TERENA Networking Conference 2005©The JNT Association, 2005 Network Performance Measurement: Privacy and Legal Issues Andrew Cormack, UKERNA

Slides:



Advertisements
Similar presentations
Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.
Advertisements

Overview of the Regulation of Investigatory Powers Act 2000 Andrew Charlesworth University of Warwick 10 June 2002.
© JANET(UK) 2011 Running a Public Communications Service Andrew Cormack Chief Regulatory Adviser, Janet
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
In confidence Chair: Storm Westmaas Principal Legal Adviser, the Standards Board for England Speakers: Bernadette Livesey Chief Law and Administration.
Copyright JNT Association Striking a Balance: Privacy and Legal Issues in Network Management Andrew Cormack Chief Regulatory Adviser, UKERNA
Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.
Getting data sharing right for every child
Copyright JNT Association Federated Identity and Data Protection Law Andrew Cormack, Eva Kassenaar, Mikael Linden, Walter Martin Tveter.
BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.
Big Data and data protection
Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, – 2.00 pm.
Legalities of ICT Chapter 7.
Class 13 Internet Privacy Law European Privacy.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Act. Lesson Objectives To understand the data protection act.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
General Purpose Packages
(Edited) WORKPLACE PRIVACY.
2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,
Electronic Use Policies.   Social Media  Internet.
How Can We Deal with Risks from the Internet: Why Privacy Legislation Is Hot Right Now Professor Peter Swire Ohio State University/Center for American.
Whistle-blowing and the Law – Part I Gavin Millar QC and Dr Andrew Scott.
Computer Legislation The need for computer laws Go to Contents.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Judgment of the Court of the European Union (Grand chamber) Retention of Telecommunications Data Holly Raiche Director, Internet Society of Australia.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,
ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.
The Data Protection Act (1998). The Data Protection Act allows you to Check if any organisation keeps information about you on computer or in paper form.
Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.
Regulation of Personal Information Sally Brierley & Emma Harvey.
2002 Symantec Corporation, All Rights Reserved The EU Regulations and IT security An industry perspective Ilias Chantzos, Government Relations EMEA Terena.
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
DG Information Society The EU and Data Retention Data Retention Meeting London, 14 May 2003 Philippe GERARD, DG Information Society The positions.
Ecommerce Applications 2007/8 E-Commerce Applications UK e-Commerce Regulations.
Human Rights Act, Privacy in the context of auditing Phil Huggins Chief Technologist, IRM PLC
Serving the Public. Regulating the Profession. CANADA’S ANTI-SPAM LEGISLATION (CASL) Training for Chapters Based on Guidelines for Chapters First published.
TERENA Networking Conference, 2003©The JNT Association, 2003 Designing Manageable Protocols Andrew Cormack Chief Security Adviser UKERNA.
Privacy and Data Protection in e-Communications Sector Legislation, Codes of Practice and Standards Privacy and Data Protection in e-Communications Sector.
Doc.JUDr.Soňa Skulová, Ph.D. Principles of Good Governance.
New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.
PRIVACY IN THE ELECTRONIC COMMUNICATIONS SECTOR IN BULGARIA.
Technology and Brand Law Implementing The New EU Data Protection Regulations.
DATA PROTECTION AND RUNNING A COMPLIANT PUB WATCH SCHEME Nigel Connor Head of Legal –JD Wetherspoon PLC.
Computing and Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Data protection—training materials [Name and details of speaker]
The results of freedom of information requests sent to local education authorities in 2013/4 – what current guidance reveals Claire Bessant, Northumbria.
Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.
[ Direct marketing – an introduction to data protection and privacy] For [insert name of organisation] presented by [insert name of presenter] on [date]
ICT, Communication & related Legislations. Produced by Neil Liggett. Acts of Law – shared data & information.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
František Nonnemann Skopje, 9th October 2012 JHA DP aspects related to provision of information about public figures in CZ.
Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.
Fundraising Regulation: What does it mean for charities?
General Data Protection Regulations and the IoT
Data protection issues in regulatory investigations
Data Protection & Human Rights
GENERAL DATA PROTECTION REGULATION (GDPR)
Introduction to GDPR 09/11/2018.
Go to ‘View’ menu > ‘Header and Footer…’ to edit the footers on this slide (click ‘Apply’ to change only the currently selected slide, or ‘Apply to All’
Data protection & FOIA considerations
Protecting Privacy with Federated AA
Getting Ready For GDPR Simon Marks Director
Presentation transcript:

TERENA Networking Conference 2005©The JNT Association, 2005 Network Performance Measurement: Privacy and Legal Issues Andrew Cormack, UKERNA

TERENA Networking Conference 2005©The JNT Association, 2005 Terminology Active measurement Measurer generates own traffic and watches result E.g. ping, traceroute, … Passive monitoring Measurer looks at headers of other people’s traffic E.g. netflow, … Interception Measurer can see content of other people’s traffic E.g. network sniffer …

TERENA Networking Conference 2005©The JNT Association, 2005 Privacy Issues Looking at someone else’s traffic breaches their privacy Looking at headers is less serious than content Headers are “stuff needed to get message from A to B” So networks have to look at headers anyway But even headers can still be a serious breach of privacy Suppose you find lots of packets to a cancer support site? Aggregating/anonymising headers reduces breach Passive Monitoring and Interception always breach privacy Laws exist that protect privacy

TERENA Networking Conference 2005©The JNT Association, 2005 Legal Issues (Europe) Active measurement No legal issues, provided you measure consenting targets! Passive monitoring Data Protection (95/46/EC) & Privacy and Electronic Communications (2002/58/EC) Directives protect people Confidentiality Law protects organisations Interception European Convention on Human Rights (Art.8) applies Plus Data Protection/Confidentiality Law as above

TERENA Networking Conference 2005©The JNT Association, 2005 Does Law Allow Privacy Breaches? Yes, but only if they are Necessary, proportionate and controlled Law recognises that some actions are needed, e.g. Management of billing or traffic (operations), Prevention or detection of misuse Providing value-added services Not clear if unanonymised “research” is allowed except as part of planning/operations Almost always need to tell users beforehand General notice, specific information, explicit consent

TERENA Networking Conference 2005©The JNT Association, 2005 National Laws Member states need to implement European law DP Directives are detailed and prescriptive Ought to be similar laws in all Member States UK: Data Protection Act 1998 & Electronic Communications (EC Directive) Regulations 2003 ECHR Article 8 has more room for variation Different national rules likely UK: Regulation of Investigatory Powers Act 2000

TERENA Networking Conference 2005©The JNT Association, 2005 UK law on informing users (UK) Passive Monitoring (DPA 1998) Interception (RIPA 2000) OperationNN (by DPA) MisuseNI or C V-A serviceN (can opt out)C “Research”None, N or CC N:must notify users, i.e. publish the information somewhere I:must take “all reasonable measures” to inform users C:must obtain positive consent from all affected users

TERENA Networking Conference 2005©The JNT Association, 2005 So Must Ask (and Write Down) About my activities Why am I going to do this? Is the risk if I don’t do it greater than the breach if I do? Can I do it in a less intrusive way? How long do I need to keep the data? How will I protect the data against misuse? Have I informed users? Have they consented? What does my national law require of me? Some activities will be unlawful and thus prohibited

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.