UK News Articles

Articles from the foreign press discussing identity cards – either the UK scheme or another one.


Following on from David Cameron’s recent announced policy of banning strong encryption, it has been revealed that in 1997 the Government of the day had a plan to restrict encryption. The revelation comes in a long forgotten Public Consultation Paper issued in March 1997, which proposed that the use of encryption should be restricted to Trusted Third Parties (TTPs) who would be licensed and regulated by the Government.  These TTPs would provide a range of encrypted communication services to businesses for e-commerce purposes, while allowing the Government a back-door into such communications. It is clear from the document that by 1997 politicians had realised that electronic commerce was dependent upon secure communication.  However, as is the still very much the case today, they were paranoid that encryption would interfere with the ability of Government bodies such as the security services to monitor communications.  The document provides an interesting historical insight […]

Previous UK attempt to restrict encryption revealed


2
The Manchester Gazette reports that a Greater Manchester Police officer has been jailed after accessing police computer systems and passing on confidential information to criminals. Pc Katie Murray repeatedly accessed police computer systems to pass information to her former lover, Jason Lloyd, who ran a crime gang in Stockport producing cannabis on an industrial scale.  This included intelligence information, details of criminal incidents and police investigations, including telling Lloyd about information police received in September 2012 relating to a cannabis factory run by him.

Corrupt Police Officer jailed after accessing police computer systems


Sam Jones and Murad Ahmed report in the Financial Times that Robert Hannigan the new chief of the UK electronic spying agency, GCHQ, has accused US technology companies of becoming  “the command and control networks of choice for terrorists”. Hannigan says: “However much they may dislike it, they have become the command and control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us”. However,  his remarks were rejected by many in the industry, with one US tech group executive criticising the suggestion that technology companies should circumvent current legal process and asking: “What should we do if the Saudi or Russian government also demand information be handed over on the spot?”

Britain’s new chief of GCHQ claims that US technology companies ...



The BBC News website reports that 18,304 requests were made to Google to remove weblinks from search results by UK residents under European “right to be forgotten laws”.  According to Google it removed 35% or 18,459 links to web pages following these requests. It follows a European Court of Justice ruling that links to irrelevant and outdated data can be erased on request; however, the ruling sparked criticisms over censorship of material. Google has given examples of the sort of requests it had received and also those it had refused in its transparency report, which is available online at: https://www.google.com/transparencyreport/removals/europeprivacy/  

Thousands of Britons seek ‘right to be forgotten’


Rory Cellan-Jones reports on the BBC news website about a new Identity Assurance System that has been developed by Government Digital Services.  The idea is that it will be one-stop shop for proving identity for a range of government services, from renewing your passport or driving licence to paying tax. Under the system verification of identity is not done by the government but by a range of outside companies.  While the system is being developed this is currently limited to the credit rating agency Experian and the American company Verizon.  Ultimately it is expected that other organisations like banks and UK mobile phone operators will also be suppliers. Unfortunately, as Rory reports, when he tried out the system it was unable to verify his identity – not a good start.

Government Digital Service Demonstrates Verify an Identity Assurance System


The information Commissioner’s Office (ICO) reports that a review of over 1,200 mobile apps by 26 worldwide privacy regulators has shown that many apps are accessing large amounts of personal data, without explaining adequately how the data is being used. The research was undertaken by the Global Privacy Enforcement Network (GPEN) of which the UK’s Information Commissioner’s Office is a member. ICO Group Manager for Technology, Simon Rice, said: “Apps are becoming central to our lives, so it is important we understand how they work and what they are doing with our information. Today’s results show that many app developers are still failing to provide this information in a way that is clear and understandable to the average consumer.” The ICO has published a guide called “Privacy in Mobile Apps” to help app developers in the UK handle personal data correctly and meet the requirements of the Data Protection Act.

Information Commissioner’s Office: 85% of mobile apps fail to provide ...



Nicole Blackmore writes in the Daily Telegraph that Barlcays bank is to introduce new finger scanning technology developed by Hitachi called VeinID, which will allow customers to access their online bank accounts and authorise payments. The biometric reader works by verifying the unique vein patterns in fingers.  Barclays claim that the technology is one of the most secure in the market as vein patterns are extremely difficult to replicate.  Also the scanned finger must be attached to a live human body for the scanner to work.  Importantly, the system does not require Barclays to hold a copy of the user’s vein pattern. The reader will initially be available to corporate clients from 2015.

Barclays bank to introduce finger scanner


Lisa O’Carroll reports in the Guardian that Police investigating the Plebgate saga obtained the telephone records of Tom Newton Dunn, the political editor of the Sun without his consent, despite laws which entitle journalists to keep their sources confidential. The Sun confirmed that neither Newton Dunn nor the paper knew anything about the intervention of the police. It appears that the Metropolitan Police used powers under the Regulation of Investigatory Powers Act (Ripa) which circumvents a different law under the Police and Criminal Evidence Act (Pace) that requires police to go to a judge to get disclosure of journalistic material. The Metropolitan Police have refused to disclose how many other times they have used these powers to secretly access journalists phone records. The incident raises concerns about the threat such activities present to journalistic privilege, confidentiality of sources and the protection of whistle-blowers.

Met obtained phone records of Sun political editor without consent


David Davis MP has written an article in the Daily Mail severely criticising the Government’s Data Retention and Investigatory Powers Bill (DRIP).  In the article he says that: “The Government has engineered a ‘theatrical emergency’ – in this case terrorism and hidden paedophile rings – to ram the Data Retention and Investigatory Powers Bill through Parliament without proper debate”. He is also critical of the way that the government has accepted the claims of the security without critical assessment of their validity and on the concessions the Government has made to with regards to scrutiny of the powers he said: “The Government has sprinkled some concessions throughout its announcement to sweeten the pill: an acknowledgement that the Regulation of Investigatory Powers Act is out of date; it will publish annual transparency reports; and a Privacy and Civil Liberties Oversight Board will try to balance our security requirements with our privacy […]

David Davis MP: This data law has nothing to do ...



Jane Wakefield writes on the BBC web site that Security Experts have been able to hack into smart network enabled LED light bulbs and switch them on and off remotely: Michael Jordon, research director at Context, explained how he was able to obtain the wi-fi username and password of the household the lights were connected to. “We bought some light bulbs and examined how they talked to each other and saw that one of the messages was about the username and password,” he told the BBC. “By posing as a new bulb joining the network we were able to get that information,” he added. “We were able to steal credentials for the wireless network, which in turn meant we could control the lights.” Although the vulnerability has now been fixed,  it does highlight the potential security and privacy issues associated with the “Internet of Things“.

Smart LED light bulbs Hacked


Caroline Molloy writes for Open Democracy about three amendments on care.data proposed by Professor Allyson Pollock and Peter Roderick: To address concerns and ensure data is available for genuinely medical and public health purposes, the authors have drafted three amendments which they are urging the Lords to adopt: “To keep confidential patient data in the public sector unless commercial organisations have express consent” and can demonstrate data are required for express medical purposes as set out in the law currently; “To put the Caldicott Independent Oversight Panel on a statutory footing with a duty for its advice to be taken into account”, and “To ensure independent or parliamentary oversight of directions to the Health and Social Care Information Centre and the accreditation scheme.” Prof Pollock explains: “These amendments will stop commercial exploitation of patient data and ensure there is proper scrutiny of commercial companies’ activities but they are still not […]

Three crucial safeguards for medical records proposed by leading voices ...


2
Olivia Solon writes in Wired: Data relating to every school pupil in England is now available for use by private companies thanks to a change in legislation implemented last year. The move is part of a wider government initiative to “marketise” data, which includes initiatives such as the much-criticised Care.data and the selling off of taxpayer data by HMRC. Education Secretary Michael Gove launched a public consultation back in November 2012 on proposal to let the Department for Education share extracts from the National Pupil Database “for a wider range of purposes than currently possible” to “maximise the value of this rich dataset”. The National Pupil Database (NPD) contains detailed information about pupils in schools and colleges in England, including test and exam results, progression at each key stage, gender, ethnicity, pupil absence and exclusions, special educational needs, first language. The data have been collected since around 2002 and is […]

Government offers school pupil data to private companies



Margaret McCartney, a general practitioner in Glasgow, writes in the British Medical Journal: Why is care.data, the government’s flagship NHS patient data programme in England, floundering? It’s consent, stupid. Most citizens who were asked hadn’t heard of the scheme. Consent to upload individuals’ medical records was sought by sending a leaflet, which was typically lost among a heap of pizza delivery menus. People who had opted out of receiving junk mail did not get it at all. The few who read the leaflet would have found that it didn’t even mention “care.data.” Also, it was heavy on assumed benefits (“find more effective ways of preventing, treating and managing illnesses”) but light on potential harms. It did not mention who would handle the data extraction (Atos), that records could be sold to private sector businesses, or the risk of re-identification by third parties and how this would be mitigated.

Care.data doesn’t care enough about consent


1
Rowena Mason writes in The Guardian: The personal financial data of millions of taxpayers could be sold to private firms under laws being drawn up by HM Revenue & Customs in a move branded “dangerous” by tax professionals and “borderline insane” by a senior Conservative MP. Despite fears that it could jeopardise the principle of taxpayer confidentiality, the legislation would allow HMRC to release anonymised tax data to third parties including companies, researchers and public bodies where there is a public benefit. According to HMRC documents, officials are examining “charging options”. The government insists that there will be suitable safeguards on personal data. But the plans, being overseen by the Treasury minister David Gauke, are likely to provoke serious worries among privacy campaigners and MPs in the wake of public concern about the government’s Care.data scheme – a plan to share “anonymised” medical records with third parties.

HMRC to sell taxpayers’ financial data


Bryan Glick writes in Computer Weekly: The government has formally ended the troubled e-Borders programme, four years after it cancelled a £750m contract for the IT project, although its intended functions have been incorporated into a new, broader project to secure the UK’s borders. Charles Montgomery, director general of the UK’s Border Force, told a meeting of the Home Affairs Select Committee on Tuesday 11 March 2014 that e-Borders had been “terminated”. But Home Office officials were subsequently keen to point out that although the e-Borders name is no longer used, all the intended aims of the programme have been merged into the the Border System Programme (BSP), an initiative launched in January 2013. At the time BSP was put out to tender, the Home Office told Computer Weekly it was separate to e-Borders, but its scope has since been expanded. The e-Borders programme was first commissioned in 2003 to […]

Government finally ends e-Borders programme