Sally Adee discusses in an article in New Scientist magazine whether it is possible to permanently delete a social media profile. The article highlights the situation with the recently hacked Ashley Madison website (an adultery website) which guaranteed to remove all members date upon payment of a £15 fee.  However, the recent hacking of the site has highlighted that due to financial auditing requirements, credit card details and the name used to scrub the account have been retained.  This obviously defeats the point of the user paying to have their records removed. Many sites such as Facebook have ambiguous policies on deleting data and what data is actually deleted after a user deletes their account.  This is compounded by the fact that deleting digital records is not necessarily as straight-forward as it seems, as account information may be held in multiple data centres distributed across the world. The problem with […]

Is it Possible to Permanently Delete a Social Media Profile?


The BBC News website reports that HM Revenue and Customs (HMRC) wants to collect information from internet companies to allow it to identify companies and individuals who have not declared income from online sales. The planned powers would cover sites that carry advertising, App stores such as those for Apple and Google, booking intermediaries like Airbnb and also e-commerce sites such as Ebay.  The plan does raise obvious concerns about the potential for fishing expeditions by HMRC, as they plan to cross-reference this third-party information against other records they hold and information supplied by taxpayers themselves, in order to identify individuals and businesses evading tax. HMRC have issued consultation document on the plans which can be found here. Comment from the Newsblog Editor: These proposed powers are interesting in the context of past attempts to increase HMRC surveillance powers.  HMRC was to be one of the chief beneficiaries of the […]

HMRC Plans to Monitor internet Sites and Transactions for Tax ...


Karl Thomas reports on the Welivesecurity website that local authorities in Cambridgeshire, Norfolk and Suffolk have suffered more than 160 data breaches in the past year. Most incidents were the result of human error, such as e-mails and letters being misaddressed. However, in one astonishing case a filing cabinet containing sensitive files was sold following an office move, although the files were subsequently recovered from the buyer.

Eastern England Councils in Slew of Data Breach Errors



3
Tom Whitehead reports in the Daily Telegraph that an Interception of Communications Commissioner report has highlighted that five people have had their homes searched and computers seized after they were wrongly identified as paedophiles, with one person being arrested.  Additionally, information on dozens of other innocent people was wrongfully disclosed to the officers investigating child sex abuse or pornography due to errors with the requests. Commenting on the errors Joanna Cavan, the head of commissioner’s office, said: “Although the numbers are small, the consequences are significant and they can be devastating.” The failures did not only mean that innocent people were investigated but that some genuine suspects escaped investigation because by the time it was realised that the wrong people were being investigated, the records of the suspects had been deleted by their internet service providers. The report also reveals that 998 errors were made in communications data requests in […]

Innocent People Treated as Paedophiles after Snooping Blunders


1
In a land mark case two MPs, David Davis and Tom Watson, have won a High Court judgement that the Data Retention and Investigatory Powers Act (DRIPA) is incompatible with human rights (see this BBC News article here). Legislation is normally subject to significant Parliamentary scrutiny, but the MPs claimed that because DRIPA was rushed through in days, there was no time for proper parliamentary scrutiny, hence the need for the unusual step of judicial review.   The MPs argued before the court that DRIPA was incompatible with the right to a private and family life, and data protection, under both the Human Rights Act and the European Union Charter of Fundamental Rights.  An argument that the court accepted. In the judgement the court has ruled that the unlawful sections of DRIPA can stay in force until the end of March 2016, to allow time for the government to compose new […]

MPs Win Surveillance Powers Legal Challenge, but Government to Appeal


Manchester NO2ID has launched a Twitter page to allow NO2ID members and followers particularly in the Manchester area, to keep up with database state developments and local campaigning activities. The web address of the site is: https://twitter.com/ManchesterNO2ID

Manchester NO2ID Launches Twitter Account



A recent article in The Independent newspaper by Andrew Griffin highlights that Facebook is almost certainly tracking people using its rainbow picture tool, which enables users to change their profile picture to rainbow coloured in support of same-sex marriage. In using the tool many users are probably not aware that they are providing demographic data to Facebook which could be used to target advertising, or be supplied to third parties.  Just as many are not aware that the Facebook “pay with data” financial model, means that all information provided to the site may potentially be used for commercial purposes.  It should also be noted that although Facebook has stated that the information gathered by the tool will not be used for serving advertising, the site is notorious for its ever-changing privacy model, so the assurance probably needs to be taken with a pinch of salt. Interestingly, social scientists have already […]

Facebook Could Use Rainbow Profile Pictures to Profile Users


5
Julian De Vries reports on The Nation website that in the US it is possible for someone to be prosecuted for deleting their browser history or other electronic records, even though the individual has no idea they are under any sort of investigation. The problem lies with the Sarbanes-Oxley Act, which was originally enacted in the wake of the Enron scandal to stop corporations under investigation from shredding or destroying incriminating documents.  However, its application has been broadened out by prosecutors to cover situations way beyond its original aims. One reason why it has been possible to expand its use is that prosecutors do not have to show that an individual deleting material is aware an investigation is underway.  As a result anybody even innocently deleting electronic records such as browser history or text messages, could years later be prosecuted for doing so.  The scenario is not a hypothetical one […]

In the US You Can Be Prosecuted for Clearing Your ...


Ryan Whitwam reports on the ExtremeTech website that researchers have found a way to track android phones by studying their power use over time. The technique works on the principle that the further away a phone is from a base station, the more power the phone uses to maintain a connection.  Researchers called their proof of concept application PowerSpy.  Before it can be used a power map of an area has to be established so that PowerSpy knows what performance to expect in a particular location. Although making a call or using apps will also drain power, the algorithm used in PowerSpy is designed to monitor power use over several minutes, so that battery usage not associated with location can be filtered out.

Battery Power Alone Can be Used to Track Android Phones



2
Ellen Nakashima reports in the Washington Post that the recently discovered hack (see previous post here) by the Chinese of the US Office of Personnel Management, has included a database holding sensitive security clearance information on US Government workers and contractors. Joel Brenner, a former US counter­ intelligence official said about the news, “This is potentially devastating from a counter­ intelligence point of view,”  “These forums contain decades of personal information about people with clearances . . . which makes them easier to recruit for foreign espionage on behalf of a foreign country.” Sir Tim Berners-Lee has previously highlighted the dangers of blackmail if foreign spy agencies get hold of data on persons with access to national security information, although in the context of the retention of web surfing and phone records – see here.

Chinese Hack has Compromised US Security Clearance Database


4
Alexander J. Martin reports on the Register website that people attending the Download Festival had their faces scanned by a Police facial recognition system, and there was surveillance of their on-site location and expenditure via RFID wristbands. Attendees faces were scanned using a system called NeoFace and then compared with a database of “lawfully held European custody photographs”.  The original plan was for attendees not to have been told about the surveillance until after the event; however, publication of an article in the Police Oracle revealed the surveillance plan in advance. In addition RFID wristbands had to be used to make purchases and move about the festival with no opt-out possible.  A significant concern with the use of these RFID wristbands, is that Download’s privacy policy stated that information collected via the RFID cashless payment wristbands, would typically be shared with third-party companies to establish the users interests, purchases and […]

Police Scanned Faces of Everyone at Download Festival


4
Today is the 800th anniversary of the signing of the Magna Carta, a document which has very much changed the world, being the first document of its kind to protect the rights and freedoms of society and establish that the king was subject to the law.  Of course there is an argument that at the time of its signing, the Magna Carta was not as significant as it has become, but that really isn’t the point, it is what it now stands for that matters. Amongst the many events that have been held to celebrate the anniversary the British Library has revealed the current top 10 clauses people would like to see in a “Magna Carta for the digital age”.  This was the result of a British Library’s project conceived to encourage particularly young people to think about privacy, internet access and freedom in the digital age. See the British […]

Digital Magna Carta ‘Top 10’ Clauses Revealed



1
David Barrett reports in the Daily Telegraph that telephone masts which can listen to mobile phone conversations without the owner’s permission are being operated in Britain. The devices, technically known as IMSI catchers, but also referred to stingrays, trick handsets into thinking they are genuine mobile phone towers in order to monitor calls and other data including texts and emails.  They have been used in a number of foreign countries to target the communications of criminals, but are difficult to use in a targeted manner and will also hoover up data from innocent people’s mobile phones. Police have refused to discuss whether they are behind the installation of the masts, at least 20 of which were uncovered in London in an investigation by the Sky News television channel.

Fake Mobile Phone Masts Spy on your Calls


1
Ellen Nakashima reports in the Washington Post that Hackers working for the Chinese state breached the computer system of the US Office of Personnel Management in December 2014. The Office of Personnel Management is essentially the Human Resources function of the US Government.  The breach is believed to have resulted in the loss of the personal details of up to four million current and former US Government employees. The breach is the second major breach of US Government networks by China in the past year.  Austin Berglas, a former cyber official at the FBI’s New York field office said in response to the news: “China is everywhere. They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”

Chinese Breach Data of Four Million Federal Workers


Maggie Ybarra reports in the Washington Times that FBI agents cannot identify any major terrorism cases they have cracked using the snooping powers in the US Patriot Act. The revelation is interesting given the claims of its supporters that powers provided by the act such a bulk phone data collection, were critical to national security and had to be retained. The Patriot Act expired on Monday (1st June) and some (see here) of its surveillance powers were incorporated into the USA Freedom Act which was approved by Congress on Tuesday (2nd June).  Amongst the powers transferred was the power to enable bulk phone data collection; however, on a positive note this data can now only be accessed with court permission.

FBI Admits That No Major Cases Cracked by Patriot Act ...