Privacy Roundup #0001 • August 2006
August 2006 was dominated by AOL's reckless release of search logs, fresh proof that biometric passports could be cloned, and a steady drumbeat of lost laptops and expanding state surveillance.
1. AOL publishes database of users' intentions
AOL Research posted more than ten million search queries from over 650,000 supposedly anonymous users on a public website. The records were trivial to de-anonymise, exposing the private fears, habits and identities of ordinary people.
2. AOL apologises over search data screw-up
AOL conceded that the release was a blunder that ought to have been halted the moment anyone reviewed it. The company pulled the logs offline, but by then they had been copied and mirrored across the internet.
3. Google vows to keep hoarding search queries
In the wake of the AOL débâcle, Google made plain that it had no intention of deleting its own store of search logs. Critics pressed for a zero-retention rule, arguing that data which is never kept can never be leaked or subpoenaed.
4. Amazon plans world's biggest personal data stash
A patent application revealed Amazon's design for a vast database linking shoppers to their incomes, religions, races and sexual orientations. The filing alarmed privacy campaigners already rattled by the week's run of leaks.
5. How to clone the copy-friendly biometric passport
Security researcher Lukas Grunwald showed that the RFID chip in a new biometric passport could be read and copied onto a blank chip using off-the-shelf kit. The demonstration undercut official assurances about the safety of the design.
6. US starts issuing RFID passports
The US State Department began handing out passports fitted with radio chips despite known risks that the documents could be read at a distance or duplicated. Officials leaned on shielding foil and access controls to dismiss the concerns.
7. Three quizzed in Royal phone tap probe
Police arrested three men, including a News of the World journalist, over the interception of voicemails belonging to staff at Clarence House. The inquiry pointed to repeated breaches of phone networks affecting public figures over a long period.
8. Two teens charged over VA laptop theft
Police charged two Maryland teenagers over the burglary that lost a Veterans Affairs laptop holding records on 26.5 million people. Investigators believed the theft was random and that the sensitive data had not been touched.
9. Florida laptop loss sparks ID theft fears
A laptop stolen from a Florida transport worker's car exposed the personal details of roughly 133,000 residents. Encryption had been stripped from the machine during a network upgrade, leaving social security and licence numbers in the clear.
10. Brit bank details for sale in Lagos
Account records belonging to thousands of British citizens were found on sale in Nigeria for about twenty pounds a set. The data had been recovered from poorly wiped hard drives shipped abroad for recycling.
11. Taxman wants power to fingerprint suspects
HM Revenue and Customs sought new authority to fingerprint and charge suspects and to obtain search warrants more easily. The department wanted police-style powers applied uniformly across all of its investigations.
12. Bigger, dafter, creepier: Gordon Brown's ID scheme rescue plan
A proposal from Gordon Brown's team would have wired the national identity card into shop tills and bank transactions. The author warned that this would build a pervasive surveillance machine while ducking serious technical and practical questions.
13. Home Office accused of spoiling critical ID report
The Home Office published its industry consultation on identity cards just before a damning independent committee report was due. Suppliers complained of vague requirements, unproven biometrics and echoes of earlier failed government IT projects.
14. Information Commissioner fines accountant
The Information Commissioner secured fines against a Leeds accountancy firm and three of its staff for failing to register under the Data Protection Act. The watchdog had chased the company for two years before taking it to court.
15. EU may be powerless to stop US snooping
European regulators struggled to find legal grounds to block American access to financial data held by the Belgian payments firm Swift. The case exposed how far US terrorism investigations could reach into European records.
16. Data proposal prompts legal warning
Lawyers warned that a UK plan to let officials share personal data by default could breach human rights law. The proposal would have reversed the existing duty to justify each act of sharing, alarming the Information Commissioner.
17. Skype malware scam targets Turkey
Fraudsters sent Turkish-language emails posing as Skype invitations that led to a password-stealing trojan. The campaign showed how attackers were tailoring their lures to specific languages and audiences.
18. Movie download service faces spyware lawsuit
Washington State sued Movieland and its associates for bombarding users with pop-ups that could not be closed until they paid up. The case was one of the first brought under the state's new anti-spyware statute.
19. Thai police crack credit card wiretap scam
Thai police broke up a Phuket gang that intercepted card data in transit between merchants and banks. The stolen details were smuggled abroad on music players, cloned, and used to defraud some 48,000 victims.
20. Michigan sues spammers over emails to children
Michigan's attorney general sued two firms for sending gambling and alcohol adverts to children listed on the state's protection registry. Each company faced fines of up to ten thousand dollars for the breach.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: