Black Hat Europe Has Concerns About EU Metadata

Metadata is being collected on us by new technologies and government actions, but is there the intelligence to join the dots?

In the closing “locknote” of Black Hat Europe, Daniel Cuthbert, chief operating officer of SensePost was asked by Black Hat founder and US Department of Homeland Security Advisory Council member Jeff Moss if he felt the Investigatory Powers Bill was all negative. Cuthbert acknowledged the difficulties in accepting it, but also the promises it could deliver on detecting sex offenders.

He said: “It is now in the public eye, but the police don’t have a handle on criminality and cannot respond as forensic investigation using metadata is not part of traditional policing. It is true that the Investigatory Powers Bill has got some awful parts of it, but some parts of it are trying to help.”

Asked by Moss if he felt that it was an effort by UK Government to try and achieve lots of things in one effort, Cuthbert said that the UK does have a problem with child exploitation, and police can arrest a suspect and get a warrant to search their devices, and also store metadata but that is harmless until the dots are joined.

Also on the panel, Veracode CTO and co-founder Chris Wysopal said that systems are now being designed in a way to not get access to the encryption keys, and often the design was part of the problem. 

Moss pointed to the case from this week about Admiral Insurance using a Facebook API to gather information for insurance calculations, and applying it to customers.

Wysopal said: “That is not what Facebook was intending and maybe they are jealous that they didn’t think of it!”

Sharon Conheady, director of First Defence Information Security said that as people had not opted in, what was fascinating was that the data being collected was not to do with driving skills, but looking at personality traits that apply to safe drivers.

Asked by Moss where this leads and is this something to worry about, Conheady said that this was an example of the ‘Uber ride of glory’ where information is being used and users worry about what they are giving away, as now we are more connected and people are not worried.

“We don’t feel the pain of the decision immediately, but we may feel it seven months later,” said Moss.

Infosecurity
 

« France Creates A Big Brother Data File
The US Cyber Threat Against Russia »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Contrast Security

Contrast Security

Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software.

Group-IB

Group-IB

Group-IB is a leading provider of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property.

Trusted Computing Group

Trusted Computing Group

TCG was formed to develop, define and promote open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms.

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

Swimlane

Swimlane

Swimlane is a leader in security automation and orchestration (SAO). Our platform empowers organizations to manage, respond and neutralize cyber threats with adaptability, efficiency and speed.

PRESENSE Technologies

PRESENSE Technologies

PRESENSE Technologies specializes in monitoring and enforcing IT security policies at critical points in the network and on end systems.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

Shevirah

Shevirah

Shevirah specializes in products for automated mobile and IoT device vulnerability assessment, penetration testing, and mobile security awareness training.

Wiz

Wiz

Wiz - the first cloud visibility solution for enterprise security: A 360° view of security risks across clouds, containers and workloads.

Smoothstack

Smoothstack

Smoothstack is a technology talent incubator whose immersive training program kick starts IT careers and delivers a fresh source of IT talent.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.

Hexens

Hexens

Hexens introduces a whole new approach to cybersecurity solutions. Indisputable skills and a unique super-focused perspective on every single case are the values we create.

Patriot Consulting Technology Group

Patriot Consulting Technology Group

Patriot Consulting's mission is to help our clients manage cybersecurity risk through secure deployments of Microsoft 365.

Helix Security Services

Helix Security Services

Helix Security provides IT & information security consultancy to government and businesses across New Zealand.

Next DLP

Next DLP

Next DLP (formerly Jazz Networks) is a leading provider of insider risk and data protection solutions.

Frenos

Frenos

The Frenos Platform helps enterprises understand their most probable attack paths while highlighting the most effective risk mitigations to deter and defend against today’s adversaries.