The BBC News website reports that the South Korean national identity card scheme is going to have to be completely rebuilt at the cost of billions of dollars. Identity card numbers have been a prime target for hackers due to their use across a variety of sectors for accessing services.  It is estimated that the ID numbers and personal details of an estimated 80% of the country’s 50 million people have been stolen from banks and other targets.  Even the South Korean president has been a victim of data theft. The rebuild may take up to a decade to complete.

South Korean Identity Card System to be Rebuilt from Scratch

The BBC News website reports that 18,304 requests were made to Google to remove weblinks from search results by UK residents under European “right to be forgotten laws”.  According to Google it removed 35% or 18,459 links to web pages following these requests. It follows a European Court of Justice ruling that links to irrelevant and outdated data can be erased on request; however, the ruling sparked criticisms over censorship of material. Google has given examples of the sort of requests it had received and also those it had refused in its transparency report, which is available online at:  

Thousands of Britons seek ‘right to be forgotten’

The Mail on Sunday (MoS) reports about the Police using the Regulatory of Investigative Powers Act (RIPA) to secretly access MoS journalists phone records. The records were accessed while they investigated claims from the disgraced former cabinet Minister Chris Huhne that the MoS was involved in a conspiracy against him.  Huhne was convicted of perverting the course of justice in a 2003 speeding case following a story in the MoS. By accessing phone records, Police were able to identify the Journalist Andrew Alderson as the mail on Sunday’s source for the story, even though his identity was protected by the order of a Judge.  The identity of the source, along with details of phone calls between him and MoS News Editor David Dilllon, were then passed onto Chris Huhne’s defence lawyers by prosecutors as part of the process of  legal disclosure. Keith Vaz, chairman of the Commons Home Affairs Select […]

Police Spy on Mail on Sunday Journalists Phone Records

David Barrett and Philip Sherwell report in the Daily Telegraph on a privacy threat to UK Citizens, businesses and even Government information. It follows a court ruling by a New York judge that Microsoft must hand over to US prosecutors the emails of a European customer stored on its servers in Ireland, as part of a drugs trafficking investigation; however, to do so could break Irish and EU data protection laws.  Microsoft is fighting the case, but Professor Ian Walden, of the Centre for Commercial Law Studies at Queen Mary University London, believes they will lose. If so Professor Walden believes that it presents a huge privacy risk for British companies and British individuals: “If the federal government is victorious it will raise the threat that if you come to the attention of the US authorities whether directly or indirectly your information may be accessible if it’s stored with American […]

US threat to British online privacy

Rory Cellan-Jones reports on the BBC news website about a new Identity Assurance System that has been developed by Government Digital Services.  The idea is that it will be one-stop shop for proving identity for a range of government services, from renewing your passport or driving licence to paying tax. Under the system verification of identity is not done by the government but by a range of outside companies.  While the system is being developed this is currently limited to the credit rating agency Experian and the American company Verizon.  Ultimately it is expected that other organisations like banks and UK mobile phone operators will also be suppliers. Unfortunately, as Rory reports, when he tried out the system it was unable to verify his identity – not a good start.

Government Digital Service Demonstrates Verify an Identity Assurance System

The information Commissioner’s Office (ICO) reports that a review of over 1,200 mobile apps by 26 worldwide privacy regulators has shown that many apps are accessing large amounts of personal data, without explaining adequately how the data is being used. The research was undertaken by the Global Privacy Enforcement Network (GPEN) of which the UK’s Information Commissioner’s Office is a member. ICO Group Manager for Technology, Simon Rice, said: “Apps are becoming central to our lives, so it is important we understand how they work and what they are doing with our information. Today’s results show that many app developers are still failing to provide this information in a way that is clear and understandable to the average consumer.” The ICO has published a guide called “Privacy in Mobile Apps” to help app developers in the UK handle personal data correctly and meet the requirements of the Data Protection Act.

Information Commissioner’s Office: 85% of mobile apps fail to provide ...

Nicole Blackmore writes in the Daily Telegraph that Barlcays bank is to introduce new finger scanning technology developed by Hitachi called VeinID, which will allow customers to access their online bank accounts and authorise payments. The biometric reader works by verifying the unique vein patterns in fingers.  Barclays claim that the technology is one of the most secure in the market as vein patterns are extremely difficult to replicate.  Also the scanned finger must be attached to a live human body for the scanner to work.  Importantly, the system does not require Barclays to hold a copy of the user’s vein pattern. The reader will initially be available to corporate clients from 2015.

Barclays bank to introduce finger scanner

Reuters reports that Community Health Systems Inc., one of the largest providers of Health Care in the US, have been victims of a cyber attack in April and June of this year resulting in the loss of personal data belonging to 4.5 million patients. The cyber attack is believed to have originated from China and involved a hacking group called “APT18” which is believed to have links to the Chinese government.

US Hospital group loses patient data in cyber attack

Vikram Dodd writes in the Guardian that Sir Peter Fahy the Chief Constable of Greater Manchester has said that the Police want new and expanded rights to access medical records and other confidential data without an individual’s consent. Fahy said that the enhanced access to sensitive data was needed to help Police cope with growing numbers of vulnerable people, such as the elderly, people with dementia, those with drug and alcohol problems and those with mental health problems.   Most controversially though, he said medical professionals should share information about women suffering from domestic abuse, even against the victim’s wishes.

Police want right to see medical records without consent

John Hawes writes on the Sophos Naked Security website reports that Google has revealed the identity of a Gmail account to authorities in Houston, Texas, USA after finding child abuse images in e-mails. Google scans Gmail user’s e-mails to provide amongst other things targeted advertising; however, this is the first time that there has been a report of Google scanning e-mails for criminal activity. The revelation raises concerns about privacy of e-mails and extent to which Google is involved in supplying information to Governments. A later report on the BBC news website states that the BBC understands that Google does not scan e-mails for other types of criminal activity. However, the very fact that Google could at some future date scan e-mails for other types of content, illegal or otherwise is a concern as what procedures and safeguards are in place is not clear. Subsequent to the Google story breaking […]

Google Spots Child Abuse Images in Gmail Users e-mails

Symantec the computer security firm has published an article about how people using portable fitness monitors and other bluetooth enabled “life-loggers” can be tracked using a device as simple and cheap as a Raspberry Pi mini computer. Symantic researchers used the Rasberry Pi computer as a Bluetooth scanner, which they took out to athletic events and public spaces.  Using the improvised scanner, they were able to detect life-logging devices from the Bluetooth signals broadcast by the devices and track them using the unique hardware addresses they transmit. The researchers claim that depending on the devices configuration, remote querying could be possible with some devices which reveal device characteristics and allow users to be tracked.  The researchers also highlighted that some 20% of devices transmitted user details in plain text which has obvious security concerns. The researchers concluded that: “From the results of this research, it appears that manufacturers of these […]

How safe is your quantified self? Tracking, monitoring, and wearable ...

Leo Kelion writes on the BBC news website that the developers of Tor have disclosed that an attack on the network may have unmasked users for five months. The Tor Project said it believed that the infiltration had been carried out by two university researchers, who claimed at the start of July to have exploited “fundamental flaws” in Tor’s design that allowed them to unmask the so-called dark net’s users. The Tor project have given full details of the attack and the methods used in a security advisory notice on their website.  

Tor attack may have unmasked its users

The United Nations News Centre highlights UN concerns about the increasing number of Government initiated mass surveillance programmes. It comes in the week that the UK Parliament approved the Data Retention and Investigatory Powers (Drip) bill, which makes communication companies store user data. Launching the report Navi Pillay , the  UN High Commissioner for Human Rights, said that: “The onus is on the State to demonstrate that such interference is neither arbitrary nor unlawful,” Ms. Pillay said, noting that article 17 of the International Covenant on Civil and Political Rights states that “no one shall be subjected to arbitrary or unlawful interference with his or her privacy, family, home or correspondence, nor to unlawful attacks on his or her honour and reputation.” A copy of the report is available here: The Right to Privacy in the Digital Age

UN Concerned about Mass Surveillance Programmes

Jane Wakefield writes on the BBC web site that Security Experts have been able to hack into smart network enabled LED light bulbs and switch them on and off remotely: Michael Jordon, research director at Context, explained how he was able to obtain the wi-fi username and password of the household the lights were connected to. “We bought some light bulbs and examined how they talked to each other and saw that one of the messages was about the username and password,” he told the BBC. “By posing as a new bulb joining the network we were able to get that information,” he added. “We were able to steal credentials for the wireless network, which in turn meant we could control the lights.” Although the vulnerability has now been fixed,  it does highlight the potential security and privacy issues associated with the “Internet of Things“.

Smart LED light bulbs Hacked

Big Brother Watch has published a briefing note reviewing the issues with surveillance of communications data. Commenting on publication of briefing note Big Brother Watch said: In the debate around state surveillance, we all too often we hear officials say that we have nothing to fear as only the communications data (or metadata) is examined, not the content of a communication. Big Brother Watch has therefore published a briefing not on why communications data matter. In the briefing note you will find answers to questions like: what are communications data?; what can communications data reveal?; and how are communications data analysed?. We also include details of how communications data have evolved and whether the legal framework currently in place provides sufficient safeguards.  

Big Brother Watch Briefing Note on Why Communications Data Matters