Privacy Roundup #0002 • September 2006
September 2006 was dominated by the Hewlett-Packard pretexting scandal, alongside a Facebook backlash, fresh demands for data retention, and a steady drip of surveillance and breach stories.
1. Feds investigate the HP way
Federal and state authorities opened inquiries into Hewlett-Packard after the firm hired investigators who used pretexting to obtain the private phone records of board members and journalists. The FBI, a House committee, the SEC, and the US Attorney General all began examining how the boardroom leak hunt was conducted.
2. HP's CEO says sorry as Patricia Dunn steps down
Chief executive Mark Hurd held a press conference to announce the resignation of chairman Patricia Dunn over the spying affair, telling reporters he was sorry the matter had come to light. The investigation had reached into the communications of directors, employees, and members of the press.
3. HP routinely used email tracking on a reporter
Congressional hearings revealed that Hewlett-Packard had used the ReadNotify email tracing service to plant a hidden web bug in a message sent to a journalist. The aim was to capture the reporter's IP address and expose the source of leaked board-level information.
4. Verizon sues the data brokers behind the HP probe
Verizon filed suit against twenty unnamed data brokers in a New Jersey court, accusing them of fraudulently obtaining customer phone logs to assist Hewlett-Packard's leak investigation. The action came as Patricia Dunn's lawyer disputed the accuracy of HP's regulatory account of the affair.
5. Users protest over 'creepy' Facebook update
Facebook launched its News Feed and Mini-Feed features, which broadcast members' activities to their friends without warning, prompting an immediate outcry. More than half a million users signed a petition condemning the change as stalker-like and demanding controls over what was shared.
6. US violated the world's privacy with secret SWIFT checks
Belgium's data protection authority ruled that the SWIFT banking network had broken Belgian law by handing financial records to a secret US terrorist finance tracking programme. The covert arrangement had exposed transactions from thousands of institutions to American scrutiny without proper safeguards.
7. Shops must use RFID with care, says watchdog
The Information Commissioner's Office issued guidance requiring retailers to tell shoppers when goods carried radio frequency identification tags and to explain how those tags could be removed. The advice sought to keep the spread of in-store tracking technology within data protection rules.
8. Gonzales calls for ISP data retention laws
US Attorney General Alberto Gonzales pressed Congress for legislation forcing telecoms firms and internet providers to keep logs of customer activity for the benefit of law enforcement. He framed the demand around the prosecution of child abusers, though critics warned of broader surveillance.
9. Law chief wants wiretap evidence in court
UK Attorney General Lord Goldsmith renewed his campaign to make intercepted communications admissible as evidence in British trials after meeting American officials. The push coincided with the arrest of twenty Italian police and security chiefs accused of abusing wiretap powers.
10. Super cops seek fixed link to town centre CCTV
The Serious Organised Crime Agency sought permanent access to Manchester's network of around 850 town centre cameras through a new wireless link. The arrangement would let officers tap any camera at will rather than rely on costly dedicated fibre.
11. Google developing eavesdropping software
Google disclosed work on audio fingerprinting software that would use a computer microphone to identify the television or music playing nearby. The system would then serve advertisements matched to whatever the machine had overheard in the room.
12. Microsoft sues British spammer over Hotmail abuse
Microsoft won a court order against British spammer Paul Fox, who was told to pay forty-five thousand pounds for running a high-volume pornographic spam campaign through Hotmail. The company pursued the case as a breach of its service terms rather than under the limited anti-spam regulations.
13. Terrorism no excuse for privacy breaches, says EU regulator
European Data Protection Supervisor Peter Hustinx argued that the fight against terrorism could not justify hollowing out privacy protections. He maintained that existing law already gave investigators the means to act against genuine threats.
14. Germany proposes hacker law update
The German government put forward an overhaul of its computer crime laws that would criminalise denial of service attacks and unauthorised access to personal data. The proposal raised maximum penalties to ten years in prison for the most serious offences.
15. People prefer iPods to biometric passports
A survey for the Identity and Passport Service found that young adults were far more likely to know where their music player sat than their passport. The result deepened official worries about public engagement with the coming biometric travel documents.
16. Trojan targets zero-day Word flaw
Attackers exploited an unpatched flaw in Microsoft Word using a Trojan known as MDropper-Q to plant malware on victims' machines. The payload opened a backdoor that handed remote control of the infected computer to intruders.
17. Warcraft gamers locked out after Trojan attack
A keylogging Trojan spread through fake gaming advice sites and in-game messages to steal World of Warcraft credentials. Many players found their accounts hijacked and locked while their subscriptions continued to be billed.
18. UK banking websites' security slammed
Researchers at Heise Security found that several major British bank websites were open to frame spoofing attacks that could be used to mount convincing phishing scams. Some banks, including NatWest, moved to patch their sites after the weakness was disclosed.
19. Anti-spam crusaders slapped with $11.7m judgement
An Illinois court ordered the British anti-spam group Spamhaus to pay 11.7 million dollars for blacklisting the marketing firm e360insight. Spamhaus rejected the ruling and argued that an American court had no power to enforce it against a UK body.
20. Dutch TV hounds Google Earth topless sunbather
A Dutch woman was caught sunbathing by Google Earth satellite imagery, and broadcasters then traced her home and turned up to interview her. The episode showed how freely available aerial photography could strip away privacy in supposedly private spaces.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: