Thoughts on regulatory and ethical issues relating to the use of technology in education and research
The Committee on Advertising Practice (CAP) has announced new rules on online behavioural advertising. UK advertisers will be expected to comply with these rules from 4th February 2013. Unlike the much-discussed cookie law, the CAP rules are technology neutral, concentrating instead on the actions involved in providing on-line adverts that are targeted to individuals’ patterns […]
ENISA’s study on the “Right to be Forgotten” contains useful reminders that once information is published on the Internet it may be impossible to completely remove it. Implementing a right to be forgotten would involve four stages: Identifying and locating the information to be removed; Tracking all copies that may have been made, including unauthorised […]
A new Opinion of the EU Data Protection Supervisor discusses some of the problems in applying the current Data Protection Directive to public cloud services, and how these might be done better under the proposed Data Protection Regulation. Particular challenges include Although the Directive claims to regulate “transfers” of personal data out of the EEA, […]
An interesting paper from ENISA and the NATO Cyberdefence Centre illustrates the narrow space that the law allows for incident response, and the importance of ensuring that new laws don’t prevent incident response teams from protecting networks, systems, their users and information against attack. By comparing the details of German and Estonian law, the report […]
A paper on “Economic Tussles in Federated Identity Management” provides some interesting insights into which FIM systems succeed and which fail. A simplistic summary would be that success requires a win-win outcome, where every party (Identity Provider, Service Provider and User) gains some benefit from adopting a federated approach. Viewing federations as a two-sided market […]
An interesting presentation by Giles Hogben of ENISA at TERENA’s CSIRT Task Force meeting in Heraklion last week, looking at security issues when moving to the public cloud computing model.There have been several papers on technical issues such as possible leakage of information between different virtual machines running on the same physical hardware (for example […]
There was an excellent line-up of speakers at Janet CSIRT’s conference this week. Lee Harrigan (Janet CSIRT) discussed how the team are now monitoring Pastebin for signs of security problems affecting Janet sites. Pastebin can be a useful place to share large files, however some users apparently don’t realise that things posted to the site […]
The House of Commons’ Justice Committee has published a critical report on the European Commission’s proposals for a new Data Protection Regulation and Directive. While recognising the potential benefits to be had from reducing the current differences between Data Protection laws in different Member States the Committee considers the current text to be much too […]
October 24th is the annual Internet Watch Foundation awareness day. Discussion of the IWF often highlights, and rightly so, its success in reducing the availability of indecent images of children on the internet. But the most important result of reporting images to the IWF is when the police, notified by the IWF and its peer […]
Malicious software, generally shortened to malware, is involved in a wide variety of security incidents, from botnets and phishing to industrial sabotage. Analysing what malware does and how it can be detected, neutralised and removed from infected computers is an important part of keeping networks and computers secure. However there are many millions of different […]