Privacy Roundup #0027 • October 2008
October 2008 was dominated by the BT Phorm deep packet inspection row, fresh government data losses, and revelations that the NSA had listened to the private calls of innocent Americans.
1. California outlaws RFID tag skimming
Governor Schwarzenegger signed a law making it a crime to read the radio chips in government identity documents without authorisation. He vetoed a companion measure that would have required parental consent before schools could tag children.
2. BT's Phorm small print: It's all your fault
BT's WebWise terms placed the burden on the account holder to warn every household user about the advertising surveillance and explain how to switch it off. The conditions even contained a catch where opting out itself counted as consent to be monitored.
3. Skype admits Chinese privacy breach
Skype conceded that its Chinese partner TOM Online had quietly altered a text filter to store and log messages containing sensitive words such as democracy and Falun Gong. Researchers in Toronto found more than a million intercepted messages sitting on insecure public servers.
4. Deutsche Telekom rocked by massive data theft scandal
Europe's largest telecoms company admitted that the personal records of more than 17 million T-Mobile customers had been stolen back in 2006. The haul included names, addresses, dates of birth and telephone numbers, though not bank or card details.
5. Boffins (finally) publish hack for world's most popular smartcard
Researchers at Radboud University published the full method for cloning the Mifare Classic chip used in London's Oyster card and many building access passes. A Dutch court had cleared the disclosure after NXP and the government tried to suppress the work, which showed the cards could be broken in minutes.
6. UK border facial scan tests hit by errors and breakdowns
Automated face recognition gates being trialled at Manchester Airport suffered frequent failures and could not spot people tailgating through on a single passport. The system had already been recalibrated after rejecting up to thirty per cent of genuine travellers.
7. Spy chiefs plot £12bn IT spree for comms überdatabase
Intelligence agencies pressed ahead with the Interception Modernisation Programme, a plan to build a central database recording details of every call, email, text and web visit in the country. The defence contractor Detica was well placed to profit from installing the black box probes inside communications networks.
8. UK.gov £12bn comms überdatabase 'wouldn't spot terrorists'
A weighty National Academies study concluded that bulk data mining of the kind behind the proposed surveillance database would generate huge numbers of false leads. The authors found that such techniques were poorly suited to identifying terrorists and would sweep up innocent people instead.
9. Reading privacy policies takes 10 minutes on average
Researchers at Carnegie Mellon found that the privacy policies of popular websites ran to about 2,500 words each. Reading every one a typical person encountered would consume an absurd amount of time, which is why almost nobody bothers.
10. Hitwise and Compete: the user data ISPs do sell
While American providers told Congress they would not sell browsing data without consent, analytics firms such as Hitwise and Compete were already buying clickstream records from inside dozens of networks. The article questioned whether the supposedly anonymous data really protected anyone.
11. Brussels bounces BT-Phorm quiz back to UK.gov
The European Commission wrote to the British government a second time, unhappy with answers that ignored the secret 2006 and 2007 Phorm trials run without customer consent. Officials demanded clarity on how any future deployment would respect privacy law.
12. NSA eavesdropping claims deepen
Two former military linguists alleged that the NSA had routinely listened to the private calls of American soldiers, journalists and aid workers in the Middle East. The Senate Intelligence Committee chairman called the accounts extremely disturbing and said the panel would examine them.
13. RIPA ruling closes encryption key loophole
The Court of Appeal held that encryption keys had an existence independent of a suspect's will, so handing them over did not amount to self-incrimination. The judgment meant people could be compelled to surrender their keys when police demanded them under the Regulation of Investigatory Powers Act.
14. MoD admits data loss bigger than thought
The Ministry of Defence conceded that a hard drive lost by its contractor held details of up to 1.7 million people, far more than first stated. The unencrypted disc carried passport numbers, bank information and other sensitive records of service personnel and applicants.
15. Controversial ad serving firm Adzilla pulls out of the US
The behavioural advertising company Adzilla abandoned the American market after its chief executive resigned. Congressional scrutiny and a stronger than expected privacy backlash had driven its internet provider partners to walk away.
16. IP addresses in server logs not personal data: Ruling
A German court held that a website operator could store visitors' IP addresses in its logs without breaching data protection law. The judges decided that an address alone, without help from an internet provider, did not identify an individual.
17. Android comes with a kill-switch
Google admitted that it reserved the right to delete applications remotely from Android handsets at its own discretion. The clause covered software bought through the Android Market, raising fresh worries about who really controlled a person's own device.
18. German privacy watchdogs agree social networking ground rules
Germany's data protection authorities set out eight principles for social networking sites, including a ban on retaining usage data beyond a single session. The rules also demanded clear notice, proper security and a genuine ability for users to delete their accounts.
19. YaGoogleSoft! adopt voluntary 'code of ethics'
Google, Yahoo! and Microsoft signed up to a voluntary code drawn up by the Center for Democracy and Technology to defend free expression online. The pledge followed embarrassments such as Yahoo!'s role in helping China track down the dissident Shi Tao.
20. Orange ditches Phorm
Orange, then a large British broadband provider, confirmed it would not adopt Phorm's tracking technology. The company said it would instead talk openly with customers about what data they might be willing to share.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: