TechLetters #143 Security researchers targeted. Disinformation/propaganda is OK under international law, „but” be careful not to become a war criminal. Privacy Sandbox ON?
Security
Security researchers targeted. Another wave of threat actors targeting security researchers. N Korea. 0days in use. Raport being built using social media (X, Mastodon), then delivery of the infected files.
Major Microsoft Cloud account takeover. STORM-0558. Allegedly, by Chinese services. “Our investigation found that a consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process (“crash dump”). The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump (this issue has been corrected). The key material’s presence in the crash dump was not detected by our systems (this issue has been corrected). We found that this crash dump, believed at the time not to contain key material, was subsequently moved from the isolated production network into our debugging environment on the internet connected corporate network. This is consistent with our standard debugging processes. Our credential scanning methods did not detect its presence (this issue has been corrected). “
Privacy
Chrome enables Privacy Sandbox. To be a more privacy-friendly ad-serving system, retiring cookies and user tracking. It seems that cookies are out at the end of 2024.
Technology Policy
Propaganda, disinformation, “fake news”, psychological operations/warfare are legal. They are expressly allowed as codified in Geneva Conventions. You see, this ie explicitly allowed: “but”. It goes with a crucial caveat - make sure not to become as war criminal. According to a recent, excellent, research analysis by my former ICRC colleague, during armed conflict — such activities cannot breach IHL (International Humanitarian Law, a.k.a Laws of Armed Conflict): „while the encouragement of IHL violations, including by in- formation or psychological operations, may amount to the soliciting or in- ducing of war crimes, the encouragement of IHL violations is prohibited in circumstances where such violations are likely or foreseeable, even if it can- not be shown that the encouragement has a direct effect on the person com- mitting the IHL violations.”. So for example, information emissions (via radio, social media, instant messengers, whatever) inciting to genocide are not OK (very much to the contrary), and may amount to war crimes. I agree. Though another caveat: it may be challenging to bring responsibility for such actions. It did happen in the past, but it certainly is not guaranteed. Tricky matter. There will be more about this in 2024 and 2025 and it is worth a wait. That’s not all.
It is NOT OK to paralyse humanitarian work with disinformation/propaganda. “information operations aimed at undermining trust in the work of impartial humanitarian organizations and thereby impacting their ability to operate safely and efficiently would be difficult to reconcile with the obligation to facilitate humanitarian relief operations. In fact, parties to armed conflicts have an obligation to take feasible measures to prevent or halt such operations, including if led by private actors or companies”. This in fact may be viewed by several disinformation campaigns against the International Committee of the Red Cross. Once when a private company has been engaged, by a government in Africa - in black PR campaign. And to a degree, possibly also in context of activities in Ukraine war? This is a very dangerous territory. And the ICRC was apparently unprepared for the realities of modern information influence during full-scale armed activities, it seems they still lack the awareness. Several shortcomings were clearly seen in the previous year. But let’s hope this improves.
Google to require marking political ads if synthetic (AI-generated/deepfake) content is in use. “This disclosure must be clear and conspicuous, and must be placed in a location where it is likely to be noticed by users. This policy will apply to image, video, and audio content.”.
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: