gary


Recently the Supreme Court ruled that a teacher who was found not guilty of rape could not have reference to the case, which had been included by the Police on an enhanced criminal record check (ECRC) removed.  The actual ruling is not surprising as the Supreme Court has made similar judgements in the past such as highlighted in this previous Newsblog report.  However, the judgement raises questions about the competency of Supreme Court judges, as allowing the information to be included in an ECRC is clearly perverse as it undermines basic rights that it is essential to uphold and sets dangerous precedents for the future.   There are a number of issues with the judgement as outlined below:   Firstly and perhaps most obvious is that by adding the case to the teacher’s ECRC record the implication is that he is guilty even though he has been found not guilty by a […]

Is the UK Supreme Court Competent to Rule on Database ...


Recently China implemented new restrictions on the use of Virtual Private Networks (VPNs), by introducing the requirement for VPN providers to be registered with the Chinese Government. VPNs are very popular in China as a means of getting around the Chinese Government’s internet monitoring and censorship programme that goes under the euphemism of the “Great Firewall of China”.   Given the ability of VPNs to break state censorship it is not surprising that the Chinese government has initiated a clamp-down on their use. The internet monitoring busting capabilities of VPNs is something that the UK Government may have to face in the near future following the introduction of the Investigatory Powers Act (IP Act) and the Digital Economy Act (DE Act).  Both of these will drive an increased use of VPNs in the UK. In the case of the IP Act VPNs are likely to be employed by internet users to […]

What Chance a UK Ban on VPNs?


One of the most interesting phenomena to come out of the leaks of Hilary Clinton’s campaign chairman John Podesta’s e-mails last year was the Pizzagate affair, which has also morphed into “Paedogate” (For those of you interested in getting a flavour of Pizzagate the #Pizzagate hashtag on Twitter will give you a good overview). For those of you not familiar with Pizzagate it is a narrative (or depending on your point of view a conspiracy theory) which claims that a child sex ring operated within the senior echelons of the United States Democratic Party.  This child sex ring was claimed to be linked to various restaurants, but in particular a Pizza restaurant called the Comet Ping Pong Pizzeria in Washington DC.  It started with leaking of the e-mails by WikiLeaks and the story spread rapidly on Social Media particularly on Twitter, 4Chan and Reddit. Subsequent publication of the story by […]

Pizzagate’s Big Data Problem



Two recent news articles highlight issues with the database state and the fallacy of the “nothing to hide, nothing to fear” argument so often used to claim surveillance is not something the law abiding should be worried about. The first was a report in the Guardian that 17 people had been mistakenly arrested, due to incorrect telephone information or Internet records being provided to the Police or other public bodies investigating crime. The other was an article resulting from a Daily Mail investigation concerning people having county court judgements awarded against them, without them even knowing that proceedings had been issued against them or anything about the court case. In both these cases information has been processed on individuals without their knowledge and with not even basic checks on the accuracy of the information being made by the Police, security or court services.  This in itself scandalous given the serious […]

Data is There to be Processed – But as Cheaply ...


NO2ID have recently picked up on a worrying new strategic data sharing initiative in Greater Manchester.  It is called GM-Connect and it was initiated in January 2016, but we have only become aware of it recently because there hasn’t been much publicity about it.  Official information is limited to a press release and a report summarising the aims of the GM-Connect project. The aim of GM-Connect is to allow the sharing of the personal data of residents across Greater Manchester, with a longer-term aim to create a ‘common residents index’ of everyone living in Greater Manchester.   Although the report focuses on the use of GM-Connect in improving social and health care, the ultimate intention is clearly that access to many other public services will be covered. GM-Connect will not actually store the data but will use a federated data sharing model (Essentially a series of separate databases which can be […]

GM-Connect: A New Data Sharing Initiative for Greater Manchester


4
Nikolaj Nielsen reports in the EU Observer that France is proposing that all travelling EU nationals should be required to give their fingerprints and possibly also have their faces scanned as part of the Smart Borders programme. Smart Borders was proposed in 2013 by the EU Commission to allow management of the external borders of the Schengen Member States.  Biometric scanning of visiting non-EU nationals was also included in the scheme.  It has been on hold for a while due to cost concerns; however, an updated plan for the scheme is expected before the end of the year. In a document submitted by the French delegation it is claimed that an expanded Smart Borders scheme is required to address terrorist threats and gives examples such as the Charlie Hebdo attack in Paris and the recent attack on an Amsterdam to Paris train to justify their proposal.  Further justifications include dealing […]

France Wants all Travelling EU Nationals Fingerprinted




The Electronic Frontier Foundation (EFF) has released a tool called Privacy Badger to allow web users to block tracking cookies and spying adverts which ignore the Do Not Track setting in browsers.  Privacy Badger is not an ad blocker and adverts which do not contain tracking functionality, or respect Do Not Track settings are not blocked. Privacy badger also offers some protection against browser fingerprinting (see Panopticlick) by blocking third-party domains that use the technique, although it is not totally effective against what is a very sophisticated and subtle form of tracking. The plug-in is currently available for Chrome and Firefox and can be found and downloaded here.

EFF Release Privacy Badger Browser Plug-in to Stop Online Tracking


Darren Pauli reports on The Register website that security researchers have discovered that the HTC One Max phone stored user fingerprints as clear text in a “world readable” folder that could be accessed by  other Apps.  The Samsung Galaxy S5 was also found to have similar vulnerabilities. The revelation was made by researchers presenting at the Black Hat security conference in Las Vegas earlier this month.  It was one of four situations in which biometric data on an Android phone could be accessed by hackers.  In one scenario they showed how attackers could have money transfers authenticated by getting a user scan their fingerprints on a fake login screen to unlock the device. A link to the original research paper can be found here.

HTC Phone Stored Fingerprints as Clear Text



Sally Adee discusses in an article in New Scientist magazine whether it is possible to permanently delete a social media profile. The article highlights the situation with the recently hacked Ashley Madison website (an adultery website) which guaranteed to remove all members date upon payment of a £15 fee.  However, the recent hacking of the site has highlighted that due to financial auditing requirements, credit card details and the name used to scrub the account have been retained.  This obviously defeats the point of the user paying to have their records removed. Many sites such as Facebook have ambiguous policies on deleting data and what data is actually deleted after a user deletes their account.  This is compounded by the fact that deleting digital records is not necessarily as straight-forward as it seems, as account information may be held in multiple data centres distributed across the world. The problem with […]

Is it Possible to Permanently Delete a Social Media Profile?


Karl Thomas reports on the Welivesecurity website that local authorities in Cambridgeshire, Norfolk and Suffolk have suffered more than 160 data breaches in the past year. Most incidents were the result of human error, such as e-mails and letters being misaddressed. However, in one astonishing case a filing cabinet containing sensitive files was sold following an office move, although the files were subsequently recovered from the buyer.

Eastern England Councils in Slew of Data Breach Errors


3
Tom Whitehead reports in the Daily Telegraph that an Interception of Communications Commissioner report has highlighted that five people have had their homes searched and computers seized after they were wrongly identified as paedophiles, with one person being arrested.  Additionally, information on dozens of other innocent people was wrongfully disclosed to the officers investigating child sex abuse or pornography due to errors with the requests. Commenting on the errors Joanna Cavan, the head of commissioner’s office, said: “Although the numbers are small, the consequences are significant and they can be devastating.” The failures did not only mean that innocent people were investigated but that some genuine suspects escaped investigation because by the time it was realised that the wrong people were being investigated, the records of the suspects had been deleted by their internet service providers. The report also reveals that 998 errors were made in communications data requests in […]

Innocent People Treated as Paedophiles after Snooping Blunders




Ryan Whitwam reports on the ExtremeTech website that researchers have found a way to track android phones by studying their power use over time. The technique works on the principle that the further away a phone is from a base station, the more power the phone uses to maintain a connection.  Researchers called their proof of concept application PowerSpy.  Before it can be used a power map of an area has to be established so that PowerSpy knows what performance to expect in a particular location. Although making a call or using apps will also drain power, the algorithm used in PowerSpy is designed to monitor power use over several minutes, so that battery usage not associated with location can be filtered out.

Battery Power Alone Can be Used to Track Android Phones


4
Alexander J. Martin reports on the Register website that people attending the Download Festival had their faces scanned by a Police facial recognition system, and there was surveillance of their on-site location and expenditure via RFID wristbands. Attendees faces were scanned using a system called NeoFace and then compared with a database of “lawfully held European custody photographs”.  The original plan was for attendees not to have been told about the surveillance until after the event; however, publication of an article in the Police Oracle revealed the surveillance plan in advance. In addition RFID wristbands had to be used to make purchases and move about the festival with no opt-out possible.  A significant concern with the use of these RFID wristbands, is that Download’s privacy policy stated that information collected via the RFID cashless payment wristbands, would typically be shared with third-party companies to establish the users interests, purchases and […]

Police Scanned Faces of Everyone at Download Festival