Black Hat Europe Has Concerns About EU Metadata

Metadata is being collected on us by new technologies and government actions, but is there the intelligence to join the dots?

In the closing “locknote” of Black Hat Europe, Daniel Cuthbert, chief operating officer of SensePost was asked by Black Hat founder and US Department of Homeland Security Advisory Council member Jeff Moss if he felt the Investigatory Powers Bill was all negative. Cuthbert acknowledged the difficulties in accepting it, but also the promises it could deliver on detecting sex offenders.

He said: “It is now in the public eye, but the police don’t have a handle on criminality and cannot respond as forensic investigation using metadata is not part of traditional policing. It is true that the Investigatory Powers Bill has got some awful parts of it, but some parts of it are trying to help.”

Asked by Moss if he felt that it was an effort by UK Government to try and achieve lots of things in one effort, Cuthbert said that the UK does have a problem with child exploitation, and police can arrest a suspect and get a warrant to search their devices, and also store metadata but that is harmless until the dots are joined.

Also on the panel, Veracode CTO and co-founder Chris Wysopal said that systems are now being designed in a way to not get access to the encryption keys, and often the design was part of the problem. 

Moss pointed to the case from this week about Admiral Insurance using a Facebook API to gather information for insurance calculations, and applying it to customers.

Wysopal said: “That is not what Facebook was intending and maybe they are jealous that they didn’t think of it!”

Sharon Conheady, director of First Defence Information Security said that as people had not opted in, what was fascinating was that the data being collected was not to do with driving skills, but looking at personality traits that apply to safe drivers.

Asked by Moss where this leads and is this something to worry about, Conheady said that this was an example of the ‘Uber ride of glory’ where information is being used and users worry about what they are giving away, as now we are more connected and people are not worried.

“We don’t feel the pain of the decision immediately, but we may feel it seven months later,” said Moss.

Infosecurity
 

« France Creates A Big Brother Data File
The US Cyber Threat Against Russia »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cloud Foundry Foundation (CFF)

Cloud Foundry Foundation (CFF)

Cloud Foundry supports the full application development lifecycle, from inception, through all testing stages, to deployment.

Optimum Insurance

Optimum Insurance

Optimum's Cyber Risk & Data Protection Insurance policies are designed to protect against cyber exposures that arise when a company’s data and customer information is breached or stolen.

360 Total Security

360 Total Security

360 company is the largest provider of Internet and mobile security products in China.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

Dataprovider.com

Dataprovider.com

Our Brand Protection Suite gives you the tools to discover trademark infringement on the Internet, such as websites selling counterfeit products, even when this is not immediately noticeable.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

nexSecurity

nexSecurity

neXSecurity is an IT and Information security consulting company with more than 2 decades worth of software development and security experience.

CyNam

CyNam

CyNam is a platform for enabling the growth and development of people and organisations within Cheltenham’s flourishing cyber technology ecosystem.

Wazuh

Wazuh

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

SolidRun

SolidRun

SolidRun is a leading provider of computing and network technology designed to streamline the deployment of edge computing infrastructure and support embedded and IoT markets.

Axians

Axians

Axians supports its customers in their digital transformation journey. We offer ICT solutions and services in areas including Enterprise Networks and Cybersecurity.

Astreya

Astreya

Astreya is the leading IT solutions provider for some of the world's most recognizable and innovative organizations.

Xiphera

Xiphera

Xiphera designs and implements proven cryptographic security for embedded systems.

Datos Insights

Datos Insights

Datos Insights is a leading global provider of insights, data, and advisory services to the financial services, insurance, and retail technology industries.

Softcell Technologies Global

Softcell Technologies Global

Softcell is one of India's leading System Integrators. We serve enterprise customers in the areas of IT Security, Mobility, Optimised IT Infrastructure, Cloud and Engineering Services.

Basalt

Basalt

Basalt provide qualified consulting services in information security, personnel security and physical security.