DCSP #5

Bad bots are getting worse – the complicated world of bot attacks and account takeover fraud

By Mélisande Mual – The Paypers The global push for digitisation has created the perfect environment for fraudsters to operate on a large scale in three ways: firstly, with data breaches happening on a daily basis, there is no shortage of stolen credentials available for purchase. Secondly, the number of digital transactions is ever-increasing, causing financial institutions to process more and more transactions every day. Finally, technologies such as automation tools and bots have become cheaper and more widely available than ever before. Together, these phenomena lead bot attacks to become increasingly cheap, scalable and dangerous.   Bot attacks (also known as botnet attacks or malicious bot attacks) happen when a cybercriminal uses a collection of devices over the internet to cause harm in various ways. These devices are often infected with a virus that provides the hacker with complete access and control over a device, which the hacker then integrates into a botnet....

Continue Reading

How to keep track of privacy during corona?

By Lex Keukens en Sander Tempel  On April 7, Minister De Jonge announced that the government wanted to use tracking apps (‘the App’) to fight the COVID-19 virus. In addition to tasks regularly carried out by the Dutch Municipal Health Services (GGD), the government wants the App to provide smart digital solutions for source and contact tracing.1 This means that the App will need to process personal data, including data from which an individual’s health situation can be extrapolated.    Before focusing on the starting points which the App must meet according to the government, it must first be determined whether the General Data Protection Regulation (GDPR) applies to this form of data processing and if so, whether there is a lawful basis for processing personal data.2 After that we will focus on a number of critical comments in relation to data minimisation, protection and data storage. We conclude with some food for thought.   Starting points In the...

Continue Reading

SyRI legislation in violation of article 8 of the ECHR, but no exclusion of intrusive technology!

By Rob van den Hoven van Genderen On 5 February 2020, the Court of The Hague ruled that SyRI (System Risk Indication) legislation is contrary to the European Convention on Human Rights (ECHR).1 This case was brought by a large number of civil society organizations against the use by the State of the Netherlands to detect and combat fraud in a number of ‘risk areas’ with the help of data linking and analysis using algorithms. The court ruled that there was insufficient balance between the use of new technologies such as AI, data analysis, algorithms, deep learning or self-learning systems - and respect for private life as set out in article 8 of the ECHR. According to the court, there is also a risk of discrimination. The law is insufficiently transparent and verifiable and therefore unlawful.   Tijmen Wisman of the Civil Protection Platform says about the verdict: “We have been proved right...

Continue Reading