Transatlantische Konferenz: Building Common Approaches for Cybersecurity and Privacy in a Globalized World
Das Alexander von Humboldt Institut für Internet und Gesellschaft (HIIG) organisiert – in Zusammenarbeit mit der New York University (NYU) – von 1. bis 3. Oktober 2018 die zweite von zwei Konferenzen zum Thema „Building Common Approaches for Cybersecurity and Privacy in a Globalized World“.
Transatlantic Conference:
Building Common Approaches for Cybersecurity and Privacy in a Globalized World
1–3 October 2018 | New York University School of Law
Lester Pollack Colloquium Room | 245 Sullivan Street, 9th Floor
Die Konferenzen adressieren eine zentrale und zugleich hochgradig aktuelle Herausforderung in den transatlantischen Beziehungen: das Spannungsverhältnis zwischen Cybersicherheit und Datenschutz. Wir bringen Expertinnen und Experten zu Cybersicherheit, Datenschutz und Governance, Juristinnen und Juristen sowie Vertreterinnen und Vertreter von Sicherheitsbehörden, Wirtschaft und Politik an einen Tisch, um die Probleme in diesem Feld zu analysieren, das Verständnis für unterschiedliche Konzepte zu vertiefen sowie Lösungsansätze und -strategien zu entwickeln, und dabei zugleich eine produktivere Einbindung der jeweils relativ eigenständigen Diskurse in den USA und in Europa zu diesem Themenbereich sicherzustellen.
| Weitere Informationen im Sammelband zur Konferenz (pdf)
Please note that this is an invitation-only event.
Agenda
Monday, 1 October 2018
| 06:00 p.m. | Welcoming Remarks Randy Milch (NYU Center for Cybersecurity; NYU Law School) Ingolf Pernice (Humboldt University Berlin; HIIG) |
Tuesday, 2 October 2018
Session 1: International Incentives toward Good Behavior?
| 09:30 a.m. | The Value of Data. Data has value to holders and processors, yet compensating data subjects after data is lost has proven is a scattershot exercise. Are there ways of attributing value to data as it sits with holders and processors such that both data subjects and those profiting from data would be on notice of the monetary effects of a data breach? Would this positively incent behaviors to lower cyber risk? Sasha Romanosky (RAND Corporation) |
| 11:00 a.m. | Coffee Break |
| 11:15 a.m. | A Return to Safe Harbors? Article 83 of the GDPR requires due regard be given to a list of 11 aggravating and mitigating factors when deciding whether to impose an administrative fine and deciding on the amount of such a fine. Among the mitigating factors is whether a data holder or processor adhered “to approved codes of conduct . . . or approved certification mechanisms.” Is ‘due regard’ a sufficient incentive for better cybersecurity and privacy practices? Would an American-style “safe harbor” be more useful? Scott Shackelford (Kelley School of Business; Ostrom Workshop Program on Cybersecurity and Internet Governance) |
| 12:45 p.m. | Lunch |
Session 2: Enabling International Cooperation: Evidence and Equities
| 02:30 p.m. | The CLOUD Act and International Norms? The Microsoft Warrant case effectively ended with the sudden passage of The CLOUD Act, which both affirms the ability of the US Government to obtain US person information held overseas by US service providers and acknowledges international concerns by favoring bi-lateral agreements and requiring in certain circumstances a comity analysis. Will the CLOUD Act work to ease EU concerns? Is this a way toward international norms on trans-border evidence collection? Théodore Christakis (Université Grenoble) |
| 04:00 p.m. | Coffee Break |
| 04:15 p.m. | Vulnerabilities Equities Processes: Comparative Processes and Best Practices: Law enforcement and intelligence services on both sides of the Atlantic face the same problem: publishing security vulnerabilities they know about would enable software manufacturers to provide fixes and thereby enhance the security of sometimes millions of devices and their users, while keeping those vulnerabilities secret would provide the services necessary, and at times the only tools for performing their duties in fighting serious crime and terrorism. Governments have begun to institutionalize decision processes regarding the dealing with the services’ knowledge of security vulnerabilities, by which the benefits and risks, and the competing rights and interests shall be assessed and balanced. What are the main lessons learned from experience so far? What are best practices that should be shared among the institutions responsible for VEP? Michael Daniel (Cyber Threat Alliance) |
Wednesday, 3 October 2018
Session 3: Building Security: Design and Certification
| 09:00 a.m. | Security by Design/Privacy and Data Protection by Design: Article 25 of the GDPR requires data protection measures be implemented in IT systems, while Article 32 of the GDPR analogously mandates the implementation of security measures. Both provisions fail to clarify to which concepts or models of security, privacy and data protection by design they refer. The demand side being not clear, what has Computer Science to offer regarding privacy by design and security engineering approaches? What are best practices to be used for fleshing out the provisions of the GDPR? Kyle Erickson (Palantir Technologies) |
| 10:30 a.m. | Coffee Break |
| 10:45 a.m. | Cyber Security Certification Regimes: Recent legislation in the EU like the NIS Directive and current legislative initiatives, e.g. “EU Cybersecurity Act” as proposed by the European Commission, are establishing certification regimes for cyber security processes and technologies based on EU and international standards. Similar initiatives, e.g. “Internet of Things (IoT) Cybersecurity Improvement Act” proposed in 2017, can be observed in the U.S., though containing quite technologically specific requirements. Are there parallel developments on the global level, e.g. ISO standards, or in the private sector, e.g. Underwriters Laboratories? Is there a perspective of a common approach? Christian Djeffal (HIIG) |
| 12:15 p.m. | Conclusions & Outlook Randy Milch (NYU Center for Cybersecurity; NYU Law School) Ingolf Pernice (Humboldt University Berlin; HIIG) |
DIGITAL SOCIETY VORTRÄGE
Diese exklusive Vorlesungsreihe entwickelt eine europäische Perspektive zu den aktuellen Transformationsprozessen innerhalb unserer Gesellschaft.
DIGITALER SALON
Einmal im Monat laden wir ausgewählte Gäste ein, um gemeinsam mit dem Publikum über die Auswirkungen der Digitalisierung auf die Gesellschaft zu sprechen.
NEWSLETTER
Erfahren Sie als Erstes über neue Events und spannende Forschungsergebnisse.