Do fair design patterns exist?

Last week I participated in a Lorentz workshop on Fair patterns for online interfaces, organised by Hanna Schraffenberger, Raphael Gellert, Colin Gray, Arianna Rossi and Cristiana Santos. The workshop was super interesting, and I would like to thank the organisers for the great work they did in preparing such a stellar event. (BTW: the Lorentz Center offers a great location and a great deal of support to organise your own workshop at no cost. They are always happy to receive workshop proposals!).

At the workshop dinner, Arianna asked me what I learned, and I provocatively quipped: “fair design patterns do not exist”. Of course the truth is much more nuanced, which I will try to unpack a bit in this blog post, to perhaps start a more in depth discussion and study.

Analysing the proposal to regulate the digital euro

Earlier this year the European Commission published a proposal for a regulation on the establishment of the digital euro. At the same time it also published another proposal for a regulation on the legal tender of euro banknotes and coins. See for more information this digital euro package.

A few months later, both the European Central Bank (ECB) and the EDPB/EDPS published their opinions on this proposal. I was asked to offer my views on these proposals to the Civil Liberties, Justice and Home Affairs (LIBE) committee of the European Parliament. This is what I submitted.

Some observations on the final text of the European Digital Identity framework (eIDAS).

The final text of the update to the eIDAS regulation (establishing a framework for a European Digital Identity) has been agreed upon. In a last minute effort to improve the text, we wrote an open letter criticising the proposal on weakening the security of the web, and providing too few safeguards protecting users of the proposed European Identity Wallet. Were we successful?

Clearghost: Using the laws of nature to limit digital surveillance by law enforcement.

Digitisation owes its disruptive power to the near zero marginal cost of digital products and services. Although the initial investment to create a product or service may be huge, creating a new digital copy, adding new users, or processing more work, costs next to nothing. As a result, these products and services can scale up very quickly without control, creating all kinds of societal problems. In this blog post I will focus on the particular problem of digital surveillance by law enforcement, and will study a speculative approach based on laws of nature to inherently limit their reach.

Tainting the CSAM client-side scanning database.

The proposal of the European Commission for a regulation on preventing and combatting the sexual abuse and sexual exploitation of children is currently discussed in Dutch parliament. I recently wrote about some concerns and the risk of a DDoS attack. It turns out it is also possible to taint the database of images of known child sexual abuse material (CSAM), allowing an adversary to trick the client-side scanning system to also trigger an alarm for other, non CSAM, material. Client side scanning could thus be vulnerable to undetectable function creep.