One of the areas of network operations where it’s particularly tricky to get legislation right is incident response, and recent amendments proposed by the European Parliament to the draft Data Protection Regulation (warning: 200 page PDF) illustrate why. Most incidents involve computers, passwords, credit card numbers and so on falling into the hands of the […]
Two talks on the first day of the FIRST conference highlighted the increasing range of equipment and data that can be found on the Internet, and the challenges that this presents both for risk assessment and, if incidents do happen, assessing the severity of the possible breach and what measures need to be taken. Eireann […]
Categories
Detecting DNS configuration errors
The Domain Name Service (DNS) which translates names to IP addresses (among many other things) is critical for humans using the Internet. Research by Slavko Gajin and Petar Bojovic presented at the TERENA Networking Conference indicates that mis-configurations are more common than we might hope. Getting DNS right often requires different organisations to have matching […]
Categories
Can Internet Stability be Regulated?
A wide-ranging panel discussion at the TERENA Networking Conference considered the stability of the Internet routing system at all levels from technology to regulation. The conclusion seemed to be that at the moment the Internet is stable because two systems, technical and human, compensate effectively for each others’ failings. While improvements to increase stability may […]
Categories
Privacy, Regulation and Innovation
Robin Wilton of the Internet Society gave a talk at the TERENA Networking Conference on the interaction between privacy, regulation, and innovation. It’s a commonly heard claim that regulation stifles innovation; yet the evidence of premium rate phone fraud and other more or less criminal activities suggests that regulation can, in fact, stimulate innovation, though […]
Categories
Article 29 Working Party on Profiling
In what sometimes seems like a polarised debate on the draft Data Protection Regulation, it’s good to see the Article 29 Working Party trying to find the middle ground. The subject of their latest advice note is the contentious topic of profiling, which has been presented both as vital to the operation and development of […]
Categories
BYOD: About the Owners, not the Devices
The UCISA Networking Group’s conference BYOD: Responding to the Challenge looked at new developments in an area that has actually been an important part of Higher Education for at least fifteen years. Student residences have offered network sockets since the 1990s and staff have been using family PCs for out of hours work for at […]
I was asked recently how I saw current legal developments in Europe affecting the work of incident response teams, so here’s a summary of my thoughts. Understanding Data Protection law has always been a problem for incident response. Some of the information needed to detect and resolve incidents is personal data but laws are unclear […]
The Article 29 Working Party have published an explanatory document on Binding Corporate Rules for Data Processors, to provide further detail on using the template they published last year. European data protection law requires that any export of personal data from the European Economic Area be covered by adequate measures to protect individuals whose data […]
Categories
Digital Economy Bill – One step forward
The Digital Economy Bill has been taking up a lot of my time since the start of the new year and I’m pleased to report one result. The Bill gives the Secretary of State powers to intervene in the operations of a DNS registry where a serious failure of the registry is likely to affect […]