#BHEU Metadata Concerns Stressed About User Activity

#BHEU Metadata Concerns Stressed About User Activity

Metadata is being collected on us by new technologies and Government actions, but is there the intelligence to join the dots?

In the closing “locknote” of Black Hat Europe, Daniel Cuthbert, chief operating officer of SensePost was asked by Black Hat founder and US Department of Homeland Security Advisory Council member Jeff Moss if he felt the Investigatory Powers Bill was all negative. Cuthbert acknowledged the difficulties in accepting it, but also the promises it could deliver on detecting sex offenders.

He said: “It is now in the public eye, but the police don’t have a handle on criminality and cannot respond as [forensic investigation using metadata] is not part of traditional policing. It is true that the Investigatory Powers Bill has got some awful parts of it, but some parts of it are trying to help.”

Asked by Moss if he felt that it was an effort by UK Government to try and achieve lots of things in one effort, Cuthbert said that the UK does have a problem with child exploitation, and police can arrest a suspect and get a warrant to search their devices, and also store metadata but that is harmless until the dots are joined.

Also on the panel, Veracode CTO and co-founder Chris Wysopal said that systems are now being designed in a way to not get access to the encryption keys, and often the design was part of the problem.

Moss pointed to the case from this week about Admiral Insurance using a Facebook API to gather information for insurance calculations, and applying it to customers.

Wysopal said: “That is not what Facebook was intending and maybe they are jealous that they didn’t think of it!”

Sharon Conheady, director of First Defence Information Security said that as people had not opted in, what was fascinating was that the data being collected was not to do with driving skills, but looking at personality traits that apply to safe drivers.

Asked by Moss where this leads and is this something to worry about, Conheady said that this was an example of the ‘Uber ride of glory’ where information is being used and users worry about what they are giving away, as now we are more connected and people are not worried.

“We don’t feel the pain of the decision immediately, but we may feel it seven months later,” said Moss.

Source: Information Security Magazine