Hahahahahahahahahahaha

Oh you really couldn’t make it up. Recent terrorist outrages have prompted various European politicians to call, with more or less complete technological illiteracy, for encryption to be weakened so that the security services can spy on us more effectively. I’ve written about this several times, pointing out why this is a criminally stupid suggestion, … Continue reading Hahahahahahahahahahaha →

Amber Rudd read History, but didn’t understand it

Those who do not understand history are doomed to repeat it[1]. And here I am, watching it repeat. This is my third post on this topic. Sorry. But it's important. Amber Rudd, the UK Home Secretary, suggested on Sunday that end-to-end encryption is “unacceptable”. She trotted out the usual excuses about terrorism and the need … Continue reading Amber Rudd read History, but didn’t understand it →

In or out – the tech perspective

Bremain or Brexit? This isn’t a political blog, but it’s worth reminding ourselves of June 23rd’s implications for IT & cyber-security. Privacy and personal data Even if we leave the EU, we’ll still have to implement the General Data Protection Regulation, only to have to re-invent it later. If we want to trade with the … Continue reading In or out – the tech perspective →

Let’s talk about encryption

Why are politicians sometimes such idiots? The French recently voted to criminalise bosses of tech firms who refused to decrypt user data when requested. Don’t worry, it’s not law yet, and likely won’t ever be, but you have to ask yourself how hard it is to understand how encryption works. The whole point of encryption … Continue reading Let’s talk about encryption →

How do you destroy a business?

Say I’m out to get you. I might be a disgruntled employee, or a business rival. What’s my best way of taking your business down? Let’s assume I can gain access to your network – easy enough if I’m an employee, after all. I could leak all your confidential information to your competitors – or … Continue reading How do you destroy a business? →

Roll up! Roll up! It’s a security round-up!

Apologies for the infrequency of recent updates. I’ve been busy – understanding the GDPR, doing some speaking engagements and (hush!) actually working for a living. So, without further ado, here’s what’s going on right now: Theresa May is trying to push the Snoopers Charter (aka the Investigatory Powers Bill) through Parliament despite plenty of expert … Continue reading Roll up! Roll up! It’s a security round-up! →

Encrypt data at rest

The Register reports this morning: American health insurer Centene Corp says it has lost 950,000 sensitive customer records stored on six hard drives. The drives hold customers' name and address, date of birth, Social Security numbers, and health information. Encrypted? Obviously not. Excuse? None. https://www.becrypt.com/uk/encryption http://buy.symantec.com/estore/clp/productdetails/pk/drive-encryption http://www.deslock.com/ https://www.checkpoint.com/products/full-disk-encryption/ http://windows.microsoft.com/en-gb/windows-vista/bitlocker-drive-encryption-overview BitLocker is even free. How hard … Continue reading Encrypt data at rest →

Left hand, right hand, other hand – what a mess!

Still chewing through the GDPR, so that’ll have to wait. In the meantime, more evidence that the nicest word we can use to describe the current state of data protection in Europe is…disconnected. First we have the European Commission desperately trying to reach an accommodation with the US on Safe Harbour after the European Court … Continue reading Left hand, right hand, other hand – what a mess! →

Encryption – blessing or curse?

Encryption is shaping up to be one of the great philosophical debates of the technological era. It’s become a proxy for a wider debate about the rights of citizens, and the balance between liberty and security. The debate, and the issues, are real. But encryption is the wrong target. All we’re seeing is yet more … Continue reading Encryption – blessing or curse? →

Told you so: supply chain failure costs CPS £200k

I published this note about supply chain security today. Less than 8 hours later we learn that the ICO has fined the Crown Prosecution Service £200k for failing to secure some laptops that held confidential information on victims of crime. The laptops were stolen from a residential flat being used by a film production company … Continue reading Told you so: supply chain failure costs CPS £200k →