[UPDATE: my slides are now available] This week I’ve been presenting at an event on Artificial Intelligence in Education, organised by the Finnish Government in their current role as EU Presidency. Specifically I was asked to look at where we might find building blocks for the ethical use of AI in education. Looking at the […]
A few weeks ago I gave a presentation to an audience of university accommodation managers (thanks to Kinetic for the invitation), where I suggested that we should view Data Protection as an opportunity, rather than a challenge. That may seem strange, given that universities probably have the most complex data flows of any organisation. And […]
Last week I was invited to be a member of a panel at the UN Internet Governance Forum on how law can help security and incident response and, in particular, information sharing. It seems there are still concerns in some places that privacy law is getting in the way of these essential functions. I started […]
Four years ago, Jisc responded to the Board of European Regulators of Electronic Communications (BEREC) consultation on network neutrality to point out that some security measures cannot just be temporary responses by the victims of attacks, but need to be permanently configured in all networks to prevent them being used for distributed denial of service […]
Categories
GDPR: what’s your justification?
One of the key steps in preparing for the General Data Protection Regulation is to know why you are processing each set of personal data, and which of the six legal justifications applies: consent, contract, legal obligation, vital interest, public interest or legitimate interest. The Regulation significantly tightens the rules on when consent can be […]
Categories
EDPB on (not) Necessary for Contract
The European Data Protection Board’s (EDPB) latest Guidelines further develop the idea that we should not always expect relationships involving personal data to have a single legal basis. Although the subject of the Guidelines is the legal basis “Necessary for Contract”, much of the text is dedicated to pointing out the other legal bases that […]
Monica Whitty’s keynote at the FIRST Conference (recording available on YouTube) used interviews at organisations that had been victims of insider attacks to try to understand these attackers – and possible defences – from a psychological perspective. It turns out that thinking about stereotypical “insider threats” probably doesn’t help. Notably, disgruntled employees were responsible for […]
Categories
The Big Bad Smart Fridge
Leonie Tanczer’s FIRST 2019 keynote (recording now available on YouTube) looked at more than a decade of European discussions of whether/how to regulate the Internet of Things (no, I didn’t realise, either) and how we might do better in future. This is particularly relevant to an incident response conference as – as Mirai and other […]
Merike Kaeo’s keynote “Waking Up the Guards” at the FIRST 2019 conference (recording now available on YouTube) highlighted how attacks on the internet core no longer target a single service (naming, routing, signing) but move between these to achieve their hostile result. Defenders, too, need to consider the consequences of their implementation choices as a […]
Categories
Things that Go Bump in the Night
Apparently Miranda Mowbray had been wanting to do a talk on “Things that Go Bump in the Night” for some time, and it made an excellent closing keynote for the 2019 FIRST conference in Edinburgh (recording now available on YouTube). Although “things” may increasingly need an Internet connection to operate, there are significant differences between […]