Лабораторія цифрової безпеки

In October, some long-awaited events influencing the Ukrainian media sector occurred. The MPs registered the draft amendments to the Law on Media, which aim to fix certain bugs in its implementation practice. Ukrainian Parliament also proceeded with the selection of the expired member in the media regulator, which is necessary to enhance NBC’s independence in light of the EU Enlargement Report’s recommendations and the lack of the regulator’s funding for the next year in the draft budget. Co-regulation also kept evolving, with the first body announcing certain important calls for management and expert positions. Read more in the full version of our digest: https://lnkd.in/gPRZG9ir

In light of artificial intelligence becoming increasingly popular among CSOs, new benefits and significant risks arise for civil society and their partner organizations. Although international standards are put in place by the EU Artificial Intelligence Act and the Council of Europe Framework Convention on Artificial Intelligence, certain uses and risks are not covered in much detail, especially beyond the European borders. 👉 To address the most common problems, DSLU developed the “Human-Rights-Compliant Use of Artificial Intelligence Systems: Toolkit for Civil Society”. This document aims at aiding CSOs in preventing and mitigating the risks that stem from the irresponsible use of AI systems, ensuring compliance with all the relevant regulatory standards and human rights requirements. Additionally, our Toolkit contains a practical Checklist for the responsible selection of AI systems that CSOs can use as a quick and comprehensive tool to filter the potentially risk-inducing AI instruments and effectively mitigate the prima facie risks. 📌 The Toolkit is available for use via this link: https://lnkd.in/e6SH4RnM

What’s up with Ukraine’s media regulation in September 2024? We covered the main events in the latest issue of our digest: https://bit.ly/3TSh6lj. Some of the highlights are: 📌 the change of focus of the Ministry of Culture and Information Policy towards strategic communications, connected with the appointment of the new minister; 📌 the presentation of the EMFA Implementation Plan, which will become a foundation for adapting Ukrainian media legislation to this act; 📌 the submission to Verkhovna Rada of the initial Draft State Budget for 2025, containing provisions liable to harm NBC’s independence; 📌 National Coordination Center for Cyber Security’s recommendation to restrict the use of Telegram within state authorities, military formations, and critical infrastructure facilities.

In April 2024, the European Union adopted the European Media Freedom Act (EMFA) designed to safeguard media pluralism and editorial independence taking into account the rapid digital transformation of the media space. The EMFA has been included in the list of acts for screening Ukraine’s compliance with acquis communutaire, which makes its transposition here a matter of utmost importance given the EU’s heightened attention to media reform. Digital Security Lab Ukraine analyzed the norms of Ukrainian legislation, which will require harmonization with the European Media Freedom Act, and prepared recommendations in 10 key spheres that reflect EMFA’s provisions to be implemented prior to EU accession. This analysis does not include the provisions describing the functionality of the European Board for Media Services (Articles 8-13), regulatory cooperation (Articles 13-17) and other provisions that will remain inapplicable for Ukraine until its accession to the Union. The Action Plan is available here: https://lnkd.in/eFkVRZRZ

Today we are celebrating DSLU’s 7th anniversary 🎉 We are proud of the results of our work through these years and are inspired to continue building a more secure and open digital environment. Thank you for trusting us and choosing Digital Security Lab Ukraine as a reliable partner for digital security and digital rights protection. Here’s to many more years of productive work and strong partnerships! As always, we are immensely grateful to the AFU and our colleagues who joined the Army for the opportunity to do our part in supporting Ukraine’s democracy, civil society and independent media.

From August 19 to 23, the DSLU team organised and held Digital Rights School, a 5-day training program on digital rights for 15 young lawyers and law students. Within the program, we covered many of the most relevant issues in the field of freedom of speech and privacy protection online, paying special attention to the European integration process and national security in a time of war. The program included lectures and discussions with experts and representatives of relevant government bodies, practical tasks, and case studies on the following topics: 🔸 freedom of speech on the Internet, countering disinformation and war propaganda; 🔸 regulation of media and online platforms in the context of new EU legislation; 🔸 personal data and privacy protection online, implementation of GDPR requirements in Ukraine; 🔸 AI and human rights: requirements of the Council of Europe, EU legislation and the specifics of such regulation in Ukraine. We also invited the most active participants for an internship at DSLU, so they can receive mentorship from our team and participate in writing analytical materials. We are grateful to the participants for being active in discussions and asking sharp questions💛 * * * Digital Rights School is developed and implemented by Digital Security Lab Ukraine and held with the support of UNESCO and the people of Japan as well as the Ministry of Foreign Affairs of the Czech Republic within the Transition Promotion Program.

I am grateful to Digital Security Lab Ukraine for inviting me to join the Digital Rights School for Lawyers as a speaker and discuss European integration, media and platforms, and the challenges Ukraine faces in terms of European integration. During the discussion, we discussed the regulation of media and online platforms in the light of the new EU legislation, in particular the Digital Services Act, the prospects for implementation in Ukraine and the challenges along the way. Many thanks to the young lawyers for their interesting questions, and even more for their promising ideas. I am inspired by their sharp minds and talent.

What’s up with Ukraine’s media regulation in August 2024? In August, Ukraine became one step closer towards the formal EU accession process by designing the constituency of its negotiation groups. The MPs continued debating the issue of platform regulation and blocking, averting the adoption of Draft Law #11115, potentially liable for harming Internet freedoms. A number of important soft law recommendations advising on media content production were published and endorsed by the authorities this month. Read more in the latest issue of our digest: https://bit.ly/3Z7YrW4.

What time is it?) It’s data protection time for those registered for the digital rights school of Лабораторія цифрової безпеки. Had some fruitful legal discussions with audience whose hobby is to spend summer time over fruitful legal discussions;) I loved it. Nothing better than the audience asking so many questions that you actually surprisingly ask those questions to yourself for the first time and discover new topics to study❤️ I am not that kind of expert (or liar;) to state that I know everything and make no mistakes) This probably makes me less of an effective sales person, doesn’t it?) Or it’s not fancy anymore to be always right and stubborn? Would like to know your opinion)

In July, the DSLU team received an email with an attachment for analysis. At first glance, the letter looked genuine and did not raise much suspicion. However, a more detailed analysis revealed a multi-step phishing scheme and its Russian footprint. 👉 Read the full report with IOCs here: https://bit.ly/4cp4Wa2. In this scheme, the malicious code was hidden inside others, so antiviruses did not detect malicious activity in the attached file, and automated systems could not detect it because the code would wait for the cursor movement. Attackers have used simple techniques to complicate detection, such as: using unique file hashes, waiting for cursor movement, inspecting the execution environment, obfuscating code using text manipulation, tracking file execution, and loading the final malicious code only if the first one was successful. The attackers also likely compromised the sender's email address and adapted the content and file names to look like a trusted sender. Later throughout July, we received a couple more similar emails with the same phishing scheme which points to the same origin of these attacks. Other researchers link this attack to the Russia-backed hacker group Gamaredon (UNC530) which has been targeting Ukrainian organisations for years.