What we are currently working on: Newsletter November 2021

What we are currently working on

Although there was no one big disinformation campaign during Germany's federal election, politicians and many other internet users were still confronted with false reports and discrimination. The Campaign Watch initiative, in which Julian Jaursch is involved on behalf of SNV, had encouraged the parties to commit themselves to fair digital election campaigns and is now calling for these commitments to be anchored in the coalition agreement: This includes, among other things, a commitment to a strong Digital Services Act with clear rules for platforms, as well as sufficient resources at parties in the future for open political communication, even away from the election campaign.
▬▬▬▬▬
Julia Schuetze and Rebecca Beigel are developing cybersecurity exercises for political work in the field of international cybersecurity policy; in spring they published an overview paper. Since then, they have been testing the exercises in practice together with Sven Herpig and Lina Siebenhaar. So far, they have implemented cybersecurity policy exercises with actors from Rwanda, Jordan, and Kenya. The findings on the practical application of the exercises will be published in a paper next year.
▬▬▬▬▬
How can intelligence services be controlled from within civil society? And what specific challenges are journalists and activists facing? Our team "Digital Rights, Surveillance and Democracy" has conducted a survey on civilian control of intelligence services in England, France and Germany as part of the joint project GUARDINT. In doing so, they are investigating the increasingly important role of civil society actors in the control of intelligence surveillance as a counterweight and complement to the legally anchored oversight by control bodies. To this end, Kilian Vieth, Mouna Smaali, Felix Richter and Thorsten Wetzling, together with a project group at the Berlin Social Science Center, surveyed nearly 80 experts from journalism and civil society organizations on their strategies, working conditions and personal opinions on intelligence services.

The survey is currently being analyzed and the results will be submitted for peer review as a scientific publication. The data collected will also be made available to the public on guardint.org in an interactive Data Explorer.
▬▬▬▬▬
Pegah Maham and Anna Semenova are currently working on a network and topic analysis of actors in the social debate on artificial intelligence (AI) for the AI Observatory of the BMAS. Using Twitter as a data basis, they are both analyzing which actors are relevant and also which trends exist in the German-language discourse. For this purpose, they look how certain keywords developed over several years. 
▬▬▬▬▬
AI is a central technology building block for many information and communication technologies (ICT). To ensure that modern ICT can be developed openly and by different players, technical standards have been agreed on. However, companies that participate in standardization can claim intellectual property rights to certain technologies, even though they are indispensable, i.e. standard essential, for the standard to come into being. The AI Governance team is investigating how to deal with these dependencies in a meaningful way. To do this, they are comparing the current process for AI patents with those for 5G technologies. Can anything be learned from the 5G debate for standard essential patents on AI technologies? Can strategic AI patenting lead to geopolitical tensions by creating technological dependencies? Such questions will be addressed in the paper, which is expected to be published in January.

What we enjoyed reading

Since the current supply bottlenecks, semiconductors and their complex value chain based on the division of labor have moved strongly into the media spotlight. Nevertheless, much of it seems very abstract and opaque. After we recommended a podcast in February on the details of the business models, dependencies and production steps, this article takes readers into the hallowed halls of TSMC, the leading producer of the most advanced chips currently on the market. It offers a deep look into the engine room of the basic technology that makes our modern, digitized lives possible and illustrates even the smallest work processes. The impressions and photos described seem like a journey into the future. Read by Julia Hess.
▬▬▬▬▬
Think tanks play an important role in the political process. Through their expertise in numerous topics and the development policy recommendations, they have significant influence on political decisions. Women, People of Color, or trans and non-binary people remain woefully underrepresented in many think tanks. This paper provides a wealth of information and checklists on how to challenge existing power structures in think tanks and initiate sustainable, structural change. Work in think tanks must include diverse voices and experiences. Only then can it be ensured that their recommendations, the political work that follows them, and laws really benefit all citizens. Read by Andre Weisser.
▬▬▬▬▬
Disinformation and hate speech are amplified by algorithmic dissemination on platforms like Facebook, as whistleblower Frances Haugen's statements have made clear once again. According to Haugen, regulation of platforms should therefore focus not only on individual content, but on algorithmic dissemination. In research and on the part of civil society, the debate about platform regulation is also moving in a similar direction: It is increasingly being advised against focusing on individual content, but rather to focus on the algorithmic amplification of problematic content. But even with this focus, many questions about freedom of expression and the power of platforms remain unanswered, as Daphne Keller points out in an essay. She focuses on the U.S. with the First Amendment as a legal framework, which raises the question of whether in any other legal system with a different understanding of freedom of expression, such as the EU, "amplification" of content could be regulated by law. Read by Julian Jaursch.
▬▬▬▬▬
Faulty screens, inaccessible medical records, handwritten logs - ransomware that hits hospitals puts lives at risk. In Alabama, a hospital has been indicted on charges that a cyber operation caused staff to miss important signals, resulting in the death of a child. If the accusation is confirmed, it would be the first ransomware incident resulting in a death. General statements about whether hospitals should remain operating in such a case cannot be made. This hospital continued operations, did not pay the ransom and fixed the damage itself. The main network was shut down and three weeks were spent working with temporary solutions. The case makes it clear that hospitals, as well as other critical infrastructures, must prepare for such cases. Such incidents are also occurring more frequently in Germany, as the latest situation report from the Federal Office for Security and Information Technology (in German) shows. Read by Julia Schuetze.
▬▬▬▬▬
Machine Learning (ML) is currently the most widely used AI technology in terms of the number of patents applied for, conference papers submitted and publications in scientific journals. Today's neural networks learn with parameters that are part of flexible computer models. ML can therefore be used in a wide variety of areas, from text translation to evaluating medical scans to playing Go. However, training such artificial neural networks is very computationally intensive. This article addresses the rising financial and environmental costs. If the trend continues, the authors say the technology will face bumpy times ahead. Without a change in the learning process, progress will slow down immensly in the future. The authors vividly illustrate the weaknesses of the machine learning approach. However, there is a lack of concrete solution approaches that could lead out of the supposed impasse. Read by Philippe Lorenz.
▬▬▬▬▬
Our team's survey of civilian intelligence control options showed that British respondents were less concerned overall about being monitored. At the same time, the British journalists surveyed had the most positive relationship with intelligence services compared to their French and German colleagues. Our team is still researching the reasons for this. This article by journalist Richard Norton-Taylor, who has many years of experience with defense and security issues in the UK, provided our team with some interesting background information on the modus operandi in British journalism. Among other things, Norton-Taylor describes how British intelligence services make journalists and NGOs "compliant". Read by Felix Richter.

Overview: Current Publications and Upcoming Events

The 720-million-euro fine: France's offensive against big tech (Backgrounder, Nov. 25): France's competition authority (ADLC) conducted proceedings against Google in the summer, and successfully: for the first time, Google accepted the verdict and the associated fines totaling 720 million euros and announced far-reaching changes. Stefan Heumann will talk about the ADLC's action and implications for similar regulatory projects against Big Tech in the EU in an English-language background discussion with Pascale Déchamps on November 25 at 9-10 am. She was instrumental in the ruling against Google from the ADLC side. Please register here.
▬▬▬▬▬
Cybercriminals blackmail Anhalt-Bitterfeld - What can we learn from this? (Background discussion, 03.12.): Cyber criminals paralyzed the systems of the Anhalt-Bitterfeld district administration for weeks in the summer. Until an emergency operation was set up, employees were unable to access data, pay social benefits or register vehicles. Sabine Griebsch, as Chief Digital Officer of the Anhalt-Bitterfeld district, is still working today to restore the municipality's IT systems. Sven Herpig will talk to her about the consequences of the IT security incident and what politics and administration can learn from the case as part of a background discussion on December 03 at 1 - 2 pm. This event will be held in German. Please register here.
▬▬▬▬▬
Understanding the global chip shortages (policy paper): How did the current supply and production bottlenecks in the semiconductor industry come about and what can be done about them? In the paper "Understanding the global chip shortages" Jan-Peter Kleinhans and Julia Hess explain what exactly has pushed the global chip value chain to its limits. Their analysis shows why it is not a single bottleneck, but multiple shortages occurring simultaneously at different stages of the value chain for different reasons. In it, they also argue that long-term strategic decisions are needed to increase the resilience of the semiconductor supply chain.
▬▬▬▬▬
Country-specific cybersecurity policy exercises: In the policy brief "Cybersecurity Exercises for Policy Work" published in April, Rebecca Beigel and Julia Schuetze most recently highlighted the importance and potential of cybersecurity exercises for policy work and their strategic use for strengthening cybersecurity architectures. Building on this, the authors are currently adapting cybersecurity policy exercises and scenario workshops to selected country contexts and also conducting them with participants afterwards. For example, country-specific background material for South Africa and Kenya has been published to date, summarizing information on the countries' existing cybersecurity infrastructures. At the same time, this material also serves as a basis for conducting country-specific cybersecurity exercises. Further exercises are currently planned with actors from Costa Rica, Ghana, Jordan and Mexico, among others.
▬▬▬▬▬
Active Cyber Defense Operations. Assessment and Safeguards (Policy Brief): Active cyber defense on the part of a state is highly controversial because the corresponding measures sometimes weaken IT systems in other countries and can thus give rise to serious technical and political risks. This controversy has gained new momentum in recent weeks in the context of the Cyber Security Strategy 2021 and the planned second European Directive on Network and Information Security. In this paper, Sven Herpig discusses assessments of and safeguards for active cyber defense, which was developed in cooperation with a transatlantic expert working group.
▬▬▬▬▬
Report on the need for a Guidance note on Art 11 of the modernised Convention 108 (Position Statement, English): How security authorities handle data and how misuse can be prevented is hardly regulated at the international level. The Council of Europe's modernized Convention 108 is an important exception, as its requirements under Article 11 also apply to data processing by state authorities in the area of security and defense. However, the numerous exceptions listed in Article 11 undermine the core of the Convention. Therefore, in a report commissioned by the Council of Europe, Dr. Thorsten Wetzling and Charlotte Dietrich call for further consultations and make recommendations on how government access to and handling of personal data in the area of national security could be better contained under the rule of law.

Technological Memories

1945 - The story of the development of the "von Neumann architecture", which is still the basis for most computers in use today, shows how coincidence can be a driving force in inventions and technological progress. The computer scientist Herman Goldstine recognized the well-known mathematician John von Neumann at a train track in Aberdeen, Maryland, and told him about his work on the "EDVAC," one of the first electronic computers. The two then began their collaboration, which resulted in the "First Draft of a Report on the EDVAC," which for the first time envisioned a computer architecture with stored programs. What Goldstine did not know was that von Neumann was also a collaborator on the "Manhattan Project," which aimed to develop the first atomic bomb. The much more prominent von Neumann was also named as the sole author on the "First Draft", which led to Goldstine's part in the development going almost unrecognized. Found by Johanna Famulok.