Blogzilla

Is data burglary in the public interest?

2009-07-12T13:23:00.001+01:00

"Any hacker knowing the right passwords could get access to personal computer information — often at call centres. The private detective just needed to pose as, say, a health worker to check details. Once one newspaper started hiring these gumshoes, rivals were obliged to follow. It became standard practice to ring an investigator and request all manner of information to avoid being beaten to the story." —Dominic Kennedy, Sunday Times Investigations Editor

When the spotlight is the story

2009-07-11T09:38:00.000+01:00

"The press cannot expect to be immune from a widespread and growing public concern about access to databases and personal information, whether it be CCTV, medical records, ID cards, emails or mobile phones. In a world in which editors plead total ignorance of industrial-scale data-burglary under their noses it can hardly be surprising that wider questions are being asked about accountability and regulation." —The Guardian

Snooping biters can be bit

2009-07-09T22:59:00.001+01:00

"Some MPs may bridle at the extent of public surveillance, but parliament has shown not the slightest desire to defend personal freedom from state surveillance. The bland claim is made by home secretaries that intrusion is required for 'national security', the excuse for absolute power down the ages. Nor is data remotely safe in state hands. When the government tells us its national identity register is wholly secure, it is lying: witness the high-security laptops and CDs discarded by the week. There is no such thing as secure electronics.

"Technology gives to those in power, whether in government or the media, immense scope for intrusion. The snooper will always be one step ahead of the defenders of personal freedom. In the case of the government, ministers might at least learn from the Telegraph and News of the World that biters can be bit. If they find ways of gathering absurd amounts of information about private citizens, citizens will gather absurd amounts of information about them." —Simon Jenkins

Thousands have voicemail and data hacked

2009-07-09T08:41:00.005+01:00

Today's Guardian leads with the news that Rupert Murdoch's UK newspaper group has paid out over £1m in an attempt to cover-up a crime wave by its journalists:

The payments secured secrecy over out-of-court settlements in three cases that threatened to expose evidence of Murdoch journalists using private investigators who illegally hacked into the mobile phone messages of numerous public figures to gain unlawful access to confidential personal data, including tax records, social security files, bank statements and itemised phone bills. Cabinet ministers, MPs, actors and sports stars were all targets of the private investigators… officers found evidence of News Group staff using private investigators who hacked into "thousands" of mobile phones.

There are two particularly troubling aspects to this story. The Metropolitan Police, Crown Prosecution Service and Information Commissioner's Office all had prima facie evidence of these crimes, but have declined to take action against News Group. And, mobile phone companies continue to allow access to messages using voicemail PINs set to defaults that are apparently known throughout the media.

Perhaps in future:

Law enforcement agencies will take action against those discovered to be breaking the law, whether or not they work for powerful newspaper groups?
Mobile phone companies will not leave their customers' communications wide open to abuse?
Government agencies and companies will think a little more carefully before building up large collections of sensitive personal data that will inevitably be sold to the highest bidder?

MI6 stung by Facebook privacy settings

2009-07-05T10:16:00.004+01:00

Even the new MI6 chief's wife can't cope with Facebook's privacy settings. Those geographical networks claim another victim… Clearly our book chapter should be required reading for new intelligence officers and their families.

‘디지털 시대, 표현의 자유’ 컨퍼런스 개최

2009-07-03T14:44:00.001+01:00

What did I say!

두 번째 세션은 “인터넷상 이용자 및 타인의 권리보호”라는 주제로 논의된다. ‘인터넷상의 명예훼손 및 모욕’, ‘인터넷과 익명성 권리’, ‘인터넷상에서의 청소년 보호’에 대해 이언 브라운(Ian Brown) 옥스퍼드 대학교 교수와 황철증 방송통신위원회 네트워크정책국장이 주제 발표하고, 윤영철 연세대학교 언론홍보대학원장과 한상기 KAIST 문화기술대학원 교수, 한종호 네이버 정책담당이사가 토론자로 참석한다.

Human rights and Internet regulation

2009-07-03T09:11:00.003+01:00

I'm in Seoul this week for a conference organised by the Foreign Office and the Korean government on freedom of expression in the digital age. Here is my presentation on the protection of online speech:

Human Rights And Internet Regulation

View more documents from Ian Brown.

Yesterday the British Embassy kindly organised a visit to the DMZ (demilitarised zone) and the North Korean border. Sadly there was no Dear Leader to be seen, but I will post some photos shortly — it was a remarkable experience.

Tories plan radical action on privacy

2009-06-25T07:14:00.003+01:00

Most gratifying to see the Conservative shadow minister for security, Baroness Neville-Jones, announce plans on data protection clearly based around our Database State report (via Ideal Government):

The individual is the rightful owner of personal information and the state is merely possessor and should behave as a responsible custodian. We need to roll back the advance of Big Brother and restore this fundamental right of our citizens. Restoring privacy today must mean a clear statement on the part of those who have custody of personal information of their purpose in retaining it and of their commitment to its proper management. This will necessarily involve a review of most of the government's centralised databases, their use and access to them regulated. It leads to the unavoidable conclusion that that the Information Commissioner should emerge as one of the important offices of state in the twenty first century.

Iranian repression aided by Nokia/Siemens

2009-06-22T10:50:00.008+01:00

Quelle surprise: Iran has been using communications monitoring equipment developed by Nokia and Siemens for lawful intercept US/EU purposes to try and crush the ongoing Twitter revolution.

"Enfin, et c'est le point le plus polémique, la liste noire confidentielle gérée par cinq personnes de la BKA et supervisée par un délégué national à la protection des données privées ne sera contrôlée par personne d'autre. Dès lors — et c'est devenu la coutume à propos de ce genre de lois — se pose toujours la même question : qui surveillera les surveillants ?" —Olivier Dumons (merci a Michael!)

Google to improve cloud security

2009-06-19T11:10:00.003+01:00

Google has responded quickly to an open letter signed by 38 security and privacy experts (including yours truly) asking them to improve the security of their cloud applications (such as Docs, Mail and Calendar). They are planning trials of the use by default of secure Hypertext Transfer Protocol, which will protect information while in transit between user machines and Google's servers.

This is an important protection for Google's users, especially those with laptops whose WiFi links can be easily monitored. Bravo to Google, and to the original author of the open letter Chris Soghoian.

Iran is not the only enemy of online freedom

2009-06-18T08:20:00.005+01:00

This last week's events in Iran have demonstrated the potential of the Internet as a tool for freedom. As Timothy Garton Ash writes in today's Guardian:

Is there sufficient energy, somewhere between a self-mobilised, networked youth, the Mousavi camp and disaffected factions within the regime, to sustain the demand for a new election? Or will it all fizzle out, defeated by a combination of repression, censorship, exhaustion and disunity? … One thing our governments can and should do … is to maintain and enhance the 21st-century global information infrastructure which allows Iranians – whichever candidate they support – to keep in touch with each other and to find out what is really happening in their own country. Earlier this week, I spent some time in the studio of the BBC Persian TV service, watching them upload and air electrifying video footage, blog posts and messages generated by Iranians from inside Iran. Probably the single most important thing the US state department has done for Iran recently was to contact Twitter over the weekend, to urge it to delay a planned upgrade that could have taken down service to Iranians for some crucial hours of people power protest. Welcome to the new politics of the 21st century.

And yet, what do we see in yesterday's Digital Britain report? Plans to order Internet Service Providers to implement the following:

28. For that reason the Government will also provide for backstop powers for Ofcom to place additional conditions on ISPs aimed at reducing or preventing online copyright infringement by the application of various technical measures. In order to provide greater certainty for the development of commercial agreements, the Government proposes to specify in the legislation what these further measures might be; namely: Blocking (Site, IP, URL), Protocol blocking, Port blocking, Bandwidth capping (capping the speed of a subscriber’s Internet connection and/or capping the volume of data traffic which a subscriber can access); Bandwidth shaping (limiting the speed of a subscriber’s access to selected protocols/services and/or capping the volume of data to selected protocols/services); Content identification and filtering– or a combination of these measures.

Alongside demands from childrens' charities for mandatory Internet filtering, and intelligence agency demands to install thousands of wiretapping devices across the UK Internet, it seems that it is not just the Iranian government that is uncomfortable at the freedom the Internet has enabled.

Scrapping ID cards

2009-06-17T16:17:00.002+01:00

"In my view a national identity card system is not necessary in our country. No further money should be spent on it. The idea should be abandoned." —Former law lord Lord Steyn

"We are close to a general election and … a change of government will mean an end to ID cards. It will, quite literally, be the first thing we do. Drafting an ID card repeal bill will be right at the top of our to-do list." —Shadow home secretary Chris Grayling MP

The Internet is as vital as water and gas

2009-06-16T05:30:00.003+01:00

Compare and contrast:

Gordon Brown: "Whether it is to work online, study, learn new skills, pay bills or simply stay in touch with friends and family, a fast internet connection is now seen by most of the public as an essential service, as indispensable as electricity, gas and water."

The French Constitutional Court: "Freedom of expression and communication is so valuable that its exercise is a prerequisite for democracy and one of the guarantees of respect for other rights and freedoms and attacks on the exercise of this freedom must be necessary, appropriate and proportionate to the aim pursued."

Creative Industries Coalition: "ISPs hold the key to creating the step change necessary to tackle illegal filesharing. For the vast majority, simply drawing attention to the illegality of their actions would be sufficient, but this needs to be backed by further graduated technical measures for those who do not change their behaviour."

The government is today publishing its Digital Britain report. How far are they intending to "balance" this essential prerequisite for democracy against the protection of failed 20th century business models for content, and demands for a filtered network?

Where next for European data protection law?

2009-06-13T10:47:00.007+01:00

I'm enjoying being in Hong Kong as usual, this time to speak at the Age of Digital Convergence conference at the University's Law Faculty. Here's my presentation:

Where next for European data protection law?

View more OpenOffice presentations from Ian Brown.

China orders installation of blocking software

2009-06-08T21:51:00.003+01:00

Interesting to see that China has ordered PC makers to install custom-developed blocking software on every new PC from next month, which will prevent users accessing sites on a secret list that is centrally updated by the government. Although pornography is the stated target, clearly the list will also include the political opponents already filtered by the Great Firewall. Network-based blocking must have been insufficiently reliable for the Communist Party.

I imagine the software will also have other "interesting" functionality such as providing direct government access to user data.

Privacy Law Scholars' Conference

2009-06-07T00:27:00.003+01:00

Have just spent a wonderful few days in Berkeley at the PLSC. We got to hear from both Alan Westin, perhaps the most influential privacy researcher of the 20th century, and the counsel for Katz — who persuaded the US Supreme Court in 1967 that phone conversations deserved Fourth Amendment protection.

The format of two days of intensive discussions with all papers circulated beforehand was much more productive than the usual conference panels and keynotes. I'm already looking forward to next year's event back in Washington DC. But now I'm on the beach in Sydney preparing for SoGikII on Tuesday :)

Can the Internet still route around censorship?

2009-06-03T17:46:00.005+01:00

I'm in the US this week for Computers, Freedom & Privacy in Washington DC and then the Privacy Law Scholars' Conference at UC Berkeley. Yesterday I spoke at a CFP session organised by Wendy Grossman. John Gilmore famously observed in 1990 that "the Internet interprets censorship as damage and routes around it." Is this still true?

My position, explained in much greater detail in a recent book chapter, was that even the more sophisticated filtering technologies of the last five years can be trivially circumvented by skilled users, absent a totalitarian state that will break down doors in response. However, they provide the ability to impose mass censorship on the vast majority of Internet users. States that value freedom of expression should therefore think very carefully before starting off down this road.

Derek Bambauer has more at Info/Law.

Cheney should not have ignored Constitution

2009-05-31T22:22:00.001+01:00

"'I'll freely admit that watching a coordinated, devastating attack on our country from an underground bunker at the White House can affect how you view your responsibilities,' Cheney said in his recent speech. But this defense does not stand up. The Bush administration's response actually undermined the principles and values America has always stood for in the world, values that should have survived this traumatic event. The White House thought that 9/11 changed everything. It may have changed many things, but it did not change the Constitution, which the vice president, the national security adviser and all of us who were in the White House that tragic day had pledged to protect and preserve." —Richard Clarke

Obama's cybersecurity review

2009-05-30T14:10:00.004+01:00

The White House has just published the report of its 60-day review of US cybersecurity policy. It contains a range of recommendations to improve online security, many of which echo those in the House of Lords' Personal Internet Security report (and the McAfee Virtual Criminology Report 2008 I wrote with Lilian Edwards). It also pays welcome attention to safeguarding privacy and civil liberties alongside improving security. Several of those involved in the review discuss their conclusions in this video:

The New York Times has commentary from Bruce Schneier, Gus Hosein and others.

Cameron: I will reduce PM's power

2009-05-25T22:36:00.003+01:00

"We're living in an age where technology can put information that was previously held by a few into the hands of almost every one. So the argument that has applied for well over a century — that in every area of life we need people at the centre to make sense of the world for us and make decisions on our behalf — simply falls down. In its place rises up a vision of real people power. This is what we mean by the Post-Bureaucratic Age. The information revolution meets the progressive Conservative philosophy: sceptical about big state power; committed to social responsibility and non-state collective action. The effects of this redistribution of power will be felt throughout our politics, with people in control of the things that matter to them, a country where the political system is open and trustworthy, and power redistributed from the political elite to the man and woman in the street." —David Cameron MP, leader of the Conservative party and almost certainly the UK's next prime minister

Cyber Security and Global Affairs

2009-05-25T12:24:00.003+01:00

St Peter's College and George Mason University are organising an interdisciplinary workshop on cyber security and global affairs in August that should be fascinating. I'm excited to be speaking there alongside some extremely distinguished individuals, including the US Deputy Assistant Secretary of Defense for Information and Identity Assurance and the former Acting Director of the US National Cyber Security Division. Hope some Blogzilla readers can join us.

Data breaches go on, and on…

2009-05-25T11:32:00.006+01:00

Losses of personal data are so commonplace these days that they barely seem newsworthy. But today's reports are really quite spectacular:

The personal medical records of tens of thousands of people have been lost by the NHS in a series of grave data security leaks. Between January and April this year, 140 security breaches were reported within the NHS — more than the total number from inside central Government and all local authorities combined.

Yet the government ploughs on with centralised databases containing tens of millions of medical records.

Sensitive files detailing the extra marital affairs, drug taking and use of prostitutes by very senior officers in the RAF have been stolen, raising fears within the Ministry of Defence that personnel could be vulnerable to blackmail. Up to 500 people in the service could be affected by the theft.

That has finally laid to rest my belief that the British armed forces were among the very few organisations with an adequate understanding of information security. Aside from wide-eyed disbelief, you get the feeling that the design of systems containing the most sensitive personal information imaginable is being conducted in the manner of toddlers throwing toy bricks around at playschool.

A new Speaker is not enough

2009-05-19T12:56:00.001+01:00

"Those parliamentarians yelling at [the Speaker] to get out now should also look to their own behaviour. Mr Martin did not compel honest MPs to strip bare Homebase and Harrods like a swarm of locusts. Far from being an officious overlord of greed, he was the emblem and, advertently or not, the facilitator of an odious culture from which too many of his colleagues gratefully benefited." —Mary Riddell

Disillusion made rage

2009-05-19T10:09:00.000+01:00

"This waywardness in the political sphere goes beyond personal gain. It also means fudging statistics and cherry-picking research as has happened in the Home Office; it means manufacturing dodgy dossiers on intelligence as happened in the run-up to the Iraq war. It means public consultation exercises which are purely cosmetic and where the outcome has been decided in advance. But the public have been smelling a rat for a long time.

"The temptation for the parties will be to sack a few people and redesign the allowance system but if public trust is to be restored there has to be a much more radical rethink." —Baroness Kennedy

Record labels are blocking digital progress

2009-05-18T11:56:00.002+01:00

"Clearly, some form of P2P subscription service is the way forward, if only because it provides the most convenient way for consumers to access music. Yet for the major labels, the success of such an initiative would mean the end of their control over the distribution of music. Is this the real reason why they seem determined to do everything they can to clip the wings of the fledgling digital industry before it can fly?" —Billy Bragg