gary


The medConfidential campaign has issued a press release following the publication of the Independent Information Governance Oversight Panel (IIGOP) on the care.data scheme. The report lists 27 areas of concern for the care.data Programme Board to address, which contain some 52 unanswered questions.  In addition, there are seven additional tests that the recently announced care.data pathfinder Clinical Commissioning Groups (CCGs) must meet. MedConfidential highlights that the sheer number of unanswered questions indicates just how fundamentally misconceived care.data was from its inception, and at this stage – 10 months after the programme was stopped – suggests continued mishandling by those running the care.data scheme. The IIGOP report can be found here.

27 fundamental areas of concern remain with care.data scheme


Craig Timberg reports in the Washington Post, that German researchers have discovered that phone calls and text messages between mobile phones are vulnerable to hackers and Government surveillance agencies located anywhere in the world, due to flawed infrastructure designed in the 1980s. The flaws are in the “SS7” protocol (Signalling System 7) used by mobile phone networks worldwide and are actually functions built into the system for other purposes, such as to allow mobile phones to switch between mobile phone base stations. Phone calls are vulnerable to interception even on networks using strong encryption, for example one type of attack involves recording an encrypted phone call and then requesting through SS7 that the caller’s carrier releases a temporary encryption key to unlock the communication after it has been recorded. Tobias Engel, one of the German researchers who discovered the flaws which will presented at the Chaos Communication Congress in Hamburg […]

Mobile phones ‘wide open’ to global hackers


2
The United Kingdom electronic surveillance agency GCHQ has launched a free educational app called Cryptoy, to teach secondary school children about crpytography. The app allows teenagers to create their own encoded messages which can be shared with friends via social media, or more traditional means.  The recipients can then use the app to try to decipher the messages.  By using the app teenagers can learn about cybersecurity, basic encryption techniques and learn about the history of encryption.  The hope is that it will increase the uptake of STEM (Science, Technology, Engineering and Maths) subjects at school. Further details about Cryptoy can be obtained from the GCHQ website here. At the moment Cryptoy app is only available for download to Android tablets via Google Play, but it is hoped that an iOS version for iPads will be available in 2015.

GCHQ launches code making app to teach teens cryptography



4
Chris Baraniuk reports in New scientist magazine that footage from wearable body cameras contain a “motion signature”, unique to the user. Shmuel Peleg and Yedid Hoshen at Israel’s Hebrew University of Jerusalem collected footage from 34 people who wore GoPro cameras on baseball caps. They ran it through an algorithm that recognised motion signatures particular to each person. The algorithm predicted the wearer with 88% accuracy and only required 12 seconds of video to make an identification. This technique could be used to identify people who upload videos to sites such as Youtube, such as protestors uploading video from demonstrations. However, Peleg also pointed out that: “On the other hand, if police officers have to wear cameras, this may give another level of assurance that the video you are being shown is from that officer and not someone else. It’s a double-edged sword.” The original research paper can be found […]

Camera shake can identify you


1
Michael Price writes on the Brennan Center for Justice website about the privacy issues with internet enabled televisions. Internet enabled, or “Smart” televisions have become very come in recent years; however, as Price points out the amount of data  collected by these TVs is staggering.  In the case of the TV he has purchased this includes records of the apps used, websites visited and when and for how long you use it.  The TV can also perform facial and voice recognition, the data from which is uploaded to a corporate server.  Little wonder the TV comes with a privacy policy 46-pages long. Much of the data captured and transmitted by his new TV is stored in the cloud and would be classed as “third party records”, but he highlights that (in the US) there is currently little privacy  protection for such data.

I’m Terrified of My New TV


Leala Padmanabhan reports on the BBC News website that Sir John Adye, the former head of GCHQ between 1989 and 1996, has highlighted security concerns with some biometric technology, such as fingerprint recognition used on Apple’s iPhone 6 and on other devices. He gave as an example of the lack of clear information on what happens to an individuals biometric data when used for identity checking on a smartphone and the lack of physical supervision of such devices versus for example, the way an ATM is supervised by a bank.  Commenting on Apple’s iPhone 6 biometric fingerprint recognition he said: “………They appear to have a good system at the moment for protecting their operating system, so it’s difficult for anyone outside to penetrate it and retrieve data from it.  But how long will that last, because the criminals … are very inventive at finding ways in, and although you can […]

Biometrics in smartphones need more control – ex-GCHQ boss



Rob Evans reports in the Guardian that a group of journalists have launched legal action against Metropolitan Police who have been secretly recording their activities on the Domestic Extremist Database. They have started the legal action to expose what they say is a persistent pattern of journalists being assaulted, monitored and stopped and searched by police during their work, which often includes documenting police misconduct. The six journalists have obtained official files under the Data Protection Act that reveal how police logged details of their work as they reported on protests. One video journalist discovered that the Metropolitan Police had more than 130 entries detailing his movements. The group includes a journalist on the Times.  Jules Mattsson, who, police noted, was “always looking for a story”.  Mattsson said that when he had been a victim of crime, police had transferred on to the Domestic Extremism Database details of his appearance, […]

Police face legal action for snooping on journalists


Big Brother Watch have issued a report on NHS data breaches.  It reveals that from the 1st April 2011 to 11th November 2014, there have been at least 7,255 breaches which is the equivalent to six breaches every day. As well as considering the number of data breaches within the NHS, the report reflects on the legislation that is in place to address them, highlighting that the Data Protection Act 1998 (DPA) has a number of flaws that must be corrected. Big Brother Watch proposes three measures that should be introduced, including introducing the option of custodial sentences and criminal records for the worst offenders and providing better training.

Patient Confidentiality Broken Six Times a Day


The Russia Today website reports that Mozilla are teaming up with Tor to provide increased internet security by allowing Firefox browser users to easily access the Tor network. Undertaken as part of the so called Polaris project, it aims to significantly improve internet privacy as well as combating internet censorship. The article highlights that although internet privacy is often a topic of conversation, it is yet to go mainstream; with many ordinary computer users put off by perceived complexity.  However, Mozilla hope the Polaris project will help to change these stereotypes.

Mozilla team-up with Tor to improve internet privacy



2
Chris Mallett reports in the Derby Telegraph of a case where Derby City council used the Regulation of Investigatory Powers Act (RIPA) to spy on a Derby Telegraph reporter. The incident was highlighted  during a House Of Lords debate on the Regulation of Investigatory Powers act by Lord Black of Brentwood, executive director of the Telegraph Media Group. However, they were seen by member of Council staff who alerted colleagues who dispatched two members of the internal audit department to conduct the surveillance.  Lord Black highlighted that confidential sources like Miss Green’s were critical for reporting matters of public interest and said: “Just think about the disastrous impact on local press reporting of local authorities if such sources of information dried up.”

Derby City Council used RIPA to Spy on Reporter


Kat hall reports in the Register that some NHS trusts have failed to put agreements in place with Microsoft for extended security support for Windows XP. A majority of NHS trusts still operate Windows XP based machines and have signed up to a Cabinet Office agreement with Microsoft to provide ongoing security upgrades until April 2015; however, 18 trusts have so far failed to sign the agreement. The article highlights that a total of 1.1 million PCs and laptops are estimated to be running Windows at trusts, GPs and other health groups that comprise the NHS in England.  The security risks from a lack of security support depend on factors such as how many non-upgraded machines are on the networks, the effectiveness of perimeter defences and the availability of suitable exploits for an attacker to use.

Patient records open to hackers due to NHS Trusts failing ...


Christopher Joye reports on the Australian Financial Review website that Chinese state sponsored hackers have been ramping up their spying activities on Australian companies. The attacks have been revealed by Mandiant, a cyber security firm.  Mark Goudie, Mandiant’s Australian Director of Investigations, claimed that highly skilled hackers referred to in the industry as “advanced persistent threats” or APT’s had been penetrating Australian mining and natural resources companies and lawyers and financial advisors associated with them. The Chinese hackers particularly target companies that have dealings with organisations in China; however, another driver is to steal intellectual property which China can use to fuel its own economic growth.

Chinese state sponsored hackers increase attacks on Australian Companies



James Ball reports in the Guardian, that the government has confirmed for the first time that British intelligence services can access data collected in bulk by the US National Security Agency (NSA) and other foreign spy agencies, without a warrant. GCHQ’s secret “arrangements” for accessing bulk material are revealed in documents submitted to the Investigatory Powers Tribunal, the UK surveillance watchdog, in response to a joint legal challenge by Privacy International, Liberty and Amnesty International.  The legal action was launched in the wake of the Edward Snowden revelations published by the Guardian and other news organisations last year. Liberty have also issued press release on the revelation which can be found here.

GCHQ can view NSA bulk data without a warrant, government ...


Jim Finkle reports on the Reuters website that the U.S. Department of Homeland Security is investigating cybersecurity flaws in medical devices and hospital equipment that officials fear could be exploited by hackers. There are no known instances of hackers attacking patients through medical devices; however, the agency is concerned that it may be possible to gain control of the devices remotely and create problems, such as instructing an infusion pump to overdose a patient with drugs, or forcing a heart implant to deliver a deadly jolt of electricity.

U.S. government probes medical devices for possible cyber flaws


Alasdair Glennie and Harriet Arkell report in the Mail Online that the BBC has been using Regulation of Investigatory Powers Act (RIPA) to track down television licence fee dodgers. This information emerged during questioning at Commons culture, media and sport committee.  Although the BBC has admitted using RIPA, it has refused to say when and how often citing the reason for the secrecy was: “to ensure people without a valid TV licence don’t use this information to their advantage”. John Whittingdale MP, who chairs the culture committee, highlighted that there were questions to be asked over the BBC’s use of RIPA powers and added that: “The problem is, the BBC won’t tell us how it is being used, or in what circumstances. That means we can’t be sure it is being used properly. This legislation was designed to fight terrorism and organised crime. I can’t imagine it was intended for […]

BBC Using Regulation of Investigatory Powers Act (RIPA) to track ...