Categories
Closed Consultations

Proposed Copyright Amendments for Distance Learning

I’ve been looking at the Intellectual Property Office’s proposals to update copyright exemptions for education, to see if there’s anything I need to comment on. My initial observations are as follows, but I’d be very grateful for comments if I’ve missed something. I’m not an expert on copyright exemptions or education licensing, but I am […]

Categories
Articles

Bug Bounties

Bug bounty schemes have always been controversial. In the early days of the Internet someone who found a bug in software was expected to inform the author and help fix it, as a matter of social responsibility. Suggesting that those researching vulnerabilities be paid for their time and effort seemed rather grubby. Unfortunately not everyone […]

Categories
Articles

Sharing to Win Privacy

The theme of this week’s conference of the Forum of Incident Response and Security Teams (FIRST) is “Sharing to Win”. Perhaps inevitably, I’ve had a number of people (and not just Europeans) tell me that privacy law prevents them sharing information that would help others detect and recover from computer security incidents. If that’s right, […]

Categories
Articles

Privacy Law Amendments Could Hinder Response to Privacy Incidents

One of the areas of network operations where it’s particularly tricky to get legislation right is incident response, and recent amendments proposed by the European Parliament to the draft Data Protection Regulation (warning: 200 page PDF) illustrate why. Most incidents involve computers, passwords, credit card numbers and so on falling into the hands of the […]

Categories
Articles

Uncertainty, Risk Assessment and Breach Notification

Two talks on the first day of the FIRST conference highlighted the increasing range of equipment and data that can be found on the Internet, and the challenges that this presents both for risk assessment and, if incidents do happen, assessing the severity of the possible breach and what measures need to be taken. Eireann […]

Categories
Articles

Detecting DNS configuration errors

The Domain Name Service (DNS) which translates names to IP addresses (among many other things) is critical for humans using the Internet. Research by Slavko Gajin and Petar Bojovic presented at the TERENA Networking Conference indicates that mis-configurations are more common than we might hope. Getting DNS right often requires different organisations to have matching […]

Categories
Articles

Can Internet Stability be Regulated?

A wide-ranging panel discussion at the TERENA Networking Conference considered the stability of the Internet routing system at all levels from technology to regulation. The conclusion seemed to be that at the moment the Internet is stable because two systems, technical and human, compensate effectively for each others’ failings. While improvements to increase stability may […]

Categories
Articles

Privacy, Regulation and Innovation

Robin Wilton of the Internet Society gave a talk at the TERENA Networking Conference on the interaction between privacy, regulation, and innovation. It’s a commonly heard claim that regulation stifles innovation; yet the evidence of premium rate phone fraud and other more or less criminal activities suggests that regulation can, in fact, stimulate innovation, though […]

Categories
Articles

Article 29 Working Party on Profiling

In what sometimes seems like a polarised debate on the draft Data Protection Regulation, it’s good to see the Article 29 Working Party trying to find the middle ground. The subject of their latest advice note is the contentious topic of profiling, which has been presented both as vital to the operation and development of […]