[How to use video-surveillance resposibly | A set of nasty questions to ask your security vendors | Weaknesses in IRS systems continue to jeopardize the confidentiality, integrity and availability of financial and sensitive taxpayer information | Cloud computing | Building a digital economy: the importance of saving jobs in the EU's creative industries | Detecting and defeating government interception attacks against SSL | A security analysis of the Dutch national electronic patient record system | The emerging and future risks framework | The value of behavioral targeting | Protecting the confidentiality of personally identifiable information (PII) | Internalizing identity theft | Facebook - Another breach in the wall | Intellectual property - observations on efforts to quantify the economic effects of counterfeit and pirated goods | Protecting Europe against large-scale cyber-attacks | Under surveillance | Managing re-identification risk | Security in the trenches - Comparative study of IT practitioners and executives in the U.S. federal government | The top 10 web application security risks | Application development security procurement language | Global internet security threat report - volume XV, April 2010 | How different are young adults from older adults when it comes to information privacy attitudes and policies? | Youth, privacy and reputation | Opt-in Dystopias | Promoting confidence in electronic commerce - legal issues on international use of electronic authentication and signature methods]
A report by the United Nations Commission on International Trade Law (UNCITRAL).
UNCITRAL: Promoting confidence in electronic commerce - legal issues on international use of electronic authentication and signature methods (PDF)
[Open link in this window | Open link in new window]
Tech and law: Electronic authentication and e-signatures - legal issues and UNCITRAL legislation
[Open link in this window | Open link in new window]
More at... [10/04/30 (1)]
A paper by Nicklas Lundblad and Betsy Masiello.
Nicklas Lundblad, Betsy Masiello: Opt-in dystopias (PDF)
[Open link in this window | Open link in new window]
The technology liberation front: Terrific study on cost of opt-in privacy regulatory regime, but...
[Open link in this window | Open link in new window]
MediaPost: Google warns against privacy laws requiring opt-in consent
[Open link in this window | Open link in new window]
Tech and law: Consent - opt in or opt out? Google article
[Open link in this window | Open link in new window]
SCRIPT-ed, 2010 Volume 7 Issue 1
[Open link in this window | Open link in new window]
More at... [10/04/29 (1)]
A literature review by Alice E Marwick, Diego Murgia-Diaz and John G. Palfrey Jr.
Alice E Marwick, Diego Murgia-Diaz, John G. Palfrey Jr.: Youth, privacy and reputation (SSRN)
[Open link in this window | Open link in new window]
Schneier on security: Young people, privacy and the internet
[Open link in this window | Open link in new window]
More at... [10/04/28 (1)]
A paper by Chris Jay Hoofnagle, Jennifer King, Su Li and Joseph Turow.
Chris Jay Hoofnagle, Jennifer King, Su Li, Joseph Turow: How different are young adults from older adults when it comes to information privacy attitudes and policies?
[Open link in this window | Open link in new window]
Concurring opinions: Do young people care about privacy?
[Open link in this window | Open link in new window]
Office of the Privacy Commissioner of Canada: Aspirations of privacy
[Open link in this window | Open link in new window]
MediaPost: Young adults say web sites should be required to delete user data
[Open link in this window | Open link in new window]
Concurring opinions: People want strong punishments for privacy violations
[Open link in this window | Open link in new window]
More at... [10/04/27 (1)]
A report by Symantec.
Symantec: Global internet security threat report - Trends for 2009, Volume XV, Published April 2010 (PDF)
[Open link in this window | Open link in new window]
Symantec: Internet security threat report
[Open link in this window | Open link in new window]
View from the bunker: Criminals rack up more than 100 potential attacks a second on the world's computers, reveals Symantec report
[Open link in this window | Open link in new window]
More at... [10/04/26 (1)]
Language to use when procuring software, by the New York State Office of Cyber Security and Critical Infrastructure Coordination.
NYS Office of Cyber Security and Critical Infrastructure Coordination: February 2010 Application Development Security Procurement Language (PDF)
[Open link in this window | Open link in new window]
NYS Office of Cyber Security and Critical Infrastructure Coordination: Application Security Procurement Language
[Open link in this window | Open link in new window]
ComputerWeekly: Top 25 coding errors - are your software suppliers secure?
[Open link in this window | Open link in new window]
Tech and law: Security - coding and web programming errors
[Open link in this window | Open link in new window]
More at... [10/04/25 (1)]
A list by the Open Web Application Security Project (OWASP).
OWASP: OWASP Top 10 for 2010
[Open link in this window | Open link in new window]
DarkReading: OWASP issues top 10 web application security risks list
[Open link in this window | Open link in new window]
More at... [10/04/24 (1)]
A study by the Ponemon Institute.
Ponemon Institute: Security in the trenches (PDF)
[Open link in this window | Open link in new window]
CA: Security in the trenches
[Open link in this window | Open link in new window]
CA: Federal agency IT staff, IT execs not on same page when it comes to security
[Open link in this window | Open link in new window]
DarkReading: Perceptions of security vary widely between IT management, security staff
[Open link in this window | Open link in new window]
[10/04/23]
An article by Khaled El Emam, Ann Brown, Philip AbdelMalik, Angelica Neisa, Mark Walker, Jim Bottomley and Tyson Roffey.
Khaled El Emam, Ann Brown, Philip AbdelMalik, Angelica Neisa, Mark Walker, Jim Bottomley, Tyson Roffey: A method for managing re-identification risk from small geographic areas in Canada (PDF)
[Open link in this window | Open link in new window]
BMC: A method for managing re-identification risk from small geographic areas in Canada
[Open link in this window | Open link in new window]
Tech and law: Privacy and location info - re-identification risks, especially with health data
[Open link in this window | Open link in new window]
[10/04/22]
A comic book by European Digital Rights (EDRI).
EDRI: Under surveillance (PDF)
[Open link in this window | Open link in new window]
EDRI: Personal data - a comic book to raise awareness among European young adults (PDF)
[Open link in this window | Open link in new window]
EDRI
[Open link in this window | Open link in new window]
[10/04/21]
A report by the House of Lords.
House of Lords: Protecting Europe against large-scale cyber-attacks (PDF)
[Open link in this window | Open link in new window]
House of Lords: European Union Committee - Fifth report
[Open link in this window | Open link in new window]
Schneier on security: "Protecting Europe against large-scale cyber-attacks"
[Open link in this window | Open link in new window]
[10/04/20]
A report by the US Government Accountability Office (GAO).
GAO: Intellectual property - observations on efforts to quantify the economic effects of counterfeit and pirated goods (PDF)
[Open link in this window | Open link in new window]
Techdirt: GAO concludes piracy stats are usually junk, file sharing can help sales
[Open link in this window | Open link in new window]
The Register: US gov cries foul on MPAA piracy claims
[Open link in this window | Open link in new window]
Ars technica: US government finally admits most piracy estimates are bogus
[Open link in this window | Open link in new window]
More at... [10/04/19 (1)]
A report by George Lucian Petre.
George Lucian Petre: Facebook - Another breach in the wall (PDF)
[Open link in this window | Open link in new window]
Eric Diehl: Facebook - Another breach in the wall
[Open link in this window | Open link in new window]
More at... [10/04/18 (1)]
A study by Chris Jay Hoofnagle.
Chris Jay Hoofnagle: Internalizing identity theft (SSRN)
[Open link in this window | Open link in new window]
NYT: How lenders overlook the warning signs of ID theft
[Open link in this window | Open link in new window]
Concurring opinions: How identity theft is like the Ford Pinto
[Open link in this window | Open link in new window]
Techdirt: Call Ralph Nader - companies don't care about identity theft because it's cheaper to just clean up the mess if it happens
[Open link in this window | Open link in new window]
Schneier on security: Externalities and identity theft
[Open link in this window | Open link in new window]
More at... [10/04/17 (1)]
A guide by the National Institute of Standards and Technology (NIST).
NIST: Guide to protecting the confidentiality of personally identfiable information (PII) (PDF)
[Open link in this window | Open link in new window]
Tech and law: US - NIST guide to protecting confidentiality of personally identifiable information (PII)
[Open link in this window | Open link in new window]
More at... [10/04/16 (1)]
A study by Howard Beales, sponsored by the Network Advertising Initiative (NAI).
Howard Beales: The value of behavioral targeting (PDF)
[Open link in this window | Open link in new window]
The register: Behavioral targeting works, claims US study
[Open link in this window | Open link in new window]
[10/04/09]
A manual from the European Network Information Security Agency (ENISA).
ENISA: ENISA EFR Framework, Introductory manual
[Open link in this window | Open link in new window]
ENISA: Emerging and future risks
[Open link in this window | Open link in new window]
[10/04/08]
A study by Guido van 't Noordende.
Guido van 't Noordende: A security analysis of the Dutch electronic patient record system (PDF)
[Open link in this window | Open link in new window]
Guido van 't Noordende: The Dutch electronic patient record system
[Open link in this window | Open link in new window]
UvA: Nieuwe studie naar EPD legt gaten in beveiliging bloot
[Open link in this window | Open link in new window]
Computable: UvA en VWS steggelen over beveiliging EPD
[Open link in this window | Open link in new window]
Security.nl: Beveiliging EPD schiet ernstig tekort
[Open link in this window | Open link in new window]
[10/04/07]
A study by Christopher Soghian and Sid Stamm.
Christopher Soghian and Sid Stamm: Certified lies - detecting and defeating government interception attacks against SSL (PDF)
[Open link in this window | Open link in new window]
Techdirt: SSL cerificates compromised by governments & hackers - time to fix SSL
[Open link in this window | Open link in new window]
Wired threat level: Law enforcement appliance subverts SSL
[Open link in this window | Open link in new window]
Security.nl: SSL niet bestand tegen afluisteren overheid
[Open link in this window | Open link in new window]
More at... [10/04/06 (1)]
A study by the International Chamber of Commerce's BASCAP (Business Action to Stop Counterfeiting and Piracy) initiative.
ICC: Building a digital economy: the importance of saving jobs in the EU's creative industries (PDF)
[Open link in this window | Open link in new window]
ICC: 1.2m jobs to be lost to piracy
[Open link in this window | Open link in new window]
Ars technica: Sailors beware - P2P piracy will sink your jobs by 2015
[Open link in this window | Open link in new window]
[10/04/05]
An information security briefing by the UK Centre for the Protection of National Infrastructure (CPNI).
CPNI: Information security briefing 01/2010, Cloud computing (PDF)
[Open link in this window | Open link in new window]
David Lacey: Head in the clouds computing
[Open link in this window | Open link in new window]
[10/04/04]
A report by the US Government Accountability Office (GAO).
GAO: Information security - IRS needs to continue to address significant weaknesses (PDF)
[Open link in this window | Open link in new window]
DarkReading: Uncorrected flaws in IRS security systems leave taxpayer data at risk
[Open link in this window | Open link in new window]
[10/04/03]
The Jericho Forum's self-assessment scheme.
The Jericho Forum: Jericho Forum self-assessment scheme, Guide (PDF)
[Open link in this window | Open link in new window]
View from the bunker: Improving security through a self-assessment scheme
[Open link in this window | Open link in new window]
[10/04/02]
New guidelines from the European Data Protection Supervisor (EDPS).
EDPS: The EDPS video-surveillance guidelines (PDF)
[Open link in this window | Open link in new window]
EDPS: Thematic guidelines
[Open link in this window | Open link in new window]
Tech and law: CCTV - EDPS video surveillance guidelines
[Open link in this window | Open link in new window]
[10/04/01]
On this page Transitional HTML 4.01 and CSS 1 are used. If you're seeing this text you either have CSS switched off in your browser, or you're using a browser that can't handle CSS. If you're using an older browser version, you might want to consider upgrading.