Privacy Roundup #0023 • June 2008
June 2008 was dominated by the Phorm deep packet inspection scandal, a run of lost government and banking data, and fresh fights over telecoms surveillance on both sides of the Atlantic.
1. US bank loses unencrypted data on 4.5m people
Backup tapes holding the unencrypted personal details of 4.5 million people went missing in transit from the Bank of New York Mellon. The bank waited more than ten weeks to disclose the loss, which surfaced only when legal papers were filed in Connecticut.
2. European Court hears Ireland's challenge to the data retention directive
On 1 June the European Court of Justice held its first hearing on Ireland's action to annul the directive that obliges telecoms firms to retain traffic data. Dublin argued that the measure rested on the wrong legal basis, while privacy campaigners watched for any sign the mandatory retention scheme might be unpicked.
→ edri.org
3. Covert BT Phorm trial report leaked
An internal BT report describing its secret trials of Phorm's deep packet inspection system was posted to WikiLeaks. It revealed that roughly eighteen million page requests had been intercepted and injected with JavaScript, with charity advertisements quietly substituted for Phorm's own.
4. Breach disclosure laws have 'no effect' on identity theft
Carnegie Mellon researchers reported that American state breach notification laws had not measurably reduced identity theft. The finding arrived just as European campaigners were pressing for similar mandatory disclosure rules.
5. Comcast rolls out new bandwidth throttles
Comcast began trialling fresh traffic management hardware after coming under fire for using deep inspection to slow peer-to-peer connections. Customers complained that they had no way to know when or how heavily their traffic was being throttled, and three more state lawsuits followed.
6. Civil servant leaves Top Secret intelligence documents on a train
A senior Cabinet Office official was suspended after leaving an orange envelope of Top Secret Iraq and al-Qaeda assessments on a Waterloo commuter train. A passenger handed the files to the BBC, and the government ordered an inquiry led by Sir David Omand.
7. UK risks being shut out of EU passenger data scheme
The House of Lords warned that Britain's aggressive plans to extend passenger name record collection could force it to opt out of the EU framework. Opting out would cut off access to other member states' travel data while Britain pursued its own broader regime.
8. Phorm failed to mention 'illegal' trials at Home Office meeting
A freedom of information request revealed that Phorm met the Home Office in August 2007 yet said nothing about the unlawful interception trials it had just run on tens of thousands of BT customers. The Home Office said it learned of the trials only through later reporting.
9. Ninth Circuit ruling protects text message privacy
In Quon v. Arch Wireless the US Ninth Circuit held that stored text messages and emails enjoy Fourth Amendment protection. Police would need a probable cause warrant to read recent messages, and employers could not obtain their contents from a provider without consent.
10. Government claims 'password protection' is enough for stolen PC
After a desktop computer holding sensitive documents was stolen from Hazel Blears's Salford office, officials insisted the machine had been password protected. Security experts dismissed the reassurance, noting the files should never have been on that computer at all.
11. House caves on telecom immunity in FISA rewrite
The US House of Representatives passed the FISA Amendments Act, granting retroactive immunity to phone companies that aided warrantless surveillance. The Electronic Frontier Foundation condemned the measure as a false compromise that would dismiss lawsuits such as its case against AT&T.
12. Post Office may collect ID card fingerprints
Ministers were in talks for the Post Office to handle biometric enrolment for ID cards and passports, extending its existing passport service to fingerprint collection. The plan raised both practical doubts about equipping every branch and security worries given past passport fraud cases.
13. NebuAd looks to 'spyware' firm for recruits
The behavioural advertising start-up NebuAd was found to have hired several senior staff from Claria, the adware company formerly known as Gator. NebuAd, which inspected ISP traffic to target adverts, insisted there was no meaningful link between the two firms.
14. Snoop-happy councils warned off RIPA abuse
The Local Government Association told English councils to stop using surveillance powers to chase dog fouling and littering. The warning followed reports that dozens of authorities had invoked the Regulation of Investigatory Powers Act more than a thousand times against residents.
15. Charter halts its NebuAd traffic inspection plan
Charter Communications abandoned a scheme that would have used deep packet inspection to monitor subscribers and serve targeted adverts. The retreat came after public anger and a pointed letter from members of the House Committee on Energy and Commerce.
16. CCTV cameras questioned as crime cutting tool
Bruce Schneier argued that pervasive surveillance cameras do little to prevent crime, citing British studies of the country's vast camera estate. He warned that the money would be better spent on police officers, and that facial recognition could push the technology towards an Orwellian future.
17. BT threatens music downloaders with internet cut-off
BT began sending letters warning broadband customers accused of sharing copyrighted music that their accounts could be terminated. The campaign, run with the music industry, leaned towards the disconnection model favoured by rights holders.
18. p2p botnet pioneer agrees to plead guilty
A nineteen year old from Wyoming agreed to plead guilty to building the Nugache worm, one of the first peer-to-peer botnets. He had used the network of compromised machines to harvest usernames, passwords and account numbers from thousands of victims.
19. Deutsche Telekom investigated for spying on staff and journalists
German prosecutors opened a criminal investigation into Deutsche Telekom over the covert monitoring of board members and journalists. The company was suspected of trawling phone records to identify who had leaked details of layoffs and acquisitions to the press.
→ edri.org
20. Dutch boffins clone Oyster card
Researchers Wouter Teepe and Bart Jacobs at Radboud University used an ordinary laptop to crack and clone London's Mifare based Oyster travel card. They demonstrated free rides on the Underground and even mounted a denial of service attack on a Tube gate, while promising to withhold the manipulation software until publication.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: