Hello all, and happy Thursday!
Europe continues to pit safety and privacy against one another. Some of you will have been following the Chat Control proposal, which critics say “would require mass scanning of every message, photo, and video on a person’s device” in the name of children’s safety. Germany, however, just signaled that they will vote against the proposal, likely preventing it from moving forward.
Next up is the UK government, which is tenaciously working to compel Apple to implement a backdoor in its iCloud encryption. Earlier this year, a leak revealed that the UK government had secretly ordered Apple to build a backdoor into its Advanced Data Protection (ADP) feature. Apple responded by withdrawing that feature from the UK market entirely as a means of negating the need to comply with the order and avoid the pretense of secure communications for UK users. Then, the Trump administration was able to convince the UK government to withdraw the order on the basis of its impact on US citizens.
Now, the UK government has returned, more specifically ordering Apple to build a backdoor into ADP for just the UK market. Apple is still refusing to provide ADP to UK users and has reiterated that it will not build backdoors into any of its products.
Privacy and safety aren’t mutually exclusive. You’d have to get up pretty early in the morning to convince me otherwise.
Best,
Arlo
Event: P.S.R.
Come by booth 400 at this year’s Privacy. Security. Risk (P.S.R.) conference! Not only will your favorite privacy vendor be in attendance, but you’ll also have the opportunity to schedule a one-on-one strategy chat with our privacy experts, enjoy a(n awkward family) photo-worthy Osanoverse experience, and more.
Schedule time at the booth | October 28-31 | San Diego, CA
Event: LogicON
Osano’s Chief Trust & Privacy Officer will be speaking at LogicON 2025! Listen to Rachael Ormiston cover everything you need to know about how to protect privacy in an AI-driven world, as well as all the other speakers’ insights into proving AI’s ROI, surviving AI regulatory overload, finding the human in the AI, and more.
Register today | October 14-16 | Columbus, OH
Meetup: AI, IRL: Hexes and Hallucinations
It’s already in your stack, your prompts, your daily life…and sometimes it can haunt instead of help. Join us this spooky season as we yap AI terror tales! Seats are limited for this meetup, so grab yours today!
Register today | October 22nd | 1-3 PM EST
UK Makes New Attempt to Access Apple Cloud Data
The UK government has ordered Apple to allow access to encrypted cloud backups of British users, after a previous attempt to issue a broader demand that included US customers drew a backlash from the Trump administration. In order to avoid having to comply with the order, Apple had previously withdrawn its most secure cloud storage service, iCloud Advanced Data Protection, from the UK.
Germany Will Not Support 'Chat Control' Message Scanning in the EU
Recently, German officials said it will vote against a European Union proposal to allow the scanning of private messages even on end-to-end encrypted messaging platforms, signaling that the bloc will not have the votes to move forward with a controversial measure known as Chat Control.
Discord Breach Sparks Privacy Fears as Proof-of-Age IDs Leak Through Third-Party Provider
Discord has admitted that a subset of users had their government ID images, such as passports and drivers’ licenses, accessed by hackers. The breach originated with one of its third-party customer service providers and exposed sensitive user information, including government-issued IDs submitted for age verification. The compromised information includes usernames, email addresses, billing information, IP addresses, and customer support correspondence.
California’s New AI Safety Law Shows Regulation and Innovation Don’t Have to Clash
Recently, California Governor Gavin Newsom signed SB 53, the AI safety and transparency bill, into law. SB 53 is a first-in-the-nation bill that requires large AI labs to be transparent about their safety and security protocols—specifically around how they prevent their models from catastrophic risks, like being used to commit cyberattacks on critical infrastructure or build bio-weapons.
Brazil Adopts Law Protecting Minors Online
Recently, Brazil enacted the Digital Statute of the Child and Adolescent (Digital ECA), establishing a pioneering regulatory framework for protecting children (under 12 years of age) and adolescents (between the ages of 12 and 18) online. This comprehensive legislation applies to any information technology product or service aimed at or likely to be accessed by minors in Brazil, regardless of where the product is developed, manufactured, offered, or marketed.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!