Companies that host or operate websites should be held criminally liable if they fail to remove content that incites terrorism, members of the European Parliament voted Wednesday. But they also want these companies to voluntarily cooperate with governments to promote "anti-radicalization messages."MEPs voted on a report written by former French Minister of Justice Rachida Dati for Parliament's Civil Liberies, Justice and Home Affairs Committee (LIBE), which included a chapter on preventing online terrorist radicalization.While it might look like a knee-jerk reaction to the terrorist attacks in and around Paris on Nov. 13, the report is actually -- as Dati herself explained -- a response to the attack on the office of satirical magazine Charlie Hebdo in January.To read this article in full or to leave a comment, please click here
Police believe they may have found the person who tried to blackmail the CEO of TalkTalk, the U.K. telecommunications company that was the target of a data breach.Following the attack on Oct. 21, in which customers' personal information was accessed, TalkTalk CEO Dido Harding said she had received a ransom demand via email.Police have now arrested an 18-year-old on suspicion of blackmail, the fifth arrest made in connection with an attack on the company's website in which customers' personal information was accessed.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers
London's Metropolitan Police Service said officers from its Cyber Crime Unit and from the Southern Wales Regional Organised Crime Unit made the latest arrest in Llanelli, Wales, after searching an address there. The person has been released on bail without charge while police continue their investigation.To read this article in full or to leave a comment, please click here
Tick. Tick. Tick. Clang! That was the sound of an intergovernmental conference kicking the leap-second can down the road. Sysadmins will be dealing with the consequences for the next eight years.Just as adding an extra day in leap years helps us keep our calendars in step with the rotation of the earth around the sun, adding occasional leap seconds to Coordinated Universal Time (UTC) allows us to keep this time reference in step with the earth's gradually slowing rotation. Without adjustment, there would be about a minute's difference between the two by 2100. Leap seconds are great if you're using your time reference to note exactly when the sun should be directly overhead, or when certain stars should be in view, but for keeping a bunch of servers or Internet routers in sync around the world, continuity matters more than your place in the universe.To read this article in full or to leave a comment, please click here
When one of the terrorists involved in the Paris shootings dropped his smartphone in a trashcan outside the Bataclan concert venue on Friday night, he wasn't worried about encrypting his text messages or stored documents. Why would he be? With a bomb strapped to his waist, he knew he was about to die.But that telephone, and wiretaps on another, led police to announce Thursday that the suspected organizer of the shootings and a string of other attacks, Abdel Hamid Abaaoud, was dead.The phone discarded by one of the terrorists contained an SMS sent to an unidentified recipient at 9.42 p.m. local time, moments before the shooting there began: "On est parti on commence" ("We're going in"), public prosecutor François Molins told a news conference Wednesday evening.To read this article in full or to leave a comment, please click here
The European Union wants U.S. businesses to report when U.S. intelligence agencies request access to data they hold about Europeans; the reporting is one of the conditions EU negotiators are imposing for signature of a new Safe Harbor agreement.
Since Edward Snowden's revelations about the U.S. surveillance of Internet traffic, European Commission officials have been negotiating better privacy protection for Europeans' personal information transferred to the U.S. But since the Court of Justice of the EU struck down the 2000 Safe Harbor data transfer agreement last month, the negotiations have become more urgent. More than 4000 U.S. companies relied on the agreement to process Europeans' data, either for their own use or in order to deliver services to European businesses, and although other legal mechanisms exist allowing them to continue operations, those mechanisms are also increasingly falling under suspicion.To read this article in full or to leave a comment, please click here
The European Union put the onus firmly on the U.S. to make the next move in negotiating a replacement for the now-defunct Safe Harbor Agreement on privacy protection for transatlantic personal data transfers.
"We need a new transatlantic framework for data transfers," said Vĕra Jourová, the European Commissioner for Justice and Consumers, emphasizing the urgency of the situation. However, she said at a news conference in Brussels on Friday, "It is now for the U.S. to come back with their answers."
EU law requires that companies guarantee the same privacy protection for the personal information of EU citizens that they hold, wherever in the world they process it.To read this article in full or to leave a comment, please click here
Police investigating the data breach at U.K. telecommunications operator TalkTalk made their fourth arrest late Tuesday, as lawmakers launched their own inquiry into the case.The Metropolitan Police Cyber Crime Unit and the National Crime Agency arrested a 16-year-old boy at an address in Norwich, England, after visiting it with a search warrant.Police had previously arrested a 15-year-old boy from County Antrim, Northern Ireland, on Oct. 26, a 16-year-old boy in Feltham, England, on Oct. 29, and a 20-year-old man in Staffordshire on Oct. 31.MORE ON NETWORK WORLD: 26 crazy and scary things the TSA has found on travelers
All four were arrested on suspicion of offenses under the Computer Misuse Act, and all have now been released on bail without charge while police continue their investigation.To read this article in full or to leave a comment, please click here
What happens in Vegas, stays in Vegas -- and, for enterprise software vendor Infor, what happens in Europe, stays in Europe.At its annual customer meeting in Paris on Tuesday, the company told European Union customers to move their data to its cloud services -- just a week after German data protection authorities told companies handling Europeans' personal information to shun U.S. service providers and keep the data at home.Infor CEO Charles Phillips said that although it's not an issue for most customers, the company can provision servers in Europe on request.To read this article in full or to leave a comment, please click here
UK police have arrested a second teenager in their investigation of an attack on the website of telecommunications operator TalkTalk that may have exposed the personal data of millions of customers.The arrest of the 16-year-old boy in Feltham, England, on Thursday follows the arrest Monday afternoon of a 15-year-old boy in County Antrim, Northern Ireland.Both boys were arrested on suspicion of offenses under the Computer Misuse Act, and have been released on bail. Thursday's arrest followed a search of homes in Feltham and Liverpool, police said. No arrest was made at the address in Liverpool.To read this article in full or to leave a comment, please click here
German data protection authorities' decision to break ranks with their counterparts in other European Union countries and block alternatives to Safe Harbor has business lobbyists worried.The striking down of the Safe Harbor data sharing agreement by the European Union's highest court on Oct. 6 left a legal vacuum that European Commission officials immediately sought to fill with a reminder of the legal alternatives available and promises of coordinated action by national privacy regulators, who responded with their own reassurances on Oct. 16.To read this article in full or to leave a comment, please click here
Smart cars, airports and hospitals are likely to increasingly become targets for hackers -- and now the European Union's Agency for Network and Information Security (ENISA) has them in its sights too.The agency has added intelligent transport systems and smart health services to its remit for 2016. It plans to analyse the security risks inherent in their communications networks, and wants governments to take up its recommendations for securing them by 2017, it said Monday.The research will focus on the problems posed by the introduction of smart objects and machine-to-machine communications to replace humans in airport supply chains, whether that's for the delivery of spare parts to aircraft, luggage to conveyor belts or bottled water to airport stores.To read this article in full or to leave a comment, please click here
Buyers of Dell and Hewlett-Packard PCs may have paid over the odds for their optical drives as a result of a cartel arrangement between eight component manufacturers.The European Commission fined the eight cartel members a total of €116 million (US$132 million) for colluding between 2004 and 2008 to fix the prices of bids to supply optical drives to Dell and HP.Philips, Lite-On and their joint venture Philips & Lite-On Digital Solutions got away scot-free for their role in revealing the cartel. Had they not turned in their co-conspirators, they would have had to pay fines totalling €64 million between them.But the other five member, Hitachi-LG Digital Storage, Toshiba Samsung Storage Technology, Sony, Sony OptiArc and Quanta Storage, must together pay €116 million, with Hitachi-LG and Toshiba Samsung paying the largest shares.To read this article in full or to leave a comment, please click here
The Irish Data Protection Commissioner has agreed to investigate allegations that Facebook exposes its users' personal data to mass snooping by U.S. intelligence services, following a ruling of the High Court of Ireland on Tuesday.Austrian Facebook user Maximilian Schrems filed a complaint with the DPC in 2013, in the wake of Edward Snowden's revelations about the U.S. National Security Agency's PRISM surveillance system.The DPC initially dismissed the complaint as "frivolous," a decision Schrems went on to challenge in the Irish high court.To read this article in full or to leave a comment, please click here
European data protection authorities have given the European Commission and national governments three months to come up with an alternative to the Safe Harbor agreement swept away two weeks ago by a ruling of the Court of Justice of the European Union.But any new agreement must protect the personal data of European citizens from massive and indiscriminate surveillance, which is incompatible with EU law, the data protection authorities making up the Article 29 Working Party said late Friday.Since the CJEU ruled on Oct. 6 that the Safe Harbor agreement between the Commission and U.S. authorities did not offer necessary legal guarantees, businesses that relied on it for the transfer of their customers' or employees' private personal information from the EU to the U.S. have been doing so in something of a legal vacuum.To read this article in full or to leave a comment, please click here
Even as the European Union attempts to tighten privacy laws, law-enforcement interests have won a battle in Germany: a new law forces communications service providers there to once again make data about their customers' communications available to police.On Friday morning, the German parliament approved a law requiring ISPs and mobile and fixed telecommunications operators to retain communications metadata for up to ten weeks.The country has had an on-again, off-again affair with telecommunications data retention, first introducing a law requiring it in 2008 to comply with a European Union directive.MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
The German Federal Constitutional Court overturned that law in March 2010 after finding it conflicted with Germany's privacy laws, prompting the European Commission to take the country to court in May 2012 to enforce the directive.To read this article in full or to leave a comment, please click here
VMware is taking Michigan to Europe as it works to make networking as secure in the hybrid cloud as it can be in a private datacenter.
At its VMworld Europe conference, it unveiled new features and tools to make it easier to roll applications out to its unified hybrid cloud platform, expanding the range of management functions available on its public cloud, vCloud Air, which can be linked with private clouds using vSphere.
The company also previewed a new technology, Project Michigan, that can deploy a secure enterprise gateway across vCloud Air offerings, including Disaster Recovery and Dedicated Cloud services. It will support VM migration and network and policy extension with low downtime through Hybrid Cloud Manager. It can be used to spin up thousands of virtual machines with secure connectivity on demand, it said.To read this article in full or to leave a comment, please click here
Researchers have found a new way to attack the SHA-1 hashing algorithm, still used to sign almost one in three SSL certificates that secure major websites, making it more urgent than ever to retire it, they said Thursday.SHA-1 is a cryptographic hashing function designed to produce a fingerprint of a document, making it easy to tell if a document has been modified after the fingerprint was calculated.Weaknesses had already been identified in SHA-1, and most modern Web browsers will no longer accept SSL certificates signed with it after Jan. 1, 2017. That date was chosen based on the ever-decreasing cost of the computing power required to attack the algorithm.To read this article in full or to leave a comment, please click here
Privacy activists are overjoyed, but for businesses it's what one lobbyist described, only half jokingly, as "the doomsday scenario:" The transatlantic transfer of European Union citizens' personal data was thrown into a legal void Tuesday when the Court of Justice of the EU declared invalid the 15-year-old Safe Harbor agreement with the U.S. because it provided inadequate privacy protection.The ruling exposes businesses reliant on Safe Harbor to the threat of legal action. The fact that European Commission and U.S. officials are in the middle of negotiating stronger privacy protections offers little comfort, as the ruling also opens that to challenges in national courts. Only a complete rewrite of the EU's data protection regime, already in progress, might help -- but it won't take effect for up to two years after the final text is agreed, and that is still many months off.To read this article in full or to leave a comment, please click here
When British spies gave their Internet surveillance program the codename Karma Police they may have given away a little too much about its epic purpose: "To build a web-browsing profile for every visible user on the Internet."The system ultimately gathered trillions of metadata records about Internet users' browsing habits.In official documents obtained by The Intercept, the intent of Karma Police stands out alongside more cryptically named projects such as Moose Milk (using data mining to detect suspicious use of telephone kiosks) or Salty Otter (a technique for detecting when use of one medium, such as a telephone call, is used to trigger another, such as a chat service).To read this article in full or to leave a comment, please click here
Sectra Communications is working with Samsung Electronics to integrate its Tiger/R end-to-end hardware encryption system with the phone maker's Knox mobile security platform to create smartphones secure enough to carry government secrets.
The market is a lucrative one: Another company, Secusmart, has won over several government organizations in recent years with a BlackBerry smartphone equipped with a microSD encryption module. The combination, costing around €2,000 (US$2,250), is approved by the German government to carry Restricted-level voice and data traffic. Restricted is one of the lowest ratings for government secrets.
Sectra and Secusmart both use additional hardware in the form of a microSD card to assist in the encryption process and to protect encryption keys. While Secusmart's system will encrypt calls and data stored on the phone, Sectra's encrypts only voice traffic and text messages.To read this article in full or to leave a comment, please click here