Privacy Roundup #0028 • November 2008
November 2008 was dominated by British data losses and the slow-motion reckoning over BT's secret Phorm wiretaps, as leaked lists and lost memory sticks laid bare how casually personal data was handled.
1. Government Gateway login details found in pub car park
A memory stick lost by an Atos Origin worker in a Staffordshire pub car park held passwords and source code for the Government Gateway, the portal for tax returns and benefit claims. Ministers ordered an emergency shutdown of the service while the Information Commissioner opened an urgent investigation.
2. Jacqui Smith prints seized by No2ID in daring dabs grab
The campaign group No2ID obtained a water glass said to bear the fingerprints of Home Secretary Jacqui Smith, taken from a Social Market Foundation event. The group, which had offered a reward for prints belonging to Smith and Gordon Brown, planned to publish them to show how easily biometric data can be lifted.
3. A privacy agenda for the new administration
The Electronic Frontier Foundation set out a wish list for the incoming American administration, urging it to repeal the FISA Amendments Act immunity provisions and to reform the ageing Electronic Communications Privacy Act. The group argued that surveillance powers such as national security letters and invasive border searches needed to be curtailed.
4. Netizens sue NebuAd, data pimping ISPs
Fifteen American internet users filed a class action against NebuAd and six of its ISP partners, alleging breaches of federal wiretapping and computer fraud law. The suit claimed the firm's deep packet inspection technology copied and forwarded all of a subscriber's web traffic to target advertising without proper consent.
5. Net provider accused of coddling crooks yanked offline
McColo, a Californian provider accused of hosting command servers for the Srizbi, Rustock and Mega-D botnets, was disconnected after its upstream supplier pulled the plug. Global spam volumes fell by as much as two thirds in the hours that followed.
6. Express Scripts posts $1m reward to net cyber-extortionists
The American prescription processor Express Scripts offered a one million dollar bounty after blackmailers stole personal and prescription data and threatened to expose millions more records. When the firm refused to pay, the criminals began writing directly to its corporate customers with the same extortion demands.
7. Auntie Beeb's amazing, evolving, ID card stories
The BBC repeatedly rewrote its coverage of Jacqui Smith's identity card speech through a single day, shifting the emphasis away from criticism and towards the government's message that people could not wait for the cards. News Sniffer records exposed how the article was quietly edited to play down concerns about supermarkets taking fingerprints.
8. BNP membership list leaks online
The complete membership roster of the British National Party, listing names, addresses, telephone numbers and email addresses up to September 2008, was published on the web. The exposure caused alarm among members who worked for the police, prison service and armed forces, where party membership was barred.
9. First self-inflicted identity donor cards to ship in late 2009
The Home Office confirmed that the first volunteers would receive national identity cards in late 2009, with a wider rollout to follow. Vince Gaskell, leaving the Criminal Records Bureau, was named to lead the scheme as executive director of new service implementation at the Identity and Passport Service.
10. Wacky Jacqui's £12bn gIMP could be unleashed by 2012
Lord West told the House of Lords that the government's Interception Modernisation Programme, a plan to harvest communications data on the whole population, could be running by 2012. The timetable was tied to BT completing its twenty-first century network, raising fresh alarm over a central store of everybody's calls, emails and web activity.
11. BNP leaked list claims first victims
Anti-fascist campaigners and journalists combing the leaked roster identified serving soldiers, prison officers, teachers and a Merseyside police officer among the membership. Forces restated that officers could not belong to the party, and several named members faced disciplinary action over their entries.
12. Most biometric checks will bypass ID database
The government said routine identity checks would normally verify fingerprints and facial data against the chip on a card or passport rather than against the central National Identity Register. Officials argued this would avoid sending millions of biometric records across networks during everyday checks.
13. Academics warn of EU 'three strikes' back door plan
Sheffield University researchers found that proposed amendments to the EU telecoms package could quietly enable "three strikes" internet disconnection schemes for alleged copyright infringement. They warned that such measures might slip through despite the European Parliament having already rejected similar proposals.
14. BT silences customers over Phorm
BT deleted every discussion thread about Phorm and its Webwise advertising system from its customer support forums, wiping criticism going back to February. The company said the forums were for technical support and that the Webwise threads were not appropriate there.
15. BNP list hunters bring down Wikileaks
The hunt for copies of the leaked BNP membership list drove so much traffic to Wikileaks that the site buckled under roughly seventy requests a second. The episode showed how quickly a leaked database could spread once it reached the wider internet.
16. Government still losing at least a computer a week
A year after the child benefit discs scandal, parliamentary answers revealed the government had lost 53 laptops, 36 BlackBerrys, 30 mobile phones and eight storage devices in twelve months. The Department of Health topped the list, while the Ministry of Defence and Home Office declined to give figures.
17. Spammers look east after McColo shutdown
Analysts charting the aftermath of McColo's disconnection warned that the botnet operators would simply move their command infrastructure to bulletproof hosts in Russia and China. They predicted that junk mail volumes, which had collapsed after the takedown, would climb back within a fortnight.
18. DCSF reins in ContactPoint scope for police and A&E staff
The Department for Children, Schools and Families restricted police and accident and emergency access to ContactPoint, the database holding details of every child in England. Critics said the change was driven by political caution over the controversial system rather than genuine privacy protection.
19. Srizbi spam botnet in failed resurrection
The Srizbi botnet, blamed for around two fifths of the world's spam, briefly reconnected to fresh command servers using a built-in domain generation algorithm after weeks offline. Researchers and Estonian authorities shut the new servers down within hours, before the operators could push out fresh spam runs.
20. Prosecutors gather evidence on secret BT-Phorm trials
The Crown Prosecution Service began weighing evidence on BT's covert 2006 and 2007 trials of Phorm to decide whether a private prosecution for unlawful interception could proceed. The central question was whether BT and Phorm had ever obtained lawful consent for tapping customers' web traffic.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: