In talking with service providers at this week’s conferences on federated access management in Helsinki it’s become apparent that many of them are asking identity providers to supply not only the information that they need for normal operations, but also information that will only actually be needed if a problem occurs. For example it seems […]
The Department for Business, Innovation and Skills has published a summary of the responses to its consultation on the proposed EU Directive on Network and Information Security (NIS) (JANET’s response). Summarising that summary (!): There seems to be agreement that there is a role for the EU in Network and Information Security, in particular in […]
Ofcom Copyright Infringement Research
Over the past year, Ofcom have commissioned a series of research studies into online copyright infringement. They and the Intellectual Property Office (IPO) held a workshop to present the results of these and other studies and to consider what continuing research is needed to provide an evidence base for future policy in the area of […]
Implementation of the new provisions for website operators under the Defamation Act 2013 has come a step closer, with the Ministry of Justice seeking comments on draft implementing Regulations. INFORRM has a summary of the process, with a helpful flowchart. Janet and UCISA have sent a joint response pointing out two frequent situations, and one […]
Bins, MACs and Privacy Law
A recent news story reported that a small number of litter bins in London were collecting a unique identifier from passing mobile phones and using these for some sort of “footfall analysis”. There doesn’t seem to be much detail about the plans: it struck me that a helpful application could perhaps be look for the […]
The EU has finally adopted a new Directive on attacks against information systems, first proposed in 2010. The Directive will require Member States, within two years, to ensure they meet its requirements on Activities that must be considered crimes; Effective sentences for those convicted of the crimes (including higher maximum sentences for aggravating circumstances such […]
I’ve just submitted a response to the Intellectual Property Office on their proposed amendments to the education exemptions to UK copyright law. These aim to extend the same permissions for distance learning as currently apply to the premises of an educational establishment. From Janet’s point of view as operator of a network and an access management […]
I’ve been looking at the Intellectual Property Office’s proposals to update copyright exemptions for education, to see if there’s anything I need to comment on. My initial observations are as follows, but I’d be very grateful for comments if I’ve missed something. I’m not an expert on copyright exemptions or education licensing, but I am […]
Bug Bounties
Bug bounty schemes have always been controversial. In the early days of the Internet someone who found a bug in software was expected to inform the author and help fix it, as a matter of social responsibility. Suggesting that those researching vulnerabilities be paid for their time and effort seemed rather grubby. Unfortunately not everyone […]
Sharing to Win Privacy
The theme of this week’s conference of the Forum of Incident Response and Security Teams (FIRST) is “Sharing to Win”. Perhaps inevitably, I’ve had a number of people (and not just Europeans) tell me that privacy law prevents them sharing information that would help others detect and recover from computer security incidents. If that’s right, […]