Après-moi, la deluge (where’s your data, reprise ad nauseam)

Austria’s supreme court is to decide soon whether to open the floodgates. If the court rules that Max Schrems et al can sue Facebook over its handling of their personal data, and if their suit is successful – or looks like it might be – then every law firm in Europe will be trying to … Continue reading Après-moi, la deluge (where’s your data, reprise ad nauseam) →

Security training or MDM – you choose

IT service desk culture is full of sarcastic problem descriptions – PICNIC, ID-ten-T, PEBCAK. All of them serve as reminders that the root cause of many issues is user error, not systems failure. This is particularly true in information security, a point I’ve covered more than once before. So why bring it up again? Because … Continue reading Security training or MDM – you choose →

Encryption – blessing or curse?

Encryption is shaping up to be one of the great philosophical debates of the technological era. It’s become a proxy for a wider debate about the rights of citizens, and the balance between liberty and security. The debate, and the issues, are real. But encryption is the wrong target. All we’re seeing is yet more … Continue reading Encryption – blessing or curse? →

Business as usual

It’s hard to know what - indeed, whether - to post in the wake of the Paris attacks. I’d just come off the phone to a French client when the news broke, which made it feel all the more immediate and proximate. I wish we had a simple answer to this awful conflict; at the … Continue reading Business as usual →

Death of the internet or birth of better privacy?

Microsoft and Amazon have both revealed that they are building data centres in the EU. In Microsoft’s case, Deutsche Telekom will be the data “trustee”; I assume this is in part an anticipatory response to the ongoing Stored Communications Act lawsuit presently in progress in Dublin (in brief, a case to determine whether US government … Continue reading Death of the internet or birth of better privacy? →

Over-sharing, over-confident and over here

William Brandon, CISO at the Bank of England, has noticed the risks associated with LinkedIn profiles. He’s quite correctly pointed out that telling the world what you do, which systems you look after and whom you work with is a bit of a goldmine for hackers and social engineers. In other news, RBS is the … Continue reading Over-sharing, over-confident and over here →

Snooper’s Charter – oppressive and useless in equal measure

The government wants ISPs to store everyone’s browser history. Not the least intrusive thing ever proposed, and a world first for a democracy. Should we be proud to be leading the pack in surveillance of our own population – again? (We’ve the most CCTV cameras per capita too, remember). Let’s count the ways in which … Continue reading Snooper’s Charter – oppressive and useless in equal measure →