Thoughts on regulatory and ethical issues relating to the use of technology in education and research
I’ve had a few discussions recently where people talked about the ‘new risk’ of Bring Your Own Device (BYOD), but then mentioned risks – loss/theft of device, use in public place, etc. – that already exist on organisation-managed mobile devices. Turning that around, it struck me that one way to develop a BYOD policy might […]
A law that promotes Privacy by Design and Data Minimisation ought to encourage the use of indirectly-linked identifiers, which allow processing to be done separate from, or even without, the ability to identify the person whose information is being processed. However European Data Protection law has never really worked out what these identifiers are. The […]
The amount of information stored in encrypted form is steadily increasing, supported by recommendations from the Information Commissioner and others. When deciding to adopt encryption, it’s worth planning for what might happen if the police or other authorities need to access it in the course of their duties. Normally the existing access rules under section […]
If you look up “interception” in most dictionaries you’ll find that it happens before an action has completed: in sport a pass can no longer be “intercepted” once it reaches a teammate. In a legal dictionary, however, that turns out not to be true. According to section 2(2) of the Regulation of Investigatory Powers Act […]
In talking with service providers at this week’s conferences on federated access management in Helsinki it’s become apparent that many of them are asking identity providers to supply not only the information that they need for normal operations, but also information that will only actually be needed if a problem occurs. For example it seems […]
Over the past year, Ofcom have commissioned a series of research studies into online copyright infringement. They and the Intellectual Property Office (IPO) held a workshop to present the results of these and other studies and to consider what continuing research is needed to provide an evidence base for future policy in the area of […]
A recent news story reported that a small number of litter bins in London were collecting a unique identifier from passing mobile phones and using these for some sort of “footfall analysis”. There doesn’t seem to be much detail about the plans: it struck me that a helpful application could perhaps be look for the […]
The EU has finally adopted a new Directive on attacks against information systems, first proposed in 2010. The Directive will require Member States, within two years, to ensure they meet its requirements on Activities that must be considered crimes; Effective sentences for those convicted of the crimes (including higher maximum sentences for aggravating circumstances such […]
Bug bounty schemes have always been controversial. In the early days of the Internet someone who found a bug in software was expected to inform the author and help fix it, as a matter of social responsibility. Suggesting that those researching vulnerabilities be paid for their time and effort seemed rather grubby. Unfortunately not everyone […]
The theme of this week’s conference of the Forum of Incident Response and Security Teams (FIRST) is “Sharing to Win”. Perhaps inevitably, I’ve had a number of people (and not just Europeans) tell me that privacy law prevents them sharing information that would help others detect and recover from computer security incidents. If that’s right, […]