Klaus Landefeld (eco)
@eco-kl.bsky.social
MoB Infrastructure and Networks
eco - Association of the Internet Industry e.V.
#Internet #Politics #DigitalInfrastructure #CriticalInfrastructure
#NetNeutrality #CyberSecurity #IT #TK #KRITIS #Networks
eco - Association of the Internet Industry e.V.
#Internet #Politics #DigitalInfrastructure #CriticalInfrastructure
#NetNeutrality #CyberSecurity #IT #TK #KRITIS #Networks
Das Urteil liefert durchaus einige gute Aspekte, diese müssen nun noch besser herausgearbeit werden. IMHO müssen wir insbesondere auch die Fragen zu Kommunikation in Bewegung vs. Kommunikation in Ruhe und Art. 10 GG vor dem Hintergrund moderner Kommunikationsmethoden noch einmal angehen...
August 7, 2025 at 7:30 PM
Das Urteil liefert durchaus einige gute Aspekte, diese müssen nun noch besser herausgearbeit werden. IMHO müssen wir insbesondere auch die Fragen zu Kommunikation in Bewegung vs. Kommunikation in Ruhe und Art. 10 GG vor dem Hintergrund moderner Kommunikationsmethoden noch einmal angehen...
Eine Evaluation der Alternativen würde voraussetzen, dass man verstanden hat was Palantir bzw. Gotham wie und insbesondere auch wo mit den vorhandenen Daten macht - ein Wissen welches den Einsatz unmöglich machen würde.
Gab es da nicht Bereiche im Recht wo Unwissenheit nicht schützt?
Gab es da nicht Bereiche im Recht wo Unwissenheit nicht schützt?
August 7, 2025 at 7:17 PM
Eine Evaluation der Alternativen würde voraussetzen, dass man verstanden hat was Palantir bzw. Gotham wie und insbesondere auch wo mit den vorhandenen Daten macht - ein Wissen welches den Einsatz unmöglich machen würde.
Gab es da nicht Bereiche im Recht wo Unwissenheit nicht schützt?
Gab es da nicht Bereiche im Recht wo Unwissenheit nicht schützt?
Berlin '36 - das ist ja eine wirklich tolle Idee 🤯
March 14, 2025 at 9:18 PM
Berlin '36 - das ist ja eine wirklich tolle Idee 🤯
Was erwarten wir? Es sind ja trotz der politischen Gesamtlage nicht einmal die Aussen- oder Innenpolitik erwähnt 🤷♂️
March 9, 2025 at 4:59 AM
Was erwarten wir? Es sind ja trotz der politischen Gesamtlage nicht einmal die Aussen- oder Innenpolitik erwähnt 🤷♂️
Be aware that you might lose access if you need to re-verify and the number used for the original verification is no longer controlled by you.
March 2, 2025 at 9:30 PM
Be aware that you might lose access if you need to re-verify and the number used for the original verification is no longer controlled by you.
A smartphone is by no means required, the "tie-in" can be done with any dumb phone as long as you can receive SMS for the verification code. You can also use voice activation on a landline, but the process is cumbersome.
Other than that, you can i.e. use signal-cli on any linux distro.
Other than that, you can i.e. use signal-cli on any linux distro.
March 2, 2025 at 9:30 PM
A smartphone is by no means required, the "tie-in" can be done with any dumb phone as long as you can receive SMS for the verification code. You can also use voice activation on a landline, but the process is cumbersome.
Other than that, you can i.e. use signal-cli on any linux distro.
Other than that, you can i.e. use signal-cli on any linux distro.
Ich schwanke zwischen "an Aktualität nicht zu überbieten" und "was ist daran neu?". Jeder der sich damit beschäftigt weiss es schon, es wird halt nichts daraus gelernt.
Also identisch mit der Nützlichkeit von VDS, Videoüberwachung, usw...
Also identisch mit der Nützlichkeit von VDS, Videoüberwachung, usw...
February 18, 2025 at 3:32 PM
Ich schwanke zwischen "an Aktualität nicht zu überbieten" und "was ist daran neu?". Jeder der sich damit beschäftigt weiss es schon, es wird halt nichts daraus gelernt.
Also identisch mit der Nützlichkeit von VDS, Videoüberwachung, usw...
Also identisch mit der Nützlichkeit von VDS, Videoüberwachung, usw...
Warum nur 9.000 Unternehmen? Hier fehlt IMHO eine Null wenn man sich den Anwendungsbereich der Richtlinie einmal genau ansieht, wir kamen auf mindestens 75.000 Unternehmen.
Bei Beachtung der Nebenklausel "Budapest Convention" in der Richtlinie werden es noch einmal signifikant mehr...
Bei Beachtung der Nebenklausel "Budapest Convention" in der Richtlinie werden es noch einmal signifikant mehr...
February 9, 2025 at 11:28 PM
Warum nur 9.000 Unternehmen? Hier fehlt IMHO eine Null wenn man sich den Anwendungsbereich der Richtlinie einmal genau ansieht, wir kamen auf mindestens 75.000 Unternehmen.
Bei Beachtung der Nebenklausel "Budapest Convention" in der Richtlinie werden es noch einmal signifikant mehr...
Bei Beachtung der Nebenklausel "Budapest Convention" in der Richtlinie werden es noch einmal signifikant mehr...
It is hardly conceivable that security upgrades (i.e. Apple's ADP) are globally delayed until an UK approval is granted, the same is true for deployment of technologies to secure i.e. the financial sector for PQC.
I for one will not wait until the GCHQ green-lights some tech they deem breakable...
I for one will not wait until the GCHQ green-lights some tech they deem breakable...
February 9, 2025 at 1:00 AM
It is hardly conceivable that security upgrades (i.e. Apple's ADP) are globally delayed until an UK approval is granted, the same is true for deployment of technologies to secure i.e. the financial sector for PQC.
I for one will not wait until the GCHQ green-lights some tech they deem breakable...
I for one will not wait until the GCHQ green-lights some tech they deem breakable...
I expect this to further distrust and uncertainty in the relationship between U.S. and EU regulators with firms based in the US or the EU, but providing services in the UK as well. EU regulation even asks for security always reflecting "the state of technology" - which is not determined by the UK.
February 9, 2025 at 1:00 AM
I expect this to further distrust and uncertainty in the relationship between U.S. and EU regulators with firms based in the US or the EU, but providing services in the UK as well. EU regulation even asks for security always reflecting "the state of technology" - which is not determined by the UK.
Obviously, the new provisions in IPA 2024 are now no longer hypothetical and firms are indeed receiving notices to halt the deployment of certain security upgrades, combined with the fact that they are ordered to keep the notice secret from not only their users but also their home governments.
February 9, 2025 at 1:00 AM
Obviously, the new provisions in IPA 2024 are now no longer hypothetical and firms are indeed receiving notices to halt the deployment of certain security upgrades, combined with the fact that they are ordered to keep the notice secret from not only their users but also their home governments.
In effect, the conflict of law from UK legal orders to turn over private data in the hands of subsidiaries of UK companies outside of the UK or even foreign firms regulated by the CLOUD Act in the United States and/or the GDPR in the EU never received full consideration and was never resolved.
February 9, 2025 at 1:00 AM
In effect, the conflict of law from UK legal orders to turn over private data in the hands of subsidiaries of UK companies outside of the UK or even foreign firms regulated by the CLOUD Act in the United States and/or the GDPR in the EU never received full consideration and was never resolved.
Even before the 2024 changes, a problem of the IPA law was that it contains no plan to reconcile the extraterritorial nature of UK notice and enforcement orders - these can ask for data not collected or stored in the UK - with legal requirements in the United States, the EU, or other countries.
February 9, 2025 at 1:00 AM
Even before the 2024 changes, a problem of the IPA law was that it contains no plan to reconcile the extraterritorial nature of UK notice and enforcement orders - these can ask for data not collected or stored in the UK - with legal requirements in the United States, the EU, or other countries.
"These orders have the potential to sow distrust in UK service providers, who may be forced to delay advancements in services, thereby damaging their global competitiveness. The new powers could also require foreign companies active in the UK to take actions in conflict with their national laws".
February 9, 2025 at 1:00 AM
"These orders have the potential to sow distrust in UK service providers, who may be forced to delay advancements in services, thereby damaging their global competitiveness. The new powers could also require foreign companies active in the UK to take actions in conflict with their national laws".
"Providing the Home Office a veto over changes to products and services represents a powerful intrusion into the marketplace, it introduces a bureaucratic hurdle that slows the development and deployment of new products and even that of security updates".
Industry further concluded that
Industry further concluded that
February 9, 2025 at 1:00 AM
"Providing the Home Office a veto over changes to products and services represents a powerful intrusion into the marketplace, it introduces a bureaucratic hurdle that slows the development and deployment of new products and even that of security updates".
Industry further concluded that
Industry further concluded that
Even while the law was still being considered, the unilateral response by cybersecurity experts, cryptographers, academics and industry was that these proposals would have disastrous consequences for the security of users of services operating in the UK and beyond. The principal critique stated:
February 9, 2025 at 1:00 AM
Even while the law was still being considered, the unilateral response by cybersecurity experts, cryptographers, academics and industry was that these proposals would have disastrous consequences for the security of users of services operating in the UK and beyond. The principal critique stated:
The orders are “intended to provide the Secretary of State (read: GCHQ) with time to understand the potential impact of the changes and ensure exceptional lawful access can be maintained.” - in other words, build new capabilities to break any new encryption prior to introduction to the public.
February 9, 2025 at 1:00 AM
The orders are “intended to provide the Secretary of State (read: GCHQ) with time to understand the potential impact of the changes and ensure exceptional lawful access can be maintained.” - in other words, build new capabilities to break any new encryption prior to introduction to the public.
...and other enhanced security and privacy measures
(2) through a notification order, halt to such changes if the agency so chooses, pending a review, with no time limit, of the legality of the order.
According to the Home Office, notification orders must be kept secret (this happened to Apple).
(2) through a notification order, halt to such changes if the agency so chooses, pending a review, with no time limit, of the legality of the order.
According to the Home Office, notification orders must be kept secret (this happened to Apple).
February 9, 2025 at 1:00 AM
...and other enhanced security and privacy measures
(2) through a notification order, halt to such changes if the agency so chooses, pending a review, with no time limit, of the legality of the order.
According to the Home Office, notification orders must be kept secret (this happened to Apple).
(2) through a notification order, halt to such changes if the agency so chooses, pending a review, with no time limit, of the legality of the order.
According to the Home Office, notification orders must be kept secret (this happened to Apple).
While this is commonplace, IPA 2024 introduced new and unique aspects not found anywhere else, enabling the UK secretary of state for the Home Department to i.e.
(1) force technology companies, including those based overseas, to inform the UK government of planned improvements in encryption...
(1) force technology companies, including those based overseas, to inform the UK government of planned improvements in encryption...
February 9, 2025 at 1:00 AM
While this is commonplace, IPA 2024 introduced new and unique aspects not found anywhere else, enabling the UK secretary of state for the Home Department to i.e.
(1) force technology companies, including those based overseas, to inform the UK government of planned improvements in encryption...
(1) force technology companies, including those based overseas, to inform the UK government of planned improvements in encryption...
This is what we expected & criticized in 2023 prior to the enactment of the changes to IPA 2016 in May 2024.
IPA in principle regulates the power of the intelligence and security agencies as well as police enforcement to obtain the content of communications and metadata for law enforcement purposes.
IPA in principle regulates the power of the intelligence and security agencies as well as police enforcement to obtain the content of communications and metadata for law enforcement purposes.
February 9, 2025 at 1:00 AM
This is what we expected & criticized in 2023 prior to the enactment of the changes to IPA 2016 in May 2024.
IPA in principle regulates the power of the intelligence and security agencies as well as police enforcement to obtain the content of communications and metadata for law enforcement purposes.
IPA in principle regulates the power of the intelligence and security agencies as well as police enforcement to obtain the content of communications and metadata for law enforcement purposes.
Zudem gilt: Wer Sicherheitspakte fordert und in den Bereichen nationale und öffentliche Sicherheit, Verteidigung oder Strafverfolgung tätig ist und zunehmend persönliche Daten verarbeiten und speichern möchte, muss zwingend Cybersicherheit nach NIS2 und physische Sicherheit nach Kritis-DG umsetzen.
February 2, 2025 at 11:47 PM
Zudem gilt: Wer Sicherheitspakte fordert und in den Bereichen nationale und öffentliche Sicherheit, Verteidigung oder Strafverfolgung tätig ist und zunehmend persönliche Daten verarbeiten und speichern möchte, muss zwingend Cybersicherheit nach NIS2 und physische Sicherheit nach Kritis-DG umsetzen.
Im Prinzip ja - wenn da nicht zu befürchten wäre, dass es sich dabei um Vorgeplänkel zur Abstimmung am Freitag zum "Zustrombeschränkungsgesetz" handelt. Bei Erfolg ein konkretes, wirksames Gesetz aus der Feder der CDU/CSU Fraktion - die CxU regiert dann praktisch schon, mit der AfD als Königsmacher.
January 30, 2025 at 12:27 AM
Im Prinzip ja - wenn da nicht zu befürchten wäre, dass es sich dabei um Vorgeplänkel zur Abstimmung am Freitag zum "Zustrombeschränkungsgesetz" handelt. Bei Erfolg ein konkretes, wirksames Gesetz aus der Feder der CDU/CSU Fraktion - die CxU regiert dann praktisch schon, mit der AfD als Königsmacher.