Securing Private Communications LE K E NP RA A T JE

Similar documents
Any Colour You Like The History (and Future?) of Communications Security Policy

Acquia Comments on EU Recommendations for Data Processing in the Cloud

INFORMATION TECHNOLOGY Policy 8400 (Regulation 8400) Data Security

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

Selecting a Law Firm Cloud Provider: Questions to Ask and Ethical/Security Concerns

Government Surveillance, Hacking, and Network Security: What Can and Should Carriers Do? Kent Bressie PITA AGM, Tonga April 2015

Network and Information Security Legislation in the EU

Summary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act

Advanced Eye Care & Optical 499 E Winchester Blvd., Suite 101 Collierville, TN Phone: Fax:

Iowa Student Loan Online Privacy Statement

ClickTale Security Standards and Practices: Delivering Peace of Mind in Digital Optimization

Great ideas, big data and little privacy? Bart Preneel iminds and COSIC KU Leuven

10 Hidden IT Risks That Might Threaten Your Business

Cyber-Security. FAS Annual Conference September 12, 2014

Data Protection Policy

12 Security Camera System Best Practices - Cyber Safe

On-Line Privacy Statement

Big Data, Big Risk, Big Rewards. Hussein Syed

Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on

3Degrees Group, Inc. Privacy Policy

10 Hidden IT Risks That Might Threaten Your Law Firm

DESTINATION MELBOURNE PRIVACY POLICY

Security and Control of Data in the Cloud with BitTitan Data Encryption

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

Presented by Evan Sylvester, CISSP

UAB MY HEALTH REWARDS BIOMETRIC SCREENING PROGRAM NOTICE OF HEALTH INFORMATION PRACTICES

Software as a Service (SaaS) Requirements

Chapter 6: Fundamental Cloud Security

Maximum Global Business Online Privacy Statement

The potential legal consequences of a personal data breach

Bodywhys Privacy Policy

ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY

ESTRO PRIVACY AND DATA SECURITY NOTICE

HIPAA Privacy and Security

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

Legal and Ethical Issues in Computer Security

Birkam Health Center Ferris State University NOTICE OF PRIVACY PRACTICES

SSL and Browsers: The Pillars of Broken Security

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009

WEBSITE PRIVACY POLICY. Last modified 10/20/11

Privacy and data protection in a post-snowden world. Carly Nyst Head of International Advocacy

CMPT 471 Networking II

Patriot Act Impact on Canadian Organizations Using Cloud Services

FKCC AUP/LOCAL AUTHORITY

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Electronic Payment Works

ONLINE PRIVACY POLICY

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

The Risks of Cloud Storage

Delivering peace of mind in digital optimization: Clicktale's security standards and practices

Green Pharm is committed to your privacy. We disclose our information practices below and we agree to notify you of:

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release)

Information Management and Security Policy

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Privacy and Management of Health Information: Standards for CARNA s Regulated Members

Please read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy.

Privacy Policy. PortfolioTrax, LLC v1.0. PortfolioTrax, LLC Privacy Policy 2

Jeff M. Bauman, Psy.D. P.A. and Associates FLORIDA-HIPAA PRIVACY NOTICE FORM

CLOUD COMPUTING Contractual and data protection aspects

NSA Surveillance, National Security and Privacy

Adaptive Business Management Systems Privacy Policy

Introduction to Computer Security

Sibford School Student Computer Acceptable Use Policy

Management and Storage of Sensitive Information UH Information Security Team (InfoSec)

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.

2. What personal information do we collect and hold?

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

HIPAA Privacy & Security White Paper

Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Transcription:

Securing Private Communications LE K E NP RA A T JE Protecting Private Communications Security in E.U. Law: Fundamental Rights, Functional Value Chains and Market Incentives 25 November 2015, Lekenpraatje Ph.D. Thesis Defense, Aula @ University of Amsterdam

Dutch government: stop using the internet work with letters and bank cheques, just like me!

We Must Do Something. This Is Something. Therefore, We Must Do It

cloud computing & Patriot Act

Reaction Dutch government: NSA will respect Dutch patient privacy!

Reaction Amazon: Fearmongers!

General Research Question Thesis: How should the EU lawmaker protect private communications security?

OUTLINE Communications security Why communications security fails Systemic flaws in E.U. communications law Recommendations

OUTLINE Communications security Why communications security fails Systemic flaws in E.U. communications law Recommendations

Communications Security... Protects: Confidentiality Integrity Availability of information transmitted through networks/systems

has been around for a while

1989: HTTP p2p: files SMTP: mail IP = Foundation 'network' society

domestication: digital technology is our BFF

IP great for availability, but: communications... confidentiality?... integrity?

OUTLINE Communications security Why communications security fails Systemic flaws in E.U. communications law Recommendations

Failure classes: Technology Users Markets Surveillance

Failure classes: Technology Users Markets Surveillance

Snowden Disclosure: TEMPORA Bulk intercepts Submarine cables

HTTPS: Snowden disclosure MUSCULAR

article: Loopholes to Circumvent the Constitution in both law and technology

Last Week!

If you secure one part of communications network, Breaches move to the next part of the network. Ergo: Law should secure the entire communications value chain

Failure classes: Technology Users Markets Surveillance

icloud Fail! Lesson 1: protect against brute force password guessing hack

Why? market failure by user lock-in Not Apple, but users feel the pain of hack

Known for long HTTPS: deep security flaws Many CAs hacks All kept silent All CAs are a weakest link!

Across communications security: Highly concentrated security markets HTTPS market 3 CAs sell 75% certs 5 CAs sell 90% certs For top 1k, top 100k and top 1m domains Across web, similar market dynamics

Market failures across security markets: Information asymmetries Negative externalities User lock in

OUTLINE Communications security Why communications security fails Systemic flaws in E.U. communications law Recommendations

Historical analysis: 25 years of EU communications law

Current laws have old legacies: fx. Breaking state monopolies Not 'scoped' to same functionality regulated

HTTPS communications: Only CAs (weakly) regulated

Not exactly securing the entire communications value chain EU law offers a patchwork of protection

Intensely successful lobbying Some gems of the mid 90s

8 april 2014, E.U. Court Data Retention Directive Void

Landmark ruling: Human Right to Communications / Data Security 1. Para. 66 on c.i.a.-triad: no sufficient safeguards to ensure full confidentiality and integrity : Quantity Data Sensitivity Data Risk of Abuse 1. 67: Wrongly permits economic considerations for IT-security

A Constitutional First Line of Defense

OUTLINE Communications security Why communications security fails Systemic flaws in E.U. communications law Recommendations

Research Question: How should the EU lawmaker protect private communications security?

5 general recommendations: The EU lawmaker should: 1. 2. 3. 4. Implement human rights obligations Resist regulatory capture by national security Definition: ensure all elements of the c.i.a.-triad Scope: technology-neutral along entire communications value chain 5. Intervene in persistent market failures BONUS! Use analytical model developed in case studies :)

reform inevitable on long term

Or else. work with letters and bank cheques, just like Mr. Donner!

Securing Private Communications LE K E NP RA A T JE Protecting Private Communications Security in E.U. Law: Fundamental Rights, Functional Value Chains and Market Incentives 25 November 2015, Lekenpraatje Ph.D. Thesis Defense, Aula @ University of Amsterdam

Thesis, papers, presentations: https://www.axelarnbak.nl

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information