Black Hat Europe Has Concerns About EU Metadata

Uploaded on 2016-11-11 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

Metadata is being collected on us by new technologies and government actions, but is there the intelligence to join the dots?

In the closing “locknote” of Black Hat Europe, Daniel Cuthbert, chief operating officer of SensePost was asked by Black Hat founder and US Department of Homeland Security Advisory Council member Jeff Moss if he felt the Investigatory Powers Bill was all negative. Cuthbert acknowledged the difficulties in accepting it, but also the promises it could deliver on detecting sex offenders.

He said: “It is now in the public eye, but the police don’t have a handle on criminality and cannot respond as forensic investigation using metadata is not part of traditional policing. It is true that the Investigatory Powers Bill has got some awful parts of it, but some parts of it are trying to help.”

Asked by Moss if he felt that it was an effort by UK Government to try and achieve lots of things in one effort, Cuthbert said that the UK does have a problem with child exploitation, and police can arrest a suspect and get a warrant to search their devices, and also store metadata but that is harmless until the dots are joined.

Also on the panel, Veracode CTO and co-founder Chris Wysopal said that systems are now being designed in a way to not get access to the encryption keys, and often the design was part of the problem. 

Moss pointed to the case from this week about Admiral Insurance using a Facebook API to gather information for insurance calculations, and applying it to customers.

Wysopal said: “That is not what Facebook was intending and maybe they are jealous that they didn’t think of it!”

Sharon Conheady, director of First Defence Information Security said that as people had not opted in, what was fascinating was that the data being collected was not to do with driving skills, but looking at personality traits that apply to safe drivers.

Asked by Moss where this leads and is this something to worry about, Conheady said that this was an example of the ‘Uber ride of glory’ where information is being used and users worry about what they are giving away, as now we are more connected and people are not worried.

“We don’t feel the pain of the decision immediately, but we may feel it seven months later,” said Moss.

Infosecurity
 

« France Creates A Big Brother Data File
The US Cyber Threat Against Russia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Securezoo

Securezoo

Securezoo's mission is to simplify and enhance information security by providing trusted security guidance, products, and information to small and mid-sized businesses and security professionals.

Netsparker

Netsparker

Netsparker provide a web application security scanner to automatically find security flaws in your websites, web applications and web services.

Center for Strategic Cyberspace & International Studies (CSCIS)

Center for Strategic Cyberspace & International Studies (CSCIS)

CSCIS seeks to advance global cyberspace security and prosperity by providing strategic insights for cyberspace and policy solutions to decision makers.

netfiles

netfiles

netfiles offers highly secure data rooms for sensitive business processes and secure data exchange.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

Council to Secure the Digital Economy (CSDE)

Council to Secure the Digital Economy (CSDE)

CSDE brings together companies from across the ICT sector to combat increasingly sophisticated and emerging cyber threats through collaborative actions.

CyberMDX

CyberMDX

CyberMDX delivers proactive security built for hospital devices. 360° visibility, insight, and protection for all connected hospital technologies.

Infinite Ranges

Infinite Ranges

Infinite Ranges delivers secure, comprehensive digital solutions by connecting experts with the best products and services for the digital age.

BlackhawkNest

BlackhawkNest

Blackhawk is the only cyber security solution on the market that combines network monitoring and incident response into a cohesive appliance.

Soteria

Soteria

Soteria is a global leader in the development, integration and implementation of advanced cyber security, intelligence and IT solutions, delivering complete end-to-end solutions.

HackEDU

HackEDU

HackEDU provides secure coding training to companies ranging from startups to the Fortune 500.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

BCyber

BCyber

BCyber is a Swiss Cyber Security company that provides security products, training, and managed services to protect diverse IT and OT environments against cyber, physical, and cyber-physical threats.

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

Kralos

Kralos

Kralos are an experienced team of Software and IT experts, specialized in the development of innovative cybersecurity solutions.

X-Analytics

X-Analytics

X-Analytics is a cyber risk analytics application to create a better way for organizations to understand and manage cyber risk.