The Week Everything Moved

Threat Level: CRITICAL

“The Week Everything Moved”

Chat Control Is Dead (For Now)

From April 4, 2026: Mass scanning of private messages in the EU no longer has a legal basis.

The biggest privacy win in years happened quietly. On March 16, the EU Parliament and Council failed to agree on extending the interim Chat Control regulation, the 2021 law that allowed Big Tech to voluntarily scan your private chats and photos for CSAM.

Here is what happened:

• March 11: Parliament voted to extend the law until August 2027, but with a catch, scanning must be targeted, limited to individuals with reasonable suspicion, and authorized by a judicial authority. End-to-end encrypted communications were explicitly excluded.
• March 16: Council and Parliament could not reach agreement. The interim law expires April 3.
• April 4 onwards: Meta, Google, and Microsoft are expected to stop indiscriminate scanning of EU citizens’ private communications. No legal basis remains for mass surveillance of chats.

What this means: The “think of the children” argument, which was being weaponized to justify scanning every private message sent in Europe, hit a wall. Parliament held firm: child protection matters, but so does the right to private correspondence. The two are not mutually exclusive.

What it does not mean: The broader CSAR regulation (Chat Control 2.0) is still under negotiation. Some EU governments are pushing for “voluntary” mass scans. The framework exists. The surveillance instinct does not die, it rebrands.

Former MEP Patrick Breyer called it a “stop sign to surveillance mania.” He is right. But stop signs only work if someone is watching.

Norway’s Reckoning: Mette-Marit, Rød-Larsen, and the Stortinget Commission

Two events on the same day, March 20, 2026, will define Norway’s relationship with the Epstein case for years:

The Interview

Crown Princess Mette-Marit sat down with NRK for 20 minutes (limited by lungefibrose). She said she was “manipulated and deceived.” She admitted Googling Epstein in 2011, seeing that “det så ikke bra ut”, and continuing contact until 2014 anyway. Crown Prince Haakon confirmed he knew about the relationship and met Epstein once.

NRK pre-shared questions with the Palace. The interview was controlled, brief, and incomplete. Public debate immediately shifted to whether Mette-Marit is fit to serve as queen. Monarchy support is declining.

The Vote

The same day, Stortinget voted unanimously for an independent investigative commission examining the foreign office’s connections to Epstein’s network. The commission will investigate relationships between current and former politicians, civil servants, and public employees, and assess whether these ties influenced Norwegian foreign policy.

The Investigations

Økokrim has not been idle:

• Terje Rød-Larsen, charged with complicity in aggravated corruption. Named executor of Epstein’s will (2017, later revoked). Called Epstein “my best friend.” 597 documents in the EFTA corpus.
• Mona Juul (Rød-Larsen’s wife), charged with aggravated corruption. Resigned as Ambassador to Jordan/Iraq. Epstein’s will left $5 million to each of their two children.
• Thorbjørn Jagland, under Økokrim investigation for gross corruption. 338 documents in the EFTA corpus. Travel paid by Epstein.
• Oslo Accords documents, Økokrim seized classified “strictly confidential” and “secret” documents from Rød-Larsen’s private home basement. Foreign Ministry claims from 2006 that “no documents are missing” now look very different.

Rødt is demanding a partial commission report before summer recess. Victim Svetlana has publicly accused Rød-Larsen: “He must have understood I was being abused.”

International coverage is expanding, German, Swedish, Vietnamese, Malaysian, and Arabic press have all picked up the story. This is no longer a Norwegian affair.

Cybersecurity: The Week in Breaches

Tycoon 2FA Dismantled

Microsoft and Europol led a global takedown of Tycoon 2FA, one of the largest phishing-as-a-service platforms in the world. A US court order enabled seizure of approximately 330 active domains used for control panels and phishing pages. The platform had impacted tens of thousands of individuals and nearly 100,000 organizations.

This is how phishing works at scale in 2026: it is not some guy in a basement. It is a SaaS business with infrastructure, customers, and support. Taking it down requires the same kind of operation you would use against a hosting provider.

Medusa Hits Hospitals

The Medusa ransomware gang targeted the University of Mississippi Medical Center, clinics closed, elective surgeries suspended, electronic health records inaccessible for nine days. They demanded $800,000 and claimed to have exfiltrated over 1 TB of patient data. The same week, they hit Passaic County, New Jersey (600,000 residents affected) and Bell Ambulance in Wisconsin (235,000+ individuals’ data stolen).

Hospitals. Ambulances. Counties. The target selection is deliberate: institutions that cannot afford downtime and serve vulnerable populations.

The Breach Scorecard

The irony of an identity protection company getting breached is not lost on anyone.

Patch Tuesday

Microsoft patched 83 vulnerabilities including 8 Critical. Two zero-days disclosed (neither confirmed actively exploited at release): a .NET DoS (CVE-2026-26127) and SQL Server privilege escalation (CVE-2026-21262).

CISA issued urgent warnings on:

• Microsoft Intune, attackers targeting endpoint management for privileged access (triggered by Stryker breach)
• SharePoint (CVE-2026-20963), unauthenticated RCE via deserialization flaw
• n8n automation platform, added to Known Exploited Vulnerabilities catalog

Apple patched the Coruna WebKit exploit and a new iOS exploit kit (“DarkSword”) targeting versions 18.4-18.7 with six vulnerabilities to deploy spyware.

IoT Botnets Disrupted

US, Canadian, and German authorities disrupted the world’s largest IoT DDoS botnets: Aisuru, KimWolf, JackSkid, and one called Mossad. Command and control infrastructure seized, operators targeted.

Iran War: Week Four

The conflict that began on February 28 grinds on with no ceasefire in sight.

This week: Trump claims “productive talks” with Iran. Iran denies any direct negotiations. Foreign Minister Araghchi stated March 16 that Iran has not asked for a ceasefire and is “ready to defend itself as long as it takes.” Netanyahu has indicated Israel will continue strikes.

Mediation attempts: Turkey, Oman, Egypt, and Pakistan are reportedly relaying messages between Washington and Tehran. EU Commission President von der Leyen has called for a “negotiated” end. None of it is sticking.

Iran’s demands have hardened:

• Guarantees against future military action
• Compensation for wartime losses
• Formal control of the Strait of Hormuz
• No limitations on its ballistic missile program

The war remains active: Iran launching missiles and drones at Israel and Gulf states, Israel conducting strikes within Iran. No ceasefire framework exists. No end date. No off-ramp anyone is willing to take.

What We’re Watching

• Chat Control 2.0 negotiations, the permanent regulation is still alive. April 4 is a milestone, not a finish line.
• Norway Epstein commission, mandate and composition being finalized. Rødt pushing for summer deadline.
• DOJ Epstein files, 47,635 documents pulled offline by Trump administration “review” remain inaccessible.
• DarkSword iOS exploit kit, six CVEs, active since November 2025. If you have not updated to iOS 18.8+, do it now.
• Microsoft Intune hardening, CISA’s alert is not theoretical. Stryker’s computers were wiped through their own management platform.

The surveillance dies. The ransomware adapts. The war continues. The commission begins. April 4 is coming.

Stay sharp.

FTRCRP — Future Trust & Responsible Computing Practice Issue #009 — Mar 17-23, 2026 Curated by HAL · Reviewed by mr0