Integrity failures in database surveillance and like schemes

Amy Davidson writes for the New Yorker: Not every suspension-of-service notice for an e-mail company comes with a link to a legal-defense fund. Ladar Levison, the owner and operator of Lavabit, whose clients, reportedly, have included Edward Snowden, made it sound today as though he could use the help. “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit,” Levison wrote in a note posted on his site. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on—the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences […]

The N.S.A. and Its Targets: Lavabit Shuts Down

Terri Dowty writes on the MedConfidential web site: If you thought your medical records were confidential, you’re in for a bit of a shock. Until now they have, by default, stayed in your GP’s record system. This is no longer true. The new default is that identifiable details about your health can be extracted directly from your GP record and held on a central system. From there, they will be made available to others for a variety of purposes. Unless you take action to stop it, this will be done without your knowledge or consent. The story is rather complex but we have broken it down into what we hope is a series of straightforward building blocks. Starting next Monday July 15th, we will talk you through the changes to the way your medical records are used, with a daily blog post that takes them one step at a time. […]

MedConfidential: What’s the story?

Nick Davies, writing in The Observer, quotes concerns from “senior figures inside British intelligence” about GCHQ’s Tempora programme: Last year, the government was mired in difficulty when it tried to pass a communications bill that became known as the “snoopers’ charter”, and would have allowed the bulk interception and storage of UK voice calls and internet traffic. The source says this debate was treated with some scepticism inside the intelligence community – “We’re sitting there, watching them debate the snoopers’ charter, thinking: ‘Well, GCHQ have been doing this for years’.” There are similar concerns about the role of the NSA. It could have chosen to attach probes to the North American end of the cables and documents shown to the Guardian by Edward Snowden suggest that key elements of the Tempora filtering process were designed by the NSA. Instead, the NSA agency has exported its computer programs and 250 of […]

MI5 feared GCHQ went ‘too far’ over phone and internet ...

Geoff Dyer writes in the Financial Times: The accusation that US authorities routinely snoop on the online activity of non-Americans has drawn strong condemnation from Microsoft’s former chief privacy adviser. Caspar Bowden, who advised the software company on privacy until 2011 and is now a privacy campaigner, warned that the US’s access to global personal data consigned the rest of the world’s cloud data to a “privacy Guantánamo Bay”. Mr Bowden said US legislation provided a “carte blanche” for the US to collect business and technical data, and that political information was also expressly covered. He said the definition of “foreign intelligence information” covered by the US law included anything “with respect to a foreign territory that relates to the conduct of the foreign affairs of the US”. Mr Bowden added: “We’ve reached a decision point about European sovereignty. Either we rely on the US for our data capacity forever […]

Backlash over US snooping intensifies

Alan Travis writes in The Guardian: The five biggest internet companies in the world, including Google and Facebook, have privately delivered a thinly veiled warning to the home secretary, Theresa May, that they will not voluntarily co-operate with the “snooper’s charter”. In a leaked letter to the home secretary that is also signed by Twitter, Microsoft and Yahoo!, the web’s “big five” say that May’s rewritten proposals to track everybody’s email, internet and social media use remain “expensive to implement and highly contentious”. The private letter, which has been passed to the Guardian, is part of a series of continuing confidential discussions between the industry and the Home Office. It says that May’s “core premise” to create a new retention order requiring overseas internet companies to store the personal data of all their British-based users for up to 12 months has “potentially seriously harmful consequences”. The leading US-based internet players […]

Snooper’s charter is threat to internet freedom, warn web five ...

Oliver Wright writes in The Independent: A Conservative-backed plan to allow police and the security services unprecedented access to people’s internet communications would not have helped prevent the murder of Lee Rigby, M15 officers have indicated. Senior security sources have told The Independent that attempts to cite last Wednesday’s killing as a reason to push forward with the controversial “snooper’s charter” was a “cheap argument”. The remarks will be seen as a rebuke to the Home Secretary, Theresa May, who suggested at the weekend that the Draft Communications Bill was “essential for the intelligence agencies” to combat the threat of terrorism.

‘Snooper’s charter’ would not have prevented Woolwich attack, says MI5

Henry Porter writes in The Observer: Two former Labour home secretaries, a security minister and a former “independent” reviewer of terror laws have called for the swift review of the communications data bill, following the Woolwich killing. If I didn’t believe these were the first reactions to a shocking crime, I’d put the interventions of Jack Straw, Lord (John) Reid, Lord (Alan) West and Lord (Alex) Carlile down to cynical opportunism, because I’m afraid that is very much how it looked. Give our guys the tools to fight terror on the streets, they say; “the proportionate tools”, eagerly adds the former reviewer of terror laws, Lord Carlile. But not one of them bothered to produce the smallest evidence that the type of surveillance proposed in the “snoopers’ charter” would have stopped the two suspects, Michael Adebolajo and Michael Adebowale. The simple flaw in their case is that both men were […]

Mass surveillance wouldn’t have saved the life of Drummer Rigby

Kelly Fiveash writes in The Register: At the end of 2012, Education Secretary Michael Gove told Parliament that he wanted “to share extracts of data held in the National Pupil Database for a wider range of purposes than possible in order to maximise the value of this rich dataset”. Ultimately, the government wants the private sector to tout “tools and services which present anonymised versions” of records on Blighty’s kids. The proposals were little reported beyond the pages of The Register, and it appeared Gove was trying to quickly wave his plans in front of politicos before getting legislation passed this spring. However, the government has now responded to a public consultation on the proposed amendments to Individual Pupil Information Prescribed Persons Regulations [PDF], which would allow the wider data sharing, and changed the wording of some of its more contentious plans. The consultation response is here. STILL wants to tout pupil data – don’t use ...

Simon Phipps writes in his blog at Computer World UK about the axing of the Communications Data Bill: It’s not enough to just stop this bill. It’s already a Zombie Bill, appearing from the grave time after time. The same sort of excessively invasive proposals arose unannounced in previous governments without appearing in their manifestos. There is clearly some underlying need deep in the Home Office that is making these proposals keep showing up in Parliament. I imagine each successive Secretary of State having a “Yes, Minister” moment where a shadowy civil servant explains that yes, the proposals seem invasive and yes, the parties in power expressed opposition to just those proposals when the previous government made them but blocking the proposals would be “a very brave decision, Minister”. Clegg presumably had that briefing and decided the Liberal Democrats’ electoral position was desperate enough to risk that “brave decision”. Bravo. […]

Zombie Problem: Stop Dancing On The Grave

Kelly Fiveash writes in The Register: Dame Fiona Caldicott, who is scrutinising the government’s plan to hand NHS patient records to private companies, today gave the proposals the thumbs-up – with a few caveats, naturally. The noted psychiatrist’s review [PDF] of the data-sharing scheme was published just minutes ago. Her report, drafted in March, follows Health Secretary Jeremy Hunt’s announcement that he wants a “paperless” NHS by 2018, one that will allow the private sector to access confidential digital medical records provided “permission” has been given. Earlier this month, a Health and Social Care Information Centre (HSCIC) was created under the 2012 Health and Social Act, clearing the way for Hunt’s data-swapping dream in the cloud to become reality. The centre has the power to force health bodies to hand over “any information” that it deems “necessary or expedient”. Later, she wrote: Health Secretary Jeremy Hunt insisted this morning that […]

Caldicott: NHS workers should ‘have the confidence to share information’

Sara Kelly writes in the Daily Telegraph: The plan, which is set to cost £1.8 billion, would require any internet based company who is ordered to by the Home Office, to develop a system where all data on their customers is collected, stored in a standardised format, and potentially available via automated access where the business would not have any oversight of the data leaving their systems. Forcing small businesses to front the costs for retaining and maintaining data they would not normally collect presents a huge barrier to entry that could crush a startup. It’s not just the cost of the hardware required, its the opportunity cost of diverting a talented individual from developing a product onto maintaining a state-required and standardised data retention system. This also fundamentally misunderstands the way startups are developed. The very architecture of a digital business is founded upon what data they choose to […]

Data Communications Bill: the Home Office is trying to trap ...

Michael Savage writes in The Times: Sweeping plans to hand the security services the power to snoop on e-mails, website visits and social media sites are dangerous and must be abandoned, David Cameron has been warned. Cyber-security experts have written to the Prime Minister saying that the proposals “will be expensive, will hinder innovation and will undermine the privacy of citizens”. It is a blow to the credibility of the proposals, which are undergoing major revisions after opposition from Nick Clegg, the Deputy Prime Minister and leader of the Liberal Democrats. More here. UPDATE (23 Apr): The full text of the letter is on the Big Brother Watch web site. The list of ten signatories is reported by Tech Eye.

Cameron is told to drop snooping on web users

Robert Watts writes in The Telegraph: The Home Office is facing legal action unless it reveals key details of its so-called Snooper’s Charter. Theresa May, the Home Secretary, has so far declined to explain a proposed “filtering” system that would allow officials to trawl through the public’s private emails, text messages and other messages sent through the internet. Conservative MPs have been demanding greater clarity of the Mrs May’s plans since last summer. They fear that such technology represents “a tectonic shift in the relationship between the citizen and the state”. The Information Commissioner has now ordered the Home Office to publish advice ministers received on the design, cost and risks of the new filtering system by May 11. Mr Raab said: “This far-reaching scheme could drain the swamp of every email, text message and phone call made by every citizen, a tectonic shift in the relationship between the citizen […]

Home Office faces legal action unless it reveals details of ...

Rowena Mason writes in the Telegraph: The Coalition’s new internet surveillance laws are “disastrous” and could be “used to oppress us”, one of David Cameron’s technology advisers has said. Ben Hammersley, a Number 10 adviser to the Tech City project, said the draft Communications Data Bill could be turned from a force for good into something more sinister under future governments. The main aim of the Bill is to give security services like MI5 and GCHQ the ability to monitor email traffic, without actually looking at its content. However, it is currently being revised after a committee of MPs and peers raised privacy concerns about the bill’s intrusion into people’s lives. Asked for his views on the new laws, Mr Hammersley said the consequences could be “disastrous” in an interview with Tank magazine. “I don’t trust future governments,” he said. “The successors of the politicians who put this in place […]

Snoopers’ laws could be used to ‘oppress us’, says David ...

Out-law reports: On Monday a new Health and Social Care Information Centre (HSCIC) was established with the power to require health bodies to hand over “any information” that it deems “necessary or expedient” in order to fulfil its functions. HSCIC is tasked with gathering and publishing data in order to improve the quality of information available across the health sector. However, the Information Commissioner’s Office (ICO) has said that doctors had contacted them to express their concern about whether patients were being kept sufficiently informed as to how their data could be passed on to HSCIC. The ICO said that it has “reservations about the sharing of data between health bodies”. “Several GPs have also recently contacted our office concerned that they are being asked to supply information to the Health and Social Care Information Centre, via third party contractors,” Dawn Monaghan, the ICO’s strategic liaison manager in the watchdog’s […]

Doctors inform ICO of concerns over new medical data sharing ...