UK firm denies ‘cyber-spy’ deal with Egypt

From a BBC News report.

A UK firm offered to supply "cyber-spy" software used by Egypt to target activists, the BBC has learned.

Documents found in the headquarters of the country's security service suggest it was used for a five-month trial period at the end of last year.

Hampshire-based Gamma International UK denies actually supplying the program, which infects computers with a virus that bugs online voice calls and email.

The foreign secretary says he will “critically” examine export controls.

Hmmm… Consider this from the firm’s web site:

All perfectly legal, of course.

Nothing to hide?

Lovely exchange in the comments section on Dan Gillmor’s splendid Guardian piece about Cameron’s idea of controlling social networking technology.

@IvyLeague 12 August 2011 2:51PM

“If you’ve got nothing to hide then you have nothing to fear”.

So glad to hear that, now I’d like your full name, address, date of birth, make and model of car you drive, all telephone numbers mobile and landline, name of employer, email address, annual income (gross and net), and of course I’d also like to know what your daily schedule is and what times you estimate being out of the house this weekend. Come on now, if you’ve nothing to hide then you’ve nothing to fear. Please post this information publicly, or are you up to something?

Oh and please post your internet history too, I’d like to check what sites you browse, just to make sure you aren’t fapping to something nasty. By your own statement if you are reluctant to do so then you must be up to something criminal. Or you could admit your over simplistic statement was absurd.

When Social Networks Become Tools of Oppression

Good post by Jillian York.

When Syria’s government unblocked Facebook, YouTube and Blogspot in February, many activists saw the move as an overture to protesters, possibly one offering a semblance of the freedoms won by insurgents in Egypt and Tunisia.

Others saw it as a potential means of surveillance. They were right: Within weeks, reports began to emerge from detained Syrian activists who said that authorities had demanded their Facebook passwords. Others inside the country noted that their friends’ Facebook walls had been compromised and now contained pro-regime sentiment.

On Twitter, Syrian protesters have noted the emergence of pro-regime “spambots”: accounts set up with automated feeds that post benign content, including links to attractive photographs of Syrian landscapes, to the hashtag used by protesters and supporters, presumably to flood it with contradictory information. Activists believe the bots have been created by regime supporters, paid or otherwise.

The potential for authorities to use tools like Twitter and Facebook to track down insurgents is very real. Many demonstrators chose early on not to hide their identities, emboldened by the success of Egypt’s mostly peaceful uprising. When coupled with Facebook’s requirement that users create profiles using their real names, pro-democracy activists are at risk of being unmasked on social networks.

Stay Out of My Dropbox

Hmmm… Thought-provoking post by Susan Orlean. As Dropbox becomes more ubiquitous this will become more of an issue for everyone.

Privacy became an issue the other day in the case of Dropbox, the popular online backup service. Apparently, in its original wording, Dropbox’s terms of service made it sound as if files stored there were encrypted, so employees couldn’t read them, even if they wanted to. But recently the wording was changed to something a little squishier: it now seems that employees are merely “prohibited” from reading files, rather than unable. I was dismayed when I heard this, because I use Dropbox constantly, but my dismay had more to do with seeing a good company handle an issue so clumsily than thinking my privacy was suddenly compromised. Millions of files are uploaded to Dropbox every day. Even the biggest nosey body in the world couldn’t go through that much stuff.

Privacy: the perfect storm of surveillance

From an Editorial in today’s Observer.

A pattern is emerging. A researcher discovers that a product or service offered by a large (generally US-based) company contains a security flaw or a feature that compromises the privacy of internet users. The revelations are confirmed by other experts across the internet. The company responsible then goes through a predictable series of steps: first, “no comment”, followed by indignant denial, then a PR-spun “explanation” and, eventually, an apology of sorts plus a declaration that the bug will be fixed or the intrusive practice terminated.

A recent example was Apple’s extraordinary contortions over the discovery that its iPhone was covertly collecting location data and storing it in unencrypted form. But last week also saw the revelation that devices made by TomTom, the leading manufacturer of GPS navigation systems, had effectively been spying on Dutch users and that the aggregated data had been sold to the police in order to guide the location of speed traps…

Don’t give your data to cloud providers. Just lend it to them.

Interesting NYT column by Richard Thaler.

Here is a guiding principle: If a business collects data on consumers electronically, it should provide them with a version of that data that is easy to download and export to another Web site. Think of it this way: you have lent the company your data, and you’d like a copy for your own use.

This month in Britain, the government announced an initiative along these lines called “mydata.” (I was an adviser on this project.) Although British law already requires companies to provide consumers with usage information, this program is aimed at providing the data in a computer-friendly way. The government is working with several leading banks, credit card issuers, mobile calling providers and retailers to get things started.

To see how such a policy might improve the way markets work, consider how you might shop for a new cellphone service plan. Two studies have found that consumers could save more than $300 a year by switching to the right plan. But to pick the best plan, you need to be able to estimate how much you use services like texting, social media, music streaming and sending photos.

You may not know how to answer or be able to express it in megabytes, but your service provider can. Although some of this information is available online, it’s generally not readily exportable — you can’t easily cut and paste it into a third-party Web site that compares prices — and it is not put together in a way that makes it easy to calculate which plan is best for you.

Under my proposed rule, your cellphone provider would give you access to a file that includes all the information it has collected on you since you owned the phone, as well as the current fees for each kind of service you use. The data would be in a format that is usable by app designers, so new services could be created to provide practical advice to consumers. (Think Expedia for calling plans.) And this virtuous cycle would create jobs for the people who dream up and run these new Web sites.

Privacy in the networked universe

From a comment piece by me in today’s Observer.

Recent events in the high court suggest that we now have two parallel media universes.

In one – Universe A – we find tightly knit groups of newspaper editors and expensive lawyers trying to persuade a judge that details of the sexual relations between sundry celebrities and a cast of characters once memorably characterised by a Glasgow lawyer as “hoors, pimps and comic singers” should (or should not) be published in the public prints.

If the judge sides with the celebs, then he or she can grant an injunction forbidding publication. But because news of an injunction invariably piques public interest (no smoke without fire and all that), an extra legal facility has become popular — the super-injunction, which prevents publication of news that an injunction has been granted, thereby ensuring not only that Joe Public knows nothing of the aforementioned cavortings, but also that he doesn’t know that he doesn’t know.

In the old days, this system worked a treat for the simple reason that Universe A was hermetically sealed. If a judge granted the requisite injunctions, then nobody outside the magic circle knew anything.

But those days are gone. Universe A is no longer hermetically sealed.

It now leaks into Universe B, which is the networked ecosystem powered by the internet. And once news of an injunction gets on to the net, then effectively the whole expensive charade of Universe A counts for nought. A few minutes’ googling or twittering is usually enough to find out what’s going on.

This raises interesting moral dilemmas for Joe Public…

And now: the Android spyPhone

From yesterday’s Guardian:

Smartphones running Google’s Android software collect data about the user’s movements in almost exactly the same way as the iPhone, according to an examination of files they contain. The discovery, made by a Swedish researcher, comes as the Democratic senator Al Franken has written to Apple’s chief executive Steve Jobs demanding to know why iPhones keep a secret file recording the location of their users as they move around, as the Guardian revealed this week. Magnus Eriksson, a Swedish programmer, has shown that Android phones – now the bestselling smartphones – do the same, though for a shorter period. According to files discovered by Eriksson, Android devices keep a record of the locations and unique IDs of the last 50 mobile masts that it has communicated with, and the last 200 Wi-Fi networks that it has “seen”. These are overwritten, oldest first, when the relevant list is full. It is not yet known whether the lists are sent to Google. That differs from Apple, where the data is stored for up to a year.