Weekend Reads 060118: GDPR Heavy

“But what’s the harm?” Far too often, this is one of the biggest questions posed in debates about the value of privacy and the costs of violating it in the United States. Just last fall, the Federal Trade Commission conducted a workshop exploring the contours of “informational injury”, in which CDT participated. —Joseph Jerome @CDT

WHOIS is a service that was inherited from the pre-ICANN registries and has never had a formal definition or rationale beyond that’s the way it’s always been. None of the attempts to rationalize WHOIS have gone anywhere, and there was a broad agreement that the processes had been repeatedly derailed by trademark lawyers who want a one-stop source for whom to sue if someone utters their client’s name in vain. —John Levine @CircleID

Email addresses are seemingly simple to eliminate in theory, devilishly difficult in practice, and potentially expensive mistakes under GDPR. Send an unreacted address to the wrong place, and someone in Europe becomes a Euro Millionaire. Whoops. —Neil Schwartzman @CircleID

The General Data Protection Regulation is here, and soon we will see if it ushers in a new era of individual empowerment or raises novel barriers to innovation in technology. Fears of unclear mandates and uneven enforcement have led to the common refrain from company leaders, particularly in the U.S., that innovation will be stymied by draconian regulations and ex ante enforcement will create work without meaningful privacy improvements for individuals. —Nuala O’Conner @CircleID

Microsoft and Google are jointly disclosing a new CPU security vulnerability that’s similar to the Meltdown and Spectre flaws that were revealed earlier this year. Labelled Speculative Store Bypass (variant 4), the latest vulnerability is a similar exploit to Spectre and exploits speculative execution that modern CPUs use. —Tom Warren @The Verge

A newly announced vulnerability in iOS (and, just maybe, Android) could be an avenue for exploitation through misbehaving apps. The vulnerability, named “ZipperDown” by Pangu Lab, is described as a “common programming error” by the researchers — so common, in fact, that the team estimates 15,978 out of 168,951 iOS apps (or nearly 10% of the total) are affected. @Dark Reading

Your mobile phone is giving away your approximate location all day long. This isn’t exactly a secret: It has to share this data with your mobile provider constantly to provide better call quality and to route any emergency 911 calls straight to your location. But now, the major mobile providers in the United States — AT&T, Sprint, T-Mobile and Verizon — are selling this location information to third party companies — in real time — without your consent or a court order, and with apparently zero accountability for how this data will be used, stored, shared or protected. @Krebs on Security

But blockchain technology — the endless link of cryptography-secured records that gave us Bitcoin but whose potential for other uses is limitless — is as controversial as it is conspicuous. Those who believe in the power of blockchain will take their worship to a near-religious level, while those who remain skeptical (or simply confused) by the complicated technology will tell you that it’s all hype. It’s a house of cards destined to fall, they’ll say, or they’ll tell you hackers will soon seize control of the entire system and leave us all penniless and destitute. —Michael Raziel @Dark Reading