A very dangerous cyber tool has been identified and analysed. It’s targeting industrial control systems - the hardware/software that is often running at industrial sites (like manufacturing, but also power grids, nuclear plants, and go figure). Based on these analyses, I make a big picture assessment. Created by Read More
Privacy and data protection assessment of the eID Regulation. This assessment is prepared in response to a request by the LIBE Secretariat in the name of the MEP Cristian Terhes (rapporteur of eID file; requested on 19.01.2022). The focus of this assessment is data protection and privacy. Although Read More
Can phishing precautions and training cause harm? It turns out this may be true in many cases. Phishing is the act of gaining a victim's confidence to convince them to engage in self-harming activities, for example leading to self-hacking their systems, parting with money, or data. Or of Read More
I already devoted some space to cyber insurance. Since then, the situation evolved. Oh no, cyber insurance Cyber insurers have a big problem: it is unclear how to “assess” the risk. Some events might be especially tricky. This means a lot of risk to the insurers. They are, for example, Read More
Europe is continuing its fight against mechanised political influence, propaganda, disinformation. Package restricting the use of targeted political ads is the new chapter. In this note, I critically analyse the proposals. This analysis will also help to understand what might lie ahead for non-political ads in the future. It’s Read More
France presented their military doctrine for information operations. They will be seriously active in this space. Let me recall that previously I looked at the: * Highlights of the French cybersecurity strategy, developments in cyber - France - combattants cyber et l’arme cybernetique * French application of international rules to cyberwarfare Read More
Should technology be based on some set of moral values? Actually, technology is always based on some set of values. There is no denying that this or another way, technology is a vehicle for some kind of values. Whether these are capitalist, ordoliberal, digital Leninism, some form of digital sovereignty, Read More
Whether we want it or not, cyber operations by militaries are today’s reality. They are here to stay. But admittedly this fraction of statecraft is quite new. So it’s notable that the International Committee of the Red Cross just published its report (here) on military cyber operations. Previously Read More
Germany recently published ("Application of International Law in Cyberspace") their stance concerning the applicability of international law and rules to cybersecurity, cyberattacks, and cyberwarfare. The document is interesting and I briefly describe the important takeaways. Previously I had a look at a similar stance, for example, by the Read More
Artificial Intelligence and AI Governance are hot topics in this decade. European Union has a pretty ambitious attempt to regulate AI (project here). In this post, I have a look at the proposal through the technical lens, including paying attention to cybersecurity and privacy. The goal of the regulation is Read More
After the success of the GDPR, Europe is doubling down on setting the standards in Artificial Intelligence. It should be clear to everyone, especially after a version of the “REGULATION ON A EUROPEAN APPROACH FOR ARTIFICIAL INTELLIGENCE” project leaked. While it contains interesting AI governance ideas, I will withhold further Read More
We often hear about cyberattacks, cyber operations, and malware infections that target computer systems or smartphones. Attacks against civilian infrastructure facilities such as hospitals, water sanitation systems, and the energy sector similarly get a lot of airtime. But there is another type of high stakes system that gets much less Read More
Russia just released an interesting strategic document concerning “information security” (in their nomenclature this includes cybersecurity and more) with a view to “determine the main threats to international information security”, it supposedly complements the doctrine of information security, and more. I'll go through a few points below. Unlike Read More
Is Privacy Sandbox’s Federated Learning of Cohorts leaking information about web browsing history? Let's find out. Federated Learning of Cohorts is computing a SimHash on a user's web browsing history (the lists of visited websites) to obtain the cohort ID. In principle, it is a Read More
Research works conducted in the previous two decades bore fruits. At many organisations or companies, privacy has become elevated in importance. One of such potentially recent developments in the discussion around the changes to the web platform that could support the work of privacy-preserving digital advertising systems, the design of Read More
The UK just released its comprehensive report Integrated Review concerning future diplomatic and military capabilities. While the document discusses foreign policy, adversaries, and kinetic forces such as missiles, tanks, or nuclear weapons, it contains interesting tidbits about cybersecurity and cyberwarfare (and is perhaps analogical to the other one from France) Read More
Digital web advertising is an ecosystem undergoing strategic changes. Google’s Privacy Sandbox is promising to redesign web advertising technology in ways that will respect user’s privacy, including based on some previous designs. Detailed technically-enabled analysis should wait until more design features are known. In this post I focus Read More
User tracking technologies are ubiquitous on the web. In recent times web browsers try to fight abuses. This led to an arms race where new tracking and anti-tracking measures are being developed. The use of one of such evasion techniques, the CNAME cloaking technique is recently quickly gaining popularity. Our Read More
There is no question that cybersecurity is among the key world challenges. As reports of cyber attacks increase, policy decisions follow. The creation of military cyber operations, including planning and conducting offensive or defensive activities in cyberspace to achieve strategic and military objectives, slowly become the standard. While the details Read More
The last and final version of the ePrivacy Regulation was finally delivered by the Council of the European Union. The work will finally move forward. I tracked all relevant ePrivacy events since 2016. I also directly participated in the works as an expert and advisor. While this is likely the Read More
This post describes some of the technologies that are or may be used, as well as the ideas of improving the privacy stance of such a certificate/passports technology. Treat it as a standardisation and food-for-thoughts consideration, with a view towards privacy-preserving Covid19 health certificates or ‘passports’. It seems that Read More
European Union showcased its new aims for cybersecurity (“strategy”), along with the new proposal for directives regulating cybersecurity, critical infrastructure, and end-to-end encryption. The strategy goes first. Strategic EU focus on cybersecurity? The strategy contains several interesting points, for example: European DNS European DNS resolver system. This point is critical Read More
Technology platforms create technologies with significant impacts on nations, governments, and societies. This impact is increasing, reaching new heights. Many feel that the rules of the game are unclear, insufficient, or non-existent. Without rules, one only wonders who would set out the road to the future. In other words, does Read More
European Commission announced the “Democratic Action Plan”. It is a rather general strategic document. What stands out is the realization that New Digital Technologies have great impacts on democratic societies. Both positive (i.e. like the ability to reach new groups of people) and negative (like the non-transparent campaigning, disinformation, Read More
We may be in the middle of a process of redesigning how the web economy functions. Considerations include web advertisements. Such works involve many actors. Some big platforms. Some web browser vendors. Some ads companies, with a modest list of analysts or researchers keeping a close eye. I believe it’ Read More