Categories
Articles

Low-risk identifiers in Access Management

The Information Commissioner’s analysis of the European Parliament’s amendments to the draft Data Protection Regulation discusses the wide range of information that falls within the definition of “personal data” and gives examples that seem particularly relevant to identity federations. The Information Commissioner considers that identifiers pose a higher privacy risk if they are “interoperable”. Since […]

Categories
Articles

Swiss law on malware-infected domains

The recent TF-CSIRT meeting in Zurich included a talk by the Swiss telecoms regulator (like ours, called Ofcom, though their ‘F’ stands for Federal!) on the law covering websites in the .ch domain that distribute malware, normally as the result of a compromise. Under this law a designated authority can order the temporary or permanent […]

Categories
Articles

Travelling with encrypted devices

Most portable devices – laptops, smartphones and memory sticks – should be encrypted so that the information they contain is protected if the device is lost or stolen. Many countries (including the UK) give their immigration and other authorities legal powers to demand that you decrypt an encrypted device though given the number of laptops […]