Uncategorized


Maggie Ybarra reports in the Washington Times that FBI agents cannot identify any major terrorism cases they have cracked using the snooping powers in the US Patriot Act. The revelation is interesting given the claims of its supporters that powers provided by the act such a bulk phone data collection, were critical to national security and had to be retained. The Patriot Act expired on Monday (1st June) and some (see here) of its surveillance powers were incorporated into the USA Freedom Act which was approved by Congress on Tuesday (2nd June).  Amongst the powers transferred was the power to enable bulk phone data collection; however, on a positive note this data can now only be accessed with court permission.

FBI Admits That No Major Cases Cracked by Patriot Act ...


2
The BBC News website reports that UK Police made 733,237 requests to view communications data over a three-year period according to a report by Big Brother Watch, equivalent to an access request every two minutes. Police Officers wanting to gain access to communications data have to be internally approved by a senior member of the relevant force and on average 96% of such requests are approved. Big Brother Watch wants more transparency about how such requests are authorised and the crimes the data is used to fight.  The group also wants judicial involvement as a final step in the approval process. The actual Big Brother Watch Report can be found here.

UK Police Seek Data Access ‘every two minutes’


2
Leo Kelion reports on the BBC news website that Google has looked into making internet-connected toys that control smart home appliances. A Google patent describes devices that would turn their heads towards users and listen to what they were saying, before sending commands to remote computer servers to control other devices.  The three-year old patent was spotted recently by the legal technology firm SmartUp.  It described the proposal as: “One of Google’s creepiest patents yet”. The Google patent suggests that the devices could be made into toys to encourage young children to interact with them.  However, campaigners have highlighted the privacy concerns with such devices which rather like Smart TVs send data back to remote servers, data which could potentially include private conversations. Google was unable to confirm if they might go on to develop the devices.

Google Patents ‘Creepy’ Internet Toys to Run the Home



John Leyden reports on the Register website that South Wales Police have been fined £160,000 for losing DVDs of an interview with a sex abuse victim and not reporting the loss for nearly two years. The unencrypted DVDs were left in a desk drawer and the loss was discovered after an office move in October 2011.  It emerged during the investigation that South Wales Police had no specific force-wide policy for the safe storage of victim and witness interviews. Commenting on the case Anne Jones, ICO Assistant Commissioner for Wales said: “Without any doubt we would expect a professional police force, in a position of trust, dealing with this type of highly sensitive information from victims and witnesses on a daily basis, to have robust procedures to keep track of the personal data in their care.”  

Welsh Police Force Fined £160,000 after Losing Sensitive Video Interview



2
Alex Matthews-King reports in Pulse that the NHS is overriding 700,000 patient opt-outs to GP data being shared. The Health and Social Care Information Centre has said that 700,000 patients registered an objection to their identifiable information being passed from the HSCIC to a third-party before the aborted roll-out of care.data in March 2014.  However, it admitted that it doesn’t currently have the resources to deal with this volume of objections and thus it has not been possible to implement the patient opt-outs. Dr Beth McCarron-Nash, who leads on care.data for the General Practitioners Committee, told Pulse: ‘Obviously, if there are technical difficulties that HSCIC are experiencing, they must be resolved, and it is their responsibility to make sure patients are protected. But basically it’s a mess.’

NHS overriding 700,000 patient opt-outs



David Kravets reports on the Ars Technica website that the US National Security Agency’s bulk telephone metadata collection program is illegal, but not unconstitutional according to a federal appeals court ruling. The case was brought by the American Civil Liberties Union and sets aside a judgement by a lower court that metadata collection was permissible. According to the article, the court noted that the Patriot Act gives the government wide powers to acquire all types of private records on Americans as long as they are “relevant” to an investigation.  But the government is going too far when it comes to acquiring, via a subpoena, the metadata of every telephone call made to and from the United States. The legal authority allowing the NSA to collect telephone metadata expires on 1st June 2015 and will need renewing by Congress if it is to continue.  It is not clear how the ruling […]

US Court Rules NSA Phone Metadata Collection is Illegal


The campaign group Big Brother Watch has prepared a briefing note on privacy and other issues with the European Union’s eCall system which the European Parliament voted on 28th April 2015 to make compulsory in all new cars. Although eCall is promoted as an EU-wide emergency alert system to help ambulance crews get to road accidents faster, it raises significant privacy and snooping concerns because it works in partnership with an Event Data Recorder (EDR).  The EDR records for 20 seconds before an accident and 10 seconds afterwards; however, as the briefing note points out this means it must be recording and erasing continuously. Currently it is not intended that eCall should transmit data continuously, but it could do so and this opens up the possibility of mission creep such as the system being used to track motorists, as the EDR has the ability to record a vehicles exact location. […]

Big Brother Watch Briefing Note on EU Car Tracking eCall ...


The BBC News website reports that Airbus says it will file a criminal complaint over allegations that German intelligence helped the US carry out industrial espionage on the company. German media reports suggest that the country’s spy agency BND collected data on European firms at the behest of the US National Security Agency.  Airbus said it had asked for more information from the German government and said in a statement: “We are aware that large companies in the sector, like ours, are targets of espionage,” …… “However, in this case we are alarmed because there is concrete suspicion.” Airbus was named by the German press as one of the firms that was targeted by the spying operation.  It is believed that BND eavesdropped on online, phone and other communications in order to gather information.

Airbus to sue over US National Security Agency Spying



2
The Law Gazette reports that professional bodies representing lawyers and other legal professionals are calling for statutory protection for professional privilege. It follows a landmark ruling by the Investigatory Powers Tribunal (IPT) ordering the intelligence agency GCHQ to destroy illegally intercepted communications between Libyans subjected to renditions and their lawyers in the UK. However, despite the ruling both the Law Society and the bar have said the ruling does not sufficiently protect lawyer-client communications.  Andrew Caplen, president of the Law Society commenting on the current situation said: ‘The current legislative framework remains unsuitable and we hope that the Regulation of Investigatory Powers Act will be amended or replaced to include explicit protection of legal professional privilege.’

Legal bodies call for statutory protection for professional privilege following ...


4
The This is Money website reports that insurance customers who swear or use racist language on websites such as Twitter or Facebook could soon find themselves missing out on cheaper insurance deals. California-based Social Intelligence Corp is in talks with UK insurers about introducing software to analyse social media accounts and will allow insurers to decide if someone should be given a special offer. The firm claims that someone with 200 LinkedIn connections, an email address in use for five years and a Facebook profile, is a better risk than someone who doesn’t meet these criteria.  In contrast, insurance customers who swear or use racist language on websites such as Twitter or Facebook could find themselves missing out on cheaper insurance deals.

Insurers on the Lookout for Swearing or Racist Language on ...


The Mail Online reports that e-reader devices can track users and report back to e-book stores information such which books you are reading, the amount of time spent on a particular passage and what time you put the e-reader device down to go to sleep. Michael Tamblyn, of Kobo, which supplies e-readers to WHSmith, John Lewis and Tesco, said it collects information from users to recommend new books and boost sales.  Amazon’s Kindle also collects similar information. Commenting on the revelation Renate Samson, of Big Brother Watch, said: ‘That these products feel the need to monitor more than just what we read, but to actively store data on what page we might linger on or more worryingly what time of day or night we choose to read seems disproportionately intrusive on what is to most of us a moment of personal quiet time.’

Your e-reader is Watching You



Yasha Levine reports on the PandoDaily website on how the U.S. Government has and continues to fund internet tools that provide anonymity and privacy such as Tor, CryptoCat and Open Whisper Systems. The article provides an interesting insight into the activities and history of the blandly named Broadcasting Board of Governors (BBG), which has its origins in the cold war, and the way money passes through BBG controlled Radio Free Asia and the stations Open Technology Fund, to groups and individuals developing various privacy technologies. Although the author questions whether privacy activists should be accepting funding from the US Government, a probably more important question is why the US Government would want provide funding to organisations and individuals to develop technology that provides protection from surveillance by the US National Security Agency (NSA) and the UK’s GCHQ etc.  This is a question very rarely discussed by privacy campaigners or journalists, […]

Internet Privacy Funded by Spooks: A Brief history of the ...


Samual Gibbs reports in the Guardian that Facebook has admitted that it has tracked users who do not have an account with the social network, but this only happened because of a software bug that is being fixed. Facebook was responding to a report commissioned by the Belgian data protection authority, which found Facebook in breach of European data protection laws.  In a press release called “Setting the Record Straight on a Belgian Academic Report” (which can be found Here) Facebook claims that: “The report gets it wrong multiple times in asserting how Facebook uses information to provide our service to more than a billion people around the world.” Facebook has come under increasing pressure recently about how it uses data and its privacy policies, with the European Commission saying EU citizens should close their Facebook accounts if they want to keep information private from US security services, as the […]

Facebook admits it tracks non-users, but denies claims it breaches ...


Neil McAllister reports on The Register website that an audit of the TrueCrypt disk-encryption software has been completed and confirms that it is secure and there is no evidence of back-doors, or serious design flaws in its code. Attention became focused on the ongoing audit of TrueCrypt after the anonymous developers of the software mysteriously abandoned its ongoing development in May 2014. The potential loss of TrueCrypt was an issue for people who rely on encryption to protect their data such as Journalists. However, a number of other disk encryption systems are under development based on the TrueCrypt source code such as CipherShed and VeraCrypt. The actual report on the audit of TrueCrypt can be found Here.

Audit Confirms TrueCrypt is Secure