Metadata Will Kill Your Privacy

The UK government inquiry into whether it conducts mass surveillance and the legality of such an effort has recommended tighter controls on access to communications metadata.The inquiry finds that mass surveillance capabilities exist in the UK, but are used appropriately. The inquiry also rejects use of the term "metadata", which it feels is not helpful because it is too vague. Instead the UK prefers the term “Content-Derived Information” because it is felt a more nuanced approach to the collection of data about communications is required.The report offers the four-level definitions of data that can be gleaned from details of an individual's electronic communications. The report goes on to say that Communications Data Plus “would encompass details of web domains visited or the locational tracking information in a smartphone” and to make the following observation about how it should be handled: “However, there are legitimate concerns that certain categories of Communications Data – what we have called ‘Communications Data Plus’ – have the potential to reveal details about a person’s private life (i.e. their habits, preferences and lifestyle) that are more intrusive. This category of information requires greater safeguards than the basic ‘who, when and where’ of a communication.”The report says it has no problem with UK intelligence agencies collecting communications data through intercepts and does not recommend tighter controls on its collection and use. The call for more safeguards on Communications Data Plus is therefore notable in the Australian context, as the antipodean communications data collection proposal requires no warrant for access.The UK report also says local legislation should therefore define three levels of metadata, under the following definitions:Communications Data should be restricted to basic information about a communication, rather than data, which would reveal a person’s habits, preferences or lifestyle choices. This should be limited to basic information such as identifiers (email address, telephone number, username, IP address), dates, times, approximate location, and subscriber information.Communications Data Plus would include a more detailed class of information, which could reveal private information about a person’s habits, preferences or lifestyle choices, such as websites visited. Such data is more intrusive and therefore should attract greater safeguards.Content-Derived Information would include all information, which the Agencies are able to generate from a communication by analysing or processing the content. This would continue to be treated as content in the legislation.It's hard to see its suggestions on a finer classification of metadata being followed, if only because the call for “greater safeguards” is vague and  hard to follow.  Register: http://ow.ly/KIMPc
« Internet of Lousy Things
Beware of the Militarization of Cyberspace »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Westminster eForum

Westminster eForum

Wesrtminster eForum runs a series of conferences on matters relating to the UKs Digital Strategy. Topics include Smart Cities and Cyber Security.

Robert Half Technology

Robert Half Technology

Robert Half Technology offers a full spectrum of technology staffing solutions to meet contract and full-time IT recruitment needs.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

FoxGuard

FoxGuard

FoxGuard develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

Ericom Software

Ericom Software

Ericom is a global leader in securing and connecting the digital workspace, offering solutions that secure browsing, and optimize desktop and application delivery to any device, anywhere.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Nucleon Security

Nucleon Security

Nucleon Endpoint Detection and Response EDR is the most effective way to protect the value created by your organization against any threat.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

Avalanchio Technologies

Avalanchio Technologies

The Avalanchio platform gives you a complete solution to collect, process, and analyze security data to detect threats in real-time and analyze historical data using security DSL or SQL.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

ClearShark

ClearShark

Since 2001, ClearShark has been a go-to adviser in the U.S. Public Sector for creating customized and integrated solutions for the most secure of networks.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

WPScan

WPScan

With WPScan, you'll be the first to know about vulnerabilities affecting your WordPress installation, plugins, and themes.

DART Consulting & Training

DART Consulting & Training

DART is a leading cyber training and consultancy company. We enhance our clients’ cyber capabilities by growing and strengthening their frontline defense – the cyber teams.

nodeQ

nodeQ

At nodeQ, we are pioneering the future of computer networks, leveraging our deep expertise in quantum communication, artificial intelligence, and software-defined networking.