Categories
Articles

The Definition of Consent

Although consent is a key concept in Data Protection, discussions of it often seem confused and legal interpretations inconsistent. For example the European Commission has in the past called both for a crackdown on the over-use of consent and for all processing of personal data to be based on consent! A new Opinion on the […]

Categories
Articles

Privacy Riskiness for Access Management

On a privacy course I teach for system and network managers I suggest a scale of “privacy riskiness”, the idea there being that if you can achieve an objective using information from lower down the scale then you run less risk of upsetting your users and/or being challenged under privacy law. That scale is very […]

Categories
Articles

Explaining Attribute Release

Federated access management can make things nice and simple for both the user and the service they are accessing. By logging in to their home organisation the user can have that organisation release relevant information to the service – “I am a student”, “this is my e-mail address” and so on. And because that information […]

Categories
Articles

Re-opening the Internet?

Two recent news stories suggest that the importance of open Internet connectivity is gaining increasing international recognition. The UN’s Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression has published a report stressing the importance both of making internet infrastructure available to as much of the world’s population […]

Categories
Articles

Domains with Criminal Purpose

Questions about my last posting on Nominet’s DNS domain suspension discussions, have got me thinking a bit more about my idea of “domains registered for a criminal purpose”. My suggestion is that these should be the only domains that a top-level registry can remove on its own, rather than asking for the decision to be […]

Categories
Articles

Phishing trends

Some interesting analysis was presented by Pat Cain at the FIRST conference on trends from APWG (Anti-Phishing Working Group) data including their six-monthly surveys of domain names used in phishing campaigns. There is evidence that concerted campaigns against phishing can be effective – the .hk domain used to be one of the most commonly used […]

Categories
Closed Consultations

Intermediary Liability

I’ve just submitted a JANET(UK) response to the Ministry of Justice’s consultation on draft Defamation Bill. In fact my comments don’t relate to the current draft Bill, but to a longer-term part of the consultation paper (pp 40-47) on whether any changes are needed to the law of liability for Internet intermediaries. At the moment […]

Categories
Articles

Data Protection: “recognition” or “identification”?

Many of the problems in applying European Data Protection Law on-line arise from uncertainty over whether the law covers labels that allow an individual to be recognised (i.e. “same person as last time”) but not – unless you are the issuer of the label – identified (i.e. “Andrew again”). The Article 29 Working Party have […]

Categories
Articles

Cookies – *now* it’s time to wake up

The Information Commissioner has published his guidance on complying with new European cookie law, and the news is less good than had been hoped. Although the simplest way for a website to obtain users’ consent to installing cookies would be to rely on them having set appropriate cookie preferences in their browsers – indeed the […]

Categories
Articles

IPv6 helps cloud routing

Matt Cook’s talk at Networkshop explained Loughborough University’s thinking on how virtualisation might be used to provide both resilience and flexibility by allowing services to be moved between different locations in both internal and external clouds. Rather than virtualising a single server, this involves creating a virtual container holding the various components required to deliver […]