Patients win choice of sharing medical records
Can you support Sgt Danny Nightingale?
Boom in private investigators risks avoiding surveillance regulation
In a word, yes.
When news broke of the US Government’s wholesale request for data on Associated Press journalists,
The New Yorker quickly highlighted how US law allowed the Department of Justice to go straight to the phone companies, without notifying AP (although it’s own guidelines said this should not normally happen.) Because of this, there was no opportunity to test the justification for such a massive intrusion on the freedom of the press.
One of the Prime Minister’s closest advisors has warned that the Home Office’s Communications Data plans to monitor email and web use could be “disastrous” and compared it to North Korea.
As reported by the Telegraph, Ben Hammersley, a Number 10 adviser to the Tech City project, the told magazine Tank:
“As a society, it would be stupid to build the infrastructure that could be used to oppress us. It just never works out well, because even if you’re using it for good stuff now, the fact that we don’t know who is going to be in charge in ten years’ time means that we shouldn’t give them free toys to play with.”
This follows remarks he made last year, when Mr Hammersley said the plans were ‘hilarious’ because of their technical naivety:
“The idea that the internet is like the postal service or like the copper line phone network in that it can be monitored in such a way is hilarious, because it can’t be technologically speaking, unless you become North Korea. Unless you become massively draconian you can’t either monitor propery or censor completely the internet.”
We previously highlighted the number of public organisations given access to the data – covering who you email, which websites you browse and the social media messages you send – is inevitably going to increase, with more than 30 already asking for the data before the bill has even been presented to parliament. This ‘function creep’ was also identified by Hammersley, who warned :
“I don’t trust future governments. The successors of the politicians who put this in place might not be trustworthy.
Time is running out to ensure that the British legal system is not fundamentally altered in favour of the State’s desire to keep secret what it chooses.
The House of Lords attempted to introduce safeguards to the Justice and Security Bill – but they were overturned at Committee stage in the Commons.
The latest assessment from the Joint Committee on Human Rights, publishing its second legislative scrutiny report, warned that there were still a number of significant issues that had not been addressed by the Government.
Andrew Tryie MP and Anthony Peto, QC wrote a damning paper for the Centre for Policy Studies ‘Neither Just nor Secure’ while former Labour Minister Chris Mullin joined critics arguing the Bill “will be deeply damaging to the integrity of our legal system in the eyes of the world.”
A letter signed by 702 legal experts called the Bill ‘dangerous and unnecessary’ while the Special Advocates’ latest analysis, argues there is “no compelling justification for the proposals in Part 2 of the Bill has been made out, notwithstanding the Government’s assertions to the contrary“.
You can download a letter to send to your MP now – time is running out.
Today’s Independent reports on the latest front in retail convenience and privacy, with Disney’s plans to utilise RFID technology. 
“The latest kerfuffle has resulted from Disney’s plan to introduce an RFID wristband – “the MagicBand” – at its parks during 2013. It would function as a room key, a parking ticket, a pass for certain rides, a payment system and, if you opted in, a personal ID that would, say, allow Disney characters to greet you or your children by name. The online reaction to this plan ranges from “awesome” to “terrifying”.
Disney says that it’s trying to “appeal to customers more efficiently” in a way that’s “transformational” to its business; critics say that it enables the company to “monitor, track and analyse your every activity”. When the plans became public, Congressman Ed Markey complained to Disney about the “surreptitious use of a child’s information”, a claim that was deftly rubbished by the company – but the move still furrows the brows of privacy campaigners, including Nick Pickles, director of Big Brother Watch.”
RFID isn’t a particularly new technology, but as it’s sophistication increases and new demands emerge for data on what consumers are doing off-line to keep up with online tracking, the reality is that it offers yet another way to track us. Particularly in environments designed for children, the broader issue about how we educate young people about privacy is a concern when they are told to accept as normal a degree of tracking in everyday environments.
Yes, it does also offer new convenience for customers so as ever, the critical issue is how companies detail the systems – and if consumers have a real choice between using the technology or not. Consumers need to be aware of what data is being collected, how it is linked to other data and how it will be used. Critically, consumers also need to know if third parties will be using the data and if so, who.
Big Brother Watch joined a campaign in the US against the use of RFID in schools and we are monitoring to see how the technology – and other kinds of physical tracking – are deployed in the UK.
The Prüm Treaty may yet be implemented in the UK as a report shows that the European Commission plans to force the UK to allow other member states access to personal details of every motorist in Britain as well as access to the national DNA database and fingerprint records.
The Home Secretary has indicated that she is minded to opt out of the European Home Affairs Injustice measures in 2014, a step that would enable a full and frank discussion on how to sufficiently protect the rights of UK citizens. We can now hope that the Home Secretary will share the same robustness towards the European Commission on this matter.
Google’s tracking of users without permission has set an important precedent with the Federal Trade Commission (FTC) issuing its largest ever fine, although it will barely trouble Google’s finances.
The fine – $22.5m - was handed down after Google deliberately placed cookies to track a user’s web activity that avoided Safari’s usual default-block on cookies from ‘third party’ sites, such as advertising networks.
Big Brother Watch has repeatedly made the case for consumer control over personal information, and the ability of consumers to be able make an informed choice about how they share information about them. In this situation, consumers were neither aware nor asked for their consent – indeed, many may have believed their privacy was protected by using Safari.
It is a very dangerous precedent for companies to deliberately circumvent privacy protection and so we welcome this ruling as an important milestone in returning to consumers true control over their personal information.
As we have often warned, where businesses rely on personal information to offer better targeted advertisements there will be inherent tension between respecting consumer privacy and pursuing profit. Staff will inevitably come under commercial pressures, as in any other business. Big Brother Watch believes that innovation and technology will address this in the future, but that regulation is essential where companies seek to over-ride consumer choices about sharing their data.
Consumer choice is key to a dynamic economy that balances individual rights with commercial services. This case should be a warning to any business that fails to respect those rights.
In a legal process filed earlier this week, American campaign group the Electronic Frontier Foundation (EFF) has highlighted the dangers of allowing the Government to install it’s own ‘black box’ hardware into the communications network – as currently proposed by the draft Communications Data Bill.
The EFF is currently pursuing a lawsuit against what it alleges is the US government’s illegal mass surveillance program and has now produced three whistleblowers. All former employees of the National Security Agency (NSA) – they confirm that the NSA has, or is in the process of obtaining, the capability to seize and store most electronic communications passing through its U.S. intercept centers, such as the “secret room” at the AT&T facility in San Francisco first disclosed by retired AT&T technician Mark Klein in early 2006.
These ‘intercept centers’ are exactly the same kind of equipment that will be required to enact the Communications Capabilities Programme, and are specifically provided for in the draft legislation. Once they are installed, there is nothing stopping either domestic agencies or malicious attackers using them to store communications data (indeed, where data is encrypted this may be necessary) or re-purposing them to actively monitor who is visiting certain websites or communicating with certain email addresses, in real time.
After all, it is not difficult to see the argument being made that once communications data is stored, storing content is a small step requiring a few teaks to the language of legislation – for exactly the same paedo-terrorism arguments we have heard in the past few weeks.
We warned earlier this week about how dangerously naive the Home Office’s plans were, carrying a risk of either doing huge damage to internet security, or becoming a multi-billion pound white elephant. (Given past Whitehall IT projects, our money is on the latter.)
The wider risk is now becoming clear – once these pieces of hardware are installed, it is a matter of time before they are either abused (particularly worrying given the draft Bill makes no provision for the boxes to be auditable by an external body)
Indeed, this was exactly what happened in Greece when the interception capability of software on the Vodafone network was activated by unknown external operatives. The phone calls of members of the Greek cabinet, senior police and defense officials and the Prime Minister. The bugging software was thought to be active in the weeks leading up to the 2005 Athens Olympics and wasn’t discovered for seven months.
The only way to protect privacy and our freedoms is for these boxes to never be installed and service providers to store less data about us – which is why Big Brother Watch will be campaigning to have the entire draft Bill dropped.
Despite more than 210,000 people signing Wikipedia founder Jimmy Wales’ petition,the Home Office have said that they do not intend to block the extradition of Richard O’Dwyer.
The petition sums up the absurdity of the situation – America is trying to prosecute a UK citizen for an alleged crime which took place on UK soil.
And the Home Office think that’s just fine.
In yet another stark illustration of how one-sided the UK-US extradition relationship has become – not to mention the subservience of officials who theoretically are supposed to protect the interests of British citizens – a 24 year old faces up to a decade in a US prison for copyright offences.
He has never been arrested or charged with an offence under UK law, his site was not hosted in the US and he has lived in the UK all of his life. Basic principles of justice have been abandoned.
If there was a crime it should be investigated and tried here in the UK, like any other crime.
Richard’s fate now rests on his appeal later in the year. You can sign the petition here.
Last week Channel 4 news reported a fear Big Brother Watch has been articulating for some time, namely that the Communications Data Bill will require black boxes to be installed so that if a message is sent encrypted, it can still be read.
An excellent technical summary is here but the essential point is that the Home Office is planning to make itself the ‘man in the middle’ between your PC and the Internet. The term ‘man in the middle attack’ is a well known problem for internet security, but the wider concern is that the plan is at risk of being useless by developments already underway.
As reported by the Economist last year, ensuring that communications can be sent and received securely is an essential part of a global, digital economy and fraudsters have used dodgy certificates in the past to enable both state-sponsored attacks and corporate fraud. Accordingly, it’s a loophole that is being rapidly closed.
In addition, it makes the black boxes hugely lucrative to both criminal and foreign interests who would not be afraid of ‘collateral damage’ in obtaining them. Once obtained, they would be in an unprecedented position to attack the UK and its interests.
There’s also a serious question about how businesses with sensitive intellectual property would feel about trusting their security to the same officials who put 23m people’s tax details in the post on an unencrypted CD.
Technologically at risk of being out of date before it’s installed, hugely costly and a threat to Britain’s already ailing economy. The civil liberties argument is not the only reason to be very afraid of the draft Communications Data Bill – and the list is growing.
At the weekend, the Sunday Times broke news of how Indian call centre staff had been caught offering stolen personal information for sale – stolen from UK companys and available for as little as 2p per person. They boasted credit card details, mortgage and loans and phone contracts.
The 1998 Data Protection Act prohibits the transfer of personal information outside the EEA unless there is an adequate level of protection for the information, and for individuals’ rights in relation to that information. If the data is lost, stolen or misused then the UK-based organisation is liable.
The law is clear and back in 2006 Deputy information commissioner David Smith warned “a UK-based business outsourcing a call centre or other aspect of its data processing abroad remains legally liable for any failings. It could face legal action by the Information Commissioner’s Office and by an individual even if a breach takes place outside the UK.”
However, the drive to reduce costs has seen call centres, services and some data hosting move to lower-cost countries, with the latest example being data from the Driver and Vehicle Licensing Agency, including addresses and registration plate numbers, along with credit card details, nowbeing available to staff outside the UK after ministers changed an earlier decision to allow IBM to reduce costs.
IBM runs the congestion charge zone for Transport for London (TfL) and the changes to allow staff abroad to access data is expected to be completed by 18 May.
The risks around off-shoring data are clearly substantial if it is not done in a tightly-controlled way. Whether allowing staff to access data, or physically moving the data abroad, it is essential that the rush to save money does not lead to irrepairable damage to privacy and data security.