Privacy Roundup #0016 • November 2007
November 2007 was dominated by Britain's loss of 25 million child benefit records, a debacle that shook confidence in the planned national identity scheme while Facebook and the surveillance state pressed on regardless.
1. Japanese officials in tables-turned GPS tracking rumpus
Japan's defence minister proposed tracking ministry officials through GPS-enabled mobile phones after a corruption scandal involving lavish gifts from an arms contractor. The officials objected loudly, with one protesting that they were not children and another complaining that the plan ignored their privacy.
2. Petty crimes, 150,000 kids and a million new records
Figures from the Association of Chief Police Officers revealed that around a million names had been added to the Police National Computer in the preceding ten months. More than 150,000 children under sixteen had their DNA profiles stored, prompting protests that records were being kept for the most minor of offences.
3. EU unveils air passenger 'risk profiling' plan
Commissioner Franco Frattini proposed a European Passenger Name Record system that would screen and score every traveller flying into or out of the bloc. Each member state would collect the data and produce a risk assessment used to decide whether a passenger could fly.
4. Facebook mounts Tupperware-style ads push
Facebook unveiled Social Ads, a scheme to sell access to member profile data and to track what users did on partner websites through a system called Beacon. Zuckerberg called the trusted referral the holy grail for advertisers, and there was no opt-out at launch.
5. ID Cards cost cut to £5.6bn
The government's latest six-monthly report trimmed the estimated cost of the national identity scheme to £5.6bn, citing cheaper fingerprint biometrics in place of iris recognition. The London School of Economics had earlier put the true figure as high as £19.2bn and was surprised the savings were not larger.
6. Botmaster owns up to 250,000 zombie PCs
John Kenneth Schiefer, a Los Angeles security consultant, pleaded guilty to using botnets to infect at least a quarter of a million computers and harvest banking credentials. He faced a maximum sentence of sixty years in federal prison and a fine of $1.75m.
7. Alicia Keys hit by MySpace Trojan hack
Attackers compromised several MySpace profiles, including the page of the singer Alicia Keys, to push malware disguised as a video codec. Visitors who followed the booby-trapped links risked having their machines infected through browser exploits.
8. Privacy laws should be overhauled, says European regulator
Europe's data protection supervisor, Peter Hustinx, argued that existing privacy frameworks would need substantial revision within five years to cope with modern data flows. He set out the case in a public debate with Google's head of privacy, Peter Fleischer.
9. Asylum seeker fingerprint database has security flaws, says watchdog
Europe's data protection supervisor audited Eurodac, the continent-wide fingerprint database holding the prints of asylum seekers and irregular migrants, and reported organisational security weaknesses. The inspection also turned up improper searches of the records, though the watchdog judged that the system had offered a fair level of protection during its first four years.
10. Animal rights activist hit with RIPA key decrypt demand
An animal rights campaigner became one of the first people served with a notice under Part Three of the Regulation of Investigatory Powers Act, ordering her to hand over her encryption keys. Refusal carried a prison sentence of up to two years, or five for cases touching national security.
11. Tor embassy 'hacker' raided by Swedish Feds
Swedish police raided the security researcher Dan Egerstad after he revealed that he had harvested the login credentials of around a thousand email accounts by sniffing unencrypted traffic on the Tor anonymity network. At least a hundred of the accounts belonged to foreign embassies and government bodies whose staff had wrongly assumed Tor encrypted their messages.
12. Boeing guards its right to tail employees
Boeing defended an internal surveillance programme that monitored staff movements, keystrokes and communications both at work and beyond the company gates. One worker was followed to lunch and had his Gmail account accessed before being dismissed for speaking to the press.
13. Monster.com attack puts users at risk (again)
Hackers planted malicious iFrames in Monster.com job listings, silently redirecting visitors to servers that served up malware. The compromise, which ensnared adverts from firms such as Best Buy and Toyota Financial, marked at least the second time in months that the recruitment site had exposed its users.
14. Darling admits Revenue loss of 25 million personal records
Chancellor Alistair Darling told the Commons that Her Majesty's Revenue and Customs had lost two discs holding the personal details of 25 million people. The records covered child benefit payments for 7.25 million families and included names, addresses, dates of birth and bank details.
15. How HMRC gave away the UK's national identity
This analysis dissected how the discs came to be burned and posted unrecorded through an internal courier in breach of the department's own rules. It described the episode as probably the largest data loss the world had ever seen.
16. Will Darling's data giveaway kill off ID cards?
Campaigners argued that the loss of records on 25 million people destroyed any case for trusting the government with a national identity database. Security experts used the moment to renew calls for a mandatory data breach notification law.
17. Information Commissioner pokes kids on social networking privacy
The UK Information Commissioner's Office issued guidance warning young people about the privacy risks of posting freely on networks such as MySpace, Bebo and Facebook. A survey accompanying the launch found that more than two-thirds of those aged fourteen to twenty-one worried that employers or universities might dig up their online activity.
18. Skype crypto stumps German cops
German police complained that Skype's encryption defeated their wiretaps and pressed for permission to plant law enforcement malware on suspects' machines. The proposal followed a court ruling that had declared clandestine searches of computers inadmissible.
19. UK database of children delayed
The government postponed ContactPoint, its planned national database listing every child in England, by five months after the loss of the child benefit discs. Ministers ordered a fresh security review by Deloitte before the system could be rolled out to early adopter councils.
20. Facebook 'to drop' creeptech ad system
Facebook bowed to a storm of protest and said it would turn its Beacon tracking system from opt-out into opt-in. Privacy campaigners and a MoveOn petition had objected to the way the network broadcast members' purchases on outside websites to their friends.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: