Knowledge Vault: On The Radar

Consultation Response – EU Network and Information Security Directive

Cyber Warfare, network and information security

E RADAR has submitted its response to the UK Government’s consultation on the proposed EU Directive on Network and Information Security Online business is global business. The revolution of digital technologies has changed society and our economy fundamentally. The ease of accessibility and searchability of information contained in computer systems, combined with the practically unlimited [...]

Working with business and governments to ensure our online systems stay secure

what is e-business, secure systems, masterclass training, virtual working, virtual office
| Number of views :55

I have long been convinced about the many benefits of new digital services – and remain so. These are tools we all can enjoy and benefit from – more convenient, more efficient and offering a huge boost to our economy and society.

But recent allegations remind us how important privacy is. People will only use those services as much as they trust them. Trust that they or their data won’t be compromised, hacked into or spied on. Particularly if they’re sharing personal or sensitive information online.

To ensure that trust, we need networks and systems that are secure and resilient; and that calls for proper cybersecurity practice everywhere.

The fact is, too often, big ICT users like businesses or governments underestimate the risks they face. They need to not just become more aware of those risks – but to manage them. This is become truly urgent. Every week, we seem to hear about new incidents: loss of passwords, attacks on banks, hacking of websites or systems.

Technology is rapidly evolving; so are threats. A lot of businesses seem to think just using basic ICT security tools is enough – but in general it isn’t. Proper risk management practice means things like dynamically assessing and mitigating risks. It also helps to exchange information on threats and vulnerabilities – and perhaps, if there is actually an incident, to respond together. Those processes and practices need to be well-thought-through and fully embedded, not an afterthought or box-ticking exercise.

But how do we identify and embed such good practices, across the ICT value chain? We call in the experts. Our Cybersecurity Strategy, published in February, calls for a platform bringing together public and private stakeholders to do exactly that – and to ensure the kind of market where secure ICT solutions can be developed and taken up.  And that platform had its first meeting just yesterday.

Featuring top experts from a range of organisations—from national governments to ICT companies; banks to service providers—the Platform is looking at exactly these areas: like how to provide incentives to manage and measure risks; how to exchange information about risks and incidents; and input to the Research and Innovation agenda.

They have my full support. Their findings will help ICT users prepare and work together better; and they will feed into Commission Recommendations on cybersecurity due in 2014, in areas from risk management to incident reporting. Ultimately, they will build a digital Europe that is more cyber-resilient, and less prone to hacking and security breaches.

And of course, this is in parallel with legislative work we are doing on the proposed Directive on Network and Information Security: ensuring that critical infrastructure and Internet enablers stay cybersecure. So I will be working closely with the European Parliament and Council to ensure this proposal is agreed as a matter of urgency; these days, protecting our networks and systems should be every politician’s top priority.

This matters. As more and more people – and more and more core economic sectors – get connected and start relying on digital systems, ensuring security is no longer just an issue for telecoms providers: it’s also something that matters to governments, banks, transport companies, energy grids, health providers and more.

So I hope that this platform gets to work straight away – I’m confident that soon it can raise the bar and raise awareness about the cybersecurity risks businesses and governments face – and help stimulate the solutions, too.

Intellectual Property Bill and Clause 13

Intellectual Property Bill

The UK Government is proposing a new Intellectual Property Bill which would seem to criminalise businesses for what they do best – to innovate. IP Minister Lord Younger has introduced a new Intellectual Property Bill to help UK businesses wanting to protect their products and technologies through patents and design right. The Bill aims to [...]

Is the EU Network and Information Security Directive a bigger threat than Al Qaeda?

globe padlocks, web security, network and information security directive, mobile data compliance, cyber crime

The focus should be on making it much easier to report attacks to those who will take action against predators and those who have aided and abetted them, not to regulators who will merely penalise the messenger. The only mandatory requirements should be on those to whom attacks are reported. This should include acting as a "first stop shop" and passing reports to those who may be in a better position to take action.

EU Data Protection Reform – A ‘Demented’ Set Of Regulations?

data protection reform

Plans to update data protection laws in Europe are facing increasing criticism from members of the European Parliament, with one UK commentator calling the draft proposals “a completely demented set of regulations.” But Justice Commissioner Viviane Reding remains adamant that her proposals should become law and has even accused the UK Government of introducing additional complexities. [...]

I am not an IP address

Software Application Services, ip address

Top Internet lawyer Graham Smith is alarmed by suggestions made ahead of last week’s Queen’s Speech that everyone may be allocated an Internet Protocol (IP) address when communicating over the Internet.  The truism that an IP address denotes a device, not a human being, is ingrained in anyone with a technical understanding of the internet.  Nothing gets [...]

Proposed Cyber Law in the USA

sox it compliance, Gramm-Leach-Bliley Act,cyber law

The growing number of cyber threats from both at home and abroad now mean that national governments are investing heavily in anti-e-crime and security technologies. Governments are also adopting new cyber law to help prevent cyber attacks, strengthen critical infrastructure and bring those who are responsible to justice. This E RADAR article lists around 10 out [...]

The War on Gossip renewed: UK Crime and Courts Bill

Should the Crime and Courts Bill become law in its Levesonised form, it will have the dubious distinction of being the first UK statute in which the word ‘gossip’ appears.  As such, it can perhaps be seen as a new phase in the War on Gossip commenced by Warren and Brandeis in their seminal article “The Right to Privacy”, published in the Harvard Law Review in December 1890.

Most of the article consists of a measured and closely reasoned articulation of a right of privacy from the perspective of the individual.  But it opens with a tirade against the press which contains a more than passing swipe at modern civilisation in general.  While focusing to a degree on the victim, this also displays a positively Reithian mission to elevate the morals of the uneducated classes and save them from the evils of gossip. 
The passage speaks for itself (paragraph breaks inserted):
“Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery. To satisfy a prurient taste the details of sexual relations are spread broadcast in the columns of the daily papers. To occupy the indolent, column upon column is filled with idle gossip, which can only be procured by intrusion upon the domestic circle.
The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.
Nor is the harm wrought by such invasions confined to the suffering of those who may be the subjects of journalistic or other enterprise. In this, as in other branches of commerce, the supply creates the demand. Each crop of unseemly gossip, thus harvested, becomes the seed of more, and, in direct proportion to its circulation, results in the lowering of social standards and of morality.
Even gossip apparently harmless, when widely and persistently circulated, is potent for evil. It both belittles and perverts. It belittles by inverting the relative importance of things, thus dwarfing the thoughts and aspirations of a people. When personal gossip attains the dignity of print, and crowds the space available for matters of real interest to the community, what wonder that the ignorant and thoughtless mistake its relative importance.
Easy of comprehension, appealing to that weak side of human nature which is never wholly cast down by the misfortunes and frailties of our neighbors, no one can be surprised that it usurps the place of interest in brains capable of other things. Triviality destroys at once robustness of thought and delicacy of feeling. No enthusiasm can flourish, no generous impulse can survive under its blighting influence.”
So the great unwashed have to be rescued from their addiction to gossip.  Whether or not one regards that as paternalistic tripe, who could have predicted that the UK Crime and Courts Bill 2013 would be the vehicle that finally gives statutory force to the War on Gossip?

Digital Policy Review 2012

Legal Certainty, digital single market, database, legal protection of databases

E RADAR will shortly be publishing its annual review of the digital policy agenda in ebook format. The review will examine what’s happened over the past 12 months both in the UK and Europe and look forward to what we can expect in 2013. If you would like to receive notification when the ebook becomes [...]