Winter Olympics hit by cyber-attack

The official Winter Olympics website was taken offline after being hit by a cyber-attack, officials have confirmed.

The site was affected just before the beginning of the opening ceremony in Pyeongchang, South Korea.

TV and internet systems at the Games were also disrupted, though operations were restored about 12 hours later.

However, a spokesman said that the International Olympic Committee would not be commenting on who might have been behind the incident.

"Maintaining secure operations is our purpose," said Mark Adams.

He added that the issue was being dealt with but that he was not aware who had carried out the attack.

Russia responds

Prior to the Games, some cyber-security experts had expressed concern that countries like Russia and North Korea might try to target the event.

But the Russian Foreign Ministry has denied rumours that Russian hackers were involved.

"We know that Western media are planning pseudo-investigations on the theme of 'Russian fingerprints' in hacking attacks on information resources related to the hosting of the Winter Olympic Games in the Republic of Korea," the foreign ministry said.

"Of course, no evidence will be presented to the world."

There have been concerns for months that the Games and spectators could be targeted by cyber-attacks.

Earlier this month, the US Department of Homeland Security published a warning to travellers.

"At high-profile events, cyber-activists may take advantage of the large audience to spread their message," it said.

"There is also the possibility that mobile or other communications will be monitored."

The Pyeongchang Games are certainly not the first to be targeted by hackers.

In January, Konstantinos Karagiannis, BT's chief technology officer for security consulting, tweeted that during the 2012 London Olympics he and his team, "fought back quite a cyber-onslaught".

* * *

Facebook broke German privacy laws, court rules

Privacy rights campaigners are claiming victory over Facebook in a German legal battle.

It follows a regional court ruling that found some of the social network's data consent policies to be invalid.

The Vzbv consumer group successfully argued that five of the app's services were switched on by default, with the relevant privacy settings "hidden".

Facebook intends to appeal, but believes that planned changes to the app will ensure it obeys the law.

Vzbv also plans to appeal because some of its other allegations were rejected.

These included a claim that it was misleading for Facebook to describe its service as being "free" because users effectively paid by sharing information about themselves.

Privacy law change

The judgement was issued by Berlin Regional Court on 16 January, but has only just been publicised by Vzbv.

The consumer group's case was based on the country's Federal Data Protection Act, which says that in order to gain consent, tech firms must be clear about the nature, scope and purpose of the way they use customers' data.

The court agreed that Facebook had not done enough to alert people to the fact that it had pre-ticked several privacy settings.

These included an option to share their location with the person they were chatting to, and agreement that Google and other sites could show links to their profiles in search results.

In addition, the court ruled that a requirement that users provide their real names was unlawful.

It also decided that the social network needed to gain more explicit consent before it could use members' names and profile pictures in commercial and sponsored materials.

Vzbv said the social network would require "users' informed consent" in the future as a consequence.

New law imminent

The dispute dates back to 2015, and Facebook suggested the verdict had already been overtaken by events.

"We are reviewing this recent decision carefully and are pleased that the court agreed with us on a number of issues," it said in a statement.

"Our products and policies have changed a lot since this case was brought, and further changes to our terms and data policy are anticipated later this year in light of upcoming changes to the law," it added, referring to the EU's forthcoming General Data Protection Regulation (GDPR).

The new law states that privacy notices must be in clear and plain language, and explicitly says that pre-ticked boxes and other forms of default consent will not be acceptable.

An independent lawyer said the new rules would also affect others.

"Regardless of this case and the subsequent appeal, we will likely see a shift away from these things anyway with the forthcoming GDPR, which comes into force on 25 May," said Anita Bapat, a data protection expert at the law firm Kemp Little

"The new law emphasises the need to provide consumers information about how their data will be used in a consumer-friendly way and to obtain genuine consent.

"It is a law which is forcing all companies, ranging from Facebook to start-ups, to address their data uses," she added./Agencies