Data Privacy Day will RockYou

We've got a new guest editor today, Mr. Josh Crawford:

Today is Data Privacy Day, the perfect time to rejoice in the attempt by the EU and USA to promote “privacy awareness and education among teens and young adults, focusing on the privacy issues raised by the use of social networking sites” and other types of technology which can share personal information over the internet, with a particular focus on those irritating necessities: passwords.

We here at Data Grub are ecstatic with the news that this most auspicious of occasions has arrived with the millions of people across our two great continents writhing in a frothy mass of pure ecstasy. So finally, this day of data will commence.

But it seems that this day of data celebration will be tainted with the news that RockYou, the online provider of social networking applications for Facebook, MySpace and others, was recently involved in a ruckus with a hacker.

Security firm Imperva uncovered the breach after peering at underground hacking forums; that RockYou was being attacked by a common type of exploit known as a SQL injection flaw. Hackers around the world violated that hole and invited their friends to have a go too. RockYou must have felt pretty sore in the morning.

Apparently the hacker, during a smash and grab attack, violated RockYou’s Database and stole 32 million online passwords. This has given the experts an insight into the kinds of passwords we use. Being the smart and social animals we are, it just so happens that 123456 is the worlds’ most popular password. Amichai Shulman, CTO at Imperva, said, “I guess it’s just a genetic flaw in humans.” Wives and girlfriends of the world: if your fella's favourite football team doesn’t work - maybe you're being just a little too clever. You might find that QWERTY unlocks that treasure trove of porn on his laptop...

Two days before Data Day was to start, the Information Commissioner’s Office warned that “organisations could face tougher sanctions if they fail to report data security breaches,” considering that there have been more than 800 incidents of reported security breaches last year. The sheer number of stunningly unimaginative passwords uncovered by RockYou's hacker suggests that there may well be a further slew of security breaches in the coming months.

Jeff Moss, who is on the USA’s Homeland Security Advisory Council said in response to the RockYou breach that we should rely on complex passwords, ideally around 12 characters long. “It’s like that joke where the hikers run into a bear in the forest, and the hiker who survives is the one that outruns his buddy,” said Moss, pausing awkwardly for an expected laugh which never materialised.

It looks like the RockYou story has a bit further to run - last month enraged citizen Alan Claridge from Indiana, USA, filed a class action suit against the company after they belatedly informed him - some 10 to 12 days after the attack - that his sensitive, personally identifiable information, including e-mail address and password, may have been compromised.

They had kept all the personal identifiable information in plaintext on an unencrypted database that, according to CNET, even a hacker with the most basic skills could’ve exploited.

With the ICO gaining new powers this April to issue fines of up to £500,000 for serious Data breaches, we at Data Grub can only hope that businesses, organisations and private citizens start treating data privacy at least somewhat seriously - starting with passwords.

The Ads That Dare Not Speak Their Name

Remember Phorm, the evil data pimps who wanted to collect browsing data on Internet users so that they could deliver targeted advertising?

Well, yes, of course you do. It was only a few months ago that the company effectively folded in the UK, having been battered by a succession of staggeringly stupid PR blunders, leaving their investors seriously out of pocket.

So the world and its dog can breathe a sigh of relief that it's safe from this invidious form of advertising, which threatened to usher in a cataclysm unequalled in the annals of human history, surpassing the plagues of Egypt, the eruption of Krakatoa, the rise of Jedward etc. etc.

Er, actually, no. A little-known Internet firm called Google is doing exactly the same thing, with nary a murmur of discontent from the brave warriors who brought Phorm to its knees. And we're not talking about Google's gentlemanly habit of routinely reading Gmail users' emails so that they can serve them with targeted ads. No, it goes further than that.

Some of our more technically literate readers may know that the world's largest text ad broker has, for ages, served up different search results for users logged into its services, such as Google Calendar or Gmail. These search results are tailored to users' previous browsing behaviour, so if you spend a lot of time on bbc.co.uk/sport, Google search results will place this web page higher up the list when it's asked to search for "sport". This, of course, is an entirely selfless service from Google that helps users gain the most relevant results - and it's only coincidental that it helps them to make more money from behaviourally targeted ads.

No problem with that - Google fanbois presumably read the terms and conditions when they sign up to these services (doesn't everyone?). But now Google is "personalising" search results for any user, anywhere, regardless of whether they're signed in to Google or not, through cookies placed on unwitting users' computers.

We've covered behavioural targeting before and, while we don't think it's inherently evil, we do believe that it requires a delicate approach, along with rigorous adherence to best practice procedures to ensure that users are well-informed and are offered a clear choice about whether they want their browsing profiled. Google haven't gone out of their way to publicise their service; nor to explain how to turn it off (it is, naturally, turned on by default).

If companies continue to implement behavioural targeting in a sly, underhand way - as though it were something to be ashamed about - then one can hardly blame the public for being suspicious of it. Instead of cloaking it in the depths of a terms and conditions form, companies like Phorm and Google should communicate openly on the benefits of targeted ads and offers.

One final question remains: why has privacy campaigner Alex Hanff - the single-handed scourge of Phorm and NebuAd, whose brave and lonely battle against these Internet behemoths ended with a victory that brought dragons and St George to mind - been so silent on this issue? Alex, where are you?

Postscript: Google's CEO Eric Schmidt yesterday trotted out that favourite line of civil-liberties-deniers the world round: "If you have something you don't want anyone to know, maybe you shouldn't be doing it in the first place." (©Richard Littlejohn / David Blunkett). How this statement sits with Google Chrome's infamous Incognito function - which hides your porn viewing from other users - remains unclear.

New Watchdog Chief Bares His Teeth

So, farewell then Richard Thomas. The outgoing Information Commissioner handed over the baton to Christopher Graham last June, and the new head of the ICO has wasted little time in getting stuck into parliament, the courts and newspapers for failing to stop the flourishing trade in illegally obtained personal and confidential information.

The former DG of the Advertising Standards Authority was giving evidence to the Commons media select committee investigating phone-hacking and other unscrupulous press activity. This issue came to a head a couple of years ago with the revelations that the News of the Screw's was tapping Prince William and Harry's mobiles; the fact that it's taken until now to establish an investigation speaks volumes about the procrastination of our pusilanimous parliament.

While it comes as no surprise that tabloid journalists resort to questionable - even illegal - activities in their work,what beggars belief is the complete absence of deterrent in the form of proper punishment. Graham raised this in his evidence to the committee, criticising the goverment for failing to introduce jail terms for hackers and other willful violators of the Data Protection Act, and claimed that custodial sentences could end the practice "at a stroke".

It's worth noting that Clive Goodman, the Screws' former royal editor, did in fact do four months' bird for hacking the Princes' phones, but Graham pointed out that the NotW case was merely part of a much bigger malaise. Graham said that the ICO had tried to sound the alarm about the scale of the problem as far back as 2006, when it published a report showing that 305 reporters were using private investigators. Unfortunately, said Graham, "...we were let down by the courts, who didn't seem to be interested in levying even the pathetic fines they had at their disposal; we were rather let down by parliament in the end, with no legislation; and we were let down by the newspaper groups, which didn't take it seriously."

It's good to see such forthright common sense from the new Information Commissioner - it's a sign that the ICO is fast becoming a Watchdog with real bite. Graham has made a great start, and we will be following his progress with interest.

The Human Factor

There are some pretty thankless jobs out there, several of which we at Data Grub have experienced directly. And, while it can't match the indignity of chicken sexing or the sheer slog of meter reading, working in a bank comes pretty high up the list of crap jobs.

(Obviously, we're talking about working behind the counter of a high street retail bank. The "master of the universe" type banking jobs - with its private jets, champagne, corporate boxes and complete lack of conscience - sounds quite a laugh.)

What's so bad about working in a bank? Well, aside from the constant pressure to sell massive amounts of debt to the sort of people who shouldn't be trusted with real cutlery, there's also the Data Protection Act to deal with. Banks workers have to watch an achingly-bad training video - which looked dated when it was made in 1998 - about the Act, and how to stay on the right side of the law with regards to customers' data.

No doubt this is a video that'll get dusted down and rewatched by the staff of HSBC, after the bank was fined a mammoth £3 million by the FSA yesterday for taking a laughably cavalier attitude towards customers' personal data.

Another depressingly familiar story of data loss, sure, but it did remind us of that lame old video, in which a harrassed data protection officer pours out his worries about the new Act to a psychiatrist. At one point, the shrink tries to calm him down by saying: "It's really just a matter of common sense."

Quite. Unfortunately, the global supply of common sense has been waning since around 1860, and it's currently rarer than platinum.

But ultimately, it's humans who have the biggest bearing on whether a company successfully fulfills its data protection requirement. With all the talk of encryption, virtual private networks, network and site security, it's easy to forget that technology is only as useful as the human operating it - or forgetting to. Organisations spend time and money communicating their privacy policies; here at Data Grub we'd like to see organisations showing exactly what steps they are taking to ensure that their employees are following best practice at all times. People as a rule are pretty stupid, but when there's a corporate culture of sound data protection processes this cuts regrettable incidents to a minimum. And, with data loss stories in the media almost every week, there's also a business case for having a public and comprehensive data protection policy, in the same way as firms boast about their CSR credentials.

Anything to declare?

Ah, America! The world's brightest beacon of democracy and freedom; the New World of limitless opportunity, where hard work and fair play are rewarded with the fabulous bounties of the American Dream.

And who can forget that America was built upon the exertions and human capital of the millions of immigrants - themselves often refugees from war, slavery and famine?

Modern day arrivals in the USA have a slightly different experience from these pioneering immigrants. Gone are the humiliating medical inspections, where those suspected of illness and physical defects were marked with chalk symbols. Instead, visitors are subjected to a terrifying ordeal of interrogation by customs officials, including such charmingly naive questions as "Is it your intention to overthrow the government of the United States?" (WS Gilbert famously answered: "Sole purpose of visit".)

But now it's not just fearsome feds with sunglasses and ear pieces that travellers have to worry about: they could risk having their personal data compromised, including fingerprints, employment history and credit information.

It all stems from a company called Clear, which used to speed its customers through customs for an annual payment of $200. To do this, they asked their customers for the personal data that customs officials need to know about travellers. A quarter of a million customers signed up to Clear's service and, for a while, enjoyed VIP treatment at US airports, being rushed through customs and immigration while the plebs queued and sweated.

Unfortunately, Clear shut down its operations last week, and the fate of customers' personal data hangs in the balance. What's interesting is that the company says that it will continue to hold onto this sensitive information, which could still be used by another Register Traveller programme. In other words, the data is a business asset that could be parcelled up and sold on to another firm - as long as that company is in the same line of business.

This is proof - if proof be needed - that personal data is no nothing more than another commodity to be bought and sold. It's worth noting that Clear's privacy policy states that "We do not sell or give lists or compilations of the personal information of our members or applicants to any business or non-profit organization." Unless, that is, we go bust.

We've noted before that companies often rely on burying objectionable practices deep within their Terms and Conditions, but if bankruptcy means companies can ignore their own privacy policies, that's a huge blow to data protection. Even if Clear's successor abides by the most stringent data protection policies, the transfer of such large amounts of sensitive information from one organisation to another is a fraudster's paradise, with plenty of opportunity for data to go missing.

Google fails

Congratulations students of the globe! For anyone from the ages of 5 to 15 can enjoy Google’s new attempt at structured data search: Google Squared. And that’s presumably the only group of people that would ever consider using it. Remember when you were eight and your teacher asked you to make a pretty table on British Monarchy with all the monarchs of Britain including their children, spouses and important dates? How you pored over huge encyclopaedias to get all the information? Well, Google Squared officially heralds the end of early education as all these tasks are completed in a matter of seconds for our burgeoning historians and other putative scientists.

If only it were that easy. Just as Babel Fish translate could only ever get a student 12/20 on French translation homework after its launch all those years ago, Google Squared fails to achieve… well anything it’s going for really. A search for the British Monarchy in an attempt to tabulate a chronological factfile brings up a table with the following order – George VI, George II, George V. The genius that is Squared then goes off on a little jaunt that includes the Act of the Union, the Irish Free State, Buckingham Palace and the House of Orange. This just gets embarrassing: the picture accompanying the House of Orange? Why of course! Its Gemma Arterton arriving for the ‘Orange’ BAFTAs at the Royal Opera ‘House’. This is surely Google gone mad. Actually we shouldn’t really be surprised; to be fair to Google, nowadays the Bond Girl must get more hits than the Dutch royals.

It’s rather life affirming to know that even the great god Google isn’t completely infallible. This is an exciting day indeed. This revelation is like those wonderful moments when that beautiful woman who walks like she is better than everyone else trips and falls flat on her face on Oxford Street. At the Christmas Light switch on. On the podium. And the woman is Kate Moss.

One must presumably conclude that the only reason Google released this in such an awkward condition was to distract attention from somewhere else: another attempt to make searching intelligent recently arrived in the form of Wolfram Alpha, the computational knowledge engine. It proclaims to ‘generate output by doing computations from its own internal knowledge base, instead of searching the web and returning links.’ This means, instead of producing lists of useless links or grids of questionable information, it creates pages to answer your search, to the best of its ability. When asked, ‘How many roads must a man walk down before you can call him a man?’, the clever engine replies, ‘The answer, my friend, is blowin' in the wind. (according to Bob Dylan).’ Indeed.

The lady's for turning

We've taken the odd swipe at Jacqui Smith over the last few months, so it only seems fair to applaud her decision to scrap the Home Office's planned über-database of communications data.

The database would have collected data on all electronic correspondence, such as the time, date and length of communication (and, of course, who contacted whom).

Humble Jacqui said that she recognised the public's concerns that a giant database would be a further step toward a surveillance society. And, in a nice little turn of phrase, she said, "To be clear, there are absolutely no plans for a single store."

No longer any plans, Jacqui, no longer.

Of course the cynics will say that Labour couldn't possibly get away with ploughing hundreds of millions of pounds into a deeply un-popular government IT project in light of last week's austerity budget.

We couldn't possibly comment.

Anyway, the upshot of all this is that ISPs are now responsible for intercepting and storing the data that crosses their networks. To this end, the Home Office have earmarked £2 billion to help ISPs to expand their storage capabilities.

Mobile and fixed line operators will be required to process and link the data together to build complete profiles of every UK internet user's online activity. Police and the intelligence services would then access the profiles, which will be stored for 12 months, on a case-by-case basis.

Don't be surprised if even this plan is quietly dropped by the Conservatives after the 2010 election.

A final point - John Reid, the frankly terrifying former Home Secretary, argues in an opinion piece today that communications data is vital to identifying serious criminals. In his short but predictably manipulative piece, he kicks off with a tear-jerker about a murdered 17 year old whose killers were brought to justice by communications data. This, he says, happened in 2007.

So you see, Reid shoots himself in the foot before he's reached the end of his first paragraph, by showing that police then already had adequate access to communications data.

He then comes up with a classic piece of patronising lip service: "Used in the right way, and subject to important safeguards, communications data can play a critical role in keeping us safe."

Presumably, these would be the safeguards that ensured only 36,989,300 pieces of personal information were lost by the government in 2008. As for using it in the right way, it's as if he hadn't heard of the scandal of local authorities using the RIPA legislation to spy on dog fouling and catchment areas.

If we really do need a giant central database, they'll need to do a lot better than this to convince the public.

Facebook moves the goalposts

This week we've heard more rumblings of discontent from Facebook users - they're unhappy that the social networking site has moved the goalposts over the much-hyped "user vote" on changing Facebook's Terms and Conditions.

The story first emerged last February, when Facebook casually mentioned that it had granted itself a licence to all its users' content in perpetuity, even if they deleted their account. Cue a predictable collective wailing and gnashing of teeth from millions of users who, almost by definition, are pretty clued up on the web.

The backlash prompted a partial backdown from Facebook, who attempted to mollify its members by saying that it would agree to drop the proposal if 25 per cent of users voted against.

This week, that threshold has quietly been raised to 30 per cent. What's more, a significant number of Facebook users have been disenfranchised by the decision to allow votes only from those who've used their accounts in the last thirty days.

Simon Davies of Privacy International is so confident that the 30 per cent threshold won't be achieved that he's promised to eat his shorts if he's wrong. (As if there wasn't already a good enough reason to get voting - Ed.)

At the time of writing, 73.11% of respondents have voted against Mark's Terms of Use, but unfortunately "only" 284,473 have voted in total - barely a tenth of one per cent of Facebook's 200 million regular users.

So Zuckerberg is really expecting 60 million users to vote? And isn't he concerned that the respondents, while still so "few", should be so overwhelmingly opposed to his plan?

Here at Data Grub, we're rather disappointed with the preternaturally young Facebook CEO. Changing the rules like this is pretty childish, after all, and we reckon he could do much better.

Zuckerberg really needs to take lessons from a master manipulator, such as the late Saddam Hussein or even the Dear Leader Kim Jong-il himself. We'd love to see the People's Democratic Republic of Facebook announce that 99.8% of members had voted in favour of the rule change, on a 100% turnout.

Read Zuckerberg's plans for Facebook here.

Construction firms to mount the scaffold?

The information commissioner Richard Thomas has come down like a ton of bricks on a group of British builders who allegedly bought secret personal data about potential employees.

Construction companies Balfour Beatty, Sir Robert MacAlpine, Laing O'Rourke and Costain are among those alleged to have bought data about workers' trade union activities from one Kerr, Ian, operator of the shadowy-named "Consultancy Association".

Kerr has apparently spent 15 years amassing an "extensive intelligence database" of thousands of construction workers with details of union activities stretching back to the 1980s. Samples of comments on these workers include: "Poor timekeeper, will cause trouble, strong TU [trade union]"; "Sleeper, should be watched"; and, simply, "Do not touch!".

Workers could not challenge inaccurate information because the information was held without their knowledge or consent.

Richard Thomas says that more than 40 construction companies paid Kerr a retainer of £3,000 a year for his "consultancy services", with a further fixed fee for each worker they wanted checked.

The good news is that officials from the Information Commissioner's Office (ICO) raided Kerr's office and removed the entire contents of the database, as well as invoices - up to a value of £7,500 - from companies in the construction business.

Steve Acheson, an electrician from somewhere north of Watford, believes he was one of the workers on the database, and that this was behind the fact that he's only had 36 weeks' employment in the past nine years. "It affects your character and demeanour," he said. "I'm hoping that because of this brilliant success I'll be able to get my family life back and it will open the doors for me and others to get back to work."

Of course, this is all still sub judice, but the commissioner will be bringing a prosecution against Kerr. We'll keep you posted.

Data Grub is sure that Mr Kerr will be found innocent, because we cannot believe that anyone would be capable of such repugnantly unethical behaviour as robbing people of their livelihoods for personal profit.

(We should point out that some of the construction firms, including Laing O'Rourke and Morgan Est, say that they "inherited" payments to Kerr after they had bought up other constuction companies, and have since ceased paying him. Data Grub.)

IAB's Guide To Good Behaviour

We're pleased to see that the Internet Advertising Bureau (IAB), the trade body for online advertisers, has finally launched its Good Practice Principles for behavioural advertising.

Drawn up in collaboration with companies like Google, Phorm and NebuAd, the IAB's best practice guide is, remarkably, the first set of self-regulatory guidelines to set good practice for companies that use users' online browsing behaviour to target ads that are relevant to individual users' interests.

An accompanying website, http://www.youronlinechoices.co.uk/, will help consumers to understand what online behavioural advertising does and (crucially) doesn't do.

The core of the Principles is formed by three commitments: Notice, where companies that collect online data must inform users that data is being collected; Choice, which says that companies must provide an opt-out; and Education, whereby they must let consumers know exactly how the information is being used and how they can opt out.

And not before time, think we. The debate surrounding online behavioural advertising has for too long been dominated by single-issue campaigners relying on hearsay, misrepresentation and misinformation to argue that behavioural targeting infringes individuals' online privacy.

That's not to say that some developments (not least BT's secret and most-probably illegal trials of Phorm's Webwise technology without users' knowledge or consent) haven't done real damage to the industry in the eyes of the general public.

That's why we welcome the IAB's Good Practice Principles which, as well as advising on best practice approaches to online behavioural targeting, provide consumers with the information they need to make an informed decision about whether they want to take part in any new service.

The Information Commissioner's Office (ICO) have voiced their support, saying that 'a joined-up approach to promoting transparency, choice and education makes good sense.'

Getting the thumbs up from the ICO, who know their stuff, is one thing; changing the public's perception of online behavioural targeting is quite another, especially given the bad press that it's garnered over the last couple of years. Whether or not it succeeds in its aim of educating the public about behavioural targeting, the code of conduct is certainly a step in the right direction for the industry.

Taken along with another piece of recent news, we could be seeing something of a fightback from the targeted ad industry. Last week, Phorm unleashed its lawyers on Which?, which had published a press release highlighting opposition to their service. Nothing very surprising there, except that following the legal intervention, Which? immediately pulled the offending release from its website (though not before the story had been covered in several publications). It seems that some of the information in the release was inaccurate enough to be defamatory; Which? is now "working with Phorm" to correct the release.

If consumer champions and all-round experts Which? can't get its facts right, what hope for your average Internet user? That's one reason, at least, to welcome the IAB's new code of practice.

David's Damascene Conversion

Here at Data Grub we’ve so far held off from writing about ID cards, in part because this long-running saga has been so comprehensively covered in most mainstream media.

But we couldn’t let the Rt Hon David Blunkett get away with Tuesday’s speech at, of all places, Essex University. Blunkett, the original panegyrist of ID cards in this country, used his speech in part to propose scrapping compulsory ID cards.

So, what prompted David’s Damascene conversion, especially given that he’s often expatiated on the benefits of ID cards in his News of the World column and was at one point trousering a decent sum as adviser to Entrust, a company interested in bidding to run the UK card scheme?

Well, let’s not get ahead of ourselves. Blunkett went on to recommend that all UK citizens be required to have a fancy biometric passport which is, in effect, an ID card with a handy notebook attached for shopping lists. (Let’s be honest, when was the last time Bermondsey Bob needed a visa?)

Blunkett proposes that ID cards be voluntary but that biometric passports – which contain exactly the same information and will be linked to exactly the same database – will be compulsory. That way, the government can spin ID cards as a handy “mini-passport” that fits snugly into your wallet.

But even if compulsory passports are merely ID cards in disguise, one wonders what his rational is for jumping horses now, especially given that the current Home Secretary is still keen on the cards. Could it be that he wants the law on the statute books before the Tories’ inevitable election in 2010?

Blunkett and his successors have been trying to get make ID cards mandatory for donkeys’ years, but couldn’t do so until a large proportion of the population started carrying them voluntarily.

That’s clearly not going to happen in the next 12 months; but plenty of people have passports – make them compulsory and you’ve got your ID database system sorted.

Of course, all this completely ignores the question of whether ID cards might not, in fact, be quite a Good Thing after all. In spite of the government’s claims that they will prevent benefit fraud and halt terrorists in their tracks, Data Grub remains to be convinced of their utility.

Should Jacqui Smith decide to take Blunkett’s advice by making passports compulsory, it’ll be interesting to see if she employs the traditional ID card arguments (fraud, terrorism) or if Labour spins it some other way.

Watch this space.

Clayton makes a suggestion

Enough has been written about the House of Lords' report into surveillance in Britain, so today we'll be returning to Microsoft's latest version of Internet Explorer.

We've written previously about IE8's notorious InPrivate function, the sole purpose of which is to keep the wife from knowing about the surprise holiday / present you've bought for her online. According to Microsoft, anyway. Let's face it, they weren't going to dub the function "PornCloaking+" were they?

But still, there's nothing inherently evil about InPrivate.

What does cause concern is IE8's "Suggested Sites" feature, which allows users (in Microsoft's words) to "discover websites you might like based on sites you've visited". By activating the service in your browser, you consent to send various data about your browsing activity to Microsoft. This could include the URLs of visited sites, search terms and form data, as well as information that could potentially identify individuals, such as a user's IP address.

It's the classic trade-off: you agree to give up personal data in return for a service. But since users are fully aware of what data they'll be giving up and are able to give their informed consent to the service, this shouldn't present a privacy problem, should it?

Unfortunately for Microsoft, Suggested Sites has attracted criticism from the esteemed Richard Clayton, the Bill Bryson-lookalike and doyen of Internet privacy campaigners.

Dr Clayton says Microsoft must be clearer about explaining the risks, as well as the potential benefits of the service. He points out that full URL sharing via Suggested Sites poses a privacy and security risk and in particular warns that Microsoft should avoid sharing data submitted by surfers with other users of the service.

The risks hinge upon the fact that Microsoft will get the full URL of the site you visit. In some cases, this is essential - knowing that you visited blogger.com ain't going to help Steve Ballmer to suggest sites, but a visit to blogger.com/animals-do-the-funniest-things will help him to point you in the direction of some cutesy squirrel pics.

But sometimes, a full URL may hold clues to your identity, give permissions to others to access the site, or compromise your privacy or security in some other manner, says Clayton.

It's not so much that a Microsoft employee might one day go rogue and start stealing these sensitive URLs; it's the possibility that Microsoft hands the URL to someone with similar tastes and these users visit the exact places that you go to. "Suddenly all that "security through obscurity", the pious hope that no one could possibly guess that URL, goes up in
smoke," says Clayton.

Dr Clayton is a Cambridge academic and an eminently sensible, if somewhat cautious, voice in a debate which is all too often conducted by shrill, ignorant or ill-informed comentators.

Clayton doesn't want to score cheap points by gratuitously slating Microsoft - he merely points out that they could do better, by minimising the data transfer, and only obtaining longer URLs for the sites, like blogger.com, where it actually matters.

In the meantime, they should honest and transparent about the potential risks.

But Clayton's comments do have a silver lining for Microsoft: he points out that selecting the InPrivate mode automatically disables Suggested Sites, even if users have opted in. So, at least they can claim another alternative use for Pr0n-Mode...

A day for quiet reflection

Yesterday was European Data Protection Day; this blog held a one day's silence as a gesture of respect to the millions of pieces of personal and sensitive data that have been lost in the last year.

Across the continent people gathered in their hundreds of thousands, coming together in their workplaces, in their communities, in the fields, in the hills and in the streets, to mark this most solemn and momentous day of data.

I need not tell you what an emotional day it was for us all.

Some of us may have brushed aside manly tears as we reflected on the 182 per cent rise in card cloning and phishing in the second quarter of 2008 compared with the same period in 2007; others may have stifled their sobs over the $2.8bn cost of phishing attacks; still more wept -openly and without shame - for the 44 per cent of small businesses that have fallen victims to identity fraud through phishing, internet scams and data theft.

But all were united in their fervent hope that 2009 finally marks the year when the UK's government pulls its bloody finger out and puts a stop to departments' haemorrhaging of our personal and sensitive data.

Fat chance...

A load of nonce-sense

If the first law of marketing is that sex sells, the first rule of tabloid journalism is that paedos shift papers.

Things may have quietened down a bit since the 2000 moral panic, when the News of the World whipped up a hysterical mob of mouth-breathing simpletons into an orgy of vigilante violence, but tabloid editors still know that their barely-literate readers love a good “hate” almost as much as a new Lizzy Duke sovereign ring.

So it’s no surprise to see yet another paedo story in today’s Sun, with the baffling headline: “Internet pervert charges rap”. In a nutshell, the story concerns comments made by the chief executive of the Child Exploitation and Online Protection (CEOP) Centre which "slammed" (criticised) Internet Services Providers (ISPs) for charging child abuse investigators to access their data.

The way that the Sun spins it, cynical ISPs are making an easy profit from the authorities hunting down Britain's biggest nonces. Naturally, the Sun is sympathetic to CEOP’s chief executive, Jim Gamble, who believes that ISPs should waive these charges in the public interest.

Balance has never been the Sun’s strongest suit. If it were, they would have pointed out that under the Regulation of Investigatory Powers Act (RIPA) ISPs are entitled to charge the police for reasonable costs for data retrieval and that in the last four years, the Government has paid ISPs and telcos £19m for its agencies’ growing demands for access to communications data. This information was obviously deemed by the Sun to be of no interest to its audience, even to its more intellectual readers who don’t need to use their index fingers to read a newspaper.

Interestingly, CEOP’s share of this £19m amounts to around £170,000 – less than one per cent of the total paid to ISPs. With CEOP having made just shy of 10,000 requests, the average cost of each request works out at less than £18.

Why, then, is the Sun focused purely on paedophile investigators, when all regular police forces and government agencies are charged, fairly and under UK law, for using ISPs’ time and resources?

As Malcolm Hutty, policy chief at the London Internet Exchange (Linx) points out, "Regular police forces investigate extremely serious crimes using communications data, including murder, rape and kidnapping, and they believe they are better served by cost recovery. We don't believe that the situation becomes different for child abuse cases merely because they are investigated by a specialist national unit."

But here we come to the second law of tabloid journalism: never let the facts get in the way of a good story.

The DNA of the UK Constitution

The European Union really makes my blood boil. If they’re not telling us what shape our bananas should be, they’re ordering our grocers to sell potatoes by the metre. Now, in the latest piece of politically correct European legislation, convicted paedophiles will be allowed to keep a pale 8 year old boy in their cells, after the European Court of Justice ruled that this was a fundamental “Yuman Rite”.* You couldn’t make it up.† We’re literally going to hell in a handcart.

Or so you’d believe if you had access to no other media than the Daily Mail. But even readers of what Alan Partridge described as “arguably the best newspaper in the world” surely can’t complain about a recent judgement from the European Court of Human Rights (ECHR) which ruled that it is illegal to retain DNA profiles and fingerprints of people who have never been convicted of a crime.

The case was brought by two men from Sheffield whose DNA was taken after they were arrested on two separate and unrelated charges; one case involving alleged harassment was dropped, while the other man was acquitted of attempted robbery. Yet in spite of their innocence, these two men’s DNA and prints are still on a national criminal database, along with 570,000 other profiles of innocent individuals (some sources, notably today’s Guardian, say 850,000).

In reaction to the ruling the Home Secretary, Jacqui Smith, said that while she was “disappointed” (shouldn’t that be “disappointing”? Ed.), the existing law would remain in place “while we carefully consider the judgement.”

Well Jacqui, consider this. Presumption of innocence is an inseparable part of this country’s DNA, stretching back at least to Magna Carta. The principle of ei incumbit probatio qui dicit, non qui negat (that the burden of proof rests on whom asserts and not on whom denies, for those of you with a state education) is a fundamental foundation of our entire legal system which, in spite of frequent criticisms, remains one of the best in the world.

Ms Smith argues that DNA and fingerprinting is vital in the fight against crime, and claims that it provides the police with more than 3,500 matches a month. But Jacqui, we’re going to let you into a little secret. You know that statue of Justice on top of the Old Bailey? What’s that she’s holding in her left hand? That’s right – scales! And do you know what that represents, Jacqui?
Yes, it’s balance! And that’s what justice is all about – balance.

Taking the Home Secretary’s comments at face value, we should take the prints and DNA of every British child at birth; then we’d have a nice big database of everyone’s details. But that wouldn’t play very well with the public, would it, so how about taking young people’s DNA the moment they turn 16 – what could be objectionable about that?

Merely the fact that it criminalises the innocent and robs us of a fundamental principle of our centuries-old legal system.

The EU can often be a ponderous, calciferous and obtuse organisation, but we should applaud it when it makes the right decisions. Well done.

* Probably.
† Well, actually you could.

Gut feeling

In spite of our previous post about the NHS, this blog is concerned primarily with data in general, and the impact of technology on personal information in particular.

So, at the risk of appearing to stray off topic, we’ll start today with Gordon Brown’s plan to liberalise the UK’s rules on organ donation. The prime minister wants everyone in the UK to be automatically included in the organ donor register under a system of “presumed consent”. Anyone who objects to having their kidneys re-used after their death would have to opt out of the system.

The thorny issue of organ donation provokes visceral (sorry) reactions in most, if not all, of the population: some see it as inherently selfish not to let others use your lights after you’re dead; others see it as yet another example of the creeping nanny state robbing citizens of jurisdiction over their own bodies.

There are, of course, powerful arguments both for and against presumed consent, and it’s beyond the remit of this blog either to defend or denounce Gordon’s plan.

But the principle of consent, and specifically the opt-in / opt-out debate, sits at the very heart of the continuing debate about the protection of our personal data, especially on the web.

Should services that use our personal data be opt-in or opt-out? Most people would instantly and decisively declare that any Internet service which collects, processes, uses or stores our personal data should naturally be opt-in.

We strongly disagree.

Regular readers will know that this blog tries to champion people’s right to privacy, whether online of offline, so there might be some who are surprised that we feel so strongly against the opt-in model. After all, shouldn’t we have to give our express permission, based on thorough information, before allowing others access to our private lives?

Ah, but indeed; and therein lies the problem.

Every time we tick the checkbox accepting terms and conditions – be it for a website, a new online service, or to set up an email account – we are giving our consent to everything in the small print.

When was the last time you read through a website’s Ts&Cs? In fact, have you ever done so? Do you know what you consented to when you signed up to watch YouTube or set up a Google Mail account? No, but you checked the box without thinking, just because you were impatient to get on with it.

And that’s where the danger of opt-in lies. Irresponsible sites – unlike YouTube and Google Mail – can use the opt-in mechanism to obtain people’s explicit consent for any number of nefarious activities by slipping new services into their terms and conditions, knowing that the vast majority of people will blithely tick the box without reading them.

Much better, then, to obtained people’s informed consent before they sign up – let them know exactly what they’re consenting to by having an unavoidable notice, explaining any changes to service, on the log-in page.

No reasonable person can argue that it should be easy as possible for people to see what they’re signing up to; yet most campaigners on this issue seem still to be in thrall to the sanctity of opt-in, which makes it so easy for people to bury nasty surprises in the Ts&Cs.

This visibility, this informing of stakeholders, is what’s lacking from the prime minister’s plans for presumed consent. While presumed consent is fair to the educated, literate and informed, it ignores the much greater majority of people who are not au courant and thus are in no position to give informed consent to organ donation.

Two cheers for the NHS

Of all the categories of sensitive data, it is information about our health and our medical histories that is perhaps the most personal and private.

For example, you wouldn’t want a stranger – or worse, a colleague – knowing that you’re being prescribed Anusol Ultra for your chalfonts, would you? Nor would you want your boss to know about the methadone prescription, or your mother to know about your latest suicide attempt. Unless, of course, it was a cry for help.

But even if it contains nothing as dramatic as an overdose, we tend to guard our medical history very jealously.

So it may come as a shock to learn that not only has the NHS amassed a central database of around one billion confidential records of patient visits to hospital, it is routinely sending some of these records to an academic organisation outside the NHS. These records contain personally identifiable information, such as postcodes and NHS numbers, as well as medical information, including diagnoses and any treatment given.

Now, a certain breed of querulous privacy advocate will start whining the moment they hear the words “giant database” in conjunction with “confidential data”. Not so data grub: we understand that there are often the very best reasons for aggregating personal data, as long as stringent measures are in place to ensure absolute confidentiality.

In this case, the aim is to use this vast resource of information to improve the NHS’s service and treatment outcomes, which I think we can agree is a Good Thing.

The other good news is that both the NHS and the academic organisation that uses this data, the inanely-titled Dr Foster Unit, seem to have taken decent precautions to protect patients. All data is held on encrypted discs and is sent by secure courier, which is a pretty good start. Then, at the Dr Foster Unit, the data is kept in secure offices, on disc-less workstations which have no link to the Internet.

While this compares pretty favourably with the cavalier approach towards data security shown by other public sector bodies, among them the Ministry of Justice, the MoD and the Department for Work and Pensions, it’s certainly far from perfect.

Our main gripe is that personally identifiable information (PII) is contained within the data that’s being sent out of the NHS. While PII such as postcodes may be vital for making distinctions between different areas of a town or the country, surely the NHS should secure people’s informed consent if they are to use their data in this way?

So, two cheers for the NHS and the Dr Foster Unit for at least trying to apply best practice to the use of sensitive data. But, as we asked at the beginning, why should anyone other than one’s doctor be able to look at your confidential medical history, even if it’s just some academic at Imperial College?

Now, if they anonymised this PII irreversibly, ensuring that records cannot be traced to an individual, while at the same time remaining useful to the bean counters (all perfectly possible with today’s technology), well – that would be just what the doctor ordered.

We’re big fans of Richard Thomas here at data grub.

Mr Thomas, as any fule kno, is the UK’s Information Commissioner and head of the Information Commissioner’s Office. They’re the independent regulatory office dealing with all sorts of privacy legislation like the Data Protection Act, the Freedom of Information Act and many others too numerable and mind-numbing to mention.
Put succinctly, Mr Thomas and his team are there to prevent the creeping threat of a Big Brother state, and also to stop any attempt by private companies to read our emails, share our data or plant transponders in our brains constantly reminding us that Sud-U-Like Washes Even Whiter.

It’s a pretty thankless task, but one that he and his team have been doing pretty bloody well, at least in my opinion. They’re not afraid to stand up for citizens’ privacy when it’s genuinely threatened by big business or big government, while at the same time ever-ready to slap down spurious, misinformed petitions from bleating, single issue, self-important “privacy experts”. (I think you’ll know whom I’m referring to, Alex...)
So even though the latest utterance to pass the Commissioner’s lips could have come from the Department of Bleeding Obvious, at least it’s being said by someone whose words carry weight.

In a speech yesterday Mr Thomas warned that the proliferation of ever larger centralised databases is increasing the risk of people’s personal data being lost or abused.
He also drew attention to bears’ predilection for sylvan defecation and raised questions about the Pope’s commitment to Islam.

But sometimes you do need to state the obvious, loudly and often. This is one such time.
Because on Tuesday, Jacqui Smith was forced to admit that the Government will soon begin technical work on its giant database of all email, text, phone and web traffic – even though the legislation has yet to be passed by Parliament.

Of course, the present Government is completely contemptuous of Parliament and will go ahead with its plans whatever Richard Thomas, or anyone else, says.

Which is a shame, because much of Mr Thomas’ speech was given over to a report on how reported data losses have soared in the past year. The number of data breaches - including lost laptops and memory sticks containing sensitive personal records - reported to him has risen to 277 since the loss of 25 million child benefit records was disclosed nearly a year ago.

The new figures show that the information commissioner has recently launched investigations into 30 of the most serious cases. The 277 breaches include 80 reported by the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector.

Mr Thomas pointed out that as new technology is harnessed to collect vast amounts of personal information, the risks of it being abused increase: "It is time for the penny to drop,” he said. “The more databases that are set up and the more information exchanged from one place to another, the greater the risk of something going wrong.”

"The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made."

It is not difficult to grasp this concept, Jacqui. It is a simple, elegantly expressed and indisputable fact. But why listen to boring old Richard Thomas?

Sir Ken Macdonald, the director of public prosecution (DPP), speaking after Smith’s admission, weighted in to warn that the government was in danger of “breaking the back of freedom” with the relentless pressure of a security state.

But I think Richard Thomas’ point is the stronger – if we can’t trust the government with our private data now, how the hell are we supposed to trust it when it holds details of all electronic communications in the UK?

Doubting Thomas?

We’re big fans of Richard Thomas here at data grub.

Mr Thomas, as any fule kno, is the UK’s Information Commissioner and head of the Information Commissioner’s Office. They’re the independent regulatory office dealing with all sorts of privacy legislation like the Data Protection Act, the Freedom of Information Act and many others too numerable and mind-numbing to mention.


Put succinctly, Mr Thomas and his team are there to prevent the creeping threat of a Big Brother state, and also to stop any attempt by private companies to read our emails, share our data or plant transponders in our brains that constantly remind us that Sud-U-Like Washes Even Whiter.

It’s a pretty thankless task, but one that he and his team have been doing pretty bloody well, at least in my opinion. They’re not afraid to stand up for citizens’ privacy when it’s genuinely threatened by big business or big government, while at the same time ever-ready to slap down spurious, misinformed petitions from bleating, single issue, self-important “privacy experts”. (I think you’ll know whom I’m referring to, Alex…)


So even though the latest utterance to pass the Commissioner’s lips could have come from the Department of The Bleeding Obvious, at least it’s being said by someone whose words carry weight.

In a speech yesterday Mr Thomas warned that the proliferation of ever larger centralised databases is increasing the risk of people’s personal data being lost or abused.


He also drew attention to bears’ predilection for sylvan defecation and raised questions about the Pope’s dedication to Islam.

But sometimes you do need to state the obvious, loudly and often. This is one such time.


Because on Tuesday, Jacqui Smith was forced to admit that the Government will soon begin technical work on its giant database of all email, text, phone and web traffic – even though the legislation has yet to be passed by Parliament.

Of course, the present Government is completely contemptuous of Parliament and will go ahead with its plans whatever Richard Thomas, or anyone else, says.

Which is a shame, because much of Mr Thomas’ speech was given over to a report on how reported data losses have soared in the past year. The number of data breaches - including lost laptops and memory sticks containing sensitive personal records - reported to him has risen to 277 since the loss of 25 million child benefit records was disclosed nearly a year ago.

The new figures show that the information commissioner has recently launched investigations into 30 of the most serious cases. The 277 breaches include 80 reported by the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector.

Mr Thomas pointed out that as new technology is harnessed to collect vast amounts of personal information, the risks of it being abused increase: “It is time for the penny to drop,” he said. “The more databases that are set up and the more information exchanged from one place to another, the greater the risk of something going wrong.”

“The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made.”

It is not difficult to grasp this concept, Jacqui. It is a simple, elegantly expressed and indisputable fact. But why listen to boring old Richard Thomas?

Sir Ken Macdonald, the director of public prosecution (DPP), speaking after Smith’s admission, weighed in to warn that the government was in danger of “breaking the back of freedom” with the relentless pressure of a security state.

But I think Richard Thomas’ point is the stronger – if we can’t trust the government with our private data now, how the hell are we supposed to trust it when it holds details of all electronic communications in the UK?


By the way, have a look at http://www.guardian.co.uk/technology/2008/oct/29/data-security-breach-civil-liberty for Thomas’ table on this year’s data breaches.


Ta ta for now, data chums!

A guest editor writes…

I’m delighted to announce that this week we have a guest editor, a Ms H.W. from somewhere in the South East. You’ll immediately notice the balance, reasoned argument and tolerance of other nationalities that has, until now, been so clearly absent from this blog. So, without further ado, I give you Ms H.W.:

A German Court has given permission for website operators to store internet protocol (IP) addresses of their visitors, claiming it does not violate data protection legislation. Surely not? I hear you cry. Yet they say that without additional information IP addresses can’t be classified as personal data because they cannot be easily obtained and used to determine a person’s identity. Note they said data cannot be easily attained therefore it is in fact still possible. The court in Munich did present a good case by ruling that ISPs could not present information to third parties regarding who had been using a certain IP address at a particular time without a court order.

The German court ruling is in fact consistent with the advice issued by the UK’s Information Commissioner last year. However, this did point out that IP addresses could constitute personally identifiable information (PII). This has resulted in people including The Article 29 Working Party (a reference to the 29th article of the European Directive concerning the protection of EU citizens’ personal data) to argue that if it could become personal data it should be treated this way regardless.

As a nation we put a certain amount of our trust in online actors including behavioural targeting firms, internet service providers and search engines, to use our data correctly and appropriately. The big question is: does using this data breach our privacy laws? The German court obviously thinks not.

I wonder if Pythias Brown, 48, from New Jersey agrees. He used to be a baggage screener at an airport and in charge of people’s property. He admitted to stealing regularly from his workplace and selling the stolen items on eBay using the handle “alirla”. Brown was found by investigators who tracked down this alirla account using Brown’s IP address for his home computer. This case provides a great argument against the claim that IP addresses cannot be counted and used as personal data. It would appear privacy here has most certainly been invaded.