July 29, 2006 | Glyn Wintle

Personal Internet Security

The House of Lords Science and Technology Committee has established a Sub-Committee, under the Chairmanship of the Lord Broers, to examine Personal Internet Security in the UK. A call for evidence and a press release were issued today.

Areas the Committee will consider include:

  • What is the nature of the security threat to private individuals and what is the scale of the problem?

  • How well do the public understand the nature of the threat they face?

  • What can be done to provide greater personal internet security?

  • How much does this depend on software and hardware manufacturers?

  • Is the regulatory framework for internet services adequate?

  • How well equipped is Government to combat cyber crime?

  • Is the legislative framework in UK criminal law adequate to meet this growing challenge?

If you would like participate but don't feel like witting a full response by your self, ORG has a wiki page that we are encouraging people to edit Personal Internet Security Consultation.

[Read more] (1 comments)

July 27, 2006 | Glyn Wintle

Tapping VoIP

We have seen attempts to add more legislation to voice over IP in America so I guess it was only a matter of time.

"The Guardian has learned that police and security agencies have been lobbying ministers and senior officials, expressing fears about the potential for voice-over-internet-protocol technologies to hide a caller's identity. Their aim? To get VoIP providers to monitor calls and find ways to identify who is calling whom - and even record them."

Lifting the veil on internet voices - The Guardian

The proposed requirement for all VoIP services to have to provide 999 services would kill any free VoIP service, unless the government is offering to cover the costs. If they want to log and trace VoIP why not Instant Messages? If they want to log and trace IM then what about email… (You get the idea)

[Read more] (4 comments)

July 27, 2006 | Glyn Wintle

Consultation on penalties for breaching the DPA

Baroness Ashton has published a consultation paper on proposed custodial penalties for breaches of Section 55 of the Data Protection Act 1998, which deals with unlawful obtaining of personal data. The main questions asked are should the maximum fine be raised? and is a jail sentence of up to 2 years the right length?.

“I have today published a consultation paper on proposed custodial penalties for breaches of Section 55 of the Data Protection Act 1998. In an environment where concerns about identity fraud are growing and where the widespread use and exchange of data are increasingly important to the economy and to society as a whole, it is essential for people to be confident that their personal data will not be wilfully or recklessly abused. We are determined that the regulatory regime properly reflects the risks that come with greater data use. The aim of this proposal is to provide an appropriate and effective level of deterrent for those who seek to profit from the illegal trade in personal information. We welcome the recent report by the Information Commissioner, What price privacy? The unlawful trade in confidential personal information, which has been an extremely valuable contribution on this issue and we are responding positively to the report's recommendations. We are seeking views on whether the proposed sanctions would act as an effective deterrent to those who deliberately or recklessly misuse personal information. Copies have been placed in the Printed Paper Office, Vote Office and Libraries of both Houses."

Baroness Ashton of Upholland (Parliamentary Under-Secretary, Department for Constitutional Affairs)Office

The questions are non-technical and easy for anyone to understand. If you would like participate, ORG has a wiki page that we are encouraging people to edit Data Protection Act Consultation.

[Read more]

July 21, 2006 | Glyn Wintle

Public meeting on RIPA consultations

The Regulation of Investigatory Powers Act Part III gives law enforcement the power to serve notices requiring that encrypted material be "put into an intelligible form" (or as everyone else would say, decrypted). Under some circumstances the notices can require that encryption keys are handed over. At present Part III is not in force, but the Home Office are consulting on a Code of Practice for its operation and it must be expected to come into force in early 2007.

The eighth Scrambling for Safety meeting on the Home Office's access to keys and communications data code of practice consultations is being held from 2-5pm on Monday 14 August 2006, at the Gustave Tuck Lecture Theatre, South Wing, UCL, Gower St, London WC1 [campus map].

Admission is free but space is limited, so if you wish to attend please subscribe to the meeting mailing list. Please e-mail with requests for any other information.

The agenda as follows:

1400WelcomeDr Ian Brown, UCL Computer Science
1405The Home Office consultationsSimon Watkin, Home Office
1420Government access to communications dataDr Richard Clayton, Cambridge University Computer Laboratory
1435Government access to decryption keysCaspar Bowden, ex-director, FIPR
1505Risks to safety and securityDr Brian Gladman, MoD and NATO (retired)
1520Errors of judgment and integrity in presenting computer-based evidenceDuncan Campbell, expert witness and investigative journalist
1545Parliamentary scrutiny of RIPA and its OrdersThe Earl of Erroll, House of Lords (crossbencher)
1615Compatibility with human rights lawProf. Douwe Korff, London Metropolitan University
1630Do the police need longer detention periods to investigate encrypted evidence?Prof. Ross Anderson, Cambridge University Computer Laboratory
1645The changing public mood on privacyLord Phillips of Sudbury, House of Lords (Liberal Democrat)
1655Questions and conclusionsSimon Davies, Privacy International and LSE

Useful background information is at Privacy International's wiretap page and FIPR's "Surveillance and security" pages.

[Read more]

July 18, 2006 | Glyn Wintle

Danny O'Brien at the Drunken Brunch

Last Sunday saw the latest edition of the London Copyfighter's Drunken Brunch & Talking Shop. Led by our founding pledger, the EFF's Danny O' Brien, we had a great turnout, including many new faces tempted by the irresistible combination of sunshine, mixed drinks and heated IPR debate.

Danny O'Brien opens proceedings (photo by Yoz) Danny O'Brien opens proceedings (photo by Yoz)

For readers not yet acquainted with Copyfighters, the big idea is to sink a few swift halves before heading to Speaker's Corner for a good old-fashioned bellow on any topic relating to digital rights. It's a chance to hone your public-speaking skills as well as chat with other activists, and also see some of speakers corners more interesting characters. Our rants this time around ranged from the music industry's proposal for a new tax on ISPs, to ID cards, to useless MP3 players.

Photos of the glorious day are up on Flickr, from Yoz and Dave, plus there's a new London Copyfighters Flickr group you can join and add your pics to.

Details of next month's Copyfighters will be announced soon.

[Read more]

July 13, 2006 | Glyn Wintle

Information Commissioners annual report

Richard Thomas, the Information Commissioner, has published his annual report. The Information Commissioner's Office is the UK's independent public body set up to promote access to official information and to protect personal information.

"Never before has the threat of intrusion to people’s privacy been such a risk. It is no wonder that the public now ranks protecting personal information as the third most important social concern."

"What is the right balance between public protection and private life? How long, for example, should phone and internet traffic records be retained for access by police and intelligence services fighting terrorism? Whose DNA should be held, and for how long, to help solve crime? What safeguards are needed for commercial internet-based tracking services which leave no hiding place?"

"In our annual survey on information rights, protecting people’s personal information was highlighted as one of the top three issues of social importance, with 80 per cent of individuals saying that they were concerned about the use, transfer and security of their personal information. Organisations do recognise that good information handling makes good business sense, with the vast majority telling us it improves customer trust, information management and risk management."

Annual Report 2005 - 2006 - Information Commissioner’s Office

The report also singles out ID cards, children’s databases and spam as worthy of mention.

[Read more]

July 11, 2006 | Suw Charman Anderson

BPI asks ISPs to do its dirty work

As reported by Reuters and the BBC, the BPI has asked two ISPs - Cable & Wireless, and Tiscali - to terminate the accounts of 59 broadband users because the BPI claims that they are infringing copyright. Cory Doctorow has an excellent post on BoingBoing explaining why this is a really bad idea, not just for users but for ISPs too:

Notice-and-takedown is a censor's best friend, but as the music and film industry can attest, it hasn't made any kind of dent in copyright infringement. For one thing, it's wholly ineffective against P2P file-sharing -- notice-and-takedown only works on stuff hosted on an ISP's web-server, not on a customer's own PC.

The new proposal for notice-and-termination aims at creating an even more radical version of this judge, jury and executioner privilege the entertainment industry has secured for itself. Under notice-and-termination, you need only claim to be an aggrieved rightsholder to actually knock someone's DSL circuit offline.

This sounds like something similar to notice-and-takedown, but there's a gigantic difference: the cost of connecting a DSL circuit is vastly higher than the cost of putting some files on a web-server. Indeed, ISPs have told me that it can take years to recoup the cost of connecting a customer to the Internet.

This story has also been covered by eHomeUpgrade, where I commented:

It's essential that ISPs resist the BPI's attempt to strong-arm them into becoming the music industry's bully-boys. If the BPI has evidence of wrong-doing, then it must go through the proper channels in order to pursue its case. Producing a list of IP addresses and demanding that the customers who used them be disconnected is no more than an attempt at summary justice. If the end-user is mis-identified - perhaps the IP address was shared or mis-communicated by the BPI - then it will be the ISPs and their innocent customers who will suffer the consequences.
Hopefully, the ISPs will resist the BPI's machinations, but I suspect this is just the beginning of an attempt by the entertainment industry to get a firm grip on the internet's jugular. As Cory says:

The BPI is floating a trial balloon here, but it's not a coincidence that they're proposing something already under discussion at WIPO. Getting countries or even major ISPs to adopt notice-and-termination paves the way for the creation of a takedown treaty -- and the end of the Internet as we know it.

UPDATE: Tiscali tell the BPI to get lost, and sound distinctly unimpressed with the BPI's tactics. From Webuser:

A Tiscali spokeswoman described the move as a 'media ambush'. She said the BPI had “[sent] their letter to the media before we even had a chance to read it and the information they went to press with was not strictly correct”.

And more from Tiscali's letter to the BPI:

You have sent us a spreadsheet setting out a list of 17 IP addresses you allege belong to Tiscali customers, whom you allege have infringed the copyright of your members, together with the dates and times and with which sound recording you allege that they have done so. You have also sent us extracts of screenshots of the shared drive of one of those customers. You state that such evidence is "overwhelming". However, you have provided no actual evidence in respect of 16 of the accounts. Further, you have provided no evidence of downloading taking place nor have you provided evidence that the shared drive was connected by the relevant IP address at the relevant time.

Similar requests we have dealt with in the past, have included such information and, indeed, the bodies conducting those investigations have felt that a court would consider it necessary to see such evidence, supported by sworn statements, before being able to grant any order.

[Read more] (2 comments)

July 11, 2006 | Glyn Wintle

700,000 children fingerprinted by schools

Children are being threatened with exclusion from school unless they submit to being fingerprinted, reports Leave Them Kids Alone. This Daily Mirror story illustrates the size of the problem:

FURY erupted yesterday after it emerged an estimated 700,000 children are being fingerprinted at school.

Systems in 3,500 primary school libraries allow pupils to take out books by scanning their thumb prints instead of using a card.

But campaigners warn the technology is a massive invasion of privacy and a step towards a "database state".

With an average primary school size of 200 pupils, pressure group No2ID says at least 700,000 pupils are regularly having their fingerprints scanned.

Fingerprint scandal of 700,000 kids - The Daily Mirror

For more on children's rights, visit the ARCH website.

[Read more] (18 comments)

: Electronic Voting - Response to Scottish Government's consultation on Electoral Reform-->
  • June 28: ORG Edinburgh: Social with Chief Operating Officer Martha Dark
  • ORG Aberdeen: Cryptonoise May 2018
  • ORG Glasgow: A discussion of the General Data Protection Regulation (GDPR)
  • ORG Aberdeen: March Cryptonoise event