Hahahahahahahahahahaha

Oh you really couldn’t make it up. Recent terrorist outrages have prompted various European politicians to call, with more or less complete technological illiteracy, for encryption to be weakened so that the security services can spy on us more effectively. I’ve written about this several times, pointing out why this is a criminally stupid suggestion, … Continue reading Hahahahahahahahahahaha →

News in brief

UEA accidentally sent a spreadsheet with confidential medical information to 320 undergrads. The sheet wasn’t password protected, or encrypted, because... the confidential medical information was stored in a spreadsheet because… the spreadsheet was accessible to be attached to an email because… Please tell me that the GDPR will prompt UK orgs to spend at least … Continue reading News in brief →

At least make a token effort

I was talking to someone about data security yesterday afternoon, and mentioned the Mexican data breach where 93.4m citizen records were left in an unsecured cloud database – and immediately stolen – as an example of the carelessness people seem to experience when taking advantage of cheap web storage and processing. Pretty much while I … Continue reading At least make a token effort →

GDPR consent update (not really)

I wrote to the ICO to ask them about this consent theory that's doing the rounds. [TL;DR - you can use Article 6.1(f) of GDPR to let you send postal direct mail and make phone calls to people who haven't consented.] ...and the ICO said: Dear Mr Rapp Thank you for your email of 18 … Continue reading GDPR consent update (not really) →

Back to the future

Everybody’s panicking about the GDPR. Rightly. And the main thing in the GDPR that’s causing the panic is the requirement for consent. The GDPR is really clear that consent must be explicit and unambiguous – you can’t rely on the consumer having read an obscure privacy section of your website, or ask them to give … Continue reading Back to the future →

Kafka strikes again: GDPR requires consent, but you can’t ask for it

I’ve let this one fester for a while – partly because I’ve been angry about other things, and partly because you must be bored with my ranting about the GDPR by now. But I really can’t let this one pass. A key principle – perhaps the key principle – of the GDPR is the requirement … Continue reading Kafka strikes again: GDPR requires consent, but you can’t ask for it →

Amber Rudd read History, but didn’t understand it

Those who do not understand history are doomed to repeat it[1]. And here I am, watching it repeat. This is my third post on this topic. Sorry. But it's important. Amber Rudd, the UK Home Secretary, suggested on Sunday that end-to-end encryption is “unacceptable”. She trotted out the usual excuses about terrorism and the need … Continue reading Amber Rudd read History, but didn’t understand it →