Categories
Articles

IWF Awareness Day

October 24th is the annual Internet Watch Foundation awareness day. Discussion of the IWF often highlights, and rightly so, its success in reducing the availability of indecent images of children on the internet. But the most important result of reporting images to the IWF is when the police, notified by the IWF and its peer […]

Categories
Articles

Analysing Malware lawfully

Malicious software, generally shortened to malware, is involved in a wide variety of security incidents, from botnets and phishing to industrial sabotage. Analysing what malware does and how it can be detected, neutralised and removed from infected computers is an important part of keeping networks and computers secure. However there are many millions of different […]

Categories
Articles

Information Commissioner on Backups and Deleted Files

The Information Commissioner has published new guidance on when information will be ‘held’ by a public authority for the purposes of the Freedom of Information Act (note that Scotland has its own law and guidance). Paragraphs 28-36 of the guidance deal with the tricky topic of deleted computer files and backups. The guidance suggests that […]

Categories
Closed Consultations

EU Network and Information Security legislation

I’ve submitted a Janet response to a European consultation on a future EU Network and Information Security legislative initiative. The consultation itself seems to suffer from “if you only have a hammer” syndrome: if you’re a legislator then it must be tempting to think that all problems (lack of reporting of “cybercrimes”, insecure end-user computers, […]

Categories
Articles

Defamation Bill – House of Lords

The Defamation Bill arrived in the House of Lords this week. Most of the debate concentrated on how to reform the definition of defamation and the court processes for dealing with it. However Lord McNally (at Column 934) gave a good summary of the twin problems affecting websites that host content provided by third parties: […]

Categories
Articles

Thinking about “Privacy in Context” and Access Management Federations

One of the big challenges in designing policies and architectures for federated access management is to reconcile the competing demands that the system must be both “privacy-respecting” and “just work”. For an international access management system to “just work” requires information about users to be passed to service providers, sometimes overseas. The information may be […]

Categories
Articles

Information Commissioner Guide to Cloud Computing

The Information Commissioner has published new Guidance on the Use of Cloud Computing for organisations who are, or are considering, using cloud services to process personal data. The benefits of clouds are recognised: these may include “increased security, reliability and resilience for a potentially lower cost”. However cloud customer organisations may also “encounter risks to […]

Categories
Articles

Responsible ISPs in Latvia

Earlier in the year I wrote about the German ISP Association’s scheme to remove the economic disincentive for ISPs to inform their customers of botnet infections on their PCs by providing a centrally-funded helpdesk. In Latvia a different approach has been taken: providing a “responsible ISP” mark that consumer networks can use on their websites […]