BEGIN:VCALENDAR VERSION:2.0 PRODID:-//wp-events-plugin.com//7.2.3.1//EN TZID:Europe/Berlin X-WR-TIMEZONE:Europe/Berlin BEGIN:VEVENT UID:619@hiig.de DTSTART;TZID=Europe/Berlin;VALUE=DATE:20181001 DTEND;TZID=Europe/Berlin;VALUE=DATE:20181004 DTSTAMP:20181023T133815Z URL:https://www.hiig.de/en/events/transatlantic-conference-building-common -approaches-for-cybersecurity-and-privacy-in-a-globalized-world/ SUMMARY:Transatlantic Conference: Building Common Approaches for Cybersecur ity and Privacy in a Globalized World DESCRIPTION:The Alexander von Humboldt Institute for Internet and Society ( HIIG) organises – in cooperation with the New York University (NYU) – the second of a series of two conferences on »Building Common Approaches for Cybersecurity and Privacy in a Globalized World« from 1–3 October 2 018 in New York.\n\n \;\nTransatlantic Conference:\nBuilding Common Ap proaches for Cybersecurity and Privacy in a Globalized World\n1–3 Octobe r 2018 | NYU School of Law\nLester Pollack Colloquium Room | 245 Sullivan Street\, 9th Floor\n \;\nRead further: edited volume\n \;\n\n\n\n  \;\n\nThe conferences address a pressing challenge in the transatlant ic relationship: the tension between cyber security and data protection.\n \nWe will bring together cyber security\, data protection and governance e xperts\, lawyers and representatives from security agencies\, businesses a nd politics in order to analyse the problems in this field\, to deepen the understanding of different concepts\, to develop approaches and strategie s for solutions\, while ensuring a more productive integration of the rela tively independent discourses in the USA and Europe on this issue.\n\n| Ha ve a look at the conference's edited volume (pdf)\nPlease note that this i s an invitation-only event.\n\nAgenda\nMonday\, 1 October 2018\n\n\n\n06:0 0 p.m.\nWelcoming Remarks\nRandy Milch (NYU Center for Cybersecurity\; NY U Law School)\nIngolf Pernice (Humboldt University Berlin\; HIIG)\n\n\n\n& nbsp\;\n\nTuesday\, 2 October 2018\n\nSession 1: International Incentives toward Good Behavior?\n\n\n\n09:30 a.m.\nThe Value of Data. ​Data has va lue to holders and processors\, yet compensating data subjects after data is lost has proven is a scattershot exercise. Are there ways of attributin g value to data as it sits with holders and processors such that both data subjects and those profiting from data would be on notice of the monetary effects of a data breach? Would this positively incent behaviors to lower cyber risk?\n\nSasha Romanosky​  (RAND Corporation)\nKai von Lewinski ​ (University of Passau)\nTerrell McSweeny​ (Federal Trade Commission) \n\n\n11:00 a.m.\nCoffee Break\n\n\n11:15 a.m.\nA Return to Safe Harbors? ​Article 83 of the GDPR requires due regard be given to a list of 11 agg ravating and mitigating factors when deciding whether to impose an adminis trative fine and deciding on the amount of such a fine. Among the mitigati ng factors is whether a data holder or processor adhered “to approved co des of conduct . . . or approved certification mechanisms.” Is ‘due re gard’ a sufficient incentive for better cybersecurity and privacy practi ces? Would an American-style “safe harbor” be more useful?\n\nScott Sh ackelford​ (Kelley School of Business\; Ostrom Workshop Program on Cybe rsecurity and Internet Governance)\nPaul Rosenzweig​ (Senior Advisor to The Chertoff Group)\nGail Kent​ (Facebook)\nReinhard Priebe​ (European Commission)\n\n\n12:45 p.m.\nLunch\n\n\n\n \;\n\nSession 2: Enabling International Cooperation: Evidence and Equities\n\n \;\n\n\n\n02:30 p .m.\nThe CLOUD Act and International Norms? ​The Microsoft Warrant case effectively ended with the sudden passage of The CLOUD Act\, which both af firms the ability of the US Government to obtain US person information hel d overseas by US service providers and acknowledges international concerns by favoring bi-lateral agreements and requiring in certain circumstances a comity analysis. Will the CLOUD Act work to ease EU concerns? Is this a way toward international norms on trans-border evidence collection?\n\nTh éodore Christakis​ (Université Grenoble)\nSerrin Turner​ (Latham &am p\; Watkins)\nTodd Schulman​ (Verizon Communications Inc.)\n\n\n04:00 p. m.\nCoffee Break\n\n\n04:15 p.m.\nVulnerabilities Equities Processes: Comp arative Processes and Best Practices​: Law enforcement and intelligence services on both sides of the Atlantic face the same problem: publishing s ecurity vulnerabilities they know about would enable software manufacturer s to provide fixes and thereby enhance the security of sometimes millions of devices and their users\, while keeping those vulnerabilities secret wo uld provide the services necessary\, and at times the only tools for perfo rming their duties in fighting serious crime and terrorism. Governments ha ve begun to institutionalize decision processes regarding the dealing with the services’ knowledge of security vulnerabilities\, by which the bene fits and risks\, and the competing rights and interests shall be assessed and balanced. What are the main lessons learned from experience so far? Wh at are best practices that should be shared among the institutions respons ible for VEP?\n\nMichael Daniel​ (Cyber Threat Alliance)\nJason Healey ​ (Columbia University’s School for International and Public Affairs)\ nSven Herpig​ (stiftung neue verantwortung)\n\n\n\n \;\n\nWednesday\ , 3 October 2018\n\nSession 3: Building Security: Design and Certification \n\n\n\n09:00 a.m.\nSecurity by Design/Privacy and Data Protection by Desi gn​: Article 25 of the GDPR requires data protection measures be impleme nted in IT systems\, while Article 32 of the GDPR analogously mandates the implementation of security measures. Both provisions fail to clarify to w hich concepts or models of security\, privacy and data protection by desig n they refer. The demand side being not clear\, what has Computer Science to offer regarding privacy by design and security engineering approaches? What are best practices to be used for fleshing out the provisions of the GDPR?\n\nKyle Erickson​ (Palantir Technologies)\nNathaniel Good​ (Good Research)\nJörg Pohle​ (HIIG)\n\n\n10:30 a.m.\nCoffee Break\n\n\n10:45 a.m.\nCyber Security Certification Regimes​: Recent legislation in the EU like the NIS Directive and current legislative initiatives\, e.g. “EU Cybersecurity Act” as proposed by the European Commission\, are establi shing certification regimes for cyber security processes and technologies based on EU and international standards. Similar initiatives\, e.g. “Int ernet of Things (IoT) Cybersecurity Improvement Act” proposed in 2017\, can be observed in the U.S.\, though containing quite technologically spec ific requirements. Are there parallel developments on the global level\, e .g. ISO standards\, or in the private sector\, e.g. Underwriters Laborator ies? Is there a perspective of a common approach?\n\nChristian Djeffal (HI IG)\nSarah Zatko (Cyber Independent Testing Lab)\nEric Wenger (CISCO)\n\n\ n12:15 p.m.\nConclusions &\; Outlook\nRandy Milch (NYU Center for Cybe rsecurity\; NYU Law School)\nIngolf Pernice (Humboldt University Berlin\; HIIG)\n\n\n\n \; ATTACH;FMTTYPE=image/jpeg:https://www.hiig.de/wp-content/uploads/2017/10/f use-brussels-273780-unsplash.jpg CATEGORIES:Issues in Focus LOCATION:NYU School of Law | Lester Pollack Colloquium Room\, 245 Sullivan Street\, 9th Floor\, New York\, New York\, United States X-APPLE-STRUCTURED-LOCATION;VALUE=URI;X-ADDRESS=245 Sullivan Street\, 9th F loor\, New York\, New York\, United States;X-APPLE-RADIUS=100;X-TITLE=NYU School of Law | Lester Pollack Colloquium Room:geo:0,0 END:VEVENT BEGIN:VTIMEZONE TZID:Europe/Berlin X-LIC-LOCATION:Europe/Berlin BEGIN:DAYLIGHT DTSTART:20180325T030000 TZOFFSETFROM:+0100 TZOFFSETTO:+0200 TZNAME:CEST END:DAYLIGHT END:VTIMEZONE END:VCALENDAR