Privacy Roundup #0052 • November 2010
November 2010 was dominated by the WikiLeaks Cablegate disclosures, Facebook's push into email, a TSA body scanner revolt, and Europe's hardening line on Google's Street View data grab.
1. WikiLeaks begins releasing a quarter of a million US diplomatic cables
On 28 November WikiLeaks started publishing some 251,000 classified State Department cables, coordinated with five newspapers. The disclosures exposed candid assessments of world leaders and the private exchanges of diplomats and their confidential sources.
2. Secret US embassy cables revealed across the world's press
The first tranche of cables surfaced simultaneously in The Guardian, Der Spiegel, Le Monde, El Pais and The New York Times. The documents laid bare blunt characterisations of foreign leaders and intelligence gathering directed at the United Nations.
3. Leaked cables link China's Politburo to the Google hack
Among the first revelations was a cable in which a Chinese contact told the US Embassy in Beijing that the Politburo had directed the December 2009 intrusion into Google. The same campaign reportedly targeted the email accounts of human rights activists in China.
4. Denial of service attack hits WikiLeaks before the cable release
Hours before the cables went live, WikiLeaks was knocked offline by a flood of traffic attributed to a lone hacker using the alias "The Jester". The partner newspapers published the documents regardless, so the attack failed to suppress the disclosures.
5. China blocks access to WikiLeaks over the cable revelations
Beijing censored the Cablegate page and related Chinese language coverage within days of the release. The blocking followed cables that pointed to senior officials over the hack on Google's internal systems.
6. WikiLeaks moves cable mirrors onto US Amazon servers
Facing sustained denial of service attacks, WikiLeaks shifted copies of the cables onto Amazon's American cloud servers. The choice put the site briefly within US jurisdiction while keeping a fallback to hosting abroad.
7. UK watchdog finds Google Street View breached data protection law
On 3 November the Information Commissioner ruled that Google's collection of payload data from open Wi-Fi networks was a significant breach of the Data Protection Act. Rather than impose a fine, the regulator secured an undertaking and the right to audit the company's privacy practices.
8. US regulator opens its own Street View Wi-Fi investigation
The Federal Communications Commission confirmed it was investigating whether Google's Street View Wi-Fi capture broke the Communications Act. Google had already admitted gathering passwords, emails and other private data from unsecured networks across many countries.
→ phys.org
9. EPIC ties the FCC probe to its earlier complaint
The Electronic Privacy Information Center noted that the FCC inquiry followed the complaint it had filed over Google's interception of wireless traffic. The group argued the capture of emails and passwords amounted to a potential wiretap violation.
10. Facebook unveils a unified inbox and @facebook.com addresses
On 15 November Mark Zuckerberg launched a messaging system that folded email, instant messaging, texts and Facebook chat into a single inbox. Every user would receive an @facebook.com address, raising fresh questions about who could reach them by default.
11. Has Facebook just killed off email?
Commentators questioned whether handing personal correspondence to one privately held company was wise. The worry was that consolidating email into Facebook's walls would erode the openness and independence of ordinary email.
12. Security experts warn Facebook Messages will draw spammers and scammers
Researchers cautioned that merging email into the social network created a rich new target for malware such as the Koobface worm. They argued that a single inbox spanning friends' networks could spread phishing and spam faster than traditional email.
13. Backlash builds over TSA full body scanners and pat-downs
New screening rules forced travellers to choose between revealing body scans and intimate pat-downs. Privacy advocates, pilots and grassroots groups objected that both options were unacceptably intrusive.
14. Travellers organise a National Opt Out Day protest
A grassroots campaign urged passengers to refuse the scanners on 24 November, the busiest travel day before Thanksgiving. Organisers wanted to spotlight the privacy and health concerns raised by the new procedures.
15. Bruce Schneier calls airport screening security theatre
Writing during the scanner row, the security expert argued that the measures offered the appearance of safety rather than real protection. He held that determined attackers would simply switch tactics, so the intrusion gained travellers little.
16. UK regulator issues its first data protection fines
The Information Commissioner used new powers to fine Hertfordshire County Council £100,000 and the firm A4e £60,000. Hertfordshire had faxed sensitive case papers to the wrong recipients, while A4e lost an unencrypted laptop holding records on 24,000 people.
17. Britain moves to close the wiretap loopholes exposed by Phorm
The Home Office proposed tightening the Regulation of Investigatory Powers Act so that consent to interception must be freely given, specific and informed. The change followed European Commission legal action over BT's secret trials of Phorm's traffic interception technology.
18. "Don't touch my junk" passenger becomes the face of the scanner revolt
After refusing both a scan and an enhanced pat-down at San Diego, John Tyner filmed himself warning a screener and saw the clip go viral. His confrontation crystallised public anger over procedures that reached under clothing or touched intimate areas.
19. Europe sets out plans to overhaul its data protection rules
On 4 November the European Commission published a strategy to modernise the bloc's data protection framework. The plan floated mandatory breach notification, stronger individual rights and an early version of a right to be forgotten.
→ iapp.org
20. Pilots win an exemption from scans and pat-downs
Amid the screening uproar, the TSA agreed that airline pilots in uniform could skip body scanners and pat-downs after an identity check. Pilots' unions had objected both to the radiation exposure and to the indignity of the searches.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: