The two active shooter terrorist attack in San Bernardino became into a high-tech case when the phone of one of the shooters was obtained by police, which couldn’t open it because of encryption. This turned into a legal battle between the state and Apple, the creator of the phone, who were asked - and refused - to give access to the phone and to the information on it. This has inspired a lot of research and discussion of what rights we have as users for encryption for password protection, and should it be circumvented in the case of criminal offenses, and how.   We talk about this and more in this episode of Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Research Center’s podcast, with Jennifer Daskal, Professor of Law, American University Washington College of Law; Stewart Baker, a lawyer with Steptoe & Johnson in Washington, D.C., and host of the Steptoe Cyberlaw Podcast; Amos Eytan, an attorney with the Israeli State Attorney’s Cybercrime Department; and Lex Cybernetica’s host, Ido Kenan.

Freedom of speech is almost a sacred thing in the US and revered in many democratic countries. But in recent years, there is talk of its abuse to propagate hate speech online, and the need to limit it as a result.   What is hate speech (or dangerous speech), what’s unique about it online, what are its real dangers, how should it be dealt with, and at what cost?   All this in this episode of the Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Research Center’s podcast, with Susan Benesch, Executive Director of The Dangerous Speech Project, Faculty Associate of the Berkman Klein Center for Internet and Society at Harvard University; Omri Abend, Hebrew University faculty member, researching NLP; Rotem Medzini, Research Fellow at the Federmann Cyber Security Research Center; and Lex Cybernetica’s host, Ido Kenan.

Legal accountability means that an unlawful act does not go with impunity. When a state carries out a cyber operation against another state, it’s accountable under international law towards the international community. However, international law doesn’t always have teeth to hold the rogue actor accountable. Additional challenges include attributing the act to a state, which might be using proxy groups and technology to conceal its identity and the actions themselves; and even the mere definition of a rogue act in cyberspace, using tools from the kinetic world.  We discuss all that in this episode of Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Research Center’s podcast, with Yaël Ronen, Professor of International Law and a research associate at the Federmann Cyber Security Research Center; Isabella Brunner, researcher and lecturer in Public International Law at Bundeswehr University Munich; Rogier Bartels, an international criminal lawyer and a research fellow at Federmann Cyber Security Research Center ; and Lex Cybernetica’s host, Ido Kenan.

Can we trust decisions made by algorithms? Those are utilized by managers to choose employees, judges to give verdicts, and much more. While algorithms are often considered unbiased, or at least less biased than humans, they are in truth as biased as the data-sets that they were trained on, and as they were programmed to be - by oversight or design. The problems with AI decision making, and the right to have a human decision maker in the loop, are the subject of this episode of Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Center’s podcast, with Prof. Helmut Aust, Senior Fellow at the Freie Universität Berlin, Germany; Dafna Dror, legal counsel at the Office of the Deputy Attorney General, International Law Division, Human Rights Department And The Federmann Cyber Security Research Center Fellow; Prof. Alon Harel of the Hebrew University; and Lex Cybernetica’s host, Ido Kenan.

While cyber threats have been around for decades, cyber insurance is still a fledgling, mainly American, $4-6 bn industry, that's estimated to grow to $20 bn by 2025.  In Israel, only 13% of local companies have cyber insurance, according to a June 2019 survey of executives, decision makers and insurance companies by the Israel National Cyber Directorate (Hebrew press release). The main reasons for not having such insurance are lack of awareness to cyber threats and a lack of financial viability. Many executives in the industry, agriculture, construction and retail said they didn’t know cyber insurance even existed. What exactly is cyber insurance, what cyber attacks does it cover, and how is it affecting global cyber security? In this episode of the Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Center’s podcast, we talk cyber insurance with Ariel Levite from the Cyber Policy Program at the Carnegie Endowment for Peace; Sharon Shaham, Betach Toren Insurance Agency CEO; and Asaf Lubin, an affiliate at the Berkman Klein Center for Internet and Society at Harvard University and a Visiting Scholar at the Federmann Center; and Lex Cybernetica’s host, Ido Kenan.

Who would you prefer tell you when your loved one is going to die? Annalisia Wilharm had a telerobodoctor on wheels deliver the sad news of her grandfather Ernest Quintana’s terminality. Two days later he died of lung failure, at 79. “This secure video technology is a live conversation with a physician using tele-video technology, and always with a nurse or other physician in the room to explain the purpose and function of the technology,” Michelle Gaskill-Hames, SVP and area manager for Kaiser Permanente Greater Southern Alameda County, told the Mercury News. “It does not, and did not, replace ongoing in-person evaluations and conversations with a patient and family members.” Technology is affecting not only our health, but our health services, the way we get diagnosed and treated, as well as how we preempt disease by changing our daily lives. And as with any new technology, things can, and will, go wrong. In this episode of the Lex Cybernetica, the Hebrew University of Jerusalem Cyber Security Research Center’s podcast, we will discuss this with Ron Shamir, a Federmann Cyber Security Center researcher and co-founder and CEO of the helath-tech startup Phonetica; Danit Leybovich-Shati, the leader of the Israeli National Cyber Directorate MediSec project; and Dr. Rachele Hendricks-Sturrup, Health Policy Fellow at FPF; and Lex Cybernetica’s host, Ido Kenan.

On average, 3,287 people are killed every day in car accidents, according to the World Health Organization (WHO). Elaine Herzberg was one of them, when, on the evening of March 18, 2018, as she was pushing her bicycle across the road outside the crosswalk in Tempe, Arizona, a car fatally hit her. Herzberg had the dubious honor of being the first pedestrian ever to be killed by an autonomous car. Autonomous cars are supposed to be safer than human drivers, but we still worry about them more. That’s not merely a tech or security issue, but a psychological one. We need to know someone is responsible; we need to understand how the autonomous-insurance works, we want to have clear and reasonable regulation. We have to feel safe. One of the promised advantages of autonomous cars is that they're better drivers than humans, but that's not enough. "We will be comfortable with machines making mistakes if the probability of mistakes is much, much smaller than the probability of mistakes of a human driver", says Shai Shalev Shwartz, a professor at the School of Computer Science and Engineering at the Hebrew University of Jerusalem and the CTO of Mobileye. "But if it will be just slightly better than a human driver, then we will have a problem. We are getting close to the statistics of a human driver, but we strive to be a thousand times better than a human driver". To regulating driverless cars, we first have to demystify them. "It's not regulating the end product, the car, this magic carpet. It's not magical at all. It's regulating technologies, and it's nothing new", explains Gadi Perl, research fellow at the Federmann Cyber Security Center. Autonomously driven cars which make less accidents mean a sea change for the car insurance companies. For example, truly autonomous cars make decisions in a black box environment, which could lead to a situation where there's a car accident but we can't determine whose fault it is. "I think that's the Armageddon scenario that everyone is scare of", says Anat Lior, who explores autonomous vehicles challenges facing the insurance industry. In this episode of the Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Center’s podcast, we will talk autonomous cars with Anat Lior, Gadi Perl and Shai Shalev Shwartz, with Lex Cybernetica’s host, Ido Kenan.

Hacker Kevin Mitnick’s infamous social engineering escapades, where he’d call up companies and convince employees to surrender information he would later use to hack their systems, took advantage of people’s, rather than computer systems’, weaknesses. Cybersecurity is not a purely technical issue, but also, and arguably, mostly, a social one. One of the missions cyber criminologists have is to understand why some people become hacking victims while others don’t, and why hackers hack. Take, for example, the rudimentary system of password protection. If a service provides an initial default password and doesn’t require changing it, many people will just settle for it, making it vulnerable to hackers who are aware of default passwords, which are easily searchable on the web. When required to choose a password, most people will resort to a common word or phrase, a phone number, or a birthdate, which are easy to remember but also easy to illegitimately obtain through dictionary attacks, if not mere guessing. People tend to stick to their beloved password, and re-use it for different services, meaning that if one service leaks the password, all that person’s services’ defenses topple down like dominoes. On the other hand, prompting frequent password changes causes people to worry they might forget the new password, so they write it down in a text document or email it to themselves, putting it at risk. Much like password protection, security systems need to be built with humans in mind. On the other side are the hackers – also humans. Situational crime prevention can be used to prevent them from committing cybercrimes, or, if unsuccessful, convincing them to discontinue their journey through your systems. In this episode of the Lex Cybernetica, the Hebrew University of Jerusalem Federmann Cyber Security Center’s podcast, we will talk about the human factor of hacking with our guests Prof. Benoît Dupont, Professor of Criminology at the Université de Montréal and the Scientific Director of SERENE-RISC; Dr. Rutger Leukfeldt, Senior Researcher Cybercrime at NSCR and Director Cybersecurity & SMEs at The Hague University of Applied Sciences; and Prof. David Maimon, Associate Professor in the department of Criminology and Criminal Justice at the Georgia State University and research associate at the Federmann Cyber Security Center; with Lex Cybernetica’s host, Ido Kenan.

A healthy innovation ecosystem is crucial for states to handle cybersecurity threats. Traditional methods and procedures simply will not do. “After a couple of years, if you're successful, you'll have a solution, for example the Iron Dome”, explains Dr. Amit Sheniak of the Federmann Cyber Security Center, the Truman Institute, and the Davis Institute. “Until you did that long process, went through all the bureaucracy – the change already evolved, moved on, inflicted harm, and you couldn't mitigate it. Hence, governments understand today that the way to tackle those threats in terms of research and development is to create some kind of outsourcing scheme”. What does it look like from the state’s point of view? “We have part of the resources, but know that we don't know anything - we know only part of the way to do something”, says Adv. Eynan Lichterman of the Israel National Cyber Directorate. “There's a lot of knowledge in the academia, there's a lot of knowledge in the industry, in the NGOs, and so on. We have to work together in order to make something bigger than any one of us”. An often unspoken yet crucial actor in the cybersecurity ecosystem is the law, says Adv. Deborah Housen-Couriel, a member of the advisory board of the Federmann Cyber Security Center, and an attorney with a practice in the Israeli and global commercial cyber sector. According to Housen-Couriel, “I would start out with looking at the basic underpinnings that a legal system gives to the incentives for setting up a cyber hub or other kinds of cyber ecosystems. Then there's a second piece, which is I think is often overlooked, but really key and also developing, and that's the issue of data protection”. Join us in this episode of Lex Cybernetica with our host Ido Kenan.

We hear a lot about AI and how it's going to change our lives - or even destroy them. How does the legal system deal with having AI integrated into our lives? Prof. Karen Eltis, a full Professor of Law (professeure titulaire) at the Faculty of Law of the University of Ottawa and research associate at the Federmann Cyber Security Center – Cyber Law Program, says that cyberspace diminished or removed two main pillars of traditional law - territory and intermediaries. She also wants to dispel AI myths, saying “It’s like the Wizard of OZ and the man behind the curtain. AI is data-in, data-out, so it’s really the humans that tell the AI what to do. And the concern is we’re able to hide behind the AI”. AI powered tech has different degrees of autonomy, depending on how involved the humans around it are - in, on or outside the loop. How do we control AI, or should we let it control us in some ways? “When people talk about AI, there are two visions that people see”, says Prof. Oren Gross, an Irving Younger Professor of Law at the University of Minnesota Law School and research associate at the Federmann Cyber Security Center – Cyber Law Program, with whom we discuss these questions. “If you're looking at the apocalyptic vision of Skynet or Terminator, then the answer is yes, we absolutely do not want to lose our humanity and to give machines decision making power. If we're thinking about R2D2 - as machines that will be complimentary to human beings, that may free us from some sorts of decision making and free us to make some other, maybe higher level, more abstract level, of decision making - that's not necessarily a bad thing”. Is your fridge running? Better hurry and catch it, then, before it becomes sentient. As our electronic devices - not just the gadgety ones, but also the old fashioned ones, like the fridge, the vacuum cleaner and the personal assistant - become connected and so-called smart, what does it mean for product liability, and legal liability at large? “The independent intelligence makes it very difficult for us to assume that a human agent is behind certain acts or behaviours”, explains Dr. Omri Rachum-Twaig, an adjunct professor at the Faculty of Law, Tel-Aviv University and research fellow at the Federmann Cyber Security Center – Cyber Law Program. “Without agency, it would be very difficult to impose legal liability on human actors”. AI, law and regulation are discussed in this episode of Lex Cybernetica, hosted by Ido Kenan. Clips from The Wizard of Oz, Terminator, and Star Wars

State actors abuse the ability to cyberattack anonymously or through proxies, which allows them to evade the consequences and avoid retaliation. Before we determine what we should and should not do in reaction to a cyberattack, we need to make sure we correctly attribute it to its source. “Currently, one of the predicaments is that states are able to do very bad things and get away with it, scot free”, says Prof. Yuval Shany, the head of The Federmann Cyber Security Center – Cyber Law Program and the chair of the UN Human Rights Committee. There are currently no international agencies responsible for naming the actual entities behind the dummy cyberattackers. Prof. Shany, alongside Exeter University and the Dutch government, are researching this in a feasibility study, looking to borrow ideas from other areas where attribution is important, among them proliferation of nuclear and chemical weapons. A lot of attacks take place on infrastructure, software and platforms that are run by private tech companies. Those companies presumably have better understanding of their systems, and of how the attacks were initiated. "The question is whether the more suitable model for such an attribution agency is a private model or a public model", says Prof. Shany. "There have been private companies that have conducted research and came out with specific conclusions as to who's done it, who was behind it. [But] because they are private companies and because they do this for pay, there are some questions that are often raised as to whether they are generating findings that would be sufficiently independent and impartial from the client that actually ordered this service". Wars have rules, and they will have to be refreshed, perhaps even restarted, when killer robots and AI will join the battlefield. “One area in which we have done research is what are the very rules of the game”, says Prof. Shany. “There is some specific tech development project which we are monitoring that have to do with the interplay between technology and humans, and the way in which human decision making in the battlefield is going to be increasingly enmeshed with technology”. Prof. Shany is our guest on this episode of Lex Cybernetica, hosted by Ido Kenan, where we also spoke of technology in the battlefield, including enhanced humans, and digital human rights.

Big data is used, among other things, in cybersecurity research. Take, for example, Dr. Amit Rechavi‘s research, tracking different hacking activities in order to supply policymakers with state attribution of malicious hackers. We often put our trust in data-based information and decisions, but even data has inherent bias in it, which stems from what data we decided to collect, the way the data was collected, as well as how it was analyzed. Dr. Guy Katz explains how this happens and what can be done to address this. Another problem with big data is its potential to harm our privacy, not only in having troves of data collected about us, but also in big data analysis which provides excess information that we did not even know could be concluded from that data. For example, a smart city system operating in China was found to utilize facial recognition technology to keep track of specific residents, as well as identify their ethnicity. In a country where technology enables persecution of Uyghur Muslims by the authorities, this may have dire consequences. Dr. Romi Mikulinsky tells us about artists and designers who have taken upon themselves to call attention to this surveillance capitalism with artwork that allows us to defy data collection, contaminate databases, and cast doubt upon the so-called reality as it is being presented to us – while giving law and security authorities quite a headache. Such artworks include Peng! Collective’s Mask.ID, Zach Blass’s collective masks, and Adam Harvey’s CV Dazzle. Big Data and Information Security are the subject of this episode of Lex Cybernetica, hosted by Ido Kenan. Clips in this episode: Black Mirror S03E01, Buzzfeed’s Barack Obama’s deep fake.

What is human enhancement? One way to define it is to compare it to therapeutic measures, explains Prof. Noam Lubell, a professor of international law at the University of Essex, research associate at the Hebrew University Federmann Cyber Law Program and Swiss chair of humanitarian law at the Geneva Academy. "Your glasses or contact lenses would be therapeutic, because they bring us up to the norm. Enhanced would be if you had an implant which gave you night vision or let you see beyond 2KM into the distance". Human enhancement has military applications, from giving soldiers exoskeletons to connecting their brains to computers. This raises many regulatory and ethical issues. For example, can a soldier refuse to be enhanced? “The question of informed consent in the military is always an incredibly difficult one, simply because of the hierarchical structure”, says Dr. Heather Harrison Dinniss, senior lecturer at the International and Operational Law Center at the Swedish Defence University. Another issue is whether enhanced soldiers are legally considered a person or a weapon, and what we’re allowed to do to neutralize them in the war field. “Maybe there could be a way to hack it where it’s sort of temporarily takes that person out but it’s not [...] long term damage”, suggests Adv. Erin Hahn (JD), senior national security analyst with the Applied Physics Laboratory at Johns Hopkins University. Prof. Noam Lubell, Dr. Heather A. Harrison Dinniss, and Adv. Erin Hahn are our guests on this episode of Lex Cybernetica, hosted by Ido Kenan. Clips in the episode are from The Six Million Dollar Man and Star Trek: Discovery.

Prof. David Maimon is the guest of this episode of Lex Cybernetica, Prof. Maimon is an Associate Professor in the department of Criminology and Criminal Justice at Georgia State University. His research interests include cyber-enabled and cyber-dependent crimes and experimental research methods. His current research focuses on computer hacking and the progression of system trespassing events, online deception and fraud, computer networks vulnerabilities to cyber attacks, and decision-making process in cyberspace. In his interview, Maimon points the finger at cybersecurity companies and experts who don’t use evidence based proof to their tools’ effectiveness, and says there’s not enough good data - it’s either questionable or not the right data at all - to independently evaluate it, thus making us potentially more unprotected against, and as a result more susceptible to, cyberthreats than we thought. Maimon also talks about the different cybersecurity practices people use in different situations, and how hackers can be nudged to leave an infiltrated system before they damage it. This episode of Lex Cybernetica, hosted by Ido Kenan.

The Israeli elections are imminent, and so are the threats to our democracy. The threat comes from hackers, who may try to harm the elections or divert the results, and from digital information manipulators, spreading fake news and propaganda. Election hacking is just one example of the cyberthreats to our way of life. Another is the threat to our privacy from governments and corporations. GDPR and other privacy laws try to strengthen our control over our personal data. But are we also to take responsibility as individuals? One of the main bodies that’s in charge of our cybersecurity is the Israel National Cyber Directorate, which is problematic in many ways. It’s been functioning without a legal framework, and according to the draft of Israel’s cyber bill, it will be able to collect data from internet and cellular providers, government ministries, local authorities, etc., making it another spy agency. Dr. Tehilla Shwartz Altshuler, a research associate at the Federmann Cyber Security Center – Cyber Law Program, a senior fellow with the Center for Democratic Values and Institutions, and head of the Media Reform Program and Democracy in the Information Age, both with the Israel Democracy Institute (IDI), is our guest on this episode of Lex Cybernetica, hosted by Ido Kenan.

The Internet works, but we’d like it to work better. But fixing it is not as easy as it would have been when it was just a fledgeling academic network. For the last decade, Prof. Michael Schapira has been tackling one really essential part of it - securing Internet routing. Apparently, it’s currently based on trust. What could possibly go wrong? Another pet peeve of Schapira's is time. Specifically, how to use the web to accurately synchronize one’s computer or cellular clock. His suggested solution: an app called Chronos. Prof. Michael Schapira, an associate professor at the School of Computer Science and Engineering, the Hebrew University of Jerusalem, and the scientific co-leader of the Fraunhofer Cybersecurity Center at Hebrew University, is our guest on this episode of Lex Cybernetica, hosted by Ido Kenan.

Cyberwar, What is it Cybergood For? While most cyberattacks are civil ones, the discussion about them has been militarized very early on. This is a problem, according to Prof. Noam Lubell, because the consequences are that most of the discussion of regulation of cyber security focuses on the branch of law that deals with military operations. Prof. Lubell is co-author of an article about how AI and machine learning can help states decide whether to resort to force and go to war. Another issue on Prof. Lubell’s mind is human enhancement in the battlefield. Enhancement as in technologies that improve human skills or add new ones, like a soldier with an exoskeleton suit that makes her stronger and more endurant. Enhanced humans entering this sphere raise an abundance of practical, technological, biological and ethical questions. Among them: are enhanced soldiers humans or weapons? Should the rules of war change for them? If an enhanced human makes a deadly mistake, who’s to blame, her or the software/hardware people behind her? What becomes of them and their enhancements when they leave the army and rejoin civil society? Prof. Lubell, a professor of international law at the University of Essex, research associate at the Hebrew University cybersecurity program and Swiss chair of humanitarian law at the Geneva Academy, is our guest on this episode of Lex Cybernetica, hosted by Ido Kenan.

The departure of both WhatsApp founders from Facebook, who bought their chat app in 2014 for $19.3 billion, had to do with user rights, and in a broader view, digital rights. Jan Koum left earlier this year over disagreements with Facebook, which attempted to use users’ personal data and weaken the app’s encryption, according to the Washington Post. A few months earlier, in late 2017, Brian Acton announced leaving Whatsapp to form a new foundation. In early 2018 Acton and Moxie Marlinspike, developer of the Signal Protocol and the Signal app, announced the Signal Foundation, which Acton gave $50 milllion to establish and will executive chairman, to replace Marlinspike’s Open Whisper Systems non-profit as the developer of the privacy-oriented chat app and protocol, as well as other privacy-oriented tools. But as Facebook got embroiled in the Cambridge Analytica scandal, which drew criticism and parliamentary investigations on both sides of the Atlantic, and as the new GDPR rules are making waves around the world, it seems Facebook merely felt a bump on the road and keeps on driving. The Norwegian Data Protection Authority, Datatilsynet, and the the Norwegian Consumer Agency, Forbrukertilsyne, recently issued a harshly titled report, DECEIVED BY DESIGN - How tech companies use dark patterns to discourage us from exercising our rights to privacy. The report shows how Facebook, along with Google and Microsoft, are using product design to manipulate their users into sharing more and more information about themselves, which will be monetized and probably abused. In this case, several consumer and privacy groups in Europe and the US are asking the European data protection authorities to investigate whether the massive datatech companies are breaking the law. In this episode of Lex Cybernetica, we discuss digital rights and digital activism with Northwestern University’s Dr. Efrat Daskal, UN Special Rapporteur on the right to privacy Prof. Joe Cannataci, ARTICLE 19’s Paula Martins, and Lex Cybernetica’s host, Ido Kenan.

“Unplug your Alexa devices right now, you're being hacked” was the warning Danielle (last name withheld) got when she picked up the phone recently. On the other side was one of her husband's employees, who’d received a recording of the couple’s conversation - “You sat there talking about hardwood floors”. This evil machination was carried out - due to “an extremely rare occurrence”, according to Amazon’s comment to KIRO-TV - by the couple’s aptly named Amazon Echo, a constantly-eavesdropping machine people for some reason welcome into their homes. A basic couple normie-talking about hardwood floors is unfortunately not criminal as of writing, but murder is. In November 2015, James Andrew Bates hosted a football party at his Arkansas home, which ended with one dead guest in the hot tub. Police investigation found an Amazon Echo in the kitchen, and asked Amazon for any recording which may have occurred during the fatal event. Amazon declined, claiming they hadn’t received “a valid and binding legal demand properly served on us”, but later conceded as Bates, who pleaded not guilty, said he doesn’t object to releasing the files. Arkansas prosecutors later dropped the case. And don’t get me started on the Interpol’s new international voice identification database. Technology brings with it exciting, new surveillance methods that we have to deal with. In this episode of Lex Cybernetica, we discuss digital surveillance with Dr. Ilia Siatitsa, criminologist Prof. Pete Fussey and CSRCL research fellow Amir Cahane, and Lex Cybernetica’s host, podcaster and digital culture blogger Ido Kenan.