Categories
Closed Consultations

Notice and Takedown Consultations

Two consultations have come along at once – one from Westminster and one from Brussels – that both seem to recognise the problems with incentives that current liability rules create for sites that host third party content. Under both the UK Defamation Act 1996 and the European eCommerce Directive (2000/31/EC) hosts are discouraged from themselves […]

Categories
Articles

Choosing the Right Identifier

In discussing a legal framework for federated access management we’ve concluded that the right approach to use as a basis for exchanging attributes is that a particular attribute is “necessary” to provide a service. That implies both that service providers shouldn’t ask for attributes they don’t need, and also that where there is a choice […]

Categories
Articles

EU considers “Hacking Tools” offences

The  European Commission seems to be revisiting ground covered by the UK’s 2006 amendment to the Computer Misuse Act, attempting to criminalise certain acts relating to devices/tools used for committing offences against information systems. The problem is that many computer programs – for example for identifying vulnerable computers, monitoring wireless networks or testing password strength […]

Categories
Articles

ICC Cookie Guide

The International Chamber of Commerce has published a Guide to cookies to help businesses comply with the legislation and individuals understand what is being done with their data. Rather than concentrating on the legal issues, the guide aims to develop a common terminology for different types of cookie use, which should help to increase users’ […]

Categories
Articles

Shiny New Legislation

I was recently struck by just how new most of the legislation creating duties for operators of electronic communications network is. Compared to the Computer Misuse Act, which has only had one amendment since 1990, these laws seem to be changing a lot faster: Data Retention (EC Directive) Regulations 2009 – with a significant update […]

Categories
Articles

How to think about privacy

I’ve been pointed to an interesting article by Alexis Madrigal about the work of Helen Nissenbaum, an American philosopher who has been looking at what “privacy” actually means, and what sort of things cause us to feel that our privacy has been invaded. A lot of discussion (and most of EU data protection law) assumes […]

Categories
Articles

Government CERTs and Information Sharing

I’ve had three discussions in two days about whether Government CERTs are different from others, which makes it a FAQ! It seems to me that legislation may be heading that way, and that that could create a potential problem for sharing information. Most CERTs act in the interests of a particular, reasonably well-defined, constituency. However […]

Categories
Articles

Botnet cleanup efforts by German ISPs

I had an interesting discussion last week with Thorsten Kraft of the German ISP association, eco, on how German network providers cooperate to help reduce the number of their users’ PCs that are infected with malware. The UK Government has recently added this as an aim in our national Cyber Security Strategy so the German […]

Categories
Publications

Privacy and Incident Response

At a meeting of TERENA’s CSIRT Task Force last week, I presented an updated version of my paper on Privacy and Incident Response. Responding effectively to incidents is essential to protect the privacy and other rights of individuals and organisations that use the Internet: compromises, phishing, etc. clearly infringe those rights. However incident response may […]

Categories
Articles

Cookies: More information, and a demonstration

With a new law on obtaining consent for cookies coming into force today, the Information Commissioner has published details of how the ICO’s own site has been updated to comply. There appear to be three main changes: A lot more information on the privacy statement about the names and purposes of each cookie, and how […]