Privacy Roundup #0026 • September 2008
Phorm and its secret BT trials dominated September 2008, alongside fresh government data losses, NSA litigation and a flurry of Google privacy rows.
1. Burned by Chrome, fire put out
Readers spotted a clause in Google Chrome's licence that purported to claim a perpetual, worldwide licence over any content posted through the new browser. Google retracted the offending wording within hours, conceding that material submitted via Chrome belonged to the user alone.
2. Privacy policies: perception versus reality
Bruce Schneier flagged research showing that consumers wrongly treat the mere presence of a privacy policy as a guarantee of strong protection. The study found that shoppers assumed policies barred data sharing and granted rights that, in practice, rarely existed.
3. Phorm insists its business is fine
Phorm issued a stock market statement claiming significant and accelerating progress, sending its battered shares up more than sixteen per cent. The reassurance followed United States press reports questioning whether the behavioural advertising firm would ever win public or regulatory acceptance.
4. Police quiz BT on secret Phorm trials
City of London police questioned BT over covert tests of Phorm's advertising system that tracked thousands of subscribers in 2006 and 2007 without consent. Legal experts argued the trials breached several criminal statutes, while BT maintained it had taken legal advice.
5. Lidl faces fines for spying on staff
German data protection authorities prepared multimillion euro penalties against the discount chain for covertly monitoring its workers. Leaked records showed managers logging staff toilet breaks, appearance and even private telephone conversations across several stores.
6. Facebook app shows botnet risk
Greek researchers built an innocuous looking Facebook application that quietly turned its users into an attack network without their knowledge. Nearly a thousand people installed the proof of concept within days, exposing how social platforms could be abused at scale.
7. BT, Phorm, and me
Bruce Schneier explained why he could not comment publicly on the BT and Phorm affair, since he worked for BT as a security executive. He acknowledged the awkward position and pointed readers towards independent commentators instead.
8. Google to anonymise user IPs after nine months
Google announced it would cut retention of server log IP addresses from eighteen months to nine. The company admitted that sustained pressure from European regulators had driven the decision.
9. Parents plant spyware to snare predator
Parents installed monitoring software on their daughter's computer to gather evidence against an ice hockey coach who had defied a court order. The recorded communications helped convict the man, who received a four and a half year sentence.
10. PA Consulting begs for mercy after data loss
PA Consulting pleaded not to lose more government work after misplacing the personal details of the entire prison population on an unencrypted memory stick. The Home Office terminated a contract and blamed a clear breach of its terms.
11. Street View operatives object to being snapped
Google Street View drivers in Edinburgh threatened legal action against a photographer who tried to picture them setting up their roof mounted cameras. Critics noted the irony of a surveillance fleet resisting being surveilled itself.
12. BT's secret Phorm trials: the government responds
The European Commission began examining why British authorities had taken no action over BT and Phorm's undisclosed wiretapping trials. The government's statement dwelt on future deployments while saying nothing about the secret experiments themselves.
13. Governor Palin's Yahoo email account hacked
An intruder accessed Sarah Palin's personal Yahoo account by guessing answers to its password recovery questions and posted screenshots online. The episode underlined how flimsy account recovery systems could expose a public figure's private correspondence.
14. EFF sues Bush over warrantless surveillance
The Electronic Frontier Foundation filed suit against President Bush, the NSA and other officials to halt the mass interception of Americans' communications. The complaint centred on AT&T routing internet traffic through a secret room in San Francisco.
15. Sockpuppeting civil servant exposed on Wikipedia
A Department of Health civil servant was suspended after running around fifteen fake Wikipedia personas built around photographs of unsuspecting young women. The case showed how an assume good faith culture could be quietly exploited.
16. Government files to dismiss NSA surveillance cases
Washington moved to dismiss the telecoms surveillance lawsuits using the retroactive immunity granted under the summer's FISA Amendments Act. The EFF signalled it would challenge the law's constitutionality at a hearing later that year.
17. Government to drop the überdatabase from snoop Bill
Ministers planned to strip explicit mention of a central communications database from the forthcoming Communications Data Bill, while pressing on with the project covertly. Officials feared the scheme to log every call, email and web session would meet fierce resistance from MPs.
18. Revealed: Street View's UK invasion schedule
A work rota found inside a Street View car suggested Google could photograph the entire United Kingdom road network within a year. The discovery offered a rare glimpse of how quickly the mapping fleet was moving across the country.
19. BT's third Phorm trial starts
BT invited around ten thousand broadband customers to take part in a fresh trial of Phorm's behavioural advertising system, branded BT Webwise. The launch came amid a European Commission investigation into the earlier covert tests conducted without consent.
20. How to clone and modify e-passports
Bruce Schneier highlighted a tool that let researchers clone and alter electronic passports, exploiting their reliance on self-signed certificates. He argued the flaw showed why human border officers remained essential rather than blind trust in the chip.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: