Leading hub for knowledge transfer in digital trust

Conspiracy Theories About the Texas Floods Lead to Death Threats

Severe floods in Texas sparked a wave of conspiracy theories, with claims circulating online that the disaster was caused by geoengineering or weather weapons. This highlights a growing tension between the speed at which formal institutions can communicate accurate information and the rapid spread of AI-fueled disinformation. The resulting vandalism of radar infrastructure and threats against meteorologists disrupted emergency services, showing just how vulnerable necessary communication channels are in times of emergencies.

C4DT supports National Cyber Security Centre (NCSC) initiative on “Switzerland’s most important digital data.”

C4DT collaborated with NCSC on implementation of Motion 23.3002. It organized the first of a series of three workshops, actively participated in two additional workshops, and delivered a summary of the workshop results from C4DT's perspective for the final report."

Libxml2’s “no security embargoes” policy

Here’s an interesting take on what happens if security bugs are found in Open Source libraries. Now that more and more of Open Source libraries find their way into commercial products from Google, Microsoft, Amazon, and others, the problem of fixing security bugs in a timely manner is becoming a bigger problem. Open Source projects are very often maintained by a single person, and the company who uses the library often doesn't participate in its development. Effectively, the maintainer works for free for a company who makes money off his work!

What happens when you feed AI nothing

Driven by ethical concerns about using existing artwork to train gen AI models, an artist created his own model that produces output untrained on any data at all. What was interesting to me is that, in exploring whether gen AI could create original art, he also demonstrated a potential path to better understanding how such models work in the first place. Could it be through art that we approach explainable AI?

In a world first, Brazilians will soon be able to sell their digital data

This article is interesting because it highlights the opportunities and challenges of personal data ownership. Although tools such as dWallet claim to empower users, they can encourage the poorest and least educated people to sell their data without understanding the risks, thereby widening the digital divide. True data empowerment means that everyone must have the knowledge and resources to make informed choices about privacy, not just the privileged few.

Schweizerdeutsch liegt im Trend – auch bei Phishing

Ein sehr schöner Einsteigerartikel in das Thema Phishing, den man auch technisch weniger versierten Personen ruhig weiterempfehlen kann.

C4DT Insight #3 on privacy-preserving data sharing is out!

This policy paper highlights the crucial trade-off between privacy and utility in data sharing and call for a shift from technology-centric solutions to purpose-driven policies. The paper formulates eight actionable recommendations to guide realistic, privacy-preserving data-sharing practices in Europe.

ENISA launches European vulnerability database

ENISA's new vulnerability database is a significant development in the pursuit of European digital sovereignty. It reduces reliance on US-dominated resources and could lead to better alignment with EU regulations, such as the GDPR and the NIS2 Directive. However, key questions remain about coordination with existing global databases, disclosure policies, and the participation of non-EU countries such as Switzerland. The challenge lies in creating a system that avoids fragmentation while taking into account Europe's unique security landscape and regulatory framework.

Japan enacts new Active Cyberdefense Law allowing for offensive cyber operations

The new bill shifts Japan's strategy from defensive cybersecurity to active threat disruption, similar to approaches in other countries like the U.S. However, it uniquely empowers military and law enforcement to take preemptive actions, including deploying 'cyber harm prevention officers' to disrupt enemy servers without explicit oversight during critical incidents, raising concerns about potential 'vigilante hacking.' Currently, Japan claims to only target foreign criminal organizations (not nation states), but this shift is also seen as a response to the 2022 revelations of deep Chinese penetration into Japanese infrastructure, known as the Blair Shock.

Das neue Policy Paper C4DT Insight #2 mit dem Titel “Datenstrategie,-Policy und -Regulierung für die Schweiz” ist erschienen!

Melanie Kolbe-Guyot und Matthias Finger diskutieren die Notwendigkeit einer umfassenden Datenpolitik für die Schweiz, um das Potenzial von Daten durch klare Regeln und Anreize zu nutzen und die Wettbewerbsfähigkeit langfristig zu sichern. Es formuliert 6 Handlungsempfehlungen für die Politik.

Nintendo says your Switch 2 isn’t really yours even if you paid for it

Companies are taking advantage of the digital world to keep control over physical devices, even after you buy them. The latest licensing terms of the Nintendo Switch 2 contains wording that allows the company to permanently disable the console if it determines you've violated their terms. This highlights a serious trust concern: even after paying full price, your device remains under Nintendo's control. The worst part is that they want to do so based solely on their terms, with no independent oversight or appeals process.

North Korea Stole Your Job

This article reveals how North Korean agents are finding jobs in IT by exploiting remote working opportunities and AI-powered interviews. This combination of espionage and "legitimate" job hunting creates a worrying new security challenge, as companies cannot verify who they are actually hiring. This sophisticated operation illustrates the evolution of cybersecurity threats, which are no longer limited to traditional hacking, but are infiltrating organisations directly through their hiring processes, albeit limited to remote working positions.

Apple, Meta fined as EU presses ahead with tech probes

Regulations are only effective when properly enforced. Following the introduction of numerous digital regulations in recent years, it is now high time to focus on their effective implementation and enforcement. The Digital Markets Act (DMA) seeks to promote fair competition by protecting smaller businesses from potential abuses by dominant market players. However, its enforcement will ultimately test the European Union's political will to stand by its policy decisions.