Research and Publications

ECCRI Cybersecurity Fellows attended IGF 2023 in Kyoto

Three ECCRI Cybersecurity 2023-2024 Fellows – Cat Easdon, Aideen Fay, and Nils Brinker – presented their research at the 18th annual meeting of the Internet Governance Forum (IGF) that was hosted by the Government of Japan in Kyoto from 8 to 12 October 2023. The trip was made possible with the help of an additional grant from the Government of Malta, which supports the ECCRI Fellowship Program.

Dr. Ryan Payne, Nils Brinker, and Cat Easdon

Cat Easdon and Dr. Ryan Payne (Queensland University of Technology) gave a presentation which discussed how privacy is an enabling right for other fundamental rights and freedoms. They introduced the concept of “Rights by Design” and provided examples of how rights protections can be designed into both the technology products we build and into tech policy.

Key takeaways:

  • Conducting a human rights impact assessment is crucial when developing a new product, feature, or tech policy, and there are frameworks to help support this, such as the Microsoft Harms Modeling Framework and PLOT4AI.
  • Organizations involved in technology development or policy making should introduce ethics and threat modeling training into their organizations to facilitate these human rights impact assessments.

Aideen Fay focused on Co-operative AI and its Governance Implications. The goal of the talk was to provide policy makers with a framework for thinking about multi-agent AI systems and a better understanding of how these systems fail. “In turn, I hope this helps policymakers adapt and develop effective policy in the face of the rapid progress in AI that is set to continue and accelerate,” notes Fay.

Nils Brinker’s talk “The new European toolbox for cybersecurity regulation” provided an overview of the current regulatory efforts of the European Union to foster IT security within the European market. It elaborated mainly on the NIS 2 directive, the Proposal for a Cyberresillience Act, and the Proposal for an AI Act. It elaborated on the difficulties of actually promoting IT-Security with regulatory means.

Key takeaways:

  • It was argued that risk management is generally an effective way of implementing better security measures. However, it is still a method prone to subjectivity. Therefore, selecting addresses for such obligations has to be carefully considered. Also, there have to be ways to make the conductor of the risk management aware of risks for third parties.
  • The complex landscape of actors, stakeholders, and regulations is something that must be considered. This complex landscape might result in the danger of promoting compliance over operational security by regulation.

Nils also reflects on the general experience at the IGF, “As a multistakeholder conference, the IGF was an excellent place to gain insights into opinions and experiences outside my own “bubble.” Especially when working on European regulation, there is always the danger of thinking a bit too “Eurocentric” about specific issues.”

“After my talk, there was plenty of engagement, giving feedback on interfering domains that might interact with the European security regulation, such as trade law, that are usually not considered within my own “bubble.” Therefore, the IGF was a good place to gain a broader view,” he notes.

Supporting the fellows in their professional journey, including through presenting their research and initiating necessary and relevant discussions in their field is one of the key objectives of the ECCRI Fellowship Program. The 2023-2024 European Cybersecurity Fellowship is made possible through a partnership with the Government of Malta, William & Flora Hewlett Foundation, Mandiant, now part of Google Cloud, and Microsoft. For more information on the Fellowship Program, see here.