69 Matching Annotations
  1. Dec 2020
    1. no single prescribed technical solution to provide access to encrypted data

      How can we read this? That they don't expect a single new technology/standard, but rather case-by-case approach in cooperation with the industry, based on regulations and practices?

    2. coordination

      Recent address of Interpol cybercrime director Jones at Kaspersky's webinar stressed the importance of bringing law enforcement authorities from various countries to work together - being even more relevant than the (un)existence of legal ground, whether Budapest Convention or other. This confirms that LEA hasn't explored all the venues of becoming better at collecting evidences - closer cooperation and skills being one bit - and encryption might not be a 'silver bullet', but there are other ways to go still.

    3. Suchtechnical solutionsand standards

      EU mentioning 'technical solutions and standards' to be developed re. encryption vs access to data. No more details, but interesting to follow. ||MariliaM|| ||Jovan|| ||TerezaHorejsova||

    4. national and international communication service providers

      What does this term mean - ISPs/telcoms, or also digital service providers and vendors? To me it sounds more as telcos...

    5. undertheir domestic legislation

      Additional complexity if it won't be a single EU legislation. With Orbans and alike, there is not much trust in national level.

    6. assessed

      Why so, if LEA already has all the rights to access the evidences, as mentioned earlier? Problem is 'how' - operational, not legal. Or, with this, EU want's to strengthen due process and respect for privacy etc, to try to comfort tech community that it will do its best to use it legally? (Which won't comfort them, that we know) ||GingerP|| ||MariliaM|| ||Jovan||

    7. echnical solutions for gaining access to encrypted data

      The idea is to work with industry to provide technical means. Tech community is clear that weakening encryption algorithms or applications (some sort of back doors) will result with greater harm, as such backdoors could be misused by criminals and other parties (states?). One public proposal from GCHQ, known as 'ghost protocol', suggested meddling with exchange of encryption keys rather than encryption algorithm (effectively inserting silently a third party - LEA - to monitor the exchange); tech community was fast to discourage this. Good news is that, from my feeling, both industry and govs (EU at least) are ready to discuss how-to. It won't be easy, but it may be possible. FiveEyes and others may follow this (they also took the stand to work with industry, though they were more strict towards the industry responsibility in this regards, than the EU which calls for partnership) ||GingerP|| ||MariliaM|| ||Jovan||

    8. Independently of the technological environment of the day,

      Easier said than done

    9. help ensure security

      Emphasising that security from cybercrime is also part of (individual) security

    10. subject to the requirement of anessentially equivalent level of protection, which according to the Court of Justice is a legal requirement for data transfers

      Not sure what this means?

    11. in all areas of public and private life

      They miss an important bit: that encryption is one of the key element of secure functioning of the net as well (PKI, DNSSec, etc)

    12. the EU will leverage its tools and regulatory powers to help shape global rules and standards

      EU stepping in as a global leader on this front?

    13. Security through encryption and security despite encryption

      Interesting wording: EU tries to both defend encryption and find ways around it by not weakening it. In practice, it is very difficult, but let's see ||GingerP|| ||MariliaM|| ||Jovan||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. yber is a domain dominated by covertness and surprise. It is not the kind of thing you can parade on May Day, allowing Western observers to photograph and count. These attributes are antithetical to transparency and create a ceiling for transparency that no reasonable state will go beyond

      This is all true. But, transparency is not only about what weapons/capabilities you have - but also about if you have them, how you may use them, what are the limitations, what is the control mechanism... There are many aspects of transparency that don't endanger operations, but may increase predictability. We had this clash of views when I was in DC to present our map of countries with capabilities, when he argued this. I agree there is a ceiling, but not that 'transparency is dead'. ||Jovan|| ||MariliaM||

    2. Transparency does not deter, and unilateral transparency does not improve stability

      This is also a too narrow view, focused on US-Russia-China. Transparency of some lead states can be a guide to other states, entering this game. Stability is not only about US-Russia-China. 'Western values' are important even if opponents don't follow them. ||Jovan|| ||MariliaM||

    3. external reason

      What could be the external reason to incentivize countries to adhere? One possibility is that stakes are getting higher as we depend more on digital, and (big) states may become more cautious. Again this is too US-Russia-centric. Many other states joining the game now might be more cautious about norms if they see others adhering. ||Jovan|| ||MariliaM||

    4. Norms are not implemented; they are observed

      I suppose with 'observed' he referred to 'adhered to'? While I agree that formality in impementation is not the essence, but we need to find ways for everyone to adhere, I don't think GGE/OEWG discussions about implementation are about formality, but essence - and discussing means that could make states to adhere. ||Jovan|| ||MariliaM||

    5. A decade ago, analysts speculated that as states made greater use of offensive cyber operations, there could be escalation to a larger and more damaging conflict, given the covert nature of cyber action, the difficulty (then) of attribution, and the potential for unintended consequences and collateral damage. While there have been a few instances of unintended consequences and collateral damage, such as NotPetya, these did not lead to escalation of conflict. We can now reject the initial hypothesis of miscalculation and escalation as inaccurate.

      "There were no escalations in the past, thus we can disregard escalations in future..." This is so wrong, in my opinion, even on the level of logical flaw. Conditions are rapidly changing. Risk = threat x asset x vulnerability; each of those components have radically changed (and still is): more countries with more sophisticated capabilities x everything being connected x vulnerable everything. Chances of miscalculation, if nothing, are growing. Not least, we can't observe everything from the US-Russia prism as James usually does - there are other countries around the world, other war-torn regions... there, cyber is a new means, and misperception and miscalculation are very possible.

      Worth adding another good peace on stability and escalation which justifies the opposite: https://tnsr.org/2020/09/the-escalation-inversion-and-other-oddities-of-situational-cyber-stability/ But even without going into details of that text, James' logic here is deeply flawed.

      ||Jovan|| ||MariliaM||

    6. U.S. opponents do not want stability; they want change

      I am not an expert in war studies/international peace, but stability, to me, doesn't equal status quo ie. change doesn't equal instability. US opponents do want change in global relations, and they use cyber-means for that - that was well put; but this doesn't mean they don't want/need stability as well - I don't think anyone of the big ones is up to any destabilization and conflicts among them. ||Jovan|| ||MariliaM||

    7. Five Cyber Strategies to Forget in 2021

      Debatable set of conclusions by James Lewis on cyber-stability. I am quite disappointed with some logic used there. Some comments throughout the text. Let me know if you share the feeling. ||Jovan|| ||MariliaM||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  2. Oct 2020
    1. Finally, a Programme of Action has no ending date:

      Important: PoA has no ending date

    2. First, it offers a process that is inclusive and open to all UN member states, unlike the UNGGE. While the OEWG is more inclusive, it is slower to deliver substantial results, notably due to the diversity of capacities and maturities among the participating states. A PoA, by contrast, allows for concrete discussions and progress within working groups devoted to specific issues. In that sense, a PoA on Cyber could actually combine the best of two words.

      WG as mechanism may be helpful

    3. Usually, a Programme of Action comprises two sets of provisions: objectives and recommendations and rules for monitoring their implementation.

      Mechanism for monitoring of implementation is particularly important part of the PoA

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. Submissionby

      Notably missing: US, China, Russia, Brazil, India, but also Australia and Canada (so far)

    2. open, secure, stable, accessible and peaceful cyberspace

      Not the same wording as China and others use, though

    3. relevant multi-stakeholder initiatives

      Opening space for contributions by other fora like Paris Call

    4. could consider if additional norms could be developed over time

      Creating space for possibly developing new norms in future

    5. implementation is currentlyone of our biggest challenges

      Though not all parties would agree on this

    6. The OEWG and 6thGGE could work toagree the modalities of aProgramme of Action,

      I think the proposal comes too late in the work of the current GGE and OEWG to allow those to discuss modalities - even if all parties would agree for the PoA, which is not likely.

    7. acquis

      Acquis - a term increasingly used by the Europeans (probably borrowed from the EU acquis) to denote the current set of norms, CBMs and CB measures agreed thus far. GGE Chair also used the term to emphasise that the acquis is the base, that shouldn't be re-opened. Another word to add to our Speech Generator, for France and EU partners at least


    8. recognize the full applicability of International Law to cyberspace.

      Thus, the signatories in a way recognise the full applicability of IL - we can reflect this in our mapping ||Pavlina||||AndrijanaG||

    9. Programme of Action for advancing responsible State behaviour in cyberspace

      France with 40 other countries (Western Alliance mainly still) publishes the proposal for a Programme of Action, which would replace GGE and OEWG after their mandate.

      Good coverage of what this could mean is at https://directionsblog.eu/a-new-un-path-to-cyber-stability/


    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. US and some other countries to politicize the issue of data security

      Re. TikTok. Interestingly, now China is (nominally) becoming in favour of free flow of data, while US and EU are calling for data sovereignty? Link with WTO? ||Jovan||||MariliaM||

    2. China supports the work of the UN OEWG and UN GGE and hope that these processes will make further progress

      China supports GGE and OEWG, yet no clear connection between those and the rule-making on data security is made: is this a suggested follow-up, a parallel process, part of the two?

    3. China also supports continued in-depth discussions on Lethal Autonomous Weapons Systems (LAWS) within the framework of Convention on Certain Conventional Weapons (CCW)

      Is this the same as the GGE LAWS, or a separate process? ||Jovan||

    4. data security

      China frames cybersecurity debates as 'data security' also in the UN 1st Committee now, after their Global Initiative on Data Security (which has no reference to any UN process whatsoever)

      We may update our Speech Generator database with these new Chinese lingo and positions


    5. develop a set of international rules on data security

      China calls to 'develop new rules', on data security. Indeed, none of the existing rules are about 'data security'!

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  3. Sep 2020
    1. 5G

      Not a single reference to 5G security, Huwei or anything related! ||Jovan|| ||MariliaM||

    2. Because when we look around, we ask ourselves, where is the essence of humanity when three children in Wisconsin watch their father shot by police while they sit in the car?

      The US example?! Black lives mater?

    3. Before the end of the month, the Commission will adopt the first annual rule of law report covering all Member States.

      Possible conflict with number of EU members

    4. I think of Suadd, the teenage Syrian refugee who arrived in Europe dreaming of being a doctor. Within three years she was awarded a prestigious scholarship from the Royal College of Surgeons in Ireland.

      A positive case, rather than a case of a kid that drowned...

    5. Albania and North Macedonia

      Not a word about Kosovo and Serbia

    6. The Western Balkans are part of Europe - and not just a stopover on the Silk Road

      Another very strong message: you may flirt with the Chinese, but you are part of Europe

    7. And that is not just me saying it – I remind you of the words of Margaret Thatcher: “Britain does not break Treaties. It would be bad for Britain, bad for relations with the rest of the world, and bad for any future Treaty on trade”

      What a powerful British quote straight into the face of Brits

    8. And we will never backtrack on that. This agreement has been ratified by this House and the House of Commons. It cannot be unilaterally changed, disregarded or dis-applied. This a matter of law, trust and good faith.

      Direct response to the newly proposed UK law that will change the treaty and break the int. law

    9. But with every day that passes the chances of a timely agreement do start to fade

      But the clock is ticking, and EU may start stepping away

    10. We need new beginnings with old friends

      "and we hope we will have a new interlocutor in the White House"

    11. together

      That is - only if the US also wants it.

    12. Our Member States, Cyprus and Greece, can always count on Europe's full solidarity on protecting their legitimate sovereignty rights.

      Decisive stand on the emerging Mediterranean crisis. Important message, to back France's support to Greece

    13. To those that advocate closer ties with Russia, I say that the poisoning of Alexei Navalny with an advanced chemical agent is not a one off. We have seen the pattern in Georgia and Ukraine, Syria and Salisbury – and in election meddling around the world. This pattern is not changing – and no pipeline will change that.

      A strong stance against Russia. Much more negative than towards China ||MariliaM|| ||Jovan||

    14. he elections that brought them into the street were neither free nor fair. And the brutal response by the government ever since has been shameful.

      Interesting to observe (and here is the place where I can share my frustration :) is that, in spite great similarity with forged elections and protests and brutality in Belgrade and Minsk, EU has not said a word about Serbian case, yet has been very strong about the Belarus one (of course, reasons for both are clear; but it is double standards still) ||MariliaM|| ||Jovan||

    15. Our global system has grown into a creeping paralysis

      Observe the wording in this para. Very strong. ||Jovan|| ||MariliaM||

    16. a secure European e-identity

      Most likely using the great EStonian experience. But, Estonia is small and can control all the security/privacy/technology processes easily; how will EU be able to do this? ||VladaR||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. oppose mass surveillance against other States

      to US: re Snowden and other

    2. evidence-based manner

      to US: justify your speculations that Huawei is not secure

    3. We welcome governments, international organizations, ICT companies, technology communities, civil organizations, individuals and all other actors to make concerted efforts to promote data security under the principle of extensive consultation, joint contribution and shared benefits.

      Chinese call for multistakeholder data protection

    4. development and security

      Development component is emphasized in the security context. This buys support of various developing countries.

    5. data security

      Framing of cyber(in)security as data security. On one hand, disconnecting from other ongoing processes, which allows placing other items in; on the other - would it be also more appealing to the 'opponents' which raise security of data over 5G networks as the key concern?

    6. boosting users' confidence

      Indeed, user confidence in digital products and services is enhanced with secure and stable supply chain. Unexpected but well placed argument.

    7. new development of international division of labor

      Interesting phrase to support global supply chain and technological inter-dependence

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  4. Jul 2020
    1. bridged with eco-nomic policies that improve opportunity.

      If the US was not based on economic equality (officially), who was? Yet, it failed/fails. There is no economics stripped off politics, unfortunately. Believing that just economy can provide equality doesn't stay (as we see more and more).

    2. African-Americans

      Shouldn't they give an example, and simply say 'black and white'?

    3. They still do

      This statistics is signaling. But I wonder what are the similar analysis in some EU countries - say the Netherlands and Belgium, even France? Is it better, equal or worse? Ie is there a model where we can say works better, to learn from?

    4. Liber-alism does not fight power with power, which risks replacingone abusive regime with another.

      On just how many levels this is wrong in practice, albeit mostly out of US (foreign interventions). Or, it might not be really liberalism in practice?

    5. Liberalism

      From all stated here, it reminds of utopia. In practice, we see it doesn't/didn't work out that way.

    6. Liberal-ism can offer a fairer, more promising route toreform.

      Yet, even judging on the introductory paragraphs of this text - it failed to do so?

    7. A fundamental belief in power above persuasion frustrates co-alition-building.

      Interestingly put. Reality is not nice: power comes first, then persuasion; it is similar to diplomacy - there are no negotiations if one party can coerce the other. Only when powers are somewhat equal we turn to persuasion, dialogue, negotiations. Thus, persuasion over power is a nice wish-list item we should look at, but the reality is (still) different.

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. A hack that took over an account belonging to one of those leaders could have devastating consequences

      Imagine taking over Trump's account in such a way. Or Biden's account and impact the elections. Oh, wait...

    2. Joe Biden

      How will this Twitter hack impact Biden's political reputation?

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL