The DNA of the UK Constitution

The European Union really makes my blood boil. If they’re not telling us what shape our bananas should be, they’re ordering our grocers to sell potatoes by the metre. Now, in the latest piece of politically correct European legislation, convicted paedophiles will be allowed to keep a pale 8 year old boy in their cells, after the European Court of Justice ruled that this was a fundamental “Yuman Rite”.* You couldn’t make it up.† We’re literally going to hell in a handcart.

Or so you’d believe if you had access to no other media than the Daily Mail. But even readers of what Alan Partridge described as “arguably the best newspaper in the world” surely can’t complain about a recent judgement from the European Court of Human Rights (ECHR) which ruled that it is illegal to retain DNA profiles and fingerprints of people who have never been convicted of a crime.

The case was brought by two men from Sheffield whose DNA was taken after they were arrested on two separate and unrelated charges; one case involving alleged harassment was dropped, while the other man was acquitted of attempted robbery. Yet in spite of their innocence, these two men’s DNA and prints are still on a national criminal database, along with 570,000 other profiles of innocent individuals (some sources, notably today’s Guardian, say 850,000).

In reaction to the ruling the Home Secretary, Jacqui Smith, said that while she was “disappointed” (shouldn’t that be “disappointing”? Ed.), the existing law would remain in place “while we carefully consider the judgement.”

Well Jacqui, consider this. Presumption of innocence is an inseparable part of this country’s DNA, stretching back at least to Magna Carta. The principle of ei incumbit probatio qui dicit, non qui negat (that the burden of proof rests on whom asserts and not on whom denies, for those of you with a state education) is a fundamental foundation of our entire legal system which, in spite of frequent criticisms, remains one of the best in the world.

Ms Smith argues that DNA and fingerprinting is vital in the fight against crime, and claims that it provides the police with more than 3,500 matches a month. But Jacqui, we’re going to let you into a little secret. You know that statue of Justice on top of the Old Bailey? What’s that she’s holding in her left hand? That’s right – scales! And do you know what that represents, Jacqui?
Yes, it’s balance! And that’s what justice is all about – balance.

Taking the Home Secretary’s comments at face value, we should take the prints and DNA of every British child at birth; then we’d have a nice big database of everyone’s details. But that wouldn’t play very well with the public, would it, so how about taking young people’s DNA the moment they turn 16 – what could be objectionable about that?

Merely the fact that it criminalises the innocent and robs us of a fundamental principle of our centuries-old legal system.

The EU can often be a ponderous, calciferous and obtuse organisation, but we should applaud it when it makes the right decisions. Well done.

* Probably.
† Well, actually you could.

Gut feeling

In spite of our previous post about the NHS, this blog is concerned primarily with data in general, and the impact of technology on personal information in particular.

So, at the risk of appearing to stray off topic, we’ll start today with Gordon Brown’s plan to liberalise the UK’s rules on organ donation. The prime minister wants everyone in the UK to be automatically included in the organ donor register under a system of “presumed consent”. Anyone who objects to having their kidneys re-used after their death would have to opt out of the system.

The thorny issue of organ donation provokes visceral (sorry) reactions in most, if not all, of the population: some see it as inherently selfish not to let others use your lights after you’re dead; others see it as yet another example of the creeping nanny state robbing citizens of jurisdiction over their own bodies.

There are, of course, powerful arguments both for and against presumed consent, and it’s beyond the remit of this blog either to defend or denounce Gordon’s plan.

But the principle of consent, and specifically the opt-in / opt-out debate, sits at the very heart of the continuing debate about the protection of our personal data, especially on the web.

Should services that use our personal data be opt-in or opt-out? Most people would instantly and decisively declare that any Internet service which collects, processes, uses or stores our personal data should naturally be opt-in.

We strongly disagree.

Regular readers will know that this blog tries to champion people’s right to privacy, whether online of offline, so there might be some who are surprised that we feel so strongly against the opt-in model. After all, shouldn’t we have to give our express permission, based on thorough information, before allowing others access to our private lives?

Ah, but indeed; and therein lies the problem.

Every time we tick the checkbox accepting terms and conditions – be it for a website, a new online service, or to set up an email account – we are giving our consent to everything in the small print.

When was the last time you read through a website’s Ts&Cs? In fact, have you ever done so? Do you know what you consented to when you signed up to watch YouTube or set up a Google Mail account? No, but you checked the box without thinking, just because you were impatient to get on with it.

And that’s where the danger of opt-in lies. Irresponsible sites – unlike YouTube and Google Mail – can use the opt-in mechanism to obtain people’s explicit consent for any number of nefarious activities by slipping new services into their terms and conditions, knowing that the vast majority of people will blithely tick the box without reading them.

Much better, then, to obtained people’s informed consent before they sign up – let them know exactly what they’re consenting to by having an unavoidable notice, explaining any changes to service, on the log-in page.

No reasonable person can argue that it should be easy as possible for people to see what they’re signing up to; yet most campaigners on this issue seem still to be in thrall to the sanctity of opt-in, which makes it so easy for people to bury nasty surprises in the Ts&Cs.

This visibility, this informing of stakeholders, is what’s lacking from the prime minister’s plans for presumed consent. While presumed consent is fair to the educated, literate and informed, it ignores the much greater majority of people who are not au courant and thus are in no position to give informed consent to organ donation.

Two cheers for the NHS

Of all the categories of sensitive data, it is information about our health and our medical histories that is perhaps the most personal and private.

For example, you wouldn’t want a stranger – or worse, a colleague – knowing that you’re being prescribed Anusol Ultra for your chalfonts, would you? Nor would you want your boss to know about the methadone prescription, or your mother to know about your latest suicide attempt. Unless, of course, it was a cry for help.

But even if it contains nothing as dramatic as an overdose, we tend to guard our medical history very jealously.

So it may come as a shock to learn that not only has the NHS amassed a central database of around one billion confidential records of patient visits to hospital, it is routinely sending some of these records to an academic organisation outside the NHS. These records contain personally identifiable information, such as postcodes and NHS numbers, as well as medical information, including diagnoses and any treatment given.

Now, a certain breed of querulous privacy advocate will start whining the moment they hear the words “giant database” in conjunction with “confidential data”. Not so data grub: we understand that there are often the very best reasons for aggregating personal data, as long as stringent measures are in place to ensure absolute confidentiality.

In this case, the aim is to use this vast resource of information to improve the NHS’s service and treatment outcomes, which I think we can agree is a Good Thing.

The other good news is that both the NHS and the academic organisation that uses this data, the inanely-titled Dr Foster Unit, seem to have taken decent precautions to protect patients. All data is held on encrypted discs and is sent by secure courier, which is a pretty good start. Then, at the Dr Foster Unit, the data is kept in secure offices, on disc-less workstations which have no link to the Internet.

While this compares pretty favourably with the cavalier approach towards data security shown by other public sector bodies, among them the Ministry of Justice, the MoD and the Department for Work and Pensions, it’s certainly far from perfect.

Our main gripe is that personally identifiable information (PII) is contained within the data that’s being sent out of the NHS. While PII such as postcodes may be vital for making distinctions between different areas of a town or the country, surely the NHS should secure people’s informed consent if they are to use their data in this way?

So, two cheers for the NHS and the Dr Foster Unit for at least trying to apply best practice to the use of sensitive data. But, as we asked at the beginning, why should anyone other than one’s doctor be able to look at your confidential medical history, even if it’s just some academic at Imperial College?

Now, if they anonymised this PII irreversibly, ensuring that records cannot be traced to an individual, while at the same time remaining useful to the bean counters (all perfectly possible with today’s technology), well – that would be just what the doctor ordered.

We’re big fans of Richard Thomas here at data grub.

Mr Thomas, as any fule kno, is the UK’s Information Commissioner and head of the Information Commissioner’s Office. They’re the independent regulatory office dealing with all sorts of privacy legislation like the Data Protection Act, the Freedom of Information Act and many others too numerable and mind-numbing to mention.
Put succinctly, Mr Thomas and his team are there to prevent the creeping threat of a Big Brother state, and also to stop any attempt by private companies to read our emails, share our data or plant transponders in our brains constantly reminding us that Sud-U-Like Washes Even Whiter.

It’s a pretty thankless task, but one that he and his team have been doing pretty bloody well, at least in my opinion. They’re not afraid to stand up for citizens’ privacy when it’s genuinely threatened by big business or big government, while at the same time ever-ready to slap down spurious, misinformed petitions from bleating, single issue, self-important “privacy experts”. (I think you’ll know whom I’m referring to, Alex...)
So even though the latest utterance to pass the Commissioner’s lips could have come from the Department of Bleeding Obvious, at least it’s being said by someone whose words carry weight.

In a speech yesterday Mr Thomas warned that the proliferation of ever larger centralised databases is increasing the risk of people’s personal data being lost or abused.
He also drew attention to bears’ predilection for sylvan defecation and raised questions about the Pope’s commitment to Islam.

But sometimes you do need to state the obvious, loudly and often. This is one such time.
Because on Tuesday, Jacqui Smith was forced to admit that the Government will soon begin technical work on its giant database of all email, text, phone and web traffic – even though the legislation has yet to be passed by Parliament.

Of course, the present Government is completely contemptuous of Parliament and will go ahead with its plans whatever Richard Thomas, or anyone else, says.

Which is a shame, because much of Mr Thomas’ speech was given over to a report on how reported data losses have soared in the past year. The number of data breaches - including lost laptops and memory sticks containing sensitive personal records - reported to him has risen to 277 since the loss of 25 million child benefit records was disclosed nearly a year ago.

The new figures show that the information commissioner has recently launched investigations into 30 of the most serious cases. The 277 breaches include 80 reported by the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector.

Mr Thomas pointed out that as new technology is harnessed to collect vast amounts of personal information, the risks of it being abused increase: "It is time for the penny to drop,” he said. “The more databases that are set up and the more information exchanged from one place to another, the greater the risk of something going wrong.”

"The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made."

It is not difficult to grasp this concept, Jacqui. It is a simple, elegantly expressed and indisputable fact. But why listen to boring old Richard Thomas?

Sir Ken Macdonald, the director of public prosecution (DPP), speaking after Smith’s admission, weighted in to warn that the government was in danger of “breaking the back of freedom” with the relentless pressure of a security state.

But I think Richard Thomas’ point is the stronger – if we can’t trust the government with our private data now, how the hell are we supposed to trust it when it holds details of all electronic communications in the UK?

Doubting Thomas?

We’re big fans of Richard Thomas here at data grub.

Mr Thomas, as any fule kno, is the UK’s Information Commissioner and head of the Information Commissioner’s Office. They’re the independent regulatory office dealing with all sorts of privacy legislation like the Data Protection Act, the Freedom of Information Act and many others too numerable and mind-numbing to mention.


Put succinctly, Mr Thomas and his team are there to prevent the creeping threat of a Big Brother state, and also to stop any attempt by private companies to read our emails, share our data or plant transponders in our brains that constantly remind us that Sud-U-Like Washes Even Whiter.

It’s a pretty thankless task, but one that he and his team have been doing pretty bloody well, at least in my opinion. They’re not afraid to stand up for citizens’ privacy when it’s genuinely threatened by big business or big government, while at the same time ever-ready to slap down spurious, misinformed petitions from bleating, single issue, self-important “privacy experts”. (I think you’ll know whom I’m referring to, Alex…)


So even though the latest utterance to pass the Commissioner’s lips could have come from the Department of The Bleeding Obvious, at least it’s being said by someone whose words carry weight.

In a speech yesterday Mr Thomas warned that the proliferation of ever larger centralised databases is increasing the risk of people’s personal data being lost or abused.


He also drew attention to bears’ predilection for sylvan defecation and raised questions about the Pope’s dedication to Islam.

But sometimes you do need to state the obvious, loudly and often. This is one such time.


Because on Tuesday, Jacqui Smith was forced to admit that the Government will soon begin technical work on its giant database of all email, text, phone and web traffic – even though the legislation has yet to be passed by Parliament.

Of course, the present Government is completely contemptuous of Parliament and will go ahead with its plans whatever Richard Thomas, or anyone else, says.

Which is a shame, because much of Mr Thomas’ speech was given over to a report on how reported data losses have soared in the past year. The number of data breaches - including lost laptops and memory sticks containing sensitive personal records - reported to him has risen to 277 since the loss of 25 million child benefit records was disclosed nearly a year ago.

The new figures show that the information commissioner has recently launched investigations into 30 of the most serious cases. The 277 breaches include 80 reported by the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector.

Mr Thomas pointed out that as new technology is harnessed to collect vast amounts of personal information, the risks of it being abused increase: “It is time for the penny to drop,” he said. “The more databases that are set up and the more information exchanged from one place to another, the greater the risk of something going wrong.”

“The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made.”

It is not difficult to grasp this concept, Jacqui. It is a simple, elegantly expressed and indisputable fact. But why listen to boring old Richard Thomas?

Sir Ken Macdonald, the director of public prosecution (DPP), speaking after Smith’s admission, weighed in to warn that the government was in danger of “breaking the back of freedom” with the relentless pressure of a security state.

But I think Richard Thomas’ point is the stronger – if we can’t trust the government with our private data now, how the hell are we supposed to trust it when it holds details of all electronic communications in the UK?


By the way, have a look at http://www.guardian.co.uk/technology/2008/oct/29/data-security-breach-civil-liberty for Thomas’ table on this year’s data breaches.


Ta ta for now, data chums!

A guest editor writes…

I’m delighted to announce that this week we have a guest editor, a Ms H.W. from somewhere in the South East. You’ll immediately notice the balance, reasoned argument and tolerance of other nationalities that has, until now, been so clearly absent from this blog. So, without further ado, I give you Ms H.W.:

A German Court has given permission for website operators to store internet protocol (IP) addresses of their visitors, claiming it does not violate data protection legislation. Surely not? I hear you cry. Yet they say that without additional information IP addresses can’t be classified as personal data because they cannot be easily obtained and used to determine a person’s identity. Note they said data cannot be easily attained therefore it is in fact still possible. The court in Munich did present a good case by ruling that ISPs could not present information to third parties regarding who had been using a certain IP address at a particular time without a court order.

The German court ruling is in fact consistent with the advice issued by the UK’s Information Commissioner last year. However, this did point out that IP addresses could constitute personally identifiable information (PII). This has resulted in people including The Article 29 Working Party (a reference to the 29th article of the European Directive concerning the protection of EU citizens’ personal data) to argue that if it could become personal data it should be treated this way regardless.

As a nation we put a certain amount of our trust in online actors including behavioural targeting firms, internet service providers and search engines, to use our data correctly and appropriately. The big question is: does using this data breach our privacy laws? The German court obviously thinks not.

I wonder if Pythias Brown, 48, from New Jersey agrees. He used to be a baggage screener at an airport and in charge of people’s property. He admitted to stealing regularly from his workplace and selling the stolen items on eBay using the handle “alirla”. Brown was found by investigators who tracked down this alirla account using Brown’s IP address for his home computer. This case provides a great argument against the claim that IP addresses cannot be counted and used as personal data. It would appear privacy here has most certainly been invaded.

Camden RIPA-off

Camden Town Council has more than quadrupled its surveillance of local residents since the introduction of the Regulation of Investigatory Powers Act (RIPA).

While the Act allows for the interception of communications and the use of covert human intelligence sources to prevent crime, including terrorism, it appears that Camden Council are using this legislation to spy on low-level offences, such as dog fouling, littering and checking whether or not a child lives in a certain catchment area.

Admittedly, Camden is the haunt of some of the most loathsome Untermensch that inhabit this fair city, from strutting, skinny-jeaned new media types to coin-eyed rip-off merchants selling “legal highs”.

But while I personally would be glad to sweep this whole swathe of faux-bohemia into the Regent’s Canal, I grudgingly have to admit that, owing to a loophole in the law, these people have the right to exist without being persecuted by the local council.

Of course, if the police and security services have reasonable grounds to suspect someone of planning a terrorist operation, that’d be a great time to start tapping the phones. But if you think that someone is mis-using a disabled parking badge, I would suggest that surveillance is both disproportionate and a fatuous waste of time and money.

And Phorm saw that it was good…

Glad to see that this blog’s starting to have a bit of influence. Phorm has taken my advice (see previous post) and has drawn up a list of incentives for customers who opt-in to their Webwise targeted ad service.
Suggestions include:
An upgrade to a faster broadband package at no extra cost
£1 off monthly broadband bills
£1 cashback per month
A cut of advertising revenues
A free premium technical support line
Free music download vouchers
Free anti-virus software
Parental content controls
Donating a sum to charity
(More information here: http://snipurl.com/3xi6t)
My next blog posting will contain details of how to solve the worldwide banking crisis, rid the world of HIV/AIDS and how to achieve a lasting resolution of the Israeli / Palestinian conflict.

An Englishman’s house is his castle. Entrance £5

A few Christmases ago, I was given a fascinating little book in my stocking. It was a facsimile of a booklet given to every American GI posted to Britain during the Second World War.
“Instructions for American Servicemen in Britain” is a wonderful, humane and charming insight into the British character and a revealing portrait of how the Englishman is perceived by his cousins.

For example, under the heading ‘British Reserved, Not Unfriendly’, the book warns that Britons will not strike up a conversation on a busy train because “…[living] on a small, crowded island, the British have learned to guard their privacy carefully.”

Not much has changed since then, has it? Britons are as apt to strike up a conversation with a stranger as the French are to take daily baths. And in the Internet age, with the perceived intrusions into our private lives and threats to our personal data, we’ve learned to guard our privacy even more jealously than before, haven’t we?

Not exactly. A new survey has found that 60 per cent of those questioned were happy to hand over computer password data which might be useful to potential ID thieves in exchange for a £5 M&S gift voucher.

In return for the voucher, Joe Public happily divulged how they remember their password and which online websites (from a range of email, shopping, banking and social networking sites) they most frequently use. Almost half of respondents (45 per cent) said they used either their birthday, their mother’s maiden name or a pet’s name as a password.

What we learn from all this is that the Englishman, rather than keeping a tighter grip on his privacy than a Scotsman keeps on his wallet, is more than happy to whore out his sensitive private data for a derisorily small pecuniary reward. This has important implications for many in the technology sector.

In this blog I’ve mentioned several companies and services which, fairly or unfairly, have had obloquy heaped upon them by so-called privacy advocates who claim (often in the face of overwhelming evidence to the contrary) that it impinges on their privacy. The answer for these companies is simple: gain consent for a “controversial” new service by offering a small financial enticement. Hell, there are people out there willing to hand over their banking passwords to a clipboard-wielding survey monkey in exchange for a lunch voucher. I’m sure the same people would find “controversial” new technologies much less objectionable if they were given the smallest of incentives.

Road Rage

The British are, we are told with mind-numbing regularity, the most watched people in the world, with more CCTV cameras per head of population in the UK than any other nation in the world. (Though I hear the Chinese are catching up – the city of Shenzen will soon have two million surveillance cameras watching over a population of 12 million.)

Now, I read today in the paper (a real newspaper which you have to buy, like a grown-up) that the police are to expand their car surveillance operation that will allow them to record the details of millions of journeys every day, and to store this data for up to five years.

I don’t have a visceral, knee-jerk antipathy to surveillance cameras. I do find them somewhat creepy and I am concerned about the centralisation of data detailing exactly where I’ve been all day. (Yes, I do have an Oyster card and yes I am aware that this too tracks me.) I’m also concerned about who has access to this data and how it’s used. For example, I’m not particularly impressed with councils using hardcore anti-terrorism legislation to snoop on litter droppers.

But unlike the witless graffiti vandal Banksy, I don’t think all surveillance is a bad idea. Cameras do occasionally help the police to foil a crime in progress; it has been known for CCTV recordings to lead to successful prosecutions in court. I would argue that this is not altogether a bad thing.

I’m sure that the cops’ plan to record 18bn number plates in 2009 will probably help them to solve and prevent more crimes. What I doubt is whether the scheme is proportionate, value for money or safe. If the database goes ahead, it will store a colossal amount of information on the private lives of identifiable individuals. Of course, GCHQ listens to our phone calls and if they cared to they could probably reveal you penchant for dirty phone calls and casual drug use. But they’re spies and are pretty good at keeping hold of information. (Rather too good at keeping hold of information, if the Omagh story is to be believed…)

My point is that before the Home Office implements a new, massive repository of citizens’ data, it must first show that they can be trusted with large amounts of highly sensitive information. Or small amounts, for that matter.

While I don’t necessarily deny a need for the police’s car surveillance plan, I do think the government needs to win the public debate on the need for such surveillance. Whether they will even engage in such a debate on this issue remains to be seen.

Wankster’s Paradise

This week we’ve seen lots of talk about two flashy new browsers that have recently been launched in beta versions. First up, we have the latest iteration of Microsoft’s Internet Explorer, IE8, with which it hopes to gain ground on – among others – Mozilla’s successful Firefox application.

Hot on the heels of Microsoft comes Google’s first foray into the browser market with its own beta, called Chrome. (Chromium is the name of the open-source project which led to its development, for all you curtains-closed bed-sit dwellers out there.)

Of course, both these betas come with spangly new features and functions – higher speeds, more robust security, clearer user interfaces and so forth. It’s a shame, then, that most of the public and press have focused on their respective privacy features: Google’s Incognito and Explorer’s InPrivate modes. When activated, these settings prevent the browser from storing any history information or cookies from websites visited. Inevitably, this has been dubbed “porn mode” by…well, everyone.

Of course, both companies attempted to re-define their “porn modes” with spurious alternative reasons for use. Quote of the week comes from a spokesman for Google who (presumably sticking a needle into his thumb to stop himself from dissolving into giggles) straight-facedly claimed Incognito was “…for times when you want to…plan surprises like gifts or birthdays.”

No – it’s to stop the wife from knowing, rather than merely suspecting, that you look at some of the most repulsive pornography on the web.

Hairy-palmed husbands will no doubt welcome both browsers, as will the latest generation of gangly girl-shy teenagers who still use their parents’ Internet connection.

But will the “porn modes” prevent Microsoft and Google from storing your search terms and IP address? As we know, search engines already store records of who you are (IP address), where you’ve been (URLs) and what you’ve looked for (search terms). What’s to stop, say, Google from identifying you and your browsing behaviour for definitely-not-evil-at-all uses?

Er…nothing. Users who leave Chrome’s auto-suggest feature on and have Google as their default search provider will be giving Google access to any keystrokes that are typed into the browser’s Omnibox, even before they hit enter. Google have been good enough to admit to this: a representative said that that about “two per cent” of the data would be stored along with the IP address of the computer that sent the information.

In theory, that means that if one were merely to type the address of a site into the Omnibox, even without hitting enter one could leave incriminating evidence on Google’s servers.

I’ve got no problem with anyone – website publisher, search engine, browser – knowing where I’ve been. My problem is in them knowing who I am. Since they store IP addresses – and God knows what other personally identifiable information – that’s exactly what they do know.

Google says that turning on the Incognito mode will prevent it from harvesting your search queries alongside your IP address. If that’s true (and why would anyone doubt good-guy-Google’s word?) then the privacy modes could have an audience outside of the dirty mac brigade; I for one.

http://www.theregister.co.uk/2008/09/02/google_chrome_comic_funnies/

Another day, another data loss

This time, it’s Charnwood Borough Council in the spotlight with the news that one of their hard drives, containing taxpayers’ personal details, has turned up on eBay.
I’ll admit that news of yet another disastrous data loss by government is less than surprising. What is interesting is a piece in The Register which shows that these recent data losses are the result of the government’s failure to set and publicise standards for wiping data. This, El Reg claims, makes future and more serious incidents much more likely.
Now, as Gary Glitter and the staff of PC World Bristol can attest, when you “delete” a file on your computer it ain’t necessarily gone for good. To ensure that any sensitive or incriminating data is irrevocably removed from a device, be it a politician’s palmtop or a pop star’s laptop, it needs to be “wiped”.
The trouble is, the government doesn’t have any guidelines for the wiping of data.
Let me repeat that: the government doesn’t have any guidelines for the wiping of data.
So, government bodies, agencies, departments and so on are setting their own standards for preventing unauthorised disclosure of data. And bless them, I bet they try their best, but they’re getting sod all help from central government.
Instead, they’re bizarrely borrowing bits from US government guidelines. That’s what happened in Charnwood Council’s case. Lacking a UK standard for data wiping, it seems that the Council instead required third parties to apply (deep breath) DoD Standard 5220.22M (exhale) to all data erasures.
To cut a long and tedious story short (and to save you from a plethora of Yankee acronyms and initialisms), this standard is from a manual published by the US Department of Defense which addresses the issue of preventing unauthorised disclosure of classified information.
On the surface, this looks like quite a smart move by Charnwood Council: after all, they were modelling their data security standards on one of the most successfully secretive organisations on the planet.
Unfortunately, when Charnwood Council set its criteria for supplier selection, the edition of this manual didn’t specify any particular method for securely wiping data.
You’ve got to give a sleepy, bucolic council like Charnwood full marks for effort for cribbing guidance off the US Department of Defense – it’s just a shame the bits they borrowed didn’t give tell them how to go about wiping data.
The guidelines for data wiping were finally published in this year’s manual, along with an enhanced “Clearing and Sanitization Matrix”, which sounds like a rather sinister euphemism for the Department of Defense’s day-to-day work.
Until the UK Government pulls its finger out and issues clear and comprehensive methods for wiping information, we can expect more, much more, of the same…

How to disappear completely?

Another day, another data loss. This time, it’s Charnwood Borough Council in the spotlight with the news that one of their hard drives, containing taxpayers’ personal details, has turned up on eBay.

I’ll admit that news of yet another disastrous data loss by government is less than surprising. What is interesting is a piece in The Register which shows that these recent data losses are the result of the government’s failure to set and publicise standards for wiping data. This, El Reg claims, makes future and more serious incidents much more likely.

Now, as Gary Glitter and the staff of PC World Bristol can attest, when you “delete” a file on your computer it ain’t necessarily gone for good. To ensure that any sensitive or incriminating data is irrevocably removed from a device, be it a politician’s palmtop or a pop star’s laptop, it needs to be “wiped”.

The trouble is, the government doesn’t have any guidelines for the wiping of data.
Let me repeat that: the government doesn’t have any guidelines for the wiping of data.
So, government bodies, agencies, departments and so on are setting their own standards for preventing unauthorised disclosure of data. And bless them, I bet they try their best, but they’re getting sod all help from central government.

Instead, they’re bizarrely borrowing bits from US government guidelines. That’s what happened in Charnwood Council’s case. Lacking a UK standard for data wiping, it seems that the Council instead required third parties to apply (deep breath) DoD Standard 5220.22M (exhale) to all data erasures.

To cut a long and tedious story short (and to save you from a plethora of Yankee acronyms and initialisms), this standard is from a manual published by the US Department of Defense which addresses the issue of preventing unauthorised disclosure of classified information.

On the surface, this looks like quite a smart move by Charnwood Council: after all, they were modelling their data security standards on one of the most successfully secretive organisations on the planet.

Unfortunately, when Charnwood Council set its criteria for supplier selection, the edition of this manual didn’t specify any particular method for securely wiping data.

You’ve got to give a sleepy, bucolic council like Charnwood full marks for effort for cribbing guidance off the US Department of Defense – it’s just a shame the bits they borrowed didn’t give tell them how to go about wiping data.

The guidelines for data wiping were finally published in this year’s manual, along with an enhanced “Clearing and Sanitization Matrix”, which sounds like a rather sinister euphemism for the Department of Defense’s day-to-day work.

Until the UK Government pulls its finger out and issues clear and comprehensive methods for wiping information, we can expect more, much more, of the same…

(The full Register article is here, in all its complexity: http://www.theregister.co.uk/2008/09/01/gov_data_standards_arent/)
Posted in Uncategorized Edit No Comments

DPI red herring

First off, apologies for the slightly confusing discrepancies between the dates above my previous posts and their stated publication dates. I migrated my nascent blog from another site and wanted to show exactly when I’d written them.

Right, to Capitol Hill now, where the House Committee on Energy and Commerce has for the last couple of weeks been investigating Internet companies’ approach to privacy. The Committee is focusing particularly on behavioural targeting - the practice of inferring Internet users’ interests from their browsing behaviour and using this data to serve them more relevant (and thus more profitable) online advertisments.

The House Committee sent a letter to thirty-three Internet companies on the first of this month questioning them about their privacy policies in regard to concerns raised by behavioural targeting.

‘Questions have been raised regarding the applicability of privacy protections…and whether legislation is needed to ensure that the same protections apply regardless of the particular technologies or companies involved’, read the letter.

While, of course, all the companies vigorously defended their privacy policies, Google’s approach is worthy of note. This behemoth of the Internet made a point of denying that it uses deep packet inspection (DPI) technology, and used this claim to evade answering a number of the Committee’s 11 questions.

Deep packet inspection is a technology which examines the data in individual packets travelling across the Internet. This technology can be used by ISPs to analyse traffic passing over their networks and the analysis used to serve targeted ads to their users.

Google don’t use DPI, so that’s any concerns about user privacy out the window then, eh? Well, up to a point, Lord Copper.

For every search made through Google, the company retains the URL, IP address, time and date, operating system and browser used. It also delivers advertisements dependent on the search term entered.

My problem with this is twofold. First, I don’t really want Google to know exactly where I’ve been on the Internet and what search terms I’ve entered. Secondly, I don’t want them to know who I am which, given that they have my IP address, they effectively do.

So whether or not Google uses DPI or not, they still hold an unnecessarily large amount of personal information on me which they keep for 18 months. I don’t like that.

So really, DPI is a red herring. It’s not how you get data, it’s what data you gather and whether you store it or not.

I’ll still use Google though, but not under the misapprehension that they can be trusted to “do no evil”.

Government Goes For Incompetence Gold

The Government is on course to break its record for the largest loss of citizens' data in a single year. After a particular strong showing in the 2007 data loss competition when it managed to mislay some 36,989,300 pieces of personal information, the Government is setting its sights on smashing its own record for rank incompetence and utter farce.

The latest step towards this unprecedented target was announced by a beaming official from the Ministry of Justice who proudly revealed that 45,000 people had been affected in nine separate data loss incidents within the Ministry.

"I am proud to announce that we are well on our way to making 2008 another record breaking year for data loss," said the gurning beancounter. "This latest data loss shows that Britain excels not only in sailing, cycling and rowing, but also leads the world in risible ineptitude."

The best individual figures for the department were achieved in a single incident, when 27,000 people working for department suppliers were affected after information from badly protected electronic storage devices was disclosed without authorisation.

Names, addresses and bank details were taken, while the MoJ made no efforts to notify the people involved.

And in January 14,000 people were affected due to the theft of a poorly-protected laptop from secured government premises. Names, dates of birth and some national insurance numbers were lost.

US analyst Brad Oysterburger says that there is still scope for the UK government to improve on its already phenomenal record for data loss. “If the government goes ahead with its plans for compulsory ID cards for all UK citizens and a centralised database recording all electronic communications, then these data loss figures could soon be considered a mere bagatelle. Britain looks in strong shape to cement its position as the greatest laughing stock in the world of data security.”

Privacy-tards

This may be a cynical PR story, but to my mind it's a great one.

A major ISP, the identity of which I have absolutely no intention of revealing, has carried out a survey showing that while 84 per cent of internet users in the UK claim to be guarded about their privacy, 90 per cent of the same users are prepared to hand over their private data to any Tom, Dick or Harry on the interweb.

This doesn't surprise me at all. In my experience, it's those incapable of distinguishing between genuine and imagined privacy threats who bleat loudest about supposed online privacy violations.

This is more or less the conclusion of the ISP conducting the research: "...[it seems that] the more that people understood about the risks of online privacy violations, the less concerned they were about them," says the release.

For example, they found that 84 per cent of all respondents (and there were over 1,000) said they would not give away income details online, yet also found that 89% of the those surveyed were willing to do exactly that.

“Our research identified a significant gap between what people say and what they do when it comes to protecting sensitive information online,” was the rather obvious quote written by a faceless PR for the ISP's chief privacy officer.

I rather admire the brazen way in which they carried out this survey. They asked lots of questions about attitudes to privacy, before asking them personal questions such as income. More than 87 per cent of respondents who said they guarded their income details actually gave them away in the second part of the survey.

This is hypocrisy born out of stupidity. I would not be at all surprised if some of the respondents to this survey were the same self-righteous, self-important and self-appointed "privacy campaigners" who whine about Google Street View but are incapable of seeing the true threats to citizens' privacy in the modern age.

Youtube are watching YOU

You know you should, but how often do you really read the terms and conditions when you visit a website? Whether it’s a personal email account, an online auction house or a gambling website, few people take the trouble to trawl through the often extensive T&Cs when they sign up. After all, if it’s a legitimate site, well-known and with a good reputation, there should be nothing to worry about, right?

Wrong. In a pre-trial ruling last week, The Register reports, a federal judge ordered Google to hand over all its existing records of every video viewed on YouTube. This information includes user account names and IP addresses.

http://www.theregister.co.uk/2008/07/03/google_to_turn_over_youtube_database/

The case centres around a $1bn lawsuit brought by Viacom, the US media conglomerate, against Youtube. Viacom alleges that the popular video-sharing website has allowed users to upload massive amounts copyrighted material onto its site, thereby hitting Viacom’s revenue while earning advertising revenue for YouTube.

One of the most interesting aspects of this case is what it reveals about Internet users’ privacy and anonymity. It turns out that YouTube keeps extensive records of all its users’ viewing histories, including individual IP addresses. Internet (IP) addresses are generally considered to be personally identifiable information, given that they can be linked to a particular household and, potentially, with an individual person. So, in theory, anyone in possession of the 12TB of YouTube user data could identify all the videos you’ve ever watched on the site. Isn’t this illegal? Unethical?

Self-proclaimed “privacy advocates” may turn puce with rage at the thought, but YouTube’s retention of this data is perfectly legitimate. Their privacy policy clearly states that the company “may record information about your usage,” and adds: “If you are logged in, we may associate that information with your account.” By giving users clear notification of the terms of service, YouTube have remained within both the letter and the spirit of privacy law.

Of course, YouTube isn’t the only company that holds records of user data. Internet Services Providers (ISPs), search engines and e-commerce sites together hold huge amounts of often sensitive personal information, including our names, addresses, phone numbers and even credit card numbers.

The really frightening thing is that companies can be forced by law to hand over the data they hold to government agencies. Under Title V of the Patriot Act, for example, the United States government can force companies, including Internet Services Providers, to hand over data pertaining to individuals to aid investigation against suspected terrorists in The War Against Terror (T.W.A.T.).

The YouTube case is instructive for anyone concerned about their online privacy. Last week’s ruling highlights the fact that any company that holds your data – no matter how responsible they may be – can be forced to relinquish that data by the courts.