Security analysis of the NHS COVID-19 App

A security analysis conducted via a static analysis of the released source code for the UK's COVID-19 Contact tracing Android app and an evaluation of high-level design documents.

Read more

Internet Voting - From bad idea to poor execution

Internet Voting continues to be pushed as the future of voting despite it continuing to be a bad idea. This talk will highlight some of the conceptual challenges and additional risks that Internet Voting brings. By looking at examples of Internet Voting that have been deployed we can see a pattern of poor decision making and skewed priorities. The talk will discuss deployments of iVote in Western Australia and New South Wales - in particular on their usage of TLS Proxies to provide DDoS protection and the impact that has on the security and trust of the system. More broadly the talk will look at the lack of transparency, and how what little transparency there is raises even more concerns about the integrity of the voting systems.

Read more

An Update on the Assistance and Access Bill in 2019

The Assistance and Access Bill, or TOLA (Telecommunications and Other Legislation Amendment), is back on the agenda. After the debacle that occurred on the last day of parliament in 2018, it is up to parliament to fix the bad legislation they passed in such a hurry. The first question should be was the rush justified? We’ve seen reports of the legislation being used for what appear to be criminal cases, but there has been no news of terror cells being busted – yet if you were to believe the rhetoric from some politicians last December there was an imminent danger that needed to be addressed.

Read more

Assistance and Access Bill 2018

UPDATE: An updated blog post on the passed bill is available here

Read more

We need to talk about your data

The recent news of Cambridge Analytica’s[1] alleged usage of facebook data should act as wake-up call to us all. It may seem like the amount of data in question is large, the number of individuals certainly seems to be, however, when taken in the context of wider data collection it is just the tip of the iceberg. We are increasingly leaving ever more detailed digital footprints, it’s not just the data we choose to share; every aspect our digital lives is monitored, recorded, and profiled in excruciating detail. From what websites we visit, to what we buy, the music we listen to, through to the people we know. It is all used to build an in-depth profile of who we are and what we can be influenced by.

Read more