top of page
CTPI Frontier Series logo

March 2023

Vol. 01

Nº 01

10.59262/9bgcm2

Password management: Where LastPass got it wrong and how to approach the issue in organizations

Jonas de Abreu

Mariana Cunha e Melo

In August 2022, LastPass suffered two cyberattacks that breached customer data and encrypted passwords. LastPass acknowledged the attacks, but their communication was not transparent enough. In November 2022, a follow-up attack compromised customer data further. LastPass communicated that this was a low-risk attack and that customers did not need to take any action. However, in December 2022, LastPass admitted the actual scale of the breach, and that all customer vaults were compromised. It is important to note that every company suffers frequent attacks, but the proper security posture under this type of attack is to assume that everything will eventually get compromised. The incident makes a case for why companies should always deploy additional defenses, such as employing security keys, to stay secure in the long term.

Regulation and competition: the case of the Brazilian fintech ecosystem

Mariana Cunha e Melo

Jonas de Abreu

Events such as the failure and rescue of Credit Suisse and the fallout of Silicon Valley Bank re-surfaces the old saying that prudential regulators should always favor banking concentration to improve financial stability, putting monetary authorities in opposition to competition authorities. In this paper, we want to switch gears and propose a framework to analyze monetary authorities' role in fostering competition. To that end, we go through the case study of Brazil's financial system regulators and compare them with Brazil's competition authority's role and the importance of inter-agency cooperation.

Section 230 and the future of the internet

Mariana Cunha e Melo

Jonas de Abreu

The US Supreme Court is considering the fate of Section 230, a law that protects content platforms from liability for user-generated content. The case, Gonzalez v. Google, challenges the intermediary liability protection of Section 230. If the challenge succeeds, it could undermine the foundation of Web 2.0 and the internet's future. The case focuses on whether platforms like Google, Twitter, and TikTok should be held liable for third-party content from their recommendation engines. Challenging Section 230 could have severe consequences for freedom of expression and lead to restrictions on recommendation engines or higher restrictions on publishing or sharing. Section 230 has been settled law for over two decades and protects content platforms, even if they encourage users to post content.

bottom of page