Recently the Supreme Court ruled that a teacher who was found not guilty of rape could not have reference to the case, which had been included by the Police on an enhanced criminal record check (ECRC) removed.  The actual ruling is not surprising as the Supreme Court has made similar judgements in the past such as highlighted in this previous Newsblog report.  However, the judgement raises questions about the competency of Supreme Court judges, as allowing the information to be included in an ECRC is clearly perverse as it undermines basic rights that it is essential to uphold and sets dangerous precedents for the future.   There are a number of issues with the judgement as outlined below:   Firstly and perhaps most obvious is that by adding the case to the teacher’s ECRC record the implication is that he is guilty even though he has been found not guilty by a […]

Is the UK Supreme Court Competent to Rule on Database ...


Recently China implemented new restrictions on the use of Virtual Private Networks (VPNs), by introducing the requirement for VPN providers to be registered with the Chinese Government. VPNs are very popular in China as a means of getting around the Chinese Government’s internet monitoring and censorship programme that goes under the euphemism of the “Great Firewall of China”.   Given the ability of VPNs to break state censorship it is not surprising that the Chinese government has initiated a clamp-down on their use. The internet monitoring busting capabilities of VPNs is something that the UK Government may have to face in the near future following the introduction of the Investigatory Powers Act (IP Act) and the Digital Economy Act (DE Act).  Both of these will drive an increased use of VPNs in the UK. In the case of the IP Act VPNs are likely to be employed by internet users to […]

What Chance a UK Ban on VPNs?


One of the most interesting phenomena to come out of the leaks of Hilary Clinton’s campaign chairman John Podesta’s e-mails last year was the Pizzagate affair, which has also morphed into “Paedogate” (For those of you interested in getting a flavour of Pizzagate the #Pizzagate hashtag on Twitter will give you a good overview). For those of you not familiar with Pizzagate it is a narrative (or depending on your point of view a conspiracy theory) which claims that a child sex ring operated within the senior echelons of the United States Democratic Party.  This child sex ring was claimed to be linked to various restaurants, but in particular a Pizza restaurant called the Comet Ping Pong Pizzeria in Washington DC.  It started with leaking of the e-mails by WikiLeaks and the story spread rapidly on Social Media particularly on Twitter, 4Chan and Reddit. Subsequent publication of the story by […]

Pizzagate’s Big Data Problem



Two recent news articles highlight issues with the database state and the fallacy of the “nothing to hide, nothing to fear” argument so often used to claim surveillance is not something the law abiding should be worried about. The first was a report in the Guardian that 17 people had been mistakenly arrested, due to incorrect telephone information or Internet records being provided to the Police or other public bodies investigating crime. The other was an article resulting from a Daily Mail investigation concerning people having county court judgements awarded against them, without them even knowing that proceedings had been issued against them or anything about the court case. In both these cases information has been processed on individuals without their knowledge and with not even basic checks on the accuracy of the information being made by the Police, security or court services.  This in itself scandalous given the serious […]

Data is There to be Processed – But as Cheaply ...


NO2ID have recently picked up on a worrying new strategic data sharing initiative in Greater Manchester.  It is called GM-Connect and it was initiated in January 2016, but we have only become aware of it recently because there hasn’t been much publicity about it.  Official information is limited to a press release and a report summarising the aims of the GM-Connect project. The aim of GM-Connect is to allow the sharing of the personal data of residents across Greater Manchester, with a longer-term aim to create a ‘common residents index’ of everyone living in Greater Manchester.   Although the report focuses on the use of GM-Connect in improving social and health care, the ultimate intention is clearly that access to many other public services will be covered. GM-Connect will not actually store the data but will use a federated data sharing model (Essentially a series of separate databases which can be […]

GM-Connect: A New Data Sharing Initiative for Greater Manchester


Campaign group NO2ID [1] says a provision tacked on to the Digital Economy Bill announced in the Queen’s Speech hides “a revolution in government”, “a Whitehall coup”. Little notice has so far been taken of the bland-sounding “use of data to deliver government services” [2], but the underlying proposals [3] would create new rules for information about individuals and companies held by government. Information given in confidence for one purpose, could be later taken by officials and used for another, without any specific political or legal authority.[5] This is to be embedded in a Bill mainly concerned with broadband provision and internet regulation. Guy Herbert, General Secretary of NO2ID said: The idea that information we give to government stops being ours and starts being official property won’t go away. In 2009 the last Labour administration sneaked something similar into the Coroners and Justice Bill – and had to withdraw it […]

“Whitehall coup” hidden in Queen’s Speech – Press Release



The Investigatory Powers Bill has been introduced to parliament in an attempt by the Home Office to rush it through the Commons before the European referendum. Contained within the Bill are new and broadly drafted powers that would enable police and intelligence to have general warrants to demand data from any organisation that stores it, and match, mine, share, and cross-reference it. Guy Hebert General Secretary of NO2ID says “These sweeping powers are in addition to the existing self-authorised powers over communications data for specific investigations already granted to a wide range of public bodies. General warrants could specify broad types of information and purposes, leaving the security forces free to demand any information from anyone about anyone as suits their mass surveillance brief. That’s so vague as to cover anything, from the computer network at your child’s school, to shopping records, details of phone downloads, messaging, or CCTV records” […]

Database state: authorities could demand your data from any organisation ...


  NO2ID Press Release – IMMEDIATE 4th November 2015 The new draft surveillance bill is like an iceberg, with a vast bulk of technical change obscured beneath the surface, according to civil liberties organisation NO2ID[1]. Theresa May presented the Investigatory Powers Bill [2] to parliament today as a measure “consolidating and updating our investigatory powers, strengthening the safeguards”. But it amounts to a dramatic alteration in the powers already available not just to the intelligence services, but to police, tax inspectors, and officials and regulators in almost every department of state [3]. It replaces several pieces of complex and technical legislation. Guy Herbert General Secretary for NO2ID, said: “I would have more sympathy for the Home Secretary if she did not resort to glib hypotheticals about kidnapped children. This is not a proposed bill that is easy to understand or straightforward in effect.” “The much trumpeted change in oversight focuses […]

NO2ID on IP Bill: Government expects parliament to swallow an ...


An article on the Techdirt website about the ease with which a Smart Kettle can be hacked has highlighted the dire state of device security for the ‘Internet of Things’. The iKettle by allows users to remotely turn it on from anywhere using a Smartphone App.  However, researchers have pointed out that the Kettle is relatively easy to hack especially if the user has not configured the kettle properly.  The company that produces the iKettle has said its associated Android and iOS APPs would be upgraded to eliminate the security vulnerabilities.  However, there is still the wider problem of ‘Internet of Things’ devices opening up vulnerabilities in people’s home networks, especially where device security is an afterthought. The advice the researchers give is to not put ‘Internet of Things’ devices on your network unless you are absolutely sure they are secure.

Easily Hacked Kettle Highlights the Lack of ‘Internet of Things’ ...



4
Nikolaj Nielsen reports in the EU Observer that France is proposing that all travelling EU nationals should be required to give their fingerprints and possibly also have their faces scanned as part of the Smart Borders programme. Smart Borders was proposed in 2013 by the EU Commission to allow management of the external borders of the Schengen Member States.  Biometric scanning of visiting non-EU nationals was also included in the scheme.  It has been on hold for a while due to cost concerns; however, an updated plan for the scheme is expected before the end of the year. In a document submitted by the French delegation it is claimed that an expanded Smart Borders scheme is required to address terrorist threats and gives examples such as the Charlie Hebdo attack in Paris and the recent attack on an Amsterdam to Paris train to justify their proposal.  Further justifications include dealing […]

France Wants all Travelling EU Nationals Fingerprinted


2
A team at WP Engine have conducted an interesting analysis of some 10 million passwords that had been collected from various sources such as leaks and dumps of passwords.   Virtually none of the passwords were still in use so the researchers considered that it was ethical to use the dataset in their research. The analysis highlights that people tend to choose passwords based on defined patterns and what comes into their mind when asked for a password.  So it is not surprising that in the 50 most used passwords, the most common text-based password is the word password itself.  However, the use of patterns does often make guessing passwords very easy, especially for password cracking software such as HashCat which can make up to 300,000 guess at a password per second. Other patterns identified were people adding their year of birth to their name to create a password and an […]

What 10 million passwords reveal about the people who choose ...




2
The creepy extent to which folk at GCHQ have been monitoring and spying on all web users has been revealed in leaked documents on operation ‘Karma Police’. The documents published by The Intercept demonstrate that the UK government’s listening service GCHQ was building a “web browsing profile for every visible user on the internet”. James Baker NO2ID Campaigns Manager said: “Sensitive meta data can be used to build up a profile of the websites you visit. If you’ve ever sought marriage guidance, googled medical conditions or viewed pornography then chances are this programme will have used that information to build up a profile about you. “This is out of control surveillance which demonstrates that ,more than ever, we need independent judicial oversight of government surveillance powers.” These surveillance powers are a typical example of a database state, which is the term we use to describe the tendency of governments to […]

GCHQ surveillance powers – less ‘Karma Police’ and more ’Creep’


The BBC news website reports that More than 11 million passwords stolen in the Ashley Madison website hack have been decoded by a password cracking group. Initially, it was thought that the hacked passwords were unbreakable because hashing with bcrypt had been employed which effectively scrambles the password.  However, an amateur password cracking group called Cynosure Prime has discovered that the site had at some point changed the way passwords were stored, which reduced the strength of the bcrypt protection.  As a result the group have been able to crack 11 million passwords scrambled since the changes were made. Exactly, why Ashley Madison changed the way passwords were stored is not known, but it is speculated that it was done to make accessing the site easier. In a previous Newsblog post it has been highlighted that it is often the case that the reputational and financial impact on companies from […]

Flaws found in Ashley Madison password protection


2
Last month we learnt that government officials were planning a digital ‘vault’. Entirely unlike the National Identity Register the ‘vault’ would store people’s addresses, phone numbers, tax details, where they are registered to vote, driving records and benefit claims, as well as information about their mortgages, pensions and bank accounts. The scheme would be voluntary, although probably in about the same way as agreeing to a credit check is voluntary e.g. not if you ever want a financial service again. An on-line poll hosted by the Telegraph says that 82% of people wouldn’t sign up to such a service.  Of course we all know on-line polls are not really that representative of public opinion, but it isn’t surprising that people might have some issue with all their financial details being stored in a single place. Even those in the ‘nothing to hide’ camp who don’t grasp the dangers of surveillance will have […]

Telegraph poll – 82% of people wouldn’t sign up ...