Security

Not Before Time started with a question: can time be connected to information as reliably as GPS connects position to location? The mathematics to do this is decades old and already running in production systems. I soon discovered this question has been substantially answered, and the next question was a lot more subtle: how can time-linked information be rolled out to society for practical purposes, when what we are doing is introducing a new kind of certainty? The applications sound very tempting, ranging from protecting journalists and whistleblowers to sealed commercial bids, legal instruments, and proving when AI-generated content was created. But what happens when billions of people discover that the power balance inherent in information has been inverted? ...

From time to time I am engaged to help organisations in the UK and in the EU make decisions about where their data is stored, how it is accessed, and how to keep things as stable as possible over the next few years. This was a dizzying mess until 2025, and in 2026 there are some big decisions coming. Organisations need as much certainty as they can get for making decisions which are expensive to change in the future. ...

The detail of the GDPR and its implied computer science contain a solution for sharing secrets according to law. This continues to be true in 2026, as the Digital Omnibus Regulation ↗ takes shape. Executive Summary The GDPR sets up a conflict in trust between companies in particular circumstances, which can only be resolved by using the automation of a cryptographic audit trail with particular properties as described below. Problem Statement ...

This is the second time ↗ the Court of Justice has decided the same question. In brief, after 4 years, in 2020 the Court was completely satisfied that the United States violates the privacy of EU citizens when the personal data of EU citizens is visible to the US government, and that the US has no intention of changing its behaviour. Therefore, US companies are not permitted to hold the personal data of EU citizens and residents. ...

The Fossil ↗ source code management system is the most fully-featured alternative to Git, and has had twenty years of development and testing since 2006. After helping Fossil make some changes I now use Fossil for several projects. I also use Git extensively on various software forges (but not GitHub unless I must). Mercurial ↗ is actively maintained but has lost most of its mindshare since Mozilla ↗ , Bitbucket and others migrated away, and is rarely chosen for new projects today. ...

LumoSQL ↗ protects data on mobile phones using a new data storage technology which is highly compatible with most existing devices. With LumoSQL, the device owner has ultimate right to decide who can read or change their data… and this decision continues to be enforced even after it has been copied off the phone to (for example) a bank or insurance company for processing with their in-house database software. In contrast, the situation at present is that device owners are rarely in control of the privacy of their own data, despite many laws relating to privacy. ...

I have been lead implementer of the main security and privacy standards several times each. These can seem intimidating, but properly used they improve security overall, and can help a business run more smoothly. From a pragmatic, business point of view: These standards are about writing down the actual rules of your business relevant to security and privacy, and then writing down how you improve these rules, and recording how well they work. All businesses can benefit from challenging their working habits and practices, and since privacy and security touch most parts of a business, this is an opportunity to review how the business works before something goes wrong. From the point of view of both Computer Science and Information Management Science: ...