“The current proposals which are being consulted on represent a bigger threat to Scottish privacy than the UK wide Identity Card system proposed by the last government in Westminster.” – Guy Herbert, General Secretary, NO2ID What’s the issue? Currently the Scottish Government and National Records of Scotland (NRS) are consulting on proposals to change regulations that govern what personal information is stored on the National Health Service Central Register (“the NHSCR”), and who that information can be shared with. This consultation is entitled “Consultation on proposed amendments to the National Health Service Central Register (Scotland) Regulations 2006” . What’s the Problem with this? The consultation proposes increasing the information held on the NHSCR to include more detailed postcode and address information. It also proposes to allow a whole host of Scottish public bodies (around 120) access to this information. Examples of the bodies who would have access to this information include […]

Parliamentary briefing – Creation of a Scottish National Identity Register

Mark Aitken reports in the Daily Record that civil liberties campaigners have condemned plans by the Scottish SNP Government to share NHS patients’ data with HM Revenue and Customs. The plan to share NHS patient data would involve opening up the NHS electronic database of everyone born in Scotland and/or registered with a GP in Scotland to 120 public bodies, ranging from Quality Meat Scotland to the Forestry Commission, in addition to HMRC. According to the Scottish Government, sharing the NHS data will help HMRC identify who would be liable to pay new Scottish income tax rates. James Baker, Campaigns Manager for privacy 
campaign group NO2ID, said about the plans: “If the Scottish Government wants to make this big change, it should make it a law so MSPs can debate it in Parliament.  If it wants to create a surveillance society, it should do it by law rather than through […]

Campaigners attack plans to share patient data with the taxman

Jane Wakefield reports on the BBC News website that researchers have identified a threat to browser security from software designed to block advertisements. PrivDog, a tool designed to block ads and replace them with ones from “trusted sources” has been found to compromise a layer of the internet known as Secure Socket Layer (SSL) which is used to safeguard online transactions.  It follows the discovery of a similar problem with Superfish software pre-installed on some Lenovo computers. PrivDog said in a statement issued on 23rd Feb 2015: The potential issue is not present in the PrivDog plug-in that is distributed with Comodo Browsers and Comodo has not distributed this version to its users.  There are potentially a maximum of 6,294 users in the USA and 57,568 users globally that this could potentially impact. “The potential issue has already been corrected. There will be an update tomorrow, which will automatically update […]

Ad-blocking software is ‘worse than Superfish’

The Daily Telegraph reports that the US National Security Agency (NSA) and its British counterpart GCHQ obtained encryption keys of the global SIM manufacturer Gemalto, by hacking into the company’s computer systems. Gemalto which is based in the Netherlands is the world’s largest manufacturer of SIM cards.  Access to the encryption keys would give the NSA and GCHQ a hugely expanded surveillance capability as encrypted voice calls could be easily decrypted. The revelations came from documents leaked by former NSA contractor Edward Snowden. The story was originally broken by the investigative website Intercept and the original story can be found here.

GCHQ and NSA stole SIM encryption keys

Steven Swinford reports in the Daily Telegraph that an independent consultation has suggested that the BBC could be given access to people’s private data to help make collection of the licence fee more efficient. The consultation prepared by David Perry QC, suggests that as well as people’s publicly available records, access could also be granted to information from banks, utility companies and other sources. The data would be added into the TV licensing Authority’s database of 31 million households to allow more effective identification of licence fee evaders.   Footnote from Newsblog Editor: The review also suggests that new legislation could be introduced to prosecute anyone who fails to inform authorities that they don’t have a television.  This would be very much an implementation of the strict liability principle which in itself is a worrying development. Strict liability is becoming an increasing feature in UK law and assumes automatic guilt […]

BBC could get powers to access people’s private data

Josh Halliday and Shiv Malik report in the Guardian that several UK Police forces have visited newsagents asking for the names and addresses of people who had purchased the special edition of the Charlie Hebdo magazine, published in the wake of the terrorist attack on the magazines headquarters in Paris. The first incident occurred in Wiltshire and was thought to be a one-off due to an overzealous Police officer; however, it has since emerged that Police in Wales and Cheshire have also visited newsagents and asked for details of purchasers. The revelations have alarmed many privacy campaigners due to the invasion of privacy and ultimately the potential to stifle free speech by making people fearful of purchasing certain material. In an article covering the same story in the Mail Online, Emma Carr, director of Big Brother Watch, said: ‘The Charlie Hebdo attack brought millions of people worldwide together to condemn […]

Police ask for the names and addresses of people who ...

Nick Hopkins and Jake Morris report on the BBC News website that Police forces in England and Wales have uploaded up to 18 million “mugshots” to a facial recognition database, without Home Office approval and despite a court ruling that it could be unlawful. In addition, the photos of hundreds of thousands of innocent people could be on the database according to the Alastair MacGregor QC the Biometrics Commissioner, who admitted during an interview on the BBC Newsnight programme, that the Police had not informed him about the image uploads. There are now calls for the database to be properly regulated to ensure the privacy and civil liberties aspects are addressed. David Davis MP, the former Conservative shadow Home Secretary said: “Police always want more powers, but I’m afraid the courts and parliament say there are limits.  You cannot treat innocent people the same way you treat guilty people.”

Thousands of innocent people on police photos database

Ben Riley-Smith reports in the Daily Telegraph that Tony Porter the Surveillance Commissioner, has said that there are too many “useless and ineffective” CCTV cameras in Britain. He made the statement during a BBC Radio Five Live when asked if he thought there were too many “useless” cameras in Britain to which he replied: “I think undoubtedly there are because we know that for a fact.” Mr Porter said the public does not realise the true extent of surveillance in Britain and lacks the understanding to be able to consent what is happening.  Later in the interview he said: “There needs to be a public debate.  If you compare our CCTV capacity to Europe we are significantly higher.  We have millions of cameras in this country and Europeans look at us askanced, to be perfectly honest, and are surprised that our society actually accepts the volume of surveillance cameras that […]

Too many ‘useless and ineffective’ CCTV cameras in Britain, says ...

It has emerged that Gilles de Kerchove, the EU’s counter terrorism co-ordinator, wants companies to be required by law to hand over encryption keys for communication services, in order to allow interception of messages by EU governments. The revelation came following the leak of an EU document by civil liberties group Statewatch outlining the proposals for discussion at an informal meeting of Justice and Home Affairs Ministers in Riga on 29 January 2015. Section 3 (f) of the document states: Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible. The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the […]

EU wants back doors into encryption Software

Kevin Rawlinson reports on the BBC news website that an attempt by four peers to include clauses from the defunct Communications Data Bill (the Snoopers’ Charter) in the Counter Terrorism Bill, has been aborted following a lack of support from other peers. The attempt by the peers to sneak in the clauses was widely condemned by privacy groups and the Internet Service Providers Association (ISPA). However, BBC news understands they will try again next week, unless the Home Office publishes a government redraft of the bill.

“Snoopers’ charter” revival on hold

Patrick Wintour reports in the Guardian that a cross-party alliance of lords are attempting to force a revised version of the so called “Snoopers’ Charter” into law via an amendment to Counter Terrorism Bill. The amendment introduces into the Counter Terrorism Bill clauses lifted from the now defunct Communications Data Bill, which was abandoned by the Coalition Government in 2013 following a campaign by privacy groups and the refusal of the Liberal Democrat’s to support it. The amendment has been proposed by a group that includes a former Conservative defence secretary, a former Metropolitan police commissioner, a former Labour defence minister and a Liberal Democrat peer.  Surprisingly, they did not discuss the amendment with the government beforehand.  If passed the amendment will give the Home Secretary new powers to require internet service providers to retain their customer’s web data and disclose it to public authorities on request. The amendment to […]

Lords attempt to revive the ”Snoopers’ Charter”

An article on the Conservative Home website written by Andrew Bower is extremely critical of David Cameron’s recently announced plan to ban strong encryption. In the article, Bower criticises the policy as yielding no security benefits while leaving Britain open to cyber attack and David Cameron’s vision of a Digital Britain in tatters.  He points out that technically it is almost impossible to implement, as encryption algorithms will still exist and can be re-implemented by programmers on all sorts of devices including legacy computers from the 80s. At the end of the article Bower said: “This proposal is totally unworkable and cannot survive serious scrutiny.  It will inevitably have to be dropped, so it would be better to drop it now and limit the damage to the reputation of our country and our party”. Up to the date of this post, the article had received 57 comments with the vast […]

Conservative party grass-roots not impressed by David Cameron’s plan to ...

Cory Doctorow the well known technology blogger, journalist and Science fiction author, has written a detailed review highlighting the huge technical challenges David Cameron’s recently proposed plan to ban encryption would face. Questioning if David Cameron understands the technology, Doctorow points out that for Cameron’s plan will require a huge series of restrictions on companies, individuals, open source software and the internet to be effective, because anything less would have no material effect on the ability of criminals to carry on secret conversations. If implemented, electronic communications of British citizen’s and industry will be open to foreign spies and criminals.

Cory Doctorow – David Cameron’s encryption ban would endanger every ...

Following on from David Cameron’s recent announced policy of banning strong encryption, it has been revealed that in 1997 the Government of the day had a plan to restrict encryption. The revelation comes in a long forgotten Public Consultation Paper issued in March 1997, which proposed that the use of encryption should be restricted to Trusted Third Parties (TTPs) who would be licensed and regulated by the Government.  These TTPs would provide a range of encrypted communication services to businesses for e-commerce purposes, while allowing the Government a back-door into such communications. It is clear from the document that by 1997 politicians had realised that electronic commerce was dependent upon secure communication.  However, as is the still very much the case today, they were paranoid that encryption would interfere with the ability of Government bodies such as the security services to monitor communications.  The document provides an interesting historical insight […]

Previous UK attempt to restrict encryption revealed

Nigel Morris writes in the Independent that the Deputy Prime Minister Nick Clegg has condemned calls for the revival of the Communications Data Bill, otherwise known as the Snoopers’ Charter, following the terrorist attacks in Paris. It puts him at odds with David Cameron who has promised to give the intelligence services extra surveillance powers if he wins the general election later this year. Nick Clegg said: “The snoopers’ charter is not targeted, it is not proportionate, it’s not harmless. It would be a new and dramatic shift in the relationship between the state and the individual.” Separately, Simon Huges the Liberal Democrat Justice Minister has warned in a press release that introducing the Snoopers’ Charter is a step too far in tackling terrorism.

Nick Clegg condemns calls for revival of the ‘Snoopers’ Charter’