Privacy


2
The United Kingdom electronic surveillance agency GCHQ has launched a free educational app called Cryptoy, to teach secondary school children about crpytography. The app allows teenagers to create their own encoded messages which can be shared with friends via social media, or more traditional means.  The recipients can then use the app to try to decipher the messages.  By using the app teenagers can learn about cybersecurity, basic encryption techniques and learn about the history of encryption.  The hope is that it will increase the uptake of STEM (Science, Technology, Engineering and Maths) subjects at school. Further details about Cryptoy can be obtained from the GCHQ website here. At the moment Cryptoy app is only available for download to Android tablets via Google Play, but it is hoped that an iOS version for iPads will be available in 2015.

GCHQ launches code making app to teach teens cryptography


Jennifer Baker reports on The Register website that the UK’s Investigatory Powers Tribunal (IPT) has ruled that GCHQ’s mass surveillance Tempora programme is legal in principle.  It made the ruling following a case brought by Privacy International, Liberty, Amnesty International and other parties. Tempora is the code name given to an operation run by GCHQ to allow huge amounts of intercepted internet data to be temporarily stored for analysis.  It is reported to hold content for three days and metadata for 30 days.  The  case put to the tribunal was that Tempora breached article 8 of the European Convention on Human Rights, which is the right to privacy, as well as article 10, which protects freedom of expression. Privacy International deputy director Eric King said of the decision: “Today’s decision by the IPT that this is business as usual is a worrying sign for us all.  The idea that previously secret […]

Tribunal says Tempora programme is legal


1
Michael Price writes on the Brennan Center for Justice website about the privacy issues with internet enabled televisions. Internet enabled, or “Smart” televisions have become very come in recent years; however, as Price points out the amount of data  collected by these TVs is staggering.  In the case of the TV he has purchased this includes records of the apps used, websites visited and when and for how long you use it.  The TV can also perform facial and voice recognition, the data from which is uploaded to a corporate server.  Little wonder the TV comes with a privacy policy 46-pages long. Much of the data captured and transmitted by his new TV is stored in the cloud and would be classed as “third party records”, but he highlights that (in the US) there is currently little privacy  protection for such data.

I’m Terrified of My New TV



Leala Padmanabhan reports on the BBC News website that Sir John Adye, the former head of GCHQ between 1989 and 1996, has highlighted security concerns with some biometric technology, such as fingerprint recognition used on Apple’s iPhone 6 and on other devices. He gave as an example of the lack of clear information on what happens to an individuals biometric data when used for identity checking on a smartphone and the lack of physical supervision of such devices versus for example, the way an ATM is supervised by a bank.  Commenting on Apple’s iPhone 6 biometric fingerprint recognition he said: “………They appear to have a good system at the moment for protecting their operating system, so it’s difficult for anyone outside to penetrate it and retrieve data from it.  But how long will that last, because the criminals … are very inventive at finding ways in, and although you can […]

Biometrics in smartphones need more control – ex-GCHQ boss


Big Brother Watch have issued a report on NHS data breaches.  It reveals that from the 1st April 2011 to 11th November 2014, there have been at least 7,255 breaches which is the equivalent to six breaches every day. As well as considering the number of data breaches within the NHS, the report reflects on the legislation that is in place to address them, highlighting that the Data Protection Act 1998 (DPA) has a number of flaws that must be corrected. Big Brother Watch proposes three measures that should be introduced, including introducing the option of custodial sentences and criminal records for the worst offenders and providing better training.

Patient Confidentiality Broken Six Times a Day


The Russia Today website reports that Mozilla are teaming up with Tor to provide increased internet security by allowing Firefox browser users to easily access the Tor network. Undertaken as part of the so called Polaris project, it aims to significantly improve internet privacy as well as combating internet censorship. The article highlights that although internet privacy is often a topic of conversation, it is yet to go mainstream; with many ordinary computer users put off by perceived complexity.  However, Mozilla hope the Polaris project will help to change these stereotypes.

Mozilla team-up with Tor to improve internet privacy



James Vincent reports in the Independent that Facebook is to allow a Tor link to its site via a special URL for users who wish to stay anonymous as possible.  Prior to this link, access to Facebook via Tor was essentially blocked by the sites security protocols. Users will not be anonymous to Facebook as they still have to log on; however, anyone monitoring the internet connection will not be able to identify the user or the user’s location.  This could be useful in countries like Iran, China and North Korea where Facebook is blocked for fear that it will be used by opposition movements.

Facebook offers Tor link for users that prefer to stay ...


Kat hall reports in the Register that some NHS trusts have failed to put agreements in place with Microsoft for extended security support for Windows XP. A majority of NHS trusts still operate Windows XP based machines and have signed up to a Cabinet Office agreement with Microsoft to provide ongoing security upgrades until April 2015; however, 18 trusts have so far failed to sign the agreement. The article highlights that a total of 1.1 million PCs and laptops are estimated to be running Windows at trusts, GPs and other health groups that comprise the NHS in England.  The security risks from a lack of security support depend on factors such as how many non-upgraded machines are on the networks, the effectiveness of perimeter defences and the availability of suitable exploits for an attacker to use.

Patient records open to hackers due to NHS Trusts failing ...


James Ball reports in the Guardian, that the government has confirmed for the first time that British intelligence services can access data collected in bulk by the US National Security Agency (NSA) and other foreign spy agencies, without a warrant. GCHQ’s secret “arrangements” for accessing bulk material are revealed in documents submitted to the Investigatory Powers Tribunal, the UK surveillance watchdog, in response to a joint legal challenge by Privacy International, Liberty and Amnesty International.  The legal action was launched in the wake of the Edward Snowden revelations published by the Guardian and other news organisations last year. Liberty have also issued press release on the revelation which can be found here.

GCHQ can view NSA bulk data without a warrant, government ...



Rory Cellan-Jones the BBC Technology Correspondent reports on the BBC News website how he spent a day without data.  The aim was to explore what data is collected, who benefits from it and how easy it is to avoid leaving a data trail. Rory meets up with Dr George Danezis, an expert on privacy and information security at University College, London who will take him through what he needs to do to avoid leaving a data trail or sharing his data.  However, this is very difficult to do in the modern world. As George highlights: “Your job today is going to be very difficult, You won’t be able to use the internet, but you also won’t be able to do lots of other things – in fact you won’t be able to live a 21st Century life.”

A day without data


Graeme Burton reports on the Computing website that the European Union’s Article 29 Working Party has concluded that the so called internet of things will need new forms of informed consent. The Working Party believes that current methods for obtaining consent for data use, which were devised in the 1980s, may be difficult to apply to the internet of things because these methods only provide “low quality consent”. According to law firm Pinsent Masons, the EU is shifting thinking from the idea of consent as a one-time approval to a more granular, case-by-case approach.

Internet of Things will require new forms of consent


The BBC News website reports that 18,304 requests were made to Google to remove weblinks from search results by UK residents under European “right to be forgotten laws”.  According to Google it removed 35% or 18,459 links to web pages following these requests. It follows a European Court of Justice ruling that links to irrelevant and outdated data can be erased on request; however, the ruling sparked criticisms over censorship of material. Google has given examples of the sort of requests it had received and also those it had refused in its transparency report, which is available online at: https://www.google.com/transparencyreport/removals/europeprivacy/  

Thousands of Britons seek ‘right to be forgotten’



Sophie Borland reports in the Daily Mail,that Health Inspectors from the Care Quality Commission (CQC) making checks on GPs’ surgeries, are routinely looking through patient medical records without seeking the consent of patients. The CQC claims it was granted legal powers to see the files without seeking consent under the Health and Social Care Act 2008. Dr Chaand Nagpaul, chairman of the British Medical Association’s GP committee, said: “The confidentiality of private medical information is the basis of the trust that patients put in their family doctors and it is vital that this is not compromised. If CQC inspectors want to have access to the private medical records of patients they need to put in place systems that obtain the explicit consent of patients.”

Watchdog is snooping on ‘private’ medical data


Graeme Burton reports on the Computing website that the NHS is to go ahead with the care.data medical records data upload which has been on hold for the past six months due to concerns from privacy campaigners and GPs. NHS England is now planning pilot schemes in six areas across the country covering up to 265 surgeries and 1.7 million patients. The areas include Hampshire, Blackburn and Darwen in Lancashire, Leeds and Somerset, with the full scheme being rolled out shortly after. However, campaigners remain concerned that the method of data anonymisation is not robust will not protect patients from identification.

NHS England to forge ahead with ‘unchanged’ care.data plans


David Barrett and Philip Sherwell report in the Daily Telegraph on a privacy threat to UK Citizens, businesses and even Government information. It follows a court ruling by a New York judge that Microsoft must hand over to US prosecutors the emails of a European customer stored on its servers in Ireland, as part of a drugs trafficking investigation; however, to do so could break Irish and EU data protection laws.  Microsoft is fighting the case, but Professor Ian Walden, of the Centre for Commercial Law Studies at Queen Mary University London, believes they will lose. If so Professor Walden believes that it presents a huge privacy risk for British companies and British individuals: “If the federal government is victorious it will raise the threat that if you come to the attention of the US authorities whether directly or indirectly your information may be accessible if it’s stored with American […]

US threat to British online privacy