I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!
[This is the approximate text of an internal company talk, which I’ve been asked to make more widely available] One of the odd things about how people talk about the Internet is that you’ll hear it described both as “the Wild West” where there are no rules and unlawful behaviour is rife and as a […]
There was an excellent line-up of speakers at Janet CSIRT’s conference this week. Lee Harrigan (Janet CSIRT) discussed how the team are now monitoring Pastebin for signs of security problems affecting Janet sites. Pastebin can be a useful place to share large files, however some users apparently don’t realise that things posted to the site […]
The House of Commons’ Justice Committee has published a critical report on the European Commission’s proposals for a new Data Protection Regulation and Directive. While recognising the potential benefits to be had from reducing the current differences between Data Protection laws in different Member States the Committee considers the current text to be much too […]
October 24th is the annual Internet Watch Foundation awareness day. Discussion of the IWF often highlights, and rightly so, its success in reducing the availability of indecent images of children on the internet. But the most important result of reporting images to the IWF is when the police, notified by the IWF and its peer […]
Malicious software, generally shortened to malware, is involved in a wide variety of security incidents, from botnets and phishing to industrial sabotage. Analysing what malware does and how it can be detected, neutralised and removed from infected computers is an important part of keeping networks and computers secure. However there are many millions of different […]
The Information Commissioner has published new guidance on when information will be ‘held’ by a public authority for the purposes of the Freedom of Information Act (note that Scotland has its own law and guidance). Paragraphs 28-36 of the guidance deal with the tricky topic of deleted computer files and backups. The guidance suggests that […]
I’ve submitted a Janet response to a European consultation on a future EU Network and Information Security legislative initiative. The consultation itself seems to suffer from “if you only have a hammer” syndrome: if you’re a legislator then it must be tempting to think that all problems (lack of reporting of “cybercrimes”, insecure end-user computers, […]
The Defamation Bill arrived in the House of Lords this week. Most of the debate concentrated on how to reform the definition of defamation and the court processes for dealing with it. However Lord McNally (at Column 934) gave a good summary of the twin problems affecting websites that host content provided by third parties: […]
One of the big challenges in designing policies and architectures for federated access management is to reconcile the competing demands that the system must be both “privacy-respecting” and “just work”. For an international access management system to “just work” requires information about users to be passed to service providers, sometimes overseas. The information may be […]
The Information Commissioner has published new Guidance on the Use of Cloud Computing for organisations who are, or are considering, using cloud services to process personal data. The benefits of clouds are recognised: these may include “increased security, reliability and resilience for a potentially lower cost”. However cloud customer organisations may also “encounter risks to […]