Category

News

Amber Rudd focusses on Internet in conference speech

By | Content Issues, News
Home Secretary Amber Rudd focussed on Internet policy issues in her speech to the Conservative Party Conference in Manchester. The Home Secretary reiterated her demands for Internet platforms to do more to combat terrorism and child abuse.
Rudd announced plans to tighten terrorism laws to criminalise merely viewing terrorist content, as opposed to keeping a copy found on the Internet, as well as new legislation to criminalise publishing information about the police or armed forces for the purposes of preparing an action of terrorism.Internet companies, however, will be most directly concerned with the Home Secretaries demands directly of them.

“But it is not just Government who has a role here. In the aftermath of the Westminster Bridge attack, I called the internet companies together. Companies like Facebook, Google, Twitter and Microsoft. I asked them what they could do, to go further and faster.

They answered by forming an international forum to counter terrorism. This is good progress, and I attended their inaugural meeting in the West Coast.

These companies have transformed our lives in recent years with advances in technology.

Now I address them directly. I call on you with urgency, to bring forward technology solutions to rid your platforms of this vile terrorist material that plays such a key role in radicalisation.

Act now. Honour your moral obligations.”

— Home Secretary Amber Rudd

The Home Secretary announced that the government would be funding Project Arachnid, web-crawler software developed by the Canadian child protection Cybertipline, designed to search out child abuse imagery online.

“It is software that crawls, spider-like across the web, identifying images of child sexual abuse, and getting them taken down, at an unprecedented rate.

Our investment will also enable internet companies to proactively search for, and destroy, illegal images in their systems. We want them to start using it as soon as they can.

Our question to them will be ‘if not, why not’. And I will demand very clear answers.”

— Amber Rudd

Rudd also doubled down on previous attacks on end-to-end encryption in person-to-person messaging software

“But we also know that end to end encryption services like Whatsapp, are being used by paedophiles. I do not accept it is right that companies should allow them and other criminals to operate beyond the reach of law enforcement.”

— Amber Rudd

Speaking earlier at a conference fringe event, she hit back at critics who accuse her of fighting a war against mathematics, saying

“I don’t need to understand how encrpytion works”,

— Amber Rudd

And accusing tech experts of “patronising” and “sneering” at politicians who want to regulate technology.

Websites discovered using their users’ computers to mine cryptocurrency

By | General, News

Two websites have been discovered to be using their users’ computers and phones to mine cryptocurrency without their consent in a bid to compensate for the continuing collapse in online advertising revenues.

The two sites, BitTorrent search engine, The Pirate Bay, and US video streaming service, Showtime, have now both removed the mining code from their sites after users noticed its existence. The Pirate Bay admitted the practice in mid-September posting that the code was “just a test” and that it was carried out with a view to removing all adverts from the site. Showtime has yet to answer questions about why it was using the code.

The practice is controversial, and has been compared to running malware on user’s computers, as it slows down user’s machines and can also drain their batteries or greatly increase their electricity bills. Meanwhile, the user receives no benefit as all the revenue generated by the mining is collected by the website. The question is whether users will see this as an acceptable trade-off if sites begin to use it as an alternative solution to online ads.

UK prime minister calls on internet firms to remove extremist content within two hours

By | Content Issues, International, News

The UK prime minister, Theresa May, has told internet companies that they need to go “further and faster” in removing extremist content in a speech to the United Nations general assembly. The prime minister said that terrorist material is still available on the internet for “too long” after being posted and has challenged companies to find a way to remove it within two hours. The material in question can include links to videos glorifying terrorism and material encouraging converts to commit terrorist acts.

In her speech, May said:

“Terrorist groups are aware that links to their propaganda are being removed more quickly, and are placing a greater emphasis on disseminating content at speed in order to stay ahead.

Industry needs to go further and faster in automating the detection and removal of terrorist content online, and developing technological solutions that prevent it being uploaded in the first place.”

The UK, together with France and Italy, is demanding evidence of progress by the time of a meeting of G7 interior ministers in Rome on 20 October.

Electoral Commission proposes voting ban for social media trolls

By | News
The Electoral Commission has suggested social media trolls who abuse politicians should lose their right to vote, in a submission to the Committee on Standards in Public Life.
A voting ban could “could act as a deterrent to abusive behaviour”, the Commission wrote in comments on the CSPL’s investigation into intimidation in the 2017 General Election. The Electoral Commission is the UK’s regulator for general and local government elections.The Electoral Commission wrote
 

21. In some instances, electoral law does specify offences in respect of behaviour that could also amount to an offence under the general criminal law. This is often because electoral offences have special consequences, in that their commission could invalidate the election result and result in the person convicted losing their elected office and/or being subject to a period of disqualification from being registered as an elector, voting in an election and standing for election (section 173 RPA 1983). It may be that similar special electoral consequences could act as a deterrent to abusive behaviour in relation to candidates and campaigners.

MSPs warned cyber attack could last for days

By | Content Issues, Hacking, News
A cyber attack has recently impacted the Scottish Parliament. MSPs and their staff have been warned that they will be unlikely to be able to access their email accounts due to hackers launching a “brute force” cyber attack in an attempt to gain their passwords.
 
A brute force attack is a cyber attack that involves trying to use as many iterations or possibilities as possible to guess a password. Parliament chief executive Sir Paul Grice said that Parliament’s cyber systems were still under attack but there was no evidence that any systems had been breached: “At this point there is no evidence to suggest that the attack has breached our defences and our IT systems continue to be fully operational.” He went on to add that: “Staff from the BIT (Business Information Technology) Office are working closely with the NCSC and our suppliers to put in place additional security measures to continue to contain the incident and mitigate against any future attacks.”
It is not yet known which country the cyber attack originates from. It is believed, however, to be similar to the cyber attack launched on MPs earlier in June.

Cloudflare critiques own decision not to serve Daily Stormer

By | Content Issues, Hacking, News

Yesterday, Cloudflare ceased to provide caching and DDoS protection services for a far-right blog, the Daily Stormer, following claims by the latter that Cloudflare secretly support their ideology. Cloudflare’s CEO has published a lengthy and thoughtful analysis of their decision, beginning

Now, having made that decision, let me explain why it’s so dangerous.

One interesting tidbit concerns the nature of the pressure Cloudflare was under

“In fact, in the case of the Daily Stormer, the initial requests we received to terminate their service came from hackers who literally said: “Get out of the way so we can DDoS this site off the Internet.”

In an internal e-mail obtained by Gizmodo, Prince was blunt about his reasons for terminating Daily Stormer:

This was my decision. Our terms of service reserve the right for us to terminate users of our network at our sole discretion. My rationale for making this decision was simple: the people behind the Daily Stormer are assholes and I’d had enough.

Let me be clear: this was an arbitrary decision. It was different than what I’d talked talked with our senior team about yesterday. I woke up this morning in a bad mood and decided to kick them off the Internet. I called our legal team and told them what we were going to do. I called our Trust & Safety team and had them stop the service. It was a decision I could make because I’m the CEO of a major Internet infrastructure company.

Having made that decision we now need to talk about why it is so dangerous. I’ll be posting something on our blog later today. Literally, I woke up in a bad mood and decided someone shouldn’t be allowed on the Internet. No one should have that power.

Read the whole blog post on Cloudfare.com and Prince’s internal e-mail on Gizmodo.

Update note: This article was updated on 18th August to add the quotes from and link to the e-mail obtained by Gizmodo.

Sadiq Khan announces plans to deal with “Not-Spots”

By | Content Issues, News

The Mayor of London Sadiq Khan announced plans to help improve connectivity across London. One plan involves the creation of a “Not-Spot team” that will specifically target areas in London with low connectivity.

Another initiative entails encouraging local authorities to apply for the Government’s Digital Infrastructure Fund, which was set up to aid investment in full-fibre rollout. Relatedly, the announcement also encourages them to convene a Digital Connectivity Funding Forum that will support them in the application process and provide them with an avenue to share ideas on connectivity.

The plans will also highlight the role that Transport for London (TfL) has in bringing mobile connectivity to London Underground tunnels.

The announcement can be read here.

UK Government launches consultation on implementing NIS Directive

By | EU Legislation, News, Security

The UK Government has launched a consultation on its plans to implement the Security of Network and Information Systems Directive (“NIS Directive”). The NIS Directive was adopted by the European Parliament on 6 July 2016 and Member States have until 9 May 2018 to transpose the Directive into domestic legislation. The Government has emphasised that it supports the overall aim of the NIS Directive and that its intention is that this legislation will continue to apply in the UK even after the UK has left the EU.

The NIS Directive imposes obligations on two groups of businesses: “operators of essential services” and digital service providers. However, it does not affect network providers as they are already subject to similar obligations in the UK under Section 105 of the Communications Act 2003.

Under the Directive, operators of essential services including those in the energy, transport, water, healthcare and digital infrastructure sectors will have to take “appropriate and proportionate” security measures to manage the risks to their network and information systems. Operators of essential services will also be required to notify serious incidents to the relevant authority.

Key digital service providers (search engines, cloud computing services and online marketplaces) will also have to comply with the security and incident notification requirements established under the Directive.

Organisations who fall in scope of the Directive will be required to develop a strategy and policies to understand and manage their risk; to implement security measures to prevent attacks or system failures, including measures to detect attacks, develop security monitoring, and to raise staff awareness and training; to report incidents as soon as they happen; and to have systems in place to ensure that they can recover quickly after an event, with the capability to respond and restore systems. The Government has stated that “any operator who takes cyber security seriously should already have such measures in place.”

Organisations who fail to implement effective security measures could be fined as much as £17 million or 4 per cent of global turnover. The Government has said, however, that fines would be a last resort, and will not apply to operators that have “assessed the risks adequately, taken appropriate security measures, and engaged with competent authorities but still suffered an attack.”

The NIS Directive relates to loss of service rather than loss of data, which falls under the General Data Protection Regulations (GDPR).

The consultation closes on 30 September 2017.

For more information, see: Consultation on the Security of Network and Information Systems Directive

DCMS publishes statement of intent on Data Protection Bill

By | Content Issues, General, News

The Department for Digital, Culture, Media and Sport (DCMS) has recently published a statement of intent regarding the new Data Protection Bill which will implement the General Data Protection Regulation (GDPR) and the EU Data Protection Law Enforcement Directive (DPLED) into UK domestic law.

GDPR will come into effect across all EU member states from 25th May 2018. The main objective of GDPR and the Data Protection Bill is to give individuals greater control over their digital footprint. This entails rights such as individuals being allowed to request social media platforms to delete material taken when they were children to be deleted from the website.

Matt Hancock, Minister of State for Digital, said: “The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”

It is believed the incorporation of GDPR into UK domestic law will help prepare the UK for a successful Brexit.

More about the development can be found here.

Phishing scam affects Newcastle University

By | Content Issues, News, News Sources

A phishing scam has recently affected Newcastle University, potentially duping many prospective students out of their money. The scam orientates around a mysterious individual or group of people operating under the deceptive title of “Newcastle International University” with a very realistic-looking website, URL and email address.

One expert described the spoofing attack as an “effective scam” and admitted that the culprit(s) of the phishing scam have put in substantial time into creating a seemingly authentic but fake website: “It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks”.

The timing of the publication of the website has also been particularly timely, given the publication of exam results in a few weeks, and anxious students wanting to secure their place as soon as possible.

Newcastle University published a tweet warning people that “Newcastle International University” are in no way associated with Newcastle University. The tweet can be read here.

The very cunning phishing scam comes at a time when a growing number of universities are finding themselves being spoofed. A Freedom of Information request by Duo Security showed that 70% of universities, nearly three-quarters, had fallen victim to phishing scams in the previous 12 months.