domingo, 12 de noviembre de 2017

Six months after #Wannacry

Six months ago, on May 12th, the world was shaken by Wannacry. It was not the first global cybersecurity incident but it was probably the one with the quickest contagion so far. There is a feeling that the crisis could be avoided with stricter updating procedures of the basic software. Certainly, there existed in some cases a problem with basic IT security as have been proved, but not all the causes for the crisis could be reduced to the lack of update of IT systems.

Or it could be better said that the lack of basic IT security measures were only the tip of the iceberg of bigger problems. Organisations have still to learn three basic lessons to protect themselves. Firstly, cybersecurity depends on technological mesaures as much as on organisational and behavioral change that promote prevention mesaures. Secondly, there is a lack of human resources within organisations with the needed cybersecurity knowledge. Last but not least, the legal framework neither oblige enough the companies to deploy protection measures nor deter the attackers.

In the EU we are beginning to see steps in that direction. There is the feeling that a ransomware case on a big scale could happen again, so the advices about how to react to those cases are frequent. However, structural measures are also promoted by European organizations, as the development by ETSI of standard procedures to implement the not so recently approved NIS Directive. Also in the political level the awareness is on the rise, and there is the intention to establish new alliances for mutual defense and funds to help on case of cybersecurity disaster.

Automatisation is key for the economic development and social well being. calls to embrace AI are given by cyber security specialist. With certain caution perhaps it is is time to believe that the mesaures are begining to be taken, the question is if we are acting quickly enough.

miércoles, 8 de noviembre de 2017

"Recordarán tu nombre" - Lorenzo Silva

Recordarán tu nombreRecordarán tu nombre by Lorenzo Silva
My rating: 4 of 5 stars

Alguna vez, tomamos decisiones que cambian nuestras vidas, como casarnos, tener hijos, comprar una casa o cambiar de trabajo. Son bastantes más de los que creemos. Suelen ser resultado de una evolución, de un caminar que hemos realizado voluntariamente. Son decisiones buscadas, de las que siempre hemos tenido una vía de escape previa, pero en las que hemos evitado extraviarnos de un destino falsamente inesperado.

Son menos, a veces ninguno, los momentos de la verdad en nuestras vidas. Esos instantes que no buscamos ni esperamos ni podemos esquivar, que ni tan si quiera imaginábamos que aparecerían en nuestras vidas. Disyuntivas vitales de las que no podemos escapar y en las que entran en conflicto nuestros más altos principios. Por ejemplo, cuando chocan nuestras creencias y nuestro deber. Algunas ocasiones, cuando de la decisión pende el destino de otros, quienes se enfrentan a esos momentos pasan a la historia como heroes; en otras oportunidades, se les recuerda como traidores; muchas veces, simplemente se les olvida.

Lorenzo Silva recupera en su libro, una biografía novelada, la figura de un hombre que se enfrento dos veces en su vida a momentos de la verdad, y que sin embargo fue olvidado. Aunque más bien, deberíamos decir que fue borrado, se trata del General Aranguren. El militar fue un hombre profundamente religioso, probablemente cercano a la derecha política. Sin embargo, el puesto que ocupaba y sus principios le empujaron a ser clave en el advenimiento de la II República española y en la resistencia de la misma al golpe de estado de julio de 1936. Como escribe el autor, un hombre Aranguren fue un hombre que es ejemplo que "si bien a veces no pueden evitarse justicia ni crueldad, siempre se tiene ocasión de no suscribirlos".

Vivimos en España momentos de turbulencia. De nuevo, como en 1931 y 1936, hay más de una persona que sin duda se enfrenta a la decisión entre creencias y deber. Es quizás el momento de leer este libro, u otros que relatan la historia de personajes similares que poblaron aquella encrucijada, como el General Escobar. Aunque sea solo para descubrir que no puede existir duda entre creencias y deber. Ser fiel al deber es siempre parte de la creencia de toda persona de bien. Al mismo tiempo, ningún deber puede ir en contra de ninguna creencia central al bien. Lo difícil es saber qué es el bien.

Y por supuesto, el libro excelentemente escrito, como todo lo de Lorenzo Silva

View all my reviews

jueves, 2 de noviembre de 2017

Again, the EU laissez-faire approach about digital platforms

Some weeks ago, the European Commission presented its communication "Tackling illegal content", that was previously announced by the Commission´s President in its letter of intent published jointly with his speech on the State of the Union. The communication was the first step for a proactive prevention, detection and removal of illegal content inciting hatred, violence and terrorism online. All the strategy rest on a call on online platforms to further boost their efforts to prevent the spread of illegal content.

As a critical action for fighting illegal content, the European Commission considers that strengthening the collaboration between platforms and trusted flaggers is a needed complement of the usage of automatic tools. As there are several failures on the side of the usage of automatic tools for tagging content (e.g the case about how Google clasified black people as gorillas), some people began desesperately the meaning on what is a "trusted flagger". The relative unawareness about the term "trusted flagger" is reflected on the story of searches for the term on Google.  Few look-ups about "trusted flaggers" were made previously to May 2017.

Trusted flaggers are defined by the European Commission as "specialised entities with expert knowledge on what constitutes illegal content". The search for the interest on the issue on Google Trends reflects also that the geographic area where users are most concerned of this kind of providers is Indonesia. Without any doubt, this interest could be caused to the high-profile of the programme for the development of trsuted flaggers agreed between Google and the Indonesian government. Few more information of this kind of service providers are on the network, except some echoes of the discomfort with the YouTube´ trusted flagger program in USA and the UK

As the European Commission position on tackling illegal content rests on outsourcing the enforcement to platforms instead of developing a full regulation on the issue, the faith on the work of trusted flaggers looks the introduction of a new delegation of the liability of the fight against illegal content on the internet. The hope that the extension of the chain of liability with a new link will help, looks as an escapism about tackling the problem. The impression is reinforced with the scarce number of success cases of trusted flaggers programs.

The Commission´s approach may end again with a failure of self-regulatory tools, as what have happened previously with the issue of anti-competitiveness practices developed by online platforms, where the European commission has recognised recently the need to develop some regulatory instruments after rejecting this approach for years. It that is the case, some questions about the responsibilities for this laissez-faire approach on digital issues will be raised by several stakeholders.


miércoles, 25 de octubre de 2017

"And the weak suffer what they must?" - Yanis Varoufakis

My rating: 4 of 5 stars

Books on economic issues are usually difficult to read unless you have some previous knowledge on the matter. The merit of Yannis Varaoufakis is having written a book on monetary history in postwar Europe which is readable for all. The story is so readable that sometimes is as gripping as a detective novel where the murdered is democracy, the weapon the ideal of a more united Europe and the killers an elite of non-elected burocrats and academics.

Varoufakis presented us the tragedy of the making-of of European Monetary Union, a succession of crisis where each solution have drive towards a greater probability to suffer a bigger crisis where the strong do what they can and the weak suffer what they must. According with the author, the seeds were planted with the creation of the European Union (then the European Economic Community) as a tool to defend the interest of the Central European industry and French agriculture, without any popular demand in its basis. As a consequence, the managers of this tool has always been more worry of saving the interest of the richer whatever its social consequences for the rest of the society.

Against the opinion of the founding fathers of the Union and many of its successors in ruling Member States or the European institutions, Varoufakis defends that a closer economic union is not bringing us to a closer union. Futhermore, the absence of a real political debate in the European institutions on taxation and spending at the European level makes impossible even a real economic union. To sum up, there is not real sovereign control on the decissions of the burcrats in charge of the economic policies (the European Commission), which take advantange of each crisis to capture more power from the Member States without adding any (or few) popular control on the machinery. The outstanding example for the author is the Eurogroup, the institution where the main economic decissions are taken that even is not described in the Treaties as an institution.

The author, as you may expect, is particularly critic with the construction of the monetary union. He tries to show the impossibility of success os a monetary union without a solidarity on the debts and based only on free trade. Varoufakis present the contrast of this reality with how the economic issues are dealt in a real union as the USA as the reason for a European Union doomed to fail.

Perhaps, you will not be agree to all or even any of the arguments that Yanis Varoufakis uses in his book, but the book is also interesting to know the story of the European monetary union. In the book you will discover its origin as a tool to overcome Bretton Woods sinking, its first stages as a mere stabilizer of currencies exchange value, the role of a closer monetary Union in the making-of of Brexit and how the dream of a French control of a German currency failed.

miércoles, 18 de octubre de 2017

Brexit does not mean #Brexit in the digital dimension



After the position paper on the flow of personal data future relationship between UK and EU, UK government has published a paper containing its vision on the UK-EU cooperation on foreign policy, defence and development after Brexit. Coherently with the rising tide of threats for all countries coming from cyberspace, the paper has dedicated some space to the future cybersecurity cooperation.

It looks quite logical that UK and EU maintain a tight relationship on cybersecurity matters. According with the ITU Global Cybersecurity Index 2017, UK scored 4th among European countries and 14th globally in the world rank of countries commited towards cybersecurity. Besides beign an important global player in cybersecurity, UK has played the role of  bridge between EU and US in this field. However, in the cybersecurity field as in other areas it looks that UK asks for a Brexit without Brexit. 
The framework for cybersecurity relationships in the European Union is defined in the Network and Information Security Directive (NIS Directive). This Directive defines the existence of two groups for cooperation among Member States, the Cooperation Group (article 11) and the CSIRT Network (article 12). The first group aims to facilitate strategic cooperation, while the second has an operational nature, but, as I said previously, they are groups or Member States only by its legal definition. For the surprise of all, the UK proposes to "collaborating closely through participation in the CSIRT network and Cooperation Group" after Brexit.  

An important part of the European digital community was horrified after Brexit, and I include myself among them. But this position of Brexit without Brexit was beyond our expectations. After the aspiration to continue its membership of EU privacy cooperation groups, now UK has uncovered the same intention towards cybersecurity cooperation groups. Perhaps, they need to review those old Sesame Street chapters describing what means in and what means out.


miércoles, 11 de octubre de 2017

The case for a world summit on the future of work

There is a certain panic along the world with the unstoppable raising of the usage of robots and Artificial Intelligence (AI). People so far from being a luddite as Elon Musk or Bill Gates have make calls to be cautious in their development and even the AI industrial leaders are advocates of a certain limitation on their usages. The identification of AI as the basis for new world empires by some kind of politicians do not contribute to dilute the apprehension.

But beyond the apocalyptic visions of Terminator-like robots exterminating the human race, what worries the man and woman of main street is the risk of losing their job. Trade Unions in different countries are drawing the attention on the challenge of boosting productivity but not a the cost of employees. Different proposals are begining to be debate aiming to sooth the population on these fears about a jobless future (and therefore, without a wage for living). The idea of taxing the usage of robots in the centre of this ideas, but it is facing the difficult task of defining what is a robot.

However, not everybody is equally worried about having robots as working mates and rivals for obtaining a job. Those who are going to be the main actors of the future look robots as a complement for their activities and an opportunity to avoid doing the harder tasks in working environments.On the other hand, the governments of aging and advanced societies like Germany are welcoming robots as the remedy for the shortage of workers.

As on the field of the AI and robot usages for wars, the role of robots on the future of work deserve an international UN summit. The alternative will be masses of unemployed and continuous global unrest. But if the summit is called, beware that this time everybody pays their fair share of the organisational fees.

miércoles, 4 de octubre de 2017

Personal Data in the future relationship EU-UK

Brexit negotiations are on march since some months ago. Strictly guided by the text of article 50 of the treaty, the conversations between the two parts has started talking only about the issues related with the UK´s exit from the EU. There are few if any digital issues to be tackled on this stage of the negotiations.

The British team is eeager to start the second stage of the negotiations on the future relationship, although for its dismay the efforts are despised by the EU. Not even the flood of papers on the future relationship published by the UK in August in order to prove its readiness to start the second phase has obtained any oficial reaction from the EU. Among the most ignored was the paper on personal data flows, "The exchange and protection of personal data - a future partnership paper".

The General Data Protection Regulation (GDPR) will be one of the last EU regulations that are going to be applied in the UK. Although its applicability would end the Brexit day, there is a commitment with the continuity of its application on british soil. To be concrete, the new Brtish Data Protection Bill will bring the complete GDPR into British legal framework and the UK firms are taking seriously its fulfilment hiring people to meet with its obligations.

According with this privileged situation, the UK´s proposal for the future relationship on the field of data is continuity as if nothing has happened. Certainly, there is a sound rationale for the almost automatic publication of adequacy decission by the European Commission on Brexit day that would enable the continuity of data flows by UK and the EU. Furthermore, another option will be harmful for both parts.

Nevertheless, besides this logic proposal the paper also shows some clues that the UK has not grasp the dimension of Brexit. As an alternative for building up a regulatory cooperation in this area is to continue the involvement of the ICO (UK Data Protection Authority) in the EU Data protection Authorities network, but we the disclaimer that the UK government will be the unique responsible of the data protection in UK.

So it´s not a good start for the negotiations of the digital Brexit. As it was expected, digital economy looks as one cherry of UK´s cherrypicking strategy. That could mean on the end a tougher position from the EU on this field, and therefore more uncertainty about the final result. Another block on the middle of Europe´s digital policies.
palyginti kainas