• Media Enquiries

    07505 448925(24hr)

Time for surveillance transparency


Today the three heads of Britain's intelligence agencies appear infront of Parliament's Intelligence and Security Committee in a televised hearing, the first time for such a hearing to be broadcast. Progress, yes, but let's not get ahead of ourselves - the head of the CIA first appeared on TV speaking to congress in 1975, so it's hardly a revolution in oversight. Today we have published new polling by

GCHQ faces legal action over mass surveillance


Today Big Brother Watch, working with the Open Rights Group, English PEN and German internet activist Constanze Kurz, has announced legal papers have been filed alleging that GCHQ has illegally intruded on the privacy of millions of British and European citizens. We allege that by collecting vast amounts of data leaving or entering the UK, including the content of emails and social media messages, the UK’s spy

Patients win choice of sharing medical records


Earlier this year, we led the concern that a new NHS data sharing plan would see every patient's medical records uploaded to a new information system without the right to opt-out. We warned at the time that patient records would be out of patient control. On Friday, the Secretary of State confirmed that this will not be the case. We have worked closely with MedConfidential and Privacy International to ensure

Boom in private investigators risks avoiding surveillance regulation


Our latest report highlights the growing use of private investigators by local and public authorities, particularly the number of times they are used without RIPA authorisation. The law in the UK, particularly the Police and Criminal Evidence Act 1984, is broadly drawn to allow evidence to be introduced in court that in other jurisdictions would not be deemed admissible. Contrasted with the fruit of the poisonous

Online privacy

Social Media Etiquette

Posted on by Big Brother Watch Posted in Mastering the Internet, Online privacy, Privacy, Social Networking, Technology | 3 Comments

This morning I saw a post about social media etiquette that I think mostly speaks for itself.  In a world where people are using smartphones and Twitter, Facebook, Linkedin, we have become used to having our personal information put out there for all the world to see.  And often without our knowledge.

Personal privacy is always an issue in this world of 24/7 digital accessibility and CCTV cameras watching out every move, but we need to be aware of when we can protect our own privacy.  Choosing your privacy settings, friends and words carefully on social media can make a huge difference in this.

Have a look here to find some of these basic suggestions of how to behave and protect yourself on these social media sites.

SSLs: The Hackgate in Waiting

Posted on by Big Brother Watch Posted in Online privacy | 1 Comment

By Dave Gibson of Deep Blue

What looks like your email, but may not actually be your email? Possibly a sophisticated fake created by the Iranian government to monitor your communication; so sophisticated in fact that those providing the perfect mock-up of your email are using a valid SSL certificate. This gives your  browser the impression that the page is authentic, in the most recent case masquerading as a legitimate Google service, and bypassing any warning that you could normally expect when visiting a fraudulent page.

This is not the first time such a sophisticated ruse has been used to target communications, from emails to instant messenger programs. Such occurrences are known by the sinister name ‘man-in-the-middle’ attacks, where an invisible third-party can eavesdrop sensitive information.   This time, the security breach is so serious that Google and Mozilla have taken the unprecedented step of temporarily blocking any websites with certificates issued by DigiNotar, the Dutch Certificate Authority who’s encryption has been used.

Okay, so most of us aren’t being monitored by despotic regimes, in fact even if the UK Security Services were spying on our Skype messaging, they might find out little more than our thoughts on the new Blade Runner movie, right? I mean, MI5 have got their work cut out with hunting terrorists, honey-trapping student protesters and replacing laptops they lost on their morning commute, why would they be interested in me?

Well, the problem is that not all hackers are in the pay of over-officious bureaucracies with more money than sense. More active in their misuse of your data are professional tech-savvy fraudsters, such as those who committed a similar attack on PayPal a few years ago. SSL certification, at the forefront of web security for nearly two decades, is an obvious target for cyber-criminals.

The most disturbing thing is the lag between the misuse of a certificate and removing the threat it creates. The newly discovered fake certificate is thought to have been created several weeks ago and the PayPal attack took Microsoft months to resolve. One web security expert stated that the only thing notable about the most recent security lapse is “that anyone noticed.

There is clearly something of a serious market failure here, with concerns about the accountability of many companies like DigiNotar who are entrusted with such a fundamentally essential aspect of web security. That after so many years of use, Certification Authorities [CAs]lack such accountability suggests governments are far from on top of this issue. Others fear government-owned CAs are already exploiting the false sense of security SSL provides by creating their own near-seamless fakes to spy on their citizens. The Chinese authorities are known to issue their own SSL certificates and nothing can stop them issuing ones claiming to be Google+ or Yahoo Mail.

Given the failures of the UK authorities in dealing with the comparatively prehistoric issue of phone-hacking, it would be very unwise to put faith in state-driven solutions, yet there is hope for a private-sector solution. That some web-browsers are now blocking every website certified by DigiNotar is a drastic measure given so many legitimate websites will also be hit, yet it shows a markedly serious response to security fears. Perhaps they are trying to avoid the harm to market share Microsoft has suffered from security concerns expressed in the old joke that Internet Explorer should not be used in “hostile environments such as the Internet”. The problem is to find a way that web-browsers, CA clientele and  you and I can verify the integrity of the CAs themselves.

In the meantime, we are all insecure in a discredited web security regime which is as deceptively integral as Doctor Who’s psychic paper. The only comfort can be that now CAs are being directly punished for security lapses, accountability may finally emerge from within the market. If you’re a political dissidents targeted by the most recently discovered lapse, however, you are left with an urgent question : who exactly are you talking to?

Monitoring BBM to Stop…a Water Fight

Posted on by Big Brother Watch Posted in Online privacy, Privacy, Social Networking | Leave a comment

On Friday, the Guardian reports, two young men were arrested in Colchester, charged with ‘encouraging or assisting in the commission of an offense’ after trying to organise a mass water fight via BlackBerry Messenger and Facebook.  Both men will appear before a magistrate at the beginning of next month.

There are a number of concerns to point out in this case.  The first is that the UK can now put itself along side Iran as a state willing to prosecute for taking part in public water fights.  Iran earned this status earlier in the month after the morality police deemed participants to have behaved ‘abnormally’ and disobeying Islamic principals, leading to a series of arrests.  This was all despite the fact that no cases of violence resulted and people enjoyed the three-hour escape from 40 degree heat.  A London-based Iranian blogger wrote that one of the reasons the Iranian government may have been so heavy-handed with this event was the fact that it was organised via social media, which poses a threat to the government’s regime.

The second issue is that this sentiment isn’t unfamiliar in the UK right now.  After the UK riots last week, Cameron made a number of statements in the emergency session of Parliament regarding the threat posed by social media.  He said that there was a need to investigate whether social media sites were deemed to have contributed to criminal behaviour and if shutting them down temporarily was a viable solution to curbing the violence.  BBM, widely determined to be the biggest forum by which the rioters communicated, was also offered up in the statements and has been mentioned repeatedly as its users communicate in relative privacy.

In the case of the Colchester boys and the water fight, it may be becoming obvious that these are no longer suggestions.  First the pre-emptive arrest of these boys when the police should be dealing with rioters that actually committed crimes is unnecessary.  Does the UK really want to be compared with Iran in shutting down members of the public peacefully organising and having fun?

But, more seriously, these young men’s use of social media and BBM to spread word of the event shows police investigators may already be watching BBM, which would be a gross violation of privacy.  As with text messages, the police should have to obtain a warrant to monitor your private communication, which BBM is.  As we’ve said in previous posts in the last week, social media is, to a large degree, in the public domain and shutting down these forums would violate a number of basic freedoms.  But to go beyond that and restrict private communication such as BBM or text messages without a warrant is a violation of privacy.  The government needs to come to grips with its ability to prevent crime rather than simply prosecute it and that restricting the rights and freedoms of all to prevent crimes being committed by a few is simply a step too far and wrong.

‘Anonymous’ Threatens to Take Down Facebook

Posted on by Big Brother Watch Posted in Online privacy, Privacy, Social Networking, Technology | 1 Comment

Activists working in the name of internet ‘Hacktivist’ group Anonymous have threatened to take down Facebook over its privacy policy.

In a YouTube video posted recently, members called upon other ‘hacktivists’ and those interested in protecting internet privacy to get involved and ‘kill’ Facebook.  They have said the takedown will commence on the 5th November, Guy Fawkes Day.  They spell out their grievances with Facebook’s privacy policy in their video which you can watch here, claiming that Facebook has not been clear and transparent about its policies, leading to users uploading information they might not otherwise do if they knew the rights Facebook claims to those details, even after your profile is deleted.  They also make claims that Facebook has sold its information, although creator Mark Zuckerberg has repeatedly denied such claims.

And yesterday, Anonymous’ twitter account @anonops tweeted that only some of the group’s members were part of the #opFacebook group, refuting the claim that Anonymous are responsible for the Operation.  They say that it isn’t the first copycat campaign run in their organisation’s name.

Big Brother Watch is very interested to see if Facebook will make a response or change in its privacy policy and whether Anonymous activists can make the credible threat.

London Riots and Social Media

Posted on by Big Brother Watch Posted in Home, Mastering the Internet, Online privacy, Social Networking, Technology | 2 Comments

The role of social networking outlets such as Twitter, Facebook and Blackberry Messenger (BBM) in contributing to the riots over the last few days has been hotly discussed.  Many have voiced concern they should be shut down or limited.  This kind of knee-jerk reaction to the role of social media would be unnecessary and exceedingly inappropriate.  Rather than shutting these sites down, perhaps there is information to be garnered from working in conjunction with them.

BBM has been acknowledged as the network of choice for the rioters to communicate with each other due to its level of privacy from police surveillance.  With nearly 40% of London’s teens choosing Blackberry as their smartphone of choice, this creates a potentially huge audience for encouraging further violence.  In response, many have called for Blackberry to shut down the service temporarily to curb the violence.  Patrick Spence from Blackberry said “We feel for those impacted by this weekend’s riots in London. We have engaged with the authorities to assist in any way we can” and pledged to work with law enforcement and comply with the law in the UK.

Limiting social networking in the public sphere will not limit violence or deter potential criminals.  In fact, they may even be feeding the public response to resolve the ongoing problems on the streets of London.  Anyone following the #londonriots hashtag on Twitter will see one of the most rapid streams of disapproval of the scenes taking place in London.  People are exchanging photos and videos to identify perpetrators, introducing hash tags and putting pressure on politicians and policeman to respond quickly and more resolutely and arranging community efforts to support the victims in these neighbourhoods.  Additionally, many social network-savvy teens will implicate themselves on these forums, and these statements would be useful to law enforcement in apprehending offenders.

Twitter and Facebook and other public web outlets have been attributed to a number of social movements in the last several months, from Egypt to Libya and so forth.  Police should be taking advantage of the masses of information people are putting on public forums rather than shutting them down due to the deplorable actions of a small minority.  The vast majority of onlookers in the UK and around the globe are appalled by the riots, and I think most of them would happily see communities work with law enforcement through social networking outlets to stop the violence and bring the criminals to justice.

 

Protecting your Facebook privacy

Posted on by Big Brother Watch Posted in Online privacy, Privacy | 2 Comments

Big Brother Watch frequently receives messages from members of the public asking how best to protect their Facebook profile and, with it, their personal privacy.

Privacy-proofing your Facebook account in order to block people who aren’t your friends from accessing your photographs or to ensure that third-party applications are not able to access your personal information can be a bewildering process – especially as the website appears to change its privacy settings on almost daily basis.

Fast Company has put together a useful step-by-step guide demystifying this process.  It’s well worth a look.  Do pass it on to any friends you think may find it useful.

Hat-tip: RR

Staring at Computers

Posted on by Big Brother Watch Posted in Legal Action, Mastering the Internet, Online privacy, United States | 4 Comments

A few weeks ago, a New York, Kyle McDonald artist installed software on the computers at a number of New York Apple stores, taking thousands of webcam photos of people standing in front of them.  He then created a photo exhibition calling it ‘People Staring at Computers,’ put it on his internet blog and the photos popped up on available computers in the stores where they were taken.

After posting the video, the US Secret Service raided McDonald’s apartment and shut down the website armed with a warrant on the grounds that he’d violated 18 USC section 1030, a law pertaining to computer crimes.  No arrests have yet been made, but this case brings up a number of interesting ideas.

Mr McDonald is now being represented by a civil liberties group Electronic Frontier Foundation, which focuses entirely on freedoms in the internet and digital sphere.  Their arguments include that McDonald did not knowingly violate any laws; he sought the permission of security guards and asked the consent of a number of the individuals featured in his project.  Additionally, he captured the images of people in a public place, willingly standing in front of countless cameras, albeit without their knowledge in most cases.

This particular section of law is primarily intended to protect against someone accessing computers used primarily by the US government and might impact US national security or international communication or relations.  I’m quite sure that computers in an Apple Store qualify as neither.  McDonald was entirely under the impression that it was within his rights to take pictures in a public place and publish them on the internet given he’d been granted the right permissions for the computers in the Apple stores in question.

However, there is also the issue of technology pushing past the limits of personal privacy in a way they never have before.  Image technology has progressed so far past most legislation, that the line between technologically advanced and perverse and unnecessary intrusion into peoples’ privacy.  The prevalence of mobile phone cameras, small digital cameras, CCTV cameras and other similar technology have desensitised most people to having their photo taken.  This has also, in turn, made people less sensitive to their rights to their own image and to the use of such images on a public sphere without their knowledge or permission.

The number of times we step in front of a camera every day is excessive, and the expectation is surely that, at some point, our picture will get taken.  But who owns the rights to that photo or determines when it can be used?  Who is in the right?  Should the use of these photos be controlled?  Or should the images of the private individuals be protected from those who would use it without their permission?  This case brings up an interesting debate about who civil liberties are protecting, I open this one up to the floor.

Facial Recognition Software Acquired by Google

Posted on by Big Brother Watch Posted in Online privacy, Privacy, Social Networking | 1 Comment

Google has announced an acquisition of the facial recognition software born out of Carnegie Mellon University called Pittsburgh Pattern Recognition, or PittPatt.  PittPatt’s site states that they are looking forward to working within the Google team and that its existing computer vision technology partners made the acquisition a natural match.

However, Google may now find itself in a similar situation to that of Facebook in recent months.  After failing to add an ‘opt in’ to its facial recognition software added suggested tagging in photos uploaded to the social networking site, there was a loud response from privacy campaigners and from users upset that the privacy settings used to keep tagged photos private was being put aside by the new technology.

With the launch of the new Google+ and the lessons learned by Facebook, Google must tread lightly.  Privacy settings and integrated facial recognition software are not so logical a partnership as Facebook or Google might like to believe.  Even with adequate privacy settings in place, the arguments against facial recognition capabilities hold water.  Google already developed a facial recognition programme for smartphone use through Google Goggles, but withheld it out of concerns for privacy.   The lesson learned by Facebook is that this software is not for social networking sites.

Space: the internet’s new frontier?

Posted on by Big Brother Watch Posted in International, Online privacy | 5 Comments

Guest post by Nick Pickles

Space172 The UK Government is currently considering the possibility of a UK-wide firewall, which (simply put) would give the Government the ability to block access to websites from the UK.

The argument has mainly been made around file-sharing sites, and to a lesser extent child pornography, and of course the Government insists that it would never be used for political reasons.

Yet the example of the Arab Spring and the subsequent activities of Governments in shutting down social networking sites (or more disturbingly, setting up spoof sites to entrap potential trouble makers) should not be forgotten.

It is entirely possible that as part of the super-injunction/privacy debate that website blocking could potentially be on the cards – neatly demonstrated by the High Court judge who warned “the internet is out of control.”

The internet is beyond the reach of Governments. So the natural response of Governments is to seek to bring it back under their control. The first step is to block sites sharing illegal music. That path leads to not being able to read about Tienanmen Square or organise demonstrations – it is not one that a civil society should permit.

However, there is a further option – for social networks to become ISPs.

The power of a shared satellite network, providing internet access to users without reliance on physical cable under the control of Governments, would have the potential to topple the Great Firewall of China, free protestors to organise demonstrations and globalise free speech beyond the reach of overactive judiciaries.

Eventually, universal internet access will be a humanitarian cause. What it needs is someone to take the first step, and aim for the stars.

The government must lift the ban on using intercept evidence

Posted on by Big Brother Watch Posted in Databases, Online privacy, Privacy | 1 Comment

Tp181 Regular visitors to the Big Brother Watch blog will be aware that BBW has long campaigned for a change in existing laws to allow intercept evidence to be used in terrorist trials.

Big Brother Watch Director Daniel Hamilton has today outlined the case for the ban to be lifted in an article for the Total Politics magazine's 'The Idea' feature:

"As long as the ban on the admissibility of intercept evidence remains in place, so do the many strange anomalies connected to it. While British courts cannot hear domestic intercept evidence, they frequently secure convictions based on overseas intercepts. Similarly, British intercepts can be used in prosecutions taking place overseas. While a conversation recorded on a hidden bug is admissible in court, a recorded phone call or intercepted email is not.

"To date, the government has opted to set aside fundamental privacy concerns in order to pursue the IMP. Such a programme, the British public has been told, will “make us safer”.

"Given that the majority of terrorist offences are committed by small groups of individuals, often operating outside the confines of mainstream society, it’s difficult to see how the IMP could possibly be successful in achieving that objective. Pinpointing terrorist activity among a database of billions of unique communications is akin to searching for a needle in a haystack. All the IMP achieves is the creation of the most invasive and intrusive database in history."

You can view the extended piece here.

« Previous   1 2 ... 6 7 8 9 10 11 12 13 14 15 ... 25 26   Next »