February 2012
2 tags
Logius | NL | Norm ICT-beveiligingsassessments... →
Inleiding:
“Deze beveiligingsnorm is bedoeld voor organisaties die DigiD gebruiken en jaarlijks een ICT-beveiligingsassessment moeten doen. De norm is een selectie van richtlijnen uit het document “ICT-beveiligingsrichtlijnen voor webapplicaties” van het Nationaal Cyber Security Centrum (NCSC). De norm is vastgesteld door het ministerie van Binnenlandse Zaken en Koninkrijksrelaties in...
1 tag
The White House | US | Consumer data privacy in a... →
From the Foreword:
“The consumer data privacy framework in the United States is, in fact, strong. This framework rests on fundamental privacy values, flexible and adaptable common law protections and consumer protection statutes, Federal Trade Commission (FTC) enforcement, and policy development that involves a broad array of stakeholders. This framework has encouraged not only social and...
1 tag
Forum Standaardisatie | NL |... →
Uit de managementsamenvatting:
“De handreiking spitst zich toe op e-diensten van de overheid aan burgers en bedrijven, die deze afnemen via internet. Het gaat dus primair om diensten die via een online portaal worden aangeboden (bv. het Omgevingsloket online), of waarbij de afnemer in een lokale applicatie handelingen verricht en de uitkomst daarvan aan de overheidsorganisatie toestuurt (bv....
1 tag
Hyoungshick Kim, John Tang, and Ross Anderson |... →
Abstract:
“A number of web servicefirms have started to authenticate users via their social knowledge, such as whether they can identify friends from photos. We investigate attacks on such schemes. First, attackers often know a lot about their targets; most people seek to keep sensitive information private from others in their social circle. Against close enemies, social authentication is...
2 tags
Jure.nl | NL | LJN BU6383, Raad van State,... →
Inhoudsindicatie:
“Bij besluit van 11 augustus 2009 heeft het UMCG het verzoek van [wederpartij] om op grond van de Wet bescherming persoonsgegevens (hierna: Wbp) kennis te nemen van de namen van de zorgverleners die inzage in haar medisch patiëntendossier hebben genomen, afgewezen.”
2 tags
Jure.nl | NL | LJN BV6122, Rechtbank Amsterdam,... →
Inhoudsindicatie:
“Via de websites van Google Maps en Google Street View kan het vestigingsadres van een stichting worden gevonden. Tevens is een satelietfoto van het betreffende pand te zien en geblurde foto’s van de oprit. In de naam van de stichting komen de namen van twee natuurlijke personen voor die woonachtig zijn op het vestigingsadres van de stichting. De betreffende bewoners...
2 tags
Sacha Romanosky, David A. Hoffman and Allessandro... →
Abstract:
“In recent years, a large number of data breaches have resulted in lawsuits in which individuals seek redress for alleged harm resulting from an organization losing or compromising their personal information. Currently, however, very little is known about those lawsuits. Which types of breaches are litigated, which are not? Which lawsuits settle, or are dismissed? Using a unique...
1 tag
Adrienne Felt and David Evans | Privacy protection... →
Abstract:
“Social networking platforms integrate third-party content into social networking sites and give third-party developers access to user data. These open interfaces enable popular site enhancements but pose serious privacy risks by exposing user data to third-party developers. We address the privacy risks associated with social networking APIs by presenting a privacy-by-proxy design...
2 tags
European Court of Justice | EU | [SABAM] v Netlog... →
From the judgement:
“38. In the light of the foregoing, it must be held that the injunction imposed on the hosting service provider requiring it to install the contested filtering system would oblige it to actively monitor almost all the data relating to all of its service users in order to prevent any future infringement of intellectual-property rights. It follows that that injunction would...
1 tag
Rechtswinkel 'de Clinic' | NL | Eerste hulp bij... →
Uit de inleiding:
“Hoewel het internet onbegrensd lijkt, is het heel makkelijk om juridische grenzen te overschrijden. Internetgebruikers weten daarom vaak niet dat ze onrechtmatig handelen. Deze gids gaat over de meest voorkomende juridische valkuilen voor iedereen die gebruik maakt van het internet: bloggers, ‘surfers’ en hobbyisten.”
1 tag
W.H. van Holst | NL | De derde landen problematiek... →
Uit het commentaar:
“Onlangs is een aantal wijzigingen in de Wet bescherming persoonsgegevens (Wbp) van kracht geworden die met name de doorgifte van persoonsgegevens naar zogenaamde derde landen beoogt te vereenvoudigen. Enige kritische kanttekeningen bij de meest in het oog springende wijziging: het mogelijk maken van doorgifte van persoonsgegevens naar derde landen zonder een...
1 tag
EDRi-Gram - Number 10.3, 15 February 2012 →
European Anti-ACTA protests of 11 February
European Commission discusses tactical, partial retreat on ACTA
EC “Roadmap” for review of the IPR Enforcement Directive
Hadopi takes the final steps towards cutting Internet access
Two Strikes in Germany?
Software-hardware bundling not accepted in France
UK: 3 million checks on criminal records in 2011
RFID - a dangerous fashion...
2 tags
Arjen K. Lenstra, James P. Huges, Maxime Augier,... →
Abstract:
“We performed a sanity check of public keys collected on the web. Our main goal was to test the validity of the assumption that different random choices are made each time keys are generated. We found that the vast majority of public keys work as intended. A more disconcerting finding is that two out of every one thousand RSA moduli that we collected offer no security. Our...
2 tags
European Parliament| EU | Does it help or hinder?... →
Abstract:
“This study investigates the interplay between Internet innovation and privacy. We propose working definitions of innovation and privacy and review the literature about their interaction. We interpret the possible tensions and problems in terms of market and system failures and analyse the relevant legal and policy aspects in relation to examples of privacy invasion and/or...
2 tags
EDPS | EU | Follow-up report to the 2010 EDPS... →
From the Executive Summary:
“In March 2010, the European Data Protection Supervisor (EDPS) issued Video-Surveillance Guidelines […]. This public Report is a systematic and comparative analysis of the status reports received from a total of 42 European Union institutions and bodies […]. Next to highlighting best practices this report underlines shortcomings in those bodies lagging...
2 tags
Ralph Broenink | Using browser properties for... →
From the Abstract:
“It is widely known that cookies can be used to track users. However, even privacy-aware users are trackable by the properties the browser sends with every request. Based on information like the browser vendor, plugin versions and the installed fonts, a fingerprint may be created that uniquely identies a browser.”
1 tag
EDRi-gram newsletter - Number 10.2, 1 February... →
Email Newsletter EDRi-gram 10.2 delayed
ACTA - Frequently Asked Questions
Data Protection Week 2012: CPDP and the BarCamp
Police frequently uses Silent SMS to locate suspects
The Lobby on ACTA is reaching a new level
ACTA “uprising” in Poland
FAVA’S bill: Another attempt to limit civil rights in Italy
Geolocation censorship to be applied by Twitter
Belgian Big Brother Awards...
2 tags
Rob Heyman, Jo Pierson and Ike Picone (IBBT-SMIT)... →
From the Abstract:
“Social media and its main revenue model, advertising, have brought privacy issues along. This deliverable maps the process wherein Personal Identifiable Information (PII) is gathered and commodified as a sellable service.”
2 tags
Sophos | Security threat report 2012 →
From the Foreword:
“Over the past year we in the IT security industry have seen a growing awareness of the work we do. In 2011, a number of highly visible cyberattacks made news headlines around the world, but the underlying problem affects us all. It seems that the cybercriminals are getting bolder in their attacks as the availability of commercial tools makes mass generation of new...
2 tags
NIST | Guidelines on security and privacy in... →
Abstract:
“Cloud computing can and does mean different things to different people. The common characteristics most share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and dislocation of data and services from inside to outside the organization. While aspects of these characteristics have been...
2 tags
EC | EU | Commission proposes a comprehensive... →
From the main page:
“The European Commission has today proposed a comprehensive reform of the EU’s 1995 data protection rules to strengthen online privacy rights and boost Europe’s digital economy. Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used. In addition, the 27 EU Member States have implemented the 1995 rules...
1 tag
ENISA | Report on trust and reputation models -... →
From the Executive summary:
“Reputation systems are a key success factor of many websites, enabling users and customers to have a better understanding of the information, products and services being provided. However, by using reputation systems, European Union (EU) citizens place themselves at additional risk.”
2 tags
Derek E. bambauer | Conundrum (SSRN) →
From the Abstract:
“Cybersecurity is a conundrum. Despite a decade of sustained attention from scholars, legislators, military officials, popular media, and successive presidential administrations, little if any progress has been made in augmenting Internet security. Current scholarship on cybersecurity is bound to ill-fitting doctrinal models. It addresses cybersecurity based upon...
1 tag
EDRi | EU | The EDRi Papers →
‘Activist guide to the Brussels Maze’; ‘EU Surveillance’; and ‘How the internet works’.