This document discusses notification and takedown requests that ISPs receive from police regarding illegal or infringing content hosted on websites. It provides examples of reasons for takedown requests, including copyright infringement, child abuse images, and incitement of violence. The document outlines the standard form used for takedown requests and describes DNS and IP blocking techniques used. It notes potential collateral impacts of blocking, such as circumvention of blocks or impacting access to legal content. The document suggests addressing takedown requests directly to hosting providers rather than ISPs and establishing standard procedures and central points of contact to improve the process.
Cloud and Security: a Legislator's Perspective
at "Up in the Cloud: Conference on Legal and Privacy Challenges in Cloud Computing"
University of Hong Kong
Interact 2018 - GDPR for digital publishers, digital agencies and advertisersIAB Europe
Held in Milan on 23-24 May, IAB Europe’s annual 2-day conference Interact 2018 featured a training by Matthias Matthiesen, Director Public Policy & Privacy and Chris Hartsuiker, Public Policy Officer, IAB Europe. Which provisions in the General Data Protection Regulation are the most relevant to digital publishers and advertisers? What is the guidance of the European Data Protection Board (former Article 29 Working party) on these topics? This training session, provided by IAB Europe will provide insight into applying the GDPR to the digital advertising supply chain.
Strong Host Security Policies are Good BusinessHostingCon
Inevitably, the actions of some clients create legal issues that need to be addressed by hosts quickly and cost effectively. It is essential to have good hosting policies and procedures in place to deal with the legal and regulatory issues arising from operating a hosting business. Failure to implement good hosting practices can be disruptive and expensive for both hosts and their clients. Hosts must deal with a variety of law enforcement issues over time, ranging from cyber-crime to potential law suits.
Cloud and Security: a Legislator's Perspective
at "Up in the Cloud: Conference on Legal and Privacy Challenges in Cloud Computing"
University of Hong Kong
Interact 2018 - GDPR for digital publishers, digital agencies and advertisersIAB Europe
Held in Milan on 23-24 May, IAB Europe’s annual 2-day conference Interact 2018 featured a training by Matthias Matthiesen, Director Public Policy & Privacy and Chris Hartsuiker, Public Policy Officer, IAB Europe. Which provisions in the General Data Protection Regulation are the most relevant to digital publishers and advertisers? What is the guidance of the European Data Protection Board (former Article 29 Working party) on these topics? This training session, provided by IAB Europe will provide insight into applying the GDPR to the digital advertising supply chain.
Strong Host Security Policies are Good BusinessHostingCon
Inevitably, the actions of some clients create legal issues that need to be addressed by hosts quickly and cost effectively. It is essential to have good hosting policies and procedures in place to deal with the legal and regulatory issues arising from operating a hosting business. Failure to implement good hosting practices can be disruptive and expensive for both hosts and their clients. Hosts must deal with a variety of law enforcement issues over time, ranging from cyber-crime to potential law suits.
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
The Prevention of Electronic Crimes Act 2016 being new cyber crimes law in Pakistan provide a comprehensive mechanism to prevent and apprehend the cyber crimes.
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
This is a new set of slides, adapted after the 10/21/2013 LIBE Committee vote on the proposed amendments to the Regulation. Quite a few of the original GDPR rules have changed so far.
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
Check out this link for the latest version: http://www.slideshare.net/EDiscoveryMap/the-eu-data-protection-reforms-impact-on-cross-border-ediscovery-27629797
The European Commission's proposal for a new General Data Protection Regulation (GDPR), represents the most significant global development in data protection law since Directive 95/46. It will considerably impact cross-border e-discovery in the EU.
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
The Prevention of Electronic Crimes Act 2016 being new cyber crimes law in Pakistan provide a comprehensive mechanism to prevent and apprehend the cyber crimes.
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
This is a new set of slides, adapted after the 10/21/2013 LIBE Committee vote on the proposed amendments to the Regulation. Quite a few of the original GDPR rules have changed so far.
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
Check out this link for the latest version: http://www.slideshare.net/EDiscoveryMap/the-eu-data-protection-reforms-impact-on-cross-border-ediscovery-27629797
The European Commission's proposal for a new General Data Protection Regulation (GDPR), represents the most significant global development in data protection law since Directive 95/46. It will considerably impact cross-border e-discovery in the EU.
What happens when your online newspaper outcomes any forecast? What if the breaking news only breaks your infrastructure? Do you have the needed elasticity to support 4x the traffic you are used to?
Sono tutti open con le infrastrutture degli altriMariano Cunietti
Costruire un’infrastruttura cloud IAAS non è cosa da tutti i giorni. I problemi sul tavolo sono molti e le soluzioni rischiano spesso di essere solamente complicate.
Seguendo il motto “simplicity scales”, abbiamo approcciato il progetto di Enter Cloud Suite affrontando, atterriti ed euforici a giorni alterni, il problema del vero cloud: le architetture distribuite.
Abbiamo scoperto che molto, quasi tutto, era già stato discusso quasi un ventennio fa e che le soluzioni open source erano le migliori a disposizione per implementare quelle idee.
Abbiamo risolto tutti i nostri problemi cercando sempre la soluzione più elegante e “leggera”, spesso trovandola.
Infine, abbiamo concluso che quello stesso tesoro di informazioni e conoscenze potevano essere utili anche a chi sul nostro cloud avrebbe costruito le proprie infrastrutture, in una sorta di vertiginoso frattale tecnologico.
A short overview of content theft I presented at Sectalks Perth back in November 2017. Thanks to the sectalks crowd especially @NHardy and @s4gi_ for their assistance.
Developments in the TMT Sector - Current trends & emerging legal issuesMartyn Taylor
Presentation on developments in the TMT sector given to the "Technology, Media & Telecommunications: Challenges & Opportunities" seminar in March 2017 in Sydney
Content:
- Software eats the world - global disruption caused by digital platforms
- Technology - Big Data - legal issues in data security and sovereignty
- Media - disruption to content business models and recent law reforms
- Telecoms - the outlook to 5G mobile and the future of next generation networks
- Emerging legal issues in particular sectors - fintech, smart grid, transport
How you can protect your online identity, online privacy and VPNsIulia Porneala
A presentation on how to protect your internet identity, become anonymous online and VPNs.
What is encryption, Edward Snowden, NSA scandal, methods of protecting your online identity and statying away from the dangers of the Internet.
Ether2 "The Net...fixed" (or "how to close the digital divide")Jonathan Gael
Investor overview of Ether2 network protocol that does Ethernet better than Ethernet, and converges all forms of interoperable networking to a universal architecture that enables the next wave of computing in a post PC/mobile era.
SOPA, OPEN, ACTA and parallel copyright reforms in Europe, The right way to t...beamatinet
Conference Jan. 23 2012, Stanford Law School on SOPA, OPEN, ACTA and parallel copyright reforms in Europe, The right way to tackle online infringement?
(by @beamartinet)
Privacy and the GDPR: How Cloud computing could be your failingIT Governance Ltd
This webinar covers:
- An overview of the GDPR
- Breach notification requirements under the GDPR and a showcase of recent data breaches and their costs
- Organisations' responsibilities when storing data in the Cloud, and the roles of controller and processor
- The outcome of subcontracting on Cloud service providers and notifications on activities in the Cloud
- The role and responsibilities of the Cloud adoption team
- ISO 27018 and implementing security controls for PII in the Cloud.
A recording of this webinar is available here:
https://www.youtube.com/watch?v=mcLPEEGqvr4
1. Notification and Takedown
from an ISP standpoint
Mariano Cunietti
CTO, Enter Srl, Milano
mcunietti@enter.it
@mcunietti
ECTA Conference
Brussels, 26 November 2012
2. Enter Srl
• Enter is an ISP operating in Italy and it is a member of
AIIP, the Italian ISP association
• Business consists in infrastructure services for
enterprises (access, hosting, cloud, telephony)
• Investments were done in developing proprietary access
networks (ULL, Metroethernet), datacenter, cloud
infrastructure (OpenStack)
• Innovative products are related to connectivity
(Metroethernet) and cloud computing (www.cloudup.it)
3. Agenda
• Police Notice and Takedown requests
• Blocking technologies
• Collateral damages
• Suggestions for future approach
4. Police Takedown Request - Reasons
• Illegal offer of goods and services (e.g. illegal arms, fake medicines,
unauthorized gambling services etc.).
• Illegal promotion of goods and services.
• Content facilitating phishing, pharming or hacking.
• Infringements of copyright and related rights, trademarks
• Infringement of consumer protection rules.
• Incitement to hatred or violence (on the basis of race, religion, gender,
sexual orientation etc.)
• Child abuse content
• Terrorism related content (e.g. content inciting the commitment of
terrorist offences and training material)
• Defamation
• Privacy infringements (Spamming included)
5. Police Takedown Request - Form
• "In the scope of this criminal prosecution, please proceed
immediately to the preventive seizure of this site by prohibiting
access from Italy to the site [www.]domain.com[/page] with
IP 111.222.333.444 both via DNS and IP blocking.
• Blocking shall be extended to related aliases linking to this site in
the present and future, to IP address[es] actually bound to the
aforementioned domain name[s] and any other additional statical
IP address should be bound to, in the present and future.
• You are strongly invited to forward this request to any other
provider may be part of the same company group your company
is member of.”
8. Collateral damages
• DNS blocking is easily worked around by users
• IP blocking can be worked around by offenders
• URL filtering has “A-B-Normal” impacts on privacy,
costs, operations
• Taking down entire domains or IPs means shutting
down also legal services or websites.
• Tracking down future DNS and IP aliases is a
police task requested to ISPs
9. Suggested approach
• Address the takedown N&A to the source: the
hoster. One action rules them all.
• Define standard police procedures to request
takedown actions. Train police to use them.
• Establish a single european and international
point of contact for police requests to hosters
Enter srl is an italian ISP based in Milan and estabilished in 1996. Enter provides access and datacenter services to business customers. Access services are based on xDSL (Ethernet and ATM) connectivity on copper, radio link and fiber (FTTx), delivering national and international customers internet access, geographical MPLS VPN networks, telephony services (PSTN and IP). Datacenter services cover several architectures based on physical servers (hosting and housing), virtual servers and public cloud platforms. Enter datacenter is located in Milano Caldera and directly connected to the Milan Internet Exchange (MIX). The Associazione Italiana Internet Provider (“AIIP”) is an association of Italian communications operators established on 1995, with the aim to represent its associates before any public administration, independent authority, or any other public body, domestic or supranational, such as the European Commission on any issues relating to Internet and electronic communications, as well as cybercrime, data protection, e-commerce regulation, and safe use of the Internet, etc. AIIP represents more than 50 associated companies which offer to the public electronic communications services (Internet access, housing, hosting, IP based services such as VoIP, IPTV, video communications, videoconferences,).
Permanent blockings For two specific matters, the Internal Affairs Ministry has set up specific procedures: CNCPO (National Centre for Paedopornography Online Contrast) - a central list is kept up to date, ISPs and telcos have to mantain the DNS blocking filters updated AAMS (Autonomous State Monopolies Administration) - a 400+ foreign gambling site list has been blocked years ago and must be kept filtered
Recipients of the requests The recipient list, which is often attached, varies from time to time, and from police office to another. This means there is no shared procedure to retrieve the list. Many active providers are always left out the list. Some large hosting providers are always included even if they do not offer access, though Recipient of the request are always access providers, registered on the Authority Register ( ROC , Communication Operators Registry) or ISPs owning a Telecommunication Ministry ISP general license. The two are not necessarily overlapping. There are no controls over the execution of the request.
The suggested approach SLIDE 7 If a website blocking is needed, whether it is a single page or an entire site, the request should be addressed to the source, to obtain maximum effectiveness, therefore to: the owner of the domain (WHOIS tells you always who he/she is) (immediate takedown) the hoster (immediate takedown) the technical contacts of the domain registrar (immediate takedown plus some propagation delay) the internet breakout provider of the hoster (immediate takedown). No DNS blocking should be requested, as it is easy to work around No IP blocking should be requested, as with cloud technologies it would be much more easy to move a content from a server to another. No URL filtering should be requested, because it is unbearable both by small (costs) and large (huge data) internet providers. Privacy implications are "A-B-normal". Police offices should be trained about Internet crime issues and countermeasures. Requests should be more technically and lawfully correct. A standard request form should be defined. A single point of contact should be provided also for international issues, with shared procedures.