gary


1
Ellen Nakashima reports in the Washington Post that Hackers working for the Chinese state breached the computer system of the US Office of Personnel Management in December 2014. The Office of Personnel Management is essentially the Human Resources function of the US Government.  The breach is believed to have resulted in the loss of the personal details of up to four million current and former US Government employees. The breach is the second major breach of US Government networks by China in the past year.  Austin Berglas, a former cyber official at the FBI’s New York field office said in response to the news: “China is everywhere. They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”

Chinese Breach Data of Four Million Federal Workers


2
The BBC News website reports that UK Police made 733,237 requests to view communications data over a three-year period according to a report by Big Brother Watch, equivalent to an access request every two minutes. Police Officers wanting to gain access to communications data have to be internally approved by a senior member of the relevant force and on average 96% of such requests are approved. Big Brother Watch wants more transparency about how such requests are authorised and the crimes the data is used to fight.  The group also wants judicial involvement as a final step in the approval process. The actual Big Brother Watch Report can be found here.

UK Police Seek Data Access ‘every two minutes’


John Leyden reports on the Register website that South Wales Police have been fined £160,000 for losing DVDs of an interview with a sex abuse victim and not reporting the loss for nearly two years. The unencrypted DVDs were left in a desk drawer and the loss was discovered after an office move in October 2011.  It emerged during the investigation that South Wales Police had no specific force-wide policy for the safe storage of victim and witness interviews. Commenting on the case Anne Jones, ICO Assistant Commissioner for Wales said: “Without any doubt we would expect a professional police force, in a position of trust, dealing with this type of highly sensitive information from victims and witnesses on a daily basis, to have robust procedures to keep track of the personal data in their care.”  

Welsh Police Force Fined £160,000 after Losing Sensitive Video Interview



1
Dan Hyde reports in the Daily Telegraph that Home Secretary Theresa May has indicated that a law to allow snooping on personal email accounts and internet browsing, could be pushed through now that the Conservatives have a parliamentary majority. Her comments were made in the early hours of Friday morning as the Conservatives appeared to heading for a majority.  Previously the so-called  Snoopers’ Charter had been blocked by the Conservatives coalition partners the Liberal Democrats. However, with the Conservatives having only a slim majority, Theresa May could potentially still have an up hill struggle to get the controversial measures through.

Theresa May to Resurrect the Snoopers’ Charter


2
Alex Matthews-King reports in Pulse that the NHS is overriding 700,000 patient opt-outs to GP data being shared. The Health and Social Care Information Centre has said that 700,000 patients registered an objection to their identifiable information being passed from the HSCIC to a third-party before the aborted roll-out of care.data in March 2014.  However, it admitted that it doesn’t currently have the resources to deal with this volume of objections and thus it has not been possible to implement the patient opt-outs. Dr Beth McCarron-Nash, who leads on care.data for the General Practitioners Committee, told Pulse: ‘Obviously, if there are technical difficulties that HSCIC are experiencing, they must be resolved, and it is their responsibility to make sure patients are protected. But basically it’s a mess.’

NHS overriding 700,000 patient opt-outs


The campaign group Big Brother Watch has prepared a briefing note on privacy and other issues with the European Union’s eCall system which the European Parliament voted on 28th April 2015 to make compulsory in all new cars. Although eCall is promoted as an EU-wide emergency alert system to help ambulance crews get to road accidents faster, it raises significant privacy and snooping concerns because it works in partnership with an Event Data Recorder (EDR).  The EDR records for 20 seconds before an accident and 10 seconds afterwards; however, as the briefing note points out this means it must be recording and erasing continuously. Currently it is not intended that eCall should transmit data continuously, but it could do so and this opens up the possibility of mission creep such as the system being used to track motorists, as the EDR has the ability to record a vehicles exact location. […]

Big Brother Watch Briefing Note on EU Car Tracking eCall ...



The BBC News website reports that Airbus says it will file a criminal complaint over allegations that German intelligence helped the US carry out industrial espionage on the company. German media reports suggest that the country’s spy agency BND collected data on European firms at the behest of the US National Security Agency.  Airbus said it had asked for more information from the German government and said in a statement: “We are aware that large companies in the sector, like ours, are targets of espionage,” …… “However, in this case we are alarmed because there is concrete suspicion.” Airbus was named by the German press as one of the firms that was targeted by the spying operation.  It is believed that BND eavesdropped on online, phone and other communications in order to gather information.

Airbus to sue over US National Security Agency Spying


4
Fred Pearce reports in New Scientist magazine that many people in the UK are worried about having smart meters in their homes because they fear that data about their personal energy use will be shared. The online survey of more than 2400 people in the UK was conducted by Alexa Spence of Nottingham University.  Commenting on the findings that people are worried about what might happen to their energy use data Spence said: “People are becoming increasingly aware of the value of their personal data and privacy, and they often err on the side of caution.”

UK People Wary of Smart Meters


Yasha Levine reports on the PandoDaily website on how the U.S. Government has and continues to fund internet tools that provide anonymity and privacy such as Tor, CryptoCat and Open Whisper Systems. The article provides an interesting insight into the activities and history of the blandly named Broadcasting Board of Governors (BBG), which has its origins in the cold war, and the way money passes through BBG controlled Radio Free Asia and the stations Open Technology Fund, to groups and individuals developing various privacy technologies. Although the author questions whether privacy activists should be accepting funding from the US Government, a probably more important question is why the US Government would want provide funding to organisations and individuals to develop technology that provides protection from surveillance by the US National Security Agency (NSA) and the UK’s GCHQ etc.  This is a question very rarely discussed by privacy campaigners or journalists, […]

Internet Privacy Funded by Spooks: A Brief history of the ...



Neil McAllister reports on The Register website that an audit of the TrueCrypt disk-encryption software has been completed and confirms that it is secure and there is no evidence of back-doors, or serious design flaws in its code. Attention became focused on the ongoing audit of TrueCrypt after the anonymous developers of the software mysteriously abandoned its ongoing development in May 2014. The potential loss of TrueCrypt was an issue for people who rely on encryption to protect their data such as Journalists. However, a number of other disk encryption systems are under development based on the TrueCrypt source code such as CipherShed and VeraCrypt. The actual report on the audit of TrueCrypt can be found Here.

Audit Confirms TrueCrypt is Secure


4
Ray Massey reports on the This is Money website that nearly 19,000 foreign drivers failed to pay ANPR generated fines for none payment of the Dartford River Crossing toll in December 2014. Toll booths were removed in November 2014 with payment required by internet, phone or account. Vehicles using the crossing are identified by an automatic number plate recognition (ANPR) system and fines are issued if the £2.50 toll is not paid by midnight the following day. The 19,000 foreign drivers are amongst 130,306 road users sent penalty charge notices in December 2013 of which 73,898 had been settled by the end February.  As many as one in seven drivers using the Dartford River Crossing failed to pay in the schemes first month, which was double the expected non-payment rate of one in 14. Comment from Newsblog Editor: It is worth considering the financial model being employed on the crossing […]

19,000 foreign drivers fail to pay ANPR generated fines


2
Following a series of high-profile losses of customer’s personal data suffered by major companies such as Sony, Home Depot and Target, Erik Sherman considers on the CBS Moneywatch website why companies do not improve IT security and safeguards for customer data. The answer is that although the cost of remediation and fixes following such data leaks looks enormous to the average person, the financial impact on companies is negligible.  For example, when Target lost 40 million credit card numbers and 70 million other records, the cost after deductions was 105 million dollars which is less than 0.1 percent of the company’s revenue. Even the reputational damage to companies from huge data losses seems relatively short-lived.  Following a major breach of Sony’s network the Ponemon Institute polled consumers every 48 hours to check the company’s reputation.  After less than six months the Sony’s reputation had recovered its place to where it […]

The reasons companies don’t fix cyber security



The Intelligence and Security Committee (ISC) has issued a report into surveillance by the security services in the United Kingdom.  The report titled “Privacy and Security: A modern and transparent legal framework” is the result of a review started by the ISC in 2013, following revelations by the former US Intelligence contractor Edward Snowdon about the extent of surveillance by UK and US intelligence services. The report considers whether current legislation provides sufficient oversight and accountability and the impact of surveillance on privacy.  It concludes that there is a lack of transparency around surveillance which is not in the public interest.  This has come about due to the way the legal framework has developed in a piecemeal fashion. The key recommendation of the report is that the current legal framework should be replaced by a single new Act of Parliament governing the intelligence and security agencies. The report can be […]

The Intelligence and security Committee (ISC) Report into Surveillance in ...


6
Gareth Corfield reports on the Register website that a Supreme court ruling has effectively given carte blanche to police forces to retain personal data they have collected for virtually any purpose and hold it as long as they like – even when the people targeted are not violent and have committed no crime. The case involved John Catt from Brighton who had lodged a legal claim against the police for keeping records about his attendance at various political protests going back a decade.  In 2013 the Court of Appeal ruled that it was illegal for the Police to retain such records; however, the police appealed to the Supreme court. A particular concern highlighted in the article with the judgment, is the argument put forward by the court that the retention of data for “police purposes” is inherently lawful, albeit with the proviso that it is “regularly reviewed” for deletion (although […]

UK Supreme Court waves through indiscriminate police surveillance


Severin Carrell reports in the Guardian that the UK Information Commissioner says proposals to put every Scottish citizen on a central database accessible to 120 public bodies, risks breaching data protection laws and privacy standards. The Scottish SNP Government wants a single central identity database known as “Myaccount”, which public bodies would use to allow users to access services.  However, the scheme is similar to the UK ID card and national identity register that was rejected on civil liberties grounds by the UK government in 2010. The Information Commissioners Office (ICO) said ministers had failed to carry out the necessary privacy impact assessment before drafting proposals, and had failed to explicitly set out the reasons why the new national database was needed.  It also said that Scottish ministers were unwise to reject the much more privacy-friendly system for accessing public services now being considered by the Cabinet Office, where an […]

Scotland-wide ID database risks personal privacy and civil liberties – ...