Metadata Will Kill Your Privacy

The UK government inquiry into whether it conducts mass surveillance and the legality of such an effort has recommended tighter controls on access to communications metadata.The inquiry finds that mass surveillance capabilities exist in the UK, but are used appropriately. The inquiry also rejects use of the term "metadata", which it feels is not helpful because it is too vague. Instead the UK prefers the term “Content-Derived Information” because it is felt a more nuanced approach to the collection of data about communications is required.The report offers the four-level definitions of data that can be gleaned from details of an individual's electronic communications. The report goes on to say that Communications Data Plus “would encompass details of web domains visited or the locational tracking information in a smartphone” and to make the following observation about how it should be handled: “However, there are legitimate concerns that certain categories of Communications Data – what we have called ‘Communications Data Plus’ – have the potential to reveal details about a person’s private life (i.e. their habits, preferences and lifestyle) that are more intrusive. This category of information requires greater safeguards than the basic ‘who, when and where’ of a communication.”The report says it has no problem with UK intelligence agencies collecting communications data through intercepts and does not recommend tighter controls on its collection and use. The call for more safeguards on Communications Data Plus is therefore notable in the Australian context, as the antipodean communications data collection proposal requires no warrant for access.The UK report also says local legislation should therefore define three levels of metadata, under the following definitions:Communications Data should be restricted to basic information about a communication, rather than data, which would reveal a person’s habits, preferences or lifestyle choices. This should be limited to basic information such as identifiers (email address, telephone number, username, IP address), dates, times, approximate location, and subscriber information.Communications Data Plus would include a more detailed class of information, which could reveal private information about a person’s habits, preferences or lifestyle choices, such as websites visited. Such data is more intrusive and therefore should attract greater safeguards.Content-Derived Information would include all information, which the Agencies are able to generate from a communication by analysing or processing the content. This would continue to be treated as content in the legislation.It's hard to see its suggestions on a finer classification of metadata being followed, if only because the call for “greater safeguards” is vague and  hard to follow.  Register: http://ow.ly/KIMPc
« Internet of Lousy Things
Beware of the Militarization of Cyberspace »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

Nucleon

Nucleon

Nucleon enables cybersecurity tools, organizations and software developers to become proactive by blocking threats before they become breaches.

APERIO

APERIO

APERIO, the global leader in industrial data integrity, helps its customers drive profitability and sustainability while mitigating risk in their industrial operations.

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS) is a non-profit organization dedicated to the recruitment, retention and advancement of women in the cybersecurity field.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

Camel Secure

Camel Secure

Camel Secure is a company specialized in the development of products for information security and technology risk management.

TrustGrid

TrustGrid

Trustgrid is a pioneer and leader in secure, cloud-native software-defined connectivity.

Valarian

Valarian

Valarian (formerly Worldr) is on a mission to build cutting-edge solutions that empower borderless collaboration in the new era of digital sovereignty.

Nitrokey

Nitrokey

Nitrokey is the world-leading company in open source security hardware. Nitrokey develops IT security hardware for data encryption, key management and user authentication.

Quantum Star Technologies

Quantum Star Technologies

Quantum Star Technologies has developed Starpoint to be a next-next-generation solution to cyber security threats. Our mission is to secure the online world through our patented technology.

Infosys

Infosys

Infosys is a global leader in consulting, technology and outsourcing solutions.. Services include IT strategy, technical architecture and operations including cybersecurity.

MyKRIS Asia

MyKRIS Asia

MyKRIS specialise in providing and managing Internet network services and cyber security services to enterprises.

SalvageData Recovery Services

SalvageData Recovery Services

Since 2003, SalvageData has been providing high-quality data recovery with the certifications needed to work with any storage media manufacturer.

WIIT Group

WIIT Group

WIIT Group are focused on a single goal: securing our clients’ critical processes and enabling them for digital transformation.