Data Grub

Data Privacy Day will RockYou

2010-01-28T15:55:00.000Z

We've got a new guest editor today, Mr. Josh Crawford:

Today is Data Privacy Day, the perfect time to rejoice in the attempt by the EU and USA to promote “privacy awareness and education among teens and young adults, focusing on the privacy issues raised by the use of social networking sites” and other types of technology which can share personal information over the internet, with a particular focus on those irritating necessities: passwords.

We here at Data Grub are ecstatic with the news that this most auspicious of occasions has arrived with the millions of people across our two great continents writhing in a frothy mass of pure ecstasy. So finally, this day of data will commence.

But it seems that this day of data celebration will be tainted with the news that RockYou, the online provider of social networking applications for Facebook, MySpace and others, was recently involved in a ruckus with a hacker.

Security firm Imperva uncovered the breach after peering at underground hacking forums; that RockYou was being attacked by a common type of exploit known as a SQL injection flaw. Hackers around the world violated that hole and invited their friends to have a go too. RockYou must have felt pretty sore in the morning.

Apparently the hacker, during a smash and grab attack, violated RockYou’s Database and stole 32 million online passwords. This has given the experts an insight into the kinds of passwords we use. Being the smart and social animals we are, it just so happens that 123456 is the worlds’ most popular password. Amichai Shulman, CTO at Imperva, said, “I guess it’s just a genetic flaw in humans.” Wives and girlfriends of the world: if your fella's favourite football team doesn’t work - maybe you're being just a little too clever. You might find that QWERTY unlocks that treasure trove of porn on his laptop...

Two days before Data Day was to start, the Information Commissioner’s Office warned that “organisations could face tougher sanctions if they fail to report data security breaches,” considering that there have been more than 800 incidents of reported security breaches last year. The sheer number of stunningly unimaginative passwords uncovered by RockYou's hacker suggests that there may well be a further slew of security breaches in the coming months.

Jeff Moss, who is on the USA’s Homeland Security Advisory Council said in response to the RockYou breach that we should rely on complex passwords, ideally around 12 characters long. “It’s like that joke where the hikers run into a bear in the forest, and the hiker who survives is the one that outruns his buddy,” said Moss, pausing awkwardly for an expected laugh which never materialised.

It looks like the RockYou story has a bit further to run - last month enraged citizen Alan Claridge from Indiana, USA, filed a class action suit against the company after they belatedly informed him - some 10 to 12 days after the attack - that his sensitive, personally identifiable information, including e-mail address and password, may have been compromised.

They had kept all the personal identifiable information in plaintext on an unencrypted database that, according to CNET, even a hacker with the most basic skills could’ve exploited.

With the ICO gaining new powers this April to issue fines of up to £500,000 for serious Data breaches, we at Data Grub can only hope that businesses, organisations and private citizens start treating data privacy at least somewhat seriously - starting with passwords.

The Ads That Dare Not Speak Their Name

2009-12-08T15:21:00.005Z

Remember Phorm, the evil data pimps who wanted to collect browsing data on Internet users so that they could deliver targeted advertising?

Well, yes, of course you do. It was only a few months ago that the company effectively folded in the UK, having been battered by a succession of staggeringly stupid PR blunders, leaving their investors seriously out of pocket.

So the world and its dog can breathe a sigh of relief that it's safe from this invidious form of advertising, which threatened to usher in a cataclysm unequalled in the annals of human history, surpassing the plagues of Egypt, the eruption of Krakatoa, the rise of Jedward etc. etc.

Er, actually, no. A little-known Internet firm called Google is doing exactly the same thing, with nary a murmur of discontent from the brave warriors who brought Phorm to its knees. And we're not talking about Google's gentlemanly habit of routinely reading Gmail users' emails so that they can serve them with targeted ads. No, it goes further than that.

Some of our more technically literate readers may know that the world's largest text ad broker has, for ages, served up different search results for users logged into its services, such as Google Calendar or Gmail. These search results are tailored to users' previous browsing behaviour, so if you spend a lot of time on bbc.co.uk/sport, Google search results will place this web page higher up the list when it's asked to search for "sport". This, of course, is an entirely selfless service from Google that helps users gain the most relevant results - and it's only coincidental that it helps them to make more money from behaviourally targeted ads.

No problem with that - Google fanbois presumably read the terms and conditions when they sign up to these services (doesn't everyone?). But now Google is "personalising" search results for any user, anywhere, regardless of whether they're signed in to Google or not, through cookies placed on unwitting users' computers.

We've covered behavioural targeting before and, while we don't think it's inherently evil, we do believe that it requires a delicate approach, along with rigorous adherence to best practice procedures to ensure that users are well-informed and are offered a clear choice about whether they want their browsing profiled. Google haven't gone out of their way to publicise their service; nor to explain how to turn it off (it is, naturally, turned on by default).

If companies continue to implement behavioural targeting in a sly, underhand way - as though it were something to be ashamed about - then one can hardly blame the public for being suspicious of it. Instead of cloaking it in the depths of a terms and conditions form, companies like Phorm and Google should communicate openly on the benefits of targeted ads and offers.

One final question remains: why has privacy campaigner Alex Hanff - the single-handed scourge of Phorm and NebuAd, whose brave and lonely battle against these Internet behemoths ended with a victory that brought dragons and St George to mind - been so silent on this issue? Alex, where are you?

Postscript: Google's CEO Eric Schmidt yesterday trotted out that favourite line of civil-liberties-deniers the world round: "If you have something you don't want anyone to know, maybe you shouldn't be doing it in the first place." (©Richard Littlejohn / David Blunkett). How this statement sits with Google Chrome's infamous Incognito function - which hides your porn viewing from other users - remains unclear.

New Watchdog Chief Bares His Teeth

2009-09-04T12:13:00.005+01:00

So, farewell then Richard Thomas. The outgoing Information Commissioner handed over the baton to Christopher Graham last June, and the new head of the ICO has wasted little time in getting stuck into parliament, the courts and newspapers for failing to stop the flourishing trade in illegally obtained personal and confidential information.

The former DG of the Advertising Standards Authority was giving evidence to the Commons media select committee investigating phone-hacking and other unscrupulous press activity. This issue came to a head a couple of years ago with the revelations that the News of the Screw's was tapping Prince William and Harry's mobiles; the fact that it's taken until now to establish an investigation speaks volumes about the procrastination of our pusilanimous parliament.

While it comes as no surprise that tabloid journalists resort to questionable - even illegal - activities in their work,what beggars belief is the complete absence of deterrent in the form of proper punishment. Graham raised this in his evidence to the committee, criticising the goverment for failing to introduce jail terms for hackers and other willful violators of the Data Protection Act, and claimed that custodial sentences could end the practice "at a stroke".

It's worth noting that Clive Goodman, the Screws' former royal editor, did in fact do four months' bird for hacking the Princes' phones, but Graham pointed out that the NotW case was merely part of a much bigger malaise. Graham said that the ICO had tried to sound the alarm about the scale of the problem as far back as 2006, when it published a report showing that 305 reporters were using private investigators. Unfortunately, said Graham, "...we were let down by the courts, who didn't seem to be interested in levying even the pathetic fines they had at their disposal; we were rather let down by parliament in the end, with no legislation; and we were let down by the newspaper groups, which didn't take it seriously."

It's good to see such forthright common sense from the new Information Commissioner - it's a sign that the ICO is fast becoming a Watchdog with real bite. Graham has made a great start, and we will be following his progress with interest.

The Human Factor

2009-07-23T16:25:00.000+01:00

There are some pretty thankless jobs out there, several of which we at Data Grub have experienced directly. And, while it can't match the indignity of chicken sexing or the sheer slog of meter reading, working in a bank comes pretty high up the list of crap jobs.

(Obviously, we're talking about working behind the counter of a high street retail bank. The "master of the universe" type banking jobs - with its private jets, champagne, corporate boxes and complete lack of conscience - sounds quite a laugh.)

What's so bad about working in a bank? Well, aside from the constant pressure to sell massive amounts of debt to the sort of people who shouldn't be trusted with real cutlery, there's also the Data Protection Act to deal with. Banks workers have to watch an achingly-bad training video - which looked dated when it was made in 1998 - about the Act, and how to stay on the right side of the law with regards to customers' data.

No doubt this is a video that'll get dusted down and rewatched by the staff of HSBC, after the bank was fined a mammoth £3 million by the FSA yesterday for taking a laughably cavalier attitude towards customers' personal data.

Another depressingly familiar story of data loss, sure, but it did remind us of that lame old video, in which a harrassed data protection officer pours out his worries about the new Act to a psychiatrist. At one point, the shrink tries to calm him down by saying: "It's really just a matter of common sense."

Quite. Unfortunately, the global supply of common sense has been waning since around 1860, and it's currently rarer than platinum.

But ultimately, it's humans who have the biggest bearing on whether a company successfully fulfills its data protection requirement. With all the talk of encryption, virtual private networks, network and site security, it's easy to forget that technology is only as useful as the human operating it - or forgetting to. Organisations spend time and money communicating their privacy policies; here at Data Grub we'd like to see organisations showing exactly what steps they are taking to ensure that their employees are following best practice at all times. People as a rule are pretty stupid, but when there's a corporate culture of sound data protection processes this cuts regrettable incidents to a minimum. And, with data loss stories in the media almost every week, there's also a business case for having a public and comprehensive data protection policy, in the same way as firms boast about their CSR credentials.

Anything to declare?

2009-07-01T10:20:00.000+01:00

Ah, America! The world's brightest beacon of democracy and freedom; the New World of limitless opportunity, where hard work and fair play are rewarded with the fabulous bounties of the American Dream.

And who can forget that America was built upon the exertions and human capital of the millions of immigrants - themselves often refugees from war, slavery and famine?

Modern day arrivals in the USA have a slightly different experience from these pioneering immigrants. Gone are the humiliating medical inspections, where those suspected of illness and physical defects were marked with chalk symbols. Instead, visitors are subjected to a terrifying ordeal of interrogation by customs officials, including such charmingly naive questions as "Is it your intention to overthrow the government of the United States?" (WS Gilbert famously answered: "Sole purpose of visit".)

But now it's not just fearsome feds with sunglasses and ear pieces that travellers have to worry about: they could risk having their personal data compromised, including fingerprints, employment history and credit information.

It all stems from a company called Clear, which used to speed its customers through customs for an annual payment of $200. To do this, they asked their customers for the personal data that customs officials need to know about travellers. A quarter of a million customers signed up to Clear's service and, for a while, enjoyed VIP treatment at US airports, being rushed through customs and immigration while the plebs queued and sweated.

Unfortunately, Clear shut down its operations last week, and the fate of customers' personal data hangs in the balance. What's interesting is that the company says that it will continue to hold onto this sensitive information, which could still be used by another Register Traveller programme. In other words, the data is a business asset that could be parcelled up and sold on to another firm - as long as that company is in the same line of business.

This is proof - if proof be needed - that personal data is no nothing more than another commodity to be bought and sold. It's worth noting that Clear's privacy policy states that "We do not sell or give lists or compilations of the personal information of our members or applicants to any business or non-profit organization." Unless, that is, we go bust.

We've noted before that companies often rely on burying objectionable practices deep within their Terms and Conditions, but if bankruptcy means companies can ignore their own privacy policies, that's a huge blow to data protection. Even if Clear's successor abides by the most stringent data protection policies, the transfer of such large amounts of sensitive information from one organisation to another is a fraudster's paradise, with plenty of opportunity for data to go missing.

Google fails

2009-06-08T17:04:00.000+01:00

Congratulations students of the globe! For anyone from the ages of 5 to 15 can enjoy Google’s new attempt at structured data search: Google Squared. And that’s presumably the only group of people that would ever consider using it. Remember when you were eight and your teacher asked you to make a pretty table on British Monarchy with all the monarchs of Britain including their children, spouses and important dates? How you pored over huge encyclopaedias to get all the information? Well, Google Squared officially heralds the end of early education as all these tasks are completed in a matter of seconds for our burgeoning historians and other putative scientists.

If only it were that easy. Just as Babel Fish translate could only ever get a student 12/20 on French translation homework after its launch all those years ago, Google Squared fails to achieve… well anything it’s going for really. A search for the British Monarchy in an attempt to tabulate a chronological factfile brings up a table with the following order – George VI, George II, George V. The genius that is Squared then goes off on a little jaunt that includes the Act of the Union, the Irish Free State, Buckingham Palace and the House of Orange. This just gets embarrassing: the picture accompanying the House of Orange? Why of course! Its Gemma Arterton arriving for the ‘Orange’ BAFTAs at the Royal Opera ‘House’. This is surely Google gone mad. Actually we shouldn’t really be surprised; to be fair to Google, nowadays the Bond Girl must get more hits than the Dutch royals.

It’s rather life affirming to know that even the great god Google isn’t completely infallible. This is an exciting day indeed. This revelation is like those wonderful moments when that beautiful woman who walks like she is better than everyone else trips and falls flat on her face on Oxford Street. At the Christmas Light switch on. On the podium. And the woman is Kate Moss.

One must presumably conclude that the only reason Google released this in such an awkward condition was to distract attention from somewhere else: another attempt to make searching intelligent recently arrived in the form of Wolfram Alpha, the computational knowledge engine. It proclaims to ‘generate output by doing computations from its own internal knowledge base, instead of searching the web and returning links.’ This means, instead of producing lists of useless links or grids of questionable information, it creates pages to answer your search, to the best of its ability. When asked, ‘How many roads must a man walk down before you can call him a man?’, the clever engine replies, ‘The answer, my friend, is blowin' in the wind. (according to Bob Dylan).’ Indeed.

The lady's for turning

2009-04-28T15:53:00.000+01:00

We've taken the odd swipe at Jacqui Smith over the last few months, so it only seems fair to applaud her decision to scrap the Home Office's planned über-database of communications data.

The database would have collected data on all electronic correspondence, such as the time, date and length of communication (and, of course, who contacted whom).

Humble Jacqui said that she recognised the public's concerns that a giant database would be a further step toward a surveillance society. And, in a nice little turn of phrase, she said, "To be clear, there are absolutely no plans for a single store."

No longer any plans, Jacqui, no longer.

Of course the cynics will say that Labour couldn't possibly get away with ploughing hundreds of millions of pounds into a deeply un-popular government IT project in light of last week's austerity budget.

We couldn't possibly comment.

Anyway, the upshot of all this is that ISPs are now responsible for intercepting and storing the data that crosses their networks. To this end, the Home Office have earmarked £2 billion to help ISPs to expand their storage capabilities.

Mobile and fixed line operators will be required to process and link the data together to build complete profiles of every UK internet user's online activity. Police and the intelligence services would then access the profiles, which will be stored for 12 months, on a case-by-case basis.

Don't be surprised if even this plan is quietly dropped by the Conservatives after the 2010 election.

A final point - John Reid, the frankly terrifying former Home Secretary, argues in an opinion piece today that communications data is vital to identifying serious criminals. In his short but predictably manipulative piece, he kicks off with a tear-jerker about a murdered 17 year old whose killers were brought to justice by communications data. This, he says, happened in 2007.

So you see, Reid shoots himself in the foot before he's reached the end of his first paragraph, by showing that police then already had adequate access to communications data.

He then comes up with a classic piece of patronising lip service: "Used in the right way, and subject to important safeguards, communications data can play a critical role in keeping us safe."

Presumably, these would be the safeguards that ensured only 36,989,300 pieces of personal information were lost by the government in 2008. As for using it in the right way, it's as if he hadn't heard of the scandal of local authorities using the RIPA legislation to spy on dog fouling and catchment areas.

If we really do need a giant central database, they'll need to do a lot better than this to convince the public.

Facebook moves the goalposts

2009-04-20T13:21:00.000+01:00

This week we've heard more rumblings of discontent from Facebook users - they're unhappy that the social networking site has moved the goalposts over the much-hyped "user vote" on changing Facebook's Terms and Conditions.

The story first emerged last February, when Facebook casually mentioned that it had granted itself a licence to all its users' content in perpetuity, even if they deleted their account. Cue a predictable collective wailing and gnashing of teeth from millions of users who, almost by definition, are pretty clued up on the web.

The backlash prompted a partial backdown from Facebook, who attempted to mollify its members by saying that it would agree to drop the proposal if 25 per cent of users voted against.

This week, that threshold has quietly been raised to 30 per cent. What's more, a significant number of Facebook users have been disenfranchised by the decision to allow votes only from those who've used their accounts in the last thirty days.

Simon Davies of Privacy International is so confident that the 30 per cent threshold won't be achieved that he's promised to eat his shorts if he's wrong. (As if there wasn't already a good enough reason to get voting - Ed.)

At the time of writing, 73.11% of respondents have voted against Mark's Terms of Use, but unfortunately "only" 284,473 have voted in total - barely a tenth of one per cent of Facebook's 200 million regular users.

So Zuckerberg is really expecting 60 million users to vote? And isn't he concerned that the respondents, while still so "few", should be so overwhelmingly opposed to his plan?

Here at Data Grub, we're rather disappointed with the preternaturally young Facebook CEO. Changing the rules like this is pretty childish, after all, and we reckon he could do much better.

Zuckerberg really needs to take lessons from a master manipulator, such as the late Saddam Hussein or even the Dear Leader Kim Jong-il himself. We'd love to see the People's Democratic Republic of Facebook announce that 99.8% of members had voted in favour of the rule change, on a 100% turnout.

Read Zuckerberg's plans for Facebook here.

Construction firms to mount the scaffold?

2009-03-06T12:11:00.000Z

The information commissioner Richard Thomas has come down like a ton of bricks on a group of British builders who allegedly bought secret personal data about potential employees.

Construction companies Balfour Beatty, Sir Robert MacAlpine, Laing O'Rourke and Costain are among those alleged to have bought data about workers' trade union activities from one Kerr, Ian, operator of the shadowy-named "Consultancy Association".

Kerr has apparently spent 15 years amassing an "extensive intelligence database" of thousands of construction workers with details of union activities stretching back to the 1980s. Samples of comments on these workers include: "Poor timekeeper, will cause trouble, strong TU [trade union]"; "Sleeper, should be watched"; and, simply, "Do not touch!".

Workers could not challenge inaccurate information because the information was held without their knowledge or consent.

Richard Thomas says that more than 40 construction companies paid Kerr a retainer of £3,000 a year for his "consultancy services", with a further fixed fee for each worker they wanted checked.

The good news is that officials from the Information Commissioner's Office (ICO) raided Kerr's office and removed the entire contents of the database, as well as invoices - up to a value of £7,500 - from companies in the construction business.

Steve Acheson, an electrician from somewhere north of Watford, believes he was one of the workers on the database, and that this was behind the fact that he's only had 36 weeks' employment in the past nine years. "It affects your character and demeanour," he said. "I'm hoping that because of this brilliant success I'll be able to get my family life back and it will open the doors for me and others to get back to work."

Of course, this is all still sub judice, but the commissioner will be bringing a prosecution against Kerr. We'll keep you posted.

Data Grub is sure that Mr Kerr will be found innocent, because we cannot believe that anyone would be capable of such repugnantly unethical behaviour as robbing people of their livelihoods for personal profit.

(We should point out that some of the construction firms, including Laing O'Rourke and Morgan Est, say that they "inherited" payments to Kerr after they had bought up other constuction companies, and have since ceased paying him. Data Grub.)

IAB's Guide To Good Behaviour

2009-03-05T12:30:00.000Z

We're pleased to see that the Internet Advertising Bureau (IAB), the trade body for online advertisers, has finally launched its Good Practice Principles for behavioural advertising.

Drawn up in collaboration with companies like Google, Phorm and NebuAd, the IAB's best practice guide is, remarkably, the first set of self-regulatory guidelines to set good practice for companies that use users' online browsing behaviour to target ads that are relevant to individual users' interests.

An accompanying website, http://www.youronlinechoices.co.uk/, will help consumers to understand what online behavioural advertising does and (crucially) doesn't do.

The core of the Principles is formed by three commitments: Notice, where companies that collect online data must inform users that data is being collected; Choice, which says that companies must provide an opt-out; and Education, whereby they must let consumers know exactly how the information is being used and how they can opt out.

And not before time, think we. The debate surrounding online behavioural advertising has for too long been dominated by single-issue campaigners relying on hearsay, misrepresentation and misinformation to argue that behavioural targeting infringes individuals' online privacy.

That's not to say that some developments (not least BT's secret and most-probably illegal trials of Phorm's Webwise technology without users' knowledge or consent) haven't done real damage to the industry in the eyes of the general public.

That's why we welcome the IAB's Good Practice Principles which, as well as advising on best practice approaches to online behavioural targeting, provide consumers with the information they need to make an informed decision about whether they want to take part in any new service.

The Information Commissioner's Office (ICO) have voiced their support, saying that 'a joined-up approach to promoting transparency, choice and education makes good sense.'

Getting the thumbs up from the ICO, who know their stuff, is one thing; changing the public's perception of online behavioural targeting is quite another, especially given the bad press that it's garnered over the last couple of years. Whether or not it succeeds in its aim of educating the public about behavioural targeting, the code of conduct is certainly a step in the right direction for the industry.

Taken along with another piece of recent news, we could be seeing something of a fightback from the targeted ad industry. Last week, Phorm unleashed its lawyers on Which?, which had published a press release highlighting opposition to their service. Nothing very surprising there, except that following the legal intervention, Which? immediately pulled the offending release from its website (though not before the story had been covered in several publications). It seems that some of the information in the release was inaccurate enough to be defamatory; Which? is now "working with Phorm" to correct the release.

If consumer champions and all-round experts Which? can't get its facts right, what hope for your average Internet user? That's one reason, at least, to welcome the IAB's new code of practice.

David's Damascene Conversion

2009-02-26T17:09:00.000Z

Here at Data Grub we’ve so far held off from writing about ID cards, in part because this long-running saga has been so comprehensively covered in most mainstream media.

But we couldn’t let the Rt Hon David Blunkett get away with Tuesday’s speech at, of all places, Essex University. Blunkett, the original panegyrist of ID cards in this country, used his speech in part to propose scrapping compulsory ID cards.

So, what prompted David’s Damascene conversion, especially given that he’s often expatiated on the benefits of ID cards in his News of the World column and was at one point trousering a decent sum as adviser to Entrust, a company interested in bidding to run the UK card scheme?

Well, let’s not get ahead of ourselves. Blunkett went on to recommend that all UK citizens be required to have a fancy biometric passport which is, in effect, an ID card with a handy notebook attached for shopping lists. (Let’s be honest, when was the last time Bermondsey Bob needed a visa?)

Blunkett proposes that ID cards be voluntary but that biometric passports – which contain exactly the same information and will be linked to exactly the same database – will be compulsory. That way, the government can spin ID cards as a handy “mini-passport” that fits snugly into your wallet.

But even if compulsory passports are merely ID cards in disguise, one wonders what his rational is for jumping horses now, especially given that the current Home Secretary is still keen on the cards. Could it be that he wants the law on the statute books before the Tories’ inevitable election in 2010?

Blunkett and his successors have been trying to get make ID cards mandatory for donkeys’ years, but couldn’t do so until a large proportion of the population started carrying them voluntarily.

That’s clearly not going to happen in the next 12 months; but plenty of people have passports – make them compulsory and you’ve got your ID database system sorted.

Of course, all this completely ignores the question of whether ID cards might not, in fact, be quite a Good Thing after all. In spite of the government’s claims that they will prevent benefit fraud and halt terrorists in their tracks, Data Grub remains to be convinced of their utility.

Should Jacqui Smith decide to take Blunkett’s advice by making passports compulsory, it’ll be interesting to see if she employs the traditional ID card arguments (fraud, terrorism) or if Labour spins it some other way.

Watch this space.

Clayton makes a suggestion

2009-02-10T11:15:00.000Z

Enough has been written about the House of Lords' report into surveillance in Britain, so today we'll be returning to Microsoft's latest version of Internet Explorer.

We've written previously about IE8's notorious InPrivate function, the sole purpose of which is to keep the wife from knowing about the surprise holiday / present you've bought for her online. According to Microsoft, anyway. Let's face it, they weren't going to dub the function "PornCloaking+" were they?

But still, there's nothing inherently evil about InPrivate.

What does cause concern is IE8's "Suggested Sites" feature, which allows users (in Microsoft's words) to "discover websites you might like based on sites you've visited". By activating the service in your browser, you consent to send various data about your browsing activity to Microsoft. This could include the URLs of visited sites, search terms and form data, as well as information that could potentially identify individuals, such as a user's IP address.

It's the classic trade-off: you agree to give up personal data in return for a service. But since users are fully aware of what data they'll be giving up and are able to give their informed consent to the service, this shouldn't present a privacy problem, should it?

Unfortunately for Microsoft, Suggested Sites has attracted criticism from the esteemed Richard Clayton, the Bill Bryson-lookalike and doyen of Internet privacy campaigners.

Dr Clayton says Microsoft must be clearer about explaining the risks, as well as the potential benefits of the service. He points out that full URL sharing via Suggested Sites poses a privacy and security risk and in particular warns that Microsoft should avoid sharing data submitted by surfers with other users of the service.

The risks hinge upon the fact that Microsoft will get the full URL of the site you visit. In some cases, this is essential - knowing that you visited blogger.com ain't going to help Steve Ballmer to suggest sites, but a visit to blogger.com/animals-do-the-funniest-things will help him to point you in the direction of some cutesy squirrel pics.

But sometimes, a full URL may hold clues to your identity, give permissions to others to access the site, or compromise your privacy or security in some other manner, says Clayton.

It's not so much that a Microsoft employee might one day go rogue and start stealing these sensitive URLs; it's the possibility that Microsoft hands the URL to someone with similar tastes and these users visit the exact places that you go to. "Suddenly all that "security through obscurity", the pious hope that no one could possibly guess that URL, goes up in
smoke," says Clayton.

Dr Clayton is a Cambridge academic and an eminently sensible, if somewhat cautious, voice in a debate which is all too often conducted by shrill, ignorant or ill-informed comentators.

Clayton doesn't want to score cheap points by gratuitously slating Microsoft - he merely points out that they could do better, by minimising the data transfer, and only obtaining longer URLs for the sites, like blogger.com, where it actually matters.

In the meantime, they should honest and transparent about the potential risks.

But Clayton's comments do have a silver lining for Microsoft: he points out that selecting the InPrivate mode automatically disables Suggested Sites, even if users have opted in. So, at least they can claim another alternative use for Pr0n-Mode...

A day for quiet reflection

2009-01-29T17:22:00.000Z

Yesterday was European Data Protection Day; this blog held a one day's silence as a gesture of respect to the millions of pieces of personal and sensitive data that have been lost in the last year.

Across the continent people gathered in their hundreds of thousands, coming together in their workplaces, in their communities, in the fields, in the hills and in the streets, to mark this most solemn and momentous day of data.

I need not tell you what an emotional day it was for us all.

Some of us may have brushed aside manly tears as we reflected on the 182 per cent rise in card cloning and phishing in the second quarter of 2008 compared with the same period in 2007; others may have stifled their sobs over the $2.8bn cost of phishing attacks; still more wept -openly and without shame - for the 44 per cent of small businesses that have fallen victims to identity fraud through phishing, internet scams and data theft.

But all were united in their fervent hope that 2009 finally marks the year when the UK's government pulls its bloody finger out and puts a stop to departments' haemorrhaging of our personal and sensitive data.

Fat chance...

A load of nonce-sense

2009-01-23T12:51:00.000Z

If the first law of marketing is that sex sells, the first rule of tabloid journalism is that paedos shift papers.

Things may have quietened down a bit since the 2000 moral panic, when the News of the World whipped up a hysterical mob of mouth-breathing simpletons into an orgy of vigilante violence, but tabloid editors still know that their barely-literate readers love a good “hate” almost as much as a new Lizzy Duke sovereign ring.

So it’s no surprise to see yet another paedo story in today’s Sun, with the baffling headline: “Internet pervert charges rap”. In a nutshell, the story concerns comments made by the chief executive of the Child Exploitation and Online Protection (CEOP) Centre which "slammed" (criticised) Internet Services Providers (ISPs) for charging child abuse investigators to access their data.

The way that the Sun spins it, cynical ISPs are making an easy profit from the authorities hunting down Britain's biggest nonces. Naturally, the Sun is sympathetic to CEOP’s chief executive, Jim Gamble, who believes that ISPs should waive these charges in the public interest.

Balance has never been the Sun’s strongest suit. If it were, they would have pointed out that under the Regulation of Investigatory Powers Act (RIPA) ISPs are entitled to charge the police for reasonable costs for data retrieval and that in the last four years, the Government has paid ISPs and telcos £19m for its agencies’ growing demands for access to communications data. This information was obviously deemed by the Sun to be of no interest to its audience, even to its more intellectual readers who don’t need to use their index fingers to read a newspaper.

Interestingly, CEOP’s share of this £19m amounts to around £170,000 – less than one per cent of the total paid to ISPs. With CEOP having made just shy of 10,000 requests, the average cost of each request works out at less than £18.

Why, then, is the Sun focused purely on paedophile investigators, when all regular police forces and government agencies are charged, fairly and under UK law, for using ISPs’ time and resources?

As Malcolm Hutty, policy chief at the London Internet Exchange (Linx) points out, "Regular police forces investigate extremely serious crimes using communications data, including murder, rape and kidnapping, and they believe they are better served by cost recovery. We don't believe that the situation becomes different for child abuse cases merely because they are investigated by a specialist national unit."

But here we come to the second law of tabloid journalism: never let the facts get in the way of a good story.

The DNA of the UK Constitution

2008-12-05T12:06:00.000Z

The European Union really makes my blood boil. If they’re not telling us what shape our bananas should be, they’re ordering our grocers to sell potatoes by the metre. Now, in the latest piece of politically correct European legislation, convicted paedophiles will be allowed to keep a pale 8 year old boy in their cells, after the European Court of Justice ruled that this was a fundamental “Yuman Rite”.* You couldn’t make it up.† We’re literally going to hell in a handcart.

Or so you’d believe if you had access to no other media than the Daily Mail. But even readers of what Alan Partridge described as “arguably the best newspaper in the world” surely can’t complain about a recent judgement from the European Court of Human Rights (ECHR) which ruled that it is illegal to retain DNA profiles and fingerprints of people who have never been convicted of a crime.

The case was brought by two men from Sheffield whose DNA was taken after they were arrested on two separate and unrelated charges; one case involving alleged harassment was dropped, while the other man was acquitted of attempted robbery. Yet in spite of their innocence, these two men’s DNA and prints are still on a national criminal database, along with 570,000 other profiles of innocent individuals (some sources, notably today’s Guardian, say 850,000).

In reaction to the ruling the Home Secretary, Jacqui Smith, said that while she was “disappointed” (shouldn’t that be “disappointing”? Ed.), the existing law would remain in place “while we carefully consider the judgement.”

Well Jacqui, consider this. Presumption of innocence is an inseparable part of this country’s DNA, stretching back at least to Magna Carta. The principle of ei incumbit probatio qui dicit, non qui negat (that the burden of proof rests on whom asserts and not on whom denies, for those of you with a state education) is a fundamental foundation of our entire legal system which, in spite of frequent criticisms, remains one of the best in the world.

Ms Smith argues that DNA and fingerprinting is vital in the fight against crime, and claims that it provides the police with more than 3,500 matches a month. But Jacqui, we’re going to let you into a little secret. You know that statue of Justice on top of the Old Bailey? What’s that she’s holding in her left hand? That’s right – scales! And do you know what that represents, Jacqui?
Yes, it’s balance! And that’s what justice is all about – balance.

Taking the Home Secretary’s comments at face value, we should take the prints and DNA of every British child at birth; then we’d have a nice big database of everyone’s details. But that wouldn’t play very well with the public, would it, so how about taking young people’s DNA the moment they turn 16 – what could be objectionable about that?

Merely the fact that it criminalises the innocent and robs us of a fundamental principle of our centuries-old legal system.

The EU can often be a ponderous, calciferous and obtuse organisation, but we should applaud it when it makes the right decisions. Well done.

* Probably.
† Well, actually you could.

Gut feeling

2008-11-20T14:35:00.000Z

In spite of our previous post about the NHS, this blog is concerned primarily with data in general, and the impact of technology on personal information in particular.

So, at the risk of appearing to stray off topic, we’ll start today with Gordon Brown’s plan to liberalise the UK’s rules on organ donation. The prime minister wants everyone in the UK to be automatically included in the organ donor register under a system of “presumed consent”. Anyone who objects to having their kidneys re-used after their death would have to opt out of the system.

The thorny issue of organ donation provokes visceral (sorry) reactions in most, if not all, of the population: some see it as inherently selfish not to let others use your lights after you’re dead; others see it as yet another example of the creeping nanny state robbing citizens of jurisdiction over their own bodies.

There are, of course, powerful arguments both for and against presumed consent, and it’s beyond the remit of this blog either to defend or denounce Gordon’s plan.

But the principle of consent, and specifically the opt-in / opt-out debate, sits at the very heart of the continuing debate about the protection of our personal data, especially on the web.

Should services that use our personal data be opt-in or opt-out? Most people would instantly and decisively declare that any Internet service which collects, processes, uses or stores our personal data should naturally be opt-in.

We strongly disagree.

Regular readers will know that this blog tries to champion people’s right to privacy, whether online of offline, so there might be some who are surprised that we feel so strongly against the opt-in model. After all, shouldn’t we have to give our express permission, based on thorough information, before allowing others access to our private lives?

Ah, but indeed; and therein lies the problem.

Every time we tick the checkbox accepting terms and conditions – be it for a website, a new online service, or to set up an email account – we are giving our consent to everything in the small print.

When was the last time you read through a website’s Ts&Cs? In fact, have you ever done so? Do you know what you consented to when you signed up to watch YouTube or set up a Google Mail account? No, but you checked the box without thinking, just because you were impatient to get on with it.

And that’s where the danger of opt-in lies. Irresponsible sites – unlike YouTube and Google Mail – can use the opt-in mechanism to obtain people’s explicit consent for any number of nefarious activities by slipping new services into their terms and conditions, knowing that the vast majority of people will blithely tick the box without reading them.

Much better, then, to obtained people’s informed consent before they sign up – let them know exactly what they’re consenting to by having an unavoidable notice, explaining any changes to service, on the log-in page.

No reasonable person can argue that it should be easy as possible for people to see what they’re signing up to; yet most campaigners on this issue seem still to be in thrall to the sanctity of opt-in, which makes it so easy for people to bury nasty surprises in the Ts&Cs.

This visibility, this informing of stakeholders, is what’s lacking from the prime minister’s plans for presumed consent. While presumed consent is fair to the educated, literate and informed, it ignores the much greater majority of people who are not au courant and thus are in no position to give informed consent to organ donation.

Two cheers for the NHS

2008-11-10T12:19:00.000Z

Of all the categories of sensitive data, it is information about our health and our medical histories that is perhaps the most personal and private.

For example, you wouldn’t want a stranger – or worse, a colleague – knowing that you’re being prescribed Anusol Ultra for your chalfonts, would you? Nor would you want your boss to know about the methadone prescription, or your mother to know about your latest suicide attempt. Unless, of course, it was a cry for help.

But even if it contains nothing as dramatic as an overdose, we tend to guard our medical history very jealously.

So it may come as a shock to learn that not only has the NHS amassed a central database of around one billion confidential records of patient visits to hospital, it is routinely sending some of these records to an academic organisation outside the NHS. These records contain personally identifiable information, such as postcodes and NHS numbers, as well as medical information, including diagnoses and any treatment given.

Now, a certain breed of querulous privacy advocate will start whining the moment they hear the words “giant database” in conjunction with “confidential data”. Not so data grub: we understand that there are often the very best reasons for aggregating personal data, as long as stringent measures are in place to ensure absolute confidentiality.

In this case, the aim is to use this vast resource of information to improve the NHS’s service and treatment outcomes, which I think we can agree is a Good Thing.

The other good news is that both the NHS and the academic organisation that uses this data, the inanely-titled Dr Foster Unit, seem to have taken decent precautions to protect patients. All data is held on encrypted discs and is sent by secure courier, which is a pretty good start. Then, at the Dr Foster Unit, the data is kept in secure offices, on disc-less workstations which have no link to the Internet.

While this compares pretty favourably with the cavalier approach towards data security shown by other public sector bodies, among them the Ministry of Justice, the MoD and the Department for Work and Pensions, it’s certainly far from perfect.

Our main gripe is that personally identifiable information (PII) is contained within the data that’s being sent out of the NHS. While PII such as postcodes may be vital for making distinctions between different areas of a town or the country, surely the NHS should secure people’s informed consent if they are to use their data in this way?

So, two cheers for the NHS and the Dr Foster Unit for at least trying to apply best practice to the use of sensitive data. But, as we asked at the beginning, why should anyone other than one’s doctor be able to look at your confidential medical history, even if it’s just some academic at Imperial College?

Now, if they anonymised this PII irreversibly, ensuring that records cannot be traced to an individual, while at the same time remaining useful to the bean counters (all perfectly possible with today’s technology), well – that would be just what the doctor ordered.

We’re big fans of Richard Thomas here at data grub.

2008-10-30T13:36:00.000Z

Mr Thomas, as any fule kno, is the UK’s Information Commissioner and head of the Information Commissioner’s Office. They’re the independent regulatory office dealing with all sorts of privacy legislation like the Data Protection Act, the Freedom of Information Act and many others too numerable and mind-numbing to mention.
Put succinctly, Mr Thomas and his team are there to prevent the creeping threat of a Big Brother state, and also to stop any attempt by private companies to read our emails, share our data or plant transponders in our brains constantly reminding us that Sud-U-Like Washes Even Whiter.

It’s a pretty thankless task, but one that he and his team have been doing pretty bloody well, at least in my opinion. They’re not afraid to stand up for citizens’ privacy when it’s genuinely threatened by big business or big government, while at the same time ever-ready to slap down spurious, misinformed petitions from bleating, single issue, self-important “privacy experts”. (I think you’ll know whom I’m referring to, Alex...)
So even though the latest utterance to pass the Commissioner’s lips could have come from the Department of Bleeding Obvious, at least it’s being said by someone whose words carry weight.

In a speech yesterday Mr Thomas warned that the proliferation of ever larger centralised databases is increasing the risk of people’s personal data being lost or abused.
He also drew attention to bears’ predilection for sylvan defecation and raised questions about the Pope’s commitment to Islam.

But sometimes you do need to state the obvious, loudly and often. This is one such time.
Because on Tuesday, Jacqui Smith was forced to admit that the Government will soon begin technical work on its giant database of all email, text, phone and web traffic – even though the legislation has yet to be passed by Parliament.

Of course, the present Government is completely contemptuous of Parliament and will go ahead with its plans whatever Richard Thomas, or anyone else, says.

Which is a shame, because much of Mr Thomas’ speech was given over to a report on how reported data losses have soared in the past year. The number of data breaches - including lost laptops and memory sticks containing sensitive personal records - reported to him has risen to 277 since the loss of 25 million child benefit records was disclosed nearly a year ago.

The new figures show that the information commissioner has recently launched investigations into 30 of the most serious cases. The 277 breaches include 80 reported by the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector.

Mr Thomas pointed out that as new technology is harnessed to collect vast amounts of personal information, the risks of it being abused increase: "It is time for the penny to drop,” he said. “The more databases that are set up and the more information exchanged from one place to another, the greater the risk of something going wrong.”

"The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made."

It is not difficult to grasp this concept, Jacqui. It is a simple, elegantly expressed and indisputable fact. But why listen to boring old Richard Thomas?

Sir Ken Macdonald, the director of public prosecution (DPP), speaking after Smith’s admission, weighted in to warn that the government was in danger of “breaking the back of freedom” with the relentless pressure of a security state.

But I think Richard Thomas’ point is the stronger – if we can’t trust the government with our private data now, how the hell are we supposed to trust it when it holds details of all electronic communications in the UK?

Doubting Thomas?

2008-10-30T11:18:00.000Z

We’re big fans of Richard Thomas here at data grub.

Mr Thomas, as any fule kno, is the UK’s Information Commissioner and head of the Information Commissioner’s Office. They’re the independent regulatory office dealing with all sorts of privacy legislation like the Data Protection Act, the Freedom of Information Act and many others too numerable and mind-numbing to mention.

Put succinctly, Mr Thomas and his team are there to prevent the creeping threat of a Big Brother state, and also to stop any attempt by private companies to read our emails, share our data or plant transponders in our brains that constantly remind us that Sud-U-Like Washes Even Whiter.

It’s a pretty thankless task, but one that he and his team have been doing pretty bloody well, at least in my opinion. They’re not afraid to stand up for citizens’ privacy when it’s genuinely threatened by big business or big government, while at the same time ever-ready to slap down spurious, misinformed petitions from bleating, single issue, self-important “privacy experts”. (I think you’ll know whom I’m referring to, Alex…)

So even though the latest utterance to pass the Commissioner’s lips could have come from the Department of The Bleeding Obvious, at least it’s being said by someone whose words carry weight.

In a speech yesterday Mr Thomas warned that the proliferation of ever larger centralised databases is increasing the risk of people’s personal data being lost or abused.

He also drew attention to bears’ predilection for sylvan defecation and raised questions about the Pope’s dedication to Islam.

But sometimes you do need to state the obvious, loudly and often. This is one such time.

Because on Tuesday, Jacqui Smith was forced to admit that the Government will soon begin technical work on its giant database of all email, text, phone and web traffic – even though the legislation has yet to be passed by Parliament.

Of course, the present Government is completely contemptuous of Parliament and will go ahead with its plans whatever Richard Thomas, or anyone else, says.

Which is a shame, because much of Mr Thomas’ speech was given over to a report on how reported data losses have soared in the past year. The number of data breaches - including lost laptops and memory sticks containing sensitive personal records - reported to him has risen to 277 since the loss of 25 million child benefit records was disclosed nearly a year ago.

The new figures show that the information commissioner has recently launched investigations into 30 of the most serious cases. The 277 breaches include 80 reported by the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector.

Mr Thomas pointed out that as new technology is harnessed to collect vast amounts of personal information, the risks of it being abused increase: “It is time for the penny to drop,” he said. “The more databases that are set up and the more information exchanged from one place to another, the greater the risk of something going wrong.”

“The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made.”

It is not difficult to grasp this concept, Jacqui. It is a simple, elegantly expressed and indisputable fact. But why listen to boring old Richard Thomas?

Sir Ken Macdonald, the director of public prosecution (DPP), speaking after Smith’s admission, weighed in to warn that the government was in danger of “breaking the back of freedom” with the relentless pressure of a security state.

But I think Richard Thomas’ point is the stronger – if we can’t trust the government with our private data now, how the hell are we supposed to trust it when it holds details of all electronic communications in the UK?

By the way, have a look at http://www.guardian.co.uk/technology/2008/oct/29/data-security-breach-civil-liberty for Thomas’ table on this year’s data breaches.

Ta ta for now, data chums!

A guest editor writes…

2008-10-21T12:18:00.000+01:00

I’m delighted to announce that this week we have a guest editor, a Ms H.W. from somewhere in the South East. You’ll immediately notice the balance, reasoned argument and tolerance of other nationalities that has, until now, been so clearly absent from this blog. So, without further ado, I give you Ms H.W.:

A German Court has given permission for website operators to store internet protocol (IP) addresses of their visitors, claiming it does not violate data protection legislation. Surely not? I hear you cry. Yet they say that without additional information IP addresses can’t be classified as personal data because they cannot be easily obtained and used to determine a person’s identity. Note they said data cannot be easily attained therefore it is in fact still possible. The court in Munich did present a good case by ruling that ISPs could not present information to third parties regarding who had been using a certain IP address at a particular time without a court order.

The German court ruling is in fact consistent with the advice issued by the UK’s Information Commissioner last year. However, this did point out that IP addresses could constitute personally identifiable information (PII). This has resulted in people including The Article 29 Working Party (a reference to the 29th article of the European Directive concerning the protection of EU citizens’ personal data) to argue that if it could become personal data it should be treated this way regardless.

As a nation we put a certain amount of our trust in online actors including behavioural targeting firms, internet service providers and search engines, to use our data correctly and appropriately. The big question is: does using this data breach our privacy laws? The German court obviously thinks not.

I wonder if Pythias Brown, 48, from New Jersey agrees. He used to be a baggage screener at an airport and in charge of people’s property. He admitted to stealing regularly from his workplace and selling the stolen items on eBay using the handle “alirla”. Brown was found by investigators who tracked down this alirla account using Brown’s IP address for his home computer. This case provides a great argument against the claim that IP addresses cannot be counted and used as personal data. It would appear privacy here has most certainly been invaded.

Camden RIPA-off

2008-10-06T12:16:00.000+01:00

Camden Town Council has more than quadrupled its surveillance of local residents since the introduction of the Regulation of Investigatory Powers Act (RIPA).

While the Act allows for the interception of communications and the use of covert human intelligence sources to prevent crime, including terrorism, it appears that Camden Council are using this legislation to spy on low-level offences, such as dog fouling, littering and checking whether or not a child lives in a certain catchment area.

Admittedly, Camden is the haunt of some of the most loathsome Untermensch that inhabit this fair city, from strutting, skinny-jeaned new media types to coin-eyed rip-off merchants selling “legal highs”.

But while I personally would be glad to sweep this whole swathe of faux-bohemia into the Regent’s Canal, I grudgingly have to admit that, owing to a loophole in the law, these people have the right to exist without being persecuted by the local council.

Of course, if the police and security services have reasonable grounds to suspect someone of planning a terrorist operation, that’d be a great time to start tapping the phones. But if you think that someone is mis-using a disabled parking badge, I would suggest that surveillance is both disproportionate and a fatuous waste of time and money.

And Phorm saw that it was good…

2008-09-29T12:16:00.000+01:00

Glad to see that this blog’s starting to have a bit of influence. Phorm has taken my advice (see previous post) and has drawn up a list of incentives for customers who opt-in to their Webwise targeted ad service.
Suggestions include:
An upgrade to a faster broadband package at no extra cost
£1 off monthly broadband bills
£1 cashback per month
A cut of advertising revenues
A free premium technical support line
Free music download vouchers
Free anti-virus software
Parental content controls
Donating a sum to charity
(More information here: http://snipurl.com/3xi6t)
My next blog posting will contain details of how to solve the worldwide banking crisis, rid the world of HIV/AIDS and how to achieve a lasting resolution of the Israeli / Palestinian conflict.

An Englishman’s house is his castle. Entrance £5

2008-09-26T12:10:00.000+01:00

A few Christmases ago, I was given a fascinating little book in my stocking. It was a facsimile of a booklet given to every American GI posted to Britain during the Second World War.
“Instructions for American Servicemen in Britain” is a wonderful, humane and charming insight into the British character and a revealing portrait of how the Englishman is perceived by his cousins.

For example, under the heading ‘British Reserved, Not Unfriendly’, the book warns that Britons will not strike up a conversation on a busy train because “…[living] on a small, crowded island, the British have learned to guard their privacy carefully.”

Not much has changed since then, has it? Britons are as apt to strike up a conversation with a stranger as the French are to take daily baths. And in the Internet age, with the perceived intrusions into our private lives and threats to our personal data, we’ve learned to guard our privacy even more jealously than before, haven’t we?

Not exactly. A new survey has found that 60 per cent of those questioned were happy to hand over computer password data which might be useful to potential ID thieves in exchange for a £5 M&S gift voucher.

In return for the voucher, Joe Public happily divulged how they remember their password and which online websites (from a range of email, shopping, banking and social networking sites) they most frequently use. Almost half of respondents (45 per cent) said they used either their birthday, their mother’s maiden name or a pet’s name as a password.

What we learn from all this is that the Englishman, rather than keeping a tighter grip on his privacy than a Scotsman keeps on his wallet, is more than happy to whore out his sensitive private data for a derisorily small pecuniary reward. This has important implications for many in the technology sector.

In this blog I’ve mentioned several companies and services which, fairly or unfairly, have had obloquy heaped upon them by so-called privacy advocates who claim (often in the face of overwhelming evidence to the contrary) that it impinges on their privacy. The answer for these companies is simple: gain consent for a “controversial” new service by offering a small financial enticement. Hell, there are people out there willing to hand over their banking passwords to a clipboard-wielding survey monkey in exchange for a lunch voucher. I’m sure the same people would find “controversial” new technologies much less objectionable if they were given the smallest of incentives.

Road Rage

2008-09-15T12:09:00.000+01:00

The British are, we are told with mind-numbing regularity, the most watched people in the world, with more CCTV cameras per head of population in the UK than any other nation in the world. (Though I hear the Chinese are catching up – the city of Shenzen will soon have two million surveillance cameras watching over a population of 12 million.)

Now, I read today in the paper (a real newspaper which you have to buy, like a grown-up) that the police are to expand their car surveillance operation that will allow them to record the details of millions of journeys every day, and to store this data for up to five years.

I don’t have a visceral, knee-jerk antipathy to surveillance cameras. I do find them somewhat creepy and I am concerned about the centralisation of data detailing exactly where I’ve been all day. (Yes, I do have an Oyster card and yes I am aware that this too tracks me.) I’m also concerned about who has access to this data and how it’s used. For example, I’m not particularly impressed with councils using hardcore anti-terrorism legislation to snoop on litter droppers.

But unlike the witless graffiti vandal Banksy, I don’t think all surveillance is a bad idea. Cameras do occasionally help the police to foil a crime in progress; it has been known for CCTV recordings to lead to successful prosecutions in court. I would argue that this is not altogether a bad thing.

I’m sure that the cops’ plan to record 18bn number plates in 2009 will probably help them to solve and prevent more crimes. What I doubt is whether the scheme is proportionate, value for money or safe. If the database goes ahead, it will store a colossal amount of information on the private lives of identifiable individuals. Of course, GCHQ listens to our phone calls and if they cared to they could probably reveal you penchant for dirty phone calls and casual drug use. But they’re spies and are pretty good at keeping hold of information. (Rather too good at keeping hold of information, if the Omagh story is to be believed…)

My point is that before the Home Office implements a new, massive repository of citizens’ data, it must first show that they can be trusted with large amounts of highly sensitive information. Or small amounts, for that matter.

While I don’t necessarily deny a need for the police’s car surveillance plan, I do think the government needs to win the public debate on the need for such surveillance. Whether they will even engage in such a debate on this issue remains to be seen.

Wankster’s Paradise

2008-09-05T12:05:00.000+01:00

This week we’ve seen lots of talk about two flashy new browsers that have recently been launched in beta versions. First up, we have the latest iteration of Microsoft’s Internet Explorer, IE8, with which it hopes to gain ground on – among others – Mozilla’s successful Firefox application.

Hot on the heels of Microsoft comes Google’s first foray into the browser market with its own beta, called Chrome. (Chromium is the name of the open-source project which led to its development, for all you curtains-closed bed-sit dwellers out there.)

Of course, both these betas come with spangly new features and functions – higher speeds, more robust security, clearer user interfaces and so forth. It’s a shame, then, that most of the public and press have focused on their respective privacy features: Google’s Incognito and Explorer’s InPrivate modes. When activated, these settings prevent the browser from storing any history information or cookies from websites visited. Inevitably, this has been dubbed “porn mode” by…well, everyone.

Of course, both companies attempted to re-define their “porn modes” with spurious alternative reasons for use. Quote of the week comes from a spokesman for Google who (presumably sticking a needle into his thumb to stop himself from dissolving into giggles) straight-facedly claimed Incognito was “…for times when you want to…plan surprises like gifts or birthdays.”

No – it’s to stop the wife from knowing, rather than merely suspecting, that you look at some of the most repulsive pornography on the web.

Hairy-palmed husbands will no doubt welcome both browsers, as will the latest generation of gangly girl-shy teenagers who still use their parents’ Internet connection.

But will the “porn modes” prevent Microsoft and Google from storing your search terms and IP address? As we know, search engines already store records of who you are (IP address), where you’ve been (URLs) and what you’ve looked for (search terms). What’s to stop, say, Google from identifying you and your browsing behaviour for definitely-not-evil-at-all uses?

Er…nothing. Users who leave Chrome’s auto-suggest feature on and have Google as their default search provider will be giving Google access to any keystrokes that are typed into the browser’s Omnibox, even before they hit enter. Google have been good enough to admit to this: a representative said that that about “two per cent” of the data would be stored along with the IP address of the computer that sent the information.

In theory, that means that if one were merely to type the address of a site into the Omnibox, even without hitting enter one could leave incriminating evidence on Google’s servers.

I’ve got no problem with anyone – website publisher, search engine, browser – knowing where I’ve been. My problem is in them knowing who I am. Since they store IP addresses – and God knows what other personally identifiable information – that’s exactly what they do know.

Google says that turning on the Incognito mode will prevent it from harvesting your search queries alongside your IP address. If that’s true (and why would anyone doubt good-guy-Google’s word?) then the privacy modes could have an audience outside of the dirty mac brigade; I for one.

http://www.theregister.co.uk/2008/09/02/google_chrome_comic_funnies/

Another day, another data loss

2008-09-02T14:40:00.000+01:00

This time, it’s Charnwood Borough Council in the spotlight with the news that one of their hard drives, containing taxpayers’ personal details, has turned up on eBay.
I’ll admit that news of yet another disastrous data loss by government is less than surprising. What is interesting is a piece in The Register which shows that these recent data losses are the result of the government’s failure to set and publicise standards for wiping data. This, El Reg claims, makes future and more serious incidents much more likely.
Now, as Gary Glitter and the staff of PC World Bristol can attest, when you “delete” a file on your computer it ain’t necessarily gone for good. To ensure that any sensitive or incriminating data is irrevocably removed from a device, be it a politician’s palmtop or a pop star’s laptop, it needs to be “wiped”.
The trouble is, the government doesn’t have any guidelines for the wiping of data.
Let me repeat that: the government doesn’t have any guidelines for the wiping of data.
So, government bodies, agencies, departments and so on are setting their own standards for preventing unauthorised disclosure of data. And bless them, I bet they try their best, but they’re getting sod all help from central government.
Instead, they’re bizarrely borrowing bits from US government guidelines. That’s what happened in Charnwood Council’s case. Lacking a UK standard for data wiping, it seems that the Council instead required third parties to apply (deep breath) DoD Standard 5220.22M (exhale) to all data erasures.
To cut a long and tedious story short (and to save you from a plethora of Yankee acronyms and initialisms), this standard is from a manual published by the US Department of Defense which addresses the issue of preventing unauthorised disclosure of classified information.
On the surface, this looks like quite a smart move by Charnwood Council: after all, they were modelling their data security standards on one of the most successfully secretive organisations on the planet.
Unfortunately, when Charnwood Council set its criteria for supplier selection, the edition of this manual didn’t specify any particular method for securely wiping data.
You’ve got to give a sleepy, bucolic council like Charnwood full marks for effort for cribbing guidance off the US Department of Defense – it’s just a shame the bits they borrowed didn’t give tell them how to go about wiping data.
The guidelines for data wiping were finally published in this year’s manual, along with an enhanced “Clearing and Sanitization Matrix”, which sounds like a rather sinister euphemism for the Department of Defense’s day-to-day work.
Until the UK Government pulls its finger out and issues clear and comprehensive methods for wiping information, we can expect more, much more, of the same…

How to disappear completely?

2008-09-02T12:03:00.000+01:00

Another day, another data loss. This time, it’s Charnwood Borough Council in the spotlight with the news that one of their hard drives, containing taxpayers’ personal details, has turned up on eBay.

I’ll admit that news of yet another disastrous data loss by government is less than surprising. What is interesting is a piece in The Register which shows that these recent data losses are the result of the government’s failure to set and publicise standards for wiping data. This, El Reg claims, makes future and more serious incidents much more likely.

Now, as Gary Glitter and the staff of PC World Bristol can attest, when you “delete” a file on your computer it ain’t necessarily gone for good. To ensure that any sensitive or incriminating data is irrevocably removed from a device, be it a politician’s palmtop or a pop star’s laptop, it needs to be “wiped”.

The trouble is, the government doesn’t have any guidelines for the wiping of data.
Let me repeat that: the government doesn’t have any guidelines for the wiping of data.
So, government bodies, agencies, departments and so on are setting their own standards for preventing unauthorised disclosure of data. And bless them, I bet they try their best, but they’re getting sod all help from central government.

Instead, they’re bizarrely borrowing bits from US government guidelines. That’s what happened in Charnwood Council’s case. Lacking a UK standard for data wiping, it seems that the Council instead required third parties to apply (deep breath) DoD Standard 5220.22M (exhale) to all data erasures.

To cut a long and tedious story short (and to save you from a plethora of Yankee acronyms and initialisms), this standard is from a manual published by the US Department of Defense which addresses the issue of preventing unauthorised disclosure of classified information.

On the surface, this looks like quite a smart move by Charnwood Council: after all, they were modelling their data security standards on one of the most successfully secretive organisations on the planet.

Unfortunately, when Charnwood Council set its criteria for supplier selection, the edition of this manual didn’t specify any particular method for securely wiping data.

You’ve got to give a sleepy, bucolic council like Charnwood full marks for effort for cribbing guidance off the US Department of Defense – it’s just a shame the bits they borrowed didn’t give tell them how to go about wiping data.

The guidelines for data wiping were finally published in this year’s manual, along with an enhanced “Clearing and Sanitization Matrix”, which sounds like a rather sinister euphemism for the Department of Defense’s day-to-day work.

Until the UK Government pulls its finger out and issues clear and comprehensive methods for wiping information, we can expect more, much more, of the same…

(The full Register article is here, in all its complexity: http://www.theregister.co.uk/2008/09/01/gov_data_standards_arent/)
Posted in Uncategorized Edit No Comments

DPI red herring

2008-08-22T12:00:00.000+01:00

First off, apologies for the slightly confusing discrepancies between the dates above my previous posts and their stated publication dates. I migrated my nascent blog from another site and wanted to show exactly when I’d written them.

Right, to Capitol Hill now, where the House Committee on Energy and Commerce has for the last couple of weeks been investigating Internet companies’ approach to privacy. The Committee is focusing particularly on behavioural targeting - the practice of inferring Internet users’ interests from their browsing behaviour and using this data to serve them more relevant (and thus more profitable) online advertisments.

The House Committee sent a letter to thirty-three Internet companies on the first of this month questioning them about their privacy policies in regard to concerns raised by behavioural targeting.

‘Questions have been raised regarding the applicability of privacy protections…and whether legislation is needed to ensure that the same protections apply regardless of the particular technologies or companies involved’, read the letter.

While, of course, all the companies vigorously defended their privacy policies, Google’s approach is worthy of note. This behemoth of the Internet made a point of denying that it uses deep packet inspection (DPI) technology, and used this claim to evade answering a number of the Committee’s 11 questions.

Deep packet inspection is a technology which examines the data in individual packets travelling across the Internet. This technology can be used by ISPs to analyse traffic passing over their networks and the analysis used to serve targeted ads to their users.

Google don’t use DPI, so that’s any concerns about user privacy out the window then, eh? Well, up to a point, Lord Copper.

For every search made through Google, the company retains the URL, IP address, time and date, operating system and browser used. It also delivers advertisements dependent on the search term entered.

My problem with this is twofold. First, I don’t really want Google to know exactly where I’ve been on the Internet and what search terms I’ve entered. Secondly, I don’t want them to know who I am which, given that they have my IP address, they effectively do.

So whether or not Google uses DPI or not, they still hold an unnecessarily large amount of personal information on me which they keep for 18 months. I don’t like that.

So really, DPI is a red herring. It’s not how you get data, it’s what data you gather and whether you store it or not.

I’ll still use Google though, but not under the misapprehension that they can be trusted to “do no evil”.

Government Goes For Incompetence Gold

2008-08-19T10:07:00.000+01:00

The Government is on course to break its record for the largest loss of citizens' data in a single year. After a particular strong showing in the 2007 data loss competition when it managed to mislay some 36,989,300 pieces of personal information, the Government is setting its sights on smashing its own record for rank incompetence and utter farce.

The latest step towards this unprecedented target was announced by a beaming official from the Ministry of Justice who proudly revealed that 45,000 people had been affected in nine separate data loss incidents within the Ministry.

"I am proud to announce that we are well on our way to making 2008 another record breaking year for data loss," said the gurning beancounter. "This latest data loss shows that Britain excels not only in sailing, cycling and rowing, but also leads the world in risible ineptitude."

The best individual figures for the department were achieved in a single incident, when 27,000 people working for department suppliers were affected after information from badly protected electronic storage devices was disclosed without authorisation.

Names, addresses and bank details were taken, while the MoJ made no efforts to notify the people involved.

And in January 14,000 people were affected due to the theft of a poorly-protected laptop from secured government premises. Names, dates of birth and some national insurance numbers were lost.

US analyst Brad Oysterburger says that there is still scope for the UK government to improve on its already phenomenal record for data loss. “If the government goes ahead with its plans for compulsory ID cards for all UK citizens and a centralised database recording all electronic communications, then these data loss figures could soon be considered a mere bagatelle. Britain looks in strong shape to cement its position as the greatest laughing stock in the world of data security.”

Privacy-tards

2008-08-14T10:58:00.000+01:00

This may be a cynical PR story, but to my mind it's a great one.

A major ISP, the identity of which I have absolutely no intention of revealing, has carried out a survey showing that while 84 per cent of internet users in the UK claim to be guarded about their privacy, 90 per cent of the same users are prepared to hand over their private data to any Tom, Dick or Harry on the interweb.

This doesn't surprise me at all. In my experience, it's those incapable of distinguishing between genuine and imagined privacy threats who bleat loudest about supposed online privacy violations.

This is more or less the conclusion of the ISP conducting the research: "...[it seems that] the more that people understood about the risks of online privacy violations, the less concerned they were about them," says the release.

For example, they found that 84 per cent of all respondents (and there were over 1,000) said they would not give away income details online, yet also found that 89% of the those surveyed were willing to do exactly that.

“Our research identified a significant gap between what people say and what they do when it comes to protecting sensitive information online,” was the rather obvious quote written by a faceless PR for the ISP's chief privacy officer.

I rather admire the brazen way in which they carried out this survey. They asked lots of questions about attitudes to privacy, before asking them personal questions such as income. More than 87 per cent of respondents who said they guarded their income details actually gave them away in the second part of the survey.

This is hypocrisy born out of stupidity. I would not be at all surprised if some of the respondents to this survey were the same self-righteous, self-important and self-appointed "privacy campaigners" who whine about Google Street View but are incapable of seeing the true threats to citizens' privacy in the modern age.

Youtube are watching YOU

2008-07-16T10:51:00.000+01:00

You know you should, but how often do you really read the terms and conditions when you visit a website? Whether it’s a personal email account, an online auction house or a gambling website, few people take the trouble to trawl through the often extensive T&Cs when they sign up. After all, if it’s a legitimate site, well-known and with a good reputation, there should be nothing to worry about, right?

Wrong. In a pre-trial ruling last week, The Register reports, a federal judge ordered Google to hand over all its existing records of every video viewed on YouTube. This information includes user account names and IP addresses.

http://www.theregister.co.uk/2008/07/03/google_to_turn_over_youtube_database/

The case centres around a $1bn lawsuit brought by Viacom, the US media conglomerate, against Youtube. Viacom alleges that the popular video-sharing website has allowed users to upload massive amounts copyrighted material onto its site, thereby hitting Viacom’s revenue while earning advertising revenue for YouTube.

One of the most interesting aspects of this case is what it reveals about Internet users’ privacy and anonymity. It turns out that YouTube keeps extensive records of all its users’ viewing histories, including individual IP addresses. Internet (IP) addresses are generally considered to be personally identifiable information, given that they can be linked to a particular household and, potentially, with an individual person. So, in theory, anyone in possession of the 12TB of YouTube user data could identify all the videos you’ve ever watched on the site. Isn’t this illegal? Unethical?

Self-proclaimed “privacy advocates” may turn puce with rage at the thought, but YouTube’s retention of this data is perfectly legitimate. Their privacy policy clearly states that the company “may record information about your usage,” and adds: “If you are logged in, we may associate that information with your account.” By giving users clear notification of the terms of service, YouTube have remained within both the letter and the spirit of privacy law.

Of course, YouTube isn’t the only company that holds records of user data. Internet Services Providers (ISPs), search engines and e-commerce sites together hold huge amounts of often sensitive personal information, including our names, addresses, phone numbers and even credit card numbers.

The really frightening thing is that companies can be forced by law to hand over the data they hold to government agencies. Under Title V of the Patriot Act, for example, the United States government can force companies, including Internet Services Providers, to hand over data pertaining to individuals to aid investigation against suspected terrorists in The War Against Terror (T.W.A.T.).

The YouTube case is instructive for anyone concerned about their online privacy. Last week’s ruling highlights the fact that any company that holds your data – no matter how responsible they may be – can be forced to relinquish that data by the courts.