Privacy Roundup #0012 • July 2007
July 2007 was dominated by the fight over how long search engines and phone companies may hoard our records, while spammers and ransomware crews sharpened their tools.
1. Banks want SWIFT data pulled out of the United States
Central banks in China and Russia joined private firms in demanding that the SWIFT payments network move European transaction records off American servers. The pressure followed rulings that the secret handover of the data to United States counter-terrorism investigators had broken European data protection law.
2. London NHS paper reveals plans to share patient data
A leaked document exposed plans for extensive sharing of personal records between the London NHS, social services, education and the police. The proposal alarmed campaigners who doubted that the promised privacy safeguards would survive contact with so many agencies.
3. Fidelity employee steals 2.3 million consumer records
A senior database administrator at a Fidelity subsidiary removed and sold the personal details of some 2.3 million customers to a data broker. The haul included bank account numbers and card details, which the firm insisted was an inside betrayal rather than an outside breach.
4. Judge knocks back New York Times wiretap suit
A federal judge dismissed the newspaper's freedom of information bid for records on the National Security Agency's warrantless surveillance programme. The court held that disclosing the documents would reveal intelligence sources and methods, so the secret wiretapping stayed secret.
5. Google says its data retention is not the watchdogs' business
Google's global privacy chief told European officials that how long the company keeps search queries is a security matter outside their remit. The remark hardened the standoff with the Article 29 Working Party over the firm's plan to hold log data for many months.
6. Interpol chief slams UK on terror database cooperation
Interpol's secretary general attacked British border officials for barely consulting his database of suspected international terrorists. He noted that France ran hundreds of thousands of checks a month against the list while the United Kingdom managed only a handful.
7. Privacy core to ID success, ICO warns
The assistant information commissioner told an identity management conference that data protection had to be designed into systems from the start. Bolting privacy on as an afterthought, he warned, would forfeit the public trust on which any identity scheme depended.
8. Police to get helmet cameras nationwide
The Home Office announced a national rollout of body-worn cameras for officers after a year-long trial in Plymouth. Supporters pointed to better evidence and fewer assaults, while critics saw another step in the steady spread of routine surveillance.
9. Italian police net 26 in phishing takedown
An operation dubbed Phish and Chip rounded up twenty-six people accused of looting the online banking customers of the Italian post office. Investigators seized laptops, forged documents and the kit used to manufacture counterfeit payment cards.
10. Congress sniffing Google-DoubleClick deal
Both houses of Congress lined up hearings into Google's proposed 3.1 billion dollar purchase of the advertising network DoubleClick. Lawmakers warned that merging the two firms' tracking troves could have an enormous impact on consumer privacy.
11. Government systems pressed into service to power phishing
Symantec found fraudulent login pages hidden on official sites run by the governments of Thailand, Indonesia, Argentina and others. The discovery punctured the idea that state web servers were any safer than the rest, since attackers slipped in through unpatched interfaces and forgotten back doors.
12. The return of the ransom-ware Trojan
A fresh strain known as Gpcode-AI encrypted files on infected machines and demanded payment for the keys to unlock them. The malware also carried key-logging code built to lift bank and card details, so the extortion came with theft attached.
13. Japanese P2P leak gets a police officer fired
A Tokyo police officer was sacked after the Winny file-sharing program spilled some 6,600 confidential documents from his work computer. The leak exposed interrogation reports, victim statements and personal information on around 12,000 people.
14. Spammers dump images and switch to PDF files
As filters grew better at catching picture-based junk mail, spammers moved their pitches into PDF attachments instead. MessageLabs reckoned that a large share of all spam now arrived as documents that corporate mail systems were obliged to let through.
15. Microsoft and Yahoo! trumpet anti-Google privacy policies
Microsoft promised to make search records anonymous after eighteen months and Yahoo after thirteen, each casting itself as the privacy-minded alternative to Google. Both firms called for an industry-wide standard, hoping to profit from the furore around their larger rival.
16. Becta gives schools biometric data guidance
The government technology agency issued guidance telling schools how to run fingerprint and biometric systems within data protection law. It urged them to involve parents, offer opt-outs such as smartcards, and destroy the data once a pupil leaves.
17. MySpace erases 29,000 sex offenders
MySpace said it had detected and deleted 29,000 registered sex offenders from its network, far above the 7,000 it had reported only two months earlier. The figure fed the wider row over how social networks verify who their users really are.
18. FBI asks Congress for phone record slush fund
The bureau sought 5.3 million dollars to pay telecoms firms for customer phone and email records and to build a central collection centre for agents. Critics cast it as the legal coda to the controversial domestic spying programme, available on nothing more than a national security letter.
19. EC cuts replacement deal with US on passenger data
The European Commission signed a new agreement letting United States authorities hold airline passenger records for up to fifteen years. The deal trimmed the number of data points per traveller but drew fire from those who felt European privacy standards had been bargained away.
20. Newcastle council credit card file lifted
Newcastle City Council admitted that a single file holding the details of up to 54,000 people had been improperly released onto an insecure server. The data covered more than a year of tax, parking and rent payments and ended up copied to a computer registered abroad.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: