Criminals and terrorists have begun to realise of the importance of encrypting their data. They want to prevent the legitimate authorities from viewing the plain text, and to keep their secrets secret. This problem has already occurred and been reported in a number of cases in three jurisdictions: Canada, England & Wales and the United States of America. This problem will affect every jurisdiction in the world, including the proposed office of the Public Prosecutor in the European Union. The purpose of this lecture is to consider how the judges have responded when the prosecution has discovered encrypted data, and the prosecution want to examine the plaint text to establish whether the accused has committed an offence. Giuseppe Vaciago will be joined by Stephen Mason in this lecture. Giuseppe Vaciago will introduce the problem, and set out some of the legal issues that arise; Stephen Mason will provide an overview of the case law in Canada, England & Wales and the United States of America, in which he will set out the judicial response and the law in each of these jurisdictions. Professor Stefano Zanero will also provide a short discussion of the technology and the current technical issues before the audience is invited to take part in a general discussion of the issues that arise.

Stephen Mason is a barrister, an Associate Research Fellow at the Institute of Advanced Legal Studies in London, and a member of the IT Panel of the General Council of the Bar of England and Wales. He is the author of Electronic Signatures in Law (3rd edn, Cambridge University Press, 2012) and Electronic Banking: Protecting Your Rights (PP Publishing, 2012); and the general editor of Electronic Evidence (3rd edn, LexisNexis Butterworths, 2012) and International Electronic Evidence (British Institute of International and Comparative Law, 2008). He founded the international journal Digital Evidence and Electronic Signature Law Review, which has become an international focal point for researchers in the area. Stephen has acted as the external marker in postgraduate degrees dealing with electronic evidence: LLM at the University of Oslo (2006), PhD at the Queensland University of Technology, Brisbane, Australia.

Event Registration is required. Please send an email to: info@techandlaw.net

The goal of the webinar is to create a dialogue among jurists, computer scientists and technicians.

The goal of the webinar is to create a dialogue among jurists, computer scientists and technicians, devoted to enhance the synergy between law and technology with the inolvement of academics, students and expert.

April 3rd – Cybercrime and Cybersecurity

Francesca Bosco – Slides / Video

Alessio Pennasilico – Slides /  Video

April 10th – Digital Investigation

Davide Gabrini Slides / Video

Davide D’Agostino - Video

April 17th – Digital Forensics and Digital Evidence

Giuseppe Dezzani e Paolo Dal Checco – Slides / Video 1 – Video 2

April 24th – Privacy and Cloud Computing

Giuseppe Vaciago – Slides / Video

Stefano Ricci – Slides / Video

During this lecture Daniel Nagel will present his recent publication “Digital Whoness”. This publication has three aims. The first aim is to provide well-articulated concepts by thinking through elementary phenomena of todays world, focusing on privacy and the digital, to clarify who we are in the cyberworld — hence a phenomenology of digital whoness. The second aim is to engage critically, hermeneutically with older and current literature on privacy, including in todays emerging cyberworld. Phenomenological results include concepts of i) self-identity through interplay with the world, ii) personal privacy in contradistinction to the privacy of private property, iii) the cyberworld as an artificial, digital dimension in order to discuss iv) what freedom in the cyberworld can mean, whilst not neglecting v) intercultural aspects and vi) the EU context..

Daniel Nagel is a member of the IT Law Department of BRP Renaud & Partner. He focuses his practice on online and offline privacy issues, data security and international law. Nagel is a permanent contributor to the Austrian UN CISG database and a member of the Jean Monnet European Centre of Excellence, University of Leeds. He studied law at the University of Heidelberg, the University of Innsbruck and at Leeds University. He has published numerous papers in the field of privacy and co-authored the book “Digital Whoness: Identity, Privacy and Freedom in the Cyberworld” with M. Eldred and R. Captor

The so-called “Arab Spring” saw politically and economically disenfranchised citizens take advantage of new tools such as social media and smartphones to break the state’s monopoly on information, and mobilize mass protest. While governments were quick to employ familiar, time-tested mechanisms of repression against demonstrators in the streets and main squares, they fumbled at first in controlling this new digital dissent.  Against an increasingly security-aware online community, the traditional tools of blocking, filtering, and wiretapping had become less effective. Nervous regimes turned to the largely unregulated $5 billion a year industry in Internet surveillance tools. Once the realm of the black market and intelligence agencies, the latest computer spyware is now sold at trade shows for dictator pocket change. Activists and journalists soon found themselves the target of e-mails promising exclusive or scandalous information.  We analyzed messages forwarded to us by suspicious users, and found spyware products apparently from Gamma International and Hacking Team, recognized players in the surveillance industry.  For the first time, we analyzed their products, chasing internet addresses and shell corporations across the globe.  As we published our findings, servers disappeared, and spyware was rewritten. This talk will detail the cat and mouse game between authoritarian regimes and dissidents, as well as ongoing efforts to map out the relationship between surveillance software companies and governments.

Morgan Marquis-Boire works as a Security Engineer at Google specializing in Incident Response, Forensics and Malware Analysis. He is a security researcher and Technical Advisor at the Citizen Lab, Munk School of Global Affairs, University of Toronto. Recently, he has been working with the Electronic Frontier Foundation on issues surrounding dissident suppression in Syria. A frequent speaker at events around the world such as Black Hat, DefCON, FIRST, and ICANN, his work has been featured in numerous print and online publications including Bloomberg Business Week, The Wall Street Journal, The Guardian, The BBC and The New York Times. He received an honorable mention from SC Magazine as one of the influential minds of IT Security in 2012. He was also one of the original organizers of the KiwiCON conference in New Zealand.

July, 20 2012

Tech and Law Center interviews Susan Landau, who studies the interplay between privacy, cybersecurity and public policy. She has briefed Congress on a variety of issues, including digital rights management and security and privacy of digital identity systems. She is currently a visiting scholar at Harvard University.
For more details on her bio and work, click here. (pdf )

In your last publication, “Surveillance or Security”, you argue that the line to draw is not between surveillance and civil liberties but between surveillance and security. Which are the consequences of this approach?

The most important one is that when you build surveillance into a system, you must take into account the security risks that you are creating by doing so.  At a minimum, you need to protect against these (threat modeling and penetration testing).  If you are building infrastructure, you must also take into account the length of time the infrastructure will last and do careful modeling on what the new threats may arise during that period.  This could sharply increase the cost of the surveillance mechanism, but it is a necessary protection to include.

You also wrote that “Cryptography is no silver bullet”. It provides security only for the communications content but not for the transactional information. In Europe it is a topic that has been discussed a lot following the Data Retention Directive and the German unconstitutionality decision. What is your point of view on this type of legislation?

Given that cellphones are essentially trackers, such transactional information is much privacy invasive than such data once was.  Thus while one can understand the desire of law enforcement to have such information easily at hand, retention of this type of data presents both a privacy and civil-liberty risk as well as a security threat.  How will it be protected?  Who might have access to it?  What type of auditing system will be set up to track access to the data?  In the U.S., we have seen that while some jurisdictions allow access to such data only in cases of imminent danger to life, other jurisdictions are far more lax.  This is very dangerous.

During the 2011 hearing on “Going Dark: Lawful Electronic Surveillance in the Face of New Technologies”, you stated that a major national security problem facing the United States is  cyber exploitation. Can you please explain us the implications of your statement?

It is a statement I agree with, but I was actually quoting William Lynn, US Deputy Secretary of Defense, at the time he made the statement.  The risk resulting from cyberexploitation means that computer and communications networks should be built highly secured.

Regarding the recent UK plan to monitor UK internet and phone traffic, and decode encrypted messages, including Facebook and GMail messages, which do you think it should be the reaction of the citizens and is there any space for dialogue on these issues at the policy level?

As a result of terrorism stemming from the conflict in Northern Ireland, the UK has long tolerated far more surveillance than other democratic societies.  When surveillance, whether from CCTV cameras or as a result of the retention of communications data, is commonplace, the citizenry doesn’t react; surveillance is simply part of the landscape.  It takes egregious attacks against the “common” people to cause the public to react. There is plenty of space for dialogue at the policy level.  Issues to be discussed include the purpose of the surveillance, the oversight involved, the risks created by the surveillance, the checks to prevent inappropriate collection of information.

In the United States v. Antoine Jones, the Supreme Court made an extremely important decision, unanimously determining that installing a GPS-tracking device to a suspect’s car constitutes a search and thus requires a warrant: what about the issue of data accumulated by third parties (like Google, Amazon, Facebook, etc)?

In the US, the law is that such third-party collection is subject to less constitutional protections than otherwise.  But because the technology is changing what type and how much of personal information is being collected, there is a move to provide greater protections to such third-party data.

The surveillance experts at the National Security Agency won’t tell two powerful United States Senators how many Americans have had their communications picked up by the agency as part of its sweeping new counterterrorism powers. Do you think oversight of intelligence collection should be tighten up?

Yes; see above.

Bolivian custom officers will have to carry special pens, with a hidden micro-camera and voice recorder, as part of a government initiative to tackle corruption: do you think there is a constructive way to use technology in order to curb crime without heavily affecting basic human rights?

I hadn’t been aware of this initiative and I would need to understand it better before I comment.  But one observation is that technical fixes are only one piece of a solution when handling corruption issues; process and personnel are the bigger aspects.  So one needs to understand how those are changing in the Bolivian situation.

We recently held an event with Prof. Alessandro Acquisti on the current aspects of privacy. One of his interesting works (http://www.heinz.cmu.edu/~acquisti/face-recognition-study-FAQ/) is dealing with face recognition systems applied to social networks. What do you think on this type of technology and the possible risks posed by its misuse? Especially in case it might be connected to CCTV in order to allow almost real time identification of recorded people?

That one could not wander the streets anonymously would be a terrible blow to freedom, both real and perceived.  In the US, we had a famous court case, NAACP v. Alabama, protecting the anonymous right of free association.  This was a case that occurred in the 1950s in the southern United States, when people demanding political rights for blacks were at risk.  The Supreme Court ruled that the NAACP, an organization supporting these rights, did not have to publicly reveal its membership to the state of Alabama. It is hard to imagine that a democratic society could really function as a democracy if the government had the capability to conduct real-time identification of protestors.  The point is that few of us have never violated a law — never drove too fast, never underpaid slightly on taxes — and even the hint that the government might be doing such real-time identification would have immediate chilling effects in multiple destructive ways.

In a ever more “cloudy” world in Europe Data Protection Authority regulates privacy issues through an EU directive on investigations (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0010:FIN:EN:PDF); in the US the Patriot Act is a law provision against terrorism which allow to obtain information even outside US jurisdiction. Which are the consequences of these two different approaches?

That’s a very broad question requiring many pages of answer, so I’ll confine myself to several observations:

- Globalization and the Internet have changed the playing field here in multiple dimensions: the ease by which such surveillance is conducted outside one’s own borders, the speed at which the consequences of actions occur, the complex interactions between nation states.

- Nations spy on people outside their own jurisdiction; this includes member states of the EU. This falls under national security authority (which in many nations includes issues related to economics).

- The Internet has made it much easier to conduct much of this type of surveillance without actually leaving your own nation’s borders.

- One needs to keep in mind that there is a large distinction between what nation states consider legitimate surveillance, especially outside one’s jurisdiction, for national-security purposes, and what nation states consider legitimate for law-enforcement purposes.

I realize that I am not answering your question here, but I think that the question needs to be rephrased given the complexity of the situation. ]]> http://www.techandlaw.net/2012/10/20/susan-landau/feed/ 0 http://www.techandlaw.net/2012/10/20/anna-maria-taliharm/ http://www.techandlaw.net/2012/10/20/anna-maria-taliharm/#comments Sat, 20 Oct 2012 02:26:33 +0000 admin http://www.techandlaw.net/?p=3701 Anna-Maria Talihärm holds an LLM degree in Information Technology Law from Stockholm University and is working towards a law PhD at Tartu University, Estonia. In 2011-2012 she was researching international legal cooperation on cyber security at Waseda University, Tokyo. Currently she is working as a senior analyst for the NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) Legal and Policy branch where her areas of research include European Union information society law, cyber terrorism and cyber crime. She has been speaking in the events of several international organizations such as NATO COE DAT and OSCE.

October, 2012

Tech and Law Center interviews Misha Glenny an investigative journalist, author and broadcaster. He is one of the world’s leading experts on cybercrime and on global mafia networks. He has written McMafia, which was widely acclaimed for its dissection of criminal networks worldwide, and led to his 2009 TED Talk on the subject. He contributes regularly to the Guardian, Observer, The New York Times and New York Review of Books as well as specialist journals and books dealing with south-eastern Europe. His last book is “Dark Market: Cyberthieves, Cybercops, and You.”

For more details on his bio and work, click here. (pdf )

Your last book is titled “Dark Market: Cyberthieves, Cybercops, and You”. The end of that title says “and you.” That implies that this is a problem that affects every one of us. Can you please explain us why you decided to focus the attention on “us” as well?

Until now cyber security has largely been that the domain of a very small elite. These are mainly people with advanced technical ability, geeks, or civil servants who are interested in security issues. As the world of cyber security has become more complex, so has our dependency on networked computer systems. The difference between cyber and something like nuclear, four example, is that in the cyber world all of us can access the Internet. This means that we are all potential vulnerabilities. In the nuclear world, you cannot access fissile material through individuals. You can in cyber. But very few people understand the nature of cyber security, the issues around cybercrime, and the issues around cyber espionage. I believe that this has to change. And so I decided to write a book which is not exclusively about the technical aspects of cyber security. Rather it focuses on the human aspects of this issue. I decided to research a number of criminal hackers engaged in the DarkMarket website, as well as the police officers who were investigating them.

The book is written like a thriller so that people who don’t usually engage with issues around cyber security would be able to find a way into this subject. My inspiration furthers was the trilogy of thrillers written by the late Swedish author Stieg Larsson. When I discussed the use of computers in The Girl with the Dragon Tattoo, I noticed that people were not interested in the technology but instead in the character of the heroine, Lisbeth Salander. And it struck me that in cyber security almost all the attention is focused on technological aspects of the problem and virtually nothing is devoted to the study of the human aspect. So I wanted, as a writer, to discover a way of getting people engaged with the subject who normally wouldn’t care or would be too intimidated by the geek speak.

What do you think about the recent White House’s admission of responsibility in Stuxnet creation and in what is called operation “Olympic Games”? From your perspective and knowledge, which can be the consequences at the diplomatic level worldwide.

The admission by the White House that the United States and Israel were jointly responsible for Stuxnet marks a significant watershed in the issue of cyber warfare and cyber security in general. Essentially, it is the starting gun for them arms’ race in cyber outside of any regulatory framework. There has been a striking change in policy over the last two years on the part of western powers as demonstrated by the case of Stuxnet and it’s related family of viruses. Spooked by the amount of cyber attacks particularly on commercial interests that have been generated from different parts of the world during the past three years or so, the West has now decided to increase its deployment of offensive cyber capability. The problem here is that issues of cybercrime, cyber espionage and cyber warfare impact on other critical issues such as freedom of speech and the right to privacy. And as the United States, Europe, China and Russia attempt to come to an agreement over the regulation of the Internet in the military sphere, they discover that this has profound implications the issues such as freedom of speech and privacy. And what’s that basically means is that there is no agreement on the militarisation of the Internet. It is my belief that one of the consequences will be the breaking up of the global Internet into a series of giant intranets. Some countries such as China have already placed considerable restrictions or surveillance capacity over their part of the Internet. Iran, suffering from attack by Israel and the United States, has already announced that it will cut off its Internet from the rest of the world. Of course, if this type of response increases, it rather undermines the point of the Internet!

Do you believe there is a way to really curb the knowledge gap and misconceptions regarding the “hackers”? Which can be good practices in engaging with the young hackers more than prosecuting and punishing?

First of all I think it is worth noting that there is considerable confusion regarding the definition of the word “hacker”. Twenty even fifteen years ago the word hacker had a positive connotation. But nowadays the word hacker is invariably used negatively. Let us get one thing straight: a hacker is somebody with an advanced ability to explore networked computer systems and find their flaws. This ability can be used in good ways and in bad ways. In general hackers learn the skills while they are still in their early teens. This means that they have yet to fully develop their moral compass. And, as teenagers, they are curious and fascinated to explore the world around them. In that case of people with hacking ability that environment is the Internet and the computers attached to the web.

Our dependency on networked computer systems is now so extreme that we need all the hacking ability we can get. The challenge is to find those hackers and channel their remarkable skills for the good of society. At the moment, governments tend to deal with hackers who are caught in two ways. Either they are put to use by the state – this is particularly true in countries like Russia and China. Or they lock them up for a long time, which is more characteristic, of Europe and the United States. There is no country which has a programme designed to facilitate the rehabilitation of hackers but given that we have a severe shortage of the skills they possess throughout industry and government, I think we urgently need a new approach.

Furthermore, there is the complicated issue of the socio-psychological profile of young hackers. Although for the moment be evidence is anecdotal, there is a lot suggesting a high incidence of young men (primarily) who suffer from some form of spectrum-related disorder such as Asperger’s Syndrome. This is not to imply in any respect that sufferers from Asperger’s are prone to hacking – it is more complex. They generally display along with specific behavioural patterns varying skills and abilities, notably in Maths and Sciences. Combine this with the challenges that they face in developing real-life relationships, the relative anonymity of the Internet offers them a safe environment to develop their skills.

There is a desperate need for properly funded research into this and other aspects of the human side of hacking culture. Currently, the cyber security industry spends annually some $100 billion worldwide and almost every cent is invested in expensive digital products that are designed to enhance the security of networked computers. Research into the culture of hackers and the human aspects of hacking is badly neglected but it must now start to embrace a wider range of disciplines – psychologists, anthropologists, political scientists, lawyers and more.

Regarding the possibility of reducing the threat from cybercrime, given that some of the countries from which cybercrime originates (China, Russia) are in strategic competition with Europe and the US, do you think it’s actually possible for our governments to work with them to reduce the threat?

This is, of course, a central question at the moment. In brief, the Pentagon has made clear that the US needs to maintain its superiority in cyber offensive capability. The Russians and the Chinese are prepared to invest considerable sums in catching up. But Beijing and Moscow also seek international agreements on the regulation of cyber to get the Americans’ and Europeans’ tacit consent for the extensive monitoring and content control that they impose on the web inside their borders. So essentially the motives of the great Internet military powers are irreconcilable. There is a key meeting taking place in December in Dubai when the International Telecommunications Union will be attempting to reach consensual agreement on the global regulation of the Internet. But this is very unlikely to succeed and certainly not in the first instance.

In the meanwhile, of course, all sides as well as some digitally well endowed countries such as Israel continue to develop and deploy malware and weaponry outside any regulatory framework.

Picking from your research, which changes and developments you can foresee in the next future regarding the cybercrime evolution, actors and countries involved? Which might be the “next big thing” to worry about?

This is an easier question in a way with the caveat that predicting behavioural patterns in cyber is a very risky business. But in the short-term, malware for mobiles is obviously going to be a boom area as people seem even less likely to pay serious attention to security on their mobiles than they do on their computers. Then, of course, we have to recognise that the Internet is spreading very fast and expanding in areas such as South America and Africa. Recently I had an extraordinary experience when one morning I spoke to a representative of the World Bank who hailed the development of broadband capacity in East Africa to be one of the greatest socio-economic advances for the region in years; in the afternoon I spoke to a cyber officer of the FBI who described the same thing as perhaps the greatest boost to cyber crime in years. Take your pick!

Do you think technology can be used not only from law enforcement but also from the general public to help preventing some forms of crime, such as corruption?

I think technology as a tool against corruption is a very exciting area but one which has yet to be fully explored. Some anti-corruption campaigners and indeed businesses have floated the ideas of introducing real-time monitoring of extractive commodities like oil or diamonds but they have met considerable resistance from the industries themselves. This is an area where I would personally welcome some research from the Silicon Valley (or anywhere else for that matter) so we could see some of the extraordinary creative energy from the hi-tech industry being channelled into something, corruption, which is profound blight on the global economy and which is an accelerator of major crimes.

Mc Mafia touches on the fact that many governments, notably that of the United States, have diverted precious resources away from crime control in order to address the threat of terrorism. As far as you know, it is still the main focus of Government spending?

Yes – I’m afraid anti-terrorism programmes are simply more valuable for political PR than the equally difficult but often more destructive industry of organized crime. There are many reasons for this, none of which are likely to change any time soon.

Since crime has now become globalized, where should we concentrate our efforts for improvement? No one country or even region has enough power to affect change. What kind of global governance should people be agitating for?

This works on two levels. There is the policy level, and there is the operational level. The policy level is more complicated because it affects so many areas of governments. Let us take one example – the banking industry and in particular off shore company registration. It is still possible to set up shell companies to channel money through without revealing who the true beneficial owner of those entities are. Such facilities do not exist because organized crime syndicates want them to but because large corporations and many governments find them useful to mask some of the murkier business transactions they are involved in (either because they are morally dubious or illegal or facilitating tax evasion). Criminals simply make use of a facility that policy makers in the licit world refuse to confront usually because they are in thrall to the lobbying of big corporations. We have seen this in action during the interpretative discussions at the Security and Exchange Commission (SEC) in New York with regard to the Dodd-Frank Act which congress passed to ensure greater oversight in Wall Street. One part of the Act deals with transparency in the extractive industries which, if implemented, would go some way to reducing the opportunity for the sale of commodities like so-called ‘blood diamonds,’ or ‘bunkered oil’. Several major corporations have spent over $100 million in lobbying fees to block the maximum transparency measures from being implemented. This is a practical demonstration of how anti-corruption measures are vital in combating both corporate or government malfeasance as well as organized crime.

On the operational level, law enforcement agencies are still faced with the age-old issue of trust both within their own countries and with their counterparts from across borders. In cyber crime, we have recently witnessed a very interesting development in Europe where Europol has been named as the lead operational agency for cyber investigations. Until this decision, Europol was essentially a data gathering agency, pooling information from across its members. Legally, it was extremely limited in what it could regarding sharing that information with individual police forces for investigations. But in its new role, Europol is now something quite dramatic – the first trans-European police force. Much depends on Europol’s ability to manage this but if successful it could become a very interesting model for future policing in larger confederal areas.

In your experience, how big is the threat represented by cyber espionage and how it can effect the balance among States?

The threat exists but it can be exaggerated in the sense that there Is much that a security conscious civil service or military can do in order to limit the damage inflicted by espionage. The habit of keeping sensitive data offline is central to the rational management of data and risk reduction. Most data held by companies and institutions is not sensitive in any respect and so who cares whether this material is stolen or not! Nonetheless, the pervasive culture of espionage on the web must result in a slowing down of efficiency in business and government. And of course until sensible cyber security and data risk management become established for companies and government agencies, there is also the very real possibility that serious damage can be done to national or corporate interests around the world.

In a recent article you mentioned the Royal Bank of Scotland case, arguing that banks and big corporations should declare when they are victim of hacking, explaining as well the possible vulnerabilities in their system. How do you envisage this type of sharing and exchange of information? Do you think it should be made through public statement or directly to the interested clients only?

If companies were to agree to a policy of disclosure, they would understandably need reassurance that there anonymity would be guaranteed. The point of this is for government to understand what is going on with regard to coordinated cyber attacks against itself and industry. It can then develop its policy accordingly. There is also, however, anecdotal evidence that in some industries, companies who admit to having been breached, are honest about what was attacked, why and what the implications are, and then explain what they are doing to remedy the vulnerabilities of their system, actually go up in the public’s estimation for their honesty and for projecting a sense that they are taking the matter seriously. ]]> http://www.techandlaw.net/2012/10/19/misha-glenny/feed/ 0 http://www.techandlaw.net/2012/08/24/september-24-surveillance-or-security/ http://www.techandlaw.net/2012/08/24/september-24-surveillance-or-security/#comments Fri, 24 Aug 2012 12:41:25 +0000 admin http://www.techandlaw.net/?p=3620 Map) Piazza Leonardo da Vinci, 32 - 20133 - Milano (MI)]]> On 24 September at 14.30 at the Aula Magna of Politecnico di Milano, Tech and Law Center is pleased to have as a guest Susan Landau with a talk on “Surveillance or Security? The Risks Posed by New Wiretapping Technology”. During the event, Susan Landau will present some of the issues raised in her recent publication on the subject of electronic surveillance, highlighting the interplay between privacy, cybersecurity and public policy. The new technologies of electronic surveillance, in fact, not only collide with the issue of privacy, but also with that of security, that is increasingly being penalized by the policies of “control” developed at national and international level. The results of her studies also demonstrate how wiretapping has, in terms of cost / benefit, limited efficacy and how encryption is not a real solution to protect users’ privacy. These and other interesting ideas will form the basis for the following debate coordinated by Stefano Zanero, Francesca Bosco and Giuseppe Vaciago.

Susan Landau is a Visiting Scholar in the Computer Science Department at Harvard University. She has briefed Congress on a variety of issues, including digital rights management and security and privacy of digital identity systems. Landau was a distinguished engineer at Sun Microsystems from 1999 to 2010; before that, she taught computer science at the University of Massachusetts and Wesleyan University. She is the coauthor, with Whitfield Diffie, of “Privacy on the Line: the Politics of Wiretapping and Encryption” (MIT Press, 1998; revised 2007). Her book “Surveillance or Security? The Risks Posed by New Wiretapping Technologies” has been awarded the annual book prize by the Surveillance Studies Network.

Interview with Susan Landau is available here.

Further readings: http://privacyink.org/

She is interested in digital forensics and Internet privacy. She attended several conferences about  ICTs,  cloud computing, digital forensics, smart cities, cybercrime.

The programme of the event is available here.

The press review of the event is available here.

The slides of the event are available here.

The report of the event is available here.

Further readings: http://www.judiciary.senate.gov/pdf/12-7-18AcquistiTestimony.pdf

Radio 24-22.06.2012
http://www.radio24.ilsole24ore.com/main.php?articolo=usa-privacy-web-dati-acquisizione-attivita

La Stampa-23.06.2012
http://www.lastampa.it/_web/cmstp/tmplrubriche/tecnologia/grubrica.asp?ID_blog=30&ID_articolo=10577&ID_sezione=38