Privacy Roundup #0040 • November 2009
November 2009 was the month privacy controls met their critics, as Google, Facebook and Twitter rewrote the rules while watchdogs, courts and lawmakers pushed back on surveillance.
1. Microsoft security report shows worms are returning
Microsoft published its half-yearly Security Intelligence Report, which found that worm infections had doubled and that Koobface, spreading through Facebook and MySpace, was the top worm in the United Kingdom. The figures underlined how social networks had become a favoured route for stealing credentials and account data.
2. Civil society groups release the Madrid Declaration on global privacy standards
More than a hundred civil society organisations and privacy experts from over forty countries released the Madrid Declaration, affirming privacy as a fundamental human right. The text called for a moratorium on new systems of mass surveillance and for a new international framework to protect personal data.
3. Google launches privacy Dashboard service
Google introduced its Dashboard, a single page where signed-in users could view and manage the data held across Gmail, YouTube, Web History and other services. Critics noted that the tool ignored the cookie-based tracking tied to Google's advertising business, so it showed only part of what the company knew.
4. Facebook and MySpace backdoor exposed user accounts
A security researcher found misconfigured cross-domain files on Facebook and MySpace that let an attacker reach accounts with automatic login enabled. The flaw allowed private photos and messages to be downloaded with no warning to the victim before both sites closed the hole.
5. PATRIOT reform and state secrets reform bills pass House committee
The House Judiciary Committee approved a PATRIOT Act reform bill and a State Secrets Protection Act, both carrying significant surveillance and civil liberties implications. The reforms survived largely intact despite quiet pressure from the administration to weaken them.
6. Government rejects call to secure snoop data
The Home Office rejected proposals to require encryption of the communications data obtained under the Regulation of Investigatory Powers Act, calling it impractical. Records from hundreds of thousands of requests were therefore still passed between authorities as plain spreadsheets, exposing phone numbers and email addresses.
7. EFF wins release of telecom lobbying records on illegal surveillance
After a long Freedom of Information Act battle, the government agreed to release records of the negotiations over immunity for telecoms that took part in warrantless surveillance. The documents covered talks between the Justice Department, intelligence officials and Congress on amendments to the Foreign Intelligence Surveillance Act.
8. Google Latitude now tells you where you have been
Google added Location History and Location Alerts to Latitude, storing and analysing where a user had travelled over time. The change reversed an earlier design principle, since the original Latitude had kept only the most recent location rather than a server-side record.
9. Swiss privacy watchdog to sue Google over Street View
Switzerland's federal data protection commissioner announced that he would take Google to court over Street View, arguing that too many faces and number plates remained recognisable. He asked the tribunal to order the removal of all Swiss imagery pending the outcome of the case.
→ phys.org
10. Google Book Search settlement revised with no reader privacy added
The parties filed an amended Google Books settlement after antitrust objections, but added no protections for reader privacy. Campaigners warned that the deal still let Google hand over sensitive records of what people searched and read without insisting on a warrant.
11. Facebook revises its privacy policy
Facebook rewrote its privacy policy in plainer language and adopted it without a user vote, since only a few hundred people commented during the consultation. The revision placed responsibility on individuals to configure their settings and confirmed that accounts could be permanently deleted rather than merely deactivated.
12. T-Mobile coughs to data theft by its own staff
T-Mobile admitted that staff had sold the records of thousands of customers, including contract end dates, to brokers acting for rival operators. The Information Commissioner's Office used the case to press for custodial sentences for those who trade in stolen personal data.
13. ACLU of Northern California launches the dotRights privacy campaign
The American Civil Liberties Union of Northern California launched dotRights, a campaign to explain how online services gather personal information and pass it to data brokers and the government. The effort used an explanatory video covering webmail, search engines and social networks.
14. A look at Twitter's updated privacy policy
Twitter published an updated privacy policy that took effect in November, setting out how it collected and disclosed user information across its services. Commentators welcomed its opt-in approach to geolocation, under which location data was broadcast only when a user chose to turn the feature on.
15. Ofcom talks to spook firm on filesharing snoop plan
Ofcom held talks with Detica, a BAE subsidiary, about deep packet inspection to monitor peer-to-peer traffic ahead of the Digital Economy Bill. Although the firm claimed the system would work anonymously, it would still classify users so they could be targeted for enforcement.
16. Police arrest people just to create DNA records, watchdog warns
The Human Genetics Commission published a report finding that police were arresting people chiefly to take their DNA, and that black men aged eighteen to thirty-five were greatly over-represented on the national database. It warned of unchecked function creep and called for the database to rest on primary legislation.
17. EU telecoms package approved with new e-Privacy rules
The European Parliament approved the telecoms reform package, which included a revised e-Privacy Directive and mandatory notification of personal data breaches by communications providers. The deal also reminded member states that restrictions on internet access required regard for fundamental rights.
18. Manchester united against ID cards, minister finds
As national identity cards became available to residents of Greater Manchester, a Home Office minister faced a local poll in which the overwhelming majority opposed the scheme. Sceptics questioned the government's claims that the underlying database would be secure, pointing to a poor record with sensitive systems.
19. EU governments rush through interim SWIFT bank data deal
EU home affairs ministers approved an interim deal letting United States authorities access European bank transfer data through SWIFT for counter-terrorism purposes. The signing came a day before the Lisbon Treaty took effect, which would otherwise have required the European Parliament to be consulted on the privacy concerns.
20. India plans its own net snoop system
India announced a Centralised Monitoring System to intercept fixed and mobile communications across the country, modelled on the United Kingdom's Interception Modernisation Programme. Probes placed throughout the networks would feed regional and central databases holding metadata such as contacts, timing and location, with a pilot scheduled to begin the following year.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: