February 2012
1 tag
The White House | US | Consumer data privacy in a... →
From the Foreword:
“The consumer data privacy framework in the United States is, in fact, strong. This framework rests on fundamental privacy values, flexible and adaptable common law protections and consumer protection statutes, Federal Trade Commission (FTC) enforcement, and policy development that involves a broad array of stakeholders. This framework has encouraged not only social and...
1 tag
Forum Standaardisatie | NL |... →
Uit de managementsamenvatting:
“De handreiking spitst zich toe op e-diensten van de overheid aan burgers en bedrijven, die deze afnemen via internet. Het gaat dus primair om diensten die via een online portaal worden aangeboden (bv. het Omgevingsloket online), of waarbij de afnemer in een lokale applicatie handelingen verricht en de uitkomst daarvan aan de overheidsorganisatie toestuurt (bv....
1 tag
Hyoungshick Kim, John Tang, and Ross Anderson |... →
Abstract:
“A number of web servicefirms have started to authenticate users via their social knowledge, such as whether they can identify friends from photos. We investigate attacks on such schemes. First, attackers often know a lot about their targets; most people seek to keep sensitive information private from others in their social circle. Against close enemies, social authentication is...
2 tags
Jure.nl | NL | LJN BU6383, Raad van State,... →
Inhoudsindicatie:
“Bij besluit van 11 augustus 2009 heeft het UMCG het verzoek van [wederpartij] om op grond van de Wet bescherming persoonsgegevens (hierna: Wbp) kennis te nemen van de namen van de zorgverleners die inzage in haar medisch patiëntendossier hebben genomen, afgewezen.”
2 tags
Jure.nl | NL | LJN BV6122, Rechtbank Amsterdam,... →
Inhoudsindicatie:
“Via de websites van Google Maps en Google Street View kan het vestigingsadres van een stichting worden gevonden. Tevens is een satelietfoto van het betreffende pand te zien en geblurde foto’s van de oprit. In de naam van de stichting komen de namen van twee natuurlijke personen voor die woonachtig zijn op het vestigingsadres van de stichting. De betreffende bewoners...
2 tags
Sacha Romanosky, David A. Hoffman and Allessandro... →
Abstract:
“In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique...
1 tag
Adrienne Felt and David Evans | Privacy protection... →
Abstract:
“Social networking platforms integrate third-party content into social networking sites and give third-party developers access to user data. These open interfaces enable popular site enhancements but pose serious privacy risks by exposing user data to third-party developers. We address the privacy risks associated with social networking APIs by presenting a privacy-by-proxy design...
2 tags
European Court of Justice | EU | [SABAM] v Netlog... →
From the judgement:
“38. In the light of the foregoing, it must be held that the injunction imposed on the hosting service provider requiring it to install the contested filtering system would oblige it to actively monitor almost all the data relating to all of its service users in order to prevent any future infringement of intellectual-property rights. It follows that that injunction would...
1 tag
Rechtswinkel 'de Clinic' | NL | Eerste hulp bij... →
Uit de inleiding:
“Hoewel het internet onbegrensd lijkt, is het heel makkelijk om juridische grenzen te overschrijden. Internetgebruikers weten daarom vaak niet dat ze onrechtmatig handelen. Deze gids gaat over de meest voorkomende juridische valkuilen voor iedereen die gebruik maakt van het internet: bloggers, ‘surfers’ en hobbyisten.”
1 tag
W.H. van Holst | NL | De derde landen problematiek... →
Uit het commentaar:
“Onlangs is een aantal wijzigingen in de Wet bescherming persoonsgegevens (Wbp) van kracht geworden die met name de doorgifte van persoonsgegevens naar zogenaamde derde landen beoogt te vereenvoudigen. Enige kritische kanttekeningen bij de meest in het oog springende wijziging: het mogelijk maken van doorgifte van persoonsgegevens naar derde landen zonder een...
1 tag
EDRi-Gram - Number 10.3, 15 February 2012 →
European Anti-ACTA protests of 11 February
European Commission discusses tactical, partial retreat on ACTA
EC “Roadmap” for review of the IPR Enforcement Directive
Hadopi takes the final steps towards cutting Internet access
Two Strikes in Germany?
Software-hardware bundling not accepted in France
UK: 3 million checks on criminal records in 2011
RFID - a dangerous fashion...
2 tags
Arjen K. Lenstra, James P. Huges, Maxime Augier,... →
Abstract:
“We performed a sanity check of public keys collected on the web. Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that the vast majority of public keys work as intended. A more disconcerting finding is that two out of every one thousand RSA moduli that we collected offer no security. Our...
2 tags
European Parliament| EU | Does it help or hinder?... →
Abstract:
“This study investigates the interplay between Internet innovation and privacy. We propose working definitions of innovation and privacy and review the literature about their interaction. We interpret the possible tensions and problems in terms of market and system failures and analyse the relevant legal and policy aspects in relation to examples of privacy invasion and/or...
2 tags
EDPS | EU | Follow-up report to the 2010 EDPS... →
From the Executive Summary:
“In March 2010, the European Data Protection Supervisor (EDPS) issued Video-Surveillance Guidelines […]. This public Report is a systematic and comparative analysis of the status reports received from a total of 42 European Union institutions and bodies […]. Next to highlighting best practices this report underlines shortcomings in those bodies lagging...
2 tags
Ralph Broenink | Using browser properties for... →
From the Abstract:
“It is widely known that cookies can be used to track users. However, even privacy-aware users are trackable by the properties the browser sends with every request. Based on information like the browser vendor, plugin versions and the installed fonts, a fingerprint may be created that uniquely identies a browser.”
1 tag
EDRi-gram newsletter - Number 10.2, 1 February... →
Email Newsletter EDRi-gram 10.2 delayed
ACTA - Frequently Asked Questions
Data Protection Week 2012: CPDP and the BarCamp
Police frequently uses Silent SMS to locate suspects
The Lobby on ACTA is reaching a new level
ACTA “uprising” in Poland
FAVA’S bill: Another attempt to limit civil rights in Italy
Geolocation censorship to be applied by Twitter
Belgian Big Brother Awards...
2 tags
Rob Heyman, Jo Pierson and Ike Picone (IBBT-SMIT)... →
From the Abstract:
“Social media and its main revenue model, advertising, have brought privacy issues along. This deliverable maps the process wherein Personal Identifiable Information (PII) is gathered and commodified as a sellable service.”
2 tags
Sophos | Security threat report 2012 →
From the Foreword:
“Over the past year we in the IT security industry have seen a growing awareness of the work we do. In 2011, a number of highly visible cyberattacks made news headlines around the world, but the underlying problem affects us all. It seems that the cybercriminals are getting bolder in their attacks as the availability of commercial tools makes mass generation of new...
2 tags
NIST | Guidelines on security and privacy in... →
Abstract:
“Cloud computing can and does mean different things to different people. The common characteristics most share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and dislocation of data and services from inside to outside the organization. While aspects of these characteristics have been...
2 tags
EC | EU | Commission proposes a comprehensive... →
From the main page:
“The European Commission has today proposed a comprehensive reform of the EU’s 1995 data protection rules to strengthen online privacy rights and boost Europe’s digital economy. Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used. In addition, the 27 EU Member States have implemented the 1995 rules...
1 tag
ENISA | Report on trust and reputation models -... →
From the Executive summary:
“Reputation systems are a key success factor of many websites, enabling users and customers to have a better understanding of the information, products and services being provided. However, by using reputation systems, European Union (EU) citizens place themselves at additional risk.”
2 tags
Derek E. bambauer | Conundrum (SSRN) →
From the Abstract:
“Cybersecurity is a conundrum. Despite a decade of sustained attention from scholars, legislators, military officials, popular media, and successive presidential administrations, little if any progress has been made in augmenting Internet security. Current scholarship on cybersecurity is bound to ill-fitting doctrinal models. It addresses cybersecurity based upon...
1 tag
EDRi | EU | The EDRi Papers →
‘Activist guide to the Brussels Maze’; ‘EU Surveillance’; and ‘How the internet works’.
January 2012
1 tag
EDRi | EU | EDRi-gram newsletter - Number 10.1, 18... →
EDRi supports protests against US blacklist legislation
What’s Wrong with ACTA Week
The US pressure on Spain to censor the Internet has paid off
Belarus strongly censors the Internet
Commission confirms illegality of Data Retention Directive
Romanian Senate rejects the new data retention law
Finnish ISP started blocking The Pirate Bay
Dutch Internet providers forced to block The Pirate...
1 tag
Adviescommissie Authenticatie en Autorisatie... →
Uit 9. Doorkijk naar het burgerdomein
“Het is […] de verwachting van de commissie dat er op korte tot middellange termijn een discussie op gang zal komen over de inrichting van authenticatie en autorisatie in het burgerdomein. De commissie hecht er aan een aantal aandachtspunten te formuleren die in deze discussie aan de orde zouden moeten komen. Die aandachtspunten zijn: het...
2 tags
ENISA | EU | Economics of security - facing the... →
From the Executive summary:
”[…] ENISA has analysed economic drivers and barriers in a number of areas (including policy, research, technology and business) and has identified potential areas of improvement to boost security and resilience in public systems and networks and consequently in relevant products and services by taking into account the economic dimension. This effort...
1 tag
Mr Justice Tugendhat | UK | Judgement ([2011] EWHC... →
From paragraphs 180-182:
“There is a large body of law prohibiting the making by suppliers of false and misleading claims as to the supposedly good qualities of their goods and services. […] Until the internet made it possible for individuals to communicate with the public at large at virtually no cost, there did not appear to be a need for similar regulations to prevent the making of...
1 tag
European Commission | EU | A coherent framework... →
From 3.4 Combating abuse and resolving disputes more effectively:
“The mechanisms to stop abuse and illegal information must […] be made more efficient, within a framework which guarantees legal certainty, the proportionality of the rules governing businesses and respect for fundamental rights. […] In view of the growing volume of statutory and case-law in the Member States, it...
1 tag
Rechtspraak.nl | NL | BV0549, Rechtbank... →
Inhoudsindicatie:
Op vordering van BREIN heeft de rechtbank Ziggo en XS4ALL bevolen om de toegang van hun abonnees tot de website The Pirate Bay te blokkeren. BREIN en buitenlandse rechthebbendenorganisaties hebben de afgelopen jaren op verschillende manieren opgetreden tegen (de beheerders van) The Pirate Bay omdat naar hun oordeel via The Pirate Bay op grote schaal mediabestanden, zoals muziek,...
1 tag
CTIVD | NL | Toezichtsrapport inzake de inzet van... →
Uit paragraaf 3. Het EVRM en de Grondwet:
“De Commissie heeft gedurende haar onderzoek kennisgenomen van uiteenlopende opvattingen over de wijze waarop en de mate waarin de inzet van Sigint inbreuk maakt op het recht op privacy. Het is de Commissie opgevallen dat niet alle personen die zich dagelijks bezighouden met de verwerking van Sigint de inbreuk van dit middel op waarde schatten....
1 tag
Deloitte | EU | Background document in support of... →
From the EC website:
“The overall objective of the study (SMART 2007/0030) was to provide analysis of the impacts of different policy options for the preparation of the Digital Agenda for Europe, one of the flagship initiatives of the Europe 2020 strategy. The final report contains an individual assessment of several policy areas: next generation access deployment; net neutrality and digital...
2 tags
WODC | Function creep en privacy (PDF) →
Uit het Voorwoord:
“De neiging om een maatregel bedoeld als oplossing voor een bepaald probleem ook toe te passen op een ander probleem – zelfs als niet vaststaat dat het gekozen middel überhaupt werkt – is heel sterk in politieke en beleidskringen. Er kunnen drie factoren worden onderscheiden die ertoe leiden dat onbewezen ‘oplossingen’ centraal komen te staan en een panacee...
2 tags
Council of the European Union | EU | Consultation... →
Item 1 of the document:
“The purpose of this paper is to inform [the Working Party on Data Protection and Exchange of Information] of the results of the Commissions consultation on the reform of the Data Retention Directive (DRD), to set out the main problems, and to put specific questions on which the Commission, in determining the way forward, will rely on evidence supplied by Member...
2 tags
Prof. mr. dr. M. Hildebrandt | De rechtsstaat in... →
Samenvatting:
“Het online en offline gedrag van de bewoners van cyberspace wordt inmiddels door allerlei software opgeslagen, vergeleken en doorgemeten. Dit biedt burgers, bedrijven en overheden ongekende kansen en mogelijkheden om kennis en informatie te vergaren. De rechtsstaat is hierbij langs drie kanten in het geding: (1) de computationele orde van cyberspace bepaalt in toenemende mate...
2 tags
Court of Justice of the European Union | EU |... →
From the press release:
“EU law precludes the imposition of an injunction by a national court which requires an internet service provider to install a filtering system with a view to preventing the illegal downloading of files. Such an injunction does not comply with the prohibition on imposing a general monitoring obligation on such a provider, or with the requirement to strike a fair...
1 tag
Nationale Ombudsman | NL | Rapport 2011/357,... →
Uit het voorwoord:
“Zowel het UMCG als de IGZ hebben, als het gaat om de gerechtvaardigde belangen van Jelmer en zijn ouders, op schokkende wijze gefaald. […] De IGZ heeft geen verantwoord toezicht uitgeoefend door met ongekende traagheid, gebrek aan transparantie en gebrek aan professionaliteit een rapport uit te brengen over de zorg voor Jelmer en dit rapport vervolgens in te trekken...
3 tags
Amberhawk Training Limited | EU | A review of the... →
From the annotation of the press release:
“I have decided to annotate the press release because it does not, in my view, even pass the standard of being ‘economical with the truth’. This Press Release turns ‘misleading by omission’ into an art form.”
2 tags
Internetconsultatie.nl | NL | Wijziging Wbp... →
Uit ‘Doel van de regeling’:
“Met deze regeling wil Staatssecretaris Teeven […] bereiken dat bedrijven en overheid aan het College bescherming persoonsgegevens gaan melden dat zij zijn geconfronteerd met een lek in de beveiliging van hun geautomatiseerde verwerking van persoonsgegevens. Die melding moet alleen worden gedaan als aannemelijk is dat persoonsgegevens als gevolg...
December 2011
2 tags
European Commission | EU | "Police and criminal... →
From 1. Context of the proposal:
“This explanatory memorandum presents in further detail the Commission’s approach to a new legal framework for the protection of personal data in the EU […]. The proposed new legal framework consists of two legislative proposals: a proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the...
2 tags
WP29 | EU | [O]n EASA/IAB best practice... →
From the Conclusions:
“Adherence to the EASA/IAB Code on online behavioural advertising and participation in the website www.youronlinechoices.eu does not result in compliance with the current e-Privacy Directive. Moreover, the Code and the website create the wrong presumption that it is possible to choose not be tracked while surfing the Web. This wrong presumption can be damaging to users...
1 tag
Jure.nl | NL | LJN BU3924, Hoge Raad, 10/02479 →
Inhoudsindicatie:
Art. 81 RO. Kort geding. Persvrijheid; onrechtmatige publicatie? Art. 6:162, art. 10 EVRM.
1 tag
EDRi-gram newsletter - Number 9.24, 14 December... →
Support EDRi!
Council of Europe and European Commission initiatives on Internet freedom
Brief overview of the leaked EU Data Protection Regulation
Russian Government’s new attempts to censor the Internet
European Parliament: raising awareness on “self”-regulation
Austria: Petition against Data Retention Directive
German web blocking law repealed
A fair Internet for...
2 tags
McAfee Labs | McAfee Threats report - third... →
From the report:
“There is a concept in science and engineering referred to as the signal-to-noise ratio. Without getting too geeky, it is defined as the ratio of signal power to noise power, essentially comparing the level of desired signal to the level of background noise. Informally, it often refers to the ratio of useful information to false, useless, or irrelevant information. Did we...
1 tag
Jure.nl | NL | LJN BR5551, Hoge Raad, 10/00049 →
Inhoudsindicatie:
Bewijsklacht feitelijk leiding geven. Computervredebreuk. Het oordeel van het Hof, dat heeft vastgesteld dat verdachte - hoewel daartoe bevoegd en redelijkerwijs gehouden - geen maatregelen heeft genomen om te voorkomen dat met de inlogcodes zou worden ingelogd op de nieuwsserver van het ANP, de aanmerkelijke kans heeft aanvaard dat van die inlogcodes gebruik zou worden gemaakt...
1 tag
Nico Westpalm van Hoorn, Peter Waters en Pieter... →
Uit de inleiding
“Interoperabiliteit laat zich niet begrenzen. De schaal voor informatieverkeer is de hele maatschappij, met zelfs internationaal bereik. De aanduiding elektronische overheid, bijvoorbeeld, is in dat opzicht alweer misleidend. Voor infrastructuur tellen niet primair de behoeften van overheidsinstellingen. Dat gelden ze voor fysieke wegen, bruggen, tunnels enzovoort tot en met...
2 tags
ENISA | EU | Operation Black Tulip - certificate... →
From the document:
“DigiNotar, a digital certificate authority (CA), recently suffered a cyber-attack which led to its bankruptcy. In the attack false certificates were created for hundreds of websites, including Google and Skype. Once the incident was made public, the Dutch government and browser vendors took steps to limit the impact of the attack. But Fox-IT suggests in their...
2 tags
European Commission | EU | [...] on the protection... →
From 1. Context of the proposal:
“This explanatory memorandum presents in further detail the Commission’s approach to a new legal framework for the protection of personal data in the EU […]. The proposed new legal framework consists of two legislative proposals: a proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the...
2 tags
EMC | EU | European disaster recovery survey 2011... →
From the press release:
“74% of organisations are not very confident that they can fully recover after a disaster, according to a new survey of 1,750 European companies; 54% surveyed have lost data and/or suffered systems downtime in the last year; 61% report hardware failure as the primary cause of data loss and downtime; natural disasters and employee sabotage being much less likely...
2 tags
NOREA | NL | Voorlopige bevindingen en... →
Uit 4. Aanbevelingen voor de beroepsorganisatie
“Ten aanzien van assurance-rapporten en certificaten bestaat een verwachtingskloof tussen het vertrouwen dat door het maatschappelijk verkeer daaraan wordt ontleend en de feitelijke werkzaamheden die door IT-auditors dienaangaande worden uitgevoerd. Het bestuur neemt de suggestie over om met de leden een discussie te starten over de verhoging...
2 tags
Minister Donner (BZK) | NL | Kamerbrief... →
Uit ‘Vertrouwen en beveiliging van informatie’:
“Naar aanleiding van het rapport iOverheid van de Wetenschappelijke Raad voor het Regeringsbeleid (WRR) heeft het kabinet besloten om, zoals verwoord in de kabinetsreactie op het WRR-rapport (26643, nr. 211), de bestaande maatregelen ten aanzien van de beheersing van grote ICT-projecten uit te breiden met maatregelen ter bescherming...