|28th June |
Advertising company claims to be able to track almost 100% of Brits
A British advertising company claims to have built the world's largest database of individuals' internet behaviour, which it says will track almost 100% of the UK population.
The announcement plunges WPP straight into the middle of the
privacy debate surrounding online marketing. The company said it was pooling data from many of the world's major websites, networks of online advertisers and even sources following what people are buying in high street stores.
FTSE 100-listed WPP
is one of the most powerful well-connected advertising companies in the world, and its clients include some of the most famous global brands. Many, though not yet named, are providing WPP with data about visitors to their websites as part of the
company's new database venture, called Xaxis.
The internet is an advertising-supported medium, and much of the web is free because advertisers want to put messages in front of people, said Brian Lesser, chief executive of Xaxis. We are
supporting the broader internet economy by improving the targeting of ads, while also playing by the strictest privacy rules.
It has built individual profiles of 500 million internet users across the world, covering, it says, almost 100 per
cent of the people online in the countries in which it operates, including the UK, US, Australia and eight others.
Privacy campaigners warned against the concentration of so much data about individuals.
Knowing the pattern of websites
you go to makes it very easy to identify you, said John Buckman, chairman of the Electronic Frontier Foundation (EFF). The greatest problem with data gathering is not from the people gathering it, but where it goes afterwards. When the cat is out
the bag, you can't put it back in. The safest protection for data is to never have it in the first place. The principle should be for the minimum amount of data to be captured wherever possible.
The company is promising advertisers an
unprecedented level of precision and zero waste , so that only people likely to be interested in their products will see adverts. But Mr Lesser added that WPP could be trusted not to try to unscramble the data and match it to individuals. Who the person is is not really important to us,
he said. We will never get to the point that we know so much that we know who the person is.
|23rd June |
The EU looks to establish an agency to manage large scale European databases
Based on article from zdnet.co.uk
A plan to set up an agency to manage large IT database systems across the European Union has taken a step forward, after the Council of Ministers gave its approval to the scheme. The European Council said it will back the scheme if it gains further
approval from the European Parliament.
The as-yet-unnamed agency would take over the operational management of three major and related databases: the second-generation Schengen Information System (SIS II), the Visa Information System (VIS) and the
Eurodac fingerprint-comparison system.
The new agency might also be made responsible for the preparation, development and operational management of additional large-scale IT systems that are planned for the same field, although new
legislation and impact assessments would be needed to allow this to happen.
The aim is for the new agency to start work in the summer of 2012. It will be based in Tallinn, Estonia, although development and operational management tasks will be
carried out in Strasbourg, France. A back-up site will be established in the Austrian ski resort town of Sankt Johann im Pongau.
|20th June |
Internet Eyes ordered to better protect CCTV feeds streamed to amateur snoops
A website that allows members to monitor CCTV cameras has been ordered to make changes by privacy regulators after footage from a shop was uploaded to YouTube.
Security video streamed to amateur snoops' computers by Internet Eyes was saved and
posted online in violation of data protection legislation, according to the Information Commissioner's Office.
The regulator received a complaint after the clip, which included an identifiable image of an innocent shopper, was discovered on
Google's video sharing website.
A subsequent investigation found that Internet Eyes had not implemented adequate safeguards to protect the privacy of legitimate shoppers and had no way of finding out which of its members uploaded the footage.
The Information Commissioner ordered the site to encrypt its video streams and ensure it keeps records of which members have monitored which shops and when.
|19th June |
Avoid small talk with supermarket cashiers, they are being trained to spy on people's shopping baskets
article from dailymail.co.uk
Supermarket staff are being trained by UK health officials to spy on customer shopping baskets, it has emerged.
The government-backed scheme to be rolled out at Sainsbury's stores nationwide supposedly aims to identify hidden carers , people who look after elderly, sick or disabled relatives who do not realise they could be entitled to support.
Under the scheme, cashiers will be asked to watch out for unusual shopping habits and taught to discretely ask customers about their personal circumstances while serving them. Tell-tale signs include shoppers who have two baskets of groceries and
pay for each separately.
Pharmacists will also be trained to quiz people who are picking up prescriptions for other people.
A pilot scheme in Torbay, Devon, led to more than 140 people seeking help in just two months. Sainsbury's cashiers
will be asked to discretely ask customers about their personal circumstances while serving them
Daniel Hamilton, of the campaign group Big Brother Watch, said: It strikes me as something that will make a lot of people uncomfortable. They are
trying to do the right thing but they have to be careful about how they do it.
Simon Davies, of Privacy International, said posters and leaflets would be less intrusive. He added: They may have the best of intentions but I would have
thought that this not the way to do it. It is crossing the creepy line.
|17th June |
So how dangerous is Facebook's facial recognition technology?
Could it be used to try and identify photos from elsewhere on the internet?
article from pcworld.com
There's been a lot of buzz in the media about Facebook's facial-recognition technology--admittedly, in part thanks to us. But now we've decided to look at the technology itself: Is it as dangerous as we think it is? In the end,
Facebook's new face-recognizing feature doesn't yet work well enough to pose a significant threat to your privacy.
So How Well Does It Work?
...Read the full
|4th June |
BT claim the right to examine private networks of their broadband customers
BT officials have admitted to keeping tabs on the Local Area Networks (LANs) of their broadband customers. They claim to reserve the right to examine the private networks of their broadband customers whenever they feel the information can improve the
service they provide, or when the safety of their customers is placed at risk.
BT considers this process to be similar to Windows Update from Microsoft, but unlike that program it lacks an opt-out. There is a clear financial benefit for ISPs to
have access to this information, as they can market certain products to customers based on what equipment they already have attached to their network. If they can identify useful products which aren't connected, they can tailor their marketing towards
these items. Alternatively, if for example an IP-capable TV is attached, they can advertise connected services which utilise this.
A statement from BT read:
...there may be other circumstances in which we would carry out remote
diagnostic tests of customers' equipment to make sure all is working. We don't believe that consent is necessary where the testing is necessary to the service that we are providing.
|19th May |
Big Brother Watch report on civil liberties in the first year of the Coalition Government
See report [pdf] from
A year ago, the Coalition Government was formed. On page 11 of the Coalition Agreement, the Conservatives and Liberal Democrats made the following commitment to the British people:
be strong in defence of freedom. The Government believes that the British state has become too authoritarian, and that over the past decade it has abused and eroded fundamental human freedoms and historic civil liberties. We need to restore the rights of
individuals in the face of encroaching state power, in keeping with Britain's tradition of freedom and fairness.
So – how have they done?
When it comes to advancing the cause of
civil liberties in the United Kingdom, the Coalition has some real achievements to speak off. In particular, ministers should be congratulated for taking steps to scrap ID cards and remove the profiles of the one million innocent people held on the
national DNA database. They should also be praised for doing away with the ContactPoint database of children's details and reforming the criminal record check regime.
The Coalition's record is, however, imperfect.
Police stop and search powers remain in place, Control Orders remain virtually unreformed and there has been no opt-out from the European Arrest Warrant. When it comes to E-Borders, the Summary Care Record and Intercept Modernisation Programme, they have
continued to implement the previous government's policies – warts and all.
This paper outlines the progress to date and suggestions for where further improvements can be made.
|15th May |
Metropolitan police buy communications analysis and visualisation software
See article from
The Metropolitan police has bought Geotime, a security programme used by the US military, which shows an individual's movements and communications with other people on a three-dimensional graphic. It can be used to collate information gathered from
social networking sites, satellite navigation equipment, mobile phones, financial transactions and IP network logs.
Campaigners and lawyers have expressed concern at how the software could be used to monitor innocent parties such as protesters in
breach of data protection legislation.
Alex Hanff, the campaigns manager at Privacy International, called on the police to explain who will decide how this software will be used in future: Once millions and millions of pieces of microdata are
aggregated, you end up with this very high-resolution picture of somebody, and this is effectively what they are doing here. We shouldn't be tracked and traced and have pictures built by our own government and police for the benefit of commercial gain,
According to Geotime's website, the programme displays data from a variety of sources, allowing the user to navigate the data with a timeline and animated display. The website claims it can also throw up previously unseen connections
Links between entities can represent communications, relationships, transactions, message logs, etc and are visualised over time to reveal temporal patterns and behaviours, it reads.
|6th May |
Google and Apple generate an unencrypted location file on mobile devices even when geo-location services are turned
1st May 2011. Based on
article from kionrightnow.com
Security researchers have revealed that Apple's iOS 4 mobile operating system, which runs on the highly popular iPhone and iPad devices, constantly tracks and stores users' approximate location information without their knowledge or consent.
It has now been learned that law enforcement agencies have known about the secret iOS tracking for at least the last year, and have used the data to aid criminal investigations, according to CNet.
The information recorded by Apple is not a users' exact location; instead, the company tracks which cell tower each iOS device uses to connect to a wireless network.
Apple has never publicized any information about the tracking function.
collected cell tower and Wi-Fi access point information, which is transmitted to Apple every 12 hours.
According to a company called Katana Forensics, however, the unencrypted data is also used by law enforcement for their own
purposes. The information on the phone is useful in a forensics context, said Alex Levinson of Katana, who spoke with CNet. The company's iOS data extracting software, Lantern 2, is often used by small-town local police all the way up to state
and federal police, different agencies in the government that have forensics units.
Apple's iOS isn't the only mobile OS that collects user location information. Devices running Google's market-leading Android OS also keep a record of the
locations and unique IDs of the last 50 mobile masts that it has communicated with, and the last 200 Wi-Fi networks that it has 'seen,' according to the Guardian.
There may be a glimmer of hope for the little man in this, however.
Representative Edward Markey has come to the rescue, asking Apple CEO Steve Jobs in a letter sent this week to explain his company's privacy-encroaching ways. I am concerned about this report and the consequences of this feature for individuals'
privacy, Rep. Markey wrote in the letter, followed by a series of questions about the location data file and why, exactly, it exists.
6th May 2011. See
article from bbc.co.uk
Apple has released a software update after complaints that iPhones and iPads were secretly recording locations.
The problem came to light when security researchers found a hidden file on the devices containing a record of everywhere they had been.
The update, which is available through the iTunes store, cuts the amount of stored data to just a week and no longer transfers it to the owner's computer when the phone is connected.
And if users disable the location services setting on
their iPhone or iPad, it will stop collecting data completely.
Permission for the tracking was given by users, albeit hidden away in the terms and conditions for the iTunes store.
|30th April |
US to continue development of its online ID card system
The Obama administration has said that it's moving ahead with a plan for broad adoption of Internet IDs despite concerns about identity centralization, and hopes to fund pilot projects next year.
There's no reliable way to verify identity
online at the moment, Commerce Secretary Gary Locke sai: Passwords just won't cut it here.
A document released by the White House adds a few more details to the proposal, which still remains mostly vague.
It offers examples of
what the White House views as an identity ecosystem, including obtaining a digital ID from an ISP that could be used to view your personal health information, or obtaining an ID linked to your cell phone that would let you log into IRS.gov to view
payments and file taxes. The idea is to have multiple identity providers that are part of the same system.
Administration officials plan to convene a series of workshops between June and September of this year that would bring together companies
and advocacy groups and move closer to an actual specification for what's being called the National Strategy for Trusted Identities in Cyberspace, or NSTIC.
During his speech, Locke lashed out critics of the proposal. A column in NetworkWorld.com,
for instance, called NSTIC a great example of rampant, over-reaching, ignorant, and ill-conceived political foolishness.
|15th April |
The Czech Republic joins growing list of dissenters to the EU Data Retention Directive
See article from
The Czech Constitutional Court has overturned the country's implementation of the EU Data Retention Directive (DRD), on the grounds that it violates fundamental privacy rights and is a disproportionate response to what it is trying to achieve.
ruling comes after Sweden delayed implementing the DRD. Germany, Romania, Cyprus and Hungary have overturned their implementations, while Greece, Ireland and Austria have so far refused to implement the Directive at all.
|10th April |
Internet businesses oppose France's draconian record keeping law
See article from
Google and Facebook are among a group of net heavyweights taking the French government to court.
The legal challenge at the State Council, France's highest judicial body, has been brought by The French Association of Internet Community Services
(ASIC) and relates to government plans to keep web users' personal data for a year.
More than 20 firms are involved, including eBay and Dailymotion.
The law obliges a range of e-commerce sites, video and music services and webmail providers
to keep a host of data on customers. This includes users' full names, postal addresses, telephone numbers and passwords.
The data must be handed over to the authorities if demanded. Police, the fraud office, customs, tax and social security bodies
will all have the right of access.
ASIC head Benoit Tabaka believes that the data law is unnecessarily draconian. ASIC also thinks that passwords should not be collected and warned that retaining them could have security implications.
|9th April |
CPS drop the case against BT over unlawful snooping during Phorm trials
See article from
BT will not be prosecuted for snooping on the web browsing habits of its customers.
The Crown Prosecution Service (CPS) has dropped a request to bring charges against BT and Phorm - the firm that supplied the monitoring system. The Webwise
software used cookies to track people online and then tailored adverts to the sites they visited.
Trials were carried out in 2006 and involved more than 16,000 BT customers. When the covert trials became public they led to calls for prosecution
because BT and partner Phorm did not get the consent of customers beforehand. Snooping is an offence under the Regulation of Investigatory Powers Act which outlaws unlawful interception.
At present, the available evidence is insufficient to
provide a realistic prospect of conviction, said the CPS in a statement: We would only take such a decision if we were satisfied that the broad extent of the criminality had been determined and that we could make a fully informed assessment of the
public interest. It added that there was no evidence to suggest that anyone who unwittingly took part in the trial suffered any harm or loss.
|9th April |
UK pushes for extension of travel database to cover EU journeys
See article from
Britain is trying to set up an EU-wide network of travel databases to record the movements and personal details of millions of air passengers within Europe.
The home secretary, Theresa May, is hoping that European justice and home affairs
ministers will back a massive expansion of EU proposals, which as they stand would apply only to flights in and out of Europe and see travellers' details anonymised after 30 days.
May, who was elected on a pledge to scale back the database
state , has been lobbying hard for the data, known as passenger name records (PNR), to also be collected for flights within Europe, tripling the number of journeys tracked. She wants the data to be stored for up to six years. She has already won the
backing of 17 other EU member states for the move but is heading for a civil liberties clash with the European parliament and the German government.
She has claimed that the expansion is needed to combat terrorism but it seems that the UK wants to
use it for immigration as well.
The 19 separate items of personal information involved include home address, passport number, credit card details, mobile phone number and the traveller's itinerary.
|8th April |
Google proposes to target ads according to signals snooped from email
Based on article from
Google's GMail service has announced that it will be trawling people's email to try and extract signals that it can use to more selectively target ads.
soon: Better Ads in Gmail
- Fewer irrelevant ads
- Gmail's importance ranking applied to ads
- Offers and coupons for your local area
Bad ads tend to annoy people. We're trying to cut down on these ads, and make the ones you do see much more useful.
With features like Priority Inbox, we've been working hard to help sort out
the unimportant messages that get in your way. Soon we're going to try a similar approach to ads: using some of the same signals that help predict which messages are likely to be important to you, Gmail will better predict which ads may be useful to you.
For example, if you've recently received a lot of messages about photography or cameras, a deal from a local camera store might be interesting. On the other hand if you've reported these messages as spam, you probably don't want to see that deal.
As always, ads in Gmail are fully automated-no humans read your messages- and no messages or personally identifiable information about you is shared with advertisers.
|3rd April |
Britain's first town with every approach road having number plate recognition cameras
See article from
The town of Royston in Hertfordshire is to become Britain's first ring of steel town, with hidden Automatic Number Plate Recognition (ANPR) cameras installed on every single road in and out of the town by next month.
rolled out the usual platitudes to explain the introduction of this nefarious system:
...make Royston the safest town in Hertfordshire...They give the police hard evidence as they track known villains...It will make us the
safest town in Hertfordshire and you won't be able to drive in or out of the town without being clocked...We will be the only town in Britain that will have ANPR on every approach to the town.
Chris Farrier, a spokesman for the
civil liberties group No CCTV, expressed serious concerns about the dangers of systems like this:
It is a hugely worrying development. It has been developed with no public scrutiny and government legislation. This
is the biggest surveillance network that the British public have never heard of. The people of Royston had better get informed because their one is being described as a 'ring of steel.
The public have not been consulted about
this cruel abuse of privacy to monitor and store the movements of everyone who visits the town of Royston on a centralised database for 5 years.
The inevitable conclusion is a nationwide network of ANPR cameras, ensuring that all movement of
citizens can be monitored.
6th May 2011. See article from
Hertfordshire Constabulary attempted to shutdown an anti-ANPR website in Royston. This wasn't done via a court order, but through a bungling communications officer who
contacted Andrew Fowley the site host. Andrew feeling threatened by the request, and considering it an order the host took down the site. Only later after advice from this solicitor put it back up, and ask for the police to issue an injunction against
Cambridge News reported on all of this, complete with quotes from Steve Jolly the anti-surveillance campaigning who helped defeat project Champion. Steve rightly said that people should be intimidated by the police. This news report from
Cambridge News has now vanished from their website, which is odd as normally they keep their stories up for a number of years.
The anti-ANPR site has been back up a couple of days, but has now switched to displaying a blank page. It's almost
like it never happened....