Would you be happy for your valentine to read the contents of your email account? He might well have already done so and, if your valentine is a lady – if that is the right word, it’s even more likely!

While some of us instruct our better halves that if they’re creepin’ keep it on the low, 34 per cent of women (versus 14 per cent of men) questioned in an anonymous survey admitted to having broken into their partner’s email at least once. Meanwhile, the men surveyed were keener on more direct surveillance: 3 per cent admitted hiding a camera and 5 per cent ‘regularly’ used online mobile phone trackers to monitor their lover’s location.

So if you found that email from your pretty new secretary to be inexplicably marked as read even though you were sure you hadn’t read it. Or if you wondered how your boyfriend knew your athletic personal trainer lives on Acacia Avenue, your petit ami may well be more of a grand frère than you thought.

Happy Valentine’s Day!

Guest post by Rory Meakin – who received no less than 6 Valentine's cards this morning…!

Over at PogoWasRight.com, they carry news of a new Google security initiative which will ask prospective GMail users to input their mobile telephone numbers in order to receive an 'authentication code' when opening an account.  The code would then be sent to their mobile 'phone.

The blog post asks a simple question: "WHY THE HELL would anyone ever trust Google with their phone numbers?".  It's one I don't have an answer to, especially given the numerous privacy breaches the search engine giant has been connected to in recent years. 

Click here for the full piece.

Gwent Police have had their thin blue collars felt by the Information Commissioner’s Office as it emerged they emailed the results of 10,000 people’s Criminal Records Bureau (CRB) checks to a journalist. 863 of those had personal information recorded, albeit neither identifiably so nor disclosing the nature of the records. This is hardly the first time the CRB system has proven itself to be a nightmare. Too frequently innocent people have their names dragged through the mud as a result of bungled disclosures. And it doesn’t even do what it’s supposed to particularly well as this map of people with clean CRB records who committed child abuse shows.

Worryingly, according to the undertaking signed by the then Chief Constable Mike Giannasi, the member of staff responsible displayed a:

“somewhat caviller (sic) attitude in respect of Gwent Police IT security policy in relation to the use of passwords, disclosure on a needs to know basis, the volume of data transferred (given the purpose of the transfer) and the management of suspected corrupt files.”

The mistake, accidentally sending a spreadsheet packed with sensitive information to the wrong email address could so easily have been a lot more damaging. Fortunately, Mr Giannasi also undertook to ensure his force will use genuine passwords, restrict the emailing of sensitive personal data and even make staff aware of their own data policy. While this sticking plaster solution should certainly be welcomed, it doesn’t address the root cause of the problem: database Britain.

The whole CRB system needs urgent reform.

Guest post by Rory Meakin.

Now don’t get me wrong. I don’t care how many people know how old I am – I am heading toward my half century with unseemly haste. Nor am I averse to friends and acquaintances being aware of the date of my birthday. After all there might be a free drink in it.

But there is all the world of difference between your mates knowing your birthday and everyone else having access to your date of birth.

It was the banks who made dates of birth important. When they began introducing telephone, and later on-line, banking the banks decided that your date of birth should be one of the security questions that they asked to ensure that you were who you said you were. Even today if I phone up may bank to check my balance or to see if any payments have been made the first thing that their automated system demands to know is my date of birth.

So it is disappointing how many organisations, bureaucracies and institutions feel that they want to know your date of birth as well. Most of the time, of course, they have absolutely no need to know your date of birth.

They might be interested to know your age, but that is a different thing entirely. Facebook does not want children under the age of 13 to have accounts. That is fair enough. But do they really need to know your date of birth. A simple check box declaring that you are over 13 would do. Still, at least they do not display your date of birth (unless you allow them to do so).

Even more bizarre are those organisations that demand your date of birth, but do not even want to know how old you are. Take the Football Association. A few weeks ago I was working on a project about St George and needed some photos of people waving the flag of St George. A football crowd, I thought, would be perfect.

I guessed the FA might have a photo collection I could tap into so I went to their website. There was no obvious photo library on offer, but I assumed that they would have photos to sell to journalists and so sought to contact them. There was no phone number and no email address. The only contact point was an enquiry form to fill in. But it was impossible to send that form without first having a Football Association Number – termed a FAN. So then I had to apply for a FAN. To get one I had to provide the FA with my date of birth. So effectively you can not contact the FA without first giving them your date of birth. Remember this is for any query at all.

The casual nature of the request for this information is breath taking. Why does the FA want it? What will they do with it?

Sadly the FA is not alone. These days all organisations are at it. I wanted to get on the mailing list for our local Fun Farm that my little daughter likes to visit. What was one of the questions? My date of birth. They might have reason to be interested in my daughter’s age, but why mine? I asked the girl on reception. She did not know. I did not fill in the information, but added a note asking why they wanted the information. I never got an answer.

Which brings us back to banks. One might have thought that with every organization under the sun wanting to know our date of birth the banks might have moved on to other security checks. Well, my bank has given me a number to use when phoning them up. For some reason this is a different number to the PIN I use with my bank card. Fine. But they still ask for my date of birth – and urge me not to disclose it.

Even worse, when they phoned me up they started by asking me for my date of birth. I’m not being caught by that, I thought, and refused. I told them that they urge me to keep that information private. I wasn’t going to hand it out to any Tom, Dick or Harriette. They said they could not continue the phone call until I had verified my identity with the security information. Fine, I said, I will phone you back. They agreed and told me who to ask for once I had phoned the central bank answering service. So I did.

And the first thing they asked me for was my date of birth.

Guest post by Rupert Matthews.

Late yesterday night, the United States House of Representatives voted to reject the extension of the Patriot Act – a raft of measures introduced in the months following the 9/11 attacks which had considerable implications for civil liberties in the United States. 

Included in the original bill were provisions which watered down the rights of individuals to privacy (something which, while not specifically enshrined in the Constitution, has been affirmed by repeated Supreme Court decisions), allowed Police officials to undertake searches of private property at will, expanded the wire-tapping of private telephone calls and allowed the detention of terror suspects without access to lawyers or full judicial hearings.  Indeed, such was alarm at Section 215 of the act which allows the FBI to scan through the library records of terror suspects that a California library felt the need to display a sign warning visitors of the new law.

While the act received the support of the majority of Congressmen, it fell seven votes short of the two thirds majority required in order for it to be automatically extended.  122 Democrats and 26 Republicans – majority of which were elected as Tea Party candidates at the 2010 elections – voted against the bill.

The failure of the bill to be automatically rewnewed signals a considerable shift in attitudes towards anti-terror legislation in Washington since 2001.  Indeed, when the bill was first brought to the US Senate for confirmation only one Senator cast a vote against it while in the House of Representatives objections to the bill were confined to a handful of abstentions.

While this is surely not the last we have seen of the Patriot Act, it will be fascinating to see how the crop of new, civil liberties-minded Congressman are able to influence the debate in Washington DC in the next two years of this Congress.

As befits our name, Big Brother Watch is an organisation which takes a tough stand against all incursions on the personal privacy by government and big business.

While we would never seek to ridicule our fellow travellers in the pro-privacy cause, readers of this blog will no doubt be amused by the case of a Canadian cat who was accidentally signed up as a member of the British Colombia Liberal Party. Press enquiries requesting information as to how this mishap took place have been met with stony silence from local Liberal party officials.

"We don't provide personal information regardless of whether it came from a cat or a person," said spokesman Lilian Kim. "It's our policy."

At least they're consistent.

Click here for the whole, amusing story.

At Big Brother Watch, we're very used to receiving tip-offs about intrusive iPhone applications monitoring the surfing habits of their users. Today brings the news that mobile phone operator O2 has been closely analysing customer data in order to sell the iPhone itself.

Speaking to the Gartner Business Intelligence conference in London, James Morgan, the head of O2's sinster-sounding 'Customer Intelligence Centre' explained that "running analytics on its customers' calling records it can identify patterns between customers and determine the roles they play in their social networks". As a result, they are better able to target their marketing campaigns to individual users based upon how influential they are judged to be in their social networking sphere.

Morgan added that "by targeting the influencer, the person most likely to be an early adopter and to spread the word, O2 was able to measure the success of the iPhone promotion by seeing how many people in the influencer's network went on to buy the handset".

The full story can be found on the MacWorld blog.

A UCL-funded project has been established examining the flows of traffic and the number of journeys taken on 'Boris Bikes' throughout the capital. It makes for very interesting viewing.

Concerningly, by selecting the right locations and you can narrow down the 'bloke flow' to one or two trips in a period of time, thus enabling you to work out exactly where an individual went.

For example, one is able to see that an individual departed Colombo Street close to the Elephant and Castle Shopping Centre at between noon and 1pm on 4th October, ending their journey in Walnut Tree Walk, Vauxhall within the hour. Only one journey was made on this route between noon and 1pm. Similarly, at 23:00 that same evening, a trip was made from Wellington Road in St John's Wood to Old Quebec Street in Marylebone.

While the information has so far remained anonymous, the fact such specific information about the type of trips individuals have taken is available online appears to indicate that Transport for London are logging the exact movements of all 'Boris Bike' users.

You can view OOBR's London Bike Flows analysis website here.

Over at Public Service, I've written an article about the fact that (rejoice) local authorities have finally been denied surveillance powers for many purposes and have to get warrants to authorise use for the rest. Just as we called for in our report, our manifesto and our book. Very pleased. Let's call this a win.

It's happened because (a) these powers should never have been used for trivial offences in the first place, and (b) the authorities displayed a total inability to use the powers responsibly. So, they lose the capacity to use these powers at all in most areas, and are severely restricted in the rest.

I therefore thought that you might be interested to see the way that the Local Government Association has spun it:

Lobbying success ensures councils can continue using RIPA to fight serious crime

Victory for the LGA! Hee hee

By Alex Deane

As reported over at the Register:  

A Seattle man has been acquitted of all charges brought against him when he refused to show ID to TSA officials and videotaped the incident at an airport security checkpoint.

Prosecutors' case against Phil Mocek was so weak that he was found not guilty without testifying or calling a single witness, the Papers, Please! blog reported. The Daily Conservative said Friday's acquittal was the first time anyone has “successfully challenged the TSA’s assumed authority to question and detain travelers.”

 Mocek's video, shot in November 2009 at the Albuquerque International Airport, portrays a passenger politely refusing officers' request that he show ID and stop videotaping his encounter with them.

“Is there a problem with using a camera in the airport in publicly – in publicly accessible areas?” Mocek calmly asks.

“Yes, there is,” an officer answers.

“I think you're incorrect,” the passenger replies.

As the confrontation continues, one officer tells the man: “You pushing it, OK? You're really pushing it.”

Another officer says: “Buster, you're in trouble.”

But as the six-woman jury in New Mexico's Arizona's Bernalillo County Metropolitan Court made clear, Mocek isn't in trouble. They returned not guilty verdicts for charges that included concealing his identity, refusing to obey a lawful order, trespassing, and disorderly conduct.

As critics have said all along:

• contrary to TSA claims, checkpoint staff have no police powers
• contrary to TSA claims, passengers have the right to fly in the USA without providing ID
• contrary to TSA claims, passengers are free to video record checkpoints as long as images on screening monitors aren't captured.
• contrary to TSA claims, photography is not a crime.
• contrary to TSA claims, annoying the TSA is not a crime – it's recreation.

Within the USA, you have the right to fly without ID, and to photograph, film, and record what happens. Good to know.

By Alex Deane

Hat tip: MD