Software can officially and formally be munitions. Since December 2019 offensive software even more so. At least in the context of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, whose members are different countries around the world. The treaty regulates the selling of munitions Read More
Contrary to what you may read in the popular press, there are rules when it comes to cyberattacks. Today, probably all countries regulate cybercrime in domestic law. All countries agree also that international law rules apply to cyberspace, including cyberattacks and also cyberwarfare. I recently covered positions of two example Read More
The Netherlands recently released a document describing their views and position on the application of international law to cyberspace and cyberattacks. This is a very reasoned document and contains great insight. Just like a similar French document (with a big catch - see later; my analysis here), it is short Read More
Developments of the web introduce new ways of using technology. Sometimes the evolution brings positive changes that are not obvious initially. But some events highlight the significance. Like for example the periodic controversy about the removal of certain mobile apps from certain managed application stores (like Google Play, or Apple Read More
You may have heard of the cliché “there are no rules in cyberwar". It is false. There are rules. The trick is how those apply. Countries rarely speak clearly how they see or would see things. Most countries accept that international law applies to cyberspace, including to cyber operations Read More
Cyber conflicts involving state actors are quickly becoming a geopolitical reality. Perhaps the most cited example, the alleged Russian interference in the 2016 U.S. election, is a continued source of conflict in U.S.-Russia relations. The story took another turn last October when the U.S. Cyber Command Read More
Interesting proposals of web standards amending the way some aspects of web architecture work emerged from Apple and Google. This marks a pretty unprecedented competition over web architecture. The grand battleground is web standardization. As such it will happen in the open and involve the larger community. Web advertisements are Read More
Organizations voluntarily creating big public data breaches are rare. Recently it became widely known that the Public Transport Victoria (PTV) published a dataset of possibly over 15 million users. It was “anonymized”, but PTV may now still face a $336,000 data protection fine. How did this happen? Data Science Read More
Recently cyber insurance gained fame because of the refusal of two major firms (1), 2) to cover the costs of NotPetya ransomwiper. The explanation, “war-like activity” exclusion model clause (CL.380, “Institute Cyber Attack Exclusion“; a fairly standard sample here) result in a fairly entertaining case from the international law Read More
The just-published report of International Committee of the Red Cross (ICRC) on humanitarian consequences of cyber operations brings the much-needed, currently lacking expert insight and context in the debate around cyber warfare. I am also happy because I had an opportunity to co-author this report; the (now public) part of Read More
We live in times of profound technological impacts and accelerating history. Technology is increasingly influencing fundamental aspects of societies. Some technologies have great potential but their impact in the long term is difficult to imagine in advance by most. My background is compounded. I have experience in security engineering, walked Read More
Welcome to the privacy analysis of Progressive Web Applications. With new features in steady supply, the web is changing in exciting ways. One of the more interesting trends is the concept of Progressive Web Applications (PWA). PWAs use modern and powerful web features to further blur the boundaries between web Read More
In 2009, as people grew concerned over the pervasiveness of web tracking, the idea of adding Do Not Track (DNT) to browsers gained traction across the web. By enabling the setting, the browser attaches “DNT: 1” to a web request, effectively telling the site that user does not wish to Read More
Real-Time Bidding is a technology enabling the targeting of content to mobile and web users. Real-Time Bidding has numerous problems. * Security, including malvertising (abusing ads infrastructure to deliver malware); affecting hundreds of millions of user visits; delivering malware. * Privacy, as it is a mass market for personal data, with vague Read More
For the first time in the “history of cyber conflicts” (call it like that) we have seen the media of one country signaling an offensive cyberattack on a target located in another country, and the media of the targeted country confirm that the operation has happened. This is without a Read More
Chances are that you may have heard about General Data Protection Regulation (GDPR) by now. Even if not from expert circles, training or media reporting, then certainly you must have felt the remarkable experience from the reinforced cookie pop-ups (a fact not difficult to predict in advance). But more seriously, Read More
Many countries are developing cyber capabilities, including for their military forces. Details are often secret. Public discussions are therefore always refreshing. There is a good opportunity. France just made public the elements of the offensive cyber operation doctrine. This is a good move. It helps informing the public (national, international) Read More
Today, disinformation is a broad problem touching national, international, and cyber security policies, as well as domains such as social sciences and technology, including technical cybersecurity and privacy. Different tactics are used by state and non-state actors, both internal and external. Various protective measures can deliver different outcomes, for the Read More
Cybersecurity evolves rapidly both in technology and policy terms. Countries and organisations struggle with the pace of change. Analysing particular strategies is not only useful but also interesting, as it may often constitute a form of a litmus test. On the one hand, strategies show where we, the countries, (or, Read More
Soon every website will be able to know if its visitors have a disability, or not. Well, not quite. That will relate to those who use assistive technologies (i.e. screen readers for vision-impaired), and who gave access for this feature. This thanks to Accessibility Object Model (AOM), a feature Read More
It is not often when a major product used by millions rolls out changes reducing the privacy posture. Google Chrome is a recent example. The newly released version 69 automatically signs-in users into the browser whenever the user logs into a Google Service (e.g. Gmail); the change also makes Read More
It is surprisingly difficult to find realistic, interesting and creative privacy case studies. It is perhaps even more difficult in the case of major software. There are no proper motivations for making this kind of work public (employees often paid to do some kind of work in-house; their compensation typically Read More
It is always good to observe how countries build their strategic capabilities within the cyber domain. It is truly a fascinating time for technology policy, privacy and cybersecurity, speaking here in all means: technically, strategically, diplomatically and militarily. Some countries either think about doing “something”, instead - others do. Perhaps Read More
The world is rapidly upgrading data privacy regulations. In that regard, European Union is admittedly at the forefront, with its General Data Protection Regulation. It somewhat permeates outside, spreading the good P-rays (privacy rays). India is a very importan country, the largest democracy in the world. So it is not Read More
Unsecured ways of web browsing are fading away at accelerating pace. Technically this is done thanks to the increased deployment of HTTPS on the of web. Data indicates that above 70% of websites are now accessed via this secured protocol, those numbers quickly increasing. This is an important milestone in Read More