In the past two years we’ve witnessed various events that have had an impact on the open character of the Internet. In October 2015 European Net Neutrality rules were published, providing guidelines for regulation, but they were criticized by many as being too open and leaving too much room for uncompetitive behavior (here’s an example). In June 2015 the FCC published its US Open Internet order along the line of “no blocking, no throttling, no paid prioritization”, driving a significant change in the IP Interconnection landscape especially. In parallel, we saw ongoing consolidation on the side of the ISPs, with large ones absorbing their smaller competitors or other players in the digital value chain (e.g. cloud hosting services, “Over-The-Top” – OTT – video services) or even merging with mobile providers. Another trend we saw was the launch of services for which the related Internet traffic is not counted towards the “monthly data budget” of the customer, typically referred to as “zero rating”.
Some weeks ago we informed you of the EU-US Privacy Shield, announced by the European Commission on February 2, 2016 meaning a new arrangement for transatlantic data flows between the EU and US. In this blog you can read recent developments of the EU-US Privacy Shield and alternative solutions offered by LeaseWeb.
EU US Privacy Shield in the making
We have known since October 2015 that the US Safe Harbor regime is invalid, meaning that personal data of Europeans can no longer be transferred by a company to US Safe Harbor certified companies. Monday 29 February 2016, the European Commission published the details of the EU-US Privacy Shield that should replace the Safe Harbor certifications.
Where does spam come from? Why do people send it? And what can we do to stop it clogging up our inboxes? This two-part article explores these issues and comes up with practical ideas for keeping us safe, secure and spam-free.
It’s almost impossible to open your e-mail inbox and to not see spam in there. In some cases, it’s because someone unintentionally for signed up to things like clickbait articles. A clickbait article is, for instance, an article where they promise you a free trip to New York – although the free trip may not even exist. Most of the time those articles channel responses to information harvesters which, in turn, will lead to databases containing literally millions of email addresses and personal contact details. Such databases or lists can be sold to the highest bidder on the dark net/dark web/deep web, or even on normal sites.
On January 1, 2016, the new Dutch Law on Data Breach Notifications came into effect. Organizations – both companies and government agencies – are now required to immediately report any serious data breach to the Dutch Data Protection Authority (Authoriteit Persoonsgegevens). And, if it is likely that the data breach will have an adverse effect on the privacy of those involved, those people have to be informed as well.
A data breach is defined as the act of accessing, deleting, modifying or releasing personal data, committed unintentionally by the organization. Not only releasing (e.g. leaking) personal data, but also the illegal processing of data, will be seen as a data breach. Examples of data breaches are a lost USB stick containing personal data, a stolen smartphone or malicious access to a database by a hacker.
In October last year, the US Safe Harbor regime was invalidated by Europe’s Court of Justice, meaning that personal data of Europeans could no longer be transferred by a company to US companies solely on the basis of such companies being Safe Harbor-certified.
At the time of the ruling, no replacement for the Safe Harbor principle was proposed. The European Commission gave itself a 3-months term to come up with an alternative solution, working towards January 31, 2016. It is not likely that this timeline will be met but we expect new developments to be made public in the coming weeks.
A security bug affecting Linux versions 3.8 and higher was recently identified. Although this bug (CVE-2016-0728) was first introduced into the Linux Kernel in 2012, it was only discovered and made public a few days ago. When we learned of the bug’s existence, we immediately patched all internal LeaseWeb servers. We advise everyone to patch their servers as well.
The vulnerability in the Linux kernel could potentially be used by attackers in order to obtain higher privileges from a regular account. It uses a technique called “use-after-free” to control the way memory is freed on kernel objects which is then replaced with user supplied data, while keeping the privileges of that memory object.
The various LeaseWeb services companies are always looking to improve the processes involved with handling abuse notifications and to increase user-friendliness.
Over the past few years, we have received valuable feedback on the abuse handling process from customers and third parties who submitted notifications. With that feedback in mind, we have developed a brand new system that will further streamline the abuse notification handling process. This system was launched on July 1st 2015 and the first responses are very positive.
This is the third installment of LeaseWeb’s bi-annually Law Enforcement Transparency Report. It shows the number of demands we received in the prior six months. The figures below are for the period of July 1st – December 31st, 2013.
LeaseWeb believes that clients and other stakeholders deserve a clear articulation of LeaseWeb’s obligations and responsibilities to increase their understanding on how we ensure the highest quality of service, while adhering to the law. Customers are increasingly using technology to communicate and to store private and sensitive information. Like others in the technology industry, we believe it is important for the public to have transparent information about law enforcement access to customer data.