Categories
Articles

ENISA: “Right to be Forgotten” has limits

ENISA’s study on the “Right to be Forgotten” contains useful reminders that once information is published on the Internet it may be impossible to completely remove it. Implementing a right to be forgotten would involve four stages: Identifying and locating the information to be removed; Tracking all copies that may have been made, including unauthorised […]

Categories
Articles

EU DP Supervisor on Cloud Computing

A new Opinion of the EU Data Protection Supervisor discusses some of the problems in applying the current Data Protection Directive to public cloud services, and how these might be done better under the proposed Data Protection Regulation. Particular challenges include Although the Directive claims to regulate “transfers” of personal data out of the EEA, […]

Categories
Articles

Legal issues in dealing with Botnets

An interesting paper from ENISA and the NATO Cyberdefence Centre illustrates the narrow space that the law allows for incident response, and the importance of ensuring that new laws don’t prevent incident response teams from protecting networks, systems, their users and information against attack. By comparing the details of German and Estonian law, the report […]

Categories
Articles

How to Succeed in Federated Identity Management

A paper on “Economic Tussles in Federated Identity Management” provides some interesting insights into which FIM systems succeed and which fail. A simplistic summary would be that success requires a win-win outcome, where every party (Identity Provider, Service Provider and User) gains some benefit from adopting a federated approach. Viewing federations as a two-sided market […]

Categories
Articles

Cloud Computing Security: Benefits and Risks

An interesting presentation by Giles Hogben of ENISA at TERENA’s CSIRT Task Force meeting in Heraklion last week, looking at security issues when moving to the public cloud computing model.There have been several papers on technical issues such as possible leakage of information between different virtual machines running on the same physical hardware (for example […]

Categories
Presentations

Wild West or 1984?

[This is the approximate text of an internal company talk, which I’ve been asked to make more widely available] One of the odd things about how people talk about the Internet is that you’ll hear it described both as “the Wild West” where there are no rules and unlawful behaviour is rife and as a […]

Categories
Articles

Janet CSIRT conference (#CSIRT2012)

There was an excellent line-up of speakers at Janet CSIRT’s conference this week. Lee Harrigan (Janet CSIRT) discussed how the team are now monitoring Pastebin for signs of security problems affecting Janet sites. Pastebin can be a useful place to share large files, however some users apparently don’t realise that things posted to the site […]

Categories
Articles

Justice Committee: “Back to the drawing board” on Data Protection Regulation

The House of Commons’ Justice Committee has published a critical report on the European Commission’s proposals for a new Data Protection Regulation and Directive. While recognising the potential benefits to be had from reducing the current differences between Data Protection laws in different Member States the Committee considers the current text to be much too […]