Categories
Articles

Identity without identifying

In the week that would have been their annual conference, EEMA have been hosting a series of fascinating online discussions among experts in the identity world. Today’s featured Steve Purser, Dave Birch and Kim Cameron in a deep discussion about whether we might have been looking at the wrong kind of “identity” all along… The […]

Categories
Publications

Digital Threats: Research and Practice

Having acted as programme chair for the FIRST Security and Incident response conference last year, I also got to co-edit the special conference issue of the ACM journal Digital Threats: Research and Practice (DTRAP). FIRST sponsored the journal, so our issue is open access, available for anyone to read. Topics covered: Using power consumption to […]

Categories
Articles

The Big Bad Smart Fridge

Leonie Tanczer’s FIRST 2019 keynote (recording now available on YouTube) looked at more than a decade of European discussions of whether/how to regulate the Internet of Things (no, I didn’t realise, either) and how we might do better in future. This is particularly relevant to an incident response conference as – as Mirai and other […]

Categories
Articles

Things that Go Bump in the Night

Apparently Miranda Mowbray had been wanting to do a talk on “Things that Go Bump in the Night” for some time, and it made an excellent closing keynote for the 2019 FIRST conference in Edinburgh (recording now available on YouTube). Although “things” may increasingly need an Internet connection to operate, there are significant differences between […]

Categories
Articles

Janet and the Internet of Things

Organisations connecting to Janet are required to implement three policies: the Eligibility Policy determines who may be given access to the network; the Security Policy sets out responsibilities for protecting the security of the network and its users; the Acceptable Use Policy identifies a small number of activities that are not permitted on the network. […]

Categories
Articles

Data Protection: “recognition” or “identification”?

Many of the problems in applying European Data Protection Law on-line arise from uncertainty over whether the law covers labels that allow an individual to be recognised (i.e. “same person as last time”) but not – unless you are the issuer of the label – identified (i.e. “Andrew again”). The Article 29 Working Party have […]