Category

News

UK to tighten takeover rules to protect national security

By | News, Security
The UK Department for Business, Energy and Industrial Strategy (BEIS) has published a Green Paper with plans to bolster government powers to intervene in corporate mergers and takeovers involving high-tech goods and services to protect national security, and is consulting on what other powers it might need.
In the short term, the government will reduce the turnover threshold that limits its existing powers to intervene in corporate takeovers. At the moment, the Competition and Markets Authority powers only apply to takeovers where the target company has a turnover of at least £70m per year. For companies producing goods and services for military use, or “dual-use” technologies that can be used for military purposes, this is to be reduced to cover any company with a turnover in excess of £1 million. It will also reduce the takeover threshold to £1million turnover per annum for companies involved in the creation, design or support of “multi-purpose computing hardware” and quantum-based technology.
 
In the longer term, the government is looking at a range of options, including

  • extending existing powers to intervene in corporate takeovers, so that they would also apply to new projects, the acquisition of land near sensitive locations, and the sale of “bare assets” (e.g. equipment, intellectual property, or divisions of a business) not involving the sale of the entire company; and
  • creating a mandatory obligation on companies to notify the Competition and Markets Authority when they are targetted for takeover.

The deadline for commenting on the changes to takeover thresholds is 14th November 2017, and for the longer term reforms is 9th January 2018.

UK Government publishes Internet Safety green paper

By | Content Issues, Malware and DOS attacks, News

The UK Government has announced proposals for a voluntary levy on Internet companies “to raise awareness and counter internet harms”. The government has said that the levy would target issues such as cyberbullying, online abuse and children being exposed to pornography on the Internet.

The levy is one of a series of measures proposed in the Internet Safety Green Paper, which is the result of a consultation launched in February. The other measures include:

·       A new social media code of practice to require more intervention by social media companies against allegedly bullying, intimidating or humiliating content

·       An annual Internet safety transparency report, to help government track how fast social media companies remove material that has been the subject of a complaint

·       Demands for tech and digital startups to “think safety first” – prioritising features to facilitate complaints content removal as functionality that must be into apps and products from the very start

All the measures will be voluntary although the government has not ruled out legislating if companies refuse to take part. In remarks that will be of concern to Internet companies, the Culture Secretary Karen Bradley hinted that the government could change the legal status of social media companies, to deem them publishers rather than platforms, which could mean even greater regulation of their users’ content.

“Legally they are mere conduits but we are looking at their role and their responsibilities and we are looking at what their status should be. They are not legally publishers at this stage but we are looking at these issues,” she said.

The consultation will close on 7 December, and the government expects to respond in early 2018.

Amber Rudd focusses on Internet in conference speech

By | Content Issues, News
Home Secretary Amber Rudd focussed on Internet policy issues in her speech to the Conservative Party Conference in Manchester. The Home Secretary reiterated her demands for Internet platforms to do more to combat terrorism and child abuse.
Rudd announced plans to tighten terrorism laws to criminalise merely viewing terrorist content, as opposed to keeping a copy found on the Internet, as well as new legislation to criminalise publishing information about the police or armed forces for the purposes of preparing an action of terrorism.Internet companies, however, will be most directly concerned with the Home Secretaries demands directly of them.

“But it is not just Government who has a role here. In the aftermath of the Westminster Bridge attack, I called the internet companies together. Companies like Facebook, Google, Twitter and Microsoft. I asked them what they could do, to go further and faster.

They answered by forming an international forum to counter terrorism. This is good progress, and I attended their inaugural meeting in the West Coast.

These companies have transformed our lives in recent years with advances in technology.

Now I address them directly. I call on you with urgency, to bring forward technology solutions to rid your platforms of this vile terrorist material that plays such a key role in radicalisation.

Act now. Honour your moral obligations.”

— Home Secretary Amber Rudd

The Home Secretary announced that the government would be funding Project Arachnid, web-crawler software developed by the Canadian child protection Cybertipline, designed to search out child abuse imagery online.

“It is software that crawls, spider-like across the web, identifying images of child sexual abuse, and getting them taken down, at an unprecedented rate.

Our investment will also enable internet companies to proactively search for, and destroy, illegal images in their systems. We want them to start using it as soon as they can.

Our question to them will be ‘if not, why not’. And I will demand very clear answers.”

— Amber Rudd

Rudd also doubled down on previous attacks on end-to-end encryption in person-to-person messaging software

“But we also know that end to end encryption services like Whatsapp, are being used by paedophiles. I do not accept it is right that companies should allow them and other criminals to operate beyond the reach of law enforcement.”

— Amber Rudd

Speaking earlier at a conference fringe event, she hit back at critics who accuse her of fighting a war against mathematics, saying

“I don’t need to understand how encrpytion works”,

— Amber Rudd

And accusing tech experts of “patronising” and “sneering” at politicians who want to regulate technology.

Websites discovered using their users’ computers to mine cryptocurrency

By | General, News

Two websites have been discovered to be using their users’ computers and phones to mine cryptocurrency without their consent in a bid to compensate for the continuing collapse in online advertising revenues.

The two sites, BitTorrent search engine, The Pirate Bay, and US video streaming service, Showtime, have now both removed the mining code from their sites after users noticed its existence. The Pirate Bay admitted the practice in mid-September posting that the code was “just a test” and that it was carried out with a view to removing all adverts from the site. Showtime has yet to answer questions about why it was using the code.

The practice is controversial, and has been compared to running malware on user’s computers, as it slows down user’s machines and can also drain their batteries or greatly increase their electricity bills. Meanwhile, the user receives no benefit as all the revenue generated by the mining is collected by the website. The question is whether users will see this as an acceptable trade-off if sites begin to use it as an alternative solution to online ads.

UK prime minister calls on internet firms to remove extremist content within two hours

By | Content Issues, International, News

The UK prime minister, Theresa May, has told internet companies that they need to go “further and faster” in removing extremist content in a speech to the United Nations general assembly. The prime minister said that terrorist material is still available on the internet for “too long” after being posted and has challenged companies to find a way to remove it within two hours. The material in question can include links to videos glorifying terrorism and material encouraging converts to commit terrorist acts.

In her speech, May said:

“Terrorist groups are aware that links to their propaganda are being removed more quickly, and are placing a greater emphasis on disseminating content at speed in order to stay ahead.

Industry needs to go further and faster in automating the detection and removal of terrorist content online, and developing technological solutions that prevent it being uploaded in the first place.”

The UK, together with France and Italy, is demanding evidence of progress by the time of a meeting of G7 interior ministers in Rome on 20 October.

Electoral Commission proposes voting ban for social media trolls

By | News
The Electoral Commission has suggested social media trolls who abuse politicians should lose their right to vote, in a submission to the Committee on Standards in Public Life.
A voting ban could “could act as a deterrent to abusive behaviour”, the Commission wrote in comments on the CSPL’s investigation into intimidation in the 2017 General Election. The Electoral Commission is the UK’s regulator for general and local government elections.The Electoral Commission wrote
 

21. In some instances, electoral law does specify offences in respect of behaviour that could also amount to an offence under the general criminal law. This is often because electoral offences have special consequences, in that their commission could invalidate the election result and result in the person convicted losing their elected office and/or being subject to a period of disqualification from being registered as an elector, voting in an election and standing for election (section 173 RPA 1983). It may be that similar special electoral consequences could act as a deterrent to abusive behaviour in relation to candidates and campaigners.

MSPs warned cyber attack could last for days

By | Content Issues, Hacking, News
A cyber attack has recently impacted the Scottish Parliament. MSPs and their staff have been warned that they will be unlikely to be able to access their email accounts due to hackers launching a “brute force” cyber attack in an attempt to gain their passwords.
 
A brute force attack is a cyber attack that involves trying to use as many iterations or possibilities as possible to guess a password. Parliament chief executive Sir Paul Grice said that Parliament’s cyber systems were still under attack but there was no evidence that any systems had been breached: “At this point there is no evidence to suggest that the attack has breached our defences and our IT systems continue to be fully operational.” He went on to add that: “Staff from the BIT (Business Information Technology) Office are working closely with the NCSC and our suppliers to put in place additional security measures to continue to contain the incident and mitigate against any future attacks.”
It is not yet known which country the cyber attack originates from. It is believed, however, to be similar to the cyber attack launched on MPs earlier in June.

Cloudflare critiques own decision not to serve Daily Stormer

By | Content Issues, Hacking, News

Yesterday, Cloudflare ceased to provide caching and DDoS protection services for a far-right blog, the Daily Stormer, following claims by the latter that Cloudflare secretly support their ideology. Cloudflare’s CEO has published a lengthy and thoughtful analysis of their decision, beginning

Now, having made that decision, let me explain why it’s so dangerous.

One interesting tidbit concerns the nature of the pressure Cloudflare was under

“In fact, in the case of the Daily Stormer, the initial requests we received to terminate their service came from hackers who literally said: “Get out of the way so we can DDoS this site off the Internet.”

In an internal e-mail obtained by Gizmodo, Prince was blunt about his reasons for terminating Daily Stormer:

This was my decision. Our terms of service reserve the right for us to terminate users of our network at our sole discretion. My rationale for making this decision was simple: the people behind the Daily Stormer are assholes and I’d had enough.

Let me be clear: this was an arbitrary decision. It was different than what I’d talked talked with our senior team about yesterday. I woke up this morning in a bad mood and decided to kick them off the Internet. I called our legal team and told them what we were going to do. I called our Trust & Safety team and had them stop the service. It was a decision I could make because I’m the CEO of a major Internet infrastructure company.

Having made that decision we now need to talk about why it is so dangerous. I’ll be posting something on our blog later today. Literally, I woke up in a bad mood and decided someone shouldn’t be allowed on the Internet. No one should have that power.

Read the whole blog post on Cloudfare.com and Prince’s internal e-mail on Gizmodo.

Update note: This article was updated on 18th August to add the quotes from and link to the e-mail obtained by Gizmodo.

Sadiq Khan announces plans to deal with “Not-Spots”

By | Content Issues, News

The Mayor of London Sadiq Khan announced plans to help improve connectivity across London. One plan involves the creation of a “Not-Spot team” that will specifically target areas in London with low connectivity.

Another initiative entails encouraging local authorities to apply for the Government’s Digital Infrastructure Fund, which was set up to aid investment in full-fibre rollout. Relatedly, the announcement also encourages them to convene a Digital Connectivity Funding Forum that will support them in the application process and provide them with an avenue to share ideas on connectivity.

The plans will also highlight the role that Transport for London (TfL) has in bringing mobile connectivity to London Underground tunnels.

The announcement can be read here.

UK Government launches consultation on implementing NIS Directive

By | EU Legislation, News, Security

The UK Government has launched a consultation on its plans to implement the Security of Network and Information Systems Directive (“NIS Directive”). The NIS Directive was adopted by the European Parliament on 6 July 2016 and Member States have until 9 May 2018 to transpose the Directive into domestic legislation. The Government has emphasised that it supports the overall aim of the NIS Directive and that its intention is that this legislation will continue to apply in the UK even after the UK has left the EU.

The NIS Directive imposes obligations on two groups of businesses: “operators of essential services” and digital service providers. However, it does not affect network providers as they are already subject to similar obligations in the UK under Section 105 of the Communications Act 2003.

Under the Directive, operators of essential services including those in the energy, transport, water, healthcare and digital infrastructure sectors will have to take “appropriate and proportionate” security measures to manage the risks to their network and information systems. Operators of essential services will also be required to notify serious incidents to the relevant authority.

Key digital service providers (search engines, cloud computing services and online marketplaces) will also have to comply with the security and incident notification requirements established under the Directive.

Organisations who fall in scope of the Directive will be required to develop a strategy and policies to understand and manage their risk; to implement security measures to prevent attacks or system failures, including measures to detect attacks, develop security monitoring, and to raise staff awareness and training; to report incidents as soon as they happen; and to have systems in place to ensure that they can recover quickly after an event, with the capability to respond and restore systems. The Government has stated that “any operator who takes cyber security seriously should already have such measures in place.”

Organisations who fail to implement effective security measures could be fined as much as £17 million or 4 per cent of global turnover. The Government has said, however, that fines would be a last resort, and will not apply to operators that have “assessed the risks adequately, taken appropriate security measures, and engaged with competent authorities but still suffered an attack.”

The NIS Directive relates to loss of service rather than loss of data, which falls under the General Data Protection Regulations (GDPR).

The consultation closes on 30 September 2017.

For more information, see: Consultation on the Security of Network and Information Systems Directive