Surveillance


Recently China implemented new restrictions on the use of Virtual Private Networks (VPNs), by introducing the requirement for VPN providers to be registered with the Chinese Government. VPNs are very popular in China as a means of getting around the Chinese Government’s internet monitoring and censorship programme that goes under the euphemism of the “Great Firewall of China”.   Given the ability of VPNs to break state censorship it is not surprising that the Chinese government has initiated a clamp-down on their use. The internet monitoring busting capabilities of VPNs is something that the UK Government may have to face in the near future following the introduction of the Investigatory Powers Act (IP Act) and the Digital Economy Act (DE Act).  Both of these will drive an increased use of VPNs in the UK. In the case of the IP Act VPNs are likely to be employed by internet users to […]

What Chance a UK Ban on VPNs?


Two recent news articles highlight issues with the database state and the fallacy of the “nothing to hide, nothing to fear” argument so often used to claim surveillance is not something the law abiding should be worried about. The first was a report in the Guardian that 17 people had been mistakenly arrested, due to incorrect telephone information or Internet records being provided to the Police or other public bodies investigating crime. The other was an article resulting from a Daily Mail investigation concerning people having county court judgements awarded against them, without them even knowing that proceedings had been issued against them or anything about the court case. In both these cases information has been processed on individuals without their knowledge and with not even basic checks on the accuracy of the information being made by the Police, security or court services.  This in itself scandalous given the serious […]

Data is There to be Processed – But as Cheaply ...


NO2ID have recently picked up on a worrying new strategic data sharing initiative in Greater Manchester.  It is called GM-Connect and it was initiated in January 2016, but we have only become aware of it recently because there hasn’t been much publicity about it.  Official information is limited to a press release and a report summarising the aims of the GM-Connect project. The aim of GM-Connect is to allow the sharing of the personal data of residents across Greater Manchester, with a longer-term aim to create a ‘common residents index’ of everyone living in Greater Manchester.   Although the report focuses on the use of GM-Connect in improving social and health care, the ultimate intention is clearly that access to many other public services will be covered. GM-Connect will not actually store the data but will use a federated data sharing model (Essentially a series of separate databases which can be […]

GM-Connect: A New Data Sharing Initiative for Greater Manchester



  NO2ID Press Release – IMMEDIATE 4th November 2015 The new draft surveillance bill is like an iceberg, with a vast bulk of technical change obscured beneath the surface, according to civil liberties organisation NO2ID[1]. Theresa May presented the Investigatory Powers Bill [2] to parliament today as a measure “consolidating and updating our investigatory powers, strengthening the safeguards”. But it amounts to a dramatic alteration in the powers already available not just to the intelligence services, but to police, tax inspectors, and officials and regulators in almost every department of state [3]. It replaces several pieces of complex and technical legislation. Guy Herbert General Secretary for NO2ID, said: “I would have more sympathy for the Home Secretary if she did not resort to glib hypotheticals about kidnapped children. This is not a proposed bill that is easy to understand or straightforward in effect.” “The much trumpeted change in oversight focuses […]

NO2ID on IP Bill: Government expects parliament to swallow an ...


An article on the Techdirt website about the ease with which a Smart Kettle can be hacked has highlighted the dire state of device security for the ‘Internet of Things’. The iKettle by allows users to remotely turn it on from anywhere using a Smartphone App.  However, researchers have pointed out that the Kettle is relatively easy to hack especially if the user has not configured the kettle properly.  The company that produces the iKettle has said its associated Android and iOS APPs would be upgraded to eliminate the security vulnerabilities.  However, there is still the wider problem of ‘Internet of Things’ devices opening up vulnerabilities in people’s home networks, especially where device security is an afterthought. The advice the researchers give is to not put ‘Internet of Things’ devices on your network unless you are absolutely sure they are secure.

Easily Hacked Kettle Highlights the Lack of ‘Internet of Things’ ...


4
Nikolaj Nielsen reports in the EU Observer that France is proposing that all travelling EU nationals should be required to give their fingerprints and possibly also have their faces scanned as part of the Smart Borders programme. Smart Borders was proposed in 2013 by the EU Commission to allow management of the external borders of the Schengen Member States.  Biometric scanning of visiting non-EU nationals was also included in the scheme.  It has been on hold for a while due to cost concerns; however, an updated plan for the scheme is expected before the end of the year. In a document submitted by the French delegation it is claimed that an expanded Smart Borders scheme is required to address terrorist threats and gives examples such as the Charlie Hebdo attack in Paris and the recent attack on an Amsterdam to Paris train to justify their proposal.  Further justifications include dealing […]

France Wants all Travelling EU Nationals Fingerprinted




2
The creepy extent to which folk at GCHQ have been monitoring and spying on all web users has been revealed in leaked documents on operation ‘Karma Police’. The documents published by The Intercept demonstrate that the UK government’s listening service GCHQ was building a “web browsing profile for every visible user on the internet”. James Baker NO2ID Campaigns Manager said: “Sensitive meta data can be used to build up a profile of the websites you visit. If you’ve ever sought marriage guidance, googled medical conditions or viewed pornography then chances are this programme will have used that information to build up a profile about you. “This is out of control surveillance which demonstrates that ,more than ever, we need independent judicial oversight of government surveillance powers.” These surveillance powers are a typical example of a database state, which is the term we use to describe the tendency of governments to […]

GCHQ surveillance powers – less ‘Karma Police’ and more ’Creep’


Mark Stockley reports on the Sophos Naked Security website that the HTML5 battery status API (Application Program Interface) on mobile phones can be used to track the phone user. The technique in a recently released paper, relies on the fact that browsers such as Chrome, Firefox and Opera will provide information about battery status to any website that asks for it, without asking the phone users permission.  The information given up is a series of values covering discharging and charging.  However, it is very unlikely that two or more users will have the same value in a short time frame thus effectively making it a unique identifier for the device. These battery values are usually very short-lived; however, they could last long enough to allow a tracking website to respawn deleted cookies and defeat incognito modes.  Currently the only browser that offers protection against battery tracking is the Tor browser […]

How your Battery Life could be used as an Undeletable ...



The BBC News website reports that HM Revenue and Customs (HMRC) wants to collect information from internet companies to allow it to identify companies and individuals who have not declared income from online sales. The planned powers would cover sites that carry advertising, App stores such as those for Apple and Google, booking intermediaries like Airbnb and also e-commerce sites such as Ebay.  The plan does raise obvious concerns about the potential for fishing expeditions by HMRC, as they plan to cross-reference this third-party information against other records they hold and information supplied by taxpayers themselves, in order to identify individuals and businesses evading tax. HMRC have issued consultation document on the plans which can be found here. Comment from the Newsblog Editor: These proposed powers are interesting in the context of past attempts to increase HMRC surveillance powers.  HMRC was to be one of the chief beneficiaries of the […]

HMRC Plans to Monitor internet Sites and Transactions for Tax ...


3
Tom Whitehead reports in the Daily Telegraph that an Interception of Communications Commissioner report has highlighted that five people have had their homes searched and computers seized after they were wrongly identified as paedophiles, with one person being arrested.  Additionally, information on dozens of other innocent people was wrongfully disclosed to the officers investigating child sex abuse or pornography due to errors with the requests. Commenting on the errors Joanna Cavan, the head of commissioner’s office, said: “Although the numbers are small, the consequences are significant and they can be devastating.” The failures did not only mean that innocent people were investigated but that some genuine suspects escaped investigation because by the time it was realised that the wrong people were being investigated, the records of the suspects had been deleted by their internet service providers. The report also reveals that 998 errors were made in communications data requests in […]

Innocent People Treated as Paedophiles after Snooping Blunders


1
In a land mark case two MPs, David Davis and Tom Watson, have won a High Court judgement that the Data Retention and Investigatory Powers Act (DRIPA) is incompatible with human rights (see this BBC News article here). Legislation is normally subject to significant Parliamentary scrutiny, but the MPs claimed that because DRIPA was rushed through in days, there was no time for proper parliamentary scrutiny, hence the need for the unusual step of judicial review.   The MPs argued before the court that DRIPA was incompatible with the right to a private and family life, and data protection, under both the Human Rights Act and the European Union Charter of Fundamental Rights.  An argument that the court accepted. In the judgement the court has ruled that the unlawful sections of DRIPA can stay in force until the end of March 2016, to allow time for the government to compose new […]

MPs Win Surveillance Powers Legal Challenge, but Government to Appeal



Ryan Whitwam reports on the ExtremeTech website that researchers have found a way to track android phones by studying their power use over time. The technique works on the principle that the further away a phone is from a base station, the more power the phone uses to maintain a connection.  Researchers called their proof of concept application PowerSpy.  Before it can be used a power map of an area has to be established so that PowerSpy knows what performance to expect in a particular location. Although making a call or using apps will also drain power, the algorithm used in PowerSpy is designed to monitor power use over several minutes, so that battery usage not associated with location can be filtered out.

Battery Power Alone Can be Used to Track Android Phones


4
Alexander J. Martin reports on the Register website that people attending the Download Festival had their faces scanned by a Police facial recognition system, and there was surveillance of their on-site location and expenditure via RFID wristbands. Attendees faces were scanned using a system called NeoFace and then compared with a database of “lawfully held European custody photographs”.  The original plan was for attendees not to have been told about the surveillance until after the event; however, publication of an article in the Police Oracle revealed the surveillance plan in advance. In addition RFID wristbands had to be used to make purchases and move about the festival with no opt-out possible.  A significant concern with the use of these RFID wristbands, is that Download’s privacy policy stated that information collected via the RFID cashless payment wristbands, would typically be shared with third-party companies to establish the users interests, purchases and […]

Police Scanned Faces of Everyone at Download Festival


1
David Barrett reports in the Daily Telegraph that telephone masts which can listen to mobile phone conversations without the owner’s permission are being operated in Britain. The devices, technically known as IMSI catchers, but also referred to stingrays, trick handsets into thinking they are genuine mobile phone towers in order to monitor calls and other data including texts and emails.  They have been used in a number of foreign countries to target the communications of criminals, but are difficult to use in a targeted manner and will also hoover up data from innocent people’s mobile phones. Police have refused to discuss whether they are behind the installation of the masts, at least 20 of which were uncovered in London in an investigation by the Sky News television channel.

Fake Mobile Phone Masts Spy on your Calls