Black Hat Europe Has Concerns About EU Metadata

Uploaded on 2016-11-11 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

Metadata is being collected on us by new technologies and government actions, but is there the intelligence to join the dots?

In the closing “locknote” of Black Hat Europe, Daniel Cuthbert, chief operating officer of SensePost was asked by Black Hat founder and US Department of Homeland Security Advisory Council member Jeff Moss if he felt the Investigatory Powers Bill was all negative. Cuthbert acknowledged the difficulties in accepting it, but also the promises it could deliver on detecting sex offenders.

He said: “It is now in the public eye, but the police don’t have a handle on criminality and cannot respond as forensic investigation using metadata is not part of traditional policing. It is true that the Investigatory Powers Bill has got some awful parts of it, but some parts of it are trying to help.”

Asked by Moss if he felt that it was an effort by UK Government to try and achieve lots of things in one effort, Cuthbert said that the UK does have a problem with child exploitation, and police can arrest a suspect and get a warrant to search their devices, and also store metadata but that is harmless until the dots are joined.

Also on the panel, Veracode CTO and co-founder Chris Wysopal said that systems are now being designed in a way to not get access to the encryption keys, and often the design was part of the problem. 

Moss pointed to the case from this week about Admiral Insurance using a Facebook API to gather information for insurance calculations, and applying it to customers.

Wysopal said: “That is not what Facebook was intending and maybe they are jealous that they didn’t think of it!”

Sharon Conheady, director of First Defence Information Security said that as people had not opted in, what was fascinating was that the data being collected was not to do with driving skills, but looking at personality traits that apply to safe drivers.

Asked by Moss where this leads and is this something to worry about, Conheady said that this was an example of the ‘Uber ride of glory’ where information is being used and users worry about what they are giving away, as now we are more connected and people are not worried.

“We don’t feel the pain of the decision immediately, but we may feel it seven months later,” said Moss.

Infosecurity
 

« France Creates A Big Brother Data File
The US Cyber Threat Against Russia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Council on Foreign Relations (CFR)

Council on Foreign Relations (CFR)

CFR is dedicated to better understanding the world and the foreign policy choices facing the USA and other countries. Cyber security is covered within the CFR topic areas.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Cybrary

Cybrary

Cybrary is an open-source cyber security and IT learning and certification preparation platform.

PSYND

PSYND

PSYND is a Swiss consultancy company based in Geneva specialized in CyberSecurity and Identity & Access Management.

Phosphorous Cybersecurity

Phosphorous Cybersecurity

Phosphorus has fully automated remediation of the two biggest IoT vulnerabilities, out of date firmware and default credentials.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

CyberSecJobs.com

CyberSecJobs.com

CyberSecJobs.com is a career site and job fair company providing services and resources to the cyber security community.

Reed

Reed

reed.co.uk is a leading job site in the UK, providing a full online service for anyone looking for a new job.

ISA Security Compliance Institute (ISCI)

ISA Security Compliance Institute (ISCI)

ISCI, a not-for-profit automation controls industry consortium, manages the ISASecure™ conformance certification program for industrial automation and control systems.

ContraForce

ContraForce

ContraForce is a threat detection and response software providing complete visibility across cloud, network, endpoints, user, and email with the ability to target and block threats in real-time.

ShieldApps

ShieldApps

ShieldApps comprehensive suite of products is designed to protect your personal devices from privacy threats, including hacking attempts, online tracking, fingerprinting, phishing, malware, and more.

Wisetek

Wisetek

Wisetek is a global provider of end-to-end IT Asset Disposition (ITAD), reuse and secure data destruction management services to the world’s leading IT Corporations, data centres and manufacturers.

Venustech

Venustech

Venustech is a leading provider of network security products, trusted security management platforms, specialized security services and solutions.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.

Hexens

Hexens

Hexens introduces a whole new approach to cybersecurity solutions. Indisputable skills and a unique super-focused perspective on every single case are the values we create.

Levio

Levio

Levio is a digital native business and technology consulting firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model.