Thursday, 6 July 2017
Monday, 26 June 2017
Connect to your official Wimbledon 2017 licensed broadcaster using SportsBox
Klipcorp IP are pleased to offer SportsBox technology which allows viewers with one click to connect with the licensed broadcaster in their local market.
By CLICKING HERE our super clever technology will send you to the correct broadcaster in your local market.
We are first using this tech for Wimbledon 2017 - any feedback welcome.
For for information please visit www.sportsbox.tv
By CLICKING HERE our super clever technology will send you to the correct broadcaster in your local market.
We are first using this tech for Wimbledon 2017 - any feedback welcome.
For for information please visit www.sportsbox.tv
Tuesday, 11 April 2017
Streaming server blocking Part 2
Just to update on the FAPL blocking order impact in March 2017 vs key pirate sites it looks like either the process has not really started yet or there is a technical issue.
See a 3 minute overview here
See a 3 minute overview here
Tuesday, 4 April 2017
Directors liability for cyber and data breach
Barely a day passes when there is
no fresh news of another data breach. In the digital age information is like
money and therefore worth stealing. It now matters when information that is
valuable is handled without due care as it can be spread around the world to
large numbers of people with ease.
We are at the start of
understanding the extent of the financial liabilities in this area as cases
such as the massive Yahoo breach work its way through the system. To get a
sense of the scale of possible liabilities see the Yahoo class action suit here
The cynics might argue that the
response of business Directors and Boards to the cyber threat falls into three
main buckets;
1. Do
nothing and blame the IT people if there is a data breach (most common).
2. Do
something (get it minuted) and blame the IT people if there is a data breach.
3. The
experienced IT people persuade the Directors / Board to invest in a smart bit
of kit that generates amazing graphics, goes ping a lot and then blames the
vendor of the kit that looks good and goes ping if it goes wrong. Job done and
blame shifted nicely.
The scope of this post is to
identify the potential legal pressure points that put liability directly onto
the Directors and Board of Company for cyber breach and therefore progress the
nature of the debate in this area.
Directors have always owed legal
duties to companies of which they are Directors. The Companies Act 2006
codified these into seven separate duties.
Two of the duties are
particularly relevant;
Section 172 – duty to promote the
success of the company.
Section 174 – duty to exercise
reasonable care, skill and diligence.
Under 174 in particular the high
profile nature of cyber risk is likely to make it necessary, to meet the test
of reasonableness, that proper care is taken to protect information.
Beyond the fairly general duties
of the Companies Act we also have the Data Protection Act which is soon to
become the GDPR. The Data Protection Act (and its 8 core principles) is the key
legislative framework in the cyber area and with the new GDPR coming into force
next year the maximum fines are rocketing from a maximum of £500k to 4% of
turnover.
Section 61 of the DPA makes it
clear that when an offence under the DPA has been committed and it can be
attributable to the neglect of a Director then “he as well as the body
corporate shall be guilty of that offence”.
Potentially therefore could
Directors be liable for up to 4% of the turnover of the companies they work for
under the GDPR?
The ICO seems keen to ensure that
data protection and its sub-set of cyber security become a mainstream board
issue and therefore when the next TalkTalk happens it may well not be enough to
point the finger at the IT people, say you can barely switch on a computer and
rapidly exit stage left.
Directors of companies which
process sensitive personal data (which includes CCTV) are going to need to take
a much more robust approach to personal data management and cyber risk under
the new GDPR regime to avoid finding themselves exposed personally.
Some simple steps to reduce
liability for Directors could include;
1. Have
a data protection officer who understands the risks and regulatory framework.
2. Have
a simple written data protection and cyber policy regularly communicated and
updated.
3. Insist
on an independent digital audit to check for glaring weaknesses and
vulnerabilities across all 8 principles of the DPA – not just security.
4. Ensure
extra care is taken with any sensitive personal data.
5. Independently
audit your data supply chain / hosting providers.
6. Don’t
collect data you don’t need. You may be building a bigger liability than asset.
Monday, 20 March 2017
FAPL streaming server blocking order impact on live piracy levels - review 1
To follow up in respect of the new blocking order obtained by the FA Premier League which came into force on the 18th March Klipcorp IP ran our systems over the 3.00pm kick off FAPL games on the 18th to monitor impact.
Klipcorp looked at the main high audience pirate sites and the conclusion must be that either the enforcement of the order has not started (perhaps not enough time to give notice to the hosting providers) or there is a material technical issue at this point.
All the core sites were offering uninterrupted coverage of the full game and a sequence of screen grabs can be seen here.
We will run our systems again over the next few weeks to determine if any changes have taken place.
The order runs to the end of this FAPL season (22nd May) so a couple of months to judge impact.
Klipcorp looked at the main high audience pirate sites and the conclusion must be that either the enforcement of the order has not started (perhaps not enough time to give notice to the hosting providers) or there is a material technical issue at this point.
All the core sites were offering uninterrupted coverage of the full game and a sequence of screen grabs can be seen here.
We will run our systems again over the next few weeks to determine if any changes have taken place.
The order runs to the end of this FAPL season (22nd May) so a couple of months to judge impact.
Tuesday, 14 March 2017
FA Premier League takes extra step to fight piracy - admission that DMCA is not working
Very interesting order from Justice Arnold this week in which, for a period from this Saturday to the end of this FAPL season, will require the main UK ISP's to block certain streaming server IP addresses which stream FAPL content live. The blocking will occur in real time based on information provided by a technical provider to the FAPL to the ISP's.
The FAPL have experimented with blocking orders before but previously they were aimed at websites and despite arguments to the contrary were fairly easily avoided using proxies.
Contained within the judgement were the following comments;
1. The problem of illegal streaming is getting bigger
2. The audiences are large
3. DMCA notices are not effective with non-compliant operators
Of the 3 criteria being used to justify the blocking one was kept confidential to minimise risk of circumvention but the other two are;
1. FAPL and its contractor must reasonably believe that the server has the sole or predominant purpose of enabling or facilitating access to infringing streams of Premier League match footage.
2. FAPL and its contractor must not know or have reason to believe that the server is being used for any other substantial purpose.
Collateral damage is a key issue therefore.
Ian Mill QC instructed by DLA Piper acted for the FAPL.
Klipcorp IP will monitor the effectiveness of this approach this Saturday and report back on initial effectiveness levels.
If this approach works it will be a major step forward in dealing with piracy and hats off to the FAPL for taking the risk of failure here.
Areas likely to provide a technical challenge are;
Deliberate concealing or spoofing of the source video stream IP address leading to blocking of the wrong IP
Rapid automated switching of IP address between different hosts
Unanticipated collateral damage.
More information early next week.
The FAPL have experimented with blocking orders before but previously they were aimed at websites and despite arguments to the contrary were fairly easily avoided using proxies.
Contained within the judgement were the following comments;
1. The problem of illegal streaming is getting bigger
2. The audiences are large
3. DMCA notices are not effective with non-compliant operators
Of the 3 criteria being used to justify the blocking one was kept confidential to minimise risk of circumvention but the other two are;
1. FAPL and its contractor must reasonably believe that the server has the sole or predominant purpose of enabling or facilitating access to infringing streams of Premier League match footage.
2. FAPL and its contractor must not know or have reason to believe that the server is being used for any other substantial purpose.
Collateral damage is a key issue therefore.
Ian Mill QC instructed by DLA Piper acted for the FAPL.
Klipcorp IP will monitor the effectiveness of this approach this Saturday and report back on initial effectiveness levels.
If this approach works it will be a major step forward in dealing with piracy and hats off to the FAPL for taking the risk of failure here.
Areas likely to provide a technical challenge are;
Deliberate concealing or spoofing of the source video stream IP address leading to blocking of the wrong IP
Rapid automated switching of IP address between different hosts
Unanticipated collateral damage.
More information early next week.
Thursday, 19 January 2017
The limits of consent to the use of personal data
When does yes really mean yes ? That is a very broad subject but it becomes very specific in the context of data protection.
The areas of data protection, cyber
security and IP protection in the Digital Age generally are very much in the
news. They are a slightly splintered area of law falling variously under the
Data Protection Act 1998, the Computer Misuse Act 1990, Investigatory Powers
Act 2016, Freedom of Information Act 2000, Human Rights Act 1998 and the Copyrights, Designs and Patents Act
1988 as amended and updated by various WIPO treaties.
A key tension is the balance between an individual’s
right to privacy and protection of their personal data and IP balanced against the often
quoted desire of the state to keep us safe. The rapid growth of the internet,
computing power and increased storage capacity allow for unprecedented data
collection and processing.
Generally hackers make the news and
highlight security shortcomings leading to the Information Commissioners Office
becoming involved. However serious breaches of Data Protection law occur
without a hacker anywhere to be seen through the illegal use of data provided
voluntarily.
In the case of the RSPCA (until
recently taking some very aggressive positions in respect of private
prosecution) they were collecting personal data from donors who were presented
with the following notice;
“The
RSPCA may allow other organisations whose aims are in sympathy with our own or
whose offers will benefit animal welfare to contact our supporters, if you do
not wish to hear from them please tick the box”
It seems that the RSPCA then decided
this was carte blanche to use the data collected very broadly indeed and
participated in a data sharing scheme called “reciprocate” without knowing who
the other parties in the scheme were. They also provided data to wealth
screening companies and participated in data matching and telematching schemes.
On a few occasions they also released data on individuals who had opted out.
This was brought to the attention of
the new Information Commissioner Elizabeth Denham via the press and
unsurprisingly after a 9 month investigation serious breaches of the Data
Protection Act were identified. A monetary penalty was issued of £25,000 but
criminal charges could have been brought.
The Data Protection Act has at its
heart 8 key principles of Data Protection with the first 2 being that personal
data must be processed fairly and lawfully and that, crucially in this case,
shall be obtained for a specified purpose and used consistently with that
purpose. Generally to be lawful consent must have been obtained in respect of
the purpose.
The Commissioners view was that the
initial notice was too vague and ambiguous and did not provide data subjects
with sufficient information. Consent must be freely given, specific and
informed. Just ticking any old box does not do it. Therefore the data subjects had not consented
and therefore the data processing was illegal.
The Data Protection Act covers all
personal data (with certain limited exemptions) which includes names, addresses
and even IP addresses. Generally consent must be sought to process that data so
everybody is going to need to take great care when collecting data to ensure
proper consent has been obtained and also that if the person collecting the
data (the data controller) decides to use the data for another purpose to seek
fresh consent.
The world of big data is going to
struggle a bit with this but perhaps has consoled itself that currently the
maximum fine from the ICO is capped at £500,000. Fatal for an SME probably but
merely a deduction for a large corporate. However new legislation proposes a
fine of 4% of turnover.
Of the 8 principles of Data
Protection only 1 is directly concerned with security of data (principle 7).
Organisations and individuals need to devote resources to ensure the legal
collection and management of personal data as well as making sure appropriate
security is in place to avoid substantial fines and potential criminal
prosecution.
Personal data collected which
requires consent can only be lawfully used in ways which derive directly from
the consent given. It has been said that personal data is like money and if so
when you provide your personal data to a third party it is analogous to a loan
on specific terms for a specific purpose.
Friday, 6 January 2017
2016 - how secure do you feel (about your data) ?
With thanks to Lewis Morgan, blogger in residence at IT Governance, for putting together a list of breaches in 2016 that he was aware of. Notable by it's absence is the alleged hack of the US Elections which was possibly the Russians, or possibly the Democrats or possibly Elvis Presley from beyond the grave.
In any event it certainly shows that the hackers look to have the upper hand at the moment.
2016 Cyber Attacks & Data Breaches
US health insurer Centene loses 950,000 people’s records
Asda website leaves customer details vulnerable for 677 days
Etihad Airways investigating data breach dating back to 2013
Wendy’s Probes Reports of Credit Card Breach
Bitcoin Worth $USD 6 Million Stolen
Hackers have stolen €50 million from an aerospace parts manufacturer
Linux Mint hacked – lone attacker creates botnet
Lincolnshire Council forced to use pen and paper after ransomware attack
@ChileanCrew Hacks, Leaks Details for 300,000 Chilean Citizens Looking for State Benefits
9000+ Department of Homeland Security staff have their details leaked by hacker
3,000 Tidewater Community College workers victimized in W-2 scam
Attacker compromises information of 250K in Bailey’s data breach
Cyber criminals steal $25 million from Russian banks via phishing attack
Rosen Hotel chain was hit by credit card-stealing malware for 17 months
Minecraft community lifeboat suffers data breach affecting seven million members
CoinWallet Bitcoin Trader Shuts Down Following Data Breach
93.4 million Mexicans at risk after voter database breach
BeautifulPeople.com Leaks Very Private Data of 1.1 Million ‘Elite’ Daters — And It’s All For Sale
ShapeShift loses $230,000 in bitcoin data breach – ex-employee to blame
Trump Hotel chain suffers data breach again
MySpace and Tumblr hit by ‘mega breach’
117 million hacked LinkedIn email addresses and passwords put up for sale
Kiddicare customers at risk after data spills from test server
EPISD employee accounts hacked, money stolen
Payroll vendor employee falls for phishing scam, all clients’ W-2 data involved
1.4 Billion Yen Stolen From 1,400 Japanese ATMs
154 million voter records exposed, revealing gun ownership, Facebook profiles, and more
77K accounts of Financial Giant, State Farm, leaked due to DAC Group Hack
Muslim Match dating website hack exposes more than half a million intimate messages
45 million records from over 1100 Verticalscope.com domains and communities hacked and leaked
51 Million iMesh Passwords Dumped Online
Personal info on 7.93 million people feared leaked
King’s counselling department breaches students’ privacy
Athens Orthopedic Clinic to begin notifying patients of hack
WikiLeaks Put Women in Turkey in Danger, for No Reason
10 million customer’s data leaked from online shopping site
‘Warframe’ Hacked, Details on 775,000 Players Traded
Illinois online voter registration portal hacked, information compromised
Omegle, the Popular ‘Chat with Strangers’ Service Leaks Your Dirty Chats and Personal Info
Data for 6 Million Minecraft Gamers Stolen from Leet.cc Servers
SCAN Health Plan notifying members of unauthorized access to their information
Dominican Hospital notifies patients whose PHI was sent to wrong health plan
Epic’s forums hacked again, with thousands of logins stolen
Turkish Hackers Launch Second Cyber-Attack on Killeen’s Website
Defense university computers hacked, ‘information secure’
Olympics: Hackers attack Russian whistleblower’s doping account
Florida Bar Association hacked, members’ data leaked
6.6 million plaintext passwords exposed as site gets hacked to the bone
Russian hackers leak Simone Biles and Serena Williams files
Russian internet giant Rambler.ru hacked, leaking 98 million accounts
Login details for 800,000 Brazzers users leaked
MarsJoke ransomware targets the government and K-12 educational sector
A single ransomware network has pulled in $121 million
Medical marijuana patients’ personal information found in trash pile
Security Firm Tries Desperate Solution to Alert Company of Data Leak
Hacker grabs over 58 million customer records from data storage firm
Hutchinson Community Foundation falls victim to data breach
DDoS attack against DNS provider knocks major sites offline
Whoops: Pro-Donald Trump super PAC publishes donor credit card numbers
Hackers stole credit card data from Republican website for 6 months
Department of National Defence investigating possible hack of its recruiting site
Over 412 million ‘adult’ accounts exposed – including 15 million deleted ones
Ransomware attack targets Seguin dermatology practice
Report holds Hitachi responsible for debit card data theft
Thieves Use Skimmers on ATMs in Four NYC Hospitals
Madison Square Garden Company Alerts Customers of Payment Card Data Breach
Data of 34 million Keralites leaked in massive breach
85 million login details stolen from Dailymotion
Joan Jett’s BlackHeart Records leaks thousands of files online
KFC warns 1.2 million Colonel’s Club loyalty scheme members of data breach after website hacked
Japanese hosting company Kagoya hacked; credit card data stolen
ThyssenKrupp secrets stolen in ‘massive’ cyber attack
Yahoo’s billion account database for sale on the black market
In any event it certainly shows that the hackers look to have the upper hand at the moment.
2016 Cyber Attacks & Data Breaches
US health insurer Centene loses 950,000 people’s records
Asda website leaves customer details vulnerable for 677 days
Etihad Airways investigating data breach dating back to 2013
Wendy’s Probes Reports of Credit Card Breach
Bitcoin Worth $USD 6 Million Stolen
Hackers have stolen €50 million from an aerospace parts manufacturer
Linux Mint hacked – lone attacker creates botnet
Lincolnshire Council forced to use pen and paper after ransomware attack
@ChileanCrew Hacks, Leaks Details for 300,000 Chilean Citizens Looking for State Benefits
9000+ Department of Homeland Security staff have their details leaked by hacker
3,000 Tidewater Community College workers victimized in W-2 scam
Attacker compromises information of 250K in Bailey’s data breach
Cyber criminals steal $25 million from Russian banks via phishing attack
Rosen Hotel chain was hit by credit card-stealing malware for 17 months
Minecraft community lifeboat suffers data breach affecting seven million members
CoinWallet Bitcoin Trader Shuts Down Following Data Breach
93.4 million Mexicans at risk after voter database breach
BeautifulPeople.com Leaks Very Private Data of 1.1 Million ‘Elite’ Daters — And It’s All For Sale
ShapeShift loses $230,000 in bitcoin data breach – ex-employee to blame
Trump Hotel chain suffers data breach again
MySpace and Tumblr hit by ‘mega breach’
117 million hacked LinkedIn email addresses and passwords put up for sale
Kiddicare customers at risk after data spills from test server
EPISD employee accounts hacked, money stolen
Payroll vendor employee falls for phishing scam, all clients’ W-2 data involved
1.4 Billion Yen Stolen From 1,400 Japanese ATMs
154 million voter records exposed, revealing gun ownership, Facebook profiles, and more
77K accounts of Financial Giant, State Farm, leaked due to DAC Group Hack
Muslim Match dating website hack exposes more than half a million intimate messages
45 million records from over 1100 Verticalscope.com domains and communities hacked and leaked
51 Million iMesh Passwords Dumped Online
Personal info on 7.93 million people feared leaked
King’s counselling department breaches students’ privacy
Athens Orthopedic Clinic to begin notifying patients of hack
WikiLeaks Put Women in Turkey in Danger, for No Reason
10 million customer’s data leaked from online shopping site
‘Warframe’ Hacked, Details on 775,000 Players Traded
Illinois online voter registration portal hacked, information compromised
Omegle, the Popular ‘Chat with Strangers’ Service Leaks Your Dirty Chats and Personal Info
Data for 6 Million Minecraft Gamers Stolen from Leet.cc Servers
SCAN Health Plan notifying members of unauthorized access to their information
Dominican Hospital notifies patients whose PHI was sent to wrong health plan
Epic’s forums hacked again, with thousands of logins stolen
Turkish Hackers Launch Second Cyber-Attack on Killeen’s Website
Defense university computers hacked, ‘information secure’
Olympics: Hackers attack Russian whistleblower’s doping account
Florida Bar Association hacked, members’ data leaked
6.6 million plaintext passwords exposed as site gets hacked to the bone
Russian hackers leak Simone Biles and Serena Williams files
Russian internet giant Rambler.ru hacked, leaking 98 million accounts
Login details for 800,000 Brazzers users leaked
MarsJoke ransomware targets the government and K-12 educational sector
A single ransomware network has pulled in $121 million
Medical marijuana patients’ personal information found in trash pile
Security Firm Tries Desperate Solution to Alert Company of Data Leak
Hacker grabs over 58 million customer records from data storage firm
Hutchinson Community Foundation falls victim to data breach
DDoS attack against DNS provider knocks major sites offline
Whoops: Pro-Donald Trump super PAC publishes donor credit card numbers
Hackers stole credit card data from Republican website for 6 months
Department of National Defence investigating possible hack of its recruiting site
Over 412 million ‘adult’ accounts exposed – including 15 million deleted ones
Ransomware attack targets Seguin dermatology practice
Report holds Hitachi responsible for debit card data theft
Thieves Use Skimmers on ATMs in Four NYC Hospitals
Madison Square Garden Company Alerts Customers of Payment Card Data Breach
Data of 34 million Keralites leaked in massive breach
85 million login details stolen from Dailymotion
Joan Jett’s BlackHeart Records leaks thousands of files online
KFC warns 1.2 million Colonel’s Club loyalty scheme members of data breach after website hacked
Japanese hosting company Kagoya hacked; credit card data stolen
ThyssenKrupp secrets stolen in ‘massive’ cyber attack
Yahoo’s billion account database for sale on the black market
Subscribe to:
Posts (Atom)