Home Tags UK government

Tag: UK government

Facebook, Google, etc: Yeah, yeah, we’ll work on the nasty stuff...

US tech giants react to UK Home Secretary Rudd Big Tech has told the UK government it will do more to remove extremist content from their networks, but has refused to offer concessions on encryption.…

Ex-military and security firms oppose Home Sec in WhatsApp crypto row

'We are in real trouble if we apply blunt weapons to this' UK government ministers calling for increased surveillance abilities in the wake of last Wednesday's terrorist attack have encountered opposition from a somewhat unexpected quarter.…

UK targets WhatsApp, encrypted messaging apps following London attack

The UK government has focused its attention on WhatsApp, claiming there should be "no place for terrorists to hide."

Big US companies pull YouTube ads after extremist content sparks uncertainty

The ads might not have run over hateful videos, but they're not taking any chances.

Amid boycott, Google changes ad policy to give advertisers more control

More policing tools for both sides of the aisle.

UK government suspends YouTube ads after some appear on extremist videos

A number of UK organizations pulled their ads from the online video platform.

UK government seeks stronger anti-laser strike laws through new bill

Law would hew closer to US regulations; UK cops wouldn't have to prove aircraft danger.

Trustis to provide Vormetric Data Encryption Service from Thales on G-Cloud

Vormetric data encryption will be available as a service to the public sector on the Government’s new G-Cloud 8 Framework; Delivers a high assurance and agile key management platform for HMGLONDON, England – 31 January 2017 Thales, a leader in critical information systems, cybersecurity and data security, announces that its specialist cryptographic services provider Trustis has been awarded a place on G-Cloud 8, the UK Government’s cloud services procurement framework.

Trustis is making Vormetric data... Source: RealWire

EU policy makers consider FRAND licensing of machine-generated data

Anonymised app data silos impede movement EU policy makers are considering introducing a new licensing regime for anonymised "machine-generated data". It is one of the options the European Commission said could be introduced to facilitate greater access to the ever-growing volumes of data generated by "computer processes, applications or services, or by sensors processing information received from equipment, software or machinery, whether virtual or real". The options were outlined in a new Commission communication on building the European data economy, which was accompanied by an online consultation.

The paper was also published alongside other plans relevant to the use of data, including a draft new e-Privacy Regulation and a communication on exchanging and protecting personal data in a globalised world. At the moment, much of the data that is generated is retained and analysed in "silos" by the generators of that information, the Commission said.

This makes it difficult for businesses and organisations to extract the maximum value from that data, it said.

The Commission said it intends to discuss how to address the issue with EU countries. A data licensing regime is one option that could be developed depending on the outcome of those discussions, the Commission said. "A framework potentially based on certain key principles, such as fair, reasonable and non-discriminatory (FRAND) terms, could be developed for data holders, such as manufacturers, service providers or other parties, to provide access to the data they hold against remuneration after anonymisation," the Commission said. "Relevant legitimate interests, as well as the need to protect trade secrets, would need to be taken into account." "The consideration of different access regimes for different sectors and/or business models could also be envisaged in order to take into account the specificities of each industry.

For instance, in some cases, open access to data (full or partial) could be the preferred choice both for firms and for society," it said. Other options that could be taken forward include potentially developing new guidelines to incentivise businesses to share the non-personal data they have and granting public bodies special rights of access to data where this is in the "general interest". New default contracts rules could also be set to facilitate access to data in accordance with benchmarks that account for the different bargaining positions that businesses in the market have, the Commission said.
It also said a new "data producer's right" could be introduced. "A right to use and authorise the use of non-personal data could be granted to the 'data producer', i.e. the owner or long-term user (i.e. the lessee) of the device," the Commission said. "This approach would aim at clarifying the legal situation and giving more choice to the data producer, by opening up the possibility for users to utilise their data and thereby contribute to unlocking machine-generated data." "However, the relevant exceptions would need to be clearly specified, in particular the provision of non-exclusive access to the data by the manufacturer or by public authorities, for example for traffic management or environmental reasons. Where personal data are concerned, the individual will retain his right to withdraw his consent at any time after authorising the use. Personal data would need to be rendered anonymous in such a manner that the individual is not or no longer identifiable, before its further use may be authorised by the other party.
Indeed, the GDPR continues to apply to any personal data (whether machine generated or otherwise) until that data has been anonymised," it said. In its paper, the Commission also said it wants to deliver "meaningful portability for non-personal data".

The GDPR will introduce data portability obligations in respect of some personal data.

The Commission said similar data portability rules to those in the GDPR could be established for non-personal data.

Alternatively, it could develop "standard contract terms requiring the service provider to implement the portability of a customer's data". The Commission said it is also looking to determine whether existing EU product liability rules "remain appropriate for emerging technologies such as IoT (the internet of things) and autonomous connected systems".
It has opened a separate consultation on the issue, which is open until 26 April. The Commission said that in future, it could decide to assign liability to businesses on the basis that they generate "a major risk for others", or because they are "best placed to minimise or avoid the realisation of such risk".
It said it could also introduce "voluntary or mandatory insurance schemes" that align with those new liability rules. "[The insurance schemes] would compensate the parties who suffered the damage (e.g. the consumer)," the Commission said. "This approach would need to provide legal protection to investments made by business while reassuring victims regarding fair compensation or appropriate insurance in case of damage." The UK government recently set out how it intends to address the issue of insurance pay-outs to innocent victims of collisions involving driverless cars, and the underlying liability for those incidents. The Commission's paper also referenced its concerns about unjustified restrictions on where data is stored and processed.
It said the removal of those restrictions could deliver an €8 billion boost to the EU economy, as well as provide for substantial environmental benefits. It said "data localisation" measures are a barrier to "the wider adoption of cloud storage and computing" and that "a more efficient use of IT resources could contribute to the reduction of energy consumption and carbon emissions by net 30% or more". "The global energy-efficient data centre market is expected to grow to almost €90 billion by the end of 2020," the Commission said. "A fragmented data services market would hinder the full development of these more energy-efficient services in the EU and also put at risk the willingness to invest." The Commission said a new "principle of free movement of data within the EU" should guide decision making by EU countries affecting data storage or processing. Observing that principle would serve as "as a corollary of their obligations under the free movement of services and the free establishment provisions of the Treaty [on the Functioning of the EU] and relevant secondary legislation", it said "Any current or new data location restrictions would need to be carefully justified under the Treaty and relevant secondary law to verify that they are necessary and proportionate to achieve an overriding objective of general interest, such as public security," the Commission said. "The principle of free movement of personal data enshrined in primary and secondary law should also apply in the cases where the GDPR allows member states to regulate specific matters. Member states should be encouraged not to make use of the opening clauses in the GDPR to further restrict the free flow of data," it said. The Commission said it could "launch infringement proceedings" against EU countries that do not respect the principle, and that it "may also take further initiatives on the free flow of data" if it deems it necessary to "address unjustified or disproportionate data location measures". Copyright © 2016, Out-Law.com Out-Law.com is part of international law firm Pinsent Masons. Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub

UK fails to gag press over ID of ex-spy at center...

EnlargeSpencer Platt/Getty Images reader comments 48 Share this story His name is now scribbled all over the Web, and the ex-MI6 man who is alleged to have compiled a dossier containing unsubstantiated and lurid claims about US President-elect Donald Trump is reportedly in hiding. However, despite the details being readily available online, the UK's ministry of defence—following a long-standing practice—politely requested the British press to carefully consider the potential consequences of disclosing the individual's name.
In a letter to editors and publishers, retired RAF Air Vice-Marshal Andrew Vallance, who holds the post of defence and security media advisory secretariat, said on Wednesday: In view of media stories alleging that a former SIS [secret intelligence service; MI6] officer was the source of the information which allegedly compromises president-elect Donald Trump, would you and your journalists please seek my advice before making public that name. The guidance was given through fear that revealing the identity of the ex-MI6 man "could assist terrorist or other hostile organisations." Nonetheless, the BBC and other major British news organisations have disclosed details of the individual, whose name and current directorship at a London-based private security firm was initially published in the US press and heavily shared on social media. But such a decision by the BBC and others is a stark departure from the past when publications and broadcasters that received a so-called D-notice (defence notice), later replaced by a DA-notice (defence advisory notice), would often fall into line with the MoD's request in a very British spirit of collaboration. Enlarge / Google quit the D-notice committee in response to the Snowden revelations. NOVA/PBS The D-notice first came into play in 1912, two years before World War I broke out, when Whitehall mandarins decided that an organisation should be created that addressed matters of national interest. Members of the press were included on the advisory panel, and they remain so to this day. However, the makeup has changed a little: the likes of Google representatives have sat on the committee, for example, though, the US ad giant withdrew its voluntary support in light of Edward Snowden's damning disclosures about the NSA. Historically, publishers and editors have largely responded in kind to the frightfully polite requests from the MoD. Members of the committee have long argued that it doesn't amount to censorship from the British government, instead insisting that they are simply exercising restraint with stories that may, on reflection, damage national security.

But Vallance and his predecessors can only gently nudge the press to consider the sensitive material they have in their possession before publishing it. Where disputes arise between the government and publications, Vallance works independently as a go-between to "help resolve disagreement about what should be disclosed" before any legal action is taken against the press to suppress information by way of a court injunction. But today, the relevance of the D-notice—as it continually tends to be described—seems to be slowly ossifying, and we can see this from the decision by the likes of the BBC to publish the name of the ex-spy at the centre of the uncorroborated Trump dossier story, which claims that Russia has compromising information about the president-elect. In 2015, in acknowledgement that it was becoming increasingly difficult to put a lid on sensitive information being shared online, the UK government renamed the DA-notice to the Defence and Security Media Advisory (DSMA)—a system which currently costs £250,000 a year to run.

The inclusion of the word "security" is perhaps there to try to make it crystal clear to the media that supposedly risky disclosures endanger not only military and spook-types, but also British citizens. But, while it continues to try to sign up more digital and social media representatives, the DSMA committee has admitted that there is "no obvious answer" to the challenges presented by the Web.
It has previously argued that the "mainstream media" remains the superior source for news, regardless of gossipy tittle-tattle—no matter how inflammatory or lacking in reality—that is shared online.

Events in recent months, though, seem to suggest that the line is more blurred than ever before because it is far less clear who is setting the news agenda. We're in for a long four years if the answer turns out to be Trump's Twitter account. This post originated on Ars Technica UK

GCHQ feeds first crop of infosec startups to Cyber Accelerator

Tech 'créche' will nurture firms to compete on the world stage The first infosec startups selected for the GCHQ Cyber Accelerator have been unveiled. The accelerator, which officially launches in Cheltenham later today, is part of a UK government-funded Cyber Innovation Centre. The tech créche is designed to nurture information security startups to the point where they can compete on the world stage, boosting British exports in the process. The seven early stage startups selected will receive benefits including access to technological and security expertise, networks, office space and mentoring during a three-month development programme. Contact with an extensive investor network and access to GCHQ's personnel and technical expertise form part of the package. The "magnificent seven" companies selected to join the programme include: CounterCraft, which has developed a cyber-security deception platform, designed to fool hackers with decoy computers, false data and fake identities Cyberowl, an early warning system for cyber attacks Cybersmart, a platform that automates implementation, certification and compliance with cyber-security standards FutureScaper, a collective intelligence platform that provides data visualisations that gives security analysts a better handle on security threats Spherical Defence, an intrusion detection system geared to the needs of the banking sector and featuring deep-learning technology StatusToday, providers of technology designed to detect insider attacks and inadvertent mistakes Verimuchme, a digital wallet and exchange platform The accelerator is a partnership between GCHQ, the Department of Culture, Media and Sport (DCMS), and Wayra UK, the corporate accelerator that is part of the global Telefónica Open Future_ network. The cyber-security sector contributes around £2bn a year in exports to the UK economy, according to backers of the new programme. The accelerator forms part of the Cheltenham Innovation Centre, the first of two innovation centres created as part of the government's National Cyber Security Programme. A second innovation centre will open in London later this year. DCMS is contributing up to £50m over the next five years to deliver the two innovation centres. Minister of State for Digital and Culture Matt Hancock MP said: "I congratulate all the companies selected to join the new accelerator facility which is now open for business. This is an important step in delivering our National Cyber Security Strategy, and supported by £1.9bn transformative investment in cyber security. Based in Cheltenham, the accelerator will help UK entrepreneurs create cutting-edge technology to better protect the nation from cyber attacks and make going online safer for all." Government ministers backed plans for GCHQ to become an incubator for the next generation of infosec firms, first floated two years ago. The idea is inspired, in part, by the production line of successful cyber-security firms set up by alumni from Unit 8200, Israel's military intelligence unit. They have gone on to found Check Point, Palo Alto Networks, and numerous successful security firms. These companies went through their incubator phase while their future founders were serving compulsory military service, which even taken alone is a big difference from the UK model. The cyber-security company production line in Israel is 30 years old and therefore well established, not least thanks to links with US companies, investors and entrepreneurs. Team8, a cyber-security foundry created by members Unit 8200, this week announced a strategic funding round with investments from Microsoft and Qualcomm, among others. Team8 has raised $92m to date from previous investors including AT&T, Accenture and Eric Schmidt's Innovation Endeavors. This is all a long way from a three-month boot camp close to GCHQ but, then again, you have to start somewhere, assuming you agree that government has a role in backing this sort of investment, which is open to debate. ® Sponsored: Next gen cybersecurity. Visit The Register's security hub

UK Parliament suddenly remembers it wants to bone up cyber security...

Well, they did say it was a priority in 2010 The UK parliament launched an inquiry into cyber-security on Tuesday. The investigation by MPs and peers follows weeks after the UK government committed to spending £1.9bn between 2016 and 2021 as part of an update to the UK’s National Cyber Security Strategy. Protecting critical national infrastructure organisations (utilities, transport, banking etc) has been recognised as a priority by successive UK governments since the 2010 defence review, if not earlier.

Government commitment to the issue was underlined by the launch of the National Cyber Security Centre, which will co-ordinate response to security threats and develop best practice guidelines. Contentious allegations that state-sponsored Russian hackers were behind a hack on the US Democratic Party during last year’s US presidential election has added another dimension to an already pressing problem of how to defend the UK against hacking attacks.

The Parliamentary Joint Committee on the National Security Strategy is running the inquiry.
Its findings are likely to be influential but not binding on ministers, if historical precedent is any guide. The chair of the Joint Committee on the National Security Strategy, Margaret Beckett MP, commented: “Attention has recently focused on the potential exploitation of the cyber domain by other states and associated actors for political purposes, but this is just one source of threat that the Government must address through its recently launched five-year strategy.” The Committee is inviting written submissions that address various element of government cyber-security strategy including overall objectives, working with the private sector and bridging the skills gap, among other topics.

The development of “offensive cyber capabilities and the norms governing their use”, are also on the agenda for discussion.
Sessions where invited speakers are quizzed are likely to follow on from the written submissions but there’s no timetable on that - much less when a final report will be published - as yet. ® Sponsored: Want to know more about Privileged Access Management? Visit The Register's hub