Categories
Articles

Information Sharing in Emergencies

The Information Commissioner’s new blog post explains how Data Protection law should be seen as a guide to when and how to share information in emergencies, not an obstacle to such sharing. In health emergencies three provisions are most likely to be relevant: Explicit Consent (GDPR Art.9(2)(a)): where an individual chooses to disclose information, such […]

Categories
Publications

CSIRT Information Sharing: completing the legal framework

[UPDATE: slides from my TF-CSIRT presentation are now available] Several years ago I wrote a paper on using the GDPR to decide when the benefits of sharing information among network defenders outweighed the risks. That used the Legitimate Interests balancing test to compare the expected benefits – in improving the security of accounts, systems or […]

Categories
Articles

Algorithms: Explanations, Blame and Trust

“Algorithms” haven’t had the best press recently. So it’s been fascinating to hear from the ReEnTrust project, which actually started back in 2018, on Rebuilding and Enabling Trust in Algorithms. Their recent presentations have  looked at explanations, but not (mostly) the mathematical ones that are often the focus. Rather than trying to reverse engineer a […]

Categories
Articles

Information Sharing: Failing Smarter

Over the past twenty years, I’ve seen a lot of attempts to start information sharing schemes. And a lot of those have failed, some very slowly, despite huge amounts of effort. I wondered if there pointers that could be used, early on, to try to spot those. Story First, what is the story? If you […]

Categories
Articles

Draft NIS2 Directive: security teams “should” be collaborating

Anyone who works with flows, logs and other sources of information to protect network and information security should already be familiar with Recital 49 of the GDPR, where European legislators explained why that was (subject to a risk-based design) a good thing. Now the European Commission has published its draft of the replacement Network and […]

Categories
Articles

Sandbox Tales – Information Sharing Platforms

The latest reports from the ICO sandbox provide important clarification of how data protection law applies to, and can guide, the application of novel technologies. This post looks at information sharing… FutureFlow’s Transaction Monitoring and Forensic Analysis Platform lets financial institutions such as banks upload pseudonymised transaction data to a common platform where they, regulators […]

Categories
Articles

Information Sharing: Learning from Social Networks

Information sharing is something of a holy grail in computer security. The idea is simple enough: if we could only find out the sort of attacks our peers are experiencing, then we could use that information to protect ourselves. But, as Alexandre Sieira pointed out at the FIRST conference, this creates a trust paradox. Before […]

Categories
Presentations

Sharing Information to Protect Privacy

I was invited to give a presentation on legal and ethical issues around information sharing at TERENA’s recent security services workshop. The talk highlighted the paradox that sharing information is essential to protect the privacy of our users when their accounts or computers have been compromised, but that sharing can also harm privacy if it’s […]

Categories
Articles

The Human Side of Information Sharing

There are quite a few talks at the FIRST conference this week about getting computers to automatically receive, process and distribute information about security events. However I was particularly interested in a session on the human issues that need to accompany any such information exchange. Organisations, which ultimately means individuals, need to trust one another […]

Categories
Articles

Government CERTs and Information Sharing

I’ve had three discussions in two days about whether Government CERTs are different from others, which makes it a FAQ! It seems to me that legislation may be heading that way, and that that could create a potential problem for sharing information. Most CERTs act in the interests of a particular, reasonably well-defined, constituency. However […]