Yes, I said cyber. Digital security and rights in international development coop
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 234 | |
| Author | ||
| License | CC Attribution - ShareAlike 3.0 Germany: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this | |
| Identifiers | 10.5446/33164 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
re:publica 2017232 / 234
1
5
7
10
12
13
18
19
20
22
31
32
37
42
43
44
48
51
65
72
74
78
79
88
89
101
104
106
107
108
109
115
127
138
142
150
152
156
159
160
166
167
172
175
181
183
185
186
188
191
197
201
204
206
208
210
213
214
215
217
220
221
223
224
226
234
00:00
QuicksortArithmetic meanSoftware developerIntegerMultiplication signDigitizingAreaVideo gameMusical ensembleComputer animationJSONXMLUMLLecture/ConferenceMeeting/Interview
01:07
DigitizingProcess (computing)Information privacyConnected spaceProjective planeDifferent (Kate Ryan album)WordAreaSingle-precision floating-point formatSoftware developerDialectTwitterFiber (mathematics)Context awarenessReading (process)Information securityCyberneticsShape (magazine)Lecture/ConferenceMeeting/Interview
03:54
Software developerForcing (mathematics)Spezielle orthogonale GruppeProjective planePunched cardLine (geometry)Bit rateLecture/Conference
04:43
DigitizingSoftware developerTelecommunicationInternetworkingLattice (order)SpacetimeContext awarenessAreaPosition operatorInformation securityAuthorizationVirtualizationInformationstheorieInternet forumOpen setOnline helpE-learningMusical ensembleOperator (mathematics)Condition numberObject (grammar)Projective planeVarianceGoodness of fitGame theoryLecture/ConferenceMeeting/Interview
07:02
Infinite conjugacy class propertyMatching (graph theory)InternetworkingRange (statistics)LengthElectronic mailing listState of matterSoftware developerLevel (video gaming)Fiber (mathematics)Moment (mathematics)CyberneticsLecture/ConferenceMeeting/Interview
08:05
Physical lawFamilyInternetworkingWordCyberneticsLecture/ConferenceMeeting/Interview
08:56
Physical lawMultiplication signCyberneticsInformation securityFile formatInternetworkingOpen setStudent's t-testLecture/ConferenceMeeting/Interview
10:39
CyberneticsTerm (mathematics)Information securityElectronic GovernmentObservational studyDifferent (Kate Ryan album)Field (computer science)Frame problemSoftwareCivil engineeringInternet forumExtension (kinesiology)Degree (graph theory)Library (computing)Computer crimePhysical systemOffice suiteLecture/ConferenceMeeting/Interview
12:15
Directory serviceComputer programmingCyberneticsComputer-assisted translationInequality (mathematics)AreaMereologyMoment (mathematics)Water vaporEvent horizonCausalityDigitizingDisk read-and-write headState of matterDependent and independent variablesImage resolutionLecture/ConferenceMeeting/Interview
14:53
CyberneticsVideo gameFrequencyMultiplication signState of matterGame controllerAreaLecture/ConferenceMeeting/Interview
15:51
DigitizingInternetworkingInformation securityArmPhysical lawInformationstheorieSoftware developerCyberneticsStatement (computer science)Moment (mathematics)Right angleState of matterModal logicEquivalence relationPressureWindowKinematicsHacker (term)Order (biology)Physical systemPersonal digital assistantElectric generatorPivot elementWordAerodynamicsOpen sourceOperating systemInformation privacyStaff (military)CASE <Informatik>BlogQuicksortPentagonLecture/ConferenceMeeting/Interview
19:25
Physical lawCombinational logicContext awarenessTerm (mathematics)Electric generatorData conversionCASE <Informatik>QuicksortLevel (video gaming)WordOperator (mathematics)Line (geometry)Projective planeSystem administratorLecture/Conference
22:07
Information securityMeasurementVector spaceInformationstheorieComputer networkSimilarity (geometry)Fundamental theorem of algebraTheory of relativitySensitivity analysisNumberAuthorizationRight angleKey (cryptography)WeightTelecommunicationLecture/ConferenceMeeting/Interview
24:07
CyberneticsInformation securityGreen's functionArithmetic meanMereologySlide ruleCommitment schemeLevel (video gaming)Term (mathematics)AreaWebsitePrimitive (album)Goodness of fitCellular automatonInformation securityInformationstheorieCyberspacePoint (geometry)Strategy gameRight angleThread (computing)Wave packetPerspective (visual)Computer programmingChannel capacityBitIntegrated development environment2 (number)Computer clusterBuildingDigitizingCyberneticsMeeting/Interview
26:44
Projective planeContext awarenessSoftware developerVideo projectorDigitizingPower (physics)Information securityDomain nameBitMereologyProper mapMultiplication signRight angleCyberneticsVector potentialCryptographyLecture/ConferenceMeeting/Interview
28:33
InformationstheorieRadio-frequency identificationLevel (video gaming)Service (economics)AreaDomain nameSurface of revolutionDigital signalAddress spaceLatent heatCyberneticsInformation securityCyberspaceIndependence (probability theory)System programmingMathematicsPascal's triangleLine (geometry)Strategy gameFiber (mathematics)Propositional formulaInformation securityExtension (kinesiology)Centralizer and normalizerBuildingMultiplication signSoftware developerRight angleType theoryCoefficient of determinationPoint (geometry)Channel capacityDependent and independent variablesMachine visionInformation privacyCollatz conjectureBuffer solutionMoment (mathematics)1 (number)Level (video gaming)CyberneticsField (computer science)Computer animationLecture/ConferenceMeeting/Interview
31:26
Projective planeSoftware frameworkStrategy gameLevel (video gaming)BuildingChannel capacityWordOnline helpBitShared memoryLink (knot theory)Heat transferInformation securityCyberneticsMereologyMoment (mathematics)Proper mapWave packetLecture/ConferenceMeeting/Interview
33:17
Multiplication signTerm (mathematics)Word4 (number)QuantumBuildingInformation securityCyberneticsQuadrilateralChannel capacityDigitizingSpacetimeMereologyDimensional analysisRight angleSoftwareHazard (2005 film)InformationstheorieOffice suiteLecture/ConferenceMeeting/Interview
35:54
InternetworkingSoftware developerShape (magazine)DigitizingState of matterParameter (computer programming)Sound effectRight angleCASE <Informatik>Type theoryInformationstheoriePattern languagePersonal identification number (Denmark)AlgorithmPhysical systemFile formatTheoryDigital signalWordMachine learningMereologyGroup actionNumberDevice driverInformation securityArithmetic meanLecture/ConferenceMeeting/Interview
38:10
Self-organizationContext awarenessLevel (video gaming)MassInformation securityMeeting/Interview
39:24
WordType theoryTheoryEccentricity (mathematics)Dependent and independent variablesPlastikkarteRight angleInformation privacyLetterpress printingPoint (geometry)Connected spaceNumberACIDMeeting/Interview
41:12
BitRight angleMultiplication signStatement (computer science)Strategy gameDigital signalOcean currentNumbering schemeTelecommunicationInformation securityInformationstheorieSoftware developerImplementationComputer configurationPresentation of a groupLink (knot theory)DigitizingCyberneticsData conversionFlash memory
43:44
Information securityInformation privacyDigitizingProjective planeRight angleCyberneticsSpherePoint (geometry)Data miningGoodness of fitContext awarenessStrategy gamePosition operatorTelecommunicationClique problemVulnerability (computing)Meeting/InterviewLecture/Conference
46:32
Term (mathematics)CryptographyEndliche ModelltheorieBasis <Mathematik>Software frameworkInformationstheorieForcing (mathematics)Right angleSelf-organizationStaff (military)EncryptionMultiplication signInformation securityInformation privacyComputing platformProjective planeBitDigitizingMeeting/Interview
48:47
Strategy gameCuboidPower (physics)Order (biology)Meeting/Interview
49:38
Event horizonThumbnailCyberneticsMultiplication signInformation securityServer (computing)Insertion lossState of matterTerm (mathematics)Physical lawMereologyVulnerability (computing)Series (mathematics)Different (Kate Ryan album)Radical (chemistry)Information privacyMathematicsMatrix (mathematics)TheoryMeeting/Interview
51:19
CodeState of matterMoment (mathematics)Category of beingPhysical lawHuman migrationScaling (geometry)GodCompact spaceSet (mathematics)Surface of revolutionRight angleInformationstheorieFront and back endsCodeLecture/ConferenceMeeting/Interview
52:46
CodeCyberneticsInformation privacyExistenceInformationstheorieRight anglePhysical lawNormal (geometry)Water vaporInformation securityForm (programming)Operator (mathematics)Set (mathematics)RectifierLecture/ConferenceMeeting/Interview
53:50
AreaWaveSoftware developerCyberneticsGroup actionInformationstheorieRight angleVector potentialSelf-organizationWhiteboardQuicksortService (economics)RectifierMultiplication signDiaphragm (optics)Information securityRemote procedure call
56:19
CyberneticsVector potentialMereologyDigital electronicsFault-tolerant systemData managementDigitizingService (economics)Information securityDependent and independent variablesInformationstheorieTouch typingHD DVDHypermediaMeeting/InterviewLecture/Conference
57:35
StatisticsComputer crimeCyberneticsLink (knot theory)DivisorEstimatorInternet forumStress (mechanics)Point (geometry)Right angleForm (programming)Meeting/InterviewLecture/Conference
58:40
Artificial neural networkSoftware developerExploit (computer security)Type theoryTotal S.A.MultiplicationIntegrated development environmentSound effectMoment (mathematics)TheoryHacker (term)Term (mathematics)QuantificationSoftwareMultiplication signAlgorithmCASE <Informatik>Meeting/Interview
01:00:39
Complex numberPhysical systemInformation securityCyberneticsData miningMultiplication signGame theorySummierbarkeitMeeting/InterviewLecture/Conference
01:01:28
TheoryRight angleSubstitute goodBasis <Mathematik>AreaSpeech synthesisLecture/ConferenceMeeting/Interview
01:02:17
Electronic mailing listWordSoftware developerInformation securityBasis <Mathematik>Dependent and independent variablesInformation privacyCyberneticsDatabase transactionDigitizingInformationstheoriePlanningLecture/ConferenceMeeting/Interview
01:03:50
CyberneticsStability theoryInformation securityGoodness of fitProjective planeLecture/ConferenceComputer animation
Transcript: English(auto-generated)
00:16
Thank you very much. ICT4D means ICT for development.
00:23
And yeah, so it is a great pleasure to open and introduce this last session. And I'm very happy that so many of you came after three full days of excitement. And I'm sure you all are very eager to hear the band and to party.
00:40
So yes, first let me explain who we are. I'm representing the Federal Ministry for Economic Cooperation and Development, in short the BMZ. And we have been at the Republica four times already now. Why actually do we come here?
01:00
Because we, like you, agree that digitalization affects all areas of life, everywhere around the world. And we believe that digitalization is a process we have to accompany, proactively but also critically. Today we have already discussed how to juggle possible dystopian and utopian futures
01:25
of a truly interconnected digital world. And that world could actually bring prosperity and peace or signify the end of privacy and personal connection. And we have discussed and will keep discussing
01:42
how the most remote and impoverished regions of our world can benefit from new trends. And that is the reason why we supported Better Place in writing this trend radar. And this is where we are trying to find out which future trends are actually important
02:03
for development cooperation. I highly recommend it. We also launched today our digital agenda. And it's a good read. And yes, and this is a strategic paper actually that we hope will shape development cooperation
02:23
for the years to come. And we set strategic goals that my ministry is going to pursue. So after this quick promotion, cyber. I know it's a word that everybody uses.
02:41
And yes, I said cyber. Yes, we say cyber. And for a development ministry, cyber is perhaps not the most obvious term, you might say. But as policymakers, we do see that the word cyber is often attached to other words to render them meaningless.
03:01
But the word may not go away because the raising threats and uncertainties in this digital age will not go away. And to be very frank with you, we, in the other session, I was just saying, listen, and we as the federal ministry for development cooperation now, we have around 300 projects in different areas
03:23
of ICT for development in all developing areas. But we, until now, do not have a single project on cyber security. For us, this is still an upcoming issue. And we feel that this is going to be more and more important.
03:41
But we are actually struggling and we need your comments and we need your advice to help us shape future projects, how we can actually support developing countries in the sector of cyber security. I, last night, we had a briefing with the panelists and I enjoyed a quick chat with you, Nathaniel, outside.
04:04
And maybe, if I may quote that, because I found it really eye-opening. You know, like, we are still looking at, in which sectors could we become active as development cooperation? And you said something like, you said, listen, there is a war on trust, right? A war on data. I hope I'm not stealing your punchlines,
04:21
but I really liked it. And you explained to me that there are forces that actually work very intensively in trying to discredit civic society projects, NGOs, development cooperation using fake news, and thus undermining the trust and the opposition
04:42
in countries that try to strive for a more democratic place. And so this is really an area, I think, where we have to get active. Yeah, well, thanks again for that eye-opener. So digitalization, we believe in that,
05:01
can be a game changer in places where schools may be too far away or for children to reach. We also had a great session today from Chiron. They're doing online education. And I think this is also a very sensitive topic when we look at refugees, because those are the most vulnerable persons.
05:21
And so in vulnerable contexts where we need to support opposition, it is also a question of data security when it comes to protecting the data from those refugees from the opposition. So this would be another sector where I would imagine would be a space where we could get active.
05:42
But let's go back. Online education, digital finance, electronic access to authorities, virtual meeting spaces, and always available information and communication tools on the internet can have much more impact there in the developing world than probably here,
06:01
if the right conditions are in place. And here, Mona, I'd like to quote you again. I found a really good talk last night, and you were looking at me because I was trying to be honest, and I was saying, okay, where should we get active? And you were looking at me and saying, well, Katrine, you know, look at all your development cooperation works
06:21
and projects that you have, and all of these would not be possible or would not work as good as they do if cybersecurity was not there. So it's the base, right? Well, so my ministry has embraced digitalization
06:40
as an important tool and objective in our work, but we want to get active in the cybersecurity sector, and now we need your help, your suggestions, and I'm very, very happy that we have you three here and Rahel as the moderator today, and I'm very much looking forward for all your comments.
07:00
Thank you very much. Rahel, the floor is yours. Thank you, Katrine. And I'm gonna hand over these microphones.
07:20
There you go. And one further, if I may. Thank you. Thank you very much for those opening remarks, and thanks all of you for being here. I understand it's late. I am Rahel. I also work in German development, and I have the pleasure to welcome to the stage our three panelists who will introduce themselves.
07:42
As you do, and I'm gonna give you two minutes each to tell us quickly who you are, what you do roughly, but as you do, perhaps answer us the question, when did you start saying cyber, and why does it matter? Mona. It works.
08:00
No need to tell anything. So we start talking about cyber the moment we realize that when we want to use the internet, it means that we are going into a new world that is called cyber. So it's since 10 or more, 10 years or more than this.
08:24
And we talk cyber because we've seen some concrete things happening in our society because of moving to this new world.
08:42
So we were obliged in some way to start adopting this new world, if you want. Excellent. And who are we? Oh, first of all, I'm a professor of law.
09:02
I got involved in cybersecurity through our NGO, which is the Lebanese Information Technology Association, because our students in law, we have seen this, didn't understand what does it mean to go online and do some bad or risky behavior.
09:23
So there, we were so concerned about our youth, we were concerned about protecting them from others and from their own activities, their own behavior online. And also, we have later on,
09:45
seen that it wasn't possible for us as Lebanese society or Lebanese country to be safe online if we don't cooperate with others. We have understood that it's not possible. We're not living alone in this world
10:02
with the internet, with this openness to the whole world. And then we created the Pan-Arab Observatory for cybersecurity, where we have public, private sector, and not only Lebanese people, we have also Arab countries involved with us.
10:22
Some are public institution, and some others are private. And I am at the same time at the Panel for Cybersecurity, which is at the World Federation of Scientists. And that's it. Thank you.
10:40
Yeah, so I'm a researcher on the politics of cybersecurity, and I think that the term cyber also has something very political to it. I'm also a fellow at a think tank here in Berlin called Global Public Policy Institute and at the Internet Governance Forum Germany. But so how did I actually end up here? Because actually, my background is in political science.
11:03
And when I was studying in my master's degree at a so-called War Studies Department, that's where I came across the term first. And I think that also tells you a lot about the perception we often have about cyber, is that it belongs to the military in a way, or that we often associate it with cyber warfare,
11:23
cyber terrorism, cyber crime, you know? So I studied these aspects, and then got more into this internet governance field and so on, and actually, there's, for me, cybersecurity really means the security of networks and systems, and then the extended security
11:43
of individuals or users using these technologies. And this is, I think, a definition of cybersecurity that is more and more adopted also by different communities and civil society and the technical communities. And so I'd just like to very much push
12:01
for this definition also in my work, because I think it's very political, and it always depends on the framing that you use. And we need to redefine this in a more positive, upright way. How are you all doing? Good? All right.
12:21
So I'm Nathaniel Raymond. I direct the signal program at the Harvard Humanitarian Initiative at the Harvard School of Public Health. It's a real pleasure to be here. Thanks for dragging me across the ocean. For me, my journey into cyber, as it were, really began in Biloxi, Mississippi in 2005.
12:44
In the aftermath of Hurricane Katrina, I was deployed with Oxfam America down on the peninsula, which was the hardest hit area on the Mississippi part of the Gulf Coast. And it was about 72 hours out from landfall
13:00
of a Cat 5 Hurricane. Katrina was pretty much as strong as it gets. And a wall of water had gone up over the peninsula like a blanket over a bed and gone over the other side. And at the end of the peninsula is primarily Biloxi's African American population and undocumented immigrant population
13:20
that works in the casinos. And for 72 hours, there was no federal or state agencies on the peninsula. They were all up in the primarily white community. And so this is about 12 years ago. And we were scratching our heads trying to understand,
13:42
is this just racism? Why was this population suddenly invisible? And we began to realize that a whole population had become digitally invisible to responders. That our way of seeing the need in that scenario had caused us to become blind to a certain demographic.
14:03
And now fast forward 12 years, and really for me, you know, Henri Dunant, do you all know who Henri Dunant is? Founder of the International Committee of the Red Cross. He was in a carriage going past the Battle of Solifrino, the aftermath of it. And you saw all the dying soldiers just left there.
14:23
For me, that was my personal Solifrino. It made me realize that we were beginning to cause big data disasters through digital inequity and digital disparities, and that we had to not find out what to do with tech,
14:40
but to figure out how to think about what tech does to people in events. So for me, that was the moment. That was my personal Solifrino. Thank you. We also want to know who is in the room with us. So I have three questions for you and would like you to just let us know by show of hands.
15:02
First of all, in everyday life, you personally, do you say, allow me to use the phrase again, cyber frequently? If so, all the time, okay. I would say that's about a quarter. Second question, thinking personally about your digital activity and perhaps your digital persona,
15:22
how, no, do you feel in control? If so, raise your hand. You're fooling yourself. Interestingly, not the same people who raised their hand earlier. Third question, vice versa, who in this room currently can not sleep at night,
15:45
literally, metaphorically speaking, thinking about all the things that are changing in the digital realm in our world? All right, so that's definitely the majority from all these questions. Nathaniel, at this session at the Republica,
16:02
perhaps some of these people can't sleep well because they've been hearing a lot about hacking democracy, about digital security divides, about the internet having gone terribly wrong. How bad is everything? We don't even have a science of knowing how bad it is.
16:22
So as Katrine said, and this is the critical phrase here, is that we are at a moment, a pivot moment, in modality of attack. Let me translate that into English. If you go back to sort of movies like Hackers
16:40
with Angelina Jolie in the late 90s, they seem amazingly quaint, where the concern was how people got into data and systems to do things with it that were bad, also known as cyber kinetics, right? That's quaint compared to where we are now. Where we are now is we're at the moment
17:00
of the war on trust, where state actors and non-state actors are weaponizing information in the way that information works in human systems and institutions, to engage in Japanese word here, Akido, to use what makes them open and free, against them. So we're not just talking about infiltration,
17:22
we're talking about weaponization, which in many cases depends on it. But what's the big problem here? Big problem here is that we need to upgrade our operating system, which is we don't have clarity on what human rights people have to protection from data, protection from attack, cyber attack,
17:42
and rights to information. We don't know if information is humanitarian assistance. We don't know if information and development is a human right. We haven't agreed that. Now flip it again. Our Geneva Convention is basically, we're running Windows 5, you know?
18:01
We're running the international humanitarian law equivalent of Netscape, in the sense that right now, we don't have a Geneva Convention for cyber warfare. Who is in order to combat? Who is removed from battle? I don't know. And so I'm gonna just say one statement
18:21
and then close here, and I wanna hear from my colleagues because they're much more cogent than I am without jet lag. So someone said a statement two days ago that right now, the weaponization of information represents quote, a threat to the future of liberal Western society.
18:40
Was that an activist? Was that some guy from Harvard? Was it someone on a blog? No, it was the U.S. Deputy Army Chief of Staff in a security notice that went out to the Pentagon. Okay, we're not talking South by Southwest here. The U.S. Army has said that we are at a moment of war
19:04
against how we trust institutions and each other. So sorry to tell you all, but what you guys do about this will define your generation, and no pressure here, the future of human freedom in the 21st century.
19:20
So take care of that and get back to me. All right, so Mona, you do work with young people. You do work with the future generation. And let's bring this conversation of how bad it is, perhaps back to your context, to one of these developing countries that we're speaking of. What's the situation like where you are in terms of threat scenarios and readiness to handle them?
19:44
Well, I think that in my country, threats are at many levels. At the government level, where our data, our big data, is not protected. And when I say not protected,
20:03
I'm saying this at the technical level as well as at the legal level. I mean, we don't, in case of breaches, in case of having to be cautious about protecting the data, corporations
20:21
or even the public administration, don't have this obligation in a text, in a legal text, saying that you have the obligation to protect data. People there are doing protection out of their interest. I will give you an example. I don't know if you have an idea, but in Lebanon,
20:43
the banking sector is the most developed one. We are kind of Switzerland of, the other Switzerland of the world. So, and our economy heavily relies on banking sector. So, you see that the banking sector
21:03
is the one who is working on protecting our data. I mean that you can see the banks have very, very secure systems and they are training their employee.
21:22
We have kind of certs in each bank. And so, while in the other sectors, we don't have this really serious interest or awareness of things. Health, for example, our public health sector
21:46
is not so aware of the importance of the sensitive data it has. And in the election, 2008 or something like this,
22:01
I don't remember the exact date, the data of the people of our personal data was put online by the Ministry of Interior without any measure of security. Whoever in the world could have accessed this data.
22:26
So, that's, yes, yes, yes, it was open. It was there on the net. Whoever wants to go online and see our data, see who are our relatives, our whatever,
22:42
could have seen it. And I think that there are some countries who have already took this data. Also, our educational institution, where there are a lot of data there, are not so ready for or are not protected.
23:04
And we had this problem when we had this special court for Lebanon, the International Court for Lebanon, where they asked the Ministry of Interior for telecommunication data.
23:21
Who called whom and who has which number, which is sensitive information and personal information. And we had this crisis and we sent some committee to France to study if the government has the right
23:42
to give this data to foreign authorities, to this court, for the investigator on this data. So, you see, we are exposed. We are working as NGO, we are working, actually,
24:01
on having a legislation to protect our personal data. Thank you. This is a great key because we do have a few more questions that we want to get to, but you're talking about legislation and Isabel, I have a slide for you because, sorry, that was a slide I could have shown earlier. This slide is from the International Telecommunications Union,
24:20
ITU of the UN from 2014 and it's, if you can read, the cybersecurity commitment levels. Green meaning high, good, if we believe cybersecurity is a good thing. Red meaning low. Backing up on what you've been talking about in terms of legislation missing in certain areas, red pretty much means legislation is missing. Isabel, why might the red parts be a problem?
24:43
Are they? Why might the red parts on this map be problematic? Why is this an issue then? Yeah, okay. So, blue means very high then, right? I'm just looking for Germany in the, I'm just looking how Germany is doing, so. Well, so, I think the first thing
25:03
that we need to understand, and everyone says that, but really understand is that this cyberspace we're talking about, or let's say just the digital realm that we surf in is borderless, right? And so, any threat emanating from anywhere in the world
25:21
that is an online threat can spread anywhere. It can affect anyone, technically. So, in that sense, I think it doesn't really matter where it's read here. I mean, just in terms of the online perspective because in the digital realm, you'll have threats emanating from these places.
25:41
But so, what can you do about that? And I think this is when the map matters because you can then look at, okay, where do we need to improve cybersecurity in terms of the infrastructure, but also in terms of the training, the strategy around that, in terms of the budget that is needed to build sustainable education programs or policy.
26:04
And that is, I think, where we need to do something. And this is where I think a lot of countries that are maybe a bit more blue on the map can help and can also transfer some of their knowledge, some of their information, some of their skills
26:20
to really help out there and build a partnership in this. All right, let's take it that point. Countries can help. So, we're in Germany right now. Germany is blue. You know the German cyber capacity environment fairly well. Can Germany help? Yeah, so that's a difficult question, of course.
26:40
I think that Germany is doing pretty well. We have our second cybersecurity strategy from last year and we've heard that Germany is doing more than 300 digitalization projects abroad within the development context. What is a bit shocking to me here, I have to say, is that there is no security project.
27:01
And, well, it's about time, right? So, I think if we really engage abroad with digitalization, security, as was repeatedly stated, has to be the first thought and it cannot be an afterthought because no technology will be sustainable or work in a sustainable way if it's not secure,
27:20
securely built, but also not securely applied. And this doesn't only mean that we need secure technologies, but this also means that we need to deal with it responsibly and do everything around it that we can to build this. So, I think German cybersecurity is probably compared to other countries pretty well, but, of course, we have a huge human resource problem,
27:43
as everyone knows, I think. The ministry that is now really taking over the cyber domain, let's say, is the Defense Ministry in Germany, as you probably also all know. And so, I think what we have here, though, is a broad societal discussion and I think we just need more actors
28:02
in this discussion, right? And we need also more ministries in this discussion because cybersecurity does not only belong to one part of government, not only to one stakeholder. And so, in that sense, we need to combine also the power of all the stakeholders that we find here. For example, at Republika, we have the Chaos Computer Club.
28:22
We have a lot of resources here. We have crypto party people who can train people also abroad. So, what partnerships can we work with that? And I think we have a lot of potential here. Thank you. Mona, you will know this slide. It's a paper that you wrote. It's a proposition where you're saying that Lebanon needs a new national cybersecurity strategy.
28:43
If I may summarize, Lebanon does not currently have a national cybersecurity strategy. Germany, as we just heard, recently published its second one. And in this paper, you're calling both for a new strategy and for a center for cybersecurity in Lebanon.
29:01
Isabel, I know, has read the paper in detail, so I'm gonna jump ahead to Nathaniel. And do tell us, when countries like Lebanon say they want to develop a security strategy, can countries like Germany, and we are speaking here about Germany's involvement, to some extent, realistically work together on doing something like this collaboratively? Yes. How?
29:22
The way to think about this is when you hear the title of this panel, and you hear development in security, it may sound like we're talking about helping poor people in poor countries, that that's the point. Actually, it's about everybody.
29:40
And so start to think about cybersecurity and the role, the central leadership role that development in humanitarian agencies at both the government and NGO level, not should, must, and will play, as similar to how we think about global public health. If you don't have the capacity, metaphorically,
30:01
to stop Ebola in the field, right? If you don't have capacity building that the type that Mona is talking about, if you don't hit the red spots that Isabel is talking about, then it's gonna go wildfire. And here the point is, it already is. So our, quote, developed world, cybersecurity,
30:25
depends on seeing the interconnectedness of an ecosystem of threats. That means now it is the responsibility of governments and non-governmental actors together to see data as people.
30:42
That data protection is people protection, right? Let's say it again. Data is people. Data is people. I say all the time, if I ever got a tattoo, which I'm never gonna do, but if I did, I would have data as people right here, because that's the true thing. So get out of thinking about ones and zeros.
31:02
If we are going to protect people, we must protect data. And to do that, we must build the capacity. Now, that means that for Germany to say yes, yes, Germany not only has a role to play, it's time for someone to be the lead sled dog here.
31:20
It's time not just for resources, but for a vision. Go do that. All right, if we were to go do that, Mona, having your paper in mind, what is the realm? Where do you see the most, the biggest gaps where support needed? Support is needed at many levels.
31:42
Let's start by the strategy. And then by the legal and organizational framework and capacity building. Because, you know, let me just talk about an idea I had since I've heard about this project to have without any cyber security one.
32:05
When a country help or cooperate with another country on cyber security project, it's not helping actually the other country. It's helping itself. Because when the other are not protected,
32:25
are not secure, doesn't know how to protect themselves, then their weak, this weak link will later on impact, influence the other countries, the country who can or who is supposed to know how to protect itself.
32:44
So for the moment, for example, I can think of capacity building, training, sharing of knowledge, transfer of knowledge.
33:01
And don't forget that Germany is part of the EU. So you have this arsenal of text, of legislation, and of experience of approaching these subjects. Thank you. So one word that we've heard quite a bit is this word cyber security capacity building.
33:21
And now only a quad in the room say the word cyber regularly and this other word or term is quite long. Isabel, what is it? Okay, that's mean. So first let us start with cyber security. Just to get that straight again, I think cyber security has three different dimensions.
33:42
In my mind, it's first technical security of the networks and the devices that you look at. Secondly, it's individual security or user security of those users that use the technologies. And this is very much intertwined, obviously.
34:01
And thirdly, we often also speak about national security, right? We've heard this a lot here on the panel as well. So all of these different dimensions are intertwined but can also, as you know, see so in revelations and so on, can also conflict sometimes. In my opinion, cyber security is an essential part
34:22
of national security, also in the technical security sense because only if we have secure technologies in our countries, in our critical infrastructures and our citizens are secure, are we as a country secure. So that's why I say technical security, individual security is a foundation of national security
34:40
when it comes to cyber security. Now when it comes to capacity building, it means that I think, first of all, it's a neutral term. We do capacity building here in Germany and we really need it. We need to build capacity here. We are seeing this right now when we talk about how to implement all these policies, you know,
35:03
I don't know, federal office for information security that you might know, which is responsible for information assurance, has to do capacity building, has to train people, the Ministry of Defense has to do a lot of capacity building. So we need to build up our competences to use technologies
35:22
but also the technologies themselves that we use. And I think now in the international space, we need to partner up to build capacity together, the capacity to use technology responsibly and securely to build the foundation for a sustainable
35:41
and really responsible digitalization that will last. So that's what I would define it like but there might be other definitions around. Thank you. A responsible and sustainable digitalization that will last. That makes me think of two quotes that I've heard in the course of the day today.
36:00
So one of them was very recently at the previous session where the parliamentary state secretary of this very ministry was speaking and he said, we want to use and shape digitalization for sustainable development worldwide. Now this very morning, there was another talk by Danny O'Brien from the Electronic Frontier Foundation, EFF, and he was talking about the early days
36:22
of the internet and what it was like to build the internet and he said, in short, it was going to be great and then the bad thing happened. So Nathaniel, is this bad thing gonna happen in our case as well?
36:40
We have two big bad things. The first big bad thing, and I'm gonna say some words that you're gonna be like, what is he talking about? And then I'm gonna translate it. Our ethics and our human rights and legal theory as it relates to these issues is entirely
37:01
about what's called PII. Does anyone know what PII is? Personally Identifiable Information. So your, in the United States, we'd say social security number, right? Your driver's license number, your blood type. While we live in the theory that I've laid out
37:21
in a recent book chapter is we live in a DII world and DII means Demographically Identifiable Information. These digital systems and digital data and algorithms and machine learning are making it very easy for us to identify the behavior patterns of groups of people
37:42
who may not even know they're part of the same demographic, right? And the type of legal and ethical issues that come now from what is truly, mostly non-consensual experimentation, often on some of the most vulnerable people
38:00
in the world's data, with this type of information, DII, that we can kill people with it, not even though we did, and not be technically unethical because our ethics are about PII, right? So the first big bad thing is already happening.
38:21
It's like, we're trying to take a bicycle on the Autobahn, okay? It's not going so hot. We're using PII ethics about individual data for what's fundamentally DII problems. Let me give you an example from the European context. A LGBT, lesbian, gay, bisexual, transgender organization
38:43
in a unnamed European city for security reasons, were dealing with an attack by skinheads against the LGBT population in the city. So they created a map, and they put the map out as an advocacy tool to say,
39:03
here's where the attacks are happening. Within 48, 72 hours of the map, the attacks went through the roof. More people were in the hospital. What did it do? That organization created a DII clearinghouse for the skinheads where it gave them situational awareness
39:22
that was better than what they had. It showed them where all the gay bars were, okay? And so we come into this work thinking that our assumptions and aspirations are gonna make people safer, make them wealthier, right? We assume these things of technology,
39:41
but what we're not doing is saying, what is our right and responsibility obligations for a type of data that we haven't even defined? So the big nasty here is DII. And the last point, and I promise I'll shut up, two words to leave you with.
40:01
Write them down. Get out the pens. Unicity and eccentricity. Very quick story. A colleague from MIT, Eve DeMonchoi, had a theory that he could track the Kardashian sisters. You know, keeping up with the Kardashians. That he could take a random episode of the Kardashians
40:22
and he could find the credit card data. And he did. It was an episode where Khloe and Kim were feeling down and they were taken by their sister, I believe, Portney, to a strip club in New York. And Eve tracked that data. He then turned it into an algorithm. And thus the theory of unicity
40:41
was born out of this experiment. The flip is eccentricity. Unicity is how you find an individual in large data sets. Eccentricity is how you take individual data and then locate them in large data sets. It means privacy is dying because we can weaponize PII to DII and back.
41:02
Now if you're committing a genocide, if you're Assad, that's the ticket. So go fix that. Go fix that or come to us with your questions. I do want to take some time to have a bit more of a conversation.
41:22
So yes, please, if you do have a question, if you would stand up and we'll receive a microphone. He promised to shut up, so we'll take in his microphone. Please perhaps quickly tell us, yes. Yeah, hi. I'm a human rights person, so I'm asking human rights questions.
41:42
I was hoping to learn a little bit more about the current initiatives or debates within BMZ. I know there's a human rights strategy for development cooperation and just from that, of course there are a lot of questions that arise that actually link up very nicely with the last statement.
42:03
For example, I'd be interested in questions like what happens or what is the current debate surrounding the export of surveillance technology from Germany and Europe. I'd be interested to learn how, in implementing the human rights policy,
42:21
protecting human rights defenders in developing countries where you operate, how do you support human rights defenders to access secure channels of information or communication. Or I'd also be interested, like in India, you're implementing a social security scheme that is working with a lot of digital data
42:43
and the impression I got so far is that everyone is happy that finally you got access to the social security system and you don't care so much or the people don't care so much about what happens to their data. How do you deal with that? What is the discussion? That's just three examples where I would like to get some more flash on the current debate.
43:02
Thank you. Thank you. I'm gonna take that question back to the panel actually and ask you, what are the options from your opinion? Technically or regulatingly and so forth?
43:21
I don't mind. If I understood your question, you are asking about how to protect human rights. Sorry, I'm asking about the current policy and implementation in the Ministry for Development and Cooperation. Okay, so I can't speak for the ministry at all.
43:43
I'm just a researcher on cyber security. But yeah, what would be possible then? And as we heard, I think out of these 300 digitalization initiatives, as far as I understood, there's no initiative yet really about security or privacy protection.
44:03
Is that right? No? Okay. Yeah. Thank you. Okay, well we do have those 300 projects and of course we also deal with data security and when you look at our newly launched agenda,
44:23
there is a big chapter in it when we look at human rights in the cyber sphere. So this is actually where we stand today. Of course the colleagues from the Human Rights Department, which is not mine, mine is the ICT Education Department, they also work on the strategy.
44:41
So I think this is something that we can maybe talk about later because this is something that the colleagues are more familiar with, with the human rights strategy in itself. And well this is the first thing. Then you were asking about export surveillance. I think this is really a very important issue.
45:03
Still it is the export of German goods is of course not the mandate of our ministry. This is a different ministry, right? We don't export things. My ministry you mean? Yeah, but I think this still is like the mandate
45:22
of that is still the Ministry for Economic Affairs. So this is something also what these colleagues are tackling. Then the secure channels of communication, just to be really quick. We are also doing projects here, mainly if I'm not mistaken but correct me if I'm wrong,
45:42
with the Deutsche Welle together. So there we have like crypto projects also to save and secure the opposition in, well I think it was one particular one in Egypt. And then you were raising the question for the project in India,
46:01
the Public Health Data Security Project, well I'm sorry, the Public Health Project. And this is really a point where it's a weak point. I'm not sure how exactly we do secure this data. And I really think that this is something that we have to look on particularly and more closely.
46:24
So thank you very much again for raising the awareness here. And yeah, well. Yeah, and I'd just like to jump in in terms of what we can do. So I think, you know, just look around for example here in Berlin or in maybe whatever city you come from.
46:43
I think there are many small initiatives like now I can think of the crypto party, which you might know. You know, people who teach you how to encrypt information. People, organizations like tactical tech who teach journalists, human rights defenders how to use technology securely.
47:01
And I think we do have a lot of people here for example in Germany that know how to improve digital security for, you know, protecting people's human rights. And I think that it would be very good if
47:22
since the Ministry of Development for example has forces on the ground, right? They have people in these countries abroad and maybe also the foreign office, but that's the two ministries. And I think my suggestion would be, you know, pair up, go there and do workshops with people,
47:43
you know, teach them how to improve security and probably not only in the big cities, but also go out. And I think this has to be a very local endeavor as well. Then another thing would be to do this maybe via online platforms. And I think in many projects you're already using online platforms for education for example,
48:01
I think these initiatives are important. And then obviously we also have legal frameworks here in Europe and in Germany that could serve as a basis for other countries to adopt. And so German policy makers could, you know,
48:21
explain the policies, the advantages, disadvantages and also kind of export this policy model. And this is already happening, for example, if you look at the European data protection laws, they have been adopted throughout the world in many countries already. And I think we should maybe invest a bit more, you know, force into this.
48:44
Just very briefly. Just two words, yeah. I think also what can be done is you have to step up and work for it because there is no policy or strategy that can do the work for you.
49:01
You understand what I mean? I mean you have to work for your, no, no. I mean even if it weren't in the policy, it's your duty to be active and to protect yourself and say what you need and do what you want.
49:23
And later on, policy or legislation or whoever is in the power will be obliged to cope or to do what you want. Okay, let's take more questions and we don't have too much time left
49:41
so we'll take three questions at a time if there are three and then we'll hand it to the panel. Hi, this is a question for Nathaniel. When you're talking to policy makers and you're trying to convince people to see this as a real important issue, do you actually use the term cybersecurity? Isn't this an easy way for you to fall into a trap
50:02
of other states who are trying to argue that this is something new? Even though there are existing laws that just need to be transferred and translated into this new realm but overall it isn't really that different? Yeah, thanks. I almost never say cybersecurity.
50:20
And we have, in Europe when you say data protection and when we say data protection in the United States means different things. When we say privacy sometimes it means different things. In terms of advisory roles my colleagues and I have played with the United Nations specifically on these issues,
50:43
what is very clear is we mostly are not talking about viruses and we're not talking about servers. So that's part of it. What we're really talking about is more than anything, we've got the mood lighting on now,
51:02
more than anything what we're really talking about is human security theory around how vulnerability, the vulnerability matrix is changed. And I loved your term, Mona, when you said we're engaged in a movement from one state to another.
51:24
And we are at this moment of we migrated with this industrial revolution based on what the tech could do. And we made no investments, no investments in everything that human beings need which is laws, evidence, social compact.
51:46
So what we're having to do now is to retrofit the social compact onto the back end. We issued something in January called the Signal Code. It's at signalcode.org. We have read all available international humanitarian
52:01
and human rights law. And I asked my team, okay, this is a funny moment, I went to my team and I have some very technical people. We do a lot of things with remote sensing. I said for the next six months I don't want you to innovate anything. If I catch you innovating, you're fired, okay? Please, for the love of God, do not have a good idea.
52:24
And do not talk to me about adoption or scaling. I will throw something. I said for six months we will do nothing but read all law everywhere related to humanitarian law, related to laws of warfare.
52:42
And we're gonna identify what rights related to information in cyber, what we are calling cyber security, but data protection and people protection exist. And we found five. One, people have a right to information during disasters equal to food, water, shelter, medicine,
53:01
other forms of humanitarian aid. Two, people have a right to be protected in how information and data is deployed. Three, people have a right back to emerging norm from European privacy law. Thank you Europeans. Have a right to data privacy and security. Four, this is critical, people have a right to data agency
53:24
to know what is being done with their data, to be involved in it, and to not be a subject of experimentation without consent. And five, people have a right to redress and rectification. So really, mostly what we talk about is how we take that from some white guy sitting up here
53:40
telling you stuff, into a set of workflows and operational policies. That's mostly what I do, and cyber security is sometimes the last thing we say. All right, we are running out of time, so we will take two quick questions, and be fast, yes please. Thank you, you said data is people, data can also be organizations or companies.
54:02
I'm on the board of an NGO that recently had a cyber attack, and all of the data for the whole NGO in all the countries we operated was held for ransom. It was a very difficult thing to get out of. The economic impact of warfare on the country is pretty serious. The potential economic impact of cyber warfare, whether that is stealing IP from one country
54:24
for things to be made in another place could have a detriment, particularly to inventors, entrepreneurs, small, medium businesses that are trying to make things from the start up. Do we have much of a sense of what the risk is to economic development of countries from cyber security?
54:43
And before answering, let's hear the second question. Hi, my question, I guess it's for you, Nathaniel. When it comes to the right to redress and rectification, in particular, I wanted to ask about in areas of war,
55:01
in particular, say the Biafran War in Nigeria, where it happened, say, 50 years ago, I think, and that was caught up from the curriculum, where the government thought they were doing a good thing and expunging history from the curriculum, and so there's a dirt of information, right?
55:22
And because of that, we're having new groups of agitators wanting to succeed, because now all that information is all, it's from everywhere. So is there a way for countries like, say, Nigeria, Rwanda, like countries that have been torn apart by war, genocide,
55:42
where the right to information, like factual information from organizations like, say, the Red Cross and Doctors Without Borders, is distilled in a way that people can access it. It's accessible and it's not prone to misinterpretation,
56:00
and we're having to deal with a new wave of wars and genocides all over again. All right, from war, let's go back first to the economic impact question. Mona, I believe you, where you get to respond to the economic impact of warfare. The economic impact is so clear, because if we go back to the WSIS,
56:22
you will see that to benefit from the potential of ICT, you have to build trust, and when you talk about building trust, you are with cyber security. There is no digital economy without cyber security, and cyber security itself is becoming a part
56:42
of the managing risk at corporation, and it is already a market, so it is economy. There is no, the future economy cannot go without the cyber security. And if you allow me, I can give a short answer for,
57:02
I'm afraid that the question you are asking does not have to be under the cyber security, because it is the responsibility of those who are posting this information. I mean, this is a responsibility of the media,
57:22
and it touches this credibility of news going online, and it's the responsibility of those who do care for their history to put this information online. This is my opinion, yeah? They might think other. Yeah, I'd just like to add something to your reply
57:42
about the economic aspect. I'm not really aware of any data or statistics that I would say are very reliable about the risks for businesses. There are statistics about the cost of cyber crime, that more than 500 billion per year, and so on.
58:02
You might be familiar with that, but in the end, I think it's very hard to estimate that, because how, you know, which factors do you count? Do you only count monetary factors, or what about reputational factors, for example? And for a small business, this can be kind of death, right?
58:22
If your business doesn't have a reputation anymore, if the trust is gone, that's hard. And so I think that it's very hard to measure trust in that way. So maybe we should work on that, right? How do we measure this trust? How can we keep it up? And that links maybe also to Nathaniel's point earlier. So I sit on the World Economic Forum's
58:42
Artificial Intelligence and IoT Future of Trust Ethics Network, basically. We're trying, to your point, Andrew, we're trying to figure out how we figure out a quantification answer, okay, on this. And so, and I wanna introduce a term here.
59:03
There are multiple types of exploitation of data going on with typologies, so types of exploitation, that are different in the developing world. I call this, in many cases, data colonialism. We are at a moment where there is extraction
59:22
and commodification in lower regulated environments that would not be possible in the United States. The joke I make all the time, when I talk to humanitarians and development people who use data, I said, you do stuff in Africa you might win the Nobel Prize for that you get arrested for in Kentucky.
59:42
And so, what we, we don't know how to measure it yet, but we're measuring it in a disparate way. And we are primarily, six companies control most artificial intelligence algorithms, six. We are getting very good at measuring the economic cost of them.
01:00:00
because that's where the economic interest is. In terms of hacks of remittance data flowing from lesser developed countries or back and forth, we actually don't yet know how to measure the totality of the remittance environment because in many ways gender plays a really important role in culture.
01:00:23
We don't have basically what we call teledemography, a theory of teledemographic assessment, to be able to measure the scope of where does the economic effect live, and we're primarily doing it for rich people. Alright. Let's say we can keep talking about this last question after the session.
01:00:47
We have reached the end of it, and before I would like to invite Katrin back to this before for a closing remark. In one sentence, the one most urgent thing in this complicated and complex domain that we've heard about,
01:01:03
what's one thing that we, maybe all of us in this room, maybe the world needs? What's your recommendation? With a microphone please, if I may. Mine is cooperation. There is no security or cyber security without cooperation. Even the traditional one doesn't go without.
01:01:22
My last sentence is that security is not a zero-sum game. It's always a win-win, no matter what we might hear again from intelligence agencies, and that's the basis for cooperation then again. As American educational theorist Jonathan Kozol said, charity is no substitute for justice,
01:01:45
and I say innovation is no substitute for rights. And I wonder, to pick up on one thing that we've heard on this panel, if back to our original title, yes I said cyber, we were already speaking of course earlier. Maybe we need to start saying yes, I said data is people.
01:02:04
With that, Katrin, it would be a pleasure if you could join us again quickly. We have a microphone for you. Let me just briefly thank everybody, and also for the comments in the audience. What I learned is trust is a key word within this particular discourse.
01:02:25
I learned that for financial transaction and also for all future digital economy, cyber security is the basis. Thank you very much also for raising this issue. I think this is something also very important.
01:02:42
I learned that actually people are weaponizing information, that there is a war on trust. I learned that we have the obligation to protect the data. I also learned that, and I thank you very much Isabelle for really emphasizing this,
01:03:02
that we can't just leave the whole issue of data protection or let's say cyber security to defense and military, but that we as development cooperation do really have a responsibility here, and that this is a sector where we need to get active.
01:03:21
And I also will take home that there is actually homework that we have to do. And I heard you very clearly, we have to get active. I also heard Nathaniel saying like listen, this is something where also Germany, within the whole development cooperation discourse could take a leading role.
01:03:41
And I have three to-dos on my to-do list. First, get a tattoo, data is people. Second, watch the Kardashians. And the third one is to finally design a good, stable cyber security project.
01:04:02
Thank you very much.