Tag Archives: data protection

ISNow – Future Threats

The following introduction was originally published in the BCS Information Security Now Magazine, Winter 2010 issue (Volume 5, Issue 2), which was on the topic of Future Threats:

“The start of each New Year brings festive cheer and thoughts about what security related treats we might see in the coming year. I think 2011 may bring:

Targeted malware – next generation spear-phishing. The emergence of Stuxnet, which combines traditional malware techniques with a specially crafted targeting mechanism and payload parameters, may signal a new form of deniable attack. Even with the required time and resources required to develop the intelligence and programming that feeds into such software, it could still be a much more cost effective and politically acceptable virtual approach versus physical alternatives. This attack vector is likely to be picked up by other online ne’er- do-goods.

Secrets revealed – exposing truths. Wikileaks, Crytome, The Smoking Gun and others have a track record of exposing the secrets of governments, corporations and individuals. State and court sanctions are unlikely to deter all those seeking to expose unlawful, hypocritical and immoral activities. Once details are released on the internet it is too late, however good your censorship capabilities are and if the traditional press get hold of it too it’s as good as over. As people learn the effectiveness of such exposure we may see more whistleblowers emerge.

Personal intrusions – self-exposure. From airport security officials wishing to either irradiate us or touch our junk; governments wanting to know about our worldwide banking arrangements, health, happiness and online activities; social networks wanting to know where you are, who your friends are and what you’re saying; advertisers wanting to know where you are and what you’re interested in; employers wanting to know if you’re a suitable hire or risk to the business.

Happy New Year – hopefully.”

A PDF version of the magazine is available online at:


Talk on ‘RIPA: Perception & Practice’ (Slides)

I spoke at the BCS Information Security Specialist Group’s 11th Annual Legal Day, held at the RAF Club, London on Friday 22nd January 2010. My talk was entitled “RIPA: Perception and Practice” and the slides are now available:
View more documents from INFOSEC_Maven.

Talk on ‘RIPA: Perception & Practice’

I will be speaking at the BCS Information Security Specialist Group’s 11th Annual Legal Day, being held at the RAF Club, London on Friday 22nd January 2010. My talk is entitled “RIPA: Perception and Practice”, although I was tempted to title it “RIPA: Proportionality, Paranoia and Practice”, and the synopsis is:

“There has been much discussion in the media and elsewhere about the use and misuse of the powers granted to many public authorities under the Regulation of Investigatory Powers Act 2000 and associated legislation.

Stories about snooping on people for trying to get their children into a particular school or letting their dogs foul the street may make the front page, but they are not necessarily representative of how the powers are used in general.

Sure, they should lead to questions about the implementation and effectiveness of the necessity and proportionality tests that are a mandatory part of the legislation, but there may be greater things to concern ourselves with when law enforcement and the intelligence community wish to grow and extend the use of data retention, monitoring and surveillance.

This talk will give an overview of many years of practical experience and interactions with the public authorities authorised to seek access to information under RIPA, Part I, Chapters I & II.”

Further information can be found in the events section of the BCS ISSG website: