in April 2019. Snatch was formed by threat actor Truniger, who operated on Exploit. On April 28, 2019, Truniger posted on Exploit that Citycomp, one of their victims, had refused to pay a ransom and would therefore have their data publicly posted.

However, GandCrab ransomware is now no longer used after the developers announced they would be retiring on June 1, 2019, and the FBI released decryption keys for the ransomware in July 2019.

Although Team Snatch disappeared in 2019 following a dispute on the Exploit forum, their actions set the stage for Maze ransomware and the rise of the leaks sites.

In November 2019, the Maze ransomware group leaked 700 MB worth of documents stolen from Allied Universal in an attempt to pressure them and future victims into paying the ransom. This set off a trend of ransomware groups establishing leaks sites to pressure their victims. By publishing stolen data, ransomware operators expose a victim to additional financial loss if, for example, sensitive financial data, customer personally identifiable information (PII), or trade secrets are exposed.

This additional leverage can be especially effective if a victim has backed up their dataand therefore lacks an incentive to pay extortionists for a decryption key alone. The new technique ultimately means that backing up data no longer mitigates the threat of ransomware attacks.

This new technique has vastly increased the visibility of ransomware, and appears to have increased its popularity as well. In 2020 the NetWalker group alone made over $25 million.

Since Maze ransomware began posting victim data, other ransomware groups have posted their own sites. Several of these ransomware families emerged out of prior partnerships, with adverts gaining experience collaborating with a ransomware group before setting up their own. The increased visibility has also led to cooperation between the ransomware groups, with Maze forming a cartel of ransomware groups that share tactics, techniques, and procedures (TTPs) and resources.The Sodinokibi ransomware family has been another notable actor in this space. Sodinokibi emerged to fill the space that was left when the GandCrab threat actors retired. Run by the REvil collective, it has become one of the most damaging ransomware groups, with more victims posted than any provider other than Maze.

Today, ransomware continues to threaten organizations and accounted for over $42.9 million in losses in 2021 according to the FBIs 2021 Internet Crime Report. Beyond the headlines, it is something companies of every size and in every sector must be aware ofdedicated and well-researched protocols for what to do in the event of an attack have become a mission part of every organizations security and defense arsenal.

Recommended Reading: Top 10 Ransomware Trends: Board Responsibilities, Tracking Ransomware, and Mitigating Risk in 2022

The rise of ransomware was a gradual process spanning more than thirty years. Its popularity was influenced both by the technologies supporting it, such as encryption methodologies and malware integration, and the technologies around it, such as Bitcoin and the anonymous Tor network, that allowed it to grow from a tool used by a single hacker or group into one run by a collective.

Although ransomware has not replaced other forms of malware per se, it has become an increasingly popular choice for threat actors as the barrier to entry becomes lower. Whereas a ransomware attack used to require years of development, cryptography, and penetration testing experience to execute, and would yield only a moderate profit, RaaS programs now proliferate on illicit and underground web forums, allowing threat actors to partner with ransomware authors easily and cheaply. Furthermore, these RaaS programs are highly developed, with user dashboards, guides, and technical support.

Finally, the payoff is getting bigger. As tools such as Cobalt Strike and Metasploit automate advanced penetration testing, and illicit communities such as Genesis Market offer increasingly advanced access to corporate networks, access to corporations is becoming more available, and ransomware demands bigger and more profitable. The integration of ransomware with data exfiltration allows for even higher ransoms, by threatening legal action for the victim corporation. For all these reasons, ransomware continues to grow in both its influence and destructive capacity.

Your organizations data, infrastructure, and personnel are valuabledont let threat actors take advantage of them. Sign up for a free trial and see firsthand how Flashpoint cybersecurity technology can help your organization access critical information and insight into ransomware actors and their tactics, techniques, and procedures (TTPs).

Original post:
The Evolution of Ransomware: Understanding Its Past, Present, and Future - Security Boulevard

As the EU General Data Protection Regulation celebrates its fourth anniversary since going into effect May 25, 2018, enforcement of the world's most comprehensive data protection regulation is still evolving.

No doubt, data protection authorities in the EU have been busy during the last four years. European Data Protection Board Chair Andrea Jelinek, who also serves as head of Austria's DPA, recently noted the EDPB has "invested a great deal of resources in the interpretation and consistent application of the GDPR," while issuing 57 guidelines, six recommendations, and DPAs have levied approximately $1.55 billion euros in fines by the end of last year.

And though more than billion euros in fines along with dozens of guidelines is nothing to balk at, criticism of GDPR enforcement has taken several forms in recent years, from concerns that some member states are slow to act on Big Tech companies headquartered in their nations to questions about whether the one-stop-shop mechanism is working effectively and efficiently. As with many other DPAs around the world, staff and financial resourcing often poses challenges to comprehensive and swift enforcement. Plus, in the EU, coordinating 27 different member states with a varying set of national laws and priorities may be the regulatory version of trying to herd cats.

To that end, EDPB members met in Vienna, Austria, last month to forge closer cooperation on strategic cases and increase the methods available to DPAs for enhancing enforcement. The initial result from the two-day meeting was a statement on enforcement cooperation, in which authorities "will collectively identify cross border cases of strategic importance in different Member States on a regular basis, for which cooperation will be prioritised and supported by EDPB."

In a lengthy discussion with The Privacy Advisor, EDPB Head of the Secretariat Isabelle Vereecken and Head of Activity for Enforcement Support and Coordination Gwendal Le Grand detailed the EDPB's moves to improve strategic enforcement of the GDPR in the EU. Vereecken said the Vienna meeting was intended to "dedicate fully our attention on improving cooperation on enforcement strategy."

The main takeaway for privacy pros? "It's an assurance," Le Grand said, "that regardless of where you are in the EU, you're going to be approached and addressed in the same way by all the authorities."

The April 29 statement is part of a series of moves from the EDPB to improve its strategic enforcement cooperation. The EDPB first published a document on its Coordinated Enforcement Framework in October 2020, with an update last October. The EDPB also hired Le Grand, who previously worked on enforcement at the Commission nationale de l'informatique et des liberts France's DPA to lead enforcement support and coordination for the EDPB in October 2021.

In February 2022, the EDPB issued a call for experts what it refers to as the "support pool of experts" to assist DPAs in areas such as IT auditing, website security, mobile operating systems and apps, the Internet of Things, cloud computing, behavioral advertising, anonymization techniques, cryptography, artificial intelligence, user experience design, financial technology, data science and digital law.

And by March, the EDPB adopted Guidelines on Article 60 GDPR. According to an EDPB press release, "The guidelines provide a detailed description of the GDPR cooperation between (DPAs) and aim to further increase the consistent application of the legal provisions relating to the one-stop-shop mechanism."

Vereecken explained that after a couple years of experience, DPAs realized that "what was provided strictly in the GDPR in matters of cooperation" for example, issuing draft decisions or making comments was perhaps "not comprehensive enough." Rather, the DPAs found that a comprehensive exchange of information from the beginning would be more successful and provide quicker results.

Le Grande said that indeed there has been a lot of media attention on certain companies and member states that are lead supervisory authorities, "but really the work that is being done here by the commission is to focus on cases of strategic importance. So it is not just when a big U.S. company is the controller," it can be cases for which a novel and important data protection issue emerges that will have implementation consequences across member states; a case that affects many citizens; a structural problem across member states; or a case related to the "intersection of data protection with other legal fields."

For such issues that have a lot impact, Le Grande said the EDPB aims to ensure the approach is consistent among DPAs, regardless of which authority is leading an investigation. He also said sharing the workload among DPAs will be important and that setting a concrete timeline to ensure progress is swift on those investigations. "It's also important," he said, "to give visibility to the authorities, to the companies, and to the citizens who file complaints on how this progress is going to be made."

"The idea," Le Grande said, "is really to ensure that you have efficient cooperation on those cases so that you tackle all the important issues up front and process the case in a swifter way and it's probably less likely that other authorities will raise objections once the draft decision has been tabled. Really, it's about making sure that these cases that are identified are prioritized and there is good cooperation that is being implemented."

To help with information sharing and consensus building, DPAs will "place a particular emphasis on early and sustained sharing of all relevant information" and groups of DPAs may join forces or create an EDPB Task Force.

Relatedly, the EDPB announced it will leverage all instruments provided for by the GDPR. This includes Article 62 joint investigations. However, to promote more efficiency, DPAs agreed in Vienna that joint investigations will be "carried out by a limited number of DPAs." Vereecken said that joint investigations had required an invitation to all the DPAs, which makes moving forward complex to manage. "We wanted to have an open and frank conversation that says 'okay, you can do this with few numbers of (DPAs) and go for it and no one will take it badly" in order to make it more efficient and agile.

The EDPB will also "streamline the use of Article 65 dispute resolution mechanism and Article 66 urgency procedures by DPAs," according to the April 29 statement.

The EDPB aims to better harmonize national enforcement priorities among member states at the EU level. Le Grande said that often national authorities know what their inspection and enforcement priorities will be for the year to come. "For the moment," Le Grande said, "this is not sufficiently harmonized," that "there is not enough exchange of information across the member states." He said this means that member state priorities are defined independently and the preparation of the inspection of those priorities is not shared.

Le Grande used cloud computing in the public sector as an example, as it's been identified as a priority for the EDPB. He said DPAs interested in the topic gathered together, shared material and experience on the topic, and the types of questions asked in an investigation. "The good thing with this," he said, "is you are sharing experience among (DPAs) on what the important questions are and how you need to ask the questions. This means the approach is consistent among member states, that the same questions are being asked and the same things are being identified and investigated across the member states. It creates a level playing field for the quality of investigations."

In addition to a more open, transparent and communicative approach to enforcement, the EDPB aims to promote the sharing of DPA-developed toolsand technology to assist other DPAs in their investigations. When DPAs prioritize a topic, for example, the idea is to have a complete tool box or a sort of "resource center" with common standards available for DPAs. Technological tools can be part of it so that DPAs do not have to reinvent the wheel when initiating an investigation. Included among this would be standardized templates for data subject requests, for example, but these would be used on a voluntary basis for DPAs.

Vereecken and Le Grande said national authorities may have already developed tools, templates, manuals, questionnaires or other helpful items used in specific fields in past investigations. The goal is to ensure that those potentially helpful items are shared across the EDPB so DPAs do not have to start their investigations from scratch. DPAs can then enhance a preexisting tool and share those as well. For its part, the EDPB will facilitate the sharing and, if needed, the translation of the resources.

Similarly, Vereecken said the EDPB will help DPAs pool and share experts working at one authority when there is the possibility that expert can assist another DPA. If a DPA needs an external expert, the EDPB will help locate and potentially finance one.

"With these initiatives," Le Grande said, "the idea is to build common content, resources and tools for investigations to assist DPAs when needed." This can include exchanging personnel among member states from the EDPB's pool of experts to help assist with specific tasks (in fields like cryptography, targeted advertising, and so on).

Le Grande said when the EDPB initiated its call for experts, a huge number applied from several backgrounds. He said these experts act in their personal capacity and that the EDPB is not going to consulting firms for said experts. However, he pointed out that the preference for external experts is to help develop tools in specific fields of expertise that would assist in the investigation, but not to help conduct the actual investigation. This expert would then work under the lead SA in the case.

High-profile hires like Le Grande to help the EDPB with its enforcement coordination efforts is part of the agency's attempts to confront the rapidly increased activity it's experiencing. Vereecken, who helps steer the agency's budget, is working on the 2023 budget, a complicated process of predicting future needs and conflicts in a world with emerging technology, a global pandemic and geopolitical issues like Russia's invasion of Ukraine.

Le Grande said, "there is more and more work that has to be done at the EDPB level. It's also a consequence of the ramping up of enforcement at the national level." He said fines adopted at the national level in 2021 totaled more than 5.5 times the fines collected in the whole previous history of the GDPR. Add to that the high-profile cases that are sensitive and may be challenged in the courts and the need for the EDPB to trigger the dispute resolution mechanism. There is more access to document requests each time a decision is made, Le Grand said. These can take time to answer. "All the indicators at the Secretariat level are increasing very fast and we need to adapt our methods on the one hand, and we need more resources because there are limits to what you can do to adapt your own methods."

To further illustrate the increased activity at the EDPB, Le Grande said there was nearly 400 meetings in 2021 at both the plenary and sub-group level, "and I'm not talking about working on a complaint at a bilateral basis." This is an increase of 45% over what was seen by the EDPB in 2020. This shows "there is indeed a need to be even more efficient," he said.

Though much media focus has been on U.S. companies, Vereecken said a high portion of the EU economy is based on small- to medium-sized companies. SMEs are all processing data and receiving a lot of complaints, as well. She said there are 947 one stop shop procedures, out of which 354 have been decided. Vereecken said that the EDPB decided to make as much of this information on the EDPB's website as possible because the decisions have a lot of "interesting elements" that serve as a sort of case law. "There is very concrete elements there that can be interesting for a data protection officer," she said.

Le Grand specifically pointed out that the procedural aspects need to be harmonized in EU law to increase the impact of GDPR cooperation. "I think what the heads of authorities said in Vienna is that perhaps there is room for further harmonization of some procedural aspects within the legislation and with respect to that there will be some thought given to this approach. What we've seen with four years experience enforcing the GDPR is that sometimes the rules for all the procedural aspects could be further streamlined or specified in some cases. That is part of the technical response to better enforcement of GDPR."

Vereecken said there could be some legislative changes needed in order to facilitate this harmonization. She said they are collecting in a more structural way the elements that could be adapted to further harmonize at the EU level so the EDPB can make a formal request to the European Commission. The idea, she said, is not to change the GDPR but to have parallel legislation.

To further complicate the regulatory ecosystem in the region, the EU is quickly approving new regulations as part of its ambitious Digital Market Strategy. Regulations like the Digital Governance Act, Digital Markets Act, Digital Services Act are all rapidly advancing together with their own enforcement frameworks.

So how will this fit in with GDPR enforcement?

Vereecken said they want to "ensure the level of protection for citizens is not affected by other digital market strategy laws." Cooperation among new enforcement authorities will be key, she added. For Le Grande, "it's about making sure the governance of all these systems are consistent and that when the DPAs are not competent in there and there may be processing of personal data, making sure the discussion with the DPA is well framed and organized."

Photo by Christian Lue on Unsplash

View post:
A look behind the EDPB's move to enhance enforcement cooperation - International Association of Privacy Professionals

New Delhi | Jagran Business Desk: Cryptocurrencies have been around for nearly a decade, but they have gained more popularity in recent times. Similarly, non-fungible tokens (NFTs) have also exploded on the internet over the last couple of years. However, with the emergence of the metaverse, many of us are curious about the future of cryptocurrencies and NFTs and what they will have in the future.

Let us try to understand these terms first:

Cryptocurrency:

Also known as crypto, a cryptocurrency is a digital or virtual currency that acts as a medium of exchange through a computer network. A cryptocurrency can't be touched and is secured by cryptography. Cryptocurrencies are not dependent on a bank or a government of a country and are stored in an online wallet, which is based on computer algorithms.

NFT:

NFTs are digital items that can be bought and sold with help of the blockchain technology. A photo, video, GIF, any form of art or even a tweet can be stored as an NFT. They are stored in blockchain, a digital ledger. NFTs' ownerships are also recorded in a blockchain, which can be transferred from one owner to another.

Metaverse:

A metaverse is an online three-dimensional universe in which virtual and augmented realities are mixed "to create a simulated digital environment at its most basic level". The term metaverse was first coined in 1992 by Neal Stephenson in his sci-fi novel Snow Crash.

Cryptocurrencies and Metaverse:

For most users, the concepts of cryptocurrencies and metaverse seem to go hand-in-hand. However, by now, you might have understood that these two terms are quite different.

However, that doesn't mean that cryptocurrencies and metaverse aren't related. Cryptocurrencies, which are currently used by most of us for investments, can be used for making payments in the metaverse. According to experts, a metaverse will have its own cryptocurrency that will be used by people for shopping, trading, and other marketing activities in that augmented reality.

Metaverse and NFT:

Experts believe that NFTs are crucial for the metaverse and will allow people in augmented reality to buy virtual goods and make an investment. They can invest in real estate and buy regular essentials in the metaverse using the NFTs, feel experts.

"NFTs are built on blockchain technology that gives rightful ownership to the NFT holders. So for instance, if you own a land in the metaverse (which is quite possible), you get an NFT as deed to the virtual property," Lokesh Rao, co-founder of Trace Network Labs, said while writing for The Financial Express.

"This means you are the rightful owner and only you have exclusive access to enter the location in metaverse alongside allowing access to others. NFT-controlled access could also help in ensuring VIP access to the events in metaverse," Rao added.

Posted By: Aalok Sen Sharma

See original here:
Jagran Trending: How cryptocurrencies and NFTs are related to metaverse? - Jagran English