There is more to Geneva than chocolates - my role as a cyberwarfare advisor at the ICRC
We live in interesting times. Cybersecurity is finally being treated very seriously, both on the technology and policy level - including international relations, the so called “cyber” diplomacy.
I come from a technical and research background, having also experience in standards and regulations. In particular, I am fascinated with the interactions of technology and regulations - with special regard to security and privacy technology as well as data privacy regulations, such as the General Data Protection Regulation (GDPR) and ePrivacy Regulation.
Cybersecurity is one of the top interests of this (and the next) decade, with the regularity of cyber attacks, disinformation campaigns, cyberoperations and beyond. Countries continue to develop strategic approach to cybersecurity (examples: French strategic cybersecurity document, Cybersecurity framework of the European Union). A concept tentatively called the Digital Geneva Convention is being debated seriously (examples: 1, 2).
I’m happy to say that starting in April I’ll be helping at the International Committee of the Red Cross in Geneva, as a scientific and policy advisor on cyberwarfare. This is an opportunity to remain close to the technical things, but to focus also on the international cybersecurity regulations, including on the international humanitarian law.
That said, I’m not abandoning my involvement on other fronts, such as privacy research, standardization, GDPR, ePrivacy, consulting, and so.
Some highlights of the things I did during the last year:
- I researched how to design standards with privacy in mind (leaks due to battery information and “how to” privacy design)
- Some research progress: browsers purging of an API following the discovery of privacy abuse risks, stealing web browsing history using light sensors, privacy leaks in Payment Request API
- I worked on ePrivacy Regulation: since the start, with my input on multiple levels, and during the later stages, too
- I am an active participant in technology policy debates in Europe, especially GDPR and ePrivacy. Examples: GDPR case in the UK, which would potentially ban part of privacy research, amended fortunately
- I’m elected to the W3C Technical Architecture Group, where my plan is to carry the privacy baton
- Some privacy impact assessment and privacy by design consulting and advisory work I won’t discuss in detail here
My aim related to the cyberwarfare project is - as was always the case to date - to remain as open as possible. In fact, I believe technical and research communities should be close to these matters. I would be happy to be the vehicle here. Policy should never be made in closed bubbles, shielded from expert input - especially technology policy.
I’m excited with what’s to come. But I am also keeping my involvement in the technical security and privacy research and development sphere, and open for interesting advisory opportunities. This applies to Privacy by Design, Privacy Impact Assessment, and other strategic aspects, including technology policy, too.