Category Archives: Privacy

Location, location, location, and, er, burgle

Posted on by

Much as I am touched by my online friends’ generous desire to let me know their locations at all times, I also wonder if their generosity is entirely wise. If they are letting the world know that they are currently at some interesting location are they not also letting others know that they are not at home? This thought has also occurred to the designers of Please Rob Me, a cautionary site.

The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home. So here we are; on one end we’re leaving lights on when we’re going on a holiday, and on the other we’re telling everybody on the internet we’re not home. It gets even worse if you have “friends” who want to colonize your house. That means they have to enter your address, to tell everyone where they are. Your address.. on the internet.

Thanks to Gerard for the link.

Google turns to the spooks

Posted on by

I know that cloud computing is wonderful, etc. but have you noticed this development?

Just the thought is enough to send an involuntary little shiver up your spine: Google — keeper of a vast repository of data on our activities, interests and connections — working hand-in-hand with the National Security Agency — the top-secret electronic surveillance specialists who have been known to go rogue from time to time. But according to sources who spoke to the Washington Post, there are delicate talks now going on to form such a partnership with the goal of fortifying Google’s defenses against the kind of espionage-oriented hacking attacks launched from China against it and dozens of other U.S. companies in December.

Google reportedly approached the NSA shortly after the attacks, but in an indication of the sensitivity of such arrangement, the talks have been going on for weeks. Reports the Post: “Google and the NSA declined to comment on the partnership. But sources with knowledge of the arrangement, speaking on the condition of anonymity, said the alliance is being designed to allow the two organizations to share critical information without violating Google’s policies or laws that protect the privacy of Americans’ online communications. The sources said the deal does not mean the NSA will be viewing users’ searches or e-mail accounts or that Google will be sharing proprietary data.” What the agency would be do, as it has with other corporations, is help Google evaluate hardware and software vulnerabilities and gauge the sophistication of its attackers.

At face value, it all sounds reasonable, especially given the suspicions of state support for the Chinese hacking, but of the many things the NSA can tap, a deep reservoir of public trust is not one.

Amen.

The FT’s Gideon rachman spent the morning at the International Institute for Strategic Studies’s briefing on their annual survey of the ‘Military Balance’. He reports that

The briefing offered by the IISS experts ranged fascinatingly over a variety of topics from the Iranian nuclear programme, to Russia’s new military doctrine and the links (or lack of them) between al-Qaeda and Iran.

But the thing I found most interesting was the confirmation that cyber-security is the hot issue of the day. John Chipman, the head of the IISS, says the institute is about to launch a special study of cyber-security which raises all sorts of fascinating issues about hard power, about the responsibilities of states and about international law. What if a country’s infrastructure could be destroyed as effectively by a cyber-attack, as by an invasion of tanks? How do you defend against that? How do you identify the culprits? And what does international law have to say about the issue – might we have to revise our definitions of what constitutes an act of war? Chipman argues, plausibly, that we are now at an equivalent period to the early 1950s. Just as strategists had to devise whole new doctrines to cope with the nuclear age, so they willl have to come up with new ideas to cope with the information age.

And over at the Guardian Charles Arthur has an exhaustive (or should that be exhausting?) analysis of whether the UEA Climate Research Unit’s emails were hacked. His conclusion:

After the July incident, perhaps CRU failed to batten down the hatches, either through technical failings or because someone inside was subverting the efforts. So what happened in November?

Rotter blogged his theory last year. “In the past I have worked at organisations where the computer network grew organically in a disorganised fashion. Security policies often fail as users take advantage of shortcuts … one of these is to share files using an ftp server … This can lead to unintentional sharing with the rest of the internet.”

He added that files were perhaps put “in an ftp directory which was on the same central processing unit as the external webserver, or even worse, was on a shared driver somewhere to which the webserver had permissions to access. In other words, if you knew where to look, it was publicly available”.

If this hypothesis turns out to be true, UEA may end up looking foolish. For there will be no one to arrest.

In other words, the cock-up theory of history rules ok.

The National Security State

Posted on by

When I opened this morning’s Guardian I had a fleeting thought that it must be April 1st. But it isn’t. This crazed stampede into ubiquitous surveillance is really scary. The big question now is whether a Tory administration would pull back from this precipice. I’m not holding my breath.

And the lead contractor, BAE Systems, is the company that Tony Blair decided should not be prosecuted by the Serious Fraud Office on ‘national security’ grounds.

Facebook: pis…, er, urinating in everyone’s soup

Posted on by

Amid the brouhaha about Facebook’s cunning plot to get millions of users to accept foolish default privacy settings, one interesting comment stands out. It comes from Jason Calcanis’s (free but subscription-only) newsletter:

Another problem Facebook is creating with their reckless behavior is
that they are simultaneously making users distrust the internet and
bringing the attention of regulators.

As an industry we should police ourselves and do everything we can to
create trust with users.

It would be great if the “adults” sitting around Zuckerberg’s cube
would explain to the Golden Child that just because he’s on the Forbes
billionaires list and he generates a mob of sycophants around him at
the TED conference, that doesn’t mean he gets a free pass to bring the
heat down on all of us.

Crimebusting with CCTV

Posted on by

Image © naughton321. Used with permission.

Well, well. The Register reports that

Liverpool-based operator TJ Morris Ltd, better known on the High St as Home Bargains, is fed up with shoplifters. So it has set up an innovative new scheme which involves publishing on the net CCTV pictures of individuals suspected of shoplifting.

As the company explains on its site: “Below are a series of images of suspected shoplifters in Home Bargains stores.

“We are keen to identify them and pass their details onto the police. We are offering a reward of up to £500 per instance, for information leading to the arrest and successful prosecution for shoplifting.”

Hmmm… I’ve just looked at the said web site and it does indeed have pictures of various unsavoury-looking types. But then, I reflected, most of us look pretty unsavoury when snapped by a CCTV camera. I’ve seen myself on CCTV, for example, and I wouldn’t want to meet me on a dark night. So it’s interesting to read the next part of the Register’s piece:

A cautionary note is supplied by David Hooper, a Partner at Reynolds Porter Chamberlain and a Specialist in Libel Law. He said: “If police put up a wanted poster, they have what is known as ‘qualified privilege’ and are protected in law.

“That is not the case with private individuals or businesses, who would have to be very sure they could justify their actions. If challenged, they would have to prove reasonable and objective grounds to suspect somebody of having shoplifted.

“If they got it wrong, they could open themselves to a libel action.”

Quite so, m’lud. I can picture the scene now. My QC is addressing the Jury in his summing up:

“The plaintiff, a perfectly respectable university professor of modest means but somewhat crumpled appearance, has had his reputation destroyed by the false implication, conveyed through the publication of these CCTV images, that he is a common thief, whereas in fact he has for many years selflessly donated a substantial portion of his income to the support of worthy organisations such as Apple Computer Inc, Amazon.co.uk, Heffers Booksellers, The Economist, the New Yorker and other causes too numerous to mention. The pain and anguish caused to him and his family by such cavalier and defamatory publication can barely be imagined. I put it to you, ladies and gentlemen, that he is entitled not only to a full and prominent apology from the organisation that has so cruelly traduced him, but also to substantial damages.”

Quite so. £500,000 plus costs would do nicely. A picture is worth not just a thousand words, but five hundred grand in old money.

Anonymous blogging? Forget it

Posted on by

Important legal judgment.

Blogging is a public activity with no right to anonymity, the high court ruled today in a decision expected to have far-reaching repercussions for thousands of bloggers who keep their identities secret.

Richard Horton had obtained a temporary injunction against the Times after a reporter discovered he was the officer behind the NightJack blog, which attracted hundreds of thousands of followers to its behind-the-scenes commentary on policing.

Horton, a detective constable with the Lancashire constabulary, prevented the Times from revealing his identity after arguing the paper would be putting him at risk of disciplinary action for disclosing confidential information about prosecutions within the force.

However, in a landmark judgment Mr Justice Eady overturned the injunction, stating that Horton, whose blog at one time had around 500,000 readers a week, had "no reasonable expectation of privacy".

"I do not accept that it is part of the court's function to protect police officers who are, or think they may be, acting in breach of police disciplinary regulations from coming to the attention of their superiors," Eady added…

Gordo’s response to the Phorm petition

Posted on by

Just in from Number Ten.

Thank you for the e-petition on internet advertising technologies and customer privacy.

As your petition states, some Internet Service Providers (ISPs) have been looking at the use of Phorm’s Webwise and Open Internet Exchange (OIX) products. However, the only use of the technology so far has been the trials conducted by BT.

Advertisers and ISPs need to ensure that they comply with all relevant data protection and privacy laws. It is also important that consumers’ privacy is protected and that they are given sufficient information and opportunity to make a clear and informed decision whether to participate in services such as Phorm.

The Government is committed to ensuring that people’s privacy is fully protected. Legislation is in place for this purpose and is enforced by the Information Commissioner’s Office (ICO). ICO looked at this technology, to ensure that any use of Phorm or similar technology is compatible with the relevant privacy legislation. ICO has published its view on Phorm on its website:

http://www.ico.gov.uk/upload/documents/pressreleases/2008/new_phorm_statement_040408.pdf

ICO is an independent body, and it would not be appropriate for the Government to second guess its decisions. However, ICO has been clear that it will be monitoring closely all progress on this issue, and in particular any future use of Phorm’s technology. They will ensure that any such future use is done in a lawful, appropriate and transparent manner, and that consumers’ rights are fully protected.

So that’s all right then? Er, no.

ISPs to do the government’s monitoring for it

Posted on by

From a BBC report.

Communications firms are being asked to record all internet contacts between people as part of a modernisation in UK police surveillance tactics.

The home secretary scrapped plans for a database but wants details to be held and organised for security services.

The new system would track all e-mails, phone calls and internet use, including visits to social network sites.

The Tories said the Home Office had “buckled under Conservative pressure” in deciding against a giant database.

Announcing a consultation on a new strategy for communications data and its use in law enforcement, Jacqui Smith said there would be no single government-run database.

Communications data is an essential tool for law enforcement agencies to track murderers and paedophiles, save lives and tackle crime

But she also said that “doing nothing” in the face of a communications revolution was not an option.