Liberty News

Cameras at petrol stations will automatically stop uninsured or untaxed vehicles from being filled with fuel, under new UK government plans. Downing Street officials hope the hi-tech system will crack down on the 1.4million motorists who drive without insurance.

Automatic number plate recognition (ANPR) cameras are already fitted in thousands of petrol station forecourts. Drivers can only fill their cars with fuel once the camera has captured and logged the vehicle's number plate. Currently the system is designed to deter motorists from driving off without paying for petrol. But under the new plans, the cameras will automatically check with the DVLA's database.

Downing Street officials are due to meet representatives from the major fuel companies in the next few weeks to discuss the idea.

Some petrol retailers said the proposals were a step too far - claiming they put cashiers at risk. Brian Madderson, from RMI Petrol said: This proposal will increase the potential for conflict. Our cashiers are not law enforcers.

The German Federal Constitutional Court (Bundesverfassungsgericht) has ruled that certain provisions in the Federal Telecommunications Act concerning the disclosure of telecom user data to law enforcement agencies violate the German constitution.

Until now, German law enforcement authorities have had the authority to request data such as personal identification numbers or personal unlocking keys that protect access to devices or storage space on networks.

The current law allows law enforcement to request such data without stating specific conditions or the legal basis for complying with such a request.

According to the Court, however, because law enforcement authorities do not require this type of data to carry out their duties, the current provisions in telecommunications law allowing these requests are not proportionate and thus violate the constitutional right to informational self-determination.

The Court requested that the German legislature revise the relevant provisions of the German Federal Telecommunications Act by June 2013.

Changes made by Google to its privacy policy are in breach of European law, the EU's justice commissioner has said.

Viviane Reding told the BBC that authorities found that transparency rules have not been applied.

The policy change, implemented on 1st March, means private data collected by one Google service can be shared with its other platforms including YouTube, Gmail and Blogger.

Google said it believed the new policy complied with EU law. It went ahead with the changes despite warnings from the EU earlier this week.

Offsite Comment: Thoughts on Google's Privacy Policy changes

2nd March 2012. See article from privacyinternational.org

Google wants to be able to provide an ID card equivalent for the Internet.

...Read the full article

Reporters Without Borders is alarmed by the latest demands being made by India's security agencies with the aim of reinforcing surveillance of Internet use. Email service providers such as Yahoo! and Gmail are now being instructed to route all emails accessed in India through servers based there to facilitate monitoring.

The Indian media report that, during a meeting in the office of the home secretary (interior minister), the department of information technology was told to notify all email service providers of the new directive.

According to an article in The Times of India, the Intelligence Bureau (IB) has also told department of telecommunications to ask mobile phone companies to set up mechanisms for monitoring Internet usage on mobile phones.

Reporters Without Borders said:

These are the latest of many abusive demands that the Indian authorities have made on Internet companies and service providers. The government's desire to step surveillance of telecommunications has become obsessive since the 2008 Mumbai bombings. It should not forget the fundamental right to confidentiality and privacy. These plans must be dropped and the harassment of Internet companies must stop.

For the moment, Yahoo! routes emails via servers based in India only if they involve email accounts registered in India. Emails sent from accounts registered abroad (addresses ending in yahoo.com or yahoo.fr, for example) are routed through servers based abroad even if they are accessed in India. This means that the Indian security services cannot inspect them without first making a formal request to the government of the country concerned.

It has also emerged that, at a meeting in January, security agencies told the department of telecommunications to provide them with a list of all the Indian companies using BlackBerry Enterprise Server (BES), a highly encrypted corporate email service provided by the BlackBerry smartphone's Canadian manufacturer, Research in Motion.

The security agencies apparently intend to contact each of these companies one by one and ask them to surrender the company encryption key.

According to The Times of India, Research in Motion has finally established a server in India that will allow Indian law enforcement agencies to intercept messages sent by the BlackBerry instant messaging service, BlackBerry Messenger (BBM), in real-time.

Details of every phone call and text message, email traffic and websites visited online are to be stored in a series of vast databases under new Government plans. Landline and mobile phone companies and broadband providers will be ordered to store the data for a year and make it available to the security services under the scheme.

The databases would not record the contents of calls, texts or emails but the numbers or email addresses of who they are sent and received by. For the first time, the security services will have widespread access to information about who has been communicating with each other on social networking sites such as Facebook. Direct messages between subscribers to websites such as Twitter would also be stored, as well as communications between players in online video games.

Rather than the Government holding the information centrally, companies including BT, Sky, Virgin Media, Vodafone and O2 would have to keep the records themselves. Under the scheme the security services would be granted real time access to phone and internet records of people they want to put under surveillance, as well as the ability to reconstruct their movements through the information stored in the databases. The system would track who, when and where of each message, allowing extremely close surveillance. Mobile phone records of calls and texts show within yards where a call was made or a message was sent, while emails and internet browsing histories can be matched to a computer's IP address, which can be used to locate where it was sent.

Labour shelved the project - known as the Intercept Modernisation Programme - in November 2009 after a consultation showed it had little public support.

At the same time the Conservatives criticised Labour's reckless record on privacy. A called Reversing the Rise of the Surveillance State by Dominic Grieve, then shadow home secretary and now Attorney General, published in 2009, said a Tory government would collect fewer personal details which would be held by specific authorities on a need-to-know basis only.

But the security services have now won a battle to have the scheme revived. They are known to have lobbied Theresa May, the Home Secretary, strongly for the scheme.

Sources said ministers are planning to allocate legislative time to the new spy programme, called the Communications Capabilities Development Programme (CCDP), in the Queen's Speech in May.

When new rules governing the way companies collect and use data about our movements online come into force, a little i symbol will appear on screen to reveal adverts generated by cookies. Many internet users find these digital devices, which are used by websites to create personal profiles based on use of the Internet, intrusive.

The data is used for Online Behavioural Advertising, allowing companies to direct their display adverts at individuals who, through the websites they have visited, have indicated an interest in certain goods or services.

The warning system, to be introduced by the European Advertising Standards Alliance and the Internet Advertising Bureau of Europe, will allow users to opt out of all Online Behavioural Advertising.

Similar measures introduced in the US had shown that users were often reassured about the use of cookies and chose to redefine their advertising profiles so they more accurately reflected their interests. Some web names, like Yahoo!, have already begun using the triangle icon on a voluntary basis in Britain but from June all ad networks will be required to display the symbol or face sanctions.

A small group of British MPs have signed up to an Early Day Motion voicing concern that Google are set to plunder user data for advert serving purposes.

The primary sponsor is Robert Halfon and the motion reads:

That this House

• is concerned at reports in the Wall Street Journal that Google may now be combining nearly all the information it has on its users, which could make it harder for them to remain anonymous;

• notes that Google's new policy is planned to take effect on 1 March 2012, but that this has not been widely advertised or highlighted to Google's users and customers, who now number more than 800 million people;

• and therefore concludes that Google should make efforts to consult on these changes and that the firm should be extremely careful in the months ahead not to risk the same kind of mass privacy violations that took place under its StreetView programme, which the Australian Minister for Communications called the largest privacy breach in history across western democracies.

The motion has been signed by

• Campbell, Gregory: Democratic Unionist Party Londonderry East
• Campbell, Ronnie: Labour Party Blyth Valley
• Caton, Martin: Labour Party Gower
• Clark, Katy: Labour Party North Ayrshire and Arran
• Connarty, Michael: Labour Party Linlithgow and East Falkirk
• Corbyn, Jeremy; Labour Party Islington North
• Halfon, Robert; Conservative Party Harlow
• Hopkins, Kelvin; Labour Party Luton North
• McCrea, Dr William; Democratic Unionist Party South Antrim
• Meale, Alan; Labour Party Mansfield
• Morris, David; Conservative Party Morecambe and Lunesdale
• Osborne, Sandra; Labour Party Ayr Carrick and Cumnock
• Rogerson, Dan; Liberal Democrats North Cornwall
• Vickers, Martin; Conservative Party Cleethorpes
• Williams, Stephen; Liberal Democrats Bristol West

Security researchers have discovered that Apple's iPhone keeps a record of where you go -- and saves every detail of it to a secret file on the device which is then copied to the owner's computer when the two are synchronised.

The file contains the latitude and longitude of the phone's recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner's movements using a simple program.

For some phones, there could be almost a year's worth of data stored, as the recording of data seems to have started with Apple's iOS 4 update to the phone's operating system, released in June 2010.

Apple has made it possible for almost anybody -- a jealous spouse, a private detective -- with access to your phone or computer to get detailed information about where you've been, said Pete Warden, one of the researchers.

Although mobile networks already record phones' locations, it is only available to the police and other recognised organisations following a court order under the Regulation of Investigatory Power Act.

Warden and Allan have set up a web page which answers questions about the file, and created a simple downloadable application to let Apple users check for themselves what location data the phone is retaining.

The Guardian has confirmed that 3G-enabled devices including the iPad also retain the data and copy it to the owner's computer.

Google has announced that it was placing 60 of its Web services under a unified privacy policy that would allow the company to share data between any of those services. (Google Books, Google Wallet and Google Chrome are excluded due to different regulatory and technical issues.)

Any user with a Google account --- used to sign in to services such as Gmail, YouTube and personalized search --- must agree to the policy. Users who don't want to have their data shared have the option to close their accounts with Google.

The changes will apply from March 1st.

Data-protection agencies in Ireland and France said they would assess the implications of the push. At least one consumer-advocacy group fretted that the policy -- which makes it easier for Google to target advertisements to specific groups -- might tie users' hands and make it harder for them to limit what the company can do with their information.

This announcement is pretty frustrating and potentially frightening from a kids and family and teenager standpoint and an overall consumer privacy standpoint, said James Steyer, chief executive officer of San Francisco-based Common Sense Media.

...Read the full article

After Newham in London, Aberdeen Council has introduced a video system that gives council staff first sight of every visitor to residential properties.

Previously the video entry system connected the person at the door with the property they were trying to enter, and the person inside was able to see a video image of the person outside and, if they wished, remotely open the door.

Aberdeen Council has now written to residents informing them that they are going to change the system so it is a council operator who controls access, and gets to see who is visiting you. The letter reads:

When a non-resident calls your flat from the entrance, the call would be diverted to a centralised control room, where we will also monitor the current CCTV cameras in your building 24 hours a day. A member of staff from the control room would contact you directly and ask if you agreed to the non-resident being allowed access to the building.

Why should a council official be able to see the visitors to your flat before you do? It's no business who you have into your own property and the last thing residents need is a council official scrutinising everyone they invite round for a cup of tea.

Following the intervention of Big Brother Watch, the council has confirmed that residents who do not wish their visitors to be seen by a council official in the control room will be able to opt-out of the system.

Researchers have found that so called smart electricity meters can be used to determine what TV programmes people are watching.

German researchers have been looking over meters from the company Discovergy. They found that the fluctuating brightness levels of a film or TV show when displayed on a plasma-screen or LCD TV created fluctuating power-consumption levels. This creates a power/consumption signature for a film that might be determined from the readings obtained by Discovergy's technology.

The researchers also found that Discovergy apparently allowed information gathered by its smart meters to travel over an insecure link to its servers. The information -- which could be intercepted -- apparently could be interpreted to reveal not only whether or not users happened to be at home and consuming electricity at the time.

This was revealed during a presentation by researchers Dario Carluccio and Stephan Brinkhaus at the 28th Chaos Computing Congress (28c3) hacker conference in Berlin late last month.

During the talk, entitled, Smart Hacking for Privacy, the researchers explained that they came across numerous security and privacy-related issues after signing up with the smart electricity meter service supplied by Discovergy.

Because Discovergy's website's SSL certificate was misconfigured, the meters failed to send data over a secure, encrypted link - contrary to claims Discovergy made at the time before the presentation. This meant that confidential electricity consumption data was sent in clear text.

In addition, the researchers discovered that a complete historical record of users' meter usage was easily obtained from Discovergy's servers via an interface designed to provide access to usage for only the last three months. The meters supplied by the firm log power usage in two-second intervals. This fine-grained data was enough not only to determine what appliances a user was using over a period of time -- thanks to the power signature of particular devices -- but even which film they were watching.

The researchers concluded that the two-second frequency of power readings was unnecessary for Discovergy's stated goals. One has to ask why the sample rate was fast enough to determine customers viewing habits and what devices they are using and why a complete history of such information is being kept.

Shopping centres have triggered a Big Brother row after installing equipment that allows them to track customers using their mobile phone signals.

The technology has raised privacy concerns after it emerged that major shopping centre owner Land Securities has installed it at ten of Britain's biggest malls.

These include the giant Cabot Circus, Bristol; Gunwharf Quays, Portsmouth; Princesshay, Exeter; Buchanan Galleries, Glasgow; Bon Accord & St Nicholas, Aberdeen; and The Centre, Livingston. Malls using the FootPath system in the London area include One New Change and New Street Square in the City; Cardinal Place, Victoria; and The Galleria, Hatfield.

A tiny yellow sign in Exeter's Princesshay shopping centre is the only warning customers receive that their mobile phone signal is being tracked by Footpath's scanners. There is no way to opt out except not to enter or to turn off your mobile

Path Intelligence, which developed the system in the UK, said it includes safeguards to prevent spying on individuals and that no personal information is collected. Rather, it is designed to track people's movements to better understand what shops and services they find most interesting or useful.

Nick Pickles, of privacy and civil liberties group Big Brother Watch, said the law needs to be tightened to cope with new mobile phone tracking systems:

People are right to be worried that their mobile phones can be turned into tracking devices very easily, without their permission or knowledge.

While we have been given assurances that the FootPath technology is not capable of capturing personal information or sending communications to people's phones, other technologies which would allow this are available.

Such tracking and communications would be a significant intrusion on privacy.