From Encryption to Quantum Computing – The Governance of Information Security and Human Rights external link

T.M.C. Asser Press, 2024, Series: Information Technology and Law (IT&Law) Series, Edition: 38, ISBN: 978-94-6265-634-5

encryption, Human rights, Information security

Bibtex

Book{nokey, title = {From Encryption to Quantum Computing – The Governance of Information Security and Human Rights}, author = {van Daalen, O.}, url = {https://link.springer.com/book/10.1007/978-94-6265-635-2}, year = {2024}, date = {2024-09-10}, keywords = {encryption, Human rights, Information security}, }

In defense of offense: information security research under the right to science external link

Computer Law & Security Review, vol. 46, 2022

Abstract

Information security is something you do, not something you have. It's a recurring process of finding weaknesses and fixing them, only for the next weakness to be discovered, and fixed, and so on. Yet, European Union rules in this field are not built around this cycle of making and breaking: doing offensive information security research is not always legal, and doubts about its legality can have a chilling effect. At the same time, the results of such research are sometimes not used to allow others to take defensive measures, but instead are used to attack. In this article, I review whether states have an obligation under the right to science and the right to communications freedom to develop governance which addresses these two issues. I first discuss the characteristics of this cycle of making and breaking. I then discuss the rules in the European Union with regard to this cycle. Then I discuss how the right to science and the right to communications freedom under the European Convention for Human Rights , the EU Charter of Fundamental Rights and the International Covenant on Economic, Social and Cultural Rights apply to this domain. I then conclude that states must recognise a right to research information security vulnerabilities, but that this right comes with a duty of researchers to disclose their findings in a way which strengthens information security.

Communications freedom, Coordinated vulnerability disclosure, Duty to disclose, frontpage, Informatierecht, Information security, Information security research, Right to science, Vrijheid van meningsuiting, Vulnerabilities

Bibtex

Article{nokey, title = {In defense of offense: information security research under the right to science}, author = {van Daalen, O.}, doi = {https://doi.org/10.1016/j.clsr.2022.105706}, year = {0712}, date = {2022-07-12}, journal = {Computer Law & Security Review}, volume = {46}, pages = {}, abstract = {Information security is something you do, not something you have. It\'s a recurring process of finding weaknesses and fixing them, only for the next weakness to be discovered, and fixed, and so on. Yet, European Union rules in this field are not built around this cycle of making and breaking: doing offensive information security research is not always legal, and doubts about its legality can have a chilling effect. At the same time, the results of such research are sometimes not used to allow others to take defensive measures, but instead are used to attack. In this article, I review whether states have an obligation under the right to science and the right to communications freedom to develop governance which addresses these two issues. I first discuss the characteristics of this cycle of making and breaking. I then discuss the rules in the European Union with regard to this cycle. Then I discuss how the right to science and the right to communications freedom under the European Convention for Human Rights , the EU Charter of Fundamental Rights and the International Covenant on Economic, Social and Cultural Rights apply to this domain. I then conclude that states must recognise a right to research information security vulnerabilities, but that this right comes with a duty of researchers to disclose their findings in a way which strengthens information security.}, keywords = {Communications freedom, Coordinated vulnerability disclosure, Duty to disclose, frontpage, Informatierecht, Information security, Information security research, Right to science, Vrijheid van meningsuiting, Vulnerabilities}, }

Securing Private Communications: Protecting Private Communications Security in EU Law – Fundamental Rights, Functional Value Chains and Market Incentives external link

Kluwer Law International, 2016, Series: Information Law Series, ISBN: 9789041167378

Abstract

Securing Private Communications. Protecting Private Communications Security in EU Law – Fundamental Rights, Functional Value Chains and Market Incentives, offers a conceptual and legislative toolkit that helps in building a step-by-step regulatory model in EU law. This book argues for a stricter stance on protecting private communications security. Increasingly, it has become clear that any communicative act online is subject to breach by intelligence agencies, cybercriminals, advertising networks, employers, and corporate data miners, to mention the most obvious intruders. Internet users, seeing no other choice than to hop onto the web-based bandwagon, have come to depend on a networked communications environment that is fundamentally insecure. Now lawmakers, worldwide, are gearing up to intervene. This book provides a comprehensive overview of the current European regulatory framework on communications security and offers a multidisciplinary study on EU communications security law. The history of the past 25 years of EU communications security law is analyzed in-depth. The regulatory model proposed is tested on HTTPS, which covers the user–provider relationship in web browsing, and on ‘cloud’ communications that affect interdomain and intradomain communications. Case studies included in the book are based on the infamous DigiNotar breach and the MUSCULAR program, disclosed by whistle-blower Edward Snowden, and contain original legal, security economic, and computer science research, conducted jointly with scholars trained in these disciplines.

Fundamental rights, Information security, Kluwer Information Law Series

Bibtex

Book{nokey, title = {Securing Private Communications: Protecting Private Communications Security in EU Law – Fundamental Rights, Functional Value Chains and Market Incentives}, author = {Arnbak, A.}, url = {https://pure.uva.nl/ws/files/2703068/166342_Securing_Private_Communications_PhDthesis_Arnbak_def311015.pdf}, year = {2016}, date = {2016-07-01}, abstract = {Securing Private Communications. Protecting Private Communications Security in EU Law – Fundamental Rights, Functional Value Chains and Market Incentives, offers a conceptual and legislative toolkit that helps in building a step-by-step regulatory model in EU law. This book argues for a stricter stance on protecting private communications security. Increasingly, it has become clear that any communicative act online is subject to breach by intelligence agencies, cybercriminals, advertising networks, employers, and corporate data miners, to mention the most obvious intruders. Internet users, seeing no other choice than to hop onto the web-based bandwagon, have come to depend on a networked communications environment that is fundamentally insecure. Now lawmakers, worldwide, are gearing up to intervene. This book provides a comprehensive overview of the current European regulatory framework on communications security and offers a multidisciplinary study on EU communications security law. The history of the past 25 years of EU communications security law is analyzed in-depth. The regulatory model proposed is tested on HTTPS, which covers the user–provider relationship in web browsing, and on ‘cloud’ communications that affect interdomain and intradomain communications. Case studies included in the book are based on the infamous DigiNotar breach and the MUSCULAR program, disclosed by whistle-blower Edward Snowden, and contain original legal, security economic, and computer science research, conducted jointly with scholars trained in these disciplines.}, keywords = {Fundamental rights, Information security, Kluwer Information Law Series}, }