Lex Cybernetica Podcast

The two active shooter terrorist attack in San Bernardino became into a high-tech case when the phone of one of the shooters was obtained by police, which couldn’t open it because of encryption. This turned into a legal battle between the state and Apple, the creator of the phone, who were asked - and refused - to give access to the phone and to the information on it. This has inspired a lot of research and discussion of what rights we have as users for encryption for password protection, and should it be circumvented in the case of criminal offenses, and how.   We talk about this and more in this episode of Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Research Center’s podcast, with Jennifer Daskal, Professor of Law, American University Washington College of Law; Stewart Baker, a lawyer with Steptoe & Johnson in Washington, D.C., and host of the Steptoe Cyberlaw Podcast; Amos Eytan, an attorney with the Israeli State Attorney’s Cybercrime Department; and Lex Cybernetica

Freedom of speech is almost a sacred thing in the US and revered in many democratic countries. But in recent years, there is talk of its abuse to propagate hate speech online, and the need to limit it as a result.   What is hate speech (or dangerous speech), what’s unique about it online, what are its real dangers, how should it be dealt with, and at what cost?   All this in this episode of the Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Research Center’s podcast, with Susan Benesch, Executive Director of The Dangerous Speech Project, Faculty Associate of the Berkman Klein Center for Internet and Society at Harvard University; Omri Abend, Hebrew University faculty member, researching NLP; Rotem Medzini, Research Fellow at the Federmann Cyber Security Research Center; and Lex Cybernetica’s host, Ido Kenan.

Legal accountability means that an unlawful act does not go with impunity. When a state carries out a cyber operation against another state, it’s accountable under international law towards the international community. However, international law doesn’t always have teeth to hold the rogue actor accountable. Additional challenges include attributing the act to a state, which might be using proxy groups and technology to conceal its identity and the actions themselves; and even the mere definition of a rogue act in cyberspace, using tools from the kinetic world.  We discuss all that in this episode of Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Research Center’s podcast, with Yaël Ronen, Professor of International Law and a research associate at the Federmann Cyber Security Research Center; Isabella Brunner, researcher and lecturer in Public International Law at Bundeswehr University Munich; Rogier Bartels, an international criminal lawyer and a research fellow at Federmann Cyb

Can we trust decisions made by algorithms? Those are utilized by managers to choose employees, judges to give verdicts, and much more. While algorithms are often considered unbiased, or at least less biased than humans, they are in truth as biased as the data-sets that they were trained on, and as they were programmed to be - by oversight or design. The problems with AI decision making, and the right to have a human decision maker in the loop, are the subject of this episode of Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Center’s podcast, with Prof. Helmut Aust, Senior Fellow at the Freie Universität Berlin, Germany; Dafna Dror, legal counsel at the Office of the Deputy Attorney General, International Law Division, Human Rights Department And The Federmann Cyber Security Research Center Fellow; Prof. Alon Harel of the Hebrew University; and Lex Cybernetica’s host, Ido Kenan.

While cyber threats have been around for decades, cyber insurance is still a fledgling, mainly American, $4-6 bn industry, that's estimated to grow to $20 bn by 2025.  In Israel, only 13% of local companies have cyber insurance, according to a June 2019 survey of executives, decision makers and insurance companies by the Israel National Cyber Directorate (Hebrew press release). The main reasons for not having such insurance are lack of awareness to cyber threats and a lack of financial viability. Many executives in the industry, agriculture, construction and retail said they didn’t know cyber insurance even existed. What exactly is cyber insurance, what cyber attacks does it cover, and how is it affecting global cyber security? In this episode of the Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Center’s podcast, we talk cyber insurance with Ariel Levite from the Cyber Policy Program at the Carnegie Endowment for Peace; Sharon Shaham, Betach Toren Insurance Agency CEO; and Asa

Who would you prefer tell you when your loved one is going to die? Annalisia Wilharm had a telerobodoctor on wheels deliver the sad news of her grandfather Ernest Quintana’s terminality. Two days later he died of lung failure, at 79. “This secure video technology is a live conversation with a physician using tele-video technology, and always with a nurse or other physician in the room to explain the purpose and function of the technology,” Michelle Gaskill-Hames, SVP and area manager for Kaiser Permanente Greater Southern Alameda County, told the Mercury News. “It does not, and did not, replace ongoing in-person evaluations and conversations with a patient and family members.” Technology is affecting not only our health, but our health services, the way we get diagnosed and treated, as well as how we preempt disease by changing our daily lives. And as with any new technology, things can, and will, go wrong. In this episode of the Lex Cybernetica, the Hebrew University of Jerusalem Cyber Security Research

On average, 3,287 people are killed every day in car accidents, according to the World Health Organization (WHO). Elaine Herzberg was one of them, when, on the evening of March 18, 2018, as she was pushing her bicycle across the road outside the crosswalk in Tempe, Arizona, a car fatally hit her. Herzberg had the dubious honor of being the first pedestrian ever to be killed by an autonomous car. Autonomous cars are supposed to be safer than human drivers, but we still worry about them more. That’s not merely a tech or security issue, but a psychological one. We need to know someone is responsible; we need to understand how the autonomous-insurance works, we want to have clear and reasonable regulation. We have to feel safe. One of the promised advantages of autonomous cars is that they're better drivers than humans, but that's not enough. "We will be comfortable with machines making mistakes if the probability of mistakes is much, much smaller than the probability of mistakes of a human driver", says Shai

Hacker Kevin Mitnick’s infamous social engineering escapades, where he’d call up companies and convince employees to surrender information he would later use to hack their systems, took advantage of people’s, rather than computer systems’, weaknesses. Cybersecurity is not a purely technical issue, but also, and arguably, mostly, a social one. One of the missions cyber criminologists have is to understand why some people become hacking victims while others don’t, and why hackers hack. Take, for example, the rudimentary system of password protection. If a service provides an initial default password and doesn’t require changing it, many people will just settle for it, making it vulnerable to hackers who are aware of default passwords, which are easily searchable on the web. When required to choose a password, most people will resort to a common word or phrase, a phone number, or a birthdate, which are easy to remember but also easy to illegitimately obtain through dictionary attacks, if not mere guessing. Peop

A healthy innovation ecosystem is crucial for states to handle cybersecurity threats. Traditional methods and procedures simply will not do. “After a couple of years, if you're successful, you'll have a solution, for example the Iron Dome”, explains Dr. Amit Sheniak of the Federmann Cyber Security Center, the Truman Institute, and the Davis Institute. “Until you did that long process, went through all the bureaucracy – the change already evolved, moved on, inflicted harm, and you couldn't mitigate it. Hence, governments understand today that the way to tackle those threats in terms of research and development is to create some kind of outsourcing scheme”. What does it look like from the state’s point of view? “We have part of the resources, but know that we don't know anything - we know only part of the way to do something”, says Adv. Eynan Lichterman of the Israel National Cyber Directorate. “There's a lot of knowledge in the academia, there's a lot of knowledge in the industry, in the NGOs, and so on. We h

We hear a lot about AI and how it's going to change our lives - or even destroy them. How does the legal system deal with having AI integrated into our lives? Prof. Karen Eltis, a full Professor of Law (professeure titulaire) at the Faculty of Law of the University of Ottawa and research associate at the Federmann Cyber Security Center – Cyber Law Program, says that cyberspace diminished or removed two main pillars of traditional law - territory and intermediaries. She also wants to dispel AI myths, saying “It’s like the Wizard of OZ and the man behind the curtain. AI is data-in, data-out, so it’s really the humans that tell the AI what to do. And the concern is we’re able to hide behind the AI”. AI powered tech has different degrees of autonomy, depending on how involved the humans around it are - in, on or outside the loop. How do we control AI, or should we let it control us in some ways? “When people talk about AI, there are two visions that people see”, says Prof. Oren Gross, an Irving Younger Professor

State actors abuse the ability to cyberattack anonymously or through proxies, which allows them to evade the consequences and avoid retaliation. Before we determine what we should and should not do in reaction to a cyberattack, we need to make sure we correctly attribute it to its source. “Currently, one of the predicaments is that states are able to do very bad things and get away with it, scot free”, says Prof. Yuval Shany, the head of The Federmann Cyber Security Center – Cyber Law Program and the chair of the UN Human Rights Committee. There are currently no international agencies responsible for naming the actual entities behind the dummy cyberattackers. Prof. Shany, alongside Exeter University and the Dutch government, are researching this in a feasibility study, looking to borrow ideas from other areas where attribution is important, among them proliferation of nuclear and chemical weapons. A lot of attacks take place on infrastructure, software and platforms that are run by private tech companies.

Big data is used, among other things, in cybersecurity research. Take, for example, Dr. Amit Rechavi‘s research, tracking different hacking activities in order to supply policymakers with state attribution of malicious hackers. We often put our trust in data-based information and decisions, but even data has inherent bias in it, which stems from what data we decided to collect, the way the data was collected, as well as how it was analyzed. Dr. Guy Katz explains how this happens and what can be done to address this. Another problem with big data is its potential to harm our privacy, not only in having troves of data collected about us, but also in big data analysis which provides excess information that we did not even know could be concluded from that data. For example, a smart city system operating in China was found to utilize facial recognition technology to keep track of specific residents, as well as identify their ethnicity. In a country where technology enables persecution of Uyghur Muslims by the a

What is human enhancement? One way to define it is to compare it to therapeutic measures, explains Prof. Noam Lubell, a professor of international law at the University of Essex, research associate at the Hebrew University Federmann Cyber Law Program and Swiss chair of humanitarian law at the Geneva Academy. "Your glasses or contact lenses would be therapeutic, because they bring us up to the norm. Enhanced would be if you had an implant which gave you night vision or let you see beyond 2KM into the distance". Human enhancement has military applications, from giving soldiers exoskeletons to connecting their brains to computers. This raises many regulatory and ethical issues. For example, can a soldier refuse to be enhanced? “The question of informed consent in the military is always an incredibly difficult one, simply because of the hierarchical structure”, says Dr. Heather Harrison Dinniss, senior lecturer at the International and Operational Law Center at the Swedish Defence University. Another issue is w

Prof. David Maimon is the guest of this episode of Lex Cybernetica, Prof. Maimon is an Associate Professor in the department of Criminology and Criminal Justice at Georgia State University. His research interests include cyber-enabled and cyber-dependent crimes and experimental research methods. His current research focuses on computer hacking and the progression of system trespassing events, online deception and fraud, computer networks vulnerabilities to cyber attacks, and decision-making process in cyberspace. In his interview, Maimon points the finger at cybersecurity companies and experts who don’t use evidence based proof to their tools’ effectiveness, and says there’s not enough good data - it’s either questionable or not the right data at all - to independently evaluate it, thus making us potentially more unprotected against, and as a result more susceptible to, cyberthreats than we thought. Maimon also talks about the different cybersecurity practices people use in different situations, and how ha

The Israeli elections are imminent, and so are the threats to our democracy. The threat comes from hackers, who may try to harm the elections or divert the results, and from digital information manipulators, spreading fake news and propaganda. Election hacking is just one example of the cyberthreats to our way of life. Another is the threat to our privacy from governments and corporations. GDPR and other privacy laws try to strengthen our control over our personal data. But are we also to take responsibility as individuals? One of the main bodies that’s in charge of our cybersecurity is the Israel National Cyber Directorate, which is problematic in many ways. It’s been functioning without a legal framework, and according to the draft of Israel’s cyber bill, it will be able to collect data from internet and cellular providers, government ministries, local authorities, etc., making it another spy agency. Dr. Tehilla Shwartz Altshuler, a research associate at the Federmann Cyber Security Center – Cyber Law Prog

The Internet works, but we’d like it to work better. But fixing it is not as easy as it would have been when it was just a fledgeling academic network. For the last decade, Prof. Michael Schapira has been tackling one really essential part of it - securing Internet routing. Apparently, it’s currently based on trust. What could possibly go wrong? Another pet peeve of Schapira's is time. Specifically, how to use the web to accurately synchronize one’s computer or cellular clock. His suggested solution: an app called Chronos. Prof. Michael Schapira, an associate professor at the School of Computer Science and Engineering, the Hebrew University of Jerusalem, and the scientific co-leader of the Fraunhofer Cybersecurity Center at Hebrew University, is our guest on this episode of Lex Cybernetica, hosted by Ido Kenan.

Cyberwar, What is it Cybergood For? While most cyberattacks are civil ones, the discussion about them has been militarized very early on. This is a problem, according to Prof. Noam Lubell, because the consequences are that most of the discussion of regulation of cyber security focuses on the branch of law that deals with military operations. Prof. Lubell is co-author of an article about how AI and machine learning can help states decide whether to resort to force and go to war. Another issue on Prof. Lubell’s mind is human enhancement in the battlefield. Enhancement as in technologies that improve human skills or add new ones, like a soldier with an exoskeleton suit that makes her stronger and more endurant. Enhanced humans entering this sphere raise an abundance of practical, technological, biological and ethical questions. Among them: are enhanced soldiers humans or weapons? Should the rules of war change for them? If an enhanced human makes a deadly mistake, who’s to blame, her or the software/hardware p

The departure of both WhatsApp founders from Facebook, who bought their chat app in 2014 for $19.3 billion, had to do with user rights, and in a broader view, digital rights. Jan Koum left earlier this year over disagreements with Facebook, which attempted to use users’ personal data and weaken the app’s encryption, according to the Washington Post. A few months earlier, in late 2017, Brian Acton announced leaving Whatsapp to form a new foundation. In early 2018 Acton and Moxie Marlinspike, developer of the Signal Protocol and the Signal app, announced the Signal Foundation, which Acton gave $50 milllion to establish and will executive chairman, to replace Marlinspike’s Open Whisper Systems non-profit as the developer of the privacy-oriented chat app and protocol, as well as other privacy-oriented tools. But as Facebook got embroiled in the Cambridge Analytica scandal, which drew criticism and parliamentary investigations on both sides of the Atlantic, and as the new GDPR rules are making waves around the w

“Unplug your Alexa devices right now, you're being hacked” was the warning Danielle (last name withheld) got when she picked up the phone recently. On the other side was one of her husband's employees, who’d received a recording of the couple’s conversation - “You sat there talking about hardwood floors”. This evil machination was carried out - due to “an extremely rare occurrence”, according to Amazon’s comment to KIRO-TV - by the couple’s aptly named Amazon Echo, a constantly-eavesdropping machine people for some reason welcome into their homes. A basic couple normie-talking about hardwood floors is unfortunately not criminal as of writing, but murder is. In November 2015, James Andrew Bates hosted a football party at his Arkansas home, which ended with one dead guest in the hot tub. Police investigation found an Amazon Echo in the kitchen, and asked Amazon for any recording which may have occurred during the fatal event. Amazon declined, claiming they hadn’t received “a valid and binding legal demand prop