NISD2: A Common Framework for Information Sharing Among Network Defenders

Sharing information about vulnerabilities and attacks is essential to defend information systems against threats such as malware, phishing and unauthorised access. By identifying this information sharing as a legitimate interest of data controllers, and highlighting the public interests that it serves, the draft Network and Information Security Directive provides a framework to encourage European participation in global information sharing, benefitting all users of the Internet.

Struggling to be Fit: Identity, Integrity, and the Law

This interdisciplinary co-authored Analysis piece introduces identity and integrity, which are argued to sit at the core of the person. It analyses approaches taken to these concepts by legal regimes, particularly in the context of individuals using artificial limbs or digital avatars. The piece concludes that law engages with identity and integrity to a limited and incomplete extent; and that law is thus inadequate in its engagement with the person, and its meaning making in this respect. This piece draws on two interdisciplinary funded projects, funded by the Wellcome Trust and the Arts and Humanities Research Council.

Adaptive Pathways Regulations for Stem Cells: Accelerating Access to Medicine or Deregulating Access to Markets?

In response to calls for faster access to innovative biomedicines, the European Medical Agency ran a two-year pilot program known as the “Adaptive Pathways” (AP) scheme. Under this approach, evidence is gathered and evaluated iteratively for license adaptation to reduce uncertainties rather than in an accumulative phased trial process. With the European Medicines Agency (EMA) aiming to mainstream the AP scheme, the regulatory approach of accelerating the approval process for novel biomedicines is in need of critical evaluation and should be viewed with some caution. Focusing on the recent market authorisation of a stem cell product, we scrutinise the legal and ethical merits of this programme. We draw attention to how the AP scheme will grant conditional marketing approval to medicinal products with limited clinical benefits. In response to the identified weaknesses of the AP scheme, we propose procedural safeguards which are in keeping with the EMA’s public health missions.

Data Localisation and the Balkanisation of the Internet

Unrestricted international data flow is of critical importance to economies and people globally. Data localisation requirements interrupt the global flow of data by restricting where and how they may be stored, processed or transferred. Governments are increasingly imposing such requirements to protect the individual rights of their citizens, along with sentiments of national sovereignty and aspirations of economic benefit. However, data localisation requirements are likely to lead to the balkanisation of the Internet, which may threaten those very objectives. This Analysis article provides and introduction to and an overview of the likely advantages and drawbacks of data localisation requirements following the Snowden revelations. Economic, security and individual rights questions are addressed and illustrated with the recent Russian data localisation law.

The Online/Offline Cognitive Divide: Implications for Law

While the online and offline realms continue to converge, this piece argues that a significant cognitive divide remains. This is especially the case as regards the use of social media. The structural mechanisms of these platforms encourage (and even propel) speech, which facilitates a unique cognitive environment for users; an atmosphere where individuals tend to be much more likely to engage in speech than in the physical realm. Many argue that such disinhibition is due to anonymity, but research has demonstrated that it is a more complex picture than previously believed. For the most part the law has ignored these distinct online characteristics, treating speech over social media as if it were “café” or “pub talk”. In fact most of the current UK legislation used to regulate speech over the internet, including of course speech over social media, was enacted before these neoteric services came into existence. While prosecution guidelines throughout the UK have been updated to include social media considerations, it is highly debateable as to whether they have proven effective in recognising social media as a unique cognitive environment. And although policies based around technological neutrality remain increasingly attractive to law-makers, especially as the online and offline realms become less distinct, it is important to remember that law cannot properly operate based on such real or perceived eventualities.

You Can’t Always Get What You Want: Relative Anonymity in Cyberspace

Cyberspace is changing the way we communicate, live and interact. Most significantly, it changes the nature of anonymous communication. In the physical world we all have a reasonable understanding of how anonymity can be achieved, but cyberspace was not designed to work the same way as real space. Machine communications contain information which identifies their originating machine, and internet service providers (ISPs), internet businesses and online social networks (OSN) can often identify users via the information that users disclose to them. As such, once users communicate online for the first time their anonymity starts to become compromised.Most discussions about anonymity assume that anonymity has some binary, on/off value. They ignore that the way we communicate has been changed by cyberspace; and also overlook the fact that even individual users are often able to identify someone by simply collecting and connecting the information available online. This means that users who freely decided to make information available online in a particular situation, where that information is available to the masses, cannot expect not to be named in another different situation.In the digital age, users are living in an anonymity limbo where they may not yet be named but can potentially become so at any time. As such, it seems inevitable that this new reality around anonymity will have implications on the two concepts often linked to it: autonomy and consent.