According to a news report over at Tech Eye, the French privacy commissioner has hit Google with a €100,000 fine after finding the company guilty of collecting sensitive personal information from domestic WiFi networks through its Street View service.

At Big Brother Watch, has taken such clear and unequivocal action against Google.  Sadly, the UK's own Information Commissioner has effectively abdicated responsibility for online privacy, refusing to take what he calls “knee-jerk” action against Google for their illegal harvesting of personal data.  

As we've argued many times before, if the Information Commissioner’s Office is to be taken seriously, they must move away from their current lackadaisical approach to online privacy issues and take a far more pro-active stance on digital issues.

Click here for more.we are delighted that France's data regulator 

The U.S. military is developing software designed to manipulate social networking sites around the world. The programme is an “online persona management service”, allowing U.S. military personnel to maintain up to 10 false online identities each. The aim is to influence debate and spread pro-American propaganda. These identities will have detailed, fictionalised backgrounds and a sophisticated identity protection service, preventing any sort of tracing of the users. In theory these military personnel can be whoever they want to be, wherever they want to be, and the software will facilitate this.

Centcom (The United States Central Command) spokesman Commander Bill Speaks said:

"The technology supports classified blogging activities on foreign-language websites to enable Centcom to counter violent extremist and enemy propaganda outside the US."

He claimed the technology will only be used on websites in languages such as Arabic, Farsi, Urdu and Pashto. It is part of a larger anti-terrorism programme called Operation Earnest Voice, originally developed in Iraq as a ‘psychological warfare weapon’ against the online presence of Al-Qaeda supporters.

As we can see from the recent revolutions in the Middle East, social networking can be a vital tool in organising protest. The internet makes anonymity relatively easy, but the idea of ‘weaponizing’ social media in this way to infiltrate groups and frame debate could have huge consequences for the international community. It is also possible that similar technology and techniques could be used by pariah states to maintain control of their citizens. There have been rumours of unpopular governments in Africa and the Middle East using Facebook and other social networking sites to organise sham anti-government ‘protests’, inviting people to meet at a certain time and location, whereupon they are arrested by police or intelligence services on suspicion of treason.

It goes without saying that there is a risk Western governments could use this software on English language websites such as Facebook and Twitter. Centcom claim they are not targeting any US-based web sites, including social networking sites, but as we have seen with terrorism legislation used by local councils in the UK, the temptation to mould debate domestically may be too much. The potential for abuse of this system is immense. When asked if the UK had been involved in the development of persona management programmes, the MoD stated:

“We don’t comment on cyber capability.”

Fresh security concerns about Skype were raised this week by Privacy International, a non-profit privacy watchdog.

The group identified elements of Skype’s service which are vulnerable in regards to security. They claim the use of full names on contact lists instead of usernames makes it easy to impersonate people and mislead who you are talking to. In addition, the Skype website does not use the security encryption protocol HTTPS, which prevents the unauthorised hijacking of downloads. 

Without HTTPS, hackers can trick users into downloading Trojan software which can steal information or harm computers. Finally, Skype uses a VBR audio compression codec which is known to be extremely vulnerable even when encrypted. Recent research indicated it allows phrases to be identified with an accuracy of 50-90%.

Privacy International's Human Rights and Technology Advisor, Eric King, says:

"Skype's misleading security assurances continue to expose users around the world to unnecessary and dangerous risk. It's time for Skype to own up to the reality of its security and to take a leadership position in global communications."

A spokesman for Skype responded:

"Privacy International has not been in touch with us so it will take us some time to read and digest the report before we are in a position to respond. Skype takes these issues seriously and aims to provide users with the best possible levels of privacy and security."

The lack of HTTPS, when it is already used by a wide variety of firms such as Facebook, Gmail and Twitter, seems like an obvious oversight and should be corrected as soon as possible to ensure users are not downloading Trojan software which can harm their computers. We will have to wait and see if Skype is proactive in correcting these security flaws.

In a Twitter story which has wide ranging consequences for civil liberties, a U.S. federal judge in Virginia ruled last Friday that Twitter must hand over data relating to at least three of its users, including screen names and e-mail addresses associated with the accounts, to federal prosecutors in the U.S. The government is investigating the actions of Julian Assange in relation to the release of the Wikileaks U.S. Embassy cables last year.

The account details involved are those of Jacob Appelbaum, Rop Gonggrijp, and Birgitta Jonsdottir, who have all volunteered for Wikileaks at some point in the past. Jonsdottir is now a member of the Icelandic Parliament, but her Wikileaks past is coming back to haunt her in this court ruling.

Judge Theresa Buchanan ruled that their posts had been made public as soon as they were placed on Twitter. The lawyers representing the users said the government is violating their clients’ First Amendment rights and privacy by requesting the personal account data from Twitter. The lawyers of the three plan to appeal the ruling to a district court judge.

The American Civil Liberties Union expressed their fears in this statement:

“We disagree with this ruling because it allows the government to obtain private info about individuals’ internet communications in secret and, except in extraordinary circumstances, that’s not how our judicial system works and it should not be permitted here”

While Twitter posts are inherently public, the idea of governments having free access to your account information is worrying. If this becomes a precedent, all information shared on the internet, public and private, is no longer secure.

What do you think?

On May 25th an amendment will be incorporated into UK law, forbidding websites from sending cookies to users’ computers, or receiving them, without prior consent. The rule states:

"Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information… about the purposes of the processing."

There will inevitably be complaints from advertisers, as targeted marketing is hugely valuable and allows companies to gauge the success of ad campaigns. However, it is a product of the rapid evolution of the internet that this sort of legislation has taken so long to come to fruition. Advertisers should never have had access to files on consumers’ computers without the express permission being given. While targeted marketing can be beneficial for users by filtering out advertisements which aren’t relevant or wanted, consent should be required.

European Justice Commissioner Viviane Reding outlined the thinking behind the change in a speech to the European Parliament yesterday:

"I want to explicitly clarify that people shall have the right – and not only the possibility – to withdraw their consent to data processing. The burden of proof should be on data controllers – those who process your personal data. They must prove that they need to keep the data, rather than individuals having to prove that collecting their data is not necessary."

The rules will also give people “the right to be forgotten”, strengthening the rights of individuals to have their information deleted and placing the onus on websites to prove they need to keep the data. In addition, social networks were singled out by the Justice Commissioner as requiring a more transparent method of data processing because of the large amount of young people who sign up to their services.

The short space of time before the amendment comes into effect could lead to negative consequences. No one wants an intrusive pop-up on every website they visit asking permission for cookies. Government must work together with internet browser companies to find a solution acceptable to everyone rather than waiting to see what happens on May 25th. A radical approach would be for websites to pay internet users for the right to store cookies on their computers. Without an incentive, there is a risk that users will simply reject all cookies in the interests of privacy, permanently damaging internet marketing.

The Information Commissioner’s Office today released the results of an online survey from YouGov showing that a staggering 40% of people with Wi-Fi at home do not understand how to change the security settings on their wireless network. In addition, 16% of those surveyed with a Wi-Fi network at home are either unsure or are already aware that they are using an unsecured network.

In an attempt to combat this, the ICO has published new guidance for consumers explaining security settings, while calling for industry bodies to ensure they make people aware of the risks of unsecured networks. Steve Wood, Head of Policy at the ICO said:

“People wouldn’t go out and leave their front door unlocked, but many are still surfing the internet without adequate protection for their personal information. The fact that Google’s Street View cars were able to pick up payload data from unsecured Wi-Fi networks as a by-product of their signals mapping exercise has further highlighted that more people need to take their Wi-Fi security settings seriously.

“Leaving your Wi-Fi connection unsecured allows people easy access to your network. This increase in traffic could reduce the speed of your connection or cause you to exceed a data cap imposed by the service provider. However even more worryingly, it also leaves you open to the actions of rogue individuals who may be using your Wi-Fi to carry out potentially criminal actions without your knowledge. Today’s new guidance aims to get people thinking about whether they are doing enough to ensure their wireless networks are secure."

Internet providers have made positive steps in recent years to simplify the process of Wi-Fi security, often pre-installing settings for customers and displaying passwords on routers, but it is clear from these figures that more must be done to explain the process of setting up and altering security settings. If passwords fall into the wrong hands or are forgotten, customers must have the ability to resolve the problem themselves.

The developer Eric Butler exposed the dangers of unsecured networks last October with his Firefox extension ‘Firesheep’, which effectively allowed you to hack in to other people on the networks internet accounts such as Amazon and Facebook using cookies downloaded to their computers.

The guidance from the ICO can be found here.

Over on the BBC Online Technology section, there's an interesting piece this morning regarding new EU laws which will, from May 25th, demand that websites who use 'cookies' in order to track user behaviour and target advertising to them will have to obtain "explicit consent" before placing them on their computers.

The new approach has been mandated by the European e-Privacy Directive which will come into force in May which "demands that users be fully informed about the information being stored in cookies and told why they see particular adverts".

Big Brother Watch have long argued that such moves should be voluntarily-adopted industry standards as opposed to supranationally-imposed EU regulations, yet we nonetheless look forward to seeing how websites will adapt to these regulations.

Click here to read the full story.

In the interim, before this Directive comes into force, you are able to opt-out of having the cookies of many of the largest internet advertising firms placed on your computer by clicking here.

According to a report in the Guardian this morning, the Which? magazine has launched an investigation into security concerns surrounding the use of 'flash cookies'.

In the past, Big Brother Watch has provided information about how to remove cookies – a small digital record planted on your computer by online advertisers – yet the development of so-called 'flash cookies' has made it far harder to remove them from your computer's hard drive.

According to the Guardian:

"Flash cookies are a component of the applications which run inside Adobe Flash Player. Originally their role was to store and retrieve user preferences in order to provide a better browsing experience. But the investigation for the latest issue of Which? Computing found that flash cookies are increasingly being used to invisibly track users' online habits, even when standard cookies have been removed from a computer."

They have called on the Information Commissioner and the European Commission to investigate their use – a call Big Brother Watch strongly supports.

Click here for the full article at the Guardian website.