I attended a presentation hosted by the BCS, and given by Ron Ballard, based on his article in IT Now, “Blockchain: the facts and the fiction”. What he said inspired some thoughts and reminded me of others, some of which I have previously published on my blog. I wrote an article, called Learnings of Bitcoin, which was meant to be a spoof on the Borat film title and posted it on my linkedin blog, The article looks at the tight coupling of Bitcoin, and its consensus mechanism, the proof of work, together with its costs and vulnerabilities. It examines the goal of eliminating trust authorities and its questionable ability to meet the necessary roles of money as a means of exchange and a store of wealth. In the comment pushing it, I say, "This might be a bit basic for some, but you can't have a coinless immutable blockchain, at least not one based on 'proof of work'.", at which point you need to consider if there are better data storage platforms for your use case. I use more words to explore these issues below/overleaf ....
E2E & Zoom
The Zoom CEO stated at an Analysts Conference that they planned to introduce End to End Encryption (E2E) for their paying customers. At the moment, zoom does not do E2E encryption, they are encrypted between the user device and Zoom’s servers, but zoom’s servers can be tapped. This means that GCHQ can’t see what’s happening, but the NSA & FBI can. (This assumes that GCHQ can’t break properly configured TLS.) In the end, doing zoom rather than skype or google hangouts, if you believe them to be more secure, is like going to a meeting and trying to spot the special branch cop, preferably before you’ve fucked them. The rest of this blog discusses the issues of the device security, technical complexity, and the problem of user identity. See below/overleaf … …
The multiple data protection laws in the UK
A note at Linkedin on the law and legislation applying to data protection and privacy in the UK, now i.e. after brexit and at the end of transition period. Obviously considers the GDPR and the Privacy Shield. The GDPR is now forked. 😋 …
Big Copyright strikes again
This time in the European Parliament. They want upload filters and to tax ISSP’s reuse, but you can do something about it.
Last week a committee of MEPs voted 15 – 10, reported here by one of its members, Julia Reda, the sole Pirate Party MEP, in favour of the EU Copyright Directive’s disastrous Article 13. This misguided measure will introduce upload filters that would change the way that much of the Internet works, from free and creative sharing, to one where anything can be removed without warning, by computers. They also voted in favour of Article 11, which Europeanises a German & Spanish law and places a monetary liability on internet software service providers who use snippets of news articles originally published by for-profit publishers.
This article explains why the measures are wrong, and points to the campaign sites. It was amended on the 5th July after the vote to report the result, which was that the Parliament voted to re-open the discussion in plenary.
Everything went better than expected pic.twitter.com/ykVfad3Lfr
— Julia Reda (@Senficon) July 5, 2018
Here are the votes, interesting splits. …
More reasons to be doubtfull
I had reason to read the Register’s front page this morning and came across these three IT Security and e-voting gems. Firstly the New Zealand Government uses NSA surveillance tools to spy on the a number of APAC governments to help in their campaign to win one of the World Trade Organisation’s elected positions. Secondly the Australian ivote’s practice system has been compromised in such a way that cast votes can be infected. This project was lead by Vannesa Teague and Alex Halderman; Teague has previously spoken of the inherent weakness of [ei]-voting., not a fan it would seem. And thirdly, CISCO’s CTO gives up on security, or at leas that’s what the Register reports as a headline; the comments by Hartman, CISCO’s CTO are more nuanced but he definitely proposes that devices cannot be secure, and need to be monitored against change and current and future threats, and how do you do that in the home. …
Coming Privacy Law
Yesterday, attended a session convened by the BCS North London branch, called “Data Privacy – How Private is IT?” The presentation was given by two PWC staff members in two parts, the first was a forward looking review at the proposed EU Data Protection Regulation by Kyrisia Sturgeon and the second part a scenario based exploration of good data protection practice led by Pragasen Morgan. To me the coming key changes in the law are that all companies will need to have a qualified data protection officer, and it implements a right to be forgotten, or more accurately a right to be unindexed. …