Privacy Digest

British Litterbugs Fork Over DNA - Via ACLU Blog - Privacy & Technology:

This morning, NPR covered the U.K.'s use of anti-terrorism surveillance tools to nab the perpetrators of petty crimes, like litterbugs and people who don't curb their dogs. In their profile, they described the case of two parents who were surveilled by the local town council to see if they were cheating on the residency requirements needed to gain admission to a local public school for their three-year-old.

NPR's Vicki Barker expanded on the subject of privacy rights by interviewing Simon Davies, head of ACLU partner Privacy International (PI), for the story.  read more »

Europeans: U.S. is Spying on You, Too! - Via ACLU Blog - Privacy & Technology:

Last week, Barry Steinhardt, Director of the ACLU's Technology and Liberty Project, wrote a letter to the Article 29 Working Party of the European Commission. Article 29 specifically addresses personal data protection issues, and how data is used in our current information society.  read more »

GSM Security Researcher Targeted in Airport Shakedown - Via Threat Level:

Editor: Interesting graphic removed. Go to original site for that [...]

A security researcher on his way this week to speak at a conference about mobile phone security was stopped by British authorities at Heathrow Airport and questioned before being relieved of his Nokia phone, SIM card and USRP (Universal Software Radio Peripheral).

The researcher was on his way to Dubai to deliver a talk at the Hack-in-the-Box security conference about cracking GSM encryption to intercept mobile phone calls and text messages and track the location of users using less than $1,000 in equipment.  read more »

European Parliament to Sarkozy: No "Three Strikes" Here - Via EFF: Deep Links:

Despite last minute attempts by the French government to divide them, European<
MEPs today voted decisively against "three strikes", the IFPI-promoted plan to
create a class of digital outcasts, forbidden from accessing the Net if
repeatedly accused by music companies of downloading infringing content.

In a vote held today, hundreds of MEPs supported language
which declared termination of Internet access to be in conflict with "civil
liberties and human rights and with the principles of proportionality,
effectiveness and dissuasiveness", all core values of the European Union.  read more »

EU Tells Search Engines to Stop Creating Tracking Databases - Via Threat Level:

The net's search engines may soon have to develop a long-term memory loss program, after European regulators found that companies such as Google and Yahoo violate European data protection rules by keeping data for too long and not telling users how stored search queries and clicks help target advertisements.

If adopted by the European Commission, the findings (.pdf) are likely to lead to the first stringent regulation of search engines. 

The rules' reach would also likely extend to cover Americans' net use, due to the technical difficulty of determining whether a particular user is or isn't a citizen of an EU country.  read more »

Phorm’s Harms Extend Beyond Privacy - Via Freedom to Tinker:

Last week, I wrote about the privacy concerns surrounding Phorm, an online advertising company who has teamed up with British ISPs to track user Web behavior from within their networks. New technical details about its Webwise system have since emerged, and it’s not just privacy that now seems to be at risk. The report exposes a system that actively degrades user experience and alters the interaction with content providers. Even more importantly, the Webwise system is a clear violation of the sacred end-to-end principle that guides the core architectural design of the Internet.

Phorm’s system does more than just passively gain “access to customers’ browsing records” as previously suggested. Instead, they plan on installing a network switch at each participating ISP that actively interferes with the user’s browsing session by injecting multiple URL redirections before the user can retrieve the requested content. Sparing you most of the nitty-gritty technical details, the switch intercepts the initial HTTP request to the content server  read more »

Having Your ID Stolen Leads to Job Loss, Prosecution - Via Slashdot: Your Rights Online:

ConfusedVorlon writes "The BBC reports on the sad case of Simon Bunce. Mr. Bunce had his identity stolen, and credit cards were made to capitalize on the theft. Some of those cards were used at sites offering child pornography, and as a result Mr. Bunce was swept up in Operation Ore. The poor man was prosecuted for his 'crime', and was eventually found innocent, but in the meantime he lost his job. It took him six months to find another at a quarter of the salary.  read more »

UK ISP Admitted to Spying on Customers - Via Slashdot: Your Rights Online:

esocid writes "BT, an ISP located in the UK, tested secret spyware on tens of thousands of its broadband customers without their knowledge, it admitted yesterday. The scandal came to light only after some customers stumbled across tell-tale signs of spying. At first, they were wrongly told a software virus was to blame. BT said it randomly chose 36,000 broadband users for a 'small-scale technical trial' in 2006 and 2007.  read more »

Lawyer Banned for Threatening File-Sharers - Via Slashdot: Your Rights Online:

S. Hare brings us a report from TorrentFreak about a lawyer working for a Swiss anti-piracy group who was recently given a 6-month ban for her attempts to intimidate file-sharers though letters threatening fines and court fees. Elizabeth Martin demanded 400 Euros each from "hundreds of thousands of file-sharers," and suggested that they would have to face large settlements if they did not comply. The Paris Bar Council took exception to this and instituted the ban. Martin worked for Logistep, a company who has had trouble following laws in the past.  read more »

UK Banking Law Blames Customers For Insecure OS - Via Slashdot: Your Rights Online:

twitter writes "If you use an insecure OS in the UK and someone drains your bank account, the banks say it's your fault. The Register reports: 'The Banking Code produced by the British Bankers' Association (BBA), and followed by most banks, makes it clear that banks will not be responsible for losses on online bank accounts if consumers do not have up to date anti-virus, anti-spyware, and firewall software installed on their machines.'" twitter went on to note that the majority of consumer PCs use an operating system with a history of security issues. Should end users be ultimately responsible for the state of their systems?

(Read Original Article - Via Slashdot: Your Rights Online.)

EU Politicians Strikes Back Against Three Strikes - Via EFF: Deep Links:

Last time we wrote about the EU's Bono Report on the Cultural Industries, it was to warn of a rightsholders' hijack. Lobbying groups like IFPI were encouraging amendments that would give a European Union stamp of approval to ISP filtering content, blocking sites and cutting off Net users at the demand of the entertainment industry.

Now the tables have turned - and the same report has become a strong demonstration of the deep discontent in the heart of Brussels with how far the entertainment industry wants to impose its policies on the European Internet.  read more »

Researchers Expose New Credit Card Fraud Risk - Via Slashdot:

An anonymous reader writes "Researchers from the University of Cambridge have discovered flaws in the card payment systems used by millions of customers worldwide. Ross Anderson, Saar Drimer, and Steven Murdoch demonstrated how a simple paper clip can be used to capture account numbers and PINs from so-called 'tamper-proof' equipment. In their paper (PDF), they warn how with a little technical skill and off-the-shelf electronics, fraudsters could empty customers' accounts. British television featured a demonstration of the attack on BBC Newsnight."

(Read Original Article - Via Slashdot.)

Bad Phorm on Privacy - Via Freedom to Tinker:

Phorm, an online advertising company, has recently made deals with several British ISPs to gain unprecedented access to every single Web action taken by their customers. The deals will let Phorm track search terms, URLs and other keywords to create online behavior profiles of individual customers, which will then be used to provide better targeted ads. The company claims that “No private or personal information, or anything that can identify you, is ever stored - and that means your privacy is never at risk.” Although Phorm might have honest intentions, their privacy claims are, at best, misleading to customers.

Their privacy promise is that personally-identifiable information is never stored, but they make no promises on how the raw logs of search terms and URLs are used before they are deleted. It’s clear from Phorm’s online literature that they use this sensitive data for ad delivery purposes. In one example, they claim advertisers will be able to target ads directly to users who see the keywords “Paris vacation” either as a search or within the text of a visited webpage. Without even getting to the storage question, users will likely perceive Phorm’s access and use of their behavioral data as a compromise of their personal privacy.  read more »

EU Views Net Censorship As a "Trade Barrier" - Via Slashdot: Your Rights Online:

I Don't Believe in Imaginary Property writes "The European Parliament just passed a proposal to treat internet censorship as a trade barrier, in particular the 'Great Firewall of China.' If passed by the European Council, the issue would be raised in trade negotiations and could lead to economic sanctions and trade restrictions for those countries unwilling to remove oppressive Net censorship." We have discussed some of the ways in which the EU, and its member countries, engage in their own brand of censorship.

(Read Original Article - Via Slashdot: Your Rights Online.)

Bank Julius Baer Issues Statement On WikiLeaks - Via Slashdot: Your Rights Online:

dtwood writes "The bank that got WikiLeaks.org erased from DNS finally hired a PR agency and issued a press release filled with half truths and non-statements. Tynan on Tech has it, along with some brief commentary. Worth a look."

(Read Original Article - Via Slashdot: Your Rights Online.)

Making Available != Distribution, Says Court in London-Sire v. Doe - Via EFF: Deep Links:

Same day, two federal courts, two different rulings on "making available."

As we mentioned yesterday, a New York court in Elektra v. Barker gave a boost to the recording industry by ruling that an offer to distribute a file on a P2P network can infringe the distribution right, even if no one ever actually downloaded it from you. Well, on the same day, a Massachusetts court in London-Sire v. Doe ruled just the opposite, holding that "merely exposing music files to the internet is not copyright infringement" (we just received the ruling today).  read more »

Hackers Publish German Minister's Fingerprint - Via Threat Level:

To demonstrate why using fingerprints to secure passports is a bad idea, the German hacker group Chaos Computer Club has published what it says is the fingerprint of Wolfgang Schauble, Germany's interior minister.

According to CCC, the print of Schauble's index finger was lifted from a water glass that he used during a panel discussion that he participated in last year at a German university. CCC published the print on a piece of plastic inside 4,000 copies of its magazine Die Datenschleuder that readers can use to impersonate the minister to biometric readers.

Several years ago the CCC published a guide to lifting and reproducing fingerprints.  read more »