Ray Massey reports on the This is Money website that nearly 19,000 foreign drivers failed to pay ANPR generated fines for none payment of the Dartford River Crossing toll in December 2014. Toll booths were removed in November 2014 with payment required by internet, phone or account. Vehicles using the crossing are identified by an automatic number plate recognition (ANPR) system and fines are issued if the £2.50 toll is not paid by midnight the following day. The 19,000 foreign drivers are amongst 130,306 road users sent penalty charge notices in December 2013 of which 73,898 had been settled by the end February.  As many as one in seven drivers using the Dartford River Crossing failed to pay in the schemes first month, which was double the expected non-payment rate of one in 14. Comment from Newsblog Editor: It is worth considering the financial model being employed on the crossing […]

19,000 foreign drivers fail to pay ANPR generated fines

Following a series of high-profile losses of customer’s personal data suffered by major companies such as Sony, Home Depot and Target, Erik Sherman considers on the CBS Moneywatch website why companies do not improve IT security and safeguards for customer data. The answer is that although the cost of remediation and fixes following such data leaks looks enormous to the average person, the financial impact on companies is negligible.  For example, when Target lost 40 million credit card numbers and 70 million other records, the cost after deductions was 105 million dollars which is less than 0.1 percent of the company’s revenue. Even the reputational damage to companies from huge data losses seems relatively short-lived.  Following a major breach of Sony’s network the Ponemon Institute polled consumers every 48 hours to check the company’s reputation.  After less than six months the Sony’s reputation had recovered its place to where it […]

The reasons companies don’t fix cyber security

Neal Keeling reports in the Manchester Evening News that an investigation has been launched after scores of hospital staff at Salford Royal Hospital allegedly broke data protection rules to look at a colleague’s medical records. The person’s records were accessed via the Electronic Patients Record system which was installed two years ago.  Some 7,000 health care professionals have access to the system which is supposed to have a high level of security control, with users receiving formal training in information governance on an annual basis. The member of staff whose records were viewed had been admitted to the hospital for treatment a few months ago and is now believed to have commenced legal action against the hospital.

Hospital staff breached rules to view colleague’s medical records

Kyle Ellison reports on the WeLiveSecurity website that Russian authorities have indicated that VPNs and the online anonymising software Tor, could be banned for the country’s 143.5 million residents. Speaking on 5th February, Leonid Levin, the head of the Duma Committee on Information Policy, said: “One of the factors in the formation of the Internet environment in our country has become the authority for the pre-trial blocking of websites. It allows us to block sites banned in Russia quickly enough. At the same time the pre-trial blocking of anonymising services deserves attention, such as access to the anonymous network Tor.” Shortly after Levin’s speech, Russian media watchdog Roskomnadzor came out in support of the Tor and VPN ban.

Russia seeks VPN and Tor ban

The Daily Telegraph reports that the US National Security Agency (NSA) and its British counterpart GCHQ obtained encryption keys of the global SIM manufacturer Gemalto, by hacking into the company’s computer systems. Gemalto which is based in the Netherlands is the world’s largest manufacturer of SIM cards.  Access to the encryption keys would give the NSA and GCHQ a hugely expanded surveillance capability as encrypted voice calls could be easily decrypted. The revelations came from documents leaked by former NSA contractor Edward Snowden. The story was originally broken by the investigative website Intercept and the original story can be found here.

GCHQ and NSA stole SIM encryption keys

Bruno Waterfield reports in the Telegraph that the EU will seek new powers to monitor air travel and the movements of air passengers, in the aftermath of terror attacks in Paris on the satirical magazine Charlie Hebdo and the Jewish Hyper Cacher supermarket. The push for enhanced travel surveillance follows concerns that the EU’s free movement zone makes it harder for security services keep an eye on jihadis with links to Syria or Iraq. However, Statewatch, a European civil liberties watchdog, criticised the plan and accused the EU of a coming up with a list of unworkable and legally questionable measures unlikely to prevent the sort of attacks seen in Paris. Ben Hayes, a specialist in EU security policy for Statewatch said: “On the basis of what is now known about the Charlie Hebdo attacks, the need to review existing security arrangements far outweighs the need for any new legislation.”

EU pushes for new powers to monitor air travel following ...

Robert Mendick, and Robert Verkaik report in the Daily Telegraph that Nursery school staff and registered childminders will have to report toddlers at risk of becoming terrorists, under counter-terrorism measures proposed by the Government. The proposal is in a Home Office consultation document to accompany the Counter-Terrorism and Security Bill, currently going through parliament.  It suggests that nurseries and along with schools and universities have a duty to prevent people being drawn into terrorism.  However, critics claim the plan is heavy-handed and turns teachers and carers as “spies”.  There are also concerns over the practicalities of making it a legal requirement for staff to inform on toddlers. David Davis, MP said: “It is hard to see how this can be implemented. It is unworkable. I have to say I cannot understand what they [nursery staff] are expected to do.  Are they supposed to report some toddler who comes in praising […]

Anti-terror plan to spy on toddlers

MedConfidential published a background briefing concerning care.data and related issues, for the Health Select Committee meeting on held on Tuesday 9th December 2014. This covered amongst other things (1) MedConfidential’s proposed amendment to the role of the National Data Guardian, (2) the lack of the patient opt-out still not being on a statutory basis and (3) the situation with consent around the use of hospital data within care.data. A recording of the Committee meeting can be found here.

MedConfidential Background Briefing for Health Select Committee – December 2014

The BBC News website reports that Theresa May the Home Secretary is proposing a law forcing Internet Service Providers (ISPs) to hand over to the police information identifying who was using a computer or mobile phone at a given time. Although the current proposals do not resurrect the full powers in the abandoned Communications Data Bill, which is commonly called the Snoopers’ Charter, Conservative MP and former leadership contender David Davis said the new measure was a “stepping stone back” to those proposals. The core requirement of the new legislation is that ISPs record the user of a specific IP address at a specific time. Although each device has its own IP address, these change over time and when a device is switched on and off and thus an IP address is typically shared between different users. At the moment ISPs have no business need to retain information on a […]

Internet data plan back on political agenda

Big Brother Watch have issued a report on NHS data breaches.  It reveals that from the 1st April 2011 to 11th November 2014, there have been at least 7,255 breaches which is the equivalent to six breaches every day. As well as considering the number of data breaches within the NHS, the report reflects on the legislation that is in place to address them, highlighting that the Data Protection Act 1998 (DPA) has a number of flaws that must be corrected. Big Brother Watch proposes three measures that should be introduced, including introducing the option of custodial sentences and criminal records for the worst offenders and providing better training.

Patient Confidentiality Broken Six Times a Day

Chris Mallett reports in the Derby Telegraph of a case where Derby City council used the Regulation of Investigatory Powers Act (RIPA) to spy on a Derby Telegraph reporter. The incident was highlighted  during a House Of Lords debate on the Regulation of Investigatory Powers act by Lord Black of Brentwood, executive director of the Telegraph Media Group. However, they were seen by member of Council staff who alerted colleagues who dispatched two members of the internal audit department to conduct the surveillance.  Lord Black highlighted that confidential sources like Miss Green’s were critical for reporting matters of public interest and said: “Just think about the disastrous impact on local press reporting of local authorities if such sources of information dried up.”

Derby City Council used RIPA to Spy on Reporter

Kat hall reports in the Register that some NHS trusts have failed to put agreements in place with Microsoft for extended security support for Windows XP. A majority of NHS trusts still operate Windows XP based machines and have signed up to a Cabinet Office agreement with Microsoft to provide ongoing security upgrades until April 2015; however, 18 trusts have so far failed to sign the agreement. The article highlights that a total of 1.1 million PCs and laptops are estimated to be running Windows at trusts, GPs and other health groups that comprise the NHS in England.  The security risks from a lack of security support depend on factors such as how many non-upgraded machines are on the networks, the effectiveness of perimeter defences and the availability of suitable exploits for an attacker to use.

Patient records open to hackers due to NHS Trusts failing ...

Bill Gardner reports in the Daily Telegraph that Government monitoring of communications in 2013, has more than doubled when compared 2010 which was the Coalition’s first year in power. Home Office figures show the department accessed 6,056 items of communications in 2013, compared with 2,813 in 2010.  The monitoring was undertaken using the Regulatory of Investigatory Powers Act (RIPA), which has come under scrutiny in recent weeks due to the Police using it to gain access to journalists’ phone records enabling them to identify confidential sources.

Spying on phone calls and emails has doubled under the ...

Rory Cellan-Jones the BBC Technology Correspondent reports on the BBC News website how he spent a day without data.  The aim was to explore what data is collected, who benefits from it and how easy it is to avoid leaving a data trail. Rory meets up with Dr George Danezis, an expert on privacy and information security at University College, London who will take him through what he needs to do to avoid leaving a data trail or sharing his data.  However, this is very difficult to do in the modern world. As George highlights: “Your job today is going to be very difficult, You won’t be able to use the internet, but you also won’t be able to do lots of other things – in fact you won’t be able to live a 21st Century life.”

A day without data