Skip to main content

DSI Publications

Journal Article

EU-Regulierung der Künstlichen Intelligenz [EU regulation of artificial intelligence]

Datenschutz und Datensicherheit 45 (7): 438–443
Martin Schallbruch (2021)
Subject(s)
Economics, politics and business environment; Information technology and systems; Technology, R&D management
Keyword(s)
AI, artificial intelligence, privay, data protection, information law
The European Commission has presented proposals for the horizontal regulation of artificial intelligence. It is thus foreseeable that the regulatory systems of data protection and IT security will be supplemented by a further cross-sectoral approach to the regulation of information technology. This article explains the proposals and describes their advantages and disadvantages.

[Die Europäische Kommission hat Vorschläge vorgelegt, wie eine horizontale Regulierung künstlicher Intelligenz erfolgen soll. Damit ist absehbar, dass neben die Regulierungssysteme des Datenschutzes und der IT-Sicherheit ein weiterer sektorübergreifender Ansatz zur Regulierung von Informationstechnik treten wird.]
Volume
45
Journal Pages
438–443
ISSN (Online)
1862-2607
ISSN (Print)
1614-0702
Commentary

Should we be concerned about misinformation on Clubhouse?

Israel Public Policy Institute
Henning Christian Lahmann (2021)
Subject(s)
Diversity and inclusion; Economics, politics and business environment; Ethics and social responsibility; Health and environment; Technology, R&D management
Keyword(s)
disinformation, social media, oral culture, fact-checking
JEL Code(s)
I0
The article examines the risk of the proliferation of potentially harmful disinformation through 'oral' social media services such as Clubhouse. While false or misleading information may have fewer means to stick and go viral, it is also more difficult to fact-check speakers, which may create new vulnerabilities for the information ecosystem online.
Journal Article

Cybersecurity and the risk governance triangle

International Cybersecurity Law Review 2 (1): 77–92
Andrew J. Grotto, Martin Schallbruch (2021)
Subject(s)
Economics, politics and business environment; Information technology and systems; Technology, R&D management
Keyword(s)
Transatlantic, data protection, internet of things, artificial intelligence, industrial control systems (ICS)
Volume
2
Journal Pages
77–92
ISSN (Online)
2662-9739
ISSN (Print)
2662-9720
Commentary

Are Facebook and its new oversight board up to the task when it comes to health misinformation?

Israel Public Policy Institute
Henning Christian Lahmann (2021)
Subject(s)
Ethics and social responsibility; Health and environment; Information technology and systems
Keyword(s)
misinformation, health information, disinformation, social media, facebook, oversight board, freedom of expression, pandemic, covid-19
The article examines the first decisions issued by Facebook's newly established Oversight Board that deal with the exacerbating problem of health misinformation. In this context, it is questioned whether the Board's applied standard of 'imminent harm' is suitable for the problem at hand given the viral proliferation of potentially consequential false and misleading information about public health policies amid a pandemic.
Journal Article

Mehr Unabhängigkeit für das BSI? [More independence for the Federal Office for information security?]

Datenschutz und Datensicherheit 45 (4): 229–233
Martin Schallbruch (2021)
Subject(s)
Economics, politics and business environment; Information technology and systems; Technology, R&D management
Keyword(s)
Cybersecurity, information security, government, Germany
Since its foundation 30 years ago, the Federal Office for Information Security (BSI) has developed into an internationally and nationally recognized center of competence for IT security. With a steady increase in tasks, the discussion about the governance of the office has become stronger - many voices are calling for greater independence of the BSI. The article examines the reasons for and options for greater independence of the agency. As a result, it argues for a further development of the agency's governance that represents a balance between independence and political responsibility.

[Seit seiner Gründung vor 30 Jahren hat sich das BSI zu einem international und national anerkannten Kompetenzträger für IT-Sicherheit entwickelt. Mit stetigem Aufgabenzuwachs ist die Diskussion über die Steuerung des Amtes stärker geworden – viele Stimmen fordern eine größere Unabhängigkeit des BSI.]
Volume
45
Journal Pages
229–233
ISSN (Online)
1862-2607
ISSN (Print)
1614-0702
Journal Article

Zur operativen Zusammenarbeit zwischen Staat und Wirtschaft in der Cybersicherheit in Deutschland [On the operative cybersecurity cooperation of public and private entities]

Datenschutz und Datensicherheit 45: 239–243
Henning Christian Lahmann (2021)
Subject(s)
Information technology and systems; Strategy and general management
Keyword(s)
public-private partnerships, cybersecurity governance, germany, united states, united kingdom, israel, trust
The article survey the current situation concerning the operative cybersecurity cooperation of public and private-sector entities in Germany and compares it with solutions implemented in the United States, Israel, and the United Kingdom. Subsequent to the analysis, the establishment of trust between the different involved actors is identified as the principal challenge for efficient cooperation in this subject area.

[Der vorliegende Artikel stellt die bisherige Situation der operativen Zusammenarbeit zwischen Staat und Wirtschaft in der Cybersicherheit in Deutschland dar und vergleicht sie mit den Lösungen, die in den USA, Israel und Großbritannien für das gleichlautende Problem gefunden worden sind. Im Anschluss wird die Herstellung von Vertrauen zwischen den beteiligten Akteuren als größte Herausforderung für eine effiziente Zusammenarbeit näher beleuchtet.]
Volume
45
Journal Pages
239–243
ISSN (Online)
1862-2607
ISSN (Print)
1614-0702
Online article

Protecting the information space in times of armed conflict

Just Security
Robin Geiss, Henning Christian Lahmann (2021)
Subject(s)
Ethics and social responsibility; Information technology and systems
Keyword(s)
disinformation, information operations, hybrid warfare, international humanitarian law, law of armed conflict
The legal implications of digital information warfare in the context of armed conflict have so far received only scarce attention. This paper aims at filling this gap by exposing some of the legal issues arising in relation to mis- and disinformation tactics during armed conflict in order to serve as a starting point for further debate in this respect:

What, if any, limits exist concerning (digital) information operations in armed conflict? Does the humanitarian legal framework adequately capture the humanitarian protection needs that arise from these types of (military) conduct? Where and how to draw the line between effects and side-effects of digitalised information warfare that should remain either within or without the protective ambit of international humanitarian law (IHL)? What are, or what should be, the limits of disinformation campaigns, “fake news”, deep fakes and the systematic manipulation of a given information space in times of armed conflict?
Journal Article

Protection of data in armed conflict

International Law Studies 97: 556–572
Robin Geiss, Henning Christian Lahmann (2021)
Subject(s)
Information technology and systems; Technology, R&D management
Keyword(s)
data protection, cyber warfare, international humanitarian law, law of armed conflict, objects, hybrid warfare, cyber attacks
This article presents a novel way to conceptualize the protection of data in situations of armed conflict. Although the question of the targeting of data through adversarial military cyber operations and its implications for the qualification of such conduct under International Humanitarian Law has been on scholars’ and states’ radar for the last few years, there remain a number of misunderstandings as to how to think about the notion of “data.” Based on a number of fictional scenarios, the article clarifies the pertinent terminology and makes some expedient distinctions between various types of data. It then analyzes how existing international humanitarian and international human rights law applies to cyber operations whose effects have an impact on data. The authors argue that given the persisting ambiguities of traditional concepts such as “object” and “attack” under international humanitarian law, the targeting of content data continues to fall into a legal grey zone, which potentially has wide-ranging ramifications both for the rights of individual civilians and the functioning of civilian societies during situations of conflict. At the same time, much legal uncertainty surrounds the application of human rights law to these contexts, and existing data protection frameworks explicitly exclude taking effect in relation to issues of security. Acknowledging these gaps, the article attempts to advance the debate by proposing a paradigm shift: Instead of taking existing rules on armed conflict and applying them to “data,” we should contemplate applying the principles of data protection, data security, and privacy frameworks to military cyber operations in armed conflict.
Volume
97
Journal Pages
556–572
Online article

Protecting societies – Anchoring a new protection dimension in international law during armed conflict: An agenda for discussion

EJIL: Talk! (Blog of the European Journal of International Law)
Robin Geiss, Henning Christian Lahmann (2021)
Subject(s)
Ethics and social responsibility; Information technology and systems
Keyword(s)
international humanitarian law, law of armed conflict, society protection, cyber operations, cyber attacks, cybersecurity
Adversarial military cyber operations carried out during armed conflict can affect the functioning of civilian societies in unprecedented ways, challenging the protected reach of international humanitarian law (IHL). In light of this, the article argues for the recognition of new protection needs to shield critical societal processes from cyber threats in conflict situations. Although experts and states generally agree that cyber operations are subject to IHL, the digital transformation has added novel vulnerabilities that do not easily map onto the law’s traditional rationale of providing baseline protection against the ramifications of kinetic warfare, such as to minimise death, injury, and destruction among the civilian population. Today’s military cyber capabilities have the potential to severely impact essential societal processes across economic, financial, scientific, cultural, and healthcare domains as well as public information spaces. While such consequences may be more diffuse and intangible, in an interconnected world they can affect entire societies and cause systemic disruption on a major scale. Recognising this paradigm shift, the article calls for a more comprehensive understanding of what protection of the civilian population in twenty-first century warfare entails. It submits that certain societal processes and functions must be considered assets so essential as to require legal protection under IHL irrespective of possible physical aspects. In order to meaningfully expand IHL’s traditionally narrow focus on objects, kinetic warfare, and physical destruction, the article intends to initiate a discussion about adding the protection of essential societal processes as a new protection dimension to the law of armed conflict.
Online article

5 lessons for leaders surviving a cyberattack

Forbes
Martin Schallbruch (2021)
Subject(s)
Information technology and systems; Strategy and general management; Technology, R&D management
Keyword(s)
Cybersecurity, cyberattack, cyber defence
Cyberattacks have become part of every company’s daily routine. Every business leader must therefore prepare for a situation in which their company is successfully attacked. Defending against a cyberattack requires many parallel activities – assessing the impact, implementing technical defense measures, collecting evidence, rebuilding reliable IT systems and business processes, and communicating with customers and partners. The article describes five lessons that will help business leaders on Day X to successfully manage a serious and complex cyberattack.
ISSN (Print)
0015-6914