Privacy Roundup #0050 • September 2010
September 2010 saw location and behavioural tracking dominate the privacy agenda, as Google's chief courted controversy, the ACS:Law breach exposed thousands of file-sharers, and governments on both sides of the Atlantic pushed for wiretaps, identity numbers, and internet blacklists.
1. Google's Schmidt satirised as privacy pervert
Consumer Watchdog ran an animated Times Square billboard depicting Google chief Eric Schmidt as a depraved figure spying on children from an ice cream van. The campaign group used the stunt to press Congress for a national "Do Not Track Me" list.
2. Appeals court may require warrants for mobile location records
The Third Circuit ruled that federal magistrates have the discretion to demand a probable-cause search warrant before the government obtains mobile phone location data. The Electronic Frontier Foundation, which argued the case, hailed the decision as a significant win for location privacy.
3. Schmidt warns Berliners: 'We know where you are'
At a Berlin keynote, Eric Schmidt described an "augmented humanity" in which Google would track users and remember their lives for them. The remarks landed badly in a country acutely sensitive to surveillance after its experience of the Stasi and the Gestapo.
4. 'Here you have' email worm sweeps corporate networks
A fast-spreading worm carrying the subject line "Here you have" hammered inboxes worldwide, posing as a PDF and mailing itself to every address book contact. It disrupted organisations including NASA, Disney, and Wells Fargo in a throwback to the mass-mailer outbreaks of a decade earlier.
5. Burglars used social network updates to pick their targets
Police in Nashua, New Hampshire linked roughly fifty break-ins to a gang that monitored social network status updates to identify homes left empty. The case gave real-world weight to earlier warnings about the dangers of broadcasting one's whereabouts online.
6. Hacker claims credit for the 'Here you have' worm
A figure using an "Iraq Resistance" identity told reporters he had written the "Here you have" worm to spread a political message. Researchers noted coding overlaps with earlier malware tied to the same nickname.
7. Czech Republic bans Google from expanding Street View
The Czech Office for Personal Data Protection rejected Google's application to gather fresh Street View imagery, ruling that the project invaded citizens' privacy. Google had also failed to register properly as a data controller in the country.
8. UK ducks the hard questions on Europe's cookie law
The Department for Business proposed simply copying the EU cookie consent rule into British law, leaving the central ambiguity unresolved. Advertisers argued that browser settings amounted to consent, while privacy watchdogs insisted that visitors must be asked directly.
9. Twitter 'onMouseOver' flaw spawns micro-blogging mayhem
A cross-site scripting hole let malicious code run when users merely hovered over a tweet, triggering pop-ups and redirects to third-party sites. Analysts estimated that hundreds of thousands of accounts were swept up before Twitter patched the bug.
10. Stuxnet described as a nation-state 'search-and-destroy weapon'
Analysts concluded that the Stuxnet worm was a precision cyber weapon, dormant until it found a specific Siemens industrial configuration believed to match Iranian nuclear infrastructure. The sophistication pointed to a well-resourced state actor rather than ordinary criminals.
11. Pentagon buys and destroys an intelligence officer's memoir
The Defense Department paid around 47,000 dollars to destroy 9,500 copies of "Operation Dark Heart", a memoir it said exposed classified secrets including details of a voice surveillance system. A censored second printing followed, drawing yet more attention to the suppressed material.
12. ACS:Law email database leaks file-sharers' personal details
After a denial-of-service attack, a backup of anti-piracy firm ACS:Law's site was left exposed and copied onto file-sharing networks. The leak laid bare the names and addresses of thousands of broadband users the firm had accused of unlawful downloading, including alleged pornography.
13. US government seeks a back door into all our communications
The Obama administration drafted legislation to require that every communications service, including encrypted email and peer-to-peer messaging, be capable of complying with a wiretap order. Critics warned that mandating decryption back doors would revive the failed crypto wars of the 1990s.
14. ACS:Law breach could cost the firm half a million pounds
The Information Commissioner opened an inquiry into the ACS:Law leak, signalling he might use new powers allowing fines of up to 500,000 pounds. He said his central question was how securely the personal data had been held.
15. Internet engineers warn the Senate against COICA censorship
Dozens of prominent internet engineers wrote to the Senate Judiciary Committee opposing the Combating Online Infringement and Counterfeits Act. They argued that blacklisting whole domains would fragment the global DNS and damage America's standing as a neutral steward of the network.
16. India launches the world's largest biometric identity scheme
India prepared to issue its first Aadhaar numbers on 29 September, becoming the first country to roll out a biometric-based national identity system. The opening numbers went to villagers in Maharashtra, binding fingerprints and iris scans to a central database for hundreds of millions of residents.
17. Brussels sues the UK over BT's secret Phorm trials
The European Commission referred Britain to the Court of Justice for failing to act on BT's covert trials of Phorm's behavioural advertising technology. The Commission held that UK law fell short of EU requirements to ban and punish unlawful interception of communications.
18. Eleven charged over a ZeuS banking trojan money-mule ring
Investigators charged eleven people accused of laundering proceeds from a ZeuS trojan operation that drained millions from bank accounts. The gang allegedly siphoned more than 30 million dollars worldwide by harvesting victims' online banking credentials.
19. Internet censorship bill is delayed before the recess
The Senate Judiciary Committee postponed its markup of the COICA copyright blacklist bill as the chamber broke for recess. Campaigners welcomed the delay, crediting the wave of opposition from engineers and digital rights groups.
20. Google Instant raises fresh search-poisoning fears
Google's new real-time search feature, which updated results as users typed, prompted warnings that scammers could exploit its suggestions to push malware. Researchers showed that a simple query could surface known scareware among the live recommendations.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: