Yearly Archives: 2014

Big Brother Watch have issued a report on NHS data breaches.  It reveals that from the 1st April 2011 to 11th November 2014, there have been at least 7,255 breaches which is the equivalent to six breaches every day. As well as considering the number of data breaches within the NHS, the report reflects on the legislation that is in place to address them, highlighting that the Data Protection Act 1998 (DPA) has a number of flaws that must be corrected. Big Brother Watch proposes three measures that should be introduced, including introducing the option of custodial sentences and criminal records for the worst offenders and providing better training.

Patient Confidentiality Broken Six Times a Day

The Russia Today website reports that Mozilla are teaming up with Tor to provide increased internet security by allowing Firefox browser users to easily access the Tor network. Undertaken as part of the so called Polaris project, it aims to significantly improve internet privacy as well as combating internet censorship. The article highlights that although internet privacy is often a topic of conversation, it is yet to go mainstream; with many ordinary computer users put off by perceived complexity.  However, Mozilla hope the Polaris project will help to change these stereotypes.

Mozilla team-up with Tor to improve internet privacy

Frankie Mullin discusses on the Vice website if nightclubs are breaking the law storing clubbers finger prints and scanned IDs. ID scanning equipment is increasingly a feature in clubs and bars across the UK and is often required by the local licensing authority as part of the licence conditions for a venue.  However, there are concerns about the storage and retention of this personal data and the use to which it can be put, particularly as club owners were found to be unclear about data protection requirements. The power to require clubs to collect ID is in the Licensing Act 2003 (Mandatory Licensing Conditions) Order 2010, which was introduced by the coalition government.  In the article NO2ID’s General Secretary Guy Herbert highlights that: “…. at the same time as the government was making a fanfare about repealing Labour’s ID Cards legislation, they were creating a special case of requiring the […]

Are UK Nightclubs Breaking Data Laws by Storing Your ID ...

James Vincent reports in the Independent that Facebook is to allow a Tor link to its site via a special URL for users who wish to stay anonymous as possible.  Prior to this link, access to Facebook via Tor was essentially blocked by the sites security protocols. Users will not be anonymous to Facebook as they still have to log on; however, anyone monitoring the internet connection will not be able to identify the user or the user’s location.  This could be useful in countries like Iran, China and North Korea where Facebook is blocked for fear that it will be used by opposition movements.

Facebook offers Tor link for users that prefer to stay ...

Chris Mallett reports in the Derby Telegraph of a case where Derby City council used the Regulation of Investigatory Powers Act (RIPA) to spy on a Derby Telegraph reporter. The incident was highlighted  during a House Of Lords debate on the Regulation of Investigatory Powers act by Lord Black of Brentwood, executive director of the Telegraph Media Group. However, they were seen by member of Council staff who alerted colleagues who dispatched two members of the internal audit department to conduct the surveillance.  Lord Black highlighted that confidential sources like Miss Green’s were critical for reporting matters of public interest and said: “Just think about the disastrous impact on local press reporting of local authorities if such sources of information dried up.”

Derby City Council used RIPA to Spy on Reporter

Kat hall reports in the Register that some NHS trusts have failed to put agreements in place with Microsoft for extended security support for Windows XP. A majority of NHS trusts still operate Windows XP based machines and have signed up to a Cabinet Office agreement with Microsoft to provide ongoing security upgrades until April 2015; however, 18 trusts have so far failed to sign the agreement. The article highlights that a total of 1.1 million PCs and laptops are estimated to be running Windows at trusts, GPs and other health groups that comprise the NHS in England.  The security risks from a lack of security support depend on factors such as how many non-upgraded machines are on the networks, the effectiveness of perimeter defences and the availability of suitable exploits for an attacker to use.

Patient records open to hackers due to NHS Trusts failing ...

Christopher Joye reports on the Australian Financial Review website that Chinese state sponsored hackers have been ramping up their spying activities on Australian companies. The attacks have been revealed by Mandiant, a cyber security firm.  Mark Goudie, Mandiant’s Australian Director of Investigations, claimed that highly skilled hackers referred to in the industry as “advanced persistent threats” or APT’s had been penetrating Australian mining and natural resources companies and lawyers and financial advisors associated with them. The Chinese hackers particularly target companies that have dealings with organisations in China; however, another driver is to steal intellectual property which China can use to fuel its own economic growth.

Chinese state sponsored hackers increase attacks on Australian Companies

Sam Jones and Murad Ahmed report in the Financial Times that Robert Hannigan the new chief of the UK electronic spying agency, GCHQ, has accused US technology companies of becoming  “the command and control networks of choice for terrorists”. Hannigan says: “However much they may dislike it, they have become the command and control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us”. However,  his remarks were rejected by many in the industry, with one US tech group executive criticising the suggestion that technology companies should circumvent current legal process and asking: “What should we do if the Saudi or Russian government also demand information be handed over on the spot?”

Britain’s new chief of GCHQ claims that US technology companies ...

Bill Gardner reports in the Daily Telegraph that Government monitoring of communications in 2013, has more than doubled when compared 2010 which was the Coalition’s first year in power. Home Office figures show the department accessed 6,056 items of communications in 2013, compared with 2,813 in 2010.  The monitoring was undertaken using the Regulatory of Investigatory Powers Act (RIPA), which has come under scrutiny in recent weeks due to the Police using it to gain access to journalists’ phone records enabling them to identify confidential sources.

Spying on phone calls and emails has doubled under the ...

James Ball reports in the Guardian, that the government has confirmed for the first time that British intelligence services can access data collected in bulk by the US National Security Agency (NSA) and other foreign spy agencies, without a warrant. GCHQ’s secret “arrangements” for accessing bulk material are revealed in documents submitted to the Investigatory Powers Tribunal, the UK surveillance watchdog, in response to a joint legal challenge by Privacy International, Liberty and Amnesty International.  The legal action was launched in the wake of the Edward Snowden revelations published by the Guardian and other news organisations last year. Liberty have also issued press release on the revelation which can be found here.

GCHQ can view NSA bulk data without a warrant, government ...

Rory Cellan-Jones the BBC Technology Correspondent reports on the BBC News website how he spent a day without data.  The aim was to explore what data is collected, who benefits from it and how easy it is to avoid leaving a data trail. Rory meets up with Dr George Danezis, an expert on privacy and information security at University College, London who will take him through what he needs to do to avoid leaving a data trail or sharing his data.  However, this is very difficult to do in the modern world. As George highlights: “Your job today is going to be very difficult, You won’t be able to use the internet, but you also won’t be able to do lots of other things – in fact you won’t be able to live a 21st Century life.”

A day without data

Jim Finkle reports on the Reuters website that the U.S. Department of Homeland Security is investigating cybersecurity flaws in medical devices and hospital equipment that officials fear could be exploited by hackers. There are no known instances of hackers attacking patients through medical devices; however, the agency is concerned that it may be possible to gain control of the devices remotely and create problems, such as instructing an infusion pump to overdose a patient with drugs, or forcing a heart implant to deliver a deadly jolt of electricity.

U.S. government probes medical devices for possible cyber flaws

Open Rights Group is holding its annual digital rights conference in London on Saturday 15th and Sunday 16th November 2014. ORGCon features high profile writers, speakers and activists giving their insights into the big issues affecting civil liberties and the Internet.  The focus of this year’s conference is government surveillance and how it can made a key issue for voters in the run up to the General Election in 2015. Further details of the event can be found here.

ORGCon 2014

Alasdair Glennie and Harriet Arkell report in the Mail Online that the BBC has been using Regulation of Investigatory Powers Act (RIPA) to track down television licence fee dodgers. This information emerged during questioning at Commons culture, media and sport committee.  Although the BBC has admitted using RIPA, it has refused to say when and how often citing the reason for the secrecy was: “to ensure people without a valid TV licence don’t use this information to their advantage”. John Whittingdale MP, who chairs the culture committee, highlighted that there were questions to be asked over the BBC’s use of RIPA powers and added that: “The problem is, the BBC won’t tell us how it is being used, or in what circumstances. That means we can’t be sure it is being used properly. This legislation was designed to fight terrorism and organised crime. I can’t imagine it was intended for […]

BBC Using Regulation of Investigatory Powers Act (RIPA) to track ...

Dominic Kennedy reports* in the Times that Police are using a loophole in the law to allow them to access voice mails, text messages and e-mails without the knowledge of senders or recipients. Interception of live phone messages, texts and e-mails require a warrant granted by the Home Secretary; however, the Police are able to get round this once the messages are stored by use of a Production Order.  These orders are granted by a Circuit Judge, but are outside of the remit of the Interception of Communications Commissioner and hence are not subject to any over site. The investigation by the Times suggests that many Police Forces are using Production Orders on a regular basis, with the mobile phone operator EE stating that they received about 150 requests a month. *The Times online is a subscription service and a subscription is required to read the full article.

Police use loophole to hack phones and email