Archive for News and Events

£15K Fine For Ignoring Data Access Requests

SCL Elections, the parent company of the now defunct Cambridge Analytica which was famously involved in the Facebook profile harvesting scandal, has been fined £15,000 for failing to respond to a data access request from a US citizen, and for ignoring an enforcement notice by the UK’s Information Commissioner’s Office (ICO).

Data Protection Act

The fine was made for a breach of the Data Protection Act which was in force for all at the time of the data request, which was originally made back in 2017.  GDPR, which came into force on 25th May 2018 (to replace the Data Protection Directive) covers the data protection rights of EU citizens.

The person who made the data request in this case, however, was US citizen Professor David Carroll, and SCL Elections wrongly believed that because he was not a UK citizen, he had no more right to request access to data “than a member of the Taliban sitting in a cave in Afghanistan”.

What Happened?

Professor David Carroll, who was based in New York in May 2017 at the time of his original data request under UK Data Protection Act, asked SCL Elections’ Cambridge Analytica branch in the UK to provide all the data it had gathered on him. Under that law, SCL Elections should have responded within 40 days with a copy of the data, the source of the data, and stating if the organisation had given / intended to give the data to others.

Professor Carroll, a Democrat, was reported to have been interested from an academic perspective in the practice of political ad targeting in elections and believed that he may have been targeted with messages that criticised Secretary Hillary Clinton with falsified or exaggerated information that may have negatively affected his sentiment about her candidacy.

Sent Basic Information On A Spreadsheet

Some weeks after Professor Carroll’s subject access request in early 2017, SCL Elections sent him a spreadsheet of basic information that it held about him.

However, that information contained accurate predictions of Professor Carroll’s views on some issues and had scored Carroll a nine 9 out of 10 on what it called a “traditional social and moral values importance rank”.

Wanted To Know How

This prompted Professor Carroll to submit a second request to SCL Elections, this time to find out what that ranking meant and what it was based on, and where the data about him came from. This second request was ignored by SCL.

The CEO of Cambridge Analytica at the time, Alexander Nix, told a UK parliamentary committee that his company would not provide American citizens, like David Carroll, all the data it holds on them, or tell them where the data came from, and Nix (mistakenly) said that there was no legislation in the US that allowed individuals to make such a request.

ICO Involved

The ICO then became involved with the UK’s Information Commissioner, Elizabeth Denham, sending a letter to SCL Elections (Cambridge Analytica) asking where the data on Professor Carroll came from, and what had been done with it.  A section 40 enforcement notice was also issued in May 2018 to SCL Elections, thereby making it a criminal matter if they failed to comply by responding to the request and by providing the full records as requested by Carroll. No records were forthcoming, which resulted in the recent prosecution, the first against Cambridge Analytica.

During the case at Hendon Magistrates Court, it was revealed that SCL Elections had a turnover of £25.1m and profits of £2.3m in 2016.  The judge fined SCL Elections £15,000 for failing to comply with the section 40 enforcement notice from the ICO and ordered the company (whose affairs are being handled by administrators, Crowe UK) to pay a contribution of £6,000 to the ICO’s legal costs, and a victim surcharge of £170.

Some Mitigating Circumstances

Although Counsel for SCL Elections’ administrators acknowledged that SCL elections had failed to respond to the section 40 enforcement notice, they did highlight some mitigating circumstances, such as the company’s computer servers being seized by the ICO following a raid on the SCL Elections premises in March 2018.

What Does This Mean For Your Business?

This case shows that ignorance of data protection law is not a defence and that businesses and organisations need to protect their customers, stakeholders, and themselves by making sure that they fully understand and comply with data protection laws. This is particularly relevant in the UK since the introduction of GDPR.

As pointed out by Information Commissioner Elizabeth Denham in this case, companies and organisations that handle personal data need to respect people’s legal privacy rights and to understand that wherever a person lives in the world, if their data is being processed by a UK company, UK data protection laws apply. This case has also highlighted the fact that where there is no compliance with the law, and where ICO enforcement notices are ignored, action will be taken that could be very costly to the subject of that action.

Fake News Fact Checkers Working With Facebook

London-based, registered charity ‘Full Fact’ will now be working for Facebook, reviewing stories, images and videos, in an attempt to tackle misinformation that could “damage people’s health or safety or undermine democratic processes”.

Why?

The UK Brexit referendum, the 2017 UK general election, and the U.S. presidential election were both found to have suffered interference in the form of so-called ‘fake news’ / misinformation spread via Facebook which appears to have affected the outcomes by influencing voters.

For example, back in 2018, it was revealed that London-based data analytics company, Cambridge Analytica, which was once headed by Trump’s key adviser Steve Bannon, had illegally harvested 50 million Facebook profiles in early 2014 in order to build a software program that was used to predict and generate personalised political adverts to influence choices at the ballot box in the last U.S. election. Russia was also implicated in trying to influence voters via Facebook.

Chief executive of Facebook, Mark Zuckerberg, was made to appear before the U.S. Congress in April to talk about how Facebook is tackling false reports, and even recently a video that was shared via Facebook (which had 4 million views before being taken down) falsely suggested that smart meters emit radiation levels that are harmful to health. The information in the video was believed by many even though it was false.

Scoring System

Back in August 2018, it was revealed that for 2 years Facebook had been trying to manage some misinformation issues by using a system (operated by its own ‘misinformation team’) that allocated a trustworthiness score to some members.  Facebook is reported to be already working with fact-checkers in more than 20 countries. Facebook is also reported to have had a working relationship with Full Fact since 2016.

Full Fact’s System

This new system from third-party Full Fact will now focus on Facebook in the UK.  When users flag up to Facebook what they suspect may be false content, the Full Fact team will identify and review public pictures, videos or stories and use a rating system that will categorise them as true, false or a mixture of accurate and inaccurate content.  Users will then be told if the story they’ve shared, or are about to share, has been checked by Full Fact, and they’ll be given the option to read more about the claim’s source, but will not be stopped from sharing anything.

Also, the false rating system should mean that false content will appear lower in news feeds, so it reaches fewer people. Satire from a page or domain that is a known satire publication will not be penalised.

Like other Facebook third-party fact-checkers, Full Fact will be able to act against pages and domains that repeatedly share false-rated content e.g. by reducing by their distribution and by reducing their ability to monetise and advertise.  Also, Full Fact should be able to stop repeat offenders from registering as a news page on Facebook.

Assurances

Full Fact has published assurances that among other things, they won’t be given access to Facebook users’ private data for any reason, Facebook will have no control over what they choose to check, and they will operate in a way that is independent, impartial and open.

Political Ad Transparency – New Rules

In October last year, Facebook also announced that a new rule for the UK now means that anyone who wishes a place an advert relating to a live political issue or promoting a UK political candidate, referencing political figures, political parties, elections, legislation before Parliament and past referenda that are the subject of national debate, will need to prove their identity, and prove that they are based in the UK. The adverts they post will also have to carry a “Paid for by” disclaimer to enable Facebook users to see who they are engaging with when viewing the ad.

What Does This Mean For Your Business?

As users of social networks, we don’t want to see false news, and false news that influences the outcome of important issues (e.g. elections and referendums) have a knock-on effect to the economic and trade environment which, in turn, affects businesses.

Facebook appears to have lost a lot of trust over the Cambridge Analytica (SCL Elections) scandal, findings that Facebook was used to distribute posts of Russian origin to influence opinion in the U.S. election, and that the platform was also used by parties wishing to influence the outcome of the UK Referendum. Facebook, therefore, must show that it is taking the kind of action that doesn’t stifle free speech but does go some way to tackling the spread of misinformation via its platform.

There remains, however, some criticism in this case that Facebook may still be acting too slowly and not decisively enough, given the speed by which some false content can amass millions of views.

Reddit Locks Out Users Over Security Concerns

Online community Reddit shut some users out of their accounts and forced password resets due to “unusual activity” which may have been a ‘credential stuffing’ attempt by hackers.

Reddit

California-based Reddit, founded in 2005, is a kind social network / online community.  Reddit, which is the fifth most popular site in the United States (Alexa figures), is split into over a million communities called “subreddits,” each one covering a different topic.  Reddit allows registered members to submit content to the site, and that content is voted up and down by other members.

What Happened With The Lockdown?

According to Reddit’s own reports, a large group of accounts had to be locked down due to a security concern which took the form of account activity that resembled someone using very simple passwords or the reuse of credentials across multiple websites or services – in other words, a credential-stuffing attempt.

Reddit’s admin known as “u/Sporkicide” reported that it appeared likely that a list of usernames and passwords, possibly taken from another compromised site, were being tried against other popular sites, including Reddit, to see if they work e.g. if a user had used the same username and password for multiple websites.

Reddit advised customers, those with locked accounts would be allowed to reset their passwords and thereby unlock and restore their accounts. Reddit said that the notification to do so would be a notification to the account (affected customers could still log in to get it) and/or an email to any support ticket raised by affected users.

Not The First Time

Back in August 2018 Reddit reported that between a June 14th and June 18, an attacker compromised some employee accounts through their cloud and source code hosting providers and was able to access some user data, including email addresses and a complete 2007 database backup containing old passwords and early Reddit user data from the site’s launch in 2005 through May 2007.

Advice

As well as announcing that it was conducting a “painstaking investigation” of the incident, Reddit advised users to make sure that they choose strong passwords that are unique to Reddit, update their email addresses to enable automated password resets, and add two-factor authentication their accounts to make them more secure.

What Does This Mean For Your Business?

This story highlights the importance of not using the same username and password across many websites.  The danger is that, if hackers can steal login credentials in a hack on one website, they or other attackers who have purchased / acquired the stolen data may well try to use that login data on many other popular websites to try and gain access.

Also, where other security measures such as two-factor authentication are available, it is worth using it as an extra obstacle to the kind of simple, opportunistic credential-stuffing attempts that are all-too-frequent.

Businesses / organisations should always encourage users to use login details that are unique to their website, give visual guidance on password strength on set-up, and specify a certain number of required characters for passwords e.g. including a capital letter, numbers, other special characters, and making the password a certain length.  As well as being a bit more secure, this can also help to stop people from using exactly the same password between multiple sites.

Windows 7 Activation Errors A Coincidence Says Microsoft

Just after the January update on 8th January, Windows 7 users began to experience activation errors, but Microsoft put the issues down to coincidence, despite admitting that it had reverted changes made to activation servers in the update in order to fix the problem.

What Is An Activation Error?

Windows Activation Technologies are used by Microsoft to help confirm that the copy of Windows 7 that is a user is running on their computer is genuine.  For example, the activation key is a 25-character code that is located on the Certificate of Authenticity label or on the proof of license label, and validation feature of Activation Technologies is the online process where users must verify that the copy of Windows 7 they’re running on their computer is activated correctly and is genuine.

An activation error, therefore, is when a user’s system wrongly notifies them that their copy of Windows is not genuine.

Which Update?

On 8th January, there was a monthly ‘Rollup’ security update for Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1.  The update was designed to improve and fix certain issues with Windows 7 e.g. fixing a vulnerability known as ‘Speculative Store Bypass’, and adding security updates to Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.

Coincidence?

According to Microsoft, the fact that users received “Windows is not genuine”, and “Your computer might be running a counterfeit copy of Windows” notification at the same time as the January updates (KB4480960 and KB4480970) were introduced was simply a coincidence. Despite describing it as such, the problems were listed a table of “known issues in this update” on Microsoft’s support pages.

Reverted The Change

Microsoft announced on 9th January that it has fixed the issue by reverting the change that was made to Microsoft Activation and Validation servers.

What Does This Mean For Your Business?

For many Windows 7 users, the change meant a day of disruption on the Tuesday of the first full week back after the Christmas and New Year break.  For many of these users however, this appears to be one more in a long line of incidents, nudges and pointers that look like they’re designed to encourage them to finally make the switch over to Microsoft’s Windows 10 and its SaaS model. Microsoft ended its mainstream support for Windows 7 on January 13th, 2015, and the extended support will only continue until January 14th, 2020, after which time Microsoft says on its website that users can “keep the good times rolling by moving to Windows 10”.

Over Half Of Us Will Buy Food Online By 2021

A study by Capgemini has found that more than half of UK consumers will order their groceries from online retailers by 2021.

40% Now

The study found that a massive 40% of customers already do their grocery shopping online, and that 43% of customers shop for food online at least once a week.

Big Issues Around Delivery

The study also revealed some big issues that customers had around the subject of delivery.

For example, even though 59% of customers said that they are not satisfied with current high delivery prices, only 1% of retailers are willing to cover full delivery costs for shopping.

Also, nearly half of the consumers surveyed said they would stop spending with a retailer if they had a bad delivery experience, but on the upside, 53% of customers who said that if they had a good delivery experience with a brand, they would be willing to pay for a membership if it meant that they could keep having good delivery experiences in the future.

The study also showed that 65% of customers are finding greater satisfaction in using delivery services other than traditional supermarket retailers e.g. Ocado and Google Express.  In fact, 64% of those surveyed said they didn’t care whether their products were delivered by a brand or by a third party, and some of those surveyed said they’d even deliver products to their nearby neighbours in return for an incentive from the retailer.

The ‘Last-Mile’ Cost

One of the big problems that retailers face in delivery groceries is that the so-called ‘last-mile’.  This is the movement of goods from a transportation hub to the final delivery destination (i.e. your home), and this part of the supply chain accounts for 41% of the overall delivery cost for retailers.  This may explain the reluctance of retailers to cover full delivery costs for shopping, as shown by the survey.

Disconnect

The study also highlights a disconnect between the expectations of customers and retailers.  For example, although customers appear to place a high value on low delivery costs, only 30% of retailers think this is important.  Also, whereas a massive 73% of customers want to choose a convenient delivery time slot for goods, only 19% of retailers regard this as a priority.

What Does This Mean For Your Business?

There is no doubt that many of us are now used to (and prefer) online shopping for many things, including groceries, and if, as the study shows, even more of us are going to be doing our grocery shopping online going forward, grocery retailers are faced with several challenges in order to meet rising customer expectations and retain loyalty.  For example, retailers will need to be able to provide last-mile delivery services that customers value, without damaging their own profitability.  Also, retailers need to take more notice generally of issues around delivery that customers really value e.g. offering convenient delivery time slots/methods for goods, and minimising delivery costs to customers.

One thing the study has indicated is that customers may even be willing to try new delivery ideas, and even pay more if they can be assured of consistently better delivery experiences.  With this in mind, and with customers rising, grocery retailers are likely to invest more in automating warehouse and product sorting to reduce costs and embrace new things such as machine learning and automation technology to make the supply chain more efficient.

Contactless Card Fraud Has Doubled

The UK’s fraud reporting service, Action Fraud, has reported that contactless card fraud doubled in 2018 to £1.8m stolen compared with £711,000 in 2017.

Average Theft Amount Increased

The latest Action Fraud figures have also revealed that the average theft through contactless fraud in 2018 rose to was £657, compared with £493 in 2017.

Back in February 2017, figures from UK Finance showed that contactless card fraud had already overtaken cheque fraud, prompting finance experts to warn banks against raising the £30 limit for payments, to avoid incentivising more criminals to steal them.

Contactless Technology

Contactless cards incorporate a special chip that can be read quickly and easily read by a payment terminal (without making direct contact), meaning that entering a PIN is not necessary, thereby speeding up transactions.

How Can Hundreds Be Stolen? I Thought It Was Only Up To £30?

Current rules mean that only payments of up to £30 can be made using contactless technology, and as such, many of the contactless thefts have involved the thieves taking multiple small amounts using the same card so that users don’t notice immediately.

Why The Doubling of Contactless Card Fraud?

Many commentators believe that the simple fact that contactless is overtaking chip and PIN as the most popular way of paying for goods and services now, and that a PIN is not required to use a stolen card are the main reasons why contactless card fraud levels have soared.

Worldpay figures, for example, show that more card payments were made using contactless technology than chip and PIN in the UK over the year from June 2017 to June 2018, and that after increasing by 30% on the previous year, contactless payments are now the most used card payments in shops.  Yolt figures show that 76% of Britons have used contactless payments, and 40% make half or more of their card payments using contactless.

Secure?

Even though UK Finance, the body which represents many banks, is quick to point out that no contactless fraud has been recorded on cards still in the possession of the original owner, contactless cards have robust security features built-in, and that customers are fully protected against any losses from contactless card fraud, the Action Fraud figures still appear to show a security problem.

This problem has not gone unnoticed by consumers.  For example, even though many of us are now used to having and using contactless technology, MoneySuperMarket research from as recently as last September showed that 55% of those surveyed had concerns about the security of tap-and-go technology.

What Does This Mean For Your Business?

For businesses, contactless payments offer the chance to reduce the cost and hassle of having to handle cash, cut queues, increase the speed and hopefully the frequency of transactions (increase footfall), increase average transaction values (ATV), provide a clear audit trail and assured payment, and even (for some types of businesses) the chance to change to better business models e.g. card / contactless only cafes and bars in cities.  For customers, contactless offers a better, more convenient and faster retail experience for the majority of their purchases (£30 and under), which in turn has a positive rub-off value for retailers.

The prevailing trend in developed countries is a move away from cash to cards, and particularly contactless. For example, UK Finance projects that in Britain cash will be used in just one-fifth of all sales by 2026, and Paymentsense has reported the removal of 4,735 cash machines in the last year.

Even though customers may be protected (i.e. re-reimbursed later) if their card is stolen and used by fraudsters, it is still an unpleasant experience to have money removed from their account that can cause financial hardship in the short term and can affect their ability to pay important bills and could have a negative impact on their credit rating.  The Action Fraud figures appear to show, therefore,  that there is a growing problem with contactless card fraud that banks are not yet fully tackling.

Warning – TV Licensing Scam Operating

Action Fraud, the UK’s Cybercrime reporting centre, has warned that fake TV licence payment scam emails have generated 5,247 complaints between 1st October and the end of December, with 1,983 complaints in December alone.

What Emails?

According to Action Fraud, the highly convincing scam involves sending people emails that use headlines such as “correct your licensing information” or “your TV licence expires today”.  In some cases, the email title and contents suggest that the recipient is eligible for a TV Licensing refund.  On opening the email, recipients are encouraged to click on a link to a fake version of the TV Licensing website.

When the victim visits the fake site, they are asked for their personal payment details – account number, sort code, and card verification value (CVV) code.

There have also been reports that victims who have submitted personal details to the fraudsters via the website are contacted a week or two later by the fraudsters who claim to be from the fraud department of the victim’s bank, claim that the victim’s bank account has been compromised, and ask the victim to transfer their money to a new, so-called ‘safe account’.

Some media reports put the amount of cash stolen by fraudsters using this scam in the region of £230,000+.

Official TV Licensing Never Email Customers Unprompted

The spate of fraudulent emails has prompted the real TV Licensing authority to confirm that they never email customers unprompted to ask for personal or payment details or to inform customers of eligibility to any refunds.

Real Glitch Last Year

Some of us may remember that a real security risk involving the genuine TV licensing website was identified back in September 2018 when an Infosec blogger noticed that Google Chrome was flagging the TV Licensing website as insecure.  The blogger estimated that as many as 130,000 people may have been affected by the breach.  TV Licensing then notified customers who accessed its website between 29th August and 5th September 2018 that their personal details may have been stolen but maintains that there was a very small risk of the information having been accessed.

What Does This Mean For Your Business?

This latest scam is one of many convincing scams that use phishing to steal payment details and other personal information. Phishing is one of the most popular cybercrime methods.

Action Fraud advice for avoiding falling victim to this scam includes:

  • Check the sender’s email address – does it look like one TV Licensing would use?
  • Check the subject line and treat any requests such as “action required” or “security alert” with suspicion.
  • Check the Spelling and grammar, as grammatical errors are often signs of scam emails.
  • Look at the style of the emails.  If it appears too familiar or casual, this could be a sign that it is a scam.
  • Check where the link goes – is it the official TV Licensing website?  It is worth remembering that the official TV Licensing authority never emails customers unprompted to ask for personal or payment details.

If you think that you may have fallen victim to this scam, the advice is to report it to Action Fraud by calling 0300 123 2040 or report it through the website here: https://www.actionfraud.police.uk/report-phishing.

Ways to help protect your company against the threat of phishing attacks include education and training of staff to help them spot and deal with phishing, and even using phishing attack simulator tools (such as ‘Attack Simulator’ in Office 365) to help sharpen your organisation’s defences

Apple Blames China In Revenue Warning To Investors

On 2nd January, Apple’s CEO, Tim Cook, issued a revenue warning for this quarter to investors, and pointed to challenges in China as being one of the main downward driving forces.

Letter

Bearing in mind that Apple is one of America’s (and the world’s) tech giants, and that it became the world’s first trillion-dollar public company back in August 2018, it has been somewhat of a surprise to hear that its share price has tumbled more than 20% since October, and that the company has now sent a revenue warning letter to its investors revising down its expected earnings for this quarter. In the letter, Mr Cook pointed to the unforeseen “magnitude of the economic deceleration, particularly in Greater China” as one key reason why a previously predicted rise in revenue had now turned into warnings of a fall in revenue.

What’s The Problem?

Tech market analysts and commentators have cited several reasons for Apple’s woes and the link to the Chinese market, including:

  • Apple needs new iPhone sales, but a lack of technological advances in the iPhone since iPhone 8, combined with a hike in the price of iPhones at a time of global economic pressures on consumers have meant a fall in sales.
  • Some competing Android phones may simply be more interesting and offer better value in terms of price / features e.g. Google Pixel, Oppo’s X, OnePlus 6, or the Huawei P20 Pro.
  • Apple relies heavily on phone sales in the Chinese market (Apple makes a massive 20% of its revenue in the Greater China region) but has faced very stiff competition there from the likes of Huawei, Xiaomi, and Oppo with their high value, lower priced phones.
  • Trade war talk and tensions between the U.S. and China have put more downward pressure on Apple phone sales in China.  For example, the detention of a senior Huawei executive caused a patriotism-fuelled backlash against Apple’s phones in China.
  • Apple investors are worried about iPhone sales generally, which have clearly been in decline since the iPhone 8.
  • Apple investors have concerns and questions about how other Apple services will be developed as revenue generators e.g. ApplePay, Apple Music, the App store, plans for television and movies, and goals for competing in the health industry.

What Does This Mean For Your Business?

Apple products and services are known for their quality, reliability, ease of use, and useful features, and many UK businesses / business people will continue to use them. It is difficult to deny, however, that many new Android phone models, such as those from Huawei or Samsung, offer UK buyers great value for money and useful features compared to Apple’s relatively high-priced alternative. This, combined with Apple’s reliance on getting a large part of its revenue in a country (China) where it is facing stiff competition and trade-war pressures are contributing to a challenging time for Apple.

It is, however, worth remembering that Apple is a trillion-dollar tech giant and is better placed than most to weather any storms and find ways to develop new opportunities and revenue streams.

UK Government Warns ‘No Deal’ Brexit May Mean A .COM Replacement For Your .EU

The UK Government’s Department for Digital, Culture, Media and Sport has issued advice to holders of .eu domains that, in the event of a ‘no deal’ Brexit, they may need to switch to another top-level domain such as .com and may also need to seek legal advice.

What? Why??

The government guidance, published online on 21st December, says that the European Commission’s notice states that where a holder of a domain name no longer fulfils the general eligibility criteria, the registry for .eu will be entitled to revoke the domain name. This is because the rules for .eu domains are decided by the European Commission and the operator, which won a contract to run .eu, is obliged to follow these rules.

This could mean that even though you were the owner of the .eu domain up until 29 March 2019, after that date, and with a ‘no deal’ Brexit, you may no longer be able to access your .eu website or email. This may also essentially mean that .eu domains cannot be bought or renewed after Brexit by people or organisations located outside the European Union.

Is This A Real Threat?

Yes. In March last year, the European Commission announced it planned to simply cancel all 300,000 domains under the .eu top-level domain that have a UK registrant, after the UK’s departure from the European Union. EURid, the company that runs the .eu domain registry was not even consulted about the EC’s decision.

Also, last September the EU added the .eu registry to the official State of the Union document, stating that the implementation and functioning of the .eu top-level domain name would be included alongside copyright, cybersecurity, and privacy reforms.  This means that, if the EU is serious (which it appears to be) and proposed amendments are made to the State of the Union document for post-Brexit, anyone who wants to purchase a .eu domain may need to provide proof of EU citizenship, and registry operators will need to verify that proof.

Lost Revenue

As well as damaging the profits of Eurid, the UK citizens who hold a .eu domain make 10% of the registry, and by taking such a hard line, the European Union would be reducing its own revenues by a significant amount if it simply excluded UK citizens from owning a .eu domain.

What Does This Mean For Your Business?

The government may have just lost a ‘no deal’ Brexit vote, but it looks as though the EU had already set itself on a course to stop UK citizens from owning .eu domains with Brexit anyway, even though they will lose the revenue from nearly 300,00 domains.  There had been plans to set up a Commission on the implementation of the rules, but this is unlikely to happen or to be able to change the EU’s decisions in such a short time.  This means that UK businesses holding .eu domains, having websites with those domains and using email linked to them are now faced with the cost and trouble of having to switch to another top-level domain. One key challenge here, is that they may not be able to find their .com or .uk equivalents, thereby causing even more problems.  The EU’s decision looks like being a bad deal for both UK businesses and the EU, and seeking advice both from the registry and / or other independent legal advice may be advisable at this point.

Drone Laws Promised After Airport Chaos

The chaos caused to flights from Gatwick just before Christmas (and latterly, Heathrow) by drone sightings near the airports has prompted Transport Secretary, Chris Grayling, to announce new counter-drone measures to be taken to protect UK airports.

Increased Exclusion Zone

Mr Grayling, speaking in the House of Commons as the government published its response to its consultation on the future of drones in the UK, and in the wake of the three-day shutdown of Gatwick by unauthorised drone activity in December, announced that the UK government would increase drone exclusion zones around airports from 1km to 5km, and further from the ends of runways.

New Technology

Following the three-day Gatwick (1000+ flight cancellations) issue that caused a national outcry, disrupted the travel plans of 140,000 people, and may have cost the airport more than £120 million, it has reported that Gatwick has spent £5m on anti-drone equipment. The equipment, which uses advanced technology, is believed to be of the same level as was originally supplied for the armed forces.

Heathrow (the world’s busiest airport) is also reported to have invested in anti- drone technology, although it appears unlikely that this is fully operational as the north runway was forced to close for an hour on Tuesday 8th January after reports of possible (unconfirmed) drone sightings in the area.

New Laws Too

Part of the anti-drone measures will include new laws that could see drone users who break the rules being fined or jailed, and police being granted new powers e.g. to be able to ‘down’ drones in certain restricted areas.

Also, from November this year, operators of drones weighing between 250g and 20kg will have to register their drones and take an online safety test.

Big Problem

The problems caused by drones are not limited to just a few prominent incidents. In fact, 117 near misses between manned aircraft and drones were recorded up to November in 2018.

Gatwick was also the scene of a near miss with a drone last summer that put 130 lives at risk, and the airport was also closed for around 20 minutes back in 2017 due to drone activity nearby.

Other Countries – Drones Also A Problem

The UK is by no means the only country suffering problems caused by drones being flown near airports / in the path of aircraft.  For example, back in 2017 a remotely piloted drone struck a Skyjet turboprop passenger plane as it made its approach to land at Jean Lesage Airport in Quebec, Canada, flying at a height of about 450 metres / 1,500 feet and at an estimated 3,000 metres from the runway at the airport. Thankfully, only minor damage was caused to the aircraft which was carrying 8 passengers and was able to land safely.

What Does This Mean For Your Business?

Drones are part of a new industry where the technology and products have been developing before the law has had an opportunity to catch up. Drones clearly have many productive, value-adding, and innovative business uses, and they have been tested and tipped for wider use by brands such as Amazon for parcel deliveries. A move towards autonomous vehicles and new transport technologies means that drones currently have a bright future when used responsibly and professionally. The fact that drones are widely and easily available (with minimal restrictions) to individuals as well as companies, as shown by the many aircraft near misses, and the huge disruption and cost of incidents such as the one at Gatwick in December 2018, indicate that most people would now welcome the introduction of regulations and the investment in technology that contribute to public safety. It is important, however, that any new laws take account of the rights of the majority of responsible drone users, and don’t restrict the commercial potential of drones.