Entries Tagged "UK"

Page 12 of 19

House of Lords on Computer Security

The Science and Technology Committee of the UK House of Lords has issued a report (pdf here) on “Personal Internet Security.” It’s 121 pages long. Richard Clayton, who helped the committee, has a good summary of the report on his blog. Among other things, the Lords recommend various consumer notification standards, a data-breach disclosure law, and a liability regime for software.

Another summary lists:

  • Increase the resources and skills available to the police and criminal justice system to catch and prosecute e-criminals.
  • Establish a centralised and automated system, administered by law enforcement, for the reporting of e-crime.
  • Provide incentives to banks and other companies trading online to improve the data security by establishing a data security breach notification law.
  • Improve standards of new software and hardware by moving towards legal liability for damage resulting from security flaws.
  • Encourage Internet Service Providers to improve customer security offered by establishing a “kite mark” for internet services.

If that sounds like a lot of the things I’ve been saying for years, there’s a reason for that. Earlier this year, I testified before the committee (transcript here), where I recommended some of these things. (Sadly, I didn’t get to wear a powdered wig.)

This report is a long way from anything even closely resembling a law, but it’s a start. Clayton writes:

The Select Committee reports are the result of in-depth study of particular topics, by people who reached the top of their professions (who are therefore quick learners, even if they start by knowing little of the topic), and their careful reasoning and endorsement of convincing expert views, carries considerable weight. The Government is obliged to formally respond, and there will, at some point, be a few hours of debate on the report in the House of Lords.

If you’re interested, the entire body of evidence the committee considered is here (pdf version here). I don’t recommend reading it; it’s absolutely huge, and a lot of it is corporate drivel.

EDITED TO ADD (8/13): I have written about software liabilities before, here and here.

EDITED TO ADD (8/22): Good article here:

They agreed ‘wholeheartedly’ with security guru, and successful author, Bruce Schneier, that the activities of ‘legitimate researchers’ trying to ‘break things to learn to think like the bad guys’ should not be criminalized in forthcoming UK legislation, and they supported the pressing need for a data breach reporting law; in drafting such a law, the UK government could learn from lessons learnt in the US states that have such laws. Such a law should cover the banks, and other sectors, and not simply apply to “communication providers”—a proposal presently under consideration by the EU Commission, which the peers clearly believed would be ineffective in creating incentives to improve security across the board.

Posted on August 13, 2007 at 6:35 AMView Comments

Security-Theater Cameras Coming to New York

In this otherwise lopsided article about security cameras, this one quote stands out:

But Steve Swain, who served for years with the London Metropolitan Police and its counter-terror operations, doubts the power of cameras to deter crime.

“I don’t know of a single incident where CCTV has actually been used to spot, apprehend or detain offenders in the act,” he said, referring to the London system. Swain now works for Control Risk, an international security firm.

Asked about their role in possibly stopping acts of terror, he said pointedly: “The presence of CCTV is irrelevant for those who want to sacrifice their lives to carry out a terrorist act.”

[…]

Swain does believe the cameras have great value in investigation work. He also said they are necessary to reassure the public that law enforcement is being aggressive.

“You need to do this piece of theater so that if the terrorists are looking at you, they can see that you’ve got some measures in place,” he said.

Did you get that? Swain doesn’t believe that cameras deter crime, but he wants cities to spend millions on them so that the terrorists “can see that you’ve got some measures in place.”

Anyone have any idea why we’re better off doing this than other things that may actually deter crime and terrorism?

Posted on August 6, 2007 at 3:23 PMView Comments

British Report on E-Voting

In even more voting news, the UK Electoral Commission released a report on the 2007 e-voting and e-counting pilots. The results are none too good:

The Commission’s criticism of e-counting and e-voting was scathing; concerning the latter saying that the “security risk involved was significant and unacceptable.” They recommend against further trials until the problems identified are resolved. Quality assurance and planning were found to be inadequate, predominantly stemming from insufficient timescales. In the case of the six e-counting trials, three were abandoned, two were delayed, leaving only one that could be classed as a success. Poor transparency and value for money are also cited as problems. More worryingly, the Commission identify a failure to learn from the lessons of previous pilot programmes.

Posted on August 6, 2007 at 10:21 AMView Comments

Terrorist Special Olympics in the UK

First London and then Glasgow. Who are these idiots? Is there a Special Olympics for terrorists going on in the UK this week?

Two points about Glasgow:

One, airport security worked. And two, putting a propane tank into a car and driving into a building at high speed is the sort of thing that only works in old episodes of The A Team. On television, you get a massive, extensive explosion. In real life, you only get a small localized fire.

I am particularly pleased with the reaction from the Scots, which is measured and reasonable. No one was hurt; no need to panic. Life goes on.

On the other hand, who invites their friends to come along on a suicide mission?

Posted on July 2, 2007 at 9:19 AMView Comments

London's Dirty Bomb Tests

London is running a dirty-bomb drill. Mostly a movie-plot threat, but these sorts of drills are useful, regardless of the scenario.

I agree with this:

As ever, plain old explosives are the big worry. As for chemicals, compare the effects of the Tokyo subway gas attack (10 terrorists, five attacks each involving 1kg of hard-to-get sarin nerve gas, 12 dead total) with a typical backpack-bomb attack (London 7/7: four terrorists, four simple home made devices, 52 dead). Only a stupid attacker would bother with chemicals. Real pros like the IRA, for instance, never have.

Although with a dirty bomb, the media-inspired panic would certainly be a huge factor.

Posted on May 21, 2007 at 6:34 AMView Comments

Sex Toy Security Risk

This sounds like bullshit to me:

Small, egg-shaped and promising ‘divine’ vibrations, a UK sex toy has been deemed a threat to Cyprus’s national security. According to the company Ann Summers, the Love Bug 2 has been banned because the Cypriot military is concerned its electronic waves would disrupt the army’s radio frequencies. Operated by a remote control with a range of six metres, it is described by Ann Summers as ‘deceptively powerful’. The company said: “The Love Bug 2 is available in Cyprus but we have had to put a warning out urging Cypriots not to use it.”

Posted on May 11, 2007 at 12:19 PMView Comments

UK Police Blow Up Bat Detector

Boston-style idiocy from the UK:

Officers were called to Handcross at noon yesterday after a member of the public spotted the box under a bridge over the A23.

Police immediately set-up a no-go zone around the site and offered 20 residents shelter in the parish hall while the bomb disposal unit investigated.

Both lanes of the A23 at Pease Pottage, near the motorway junction, and the A272 at Bolney were closed for several hours.

The Horsham Road at Handcross was also shut and traffic diversions set up.

Drivers were advised to avoid the area because of traffic gridlock.

The £1,000 bat detector, which monitors the nocturnal creature’s calls, was put under the bridge as part of a survey of the endangered creatures.

For those who don’t know, the A23 is the main road between London and Brighton on the south coast. More info on the incident here and here.

I like this comment:

We are working on ways to improve identification of our property to avoid a repeat of the incident.

Might I suggest a sign: “This is not a bomb.”

Refuse to be terrorized, people!

Posted on May 4, 2007 at 1:23 PMView Comments

1 10 11 12 13 14 19

Sidebar photo of Bruce Schneier by Joe MacInnis.