Our latest paper on technology standardisation is out in @PolicyR! Thanks @teirdes for the fabulous co-op. Some people doubt that values-inspired technology design is possible. We show that not only it is possible, but values already influence technology. policyreview.info/pdf/policyrevi… ImageImageImageImage
"Values" not only guide the building of technologies in aspects such as privacy or cybersecurity, accessibility, freedom of expression, or censorship. There are past examples of political-technology clashes/interventions, too. On-demand decryption or OS changes are examples. ImageImage
"Human, moral, and European values are clearly linked to technology ... We stress that the presence of politics in the technology sphere is already a reality.". True story! With examples from the U.S. and France. Image
There are also examples of failures. For example, the Do Not Track/Tracking Preferences Expression pollinated tech policy debates, but ultimately did not get a backing and it is facing a crisis. But there are also many success stories. For example Privacy by Design. ImageImage
But European Union is struggling with technology standards. Its approach is maladapted to today's world. GDPR and 2G are the well known examples, but what else is there? There is a need for a change. The need for smart tech policy people to engage. ImageImage
Europe can do better, though. We solve this puzzle. European Union must simplify the current policy, needs a modern strategy of involvement in technology standards, must realise how to practically structure its influence over technology standards
I must also thank again to probably my favourite former MEP Amelia @teirdes. We both know a lot about technology standards. And about technology policy. This work is a direct outcome of our mix of fabulous experience and knowledge.
Direct link to our paper: policyreview.info/articles/analy…

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Lukasz Olejnik

Lukasz Olejnik Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @lukOlejnik

7 Mar
Google doubling-down on their new (hopefully, claimed) privacy-improved proposals for ads systems, Turtledove. What is it? This thing lets to choose the ad to display on the user's device - with no data supposed to leave the user's browser. So no tracking?groups.google.com/a/chromium.org…
The testing environment ('Fledge') have a bit relaxed privacy properties. So let's hope the final solution is more tight with respect to privacy protection. It'q quite a complex proposal. github.com/WICG/turtledov… chromestatus.com/feature/573358…
Solution apparently based (at least it seems so) and builds on the 10+ years of academic privacy research in privacy-preseving ads systems. Initially neglected, today it is fascinating to imagine this niche field suddenly emerge to be multi-billion one. blog.lukaszolejnik.com/are-we-reachin…
Read 4 tweets
14 Nov 20
Ticketmaster fined £1.25million for security compromise (they were hacked by Magecart group, their website code was altered to steal data during payments), #GDPR breach. ~9.4m customers affected. Payment data stolen, too. ico.org.uk/media/action-w…
Third-party (chatbot provider) was breached. This spilled to Ticketmaster. Had this functionality not included on the payment site, this breach would not happen (this way, at least). Fun fact: ICO decided to enforce PCI-DSS requirements. #GDPR #ePrivacy
Ticketmaster says they were unable to use the standard subresource integrity (blog.lukaszolejnik.com/making-third-p…) to protect their site because the software changed too often (but they did not know how often). "ICO views this measure as an appropriate measure to implement" #GDPR
Read 4 tweets
15 Oct 19
The Netherlands government published its position on rules applying to security in cyberspace (cyberattacks/cyberwarfare. My short take (the dokument is v. good) government.nl/binaries/gover…
Sovereignty as a matter of rule applies to cyberspace. But it's extent is not clear. Some investigations may (or may not) be breaching sovereignty of other countries.
Apparently links 'election interference on soc media' with 'intervention'. Is a bunch of trolls an intervention into country affairs? No because it does not effect in behavior change in 'targeted state' (who?)? But you can imagine a State leader issuing threats on social media?
Read 6 tweets
29 May 19
International Committee of the Red Cross releases report on the human cost of cyber operations. What rules exist? Need to expand? I'm proud being part of this (co-author). Threat with analysis. #CyberICRC blogs.icrc.org/law-and-policy…
My analysis of @ICRC report selection. Cyberoperations. What impacts on exploit cost? Why supply chain attacks are a risk? Targeting health care (lethal cyberattacks; can you even detect?), ICS. Armed conflict context. How to move forward? #CyberICRC blog.lukaszolejnik.com/icrc-report-on…
The full report is here. My analysis follows. Report speaks on cyber operations & armed conflict context, where many peacetime assumptions may differ. Supply chain attacks are a risk. Exploit price is driven by specific demand. #CyberICRC icrc.org/en/download/fi…
Read 15 tweets
26 Mar 19
First #GDPR fine by Polish DPA. 6M records in database. Scrapped from public sources. Not informed data subjects about their rights. 229k EUR fine. Breach of Article 14. Impressive: no particular explanation provided.
English press release related to the first PL #GDPR fine. 6M user data scraped from public registers. Not informed data subjects about their rights. €220k fine. No tech component; purely lawful case. uodo.gov.pl/en/553/1009
Full justification of the #GDPR enforcement here. 220k fine is only one thing. Company has been ordered to inform all the 6M data subjects. Costs might exceed the fine. Full GDPR in action here. uodo.gov.pl/decyzje/ZSPR.4… (via G/translate)
Read 5 tweets
28 Nov 18
Massive ad fraud botnet taken down. Pretended to be human traffic, exploited Real-Time Bidding vulnerabilities. I researched this in 2013, interesting how long it take to be operationalized. services.google.com/fh/files/blogs…
The scale of the operation is huge. Over 3 Billion bid request fraud, over 1 million of compromised machines. Border Gateway Protocol hijacking was even used. The biggest and most sophisticated operation like that ever.
What fascinates me is that the attackers used some of the techniques I tested and described here: lukaszolejnik.com/rtbdesc (some details omitted). I also played with the bot detection evasion ;)
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!