AI, LLMs, GDPR complaint, and human dignity
Data protection (GDPR) complaint against unlawful data processing by OpenAI's GPT. Infringement of data protection principles and data protection by design. Read More
Competition aspects of Privacy Sandbox's Protected Audience API
This is an accompanying post about the contents of my LL.M. dissertation devoted to Protected Audience API. The initial post, considering privacy and data protection, is here. This post is devoted to aspects of competition, an important element of the debate around the phasing out of third-party cookies, and Read More
Data Protection assessment of Privacy Sandbox's Protected Audience API
Data protection assessment of Privacy Sandbox's Protected Audience API. It can be deployed and designed in compliance with GDPR. Read More
Summary of 2023
2023 began unexpectedly difficult due to a serious health condition (and surgery), but now it’s fine - I just need to keep track of regular monitoring/tests. The first month resonated with the rest of this year. However, I managed to do quite a lot of stuff this year. Read More
Invisible disability in the world of technology
My name is Lukasz Olejnik. I have been disabled since the end of primary school. In 1999, I underwent a brain tumor surgery in a very difficult location. It goes without saying that the consequences of such a procedure can be very serious; in my case, it resulted just in Read More
LL.M. degree at University of Edinburgh Law School
In 2023 (nearly 10 years after my PhD graduation) I was awarded the title of Master of Law (LL.M.; with distinction). The topic of my dissertation is very current and I will make it public soon. Here I write a few words about the studies. For starters, it aligns Read More
My cybersecurity book - Philosophy of Cybersecurity
Philosophy of Cybersecurity by Lukasz Olejnik. Book about cybersecurity, risks, including cyberwar. Read More
Preliminary assessment of Digital Euro
The European Commission presented a proposal for a regulation introducing the digital currency euro. It is the so-called CBDC (central bank digital currency). Unfortunately, the content of this regulation is disturbing. Let's start with the fact that reconciling the very idea of "decentralization of payments" and Read More
Cyber Escalation Ladder model based on international law
This post about cybersecurity, cyberwarfare and international law is exploring the cross sections between technology, law, and policy. Previously I analysed some strategic documents of various States (e.g. 1, 2, 3, 4, 5, 6). So to speak: I know this landscape quite well. In 2023 the landscape is mature Read More
Why would you want to hack Electric Vehicle Charging Stations?
A Russian zero-day exploit purchase site is interested in tools for hacking of Electric Vehicle Charging Stations. This raises a number of questions. Why would anybody want to hack such targets? Also, why would Russian entities (in particular) be interested in such targets? The best answer to these is “good Read More
Improving communication in cyber threat intelligence reports
This is the year of cyberwarfare. Activities during the Russian war in Ukraine show it very clearly. But this post is about reports, cyber threat intelligence, and communication of the kind. Crucial at high-tension times, they should be crisp. We should consider/expect high level of quality/competencies when composing Read More
Permissions Policy as a key configuration component of site privacy and security
As privacy engineering is getting more and more mature as a field in some settings experts are creating a "privacy checklist" of things to have. It's useful in design, development, and deployment, but also audits. Many useful things could be added to such a list. Of Read More
Privacy architectural changes in the web are coming
In 2019 I argued and explained that we are in the midst of a perfect storm that the privacy debate has caused. I predicted the impact on the web architecture, and the web platform. The thing that billions of people use every day, that is. These very basic building fabrics Read More
Regulating the fight with disinformation
The European Union is regulating disinformation. Well, sort of. While the issue is indeed discussed in regulations such as the Digital Services Act, it seems that the “executive” arm is the Code on Disinformation, as of now strengthened. It builds on the previous 2018 version which I criticised here. The Read More
GDPR fines, how does this system work? Part two.
Some time ago I wrote about “how GDPR fines work”, be calculated, including what technical aspects may be considered during such a calculation, the article is here, and it is quite a case study. It’s still good and all, but this time, finally, EU data protection authorities agreed on Read More
Transparency of cyber capabilities and US building Stuxnets 2/3/4?
Is the US building Stuxnet 2/3? Cyber tools that can act behind isolated (even air-gapped) networks to cause physical destruction, sometimes called “cyber weapons”, a generalised term, not exactly justified considering how such tools work (but in simplified cases, it is sometimes used). This was the functionality of Stuxnet Read More
Dangerous cyber tools spotted and analysed - potentially lethal
A very dangerous cyber tool has been identified and analysed. It’s targeting industrial control systems - the hardware/software that is often running at industrial sites (like manufacturing, but also power grids, nuclear plants, and go figure). Based on these analyses, I make a big picture assessment. Created by Read More
Privacy analysis of European eID Regulation proposal
Privacy and data protection assessment of the eID Regulation. This assessment is prepared in response to a request by the LIBE Secretariat in the name of the MEP Cristian Terhes (rapporteur of eID file; requested on 19.01.2022). The focus of this assessment is data protection and privacy. Although Read More
Solving phishing is not simple - can anti-phishing training make it even worse?
Can phishing precautions and training cause harm? It turns out this may be true in many cases. Phishing is the act of gaining a victim's confidence to convince them to engage in self-harming activities, for example leading to self-hacking their systems, parting with money, or data. Or of Read More
Cyber insurance and cyber war
I already devoted some space to cyber insurance. Since then, the situation evolved. Oh no, cyber insurance Cyber insurers have a big problem: it is unclear how to “assess” the risk. Some events might be especially tricky. This means a lot of risk to the insurers. They are, for example, Read More
EU ideas for transparency of political content targeting
Europe is continuing its fight against mechanised political influence, propaganda, disinformation. Package restricting the use of targeted political ads is the new chapter. In this note, I critically analyse the proposals. This analysis will also help to understand what might lie ahead for non-political ads in the future. It’s Read More
French doctrine of information operations - engaging over information space
France presented their military doctrine for information operations. They will be seriously active in this space. Let me recall that previously I looked at the: * Highlights of the French cybersecurity strategy, developments in cyber - France - combattants cyber et l’arme cybernetique * French application of international rules to cyberwarfare Read More
Designing technologies with Values? Possibility - Necessity - and European story.
Should technology be based on some set of moral values? Actually, technology is always based on some set of values. There is no denying that this or another way, technology is a vehicle for some kind of values. Whether these are capitalist, ordoliberal, digital Leninism, some form of digital sovereignty, Read More
On civilian harms from military cyber operations
Whether we want it or not, cyber operations by militaries are today’s reality. They are here to stay. But admittedly this fraction of statecraft is quite new. So it’s notable that the International Committee of the Red Cross just published its report (here) on military cyber operations. Previously Read More
German views on international cybersecurity and cyberwarfare rules
Germany recently published ("Application of International Law in Cyberspace") their stance concerning the applicability of international law and rules to cybersecurity, cyberattacks, and cyberwarfare. The document is interesting and I briefly describe the important takeaways. Previously I had a look at a similar stance, for example, by the Read More