WannaCrypt, WannaCry, WannaDie? This world’s sorry state of information security

 Information Security, Privacy, Risk Management  Comments Off on WannaCrypt, WannaCry, WannaDie? This world’s sorry state of information security
May 162017
 

May 12th 2017 saw the largest outbreak of ransomware to date with a massive impact to computer systems worldwide.
Although somebody, almost by mistake, found a way to temporarily hold the spread of this virus, history has shown that copycat actions based on the same code will follow sooner rather then later.
Over the weekend already one more strain of this virus has been spotted in the wild and this one doesn’t respond to the same “kill-switch” that was deployed against the original version.
How did we come this far?
Read my Analyses here!

EU/US Privacyshield: one common goal but 180 degree difference in vision A game of cloak and dagger

 Privacy  Comments Off on EU/US Privacyshield: one common goal but 180 degree difference in vision A game of cloak and dagger
Apr 292016
 

We are registering the start of this century when social media more or less didn’t exist yet, nobody heard of big data and Edward Snowden was still a young man.
At that time it wasn’t hard to see how the European Union and the USA made a gentlemen’s agreement on the processing of personal information in the USA even though the country offered a privacy protection level nowhere close to becoming adequate according to European privacy laws (data protection directive 95/46/EC) on the promise they would behave themselves and companies could be trusted with a self-certification system on which the American FTC (Federal Trade Commission) would keep a close eye. They called it “safe harbour” which lasted for around 15 years.

The adequacy of American data protection hasn’t changed in all these years and with the expected growing protection against unlawful data processing only increasing in the GDPR it will not change in the favour of the American views on privacy anytime soon either.
So why is the privacy shield more a cloak than a protective measure?
Read my analyses here

Apple vs. FBI and why it is disturbing that a private company needs to protect us from the government The clash of data protection and law enforcement

 Information Security, Privacy  Comments Off on Apple vs. FBI and why it is disturbing that a private company needs to protect us from the government The clash of data protection and law enforcement
Mar 292016
 

December 2nd 2015, San Bernardino California USA
Two gunmen burst into a party from the local government where one of them actually works and in a shooting spray kill 14 and injure a further 22. In the man/woman hunt following the incident the attackers get shot and killed by the police.
During the investigation an pass-code protected iPhone 5C is recovered belonging to the San Bernardino local authorities which may or may not hold vital information.

This could have been just a headline out of any US-based news agency on any given day in any given year and nobody would have given it much thought several months later, certainly not the entire tech-sector.
So why is this case any different except for the label “terrorism” stuck to it?
Read my analyses here

GDPR Comprehensive A couple of months too early?

 Privacy  Comments Off on GDPR Comprehensive A couple of months too early?
Mar 092016
 

For the last almost 4 years, the bureaucrats in Brussels have been discussing the way the privacy laws in the European Union should be harmonised. December last year they finally reached agreement on the new general data protection regulation (gdpr) that will, if formally adopted, replace the 95/46/EC data protection directive and all national laws that implemented this directive in their national frameworks.
The International Association of Privacy Professionals (IAPP) organised a 2 day training session on the 22nd and 23rd of February to bring me and other privacy pros up to steam on this new opportunity for job security in the coming years.
Read my full report here