Protecting Children in Cyberconflicts

Curated on Posted on by Stefaan Verhulst

Paper by Eleonore Pauwels: “Just as digital technologies have transformed myriad aspects of daily life, they are now transforming war, politics and the social fabric.

This rapid analysis examines the ways in which cyberconflict adversely affects children and offers actions that could strengthen safeguards to protect them.

Cyberconflict can impact children directly or indirectly. Harms range from direct targeting for influence and recruitment into armed forces and armed groups, to personal data manipulation and theft, to cyber attacks on infrastructure across sectors critical to child well-being such as education and health facilities.

Many experts believe that the combination of existing international humanitarian law, international criminal law, human rights law, and child rights law is adequate to address the emerging issues posed by cyberconflict. Nevertheless, several key challenges persist. Attribution of cyber attacks to specific actors and ensuring accountability has proven challenging, particularly in the so-called grey zone between war and peace.

There is an urgent need to clarify how child rights apply in the digital space and for Member States to place these rights at the centre of regulatory frameworks and legislation on new technologies…(More)”.

How crowdfunding is shaping the war in Ukraine

Curated on Posted on by Stefaan Verhulst

The Economist: “This month Aerorozvidka, a Ukrainian drone unit, celebrated the acquisition of four Chinese-made DJI Phantom 3 drones, provided by a German donor. The group, founded in 2014 after the Russian invasion of eastern Ukraine and annexation of Crimea, is led by civilians. The gift is just one example of crowdfunding in Russia’s latest war against Ukraine. Citizens from both sides are supplying much-needed equipment to the front lines. What is the impact of these donations, and how do the two countries differ in their approach?

Private citizens have chipped in to help in times of war for centuries. A writing tablet found near Hadrian’s Wall in northern England mentions a gift of sandals, socks and underwear for Roman soldiers. During the first world war America’s government asked civilians to knit warm clothing for troops. But besides such small morale-boosting efforts, some schemes to rally civilians have proved strikingly productive. During the second world war Britain introduced a “Spitfire Fund”, encouraging civilian groups to raise the £12,600 (£490,000, or $590,000, in today’s money) needed to build the top-of-the-range fighter. Individual contributors could buy wings, machineguns or even a rivet, for six old pence (two and a half modern ones) apiece. The scheme raised around £13m in total—enough for more than 1,000 aircraft (of a total of 20,000 built)…(More)”.

Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet

Curated on Posted on by Stefaan Verhulst

Report by Council on Foreign Affairs Task Force: “…The Task Force proposes three pillars to a foreign policy that should guide Washington’s adaptation to today’s more complex, variegated, and dangerous cyber realm.

First, Washington should confront reality and consolidate a coalition of allies and friends around a vision of the internet that preserves—to the greatest degree possible—a trusted, protected international communication platform.

Second, the United States should balance more targeted diplomatic and economic pressure on adversaries, as well as more disruptive cyber operations, with clear statements about self-imposed restraint on specific types of targets agreed to among U.S. allies.

Third, the United States needs to put its own proverbial house in order. That requirement calls for Washington to link more cohesively its policy for digital competition with the broader enterprise of national security strategy.

The major recommendations of the Task Force are as follows:

  • Build a digital trade agreement among trusted partners.
  • Agree to and adopt a shared policy on digital privacy that is interoperable with Europe’s General Data Protection Regulation (GDPR).
  • Resolve outstanding issues on U.S.-European Union (EU) data transfers.
  • Create an international cybercrime center.
  • Launch a focused program for cyber aid and infrastructure development.
  • Work jointly across partners to retain technology superiority.
  • Declare norms against destructive attacks on election and financial systems.
  • Negotiate with adversaries to establish limits on cyber operations directed at nuclear command, control, and communications (NC3) systems.
  • Develop coalition-wide practices for the Vulnerabilities Equities Process (VEP).
  • Adopt greater transparency about defend forward actions.
  • Hold states accountable for malicious activity emanating from their territories.
  • Make digital competition a pillar of the national security strategy.
  • Clean up U.S. cyberspace by offering incentives for internet service providers (ISPs) and cloud providers to reduce malicious activity within their infrastructure.
  • Address the domestic intelligence gap.
  • Promote the exchange of and collaboration among talent from trusted partners.
  • Develop the expertise for cyber foreign policy.

A free, global, and open internet was a worthy aspiration that helped guide U.S. policymakers for the internet’s first thirty years. The internet as it exists today, however, demands a reconsideration of U.S. cyber and foreign policies to confront these new realities. The Task Force believes that U.S. goals moving forward will be more limited and thus more attainable, but the United States needs to act quickly to design strategies and tactics that can ameliorate an urgent threat…(More)”.

EU digital diplomacy: Council agrees a more concerted European approach to the challenges posed by new digital technologies

Curated on Posted on by Stefaan Verhulst

Press Release: “The Council today approved conclusions on EU digital diplomacy.

Digital technologies have brought new opportunities and risks into the lives of EU citizens and people around the globe. They have also become key competitive parameters that can shift the geopolitical balance of power. The EU has a growing web of digital alliances and partnerships around the world. It is increasingly investing in digital infrastructure and, under the Global Gateway strategy, in supporting partners in defining their regulatory approach to technology based on a human-centric approach.

Against this background, the Council invites all relevant parties to ensure that digital diplomacy becomes a core component and an integral part of the EU external action, and is closely coordinated with other EU external policies on cyber and countering hybrid threats, including foreign information manipulation and interference.

In this context, to enhance the EU’s Digital Diplomacy in and with the US, the EU will soon open a dedicated office in San Francisco, a global centre for digital technology and innovation.

The conclusions stress the importance of capacity building and the strategic promotion of technological solutions and regulatory frameworks that respect democratic values and human rights.

For this reason, the EU will actively promote universal human rights and fundamental freedoms, the rule of law and democratic principles in the digital space and advance a human-centric approach to digital technologies in relevant multilateral fora and other platforms, promoting partnerships and coalitions with like-minded countries and strengthening cooperation in and with the UN system, the G7, the OSCE, the OECD, the WTO, NATO, the Council of Europe and other multilateral fora, striving to match the progress achieved with the EU’s Green Diplomacy and Cyber Diplomacy…(More)”

Are blockchains decentralized?

Curated on Posted on by Stefaan Verhulst

Trail of Bits report: “Blockchains can help push the boundaries of current technology in useful ways. However, to make good risk decisions involving exciting and innovative technologies, people need demonstrable facts that are arrived at through reproducible methods and open data.

We believe the risks inherent in blockchains and cryptocurrencies have been poorly described and are often ignored—or even mocked—by those seeking to cash in on this decade’s gold rush.

In response to recent market turmoil and plummeting prices, proponents of cryptocurrency point to the technology’s fundamentals as sound. Are they?

Over the past year, Trail of Bits was engaged by the Defense Advanced Research Projects Agency (DARPA) to examine the fundamental properties of blockchains and the cybersecurity risks associated with them. DARPA wanted to understand those security assumptions and determine to what degree blockchains are actually decentralized.

To answer DARPA’s question, Trail of Bits researchers performed analyses and meta-analyses of prior academic work and of real-world findings that had never before been aggregated, updating prior research with new data in some cases. They also did novel work, building new tools and pursuing original research.

The resulting report is a 30-thousand-foot view of what’s currently known about blockchain technology. Whether these findings affect financial markets is out of the scope of the report: our work at Trail of Bits is entirely about understanding and mitigating security risk.

The report also contains links to the substantial supporting and analytical materials. Our findings are reproducible, and our research is open-source and freely distributable. So you can dig in for yourself.

Key findings

  • Blockchain immutability can be broken not by exploiting cryptographic vulnerabilities, but instead by subverting the properties of a blockchain’s implementations, networking, and consensus protocols. We show that a subset of participants can garner undue, centralized control over the entire system:
    • While the encryption used within cryptocurrencies is for all intents and purposes secure, it does not guarantee security, as touted by proponents.
    • Bitcoin traffic is unencrypted; any third party on the network route between nodes (e.g., internet service providers, Wi-Fi access point operators, or governments) can observe and choose to drop any messages they wish.
    • Tor is now the largest network provider in Bitcoin; just about 55% of Bitcoin nodes were addressable only via Tor (as of March 2022). A malicious Tor exit node can modify or drop traffic….(More)”

How Secure Is Our Data, Really?

Curated on Posted on by Stefaan Verhulst

Essay by Michael Kende: “Stepping back, a 2019 study showed that 95 percent of such data breaches could have been prevented. There are two main causes of breaches that can be averted.

First, many breaches attack known vulnerabilities in online systems. We are all used to updating the operating system on our computer or phone. One of the reasons is to patch a defect that could allow a breach. But not all of us update each patch all of the time, and that leaves us exposed. Organizations operating hundreds or thousands of devices with different systems connecting them may not devote enough resources to security or may be worried about testing the compatibility of upgrades, and this leaves them exposed to hackers searching for systems that have not been updated. These challenges were exacerbated with employees working from home during pandemic restrictions, often on their own devices with less protected networks.

Second is the phenomenon known as social engineering in which an employee is tricked into providing their password. We have all received phishing emails asking us to log into a familiar site to address an urgent matter. Doing so allows the hacker to capture the user’s email address or user name and the associated password. The hacker can then use that information directly to enter the real version of the website or may find out where else the user may go and hope they use the same login details — which, human nature being what it is, is quite common. These phishing attacks highlight the asymmetric advantage held by the hackers. They can send out millions of emails and just need one person to click on the wrong link to start their attack.

Of course, if 95 percent of breaches are preventable, that means 5 percent are not. For instance, though many breaches result from known vulnerabilities in systems, a vulnerability is by definition unknown before it is discovered. Such a vulnerability, known as zero-day vulnerability, is valuable for hackers because it cannot be defended against, and they are often hoarded or sold, sometimes back to the company responsible so they can create a patch…(More)”.

Solferino 21: Warfare, Civilians and Humanitarians in the Twenty-First Century

Curated on Posted on by Stefaan Verhulst

Book by Hugo Slim: “War is at a tipping point: we’re passing from the age of industrial warfare to a new era of computerised warfare, and a renewed risk of great-power conflict. Humanitarian response is also evolving fast—‘big aid’ demands more and more money, while aid workers try to digitalise, preparing to meet ever-broader needs in the long, big wars and climate crisis of the future. 

This book draws on the founding moment of the modern Red Cross movement—the 1859 Battle of Solferino, a moment of great change in the nature of conflict—to track the big shifts already underway, and still to come, in the wars and war aid of our century. Hugo Slim first surveys the current landscape: the tech, politics, law and strategy of warfare, and the long-term transformations ahead as conflict goes digital. He then explains how civilians both suffer and survive in today’s wars, and how their world is changing. Finally, he critiques today’s humanitarian system, citing the challenges of the 2020s.   

Inspired by Henri Dunant’s seminal humanitarian text, Solferino 21 alerts policymakers to the coming shakeup of the military and aid professions, illuminating key priorities for the new century. Humanitarians, he warns, must adapt or fail….(More)”.

Guns, Privacy, and Crime

Curated on Posted on by Stefaan Verhulst

Paper by Alessandro Acquisti & Catherine Tucker: “Open government holds promise of both a more efficient but more accountable and transparent government. It is not clear, however, how transparent information about citizens and their interaction with government, however, affects the welfare of those citizens, and if so in what direction. We investigate this by using as a natural experiment the effect of the online publication of the names and addresses of holders of handgun carry permits on criminals’ propensity to commit burglaries. In December 2008, a Memphis, TN newspaper published a searchable online database of names, zip codes, and ages of Tennessee handgun carry permit holders. We use detailed crime and handgun carry permit data for the city of Memphis to estimate the impact of publicity about the database on burglaries. We find that burglaries increased in zip codes with fewer gun permits, and decreased in those with more gun permits, after the database was publicized….(More)”

Governance of the Inconceivable

Curated on Posted on by Stefaan Verhulst

Essay by Lisa Margonelli: “How do scientists and policymakers work together to design governance for technologies that come with evolving and unknown risks? In the Winter 1985 Issues, seven experts reflected on the possibility of a large nuclear conflict triggering a “nuclear winter.” These experts agreed that the consequences would be horrifying: even beyond radiation effects, for example, burning cities could put enough smoke in the atmosphere to block sunlight, lowering ground temperatures and threatening people, crops, and other living things. In the same issue, former astronaut and then senator John Glenn wrote about the prospects for several nuclear nonproliferation agreements he was involved in negotiating. This broad discussion of nuclear weapons governance in Issues—involving legislators Glenn and then senator Al Gore as well as scientists, Department of Defense officials, and weapons designers—reflected the discourse of the time. In the culture at large, fears of nuclear annihilation became ubiquitous, and today you can easily find danceable playlists containing “38 Essential ’80s Songs About Nuclear Anxiety.”

But with the end of the Cold War, the breakup of the Soviet Union, and the rapid growth of a globalized economy and culture, these conversations receded from public consciousness. Issues has not run an article on nuclear weapons since 2010, when an essay argued that exaggerated fear of nuclear weapons had led to poor policy decisions. “Albert Einstein memorably proclaimed that nuclear weapons ‘have changed everything except our way of thinking,’” wrote political scientist John Mueller. “But the weapons actually seem to have changed little except our way of thinking, as well as our ways of declaiming, gesticulating, deploying military forces, and spending lots of money.”

All these old conversations suddenly became relevant again as our editorial team worked on this issue. On February 27, when Vladimir Putin ordered Russia’s nuclear weapons put on “high alert” after invading Ukraine, United Nations Secretary-General Antonio Guterres declared that “the mere idea of a nuclear conflict is simply unconceivable.” But, in the space of a day, what had long seemed inconceivable was suddenly being very actively conceived….(More)”.

Police surveillance and facial recognition: Why data privacy is an imperative for communities of color

Curated on Posted on by Stefaan Verhulst

Paper by Nicol Turner Lee and Caitlin Chin: “Governments and private companies have a long history of collecting data from civilians, often justifying the resulting loss of privacy in the name of national security, economic stability, or other societal benefits. But it is important to note that these trade-offs do not affect all individuals equally. In fact, surveillance and data collection have disproportionately affected communities of color under both past and current circumstances and political regimes.

From the historical surveillance of civil rights leaders by the Federal Bureau of Investigation (FBI) to the current misuse of facial recognition technologies, surveillance patterns often reflect existing societal biases and build upon harmful and virtuous cycles. Facial recognition and other surveillance technologies also enable more precise discrimination, especially as law enforcement agencies continue to make misinformed, predictive decisions around arrest and detainment that disproportionately impact marginalized populations.

In this paper, we present the case for stronger federal privacy protections with proscriptive guardrails for the public and private sectors to mitigate the high risks that are associated with the development and procurement of surveillance technologies. We also discuss the role of federal agencies in addressing the purposes and uses of facial recognition and other monitoring tools under their jurisdiction, as well as increased training for state and local law enforcement agencies to prevent the unfair or inaccurate profiling of people of color. We conclude the paper with a series of proposals that lean either toward clear restrictions on the use of surveillance technologies in certain contexts, or greater accountability and oversight mechanisms, including audits, policy interventions, and more inclusive technical designs….(More)”