Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day-to-day expenditures for the Government, businesses, and individuals. This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war

Taking proportionality seriously. The use of contextual integrity for a more informed and transparent analysis in EU data protection law.

Difficulties abound as to where the boundary between legitimate and illegitimate processing of personal data must be set. The open-ended wording of the EU Data Protection Directive (DPD) 95/46 leaves space for diverse interpretations. The European Court of Justice finds it difficult to establish methodically the contextual data flows associated with individuals’ rights and the processing, with cascading consequences for the proportionality analysis, thus echoing the wider debate on proportionality. Taking stock of the criticisms of the ECJ’s decisions and of the changes introduced by the General Data Protection Regulation, this paper proposes to use contextual integrity, a framework of analysis developed by Helen Nissembaum, largely implicit in EU data protection law, to provide a systematic method of interpretation that ensures more consistency in current EU legal practice. It recommends adopting a new formal three-tier structure, so that all factors necessary to the discussion on proportionality are fully and systematically identified and proportionality is taken seriously

The Computer Misuse Act 1990 to support vulnerability research? Proposal for a defence for hacking as a strategy in the fight against cybercrime.

Despite the recent push towards security by design, most softwares and hardwares on the market still include numerous vulnerabilities, i.e. flaws or weaknesses whose discovery and exploitation by criminal hackers compromise the security of the networked and information systems, affecting millions of users, as acknowledged by the 2016 UK Government in its Cybersecurity Strategy. Conversely, when security researchers find and timely disclose vulnerabilities to vendors who supply the IT products or who provide a service dependent on the IT products, they increase the opportunities for vendors to remove the vulnerabilities and close the security gap. They thus significantly contribute to the fight against cybercrime and, more widely, to the management of the digital security risk. However, in 2015, the European Network and Information Security Agency concluded that the threat of prosecution under EU and US computer misuse legislations ‘can have a chilling effect’, with security researchers ‘discentivise[d]’ to find vulnerabilities. Taking stock of these significant, but substantially understudied, criminal law challenges that these security researchers face in the UK when working independently, without the vendors’ prior authorisation, this paper proposes a new defence to the offences under the Computer Misuse Act, an innovative solution to be built in light of both the scientific literature on vulnerability research and the exemption proposals envisaged prior to the Computer Misuse Act 1990. This paper argues that a defence would allow security researchers, if prosecuted, to demonstrate that contrary to criminal hackers, they acted in the public interest and proportionally

Our Digital Footprint under Covid-19: Should We Fear the UK Digital Contact Tracing App?

With the objective of controlling the spread of the coronavirus, the UK has decided to create and, since 5 May 2020, is live testing a digital contact tracing app, under the direction of NHS X, a branch of NHS Digital, and with the help of the private sector. Given the lack of details as to what the app will exactly do or not do, there are fears that the project will increase government surveillance beyond the pandemic. While I share these concerns, I argue that we need to simultaneously tackle one of the most significant, yet overlooked, contributors to the problem of government surveillance: our inflated digital footprint, stemming from our use of digital technology, and the basis of ‘surveillance capitalism’, a business model left largely unchallenged, which results in surveillance, and stems from the non-compliance with data protection laws. A systematic enforcement of the General Data Protection Regulation (GDPR) on the private sector would disrupt the current dynamics of surveillance which are hidden in plain sight

Access to Justice: Beyond the Policies and Politics of Austerity

Building on a series of ESRC funded seminars, this edited collection of expert papers by academics and practitioners is concerned with access to civil and administrative justice in constitutional democracies, where, for the past decade, governments have reassessed their priorities for funding legal services: embracing 'new technologies' that reconfigure the delivery and very concept of legal services; cutting legal aid budgets; and introducing putative cost-cutting measures for the administration of courts, tribunals and established systems for the delivery of legal advice and assistance. Without underplaying the future potential of technological innovation, or the need for a fair and rational system for the prioritisation and funding of legal services, the book questions whether the absolutist approach to the dictates of austerity and the promise of new technologies that have driven the Coalition Government policy, can be squared with obligations to protect the fundamental right of access to justice, in the unwritten constitution of the United Kingdom