• Media Enquiries

    07505 448925(24hr)

Time for surveillance transparency

Today the three heads of Britain's intelligence agencies appear infront of Parliament's Intelligence and Security Committee in a televised hearing, the first time for such a hearing to be broadcast. Progress, yes, but let's not get ahead of ourselves - the head of the CIA first appeared on TV speaking to congress in 1975, so it's hardly a revolution in oversight. Today we have published new polling by

GCHQ faces legal action over mass surveillance

Today Big Brother Watch, working with the Open Rights Group, English PEN and German internet activist Constanze Kurz, has announced legal papers have been filed alleging that GCHQ has illegally intruded on the privacy of millions of British and European citizens. We allege that by collecting vast amounts of data leaving or entering the UK, including the content of emails and social media messages, the UK’s spy

Patients win choice of sharing medical records

Earlier this year, we led the concern that a new NHS data sharing plan would see every patient's medical records uploaded to a new information system without the right to opt-out. We warned at the time that patient records would be out of patient control. On Friday, the Secretary of State confirmed that this will not be the case. We have worked closely with MedConfidential and Privacy International to ensure

Boom in private investigators risks avoiding surveillance regulation

Our latest report highlights the growing use of private investigators by local and public authorities, particularly the number of times they are used without RIPA authorisation. The law in the UK, particularly the Police and Criminal Evidence Act 1984, is broadly drawn to allow evidence to be introduced in court that in other jurisdictions would not be deemed admissible. Contrasted with the fruit of the poisonous

Online privacy

Westminster Council unveils plans for social media monitoring

Posted on by Big Brother Watch Posted in Online privacy, Privacy, Riots, Social Networking | Leave a comment

In the aftermath of the London riots, there has been a range of ‘interesting’ ideas around social media and digital communications. 

Today’s Times carries one such example – Westminster council is to set up a ‘gang information desk‘ to monitor and report suspicious activity on-line.

It’s not clear if they will be monitoring only public information or if they will be seeking to access private communications – for example, the much maligned Blackberry Messenger service. From initial reports, it would appear that social workers who are part of networks would be expected to pass on information. Illustrating this point, Councillor Nickie Aiken, Cabinet Member for Children, Young People and Community Protection at Westminster, was quoted as saying  “we need to explore if we can get into these groups.”

If this were the case, it would be a gross abuse of the relationship between social workers and young people, and a serious invasion of privacy. Furthermore, it would only exacerbate the mis-trust between young people and the authorities at a time when we can ill afford to do so.

Read more

Hacker Claims Fake Web Certificates Issued

Posted on by Big Brother Watch Posted in Data Protection, International, Mastering the Internet, Online privacy, Privacy, Technology | Leave a comment

The Beglian security firm GlobalSign has temporarily stopped issuing web authentication certificates due to claims that a hacker has gained access to company servers, allowing it to issue bogus certificates.  This makes GlobalSign the second major Certificate Authority to be hacked in as many months.

This kind of certificate is normally issued to ensure that websites that claim to be secure are authentic.  Issuing fake certificates potentially allows the activity on the computer accessing the hacked website to be monitored. Read more

Cloud Security

Posted on by Big Brother Watch Posted in Data Protection, Mastering the Internet, Online privacy, Privacy, Technology, United States | Leave a comment

The Register has an interview with Jim Reavis, executive director of the Cloud Security Alliance, posted on their website today.

The interview discusses how to ensure that data and information shared on a Cloud is secure as well as some of the technological and policy issues related to doing so.  Reavis makes a number of interesting points about the safety of users and information on privately established Clouds as well as concerns with the government, the PATRIOT Act and other similar policy concerns in other countries.  He also discusses various kinds of security controls that would protect users and businesses that establish these Clouds for their companies or for public use.

Internet security and privacy are important issues, and as technology advances, policy sometimes falls behind in protecting privacy.  Sadly, sometimes it overcompensates and becomes invasive.  These concerns and issues are worth paying attention to and Reavis discusses a number of them.

You can listen to the interview in full here.

Social Media Etiquette

Posted on by Big Brother Watch Posted in Mastering the Internet, Online privacy, Privacy, Social Networking, Technology | 3 Comments

This morning I saw a post about social media etiquette that I think mostly speaks for itself.  In a world where people are using smartphones and Twitter, Facebook, Linkedin, we have become used to having our personal information put out there for all the world to see.  And often without our knowledge.

Personal privacy is always an issue in this world of 24/7 digital accessibility and CCTV cameras watching out every move, but we need to be aware of when we can protect our own privacy.  Choosing your privacy settings, friends and words carefully on social media can make a huge difference in this.

Have a look here to find some of these basic suggestions of how to behave and protect yourself on these social media sites.

SSLs: The Hackgate in Waiting

Posted on by Big Brother Watch Posted in Online privacy | 1 Comment

By Dave Gibson of Deep Blue

What looks like your email, but may not actually be your email? Possibly a sophisticated fake created by the Iranian government to monitor your communication; so sophisticated in fact that those providing the perfect mock-up of your email are using a valid SSL certificate. This gives your  browser the impression that the page is authentic, in the most recent case masquerading as a legitimate Google service, and bypassing any warning that you could normally expect when visiting a fraudulent page.

This is not the first time such a sophisticated ruse has been used to target communications, from emails to instant messenger programs. Such occurrences are known by the sinister name ‘man-in-the-middle’ attacks, where an invisible third-party can eavesdrop sensitive information.   This time, the security breach is so serious that Google and Mozilla have taken the unprecedented step of temporarily blocking any websites with certificates issued by DigiNotar, the Dutch Certificate Authority who’s encryption has been used.

Okay, so most of us aren’t being monitored by despotic regimes, in fact even if the UK Security Services were spying on our Skype messaging, they might find out little more than our thoughts on the new Blade Runner movie, right? I mean, MI5 have got their work cut out with hunting terrorists, honey-trapping student protesters and replacing laptops they lost on their morning commute, why would they be interested in me?

Well, the problem is that not all hackers are in the pay of over-officious bureaucracies with more money than sense. More active in their misuse of your data are professional tech-savvy fraudsters, such as those who committed a similar attack on PayPal a few years ago. SSL certification, at the forefront of web security for nearly two decades, is an obvious target for cyber-criminals.

The most disturbing thing is the lag between the misuse of a certificate and removing the threat it creates. The newly discovered fake certificate is thought to have been created several weeks ago and the PayPal attack took Microsoft months to resolve. One web security expert stated that the only thing notable about the most recent security lapse is “that anyone noticed.

There is clearly something of a serious market failure here, with concerns about the accountability of many companies like DigiNotar who are entrusted with such a fundamentally essential aspect of web security. That after so many years of use, Certification Authorities [CAs]lack such accountability suggests governments are far from on top of this issue. Others fear government-owned CAs are already exploiting the false sense of security SSL provides by creating their own near-seamless fakes to spy on their citizens. The Chinese authorities are known to issue their own SSL certificates and nothing can stop them issuing ones claiming to be Google+ or Yahoo Mail.

Given the failures of the UK authorities in dealing with the comparatively prehistoric issue of phone-hacking, it would be very unwise to put faith in state-driven solutions, yet there is hope for a private-sector solution. That some web-browsers are now blocking every website certified by DigiNotar is a drastic measure given so many legitimate websites will also be hit, yet it shows a markedly serious response to security fears. Perhaps they are trying to avoid the harm to market share Microsoft has suffered from security concerns expressed in the old joke that Internet Explorer should not be used in “hostile environments such as the Internet”. The problem is to find a way that web-browsers, CA clientele and  you and I can verify the integrity of the CAs themselves.

In the meantime, we are all insecure in a discredited web security regime which is as deceptively integral as Doctor Who’s psychic paper. The only comfort can be that now CAs are being directly punished for security lapses, accountability may finally emerge from within the market. If you’re a political dissidents targeted by the most recently discovered lapse, however, you are left with an urgent question : who exactly are you talking to?

Monitoring BBM to Stop…a Water Fight

Posted on by Big Brother Watch Posted in Online privacy, Privacy, Social Networking | Leave a comment

On Friday, the Guardian reports, two young men were arrested in Colchester, charged with ‘encouraging or assisting in the commission of an offense’ after trying to organise a mass water fight via BlackBerry Messenger and Facebook.  Both men will appear before a magistrate at the beginning of next month.

There are a number of concerns to point out in this case.  The first is that the UK can now put itself along side Iran as a state willing to prosecute for taking part in public water fights.  Iran earned this status earlier in the month after the morality police deemed participants to have behaved ‘abnormally’ and disobeying Islamic principals, leading to a series of arrests.  This was all despite the fact that no cases of violence resulted and people enjoyed the three-hour escape from 40 degree heat.  A London-based Iranian blogger wrote that one of the reasons the Iranian government may have been so heavy-handed with this event was the fact that it was organised via social media, which poses a threat to the government’s regime.

The second issue is that this sentiment isn’t unfamiliar in the UK right now.  After the UK riots last week, Cameron made a number of statements in the emergency session of Parliament regarding the threat posed by social media.  He said that there was a need to investigate whether social media sites were deemed to have contributed to criminal behaviour and if shutting them down temporarily was a viable solution to curbing the violence.  BBM, widely determined to be the biggest forum by which the rioters communicated, was also offered up in the statements and has been mentioned repeatedly as its users communicate in relative privacy.

In the case of the Colchester boys and the water fight, it may be becoming obvious that these are no longer suggestions.  First the pre-emptive arrest of these boys when the police should be dealing with rioters that actually committed crimes is unnecessary.  Does the UK really want to be compared with Iran in shutting down members of the public peacefully organising and having fun?

But, more seriously, these young men’s use of social media and BBM to spread word of the event shows police investigators may already be watching BBM, which would be a gross violation of privacy.  As with text messages, the police should have to obtain a warrant to monitor your private communication, which BBM is.  As we’ve said in previous posts in the last week, social media is, to a large degree, in the public domain and shutting down these forums would violate a number of basic freedoms.  But to go beyond that and restrict private communication such as BBM or text messages without a warrant is a violation of privacy.  The government needs to come to grips with its ability to prevent crime rather than simply prosecute it and that restricting the rights and freedoms of all to prevent crimes being committed by a few is simply a step too far and wrong.

‘Anonymous’ Threatens to Take Down Facebook

Posted on by Big Brother Watch Posted in Online privacy, Privacy, Social Networking, Technology | 1 Comment

Activists working in the name of internet ‘Hacktivist’ group Anonymous have threatened to take down Facebook over its privacy policy.

In a YouTube video posted recently, members called upon other ‘hacktivists’ and those interested in protecting internet privacy to get involved and ‘kill’ Facebook.  They have said the takedown will commence on the 5th November, Guy Fawkes Day.  They spell out their grievances with Facebook’s privacy policy in their video which you can watch here, claiming that Facebook has not been clear and transparent about its policies, leading to users uploading information they might not otherwise do if they knew the rights Facebook claims to those details, even after your profile is deleted.  They also make claims that Facebook has sold its information, although creator Mark Zuckerberg has repeatedly denied such claims.

And yesterday, Anonymous’ twitter account @anonops tweeted that only some of the group’s members were part of the #opFacebook group, refuting the claim that Anonymous are responsible for the Operation.  They say that it isn’t the first copycat campaign run in their organisation’s name.

Big Brother Watch is very interested to see if Facebook will make a response or change in its privacy policy and whether Anonymous activists can make the credible threat.

London Riots and Social Media

Posted on by Big Brother Watch Posted in Home, Mastering the Internet, Online privacy, Social Networking, Technology | 2 Comments

The role of social networking outlets such as Twitter, Facebook and Blackberry Messenger (BBM) in contributing to the riots over the last few days has been hotly discussed.  Many have voiced concern they should be shut down or limited.  This kind of knee-jerk reaction to the role of social media would be unnecessary and exceedingly inappropriate.  Rather than shutting these sites down, perhaps there is information to be garnered from working in conjunction with them.

BBM has been acknowledged as the network of choice for the rioters to communicate with each other due to its level of privacy from police surveillance.  With nearly 40% of London’s teens choosing Blackberry as their smartphone of choice, this creates a potentially huge audience for encouraging further violence.  In response, many have called for Blackberry to shut down the service temporarily to curb the violence.  Patrick Spence from Blackberry said “We feel for those impacted by this weekend’s riots in London. We have engaged with the authorities to assist in any way we can” and pledged to work with law enforcement and comply with the law in the UK.

Limiting social networking in the public sphere will not limit violence or deter potential criminals.  In fact, they may even be feeding the public response to resolve the ongoing problems on the streets of London.  Anyone following the #londonriots hashtag on Twitter will see one of the most rapid streams of disapproval of the scenes taking place in London.  People are exchanging photos and videos to identify perpetrators, introducing hash tags and putting pressure on politicians and policeman to respond quickly and more resolutely and arranging community efforts to support the victims in these neighbourhoods.  Additionally, many social network-savvy teens will implicate themselves on these forums, and these statements would be useful to law enforcement in apprehending offenders.

Twitter and Facebook and other public web outlets have been attributed to a number of social movements in the last several months, from Egypt to Libya and so forth.  Police should be taking advantage of the masses of information people are putting on public forums rather than shutting them down due to the deplorable actions of a small minority.  The vast majority of onlookers in the UK and around the globe are appalled by the riots, and I think most of them would happily see communities work with law enforcement through social networking outlets to stop the violence and bring the criminals to justice.


Protecting your Facebook privacy

Posted on by Big Brother Watch Posted in Online privacy, Privacy | 3 Comments

Big Brother Watch frequently receives messages from members of the public asking how best to protect their Facebook profile and, with it, their personal privacy.

Privacy-proofing your Facebook account in order to block people who aren’t your friends from accessing your photographs or to ensure that third-party applications are not able to access your personal information can be a bewildering process – especially as the website appears to change its privacy settings on almost daily basis.

Fast Company has put together a useful step-by-step guide demystifying this process.  It’s well worth a look.  Do pass it on to any friends you think may find it useful.

Hat-tip: RR

Staring at Computers

Posted on by Big Brother Watch Posted in Legal Action, Mastering the Internet, Online privacy, United States | 4 Comments

A few weeks ago, a New York, Kyle McDonald artist installed software on the computers at a number of New York Apple stores, taking thousands of webcam photos of people standing in front of them.  He then created a photo exhibition calling it ‘People Staring at Computers,’ put it on his internet blog and the photos popped up on available computers in the stores where they were taken.

After posting the video, the US Secret Service raided McDonald’s apartment and shut down the website armed with a warrant on the grounds that he’d violated 18 USC section 1030, a law pertaining to computer crimes.  No arrests have yet been made, but this case brings up a number of interesting ideas.

Mr McDonald is now being represented by a civil liberties group Electronic Frontier Foundation, which focuses entirely on freedoms in the internet and digital sphere.  Their arguments include that McDonald did not knowingly violate any laws; he sought the permission of security guards and asked the consent of a number of the individuals featured in his project.  Additionally, he captured the images of people in a public place, willingly standing in front of countless cameras, albeit without their knowledge in most cases.

This particular section of law is primarily intended to protect against someone accessing computers used primarily by the US government and might impact US national security or international communication or relations.  I’m quite sure that computers in an Apple Store qualify as neither.  McDonald was entirely under the impression that it was within his rights to take pictures in a public place and publish them on the internet given he’d been granted the right permissions for the computers in the Apple stores in question.

However, there is also the issue of technology pushing past the limits of personal privacy in a way they never have before.  Image technology has progressed so far past most legislation, that the line between technologically advanced and perverse and unnecessary intrusion into peoples’ privacy.  The prevalence of mobile phone cameras, small digital cameras, CCTV cameras and other similar technology have desensitised most people to having their photo taken.  This has also, in turn, made people less sensitive to their rights to their own image and to the use of such images on a public sphere without their knowledge or permission.

The number of times we step in front of a camera every day is excessive, and the expectation is surely that, at some point, our picture will get taken.  But who owns the rights to that photo or determines when it can be used?  Who is in the right?  Should the use of these photos be controlled?  Or should the images of the private individuals be protected from those who would use it without their permission?  This case brings up an interesting debate about who civil liberties are protecting, I open this one up to the floor.

« Previous   1 2 ... 6 7 8 9 10 11 12 13 14 15 ... 26 27   Next »