Cat Easdon
@easdon.bsky.social
Privacy engineering at Dynatrace | privacy, tech policy, hardware security. You may know me from: @virtualroutes.bsky.social, @internetsociety.bsky.social, or my past life hacking CPUs 👩💻 All opinions my own.
EU folks: share your feedback on the proposed expansion of data retention requirements (public consultation open until June 18th). Metadata is high-risk data, particularly given recent backsliding on fundamental rights protections at the national level.
European Commission - Have your say
European Commission - Have your say
ec.europa.eu
May 30, 2025 at 11:03 AM
EU folks: share your feedback on the proposed expansion of data retention requirements (public consultation open until June 18th). Metadata is high-risk data, particularly given recent backsliding on fundamental rights protections at the national level.
Reposted by Cat Easdon
As expected Apple has canceled encrypted iCloud storage for UK users rather than capitulate to UK gov and create backdoor for gov to access data. "British customers who already have Advanced Data Protection will be warned later to disable it or lose access to iCloud." by @joemenn.bsky.social
Apple yanks encrypted storage in U.K. instead of allowing backdoor access
Apple disabled its most secure data storage offering for new customers in the United Kingdom on Friday rather than comply with a secret government order.
www.washingtonpost.com
February 21, 2025 at 3:24 PM
As expected Apple has canceled encrypted iCloud storage for UK users rather than capitulate to UK gov and create backdoor for gov to access data. "British customers who already have Advanced Data Protection will be warned later to disable it or lose access to iCloud." by @joemenn.bsky.social
Reposted by Cat Easdon
👋🏻 Have you already sent your application for the 2025-2026 European Cybersecurity Fellowship our way? Put together your CV and write a short essay on one of this year’s topics: virtual-routes.org/virtual-rout...
⏳ Deadline: Feb 23, 23:59 CET
#VirtualRoutes #Cybersecurity #Fellowship
⏳ Deadline: Feb 23, 23:59 CET
#VirtualRoutes #Cybersecurity #Fellowship
February 19, 2025 at 8:19 AM
👋🏻 Have you already sent your application for the 2025-2026 European Cybersecurity Fellowship our way? Put together your CV and write a short essay on one of this year’s topics: virtual-routes.org/virtual-rout...
⏳ Deadline: Feb 23, 23:59 CET
#VirtualRoutes #Cybersecurity #Fellowship
⏳ Deadline: Feb 23, 23:59 CET
#VirtualRoutes #Cybersecurity #Fellowship
How do cloud providers reason about software security, and how can we help them make the business case for security to build global resilience? Last week, I had the privilege of exploring these questions in a workshop with the @virtualroutes.bsky.social European Cybersecurity Fellows 🧵
February 10, 2025 at 12:16 PM
How do cloud providers reason about software security, and how can we help them make the business case for security to build global resilience? Last week, I had the privilege of exploring these questions in a workshop with the @virtualroutes.bsky.social European Cybersecurity Fellows 🧵
Reposted by Cat Easdon
Extraordinarly bad for everyone’s privacy and security. www.washingtonpost.com/technology/2...
U.K. orders Apple to let it spy on users’ encrypted accounts
Secret order requires blanket access to protected cloud backups around the world, which if implemented would undermine Apple’s privacy pledge to its users.
www.washingtonpost.com
February 7, 2025 at 2:02 PM
Extraordinarly bad for everyone’s privacy and security. www.washingtonpost.com/technology/2...
Reposted by Cat Easdon
This is an excellent primer on some of the privacy dangers posed by large scale AI, from a cybersecurity perspective. Written in clear language, it's the most accessible rundown I've seen yet on these topics!
desfontain.es/blog/privacy...
desfontain.es/blog/privacy...
Five things privacy experts know about AI - Ted is writing things
… and that AI salespeople don't want you to know!
desfontain.es
January 14, 2025 at 11:31 AM
This is an excellent primer on some of the privacy dangers posed by large scale AI, from a cybersecurity perspective. Written in clear language, it's the most accessible rundown I've seen yet on these topics!
desfontain.es/blog/privacy...
desfontain.es/blog/privacy...
Reposted by Cat Easdon
The biggest story in data privacy continues with a new piece about the Gravy Analytics hack covered in @404media.co (www.404media.co/candy-crush-...) + @wired.com (www.wired.com/story/gravy-...) --- i'm proud to have provided a few comments, but wanted to expand on it briefly in this thread:
January 10, 2025 at 1:57 AM
The biggest story in data privacy continues with a new piece about the Gravy Analytics hack covered in @404media.co (www.404media.co/candy-crush-...) + @wired.com (www.wired.com/story/gravy-...) --- i'm proud to have provided a few comments, but wanted to expand on it briefly in this thread:
Reposted by Cat Easdon
'“The bottom line is, you can’t replace the guy who screams, ‘Listen, this is dangerous,’” with all the advanced AI technologies in the world,” said Caspit, the Israeli journalist who has interviewed every living 8200 commander for his book.'
December 30, 2024 at 10:32 AM
'“The bottom line is, you can’t replace the guy who screams, ‘Listen, this is dangerous,’” with all the advanced AI technologies in the world,” said Caspit, the Israeli journalist who has interviewed every living 8200 commander for his book.'
Today in ‘I know you don’t have time but you really need to read that app’s privacy policy’: a car app collected GPS data with up to 10cm precision (!!), stored it in the cloud, then leaked the creds 🙈 Could the data have been secured? Yes. But far, far better to never collect it in the first place.
Der CCC deckt auf, dass der Volkswagen-Konzern Bewegungsdaten von hunderttausenden Fahrzeugen der Marken VW, Audi, Skoda und Seat systematisch erfasst und über lange Zeiträume speichert
CCC | Wir wissen, wo dein Auto steht
Der Chaos Computer Club (CCC) deckt auf, dass der Volkswagen-Konzern Bewegungsdaten von hunderttausenden Fahrzeugen der Marken VW, Audi, Skoda und Seat systematisch erfasst und über lange Zeiträume…
www.ccc.de
December 27, 2024 at 8:28 PM
Today in ‘I know you don’t have time but you really need to read that app’s privacy policy’: a car app collected GPS data with up to 10cm precision (!!), stored it in the cloud, then leaked the creds 🙈 Could the data have been secured? Yes. But far, far better to never collect it in the first place.
Reposted by Cat Easdon
🚨 BREAKING: South Korea is the world's SECOND country to enact a comprehensive AI law - and it's heavily inspired by the EU AI Act! Is the Brussels effect already happening? [HINT: YES] Here's what you need to know:
December 26, 2024 at 7:27 PM
🚨 BREAKING: South Korea is the world's SECOND country to enact a comprehensive AI law - and it's heavily inspired by the EU AI Act! Is the Brussels effect already happening? [HINT: YES] Here's what you need to know:
Plus side: it’s opt-in + you can exclude the replay when you share (their pitch is *you* use it to review your edits). Still troubling for privacy though if job apps/schools demand it; the drafting process reveals a lot of your thought process (do you really want to share your unedited thoughts? 😅)
Grammarly's new "Authorship Report" shows "a full replay of your typing and editing process" to share with clients, tutors, editors etc
I understand the need for scrutiny but I would not be comfortable with this
I second-guess myself constantly while writing. I feel the drafting process is private
I understand the need for scrutiny but I would not be comfortable with this
I second-guess myself constantly while writing. I feel the drafting process is private
December 22, 2024 at 10:59 AM
Plus side: it’s opt-in + you can exclude the replay when you share (their pitch is *you* use it to review your edits). Still troubling for privacy though if job apps/schools demand it; the drafting process reveals a lot of your thought process (do you really want to share your unedited thoughts? 😅)
Reposted by Cat Easdon
Can't recommend the Fellowship enough - an amazing opportunity for professional development, growing your network, and meeting super smart folks :) I particularly encourage folks who are on the tech side and would like to get more exposure to policy work or other way round. Apply apply apply!
🚨 Applications are now open for the 2025-2026 Virtual Routes European Cybersecurity Fellowship!
This year-long program is designed for young professionals aiming to advance their careers in cybersecurity policy.
Apply here 👉: virtual-routes.org/initiatives/...
Deadline ⏰: 23 February 2025
This year-long program is designed for young professionals aiming to advance their careers in cybersecurity policy.
Apply here 👉: virtual-routes.org/initiatives/...
Deadline ⏰: 23 February 2025
December 19, 2024 at 9:25 PM
Can't recommend the Fellowship enough - an amazing opportunity for professional development, growing your network, and meeting super smart folks :) I particularly encourage folks who are on the tech side and would like to get more exposure to policy work or other way round. Apply apply apply!
Reposted by Cat Easdon
“For too long, we did not act.
Georgia in 2008.
Crimea in 2014.
And many did not want to believe he would launch all-out war on Ukraine in February 2022.
How many more wake-up calls do we need?”
Every European citizen should read this speech by NATO SecGen Rutte.
www.nato.int/cps/en/natoh...
Georgia in 2008.
Crimea in 2014.
And many did not want to believe he would launch all-out war on Ukraine in February 2022.
How many more wake-up calls do we need?”
Every European citizen should read this speech by NATO SecGen Rutte.
www.nato.int/cps/en/natoh...
“To Prevent War, NATO Must Spend More” - Speech by NATO Secretary General Mark Rutte at the Concert Noble, Brussels
(As delivered)
www.nato.int
December 12, 2024 at 7:05 PM
“For too long, we did not act.
Georgia in 2008.
Crimea in 2014.
And many did not want to believe he would launch all-out war on Ukraine in February 2022.
How many more wake-up calls do we need?”
Every European citizen should read this speech by NATO SecGen Rutte.
www.nato.int/cps/en/natoh...
Georgia in 2008.
Crimea in 2014.
And many did not want to believe he would launch all-out war on Ukraine in February 2022.
How many more wake-up calls do we need?”
Every European citizen should read this speech by NATO SecGen Rutte.
www.nato.int/cps/en/natoh...
Reposted by Cat Easdon
It is not ours to finish the work but neither are we free to neglect it. The world is fractally complex and hard and it will always be, but if we don't work for a world which is kind we won't have one.
Louder, for the people in the back:
I don't fight because I'm sure I'm going to win. I do it because I know that a world in which I don't fight will be worse.
I don't fight because I'm sure I'm going to win. I do it because I know that a world in which I don't fight will be worse.
November 26, 2024 at 1:17 AM
It is not ours to finish the work but neither are we free to neglect it. The world is fractally complex and hard and it will always be, but if we don't work for a world which is kind we won't have one.
Reposted by Cat Easdon
Some really remarkable lines in this speech by Pat McFadden, which is set to be delivered at the NATO Cyber Defence Conference on Monday.
I'll run through what we know in this thread...
I'll run through what we know in this thread...
November 24, 2024 at 10:03 AM
Some really remarkable lines in this speech by Pat McFadden, which is set to be delivered at the NATO Cyber Defence Conference on Monday.
I'll run through what we know in this thread...
I'll run through what we know in this thread...
“…it's possible to map key entry and exit points, pinpointing frequently visited areas, and even tracing personnel to their off-base routines. For a terrorist, this information could be a gold mine—an opportunity to identify weak points, plan an attack, or target individuals”
What do we need? Comprehensive data privacy legislation.
Are we going to get it? No.
www.wired.com/story/phone-...
Are we going to get it? No.
www.wired.com/story/phone-...
Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany
More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.
www.wired.com
November 21, 2024 at 2:15 AM
“…it's possible to map key entry and exit points, pinpointing frequently visited areas, and even tracing personnel to their off-base routines. For a terrorist, this information could be a gold mine—an opportunity to identify weak points, plan an attack, or target individuals”
Reposted by Cat Easdon
I've highlighted this case before (when I was wondering when they're going to schedule a hearing) which is IMO the most important EU law case of the last decade. The EU might soon be in its quasi 14th amendment moments: federal/EU-level fundamental rights (though not the Charter itself) enforced
1/ Some thoughts on tomorrow's big CJEU hearing - the challenge by the EU Commission to Hungary's law on LGBT content.
First of all, here's a link to the Commission's arguments - eur-lex.europa.eu/LexUriServ/L...
(Hungary will be making counter-arguments, of course)
First of all, here's a link to the Commission's arguments - eur-lex.europa.eu/LexUriServ/L...
(Hungary will be making counter-arguments, of course)
C_2023054EN.01001601.xml
eur-lex.europa.eu
November 18, 2024 at 9:33 PM
I've highlighted this case before (when I was wondering when they're going to schedule a hearing) which is IMO the most important EU law case of the last decade. The EU might soon be in its quasi 14th amendment moments: federal/EU-level fundamental rights (though not the Charter itself) enforced
Reposted by Cat Easdon
I crated this list of privacy law thought leaders - folks who are in privacy, AI, data security, and tech:
bsky.app/profile/did:...
bsky.app/profile/did:...
November 12, 2024 at 3:28 PM
I crated this list of privacy law thought leaders - folks who are in privacy, AI, data security, and tech:
bsky.app/profile/did:...
bsky.app/profile/did:...
Reposted by Cat Easdon
Finally the EU throws its hat in the ring with the (first of its kind for EU standards) common declaration about how PIL applies to cyberspace. Quite valuable position from an important player. We eagerly expect the actual text to see teh details but a very positive development overall!
Cyberspace: Council approves declaration on a common understanding of application of international law in cyberspace
Council approves Declaration on a common understanding of application of international law in cyberspace.
www.consilium.europa.eu
November 18, 2024 at 11:01 AM
Finally the EU throws its hat in the ring with the (first of its kind for EU standards) common declaration about how PIL applies to cyberspace. Quite valuable position from an important player. We eagerly expect the actual text to see teh details but a very positive development overall!
We all agree that responsible AI is crucial. But how effective are principles for achieving this? In my op-ed for @bindinghook.bsky.social, I consider the challenges of putting responsible AI principles into practice when questions of ethics and responsibility are frequently dismissed as ‘politics’.
Responsible AI principles in an ‘apolitical’ industry
In an industry that considers itself ‘not a place to debate politics’, creating responsible AI principles can be difficult
bindinghook.com
November 12, 2024 at 6:11 PM
We all agree that responsible AI is crucial. But how effective are principles for achieving this? In my op-ed for @bindinghook.bsky.social, I consider the challenges of putting responsible AI principles into practice when questions of ethics and responsibility are frequently dismissed as ‘politics’.
Reposted by Cat Easdon
In fact, I’d go further and make this mandatory reading for everyone in this space, particularly those pushing #chatcontrol (which Ross vehemently opposed).
The late, much-missed, Ross Anderson had agreed with his publisher to make his security engineering book freely available in full after publication, and it's now available on his website. I can’t recommend it highly enough for those (particularly lawyers) who need to understand tech regulation.
Security Engineering - A Guide to Building
Dependable Distributed Systems
www.cl.cam.ac.uk
November 12, 2024 at 4:55 PM
In fact, I’d go further and make this mandatory reading for everyone in this space, particularly those pushing #chatcontrol (which Ross vehemently opposed).
Reposted by Cat Easdon
Binding Hook has partnered with the Munich Security Conference (MSC) to launch the AI-Cybersecurity Essay Prize Competition.
bindinghook.com/ai-cybersecu...
bindinghook.com/ai-cybersecu...
The AI-Cybersecurity Essay Prize Competition - Binding hook
Terms & Conditions Review Board FAQ 1. Who is eligible to participate? The competition is open to experts in cybersecurity and AI from any part of the world. All submissions must be in English.We only...
bindinghook.com
November 4, 2024 at 11:58 AM
Binding Hook has partnered with the Munich Security Conference (MSC) to launch the AI-Cybersecurity Essay Prize Competition.
bindinghook.com/ai-cybersecu...
bindinghook.com/ai-cybersecu...
Reposted by Cat Easdon
October 26, 2024 at 6:12 PM