I discovered a crime … and now what?

[Author’s note: The author of this article is a technician, not a lawyer. Although several jurists have been consulted to corroborate that no legal barbarity has been said, it is strongly recommended to consult with a trusted legal professional if necessary].
[Author’s note 2: I would like to thank the ideas and comments offered by the Forensic Computing Telegram group: https://t.me/forense, whose activity has fostered and promoted this article].

Let’s imagine that Mary is a forensic analyst who is working on a case of corporate espionage. While analyzing some compressed files with strange names, she discovers with horror that they are full of images of child pornography.

Imagine that Pete is a pentester whose objective is to take control of a mail server, having to submit as evidence a half dozen high-level emails. Once he has achieved his objective, he extracts several mails at random from the mail accounts, but verifies with indignation that they contain information about a civil servant being bribed for the granting of an important public contract.

Both Mary and Pete have signed a strict confidentiality agreement with the company in which they work, which clearly states that “all the information they have knowledge of during their working activity must be kept in the strictest secrecy.” [Read more…]

¿Qué pasa con el ENS?

El artículo 42 de la Ley 11/2007, de 22 de junio, de acceso electrónico de los ciudadanos a los Servicios Públicos, estipula la necesidad de redacción de un Esquema Nacional de Seguridad que establezca la política de seguridad en la utilización de medios electrónicos.
[Read more…]

“ALGO” de “RITMO”: algoritmos en la toma de decisiones

¿Has realizado alguna compra por Internet últimamente? ¿Has accedido a algún servicio digital? ¿Y crees que las decisiones tomadas al comprar o acceder a dichos servicios ha sido una decisión libre y atendiendo a tus propios criterios? Pues va a ser que no…

No dudamos que has buscado, comparado y tomado una decisión propia en base a gustos y necesidades, pero siento decirte que a tus gustos y necesidades le han dado “algo de ritmo”, es decir, tu decisión en gran medida ha sido “algoritmizada” (que es una palabra inventada, lo sé, pero en algún momento había que inventarla…)

Sobre algoritmos y su capacidad o competencia para dirigir nuestras decisiones vitales y no tan vitales se ha escrito largo y tendido y desde multitud enfoques en este y otros muchos blogs. Sin embargo, me gustaría compartir con vosotros mis dudas e inquietudes acerca de una aplicación concreta de los algoritmos. La toma de decisiones en el ámbito penal y el impacto de los sesgos en dichas decisiones. [Read more…]

Who takes responsibility for errors made by smart robots?

As those of us who are interested in robotics know, ir represents one of the great technological advances of the 21st century. However, for this progress to be properly made, it must be accompanied by a transparent and dynamic regulatory framework that unifies and clarifies the uncertainties it generates. However, today there is no such regulatory framework at national, European or international level.

However, there are two references that are worth considering.

Firstly, the recommendation of the European Parliament (Draft Report with recommendations to the Commission on Civil Law Rules on Robotics (2015/2103(INL)) for the establishment of a set of rules on liability. In the face of a possible “new industrial revolution” in which society enters an age of robots, bots, androids and other more advanced forms of AI, it is imperative that the legislator consider the consequences that may result from the use and implantation of these devices in our daily lives.

[Read more…]

The GDPR is not a one-day thing

The 25th of May has finally arrived. The D day where all personal data is protected. Where security incidents will no longer occur. Where all the processing of personal data becomes legitimate. Where the data will no longer be stored sine die. Where users have full control over their data. Where the right to forget is a reality. Where everyone has been informed that all the privacy policies of the planet have been updated (yes, ours too). The most awaited day has arrived. And once you have reached this point of rejoicing, what then?

Well, I’m sorry to tell you that the GDPR is not a one-day thing. Today, 25 May 2018, the General Data Protection Regulation, known as GDPR, comes into effect. But just because it comes into effect today (it has been in force since 2016) does not mean that everything we have not done does not need to be done, or that if we have already made an adaptation we do not have to do anything else. Why?
[Read more…]