Privacy Roundup #0024 • July 2008
July 2008 was dominated by ISP snooping, telecom spying immunity and courts wrestling with how much personal data the state and big web firms may hold.
1. European lawmaker sues US agencies for her travel data
The Electronic Frontier Foundation filed suit on behalf of Dutch MEP Sophie in 't Veld, demanding records the United States had gathered about her during international travel. The case tested whether the government's promises of data access for European citizens were genuine.
2. Court rules 1990s UK government wiretaps violated human rights
The European Court of Human Rights ruled that Britain had breached Article 8 by intercepting the communications of three human rights groups under the Interception of Communications Act 1985. The judges found that the law had failed to spell out with sufficient clarity how the state could exercise its surveillance powers.
3. Judge rules surveillance law overrides the state secrets privilege
Chief Judge Vaughn Walker held that the Foreign Intelligence Surveillance Act took precedence over the government's state secrets privilege in the al-Haramain wiretapping case. The ruling rejected the executive's claim that national security alone could shut down a lawsuit over warrantless surveillance.
4. Google deigns to comply with a privacy law
Google added a privacy policy link to its famously spare home page only after campaigners pointed out that its absence breached California's Online Privacy Protection Act. Executive Marissa Mayer then published a long blog post explaining that the firm could spare the words only by removing one from the page.
5. Google Street View cars revive UK privacy fears
Privacy International complained to the Information Commissioner's Office after Google's camera cars were spotted photographing streets in London, Edinburgh and Cardiff. The ICO confirmed it had received the complaint and was looking into the data the vehicles collected.
6. Senate caves to White House demands for telecom immunity
The United States Senate passed the FISA Amendments Act, broadly expanding warrantless surveillance powers and granting retroactive immunity to telecoms that had assisted the National Security Agency. The Electronic Frontier Foundation described the vote as a capitulation that would halt pending lawsuits over illegal spying.
7. US court blesses warrantless snooping of private email
A federal appeals court lifted an injunction that had stopped the government from searching private email accounts without notifying the account holder. The decision turned on procedural grounds, leaving open the constitutional question of whether such searches under the Stored Communications Act required prior judicial review.
8. Google to anonymise YouTube logs before handing them to Viacom
After a judge ordered Google to disclose YouTube viewing records in Viacom's copyright suit, the two firms agreed that personally identifiable information would be scrubbed first. The compromise followed an outcry that the raw logs would have exposed the usernames and addresses of millions of viewers.
9. Protestors picket BT shareholders over secret Phorm trials
Campaigners gathered outside BT's annual general meeting at the Barbican to oppose the firm's deployment of Phorm's behavioural advertising system. BT had secretly tracked thousands of customers' browsing during earlier trials, which critics argued breached UK wiretap law.
10. EU warns the UK to deal with Phorm or face court
The European Commission sent a pre-warning letter to British authorities over Phorm, the deep packet inspection system poised to track customers of BT, Carphone Warehouse and Virgin Media. Commissioner Viviane Reding made clear that tracking web activity without explicit consent breached European directives.
11. Congress accuses American Phorm of beating consumers
A House subcommittee questioned NebuAd over its deep packet inspection system, which tracked the browsing of web users from inside American ISPs. Congressman Ed Markey pressed the firm's chief executive on whether such tracking should require an explicit opt-in, a demand the company resisted.
12. Dutch court clears researchers to publish Oyster card flaws
A judge ruled that Radboud University could publish its analysis of the Mifare Classic chip used in London's Oyster card and Dutch transit systems, rejecting chipmaker NXP's attempt to suppress the work. The court held that freedom of scientific speech outweighed the firm's commercial interest in keeping the weaknesses quiet.
13. Police told to delete decades-old minor criminal records
The Information Tribunal upheld a ruling that five UK forces must wipe ageing records of minor offences from the Police National Computer. Campaigners welcomed the decision as a check on the indefinite retention of personal data about people who posed no continuing risk.
14. UK ISPs agree to send warning letters to suspected file-sharers
Six broadband providers signed a memorandum of understanding with the government to notify customers accused of illegal file-sharing. Critics warned that policing subscribers on behalf of rights holders would draw ISPs into monitoring what their customers did online.
15. Exploit code for the Kaminsky DNS flaw goes wild
Working attack code for Dan Kaminsky's critical DNS cache poisoning bug appeared in the Metasploit framework, days after researchers leaked the details he had asked them to withhold. The release meant attackers could now redirect unwitting users to fraudulent sites before many servers had been patched.
16. World's biggest ISPs drag their feet on the DNS patch
A survey found that more than a dozen large internet providers had still not fixed the Kaminsky DNS vulnerability even after exploit code leaked. Millions of subscribers remained at risk of being silently steered towards impostor websites built to steal their data.
17. Ex-Google engineers launch search engine that keeps no logs
A team of former Google staff unveiled the search engine Cuil, whose privacy policy promised it would record no IP addresses, keep no logs and retain no cookies. Commentators questioned whether such a strict no-tracking stance could win users away from Google on privacy grounds alone.
18. Schneier dissects the Kaminsky DNS vulnerability
Bruce Schneier examined the critical DNS cache poisoning flaw that Dan Kaminsky had disclosed, after vendors issued coordinated patches earlier in the month. He argued that the episode showed why security must be designed in rather than bolted on through an endless patch treadmill.
19. Thieves swipe 3,000 blank UK biometric passports
A consignment of 3,000 blank biometric passports was stolen on its way to British embassies abroad. Officials called the documents useless, yet security researchers warned that the chips inside could be cloned to slip through the automated border gates then being planned.
20. IOC accused of helping China censor the internet at the Olympics
Human Rights Watch reported that foreign journalists at the Beijing Olympics press centre found websites for human rights groups and other bodies blocked, despite pledges of open access. The group said the International Olympic Committee had agreed to Chinese censorship plans rather than resisting them.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: