The BBC reports that the upcoming ContactPoint database which is planned (at a cost of £224 million) to contain contact details of all kids under 18 years old in England is expected to be accessible to 390,000 users. I guess more still when it gets lost in the post or left on a train. The database will
hold the name, address, parents' contact details, date of birth, school and doctor of every child in England.
A recurring theme in this blog is not just that the Government seems determined to trample over the data protection rights of the UK population, but that they are singularly inept at ensuring that the state machinery treats various data sources in a careful and secure manner.
From databases left on trains, to stolen laptops contaning databases of personal data, I (and I guess many others) view Wacky Jacqui's upcoming Uber-database that will be made possible by a combination of databases (including the vile IMP comms database and that of the ridiculous ID card scheme) using the "interesting" clause 152 of the Coroners and Justice Bill Part 8 - Data Protection Act 1998 (c. 29). This empowers Ministers to direct the linkage of diferent databases.
The BBC has announced that it's no longer using the US-based company Omniture to track the browsing habits of visitors to its website (see earlier blog post - BBC gifting private data to a USA-based company). Well, at least for UK based visitors - those in the rest of the world will still be tracked.
Source - nodpi.org forum posting
The Windows Internet Explorer (Pre-Release Beta 2 Version 8) Privacy Statement makes for interesting reading. Some excerpts follow (emphasis mine)
Suggested Sites
So, it seems the old farts at the Met don't want kids to have much fun these days. Apparently, every live music event needs to be "risk assessed", which involves completing a form 696, while afterwards you need to complete a form 696A. It's claimed that
Sunny Hundal writes in the Guardian's "Comment is free" about his experiences. Before he and other fun-lovers could get into the venue, a variety information were gathered, with no indication of why the data were collected, nor how long it would be held for.
I reported the other day (BBC gifting private data to a USA-based company) that the BBC were using a cookie-based method to send off your browsing history at their website to a company based in the USA, Omniture. It now turns out that several other companies are doing similar data transfer, though not using cookies. Annoyingly, the list includes The Guardian.
In that thread, there are instructions on how to block transfer of this data: for Windows, and Linux. Another contribution to that thread offers this crontab based approach for Linux, while there are observations for Vista users. I think an approach for Macs will be forthcoming.
The Times reports that the Home Office has adopted a plan to allow British police to hack into people's personal computers without a warrant.
If true, this is a pretty shocking extension to investigative powers. Apparently it was made possible by an amendment to the Compter Misuse Act 1990 - the proposals included breaking into a suspect's house to install keyloggers and sending emails bearing malware that allows remote access to a PC.
For some months now the campaigners at nodpi who are working to prevent widespread adoption of deep packet inspection such as that implemented by Phorm have been seeking clrification of why the BBC use cookies to send of records of your IP address, your Post Code*, and what parts of their website (e.g. iPlayer videos) you've been viewing off to a third party company in the USA. This third party is Omniture, formerly known as Visual Sciences. The BBC say this is in order to monitor usage of their website. Response is here; the whole thread can be viewed here. Interestingly, such transfer of personal data seems to be legal under EU legislation, as indicated in this quotation from the FOI response Dephormation finally received:
To the extent that the bbc.co.uk homepage is capturing IP addresses and post code data for anonymous statistical reporting purposes, the BBC confirms that the BBC treats both IP addresses and post code data as “personal data” within the meaning of the Data Protection Act 1998, despite the currently uncertain legal position around IP addresses in particular. Given its position, the BBC does not permit the transfer of IP addresses and user post code data to countries outside of the European Economic Area (“EEA”) unless those countries have “adequate data protection standards” and/or there are strong contractual data protection provisions in place with the data processor. It is correct that Omniture is a USA company and therefore operates outside the EEA. However, Omniture do satisfy the European Union's Directive on Data Protection’s requirements by demonstrating “adequate data protection standards” by registering with the US Department of Commerce’s safe harbour framework.
The Guardian has a front page report updating the status of the Government's proposals to monitor all UK communications (the "Interception Modernisation Programme" or IMP). This the proposal to record the names and addresses of all communications, but not (at this stage) the contents of the communications. This execrable plan is estimated to run in at about £12 billion, a sum which you would think the Government would quail at, in the present financial circumstances.
Bizarrely, considering the database is supposed to be vital for national security, one proposal is that it be run by private industry. Apparently this is under the illusion that privatised work will be more cost-effective than that run by Govenment. Ho hum.
The Sunday Times reports that our authoritarian Home Secretary's plans to prevent leaks from the companies working on implemented the expensive and unnecessary ID card scheme has itself been leaked.
What's particularly draconian is that it seems the desire is to implement a system whereby workers at these companies may have their homes searched without needing a search warrant.
The UK Consumer advocacy group Which? has filed a complaint with the Solicitors Regulatory Authority about the activities of UK legal firm Davenport Lyons, who have been sending threatening letters to individuals accused of illegally downloading movies and games.
This is welcome news, as in many cases individuals appear to be wrongly accused, and the overall strategy appears to be to obtain a users ID from the ISP (based upon logged IP addresses) and to pitch the demand at a level below that which would justify paying for legal advice and above that which would just be ignored by the recipient. In most cases this is around £500. The internet is full of postings from outraged internet users, many claiming innocence. Furthermore, it's clear from online news reports that whatever method Davenport Lyons' technical advisers are using to identify downloaders is rather suspect - not least because most domestic broadbad users have dynamic IP addresses. One example is that of an elederly couple accused by Davenport Lyons of downloading a hardcore gay porn movie. It seems likely that in many cases, the accusation arises from unsecured wireless networks.
After the Home Secretary announced that the Intercept Modernisation Programme (IMP) was not going to be included in the Queen's Speech, but that it was to be the subject of a public consultation, the Home Office has replied to the Open Rights Group's August 2008 FOI request for information about the proposed scheme for spying into all our communications.
Well, unsurprisingly, they have clammed up almost entirely. The pdf response is here; the ORG article is here; one of the documents supplied is here. Of course, any political moves with any kind of claim to be associated with national security can probably claim to be exempt from the FOI act. It's to be hoped that the ORG will continue chasing the information in the run upto the publict consultation exercise our increasingly authoritarian Home Secretary will actually emark on in the New Year.
Following the the IWF-Wikipedia fracas for the last week or so, will there be any lasting changes to internet censorship in the UK? I hope so.
Until the IWF saw to it that UK access to editing Wikipedia pages was prevented, I doubt that UK broadband customers were aware their internet service was subject to censorship. The revelations surrounding the banning of the Scorpions LP sleeve Virgin Killer pushed the activities of the IWF into the public spotlight for the first time, and will perhaps precipitate a change into their operations.
BT and Phorm have recently concluded their latest trial of the vile WebWise deep packet inspection system, in which they propose to ride roughshod over privacy and copyright concerns to make money targeting adverts at ISP subscribers. Interestingly this trial was proposed to involve 10,000 customers, and take two weeks. In fact, BT refuse to reveal how many participants there were, took two and a half months over the trial, and in their press release say:
RNS Number : 0686K Phorm Inc 15 December 2008
There's a rather depressing article in Ars Technica (UK ISPs playing Grinch with P2P throttling, surf data, video?)about ISP attitudes to the service they provide (or not) in the UK. AT focusses on three areas in which the ISPs want to maximise their profits, in some cases by restricting costs (throttling P2P services), selling our data (by deep packet inspection, such as the vile Phorm system), and by demanding payments from broadcasters such as the BBC (because they have the temerity to introduce a very popular service such as iPlayer).
I'm not a BitTorrent user, but I feel rather anxious that a legal application like BitTorrent, which can of course be used for entirely legal activities such as legal downloading of videos, games, and software can be throttled back on the basis (or rather the explanation used to deflect criticism) that some people abuse it for illegal activities. Of course this is a bit weasly, the real situation is that the ISPs have pitched their services at a price that doesn't cover the bandwidth people use. Their solution seems to be to throttle back P2P services under the guise of copyright protection.
The Register reports that a senior Vodafone network architect has be recruited by the Home Secretary to draw up proposals for the Interception Modernisation Program (IMP).
Tim Hayward, erstwhile senior programme manager at the UK's second largest mobile operator, was appointed IMP director in August. While at Vodafone he was responsible for 3G network architecture, according to careers information posted on the web.
Here's a brief update on the BT Total Censorship and the general BT-Webwise situation - for more background, see part 1 and part 2, and follow this thread at the nodpi.org forum.
PC World - UK Prosecutors Investigate BT Over Online Ad System PC World magazine pick up on stories that the Crown Prosecution Service is now investigating illegal interception conducted by BT in 2006 and 2007.
Section 41 blog - Two Conferences Raise Concerns over Phorm Reports from two recent conferences on internet privacy, in which BT's activity came in for comment.
Here's a further update on the BT Total Censorship and the general BT-Webwise situation - for more background, see part 1, part 2, part 3 and follow this thread at the nodpi.org forum.
I have installed the AntiPhorm plugin. This conducts two checks - firstly to identify if you are using BT-Webwise (by checking cookies), and secondly to check if you are using BT or one of the other ISPs who have publicly stated they are planning to implement the Phorm system. If either of these two conditions are met, you will see a warning banner beneath the web page header. You can carry on browsing the site.
If you see the warning banner, please take the time to visit the link for more information about Phorm, and its intrusive (and probably illegal) deep packet inspection by which your internet habits will be monitored in order to sendyou targeted advertising. The Phorm system is branded BT-Webwise when implemented via British Telecom. Some points:
Today I received this email from a moderator on the BT Broadband forums:
Your recent posts titled: "Re: Internet Radio Bandwidth usage?" and "Re: How do I delete my account?" have been removed as they contravene with the Forum Guidelines.
