Archive for the 'Privacy' Category

Why your health secrets may no longer be safe with your GP

[link] Tuesday, January 28th, 2014

Last Sunday’s Observer column about the NHS plan to create a national database of health records.

Those planning this healthcare data-grab are clearly hoping that citizen inertia will enable them to achieve their aim, which is to make our most intimate personal details available for data-mining by “approved researchers”. If they succeed, then, starting in March, the medical data of everyone who has not opted out will be uploaded to the repository controlled by the NHS information centre. And for the first time the medical history of the entire nation will have been stored in one place.

What’s wrong with this?

How long have you got?

More fallout from the NSA revelations

[link] Friday, January 24th, 2014

From today’s New York Times

For years, Microsoft has let its customers in Europe, including businesses and organizations, keep their online data close to them. The company operates big data centers in Amsterdam and Dublin for that very purpose.

It now looks as if the company will deepen its commitment to letting those customers decide where their information is stored, at least partly because of concern about spying by the National Security Agency.

In an interview with The Financial Times, Brad Smith, Microsoft’s general counsel, said the company’s customers should be able to “make an informed choice of where their data resides.”

“Technology today requires that people have a high degree of trust in the services they are using ,” he told the paper. “ The events of the last year undermine some of that trust,” he said. “That is one of the reasons new steps are needed to address it.”

Interesting. In some ways, Microsoft is closer to the business community than are Google & Co. They may also be sensitive to the fact that some big European companies (e.g. Siemens) are offering European-based cloud services.

Even our grunts could be monetised by Facebook

[link] Sunday, December 22nd, 2013

This morning’s Observer column.

As Mark Twain observed: “A lie can travel halfway around the world while the truth is putting on its shoes.” And that was a long time before the web. Which brings us to a meme that was propagating last week though social media. Its essence was an assertion that Facebook monitored – and stored – not only the stuff that its subscribers post on their Facebook pages, but even stuff that they started to type and then deleted! Shock, horror!

Read on…

The US fears back-door routes into the net because it’s building them too

[link] Sunday, October 13th, 2013

This morning’s Observer column.

At a remarkable conference held at the Aspen Institute in 2011, General Michael Hayden, a former head of both the NSA and the CIA, said something very interesting. In a discussion of how to secure the “critical infrastructure” of the United States he described the phenomenon of compromised computer hardware – namely, chips that have hidden “back doors” inserted into them at the design or manufacturing stage – as “the problem from hell”. And, he went on, “frankly, it’s not a problem that can be solved”.

Now General Hayden is an engaging, voluble, likable fellow. He’s popular with the hacking crowd because he doesn’t talk like a government suit. But sometimes one wonders if his agreeable persona is actually a front for something a bit more disingenuous. Earlier in the Aspen discussion, for example, he talked about the Stuxnet worm – which was used to destroy centrifuges in the Iranian nuclear programme – as something that was obviously created by a nation-state, but affected not to know that the US was one of the nation-states involved.

Given Hayden’s background and level of security clearance, it seems inconceivable that he didn’t know who built Stuxnet. So already one had begun to take his contributions with a modicum of salt. Nevertheless, his observation about the intractability of the problem of compromised hardware seemed incontrovertible…

Read on.

LATER: I come on this amazing piece of detective work which uncovers a backdoor installed in some D-Link routers.

Why big data has made your privacy a thing of the past

[link] Sunday, October 6th, 2013

This morning’s Observer column.

Watching the legal system deal with the internet is like watching somebody trying to drive a car by looking only in the rear-view mirror. The results are amusing and predictable but not really interesting. On the other hand, watching the efforts of regulators – whether national ones such as Ofcom, or multinational, such as the European Commission – is more instructive.

At the moment, the commission is wrestling with the problem of how to protect the data of European citizens in a world dominated by Google, Facebook and co. The windscreen of the metaphorical car that the commission is trying to drive has been cracked so extensively that it’s difficult to see anything clearly through it.

So in her desperation, the driver (Viviane Reding, the commission’s vice-president) oscillates between consulting the rear-view mirror and asking passers-by (who may or may not be impartial) for tips about what lies ahead. And just to make matters worse, she also has to deal with outbreaks of fighting between the other occupants of the car, who just happen to be sovereign states and are a quarrelsome bunch at the best of times…


American ‘justice’

[link] Sunday, August 4th, 2013

This morning’s Observer column.

Do you think that, as a society, the United States has become a basket case? Well, join the club. I’m not just thinking of the country’s dysfunctional Congress, pathological infatuation with firearms, addiction to litigation, crazy healthcare arrangements, engorged prison system, chronic inequality, 50-year-old military-industrial complex and out-of-control security services. There is also its strange irrationality about the use and abuse of computers.

Two events last week provided case studies of this…

There are lies, damned lies and… official statements about NSA surveillance

[link] Saturday, August 3rd, 2013

How to spy on every American

[link] Saturday, August 3rd, 2013

Simple. Just do three-hop analysis.

Deputy Director John C. Inglis told Congress last week that the agency conducts “three-hop” analysis.

Three-hop (also known as “three degree”) analysis means:

The government can look at the phone data of a suspected terrorist, plus the data of all of the contacts, then all of those peoples contacts, and all of those peoples contacts.

This means that a lot of people could be caught up in the dragnet:

If the average person calls 40 unique people, three-hop analysis could allow the government to mine the records of 2.5 million Americans when investigating one suspected terrorist.

Given that there are now approximately 875,000 people in the government database of suspected terrorists – including many thousands of Americans – every single American living on U.S. soil could easily be caught up in the dragnet.

For example, 350 million Americans divided by 2.5 million Americans caught up in dragnet for each suspected terrorist, means that a mere 140 potential terrorists could lead to spying on all Americans. There are tens of thousands of Americans listed as suspected terrorists … including just about anyone who protests anything that the government or big banks do.

Why (most) Brits don’t seem to be overly concerned about NSA snooping

[link] Saturday, July 27th, 2013

I had an inquiry yesterday from a German journalist asking whether it was true that British people are less concerned than Germans are about the Snowden revelations, and if so why.

Here’s my reply:

Dear [xxx]

1. I think it’s broadly true that, in general, the British public is less concerned about the NSA/Snowden revelations than is the case in Germany. That, at any rate, is the conclusion I draw from the only national opinion polling data I’ve seen — conducted by YouGov and published online.

My reading of the survey results is that

  • the great British public isn’t very worked up about the issues.
  • British people are pretty resigned to being surveilled.
  • My reasons for thinking this:

  • When asked whether the law should be changed to give the security services easy access to phone and online activity, 51% thought that would be going too far, but 39% thought it would be a good idea.
  • When asked how much personal data people thought the security services already had access to, 44% replied “almost everything in practice” and 48% thought that the security services had “wide access to a lot” of personal information.
  • People seem to be slightly supportive of Snowden’s whistleblowing. Just over half (52%) said that he had done the right thing, while 37% thought he had been wrong to do it.
  • On the question of whether Snowden should be prosecuted, people are evenly divided (43% each way).
  • Finally, and perhaps most revealingly, when people were asked if they were surprised by the revelations that Britain’s government surveillance organisation GCHQ had also been monitoring Internet traffic, only 2% said that they had been “very surprised”, 14% were “somewhat surprised” but 83% said that they had been “not at all surprised”.
  • 2. The interesting question, of course, is why the British view differs from that of Germans. Here I can only offer a few speculations.

  • It is partly a reflection the conviction (some would call it a delusion?) that Britain enjoys a “special relationship” with the US, and that this means Britons tend to be more tolerant of US excesses than they are of the excesses of other nations (e.g. Russia or France).
  • There is undoubtedly a special relationship between the security agencies of the UK (GCHQ) and the US (NSA). Some people see this as a continuation of the World War II intelligence-sharing arrangements between the two countries. Cynics see it as an attempt by an economically-enfeebled country to maintain a seat at the “top table” by being useful to the Americans. (Some commentators interpret the British government’s determination to renew its submarine nuclear ‘deterrent’ as an analogous case of “imperial afterglow” — the reluctance to concede that Britain is now just a middle-rank power.) One of my academic colleagues who is an expert in computer security occasionally refers dismissively to GCHQ as “an overseas franchise of the NSA”.
  • The problem of the “Two Cultures” (science and technology). The British public — and particularly its mass media — seems remarkably ignorant about science and technology. Critically, this is also true of British legislators. Of the 600+ MPs in the House of Commons, for example, only three have research degrees. As a result, lay people — and legislators — think that anything connected with computer technology is essentially incomprehensible and best left to experts.
  • Britain has no recent historical experience of being invaded, and so the culture has no clear understanding of the consequences of intensive surveillance technology and records falling into the “wrong” hands.
  • Yours sincerely


    Nothing to hide so nothing to fear? Oh, yeah?

    [link] Friday, July 26th, 2013

    One of the most infuriating episodes of the NSA/Snowden/Tempora story was Foreign Secretary William Hague’s patronising little speech to the Commons, arguing that “if you have nothing to hide then you have nothing to fear”. I had a go at this in a direct way, but felt that the Hague view (which is widespread, nay ubiquitous, among our ruling elites) needs a more considered, philosophically-informed riposte. And, lo and behold, up it comes on OpenDemocracy, in the form of a terrific interview with Quentin Skinner, the historian and political philosopher, in which he discusses various conceptions of liberty.

    When asked about surveillance, he said this:

    The idea that there is no problem with surveillance as long as you have nothing to hide simply points to the complacency of the liberal view of freedom by contrast with the republican one. The liberal thinks that you are free so long as you are not coerced. The republican agrees, of course, that if you are coerced then you are not free. But freedom for the republican consists not in being free from coercion in respect of some action, but rather in being free from the possibility of coercion in respect of it.

    When William Hague told the House of Commons that no one has anything to fear so long as they have done nothing wrong he was missing an absolutely crucial point about freedom. To be free we not only need to have no fear of interference but no fear that there could be interference. But that latter assurance is precisely what cannot be given if our actions are under surveillance. So long as surveillance is going on, we always could have our freedom of action limited if someone chose to limit it. The fact that they may not make that choice does not make us any less free, because we are not free from surveillance and the possible uses that can be made of it. Only when we are free from such possible invasions of our rights are we free; and this freedom can be guaranteed only where there is no surveillance.

    I think it very important that the mere fact of there being surveillance takes away liberty. The response of those who are worried about surveillance has so far been too much couched, it seems to me, in terms of the violation of the right to privacy. Of course it’s true that my privacy has been violated if someone is reading my emails without my knowledge. But my point is that my liberty is also being violated, and not merely by the fact that someone is reading my emails but also by the fact that someone has the power to do so should they choose. We have to insist that this in itself takes away liberty because it leaves us at the mercy of arbitrary power. It’s no use those who have possession of this power promising that they won’t necessarily use it, or will use it only for the common good. What is offensive to liberty is the very existence of such arbitrary power.

    The situation is made much worse once you come to know — as all of us now know — that we are in fact subject to surveillance. For now there is a danger that we may start to self-censor in the face of the known fact that we may be being scrutinised by powerful and potentially hostile forces. The problem is not that we know that something will happen to us if we say certain things. It’s that we don’t know what may happen to us. Perhaps nothing will happen. But we don’t know, and are therefore all too likely to keep quiet, or to self-censor. But these are infringements of liberty even according to the liberal account. Surely the liberal and the republican can agree that, if the structures of power are such that I feel obliged to limit my own freedom of expression, then my liberty has to that degree been undermined.