Privacy Roundup #0022 • May 2008
May 2008 was dominated by deep packet inspection: Phorm in Britain, NebuAd in America, and governments on both sides of the Atlantic reaching for everyone's communications data.
1. Virgin Media distances itself from Phorm 'adoption' claims
Virgin Media rewrote its website to make clear that it had not agreed to deploy Phorm's Webwise system, contradicting the advertising firm's claims of a signed deal. The cable operator said only a non-binding memorandum of understanding existed and that no decision to introduce the technology had been taken.
2. US Congress questions legality of Phorm and the Phormettes
American lawmakers Ed Markey and Joe Barton wrote to Charter Communications asking it to halt a planned trial of NebuAd, a behavioural advertising firm that inspects subscriber traffic. They argued the scheme might breach Section 631 of the Communications Act and should require opt-in consent.
3. Activist coders aim to deafen Phorm with white noise
Campaigners released AntiPhormLite, a tool that simulates random web browsing to flood Phorm's profiling system with meaningless data. The aim was to poison the click stream and so undermine the economics of behavioural targeting.
4. Phorm opponents to picket BT shareholders
Campaigners led by Alex Hanff planned a protest at BT's annual general meeting over the firm's secret Phorm trials. They said communications across roughly 120,000 broadband lines had been intercepted and profiled without consent during earlier tests.
5. UK.gov plans central database for all your communications
The Brown government floated a single state-run silo to hold a record of every phone call, email and web visit made in the United Kingdom. Ministers framed the plan as a way to ease the burden on industry, while critics called it the foundation of a surveillance state.
6. Government orders data retention by ISPs
Britain transposed the European data retention directive, requiring internet providers to keep customer traffic logs for twelve months. The rules covered the times and parties of emails and internet sessions, though not the content of the messages themselves.
7. Police go slow with encryption key terror powers
Figures showed that the power to demand decryption keys under Part III of the Regulation of Investigatory Powers Act had been used only eight times since coming into force. Privacy advocates warned that police might still wield the threat of a five-year sentence to coerce disclosure.
8. Top cop brands CCTV a 'fiasco'
A senior Metropolitan Police officer said Britain's vast investment in surveillance cameras had achieved very little, with only three per cent of crimes solved using their footage. He blamed poor planning over how images would be retrieved and used in court.
9. Regulator gets power to fine for data breaches
The Criminal Justice and Immigration Act received Royal Assent, giving the Information Commissioner's Office authority to fine organisations that deliberately or recklessly breach the Data Protection Act. Officials said the change sent a clear signal that protecting personal data must be a priority.
10. Indian gov denied BlackBerry snoop
Research In Motion refused to give the Indian government a way to read the encrypted email of its enterprise BlackBerry users. The firm said its security architecture was purposely designed so that neither RIM nor any third party could decrypt the traffic under any circumstances.
11. Deutsche Telekom executive admits to spying on staff
A former security chief revealed that Deutsche Telekom had monitored the telephone records of executives and journalists for years to identify the source of press leaks. The company conceded an ill-advised use of communications data in 2005 and 2006, and Bonn prosecutors opened an investigation.
12. No-fly list grounds US Air Marshals
Federal Air Marshals were repeatedly turned away at the gate because their names matched entries on the terrorist watch lists distributed by their own agency. The result was that some flights departed with no marshal aboard, exposing how hard it is to correct an inaccurate record once it enters a security database.
13. British newspaper websites liable in France for privacy invasion
A French court held that British publishers could be sued under French privacy law for articles viewable online in France. Mirror Group Newspapers and Associated Newspapers were each fined 4,500 euros over pieces about the actor Olivier Martinez and the singer Kylie Minogue.
14. TJX employee fired for exposing shoddy security practices
A student worker was sacked after posting online that staff could still reach company servers using blank passwords, eighteen months after the breach that exposed ninety-four million cards. He said he had raised the failings with managers years earlier and seen nothing done.
15. Congress Passes Bill Barring Genetic Discrimination
The United States House passed the Genetic Information Nondiscrimination Act by 414 votes to one, barring health insurers and employers from using genetic information to discriminate. The measure also sought to guard the privacy of genetic data and was sent to President Bush, who signed it into law later in the month.
16. Google trials Street View face-blurring tech
Google began testing automatic face-blurring on Street View imagery captured in Manhattan, in response to mounting privacy complaints. The company described the work as a tough challenge given the scale of its photographic survey.
17. Mobiles help UK malls track shoppers' every move
Two British shopping centres began using Path Intelligence's FootPath system to follow customers by the signals from their mobile phones, with three more sites due to follow. Although the firm tracked only temporary handset identifiers, campaigners warned that the trails could be matched to closed-circuit footage to identify individuals.
18. MySpace revs profile transfer engine
MySpace announced Data Availability, a scheme letting members carry their profile information, friends lists and photos out to other websites. The plan put fresh questions about consent and control over personal data at the centre of the social networking debate.
19. Our data, ourselves
Bruce Schneier argued for a comprehensive privacy law that would protect all personal information and limit who may buy and sell it without consent. He called for rights to inspect held data, correct errors and force deletion, and for judicial oversight of government access.
20. Zango dismisses Storm Worm conspiracy theory
Adware firm Zango denied claims that it was working with the operators of the Storm Worm botnet to spread its software. Researchers concluded that Storm was in fact targeting machines that already ran Zango, rather than the two parties being in league.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: