Privacy Roundup #0020 • March 2008
March 2008 was dominated by Phorm's deep packet inspection scandal in Britain, alongside large card breaches, passport snooping and a fresh wave of biometric surveillance schemes.
1. Data pimping: surveillance expert raises illegal wiretap worries
Professor Peter Sommer warned that the Phorm deals struck by BT, Virgin Media and Carphone Warehouse could amount to illegal interception under RIPA. He argued that mirroring customer web traffic to an advertising firm looked like a wiretap whatever the parties claimed.
2. BT targets 10,000 data pimping guinea pigs
BT prepared to test Phorm's browsing profiler on 10,000 broadband customers from mid-March. Critics noted that web traffic would still be mirrored to Phorm even for users who opted out of the targeted advertising.
3. Pentagon attackers stole 'amazing amount' of sensitive data
The Defence Department chief information officer revealed that an intrusion the previous year had siphoned off a large volume of sensitive material. Attackers used a Windows flaw and forged internal emails to harvest login credentials before encrypting the stolen data.
4. EU preps Google-DoubleClick rubberstamp
European competition watchdogs prepared to clear Google's 3.1 billion dollar acquisition of the advertising network DoubleClick without conditions. The lengthy probe had been driven by privacy fears over combining the two firms' vast records of user browsing, yet such concerns fell outside the competition remit.
5. 'Boil a frog' ID card rollout to continue until 2012
The Home Secretary unveiled a phased national identity card plan starting with foreign nationals and airport workers. Critics warned that incremental adoption was designed to normalise the cards by stealth before universal enrolment in 2012.
6. Home Secretary in ID card gaffe
The Home Secretary claimed the National Identity Register would be "unhackable" because it would remain offline. Security experts immediately rejected this, pointing to insider threats, email exploits and the many routes that compromise databases without internet access.
7. Phorm launches data pimping fight back
Phorm's chief executive defended the system in an interview, insisting that it stored nothing and gave users a single privacy switch. He acknowledged the company's adware past while denying that the tracking technology was spyware.
8. UK government data protection is a shambles
Freedom of Information responses showed that fourteen Whitehall departments lacked basic systems for proving compliance with the Data Protection Act. Only the House of Lords and the Serious Fraud Office kept written data correction policies, and neither audited them.
9. Dear ISP, I am not a target market
A scathing opinion piece denounced the BT, Virgin Media and Carphone Warehouse deals with Phorm as unethical surveillance dressed up as advertising. The author warned that the scheme handed control of users' browsing to businesses they had never signed a contract with.
10. Microscope-wielding boffins crack Tube smartcard
Researchers reverse engineered the Crypto1 cipher inside the Mifare Classic chip used by the London Oyster card and countless building passes. They dissected the chip under a microscope and showed any card could be cracked in minutes on an ordinary computer.
11. Top security firm: Phorm is adware
Trend Micro said it would very likely flag Phorm's tracking cookies as adware to protect customers, and PC Tools weighed similar action. The classification covered both the opt-in and opt-out cookies that the Webwise system relied upon.
12. BT admits misleading customers over Phorm experiments
BT confessed that it had secretly tested Phorm on customer traffic in 2007 after previously denying the trials. Angry subscribers prepared legal action and Sir Tim Berners-Lee spoke out against letting providers exploit browsing data.
13. Net think tank: Phorm is illegal
The Foundation for Information Policy Research told the Information Commissioner that Phorm broke the law even with subscriber consent. Its lawyer argued that consent was also needed from website hosts and email senders whose content would be inspected.
14. Supermarket loses 4.2 million credit card details
The Hannaford supermarket chain disclosed a breach exposing about 4.2 million credit and debit card numbers harvested in transit during card authorisation. Roughly 1,800 fraud cases were already linked to the intrusion, which had run undetected from December until early March.
15. Phorm agrees to independent inspection of data pimping code
Facing a petition signed by thousands, Phorm agreed to let an independent expert inspect its source code. The move was clouded by questions over the privacy consultant who had produced a favourable assessment while also leading Privacy International.
16. State Department workers snooped on all three prez candidates
At least four State Department staff improperly opened the passport files of Barack Obama, Hillary Clinton and John McCain. Officials blamed "imprudent curiosity" and dismissed two contractors once the snooping became public.
17. ICO queries Heathrow T5's huge fingerprint scan
The Information Commissioner questioned plans to fingerprint passengers in Heathrow Terminal 5's shared departure lounge. The watchdog noted that other airports used barcoded photographs for the same purpose without collecting biometrics.
18. The Guardian ditches Phorm
The Guardian became the first commercial partner to abandon Phorm, citing a clash with the newspaper's values. The withdrawal of one of Britain's most popular news sites was a heavy blow to the embattled advertising firm.
19. Mac is the first to fall in Pwn2Own hack contest
Researcher Charlie Miller seized control of a fully patched MacBook Air through a Safari flaw in under two minutes at the CanSecWest contest in Vancouver. The exploit let him read and exfiltrate files from the machine the moment its user followed a booby-trapped link.
20. Privacy and power
Bruce Schneier argued that mutual surveillance fails as a safeguard because it ignores the power gap between watcher and watched. He supported cameras trained on officials while opposing the mass surveillance of ordinary citizens.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: