Privacy Roundup #0007 • February 2007
February 2007 saw the TJX card breach balloon, British anger at vehicle tracking surge past a million signatures, and fresh doubts cast over Vista, biometric passports and lost government discs.
1. TJX security breach fears grow
TJX admitted that the intrusion into its card processing systems reached back further than first thought, as far as July 2005, and that driving licence numbers and addresses had been taken. The retailer could not yet say how many customers across its American, Canadian and British shops were affected, in what would become the largest card breach disclosed to that date.
2. Nationwide fined £980,000 over stolen laptop
The Financial Services Authority fined Nationwide Building Society almost a million pounds after a laptop holding details on eleven million customers was stolen from an employee's home. The society had failed to control which sensitive information could be copied onto portable machines, and the laptop was never recovered.
3. FSA has power to order data breach disclosure
The Financial Services Authority said it already held the power to compel regulated firms to tell customers at once when their data had been exposed. The statement, made in the wake of the Nationwide fine, fuelled calls for Britain to adopt a Californian-style law requiring firms to publicise serious breaches.
4. ID theft fears as VA loses another hard disc
The US Department of Veterans Affairs reported that an external hard drive holding the personal data of around 48,000 veterans had gone missing from an Alabama medical centre. About 20,000 of the records were unencrypted, and the department offered a year of free credit monitoring to those at risk.
5. Replace your broken biometric passport? Just say no...
Britain's biometric passport rollout drew sharp scrutiny over chips warranted for only two years against a ten-year document, and over unsettled liabilities with the manufacturer. Border readers remained incomplete, facial recognition proved unreliable, and planned fingerprint upgrades would need larger chips the current scheme could not hold.
6. Million-busting road pricing petition draws UK.gov shrug
More than 1.15 million people signed a petition on the government website opposing planned vehicle tracking and per-mile road charging. Transport Secretary Douglas Alexander brushed aside the protest with a vague promise of debate, triggering criticism even from inside government over the handling.
7. Blair ready to spam Britain
Tony Blair prepared to email roughly 1.4 million citizens who had signed the road pricing petition, defending the scheme as cheaper for most drivers. Critics warned that the prospect of round-the-clock vehicle tracking would outweigh the Prime Minister's reassurances.
8. Road pricing - Blair's shock 'privacy guarantee'
Blair pledged that any road pricing technology would carry definite guarantees about privacy and that the government would not hold records of where vehicles had been. The promise was picked apart for its loopholes, since private contractors would still hold the data and security services could reach it regardless.
9. Academic turns up volume on CCTV Bill proposal
A University of Reading researcher proposed a regulatory framework for CCTV, warning that rapidly evolving surveillance technology could be abused without proper oversight. The paper argued that existing British laws failed to protect people from being watched or from inaccurate data shadows with damaging real-world consequences.
10. German police Trojan tactics verboten
Germany's Federal Court of Justice ruled that police could not secretly plant Trojan software on suspects' computers to search them without explicit legal authority. The Interior Minister signalled that he would seek fresh legislation to legalise such covert online searches in terrorism cases.
11. US surveillance of soldiers' blogs sparks lawsuit
The Electronic Frontier Foundation sued the US Department of Defense for refusing to disclose how the Army Web Risk Assessment Cell monitored hundreds of thousands of websites each month. The group argued that troops should be free to blog their views on the Iraq war without covert government surveillance or censorship.
12. Congress pushes (again) for ISP data retention
Lawmakers in Washington reintroduced bills that would force internet service providers to retain records of their users' activity for law enforcement to mine. Critics warned that the Attorney General could be handed sweeping power to demand indefinite retention reaching well beyond subscriber names and addresses.
13. Imperfect Storm aids spammers
The Storm worm, spread through emails disguised as storm news, had infected thousands of machines to pump out spam and to attack anti-spam sites such as StockPatrol. Researchers warned that its peer-to-peer botnet design and feuds between rival spam gangs marked a worrying turn in online crime.
14. Security watchers lambast Vista
Security firms wasted no time challenging Microsoft's claim that Windows Vista was its most secure release yet. Kaspersky found shortcomings in User Account Control, PatchGuard and Internet Explorer 7, while several anti-virus products, including Microsoft's own, failed certification testing.
15. Vista security overview: too little too late
A detailed review argued that Vista's defences, such as protected-mode Internet Explorer and User Account Control, fell short because of weak implementation and Microsoft's habit of leaving users with administrator rights. The article also flagged fresh privacy hazards, noting that Vista buried browsing traces in new and unexpected places.
16. IE ripe for attack, despite Microsoft claims
An IBM Internet Security Systems report concluded that Internet Explorer would remain Windows' weak point even with Vista's hardening. The growing trade in ready-made exploits meant browser attacks were set to keep rising through the year.
17. Simon says: let me hack your Vista PC
Researchers showed that Vista's speech recognition could be coaxed into obeying spoken commands hidden in audio files, deleting files or opening websites on an unattended machine. Microsoft played down the threat, but the SANS Internet Storm Centre disputed its reassurances.
18. Gates: protect Windows Vista users with IP
In his final RSA Conference keynote, Bill Gates argued that technology alone could not keep Vista and Office users safe and pressed for IPv6, IPsec and smart cards over passwords. He also unveiled Microsoft's CardSpace work and a collaboration with the OpenID initiative aimed at thwarting phishing.
19. Vista encryption 'no threat' to computer forensics
Microsoft firmly denied suggestions that its BitLocker disc encryption contained a backdoor for law enforcement. A forensics firm that had worked on BitLocker said investigators could still capture data from a running Vista machine and should learn to seize USB keys alongside the computers.
20. Norwegian regulator gives Steve Jobs cool response
Norway's Consumer Council gave a sceptical welcome to Steve Jobs' open letter calling for an end to music digital rights management. It rejected his attempt to shift blame onto the record labels, insisting that iTunes remained answerable to Norwegian consumers and faced a March deadline to address their concerns.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: