Privacy Roundup #0018 • January 2008
January 2008 was dominated by Britain's cascade of lost laptops and discs, the finalised REAL ID rules, and fresh proposals to wiretap encrypted internet traffic on both sides of the Atlantic.
1. Information security breaches quadrupled in 2007
The Identity Theft Resource Center counted more than 79 million records exposed in the United States up to mid December, a fourfold rise on the previous year. The TJX retail intrusion and the British loss of 25 million child benefit records stood out as the worst incidents of a grim twelve months.
2. Sears admits to joining spyware biz
Researchers found that Sears was inviting customers into a "My SHC Community" that quietly installed ComScore tracking software to log every site they visited. The only warning sat on page ten of a fifty four page privacy statement, which experts said fell short of the standards the Federal Trade Commission had set.
3. How to delete your DNA profile
David Mery, arrested on the London Underground in 2005 and released without charge, described his long fight to have his fingerprints and DNA expunged from the national database. Removal was treated as exceptional, with only 634 profiles deleted over five years against nearly 2.65 million added.
4. 2007 worst ever year for data protection
A Liberal Democrat tally found that almost 37 million people in the United Kingdom had their private data compromised during 2007. The government's loss of 25 million child benefit records was the single largest incident, alongside lost driver records and millions of stolen retail card details.
5. Facebook blocks Secret Crush over adware row
Facebook disabled the "Secret Crush" widget after Fortinet warned that it operated as a social worm, luring users into downloading Zango adware while promising to reveal a secret admirer. Around four per cent of the network's users had installed it before the application was pulled.
6. MySpace reveals child predator blocks
Under pressure from forty nine state attorneys general, MySpace agreed to delete the profiles of registered sex offenders and make the pages of fourteen and fifteen year olds private. The site also promised to explore age verification, a measure it had previously resisted on privacy and practicality grounds.
7. US.gov sets Real ID rules in stone
The Department of Homeland Security issued its final rules implementing the REAL ID Act, requiring states to upgrade driving licences with new security features and citizenship checks. Seventeen state legislatures and a string of civil liberties groups objected to the cost and the prospect of a de facto national identity register.
8. FBI to get UK biometric database hookup?
Reports described "Server in the Sky", a plan to interlink the biometric databases of the United States, United Kingdom, Australia, Canada and New Zealand. The scheme would give the FBI automated access to British fingerprint and DNA records rather than requiring individual requests.
9. Boro council in child data theft flap
Thieves broke into a Middlesbrough teaching and learning centre and stole nine laptops holding social work case files on roughly sixty three vulnerable children. The council could not say how strong the partial encryption on the machines was, which security experts said would do little to reassure affected families.
10. GE Money backup tape with 650,000 records missing at Iron Mountain
GE Money disclosed that an unencrypted backup tape holding data on about 650,000 store credit customers, including J.C. Penney shoppers, had gone missing from an Iron Mountain vault. The tape contained roughly 150,000 social security numbers, and affected customers were offered a year of credit monitoring.
11. MoD coughs to laptop triple whammy
The Ministry of Defence admitted that three unencrypted laptops had been lost since 2005, one of them stolen from a naval officer's car with details of 600,000 would be recruits. The records included passport numbers, National Insurance numbers and the bank details of thousands of applicants.
12. Spamford Wallace's MySpace riches come under attack
The Federal Trade Commission moved to hold spammer Sanford Wallace in contempt for a MySpace scheme that netted at least 555,850 dollars. He had created more than 11,000 fake accounts and compromised around 300,000 real ones to flood profiles with links to gambling and adult sites.
13. Bush orders NSA to snoop on US agencies
President Bush signed a directive authorising the National Security Agency to monitor the internet traffic of other federal agencies, citing a rise in cyber attacks. Critics warned that the agency would operate with little oversight and that attributing attacks to particular nations remained deeply uncertain.
14. IPS leak suggests ID card fingerprint chop
A leaked Home Office document suggested that the central fingerprint database underpinning the identity card scheme might be dropped, with biometrics collected only from selected population groups. The change would undermine the scheme's central claim of a complete national register for police matching.
15. Forget passports, teachers and kids are the new ID card targets
A leaked Identity and Passport Service planning document revealed that the scheme would no longer rely on passport renewals but would target softer groups instead. Teachers, carers facing criminal record checks and sixteen year olds were earmarked to receive the first cards, with full e-borders ambitions quietly deferred.
16. UK gov issued 250k snoop licences in nine months
The Interception of Communications Commissioner reported that public bodies had made 253,557 requests for communications data over nine months, with 1,088 acknowledged errors. The commissioner judged the regime to be working well and saw no need for changes to the law governing access to phone and internet records.
17. Skype Trojan wiretap plan leaks onto the net
Leaked documents revealed that the German firm Digitask had offered Bavarian prosecutors software to intercept Skype calls and SSL traffic by planting a Trojan on suspects' computers. The proposal followed police complaints that they could not decrypt Skype conversations during investigations.
18. VOIP and the web baffle Brit spook wiretappers
MI5 and GCHQ admitted that internet protocol networks were the biggest change in telecoms since the invention of the telephone and that they struggled to intercept them. The admission cut against political pledges to stamp out terrorist communications online.
19. SAS extends fingerprint ID system for domestic flights
The Scandinavian airline SAS expanded its voluntary fingerprint scheme to domestic flights from Stockholm and Gothenburg, using the biometric to match passengers to their checked luggage. The airline said that each fingerprint was erased at the end of the flight, which it argued limited the privacy intrusion.
20. Illegal government surveillance: it's not just for foreigners
The Electronic Frontier Foundation argued that the NSA's fibre optic taps copied all internet traffic, domestic as well as international, with no court oversight. Drawing on the testimony of AT&T whistleblower Mark Klein, the group described the practice not as a wiretap but as a "countrytap".
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: