Google, Facebook fined €210 million for making it difficult for users to reject cookies


Zach Marzouk

6 Jan, 2022

Google and Facebook have been hit with a combined fine of €210 million (£175 million) over failures in policies that allow users to accept and refuse cookies on their websites.

France’s National Commission for Information Technology and Civil Liberties regulator (CNIL) fined Google €150 million euros, €90 million for Google LLC and €60 million for Google Ireland Limited, while Facebook Ireland Limited was given a fine of €60 million.

CNIL said that the websites facebook.com, google.fr, and youtube.com have all failed to provide an easy way for users to reject cookie collection on their browsers, and that several clicks are required to refuse all cookies, compared with a single click to provide consent.

The regulator argued the fact users are unable to refuse cookies as easily as they can accept them influences their choice in favour of consent, constituting an infringement of Article 82 of the French Data Protection Act.

Isabelle Falque-Pierrotin, head of France’s National Commission for Information Technology and Civil Liberties (CNIL), speaking at CNIL’s headquarters in Paris

The penalties also order the companies to provide internet users in France with a means of refusing cookies that is at least as simple as the existing mechanism for accepting them, within a three month period. If they fail to do so, the companies will have to pay a penalty of €100,000 per day of delay.

“We are reviewing the authority’s decision and remain committed to working with relevant authorities,” a spokesperson from Meta told IT Pro. “Our cookie consent controls provide people with greater control over their data, including a new settings menu on Facebook and Instagram where people can revisit and manage their decisions at any time, and we continue to develop and improve these controls.”

A Google spokesperson said: “People trust us to respect their right to privacy and keep them safe. We understand our responsibility to protect that trust and are committing to further changes and active work with the CNIL in light of this decision under the ePrivacy Directive.”

This isn’t the first time that CNIL has targeted big tech companies over their use of cookies. In December 2020, Amazon and Google were fined £122 million collectively for “insufficient” cookie consent. Google was hit with a €100 million (£90 million) fine while Amazon received one for €35 million (£32 million).

According to the investigation, Google didn’t provide enough information to users in France about why and how cookies are used, whereas Amazon was fined for placing cookies on people’s computers without their consent.

Google challenged this fine at the Council of State in February 2021, according to Euractiv. Politico reported that Google is still fighting this case, and a source said the company is likely to oppose the new fines and go to the French top court again.

Microsoft and Qualcomm to develop custom AR chips for the metaverse


Zach Marzouk

5 Jan, 2022

Microsoft and Qualcomm are set to collaborate to expand and accelerate the adoption of augmented reality (AR) for the metaverse in both the consumer and enterprise sector, including developing custom AR chips.

The companies stated they were believers in the metaverse and intend to work together across several initiatives to drive the ecosystem. This includes developing custom AR chips to enable a new wave of power-efficient, lightweight AR glasses to deliver rich and immersive experiences.

Microsoft and Qualcomm also plan to integrate software like Microsoft Mesh and Snapdragon Spaces XR Developer Platform. They hope the collaboration will create transformative experiences for the next generation of head-worn AR devices in the metaverse.

“Our goal is to inspire and empower others to collectively work to develop the metaverse future – a future that is grounded in trust and innovation,” said Rubén Caballero, corporate vice president of Mixed Reality at Microsoft.

“With services like Microsoft Mesh, we are committed to delivering the safest and most comprehensive set of capabilities to power metaverses that blend the physical and digital worlds, ultimately delivering a shared sense of presence across devices.”

Hugo Swart, vice president and general manager of extended reality (XR) at Qualcomm added that the collaboration reflects the next step in both companies’ shared commitment to XR and the metaverse. Swart said Qualcomm’s core XR strategy has always been delivering the most cutting-edge technology, purpose-built XR chipsets, and enabling the ecosystem with its software platforms and hardware reference designs.

At the start of November, Microsoft launched Mesh for Microsoft Teams, its pitch for the metaverse. It aims to make remote and hybrid meetings more immersive and is set to roll out in 2022. It is a mixed reality service that allows people in different physical locations to join collaborative and shared holographic environments within Microsoft Teams to allow for chats, virtual meetings, and the sharing of documents and more.

This came after Meta’s CEO Mark Zuckerberg announced Facebook’s name change and its renewed focus on the metaverse. He said the metaverse would feel like a hybrid of today’s online social experiences, sometimes expanded into three dimensions or projected into the physical world to allow people to share immersive experiences, even when you can’t be together. The CEO added that it will be a more immersive social media experience, where virtual and augmented reality will take centre stage.

Google Cloud acquires Israeli security startup Siemplify


Bobby Hellard

5 Jan, 2022

Google Cloud has announced the acquisition of Siemplify, an Israeli-based cyber security company that specialises in end-to-end security for enterprises. 

The exact terms of the deal were not announced, though Reuters reports it is worth around $500 million. 

Acquisition rumours were reported in the Israeli press just before Google Cloud made an official announcement on Tuesday. The CEO and co-founder of Siemplify, Amos Stern, also noted that his company is to be integrated into Google Cloud’s Chronicle platform. 

Founded in 2015, Siemplify is another example of the growing tech prowess of Israel, which has become a hotbed for new startups and data-centric businesses. Much like digital footprint tracking service Mine, Siemplify is another Israeli company founded by former members of the country’s military intelligence agencies. 

The company is typically referred to as a security orchestration, automation and response (SOAR) service, which is “the missing piece” for Google’s Chronicle platform, according to Forrester analyst Allie Mellen. 

“Other security analytics platforms began incorporating SOAR as early as 2017,” Mellen said. “This acquisition is an important step in providing a unified offering to practitioners and in being able to compete more directly in the security analytics platform space. Enabling the orchestration of response across multiple tools is an integral part of security operations and has become an integral part of a security analytics platform. This acquisition continues to demonstrate that.” 
 
Chronicle is one of Google’s original moonshots founded within its “X” programme that was migrated to Google Cloud in 2019. It was designed for cyber security telemetry, specifically to track the movement of data across all devices and networks in a bid to prevent breaches. SOAR platforms act as the customer interface for that operation. 
 
“Siemplify was one of the few remaining standalone SOAR offerings, as many others have been picked up by SIEM vendors over the years,” Mellen added.

“Most other standalone SOAR vendors have been acquired or built out their portfolio with other products like threat intelligence platforms. In some ways, that makes this a heady acquisition and signals the end of the standalone SOAR or, frankly, SIEM. We predicted early on that the SOAR market could not stand on its own, and now it has truly come to fruition.”

Microsoft Exchange servers break thanks to ‘Y2K22’ bug


Connor Jones

4 Jan, 2022

Microsoft has released an emergency patch for a flaw in Microsoft Exchange that prevented emails from sending at the turn of the new year.

Businesses running on-premise Microsoft Exchange environments reported encountering issues whereby emails were stuck in a queue instead of sending after the yearly date changed to 2022.

The issue has been attributed to Exchange’s malware scanning engine which manages dates in the form of 32-bit variables. The variable’s maximum integer value is 2,147,483,647 but a variable of 2,201,010,001 is required to display the date as 1 January 2022 – a value that exceeds the maximum and caused the engine to crash.

Microsoft said the situation is not caused by a fault in either Exchange or its malware-scanning engine that affects the effective running of the products, but rather the engine’s date-checking process. Microsoft also said this is not a cyber security issue.

Customers can check if the issue is affecting their on-premise solutions by checking the Application event log on the Exchange Server for the following errors, specifically event 5300 and 1106 (FIPFS).

Microsoft Exchange customers will need to intervene and apply the patch themselves in order to restore smooth email functionality. Microsoft detailed the step-by-step process customers can follow if they wish to patch manually, and also supplied a downloadable script for customers who want to take the automated solution. 

The script “will take some time to make the necessary changes, download the updated files, and clear the transport queues,” Microsoft said. Whether customers choose the automated or manual steps towards remediation, they must be carried out on every on-premises Exchange 2016 and Exchange 2019 server. The automated script can run on multiple servers in parallel.

Members of the IT community have dubbed the issue the ‘Y2K22’ bug for its similarity between it and the issue that threatened to break all computers at the turn of the millennium. 

Both issues are based on the way computers handle dates and it required millions in investment and lots of work to combat the original Y2K bug.