Thursday, August 31, 2006

Privacy: One law for them, one law for us

The Telegraph reports that "Celebrity children will get database privacy" in the Orwellian "Children's Index":
Children of celebrities will be given special safeguards in a new database that will store details of every child in England and Wales, it was disclosed yesterday. ...

Ministers said the contentious two-tier level of privacy will protect children of the rich and famous from intrusion.

Addresses and telephone numbers of celebrities will be removed from the database if, for example, their children are deemed at risk of kidnap.

But opponents of the £241 million Children's Index — a supposedly confidential system intended as an early warning system for children at risk of abuse — said the move underlined their concerns about its security.

In further embarrassment to the Government, an independent report commissioned by Parliament's Information Commissioner and due to be published next month, is understood to warn that the index is causing serious concern and is possibly unlawful.

There are fears that it does not comply with the European Convention on Human Rights and may contravene the Data Protection Act. ...

Files are held by many bodies on the 11 million children in England and Wales, but the index will link this sensitive information in one database accessible to hundreds of thousands of officials. ...

Lord Adonis, the education minister, told the House of Lords: 'Between 300,000 and 400,000 users will access the index. Children who have a reason for not being traced, for example where there is a threat of domestic violence or where the child has a celebrity status, will be able to have their details concealed.'

Robert Whelan, the deputy director of the think-tank Civitas, said Lord Adonis's remarks showed there were legitimate concerns about the security of the index.

'The Government is showing it has no confidence in this database,' he said.

'There have been all these assurances it is secure, but how can we believe them now? I will tell you who will be off the register — the Blairs' children. This is just politicians protecting their own.

'And how is the Government going to define celebrity? It is a very fluid term — an assembly of high-profile clergy, disgraced politicians, topless models, pop singers and reality TV contestants.' ...

But, in an interview for tomorrow's Channel 4 programme Your Kids Under Surveillance, Prof Ross Anderson, an author of the report sent to the Information Commissioner, expressed concern about security.

'There will always be bent insiders. If you connect all these systems up and if you've got over a million professionals needing to access this every day it will all get out.

'Paedophiles for example can use the database to find out which children in their neighbourhood are vulnerable and where they live.'

Yet another argument against ID cards - UK Edition

ID card fears as staff hack into Home Office database | This is London:
"Office staff are hacking into the department's computers, putting at risk the privacy of 40million people in Britain.

The revelation undermines Government claims that sensitive information being collected for its controversial ID Cards scheme could not fall into criminal hands.

The security breaches occurred at the Identity and Passport Service, which is setting up the National Identity Register to provide access to individuals' health, financial and police records as part of the £8billion ID card scheme scheduled to begin in 2008.

MPs and technology experts have expressed fears that the national register, which will store sensitive details of more than 40million people, will be a honeypot for hackers and identity thieves. Liberal Democrat

Home Affairs spokesman Mark Hunter said: 'These revelations show it is folly to put all the precious personal data of our citizens in one place.'

Personal information about every British passport holder - including their date of birth, mother's maiden name, address and photographs - is already held in the IPS computers.

A Home Office spokesman last night confirmed the IPS security breaches. He also confirmed that three staff involved had been sacked and a fourth had resigned before disciplinary procedures had concluded."

Tuesday, August 29, 2006

NY Times uses geolocation to avoid contempt of court

Times Withholds Web Article in Britain:
If Web readers in Britain were intrigued by the headline “Details Emerge in British Terror Case,” which sat on top of The New York Times’s home page much of yesterday, they would have been disappointed with a click.

“On advice of legal counsel, this article is unavailable to readers of in Britain,” is the message they would have seen. “This arises from the requirement in British law that prohibits publication of prejudicial information about the defendants prior to trial.”

In adapting technology intended for targeted advertising to keep the article out of Britain, The Times addressed one of the concerns of news organizations publishing online: how to avoid running afoul of local publishing laws.

“I think we have to take every case on its own facts,” said George Freeman, vice president and assistant general counsel of The New York Times Company. “But we’re dealing with a country that, while it doesn’t have a First Amendment, it does have a free press, and it’s our position that we ought to respect that country’s laws.”

Jonathan Zittrain, a professor of Internet governance and regulation at Oxford University, said restricting information fit with trends across the Internet. “There’s a been a sense that technology can create a form of geographic zoning on the Internet for many years now — that they might not be 100 percent effective, but effective enough,” Mr. Zittrain said. “And there’s even a sense that international courts might be willing to take into account these efforts.

Plans were made at The Times over the weekend to withhold print versions of the article in Britain, as well as news agency and archived versions.

But the issue of the Web was more complicated.

Richard J. Meislin, the paper’s associate managing editor for Internet publishing, said the technological hurdle was surmounted by using some of The Times’s Web advertising technology. The paper could already discern the Internet address of users connecting to the site to deliver targeted marketing, and could therefore deliver targeted editorial content as well. That took several hours of programming.

“It’s never a happy choice to deny any reader a story,” said Jill Abramson, a managing editor at The Times. “But this was preferable to not having it on the Web at all.”"
This sets an interesting precedent - if the NY Times is willing to filter content for one jurisdiction to avoid contempt of court problems, how long will it be able to avoid filtering for possible libel issues?

Monday, August 28, 2006

Yet another argument against ID cards - Australian edition

The Register reports:
Australia's identity card system was routinely searched for personal reasons by government agency employees, some of whom have been sacked.

Police are now investigating allegations of identity fraud resulting from the security breaches.

There were 790 security breaches at government agency Centrepoint involving 600 staff. Staff were found to have inappropriately accessed databases containing citizens' information. The databases are part of a massive federal Government smart card project which will link medical, welfare, tax and other personal data on Australia's 17m citizens.

Thursday, August 10, 2006

AOL Searches Now Available Online

Hot on the heels of AOL's disclosure of private customer information, the AOL Search Database has put that information into a searchable format for the world to see.

Wednesday, August 09, 2006

Still more on the AOL disclosure - what your internet history might say about you

CNET News looks at the AOL disclosure to show how much information your internet history can reveal about your life. Two examples:
A woman affiliated with Temple University in Philadelphia, perhaps a student, shared her life's troubles with AOL Search this spring. That woman, user 591476, typed:
  • replica loius vuitton bag
  • how to stop bingeing
  • how to secretly poison your ex
  • how to color hair with clairol professional
  • websites that ask for payment by checks
  • south beach diet
  • nausea in the first two weeks of pregnancy
  • breast reduction
  • how to starve yourself
  • rikers island inmate info number
  • how to care for natural black hair
  • scarless breast reduction
  • pregnancy on birth control
  • diet pills
Some AOL users seem to be worried that an abusive partner in a relationship may come back to hurt them. This person, AOL user 005315, searched for information about prison inmates, gang members, sociopaths in relationships, and women who were murdered in southern California last year:
  • resources for utility bill paying assistance in southern california
  • section 8 housing southern california
  • los angeles county ca. gang member pictures
  • orange county california jails inmate information
  • fractured ankle
  • letters and responses written by women to emotionally
  • abusive partners
  • men that use emotional and physical abandonment to control their partner
  • warning signs of a mans infidelity or sexual addiction
  • the sociopathic relationship
  • southern california newspaper stories about woman murdered by boyfriend in pomona december2005
  • names of females murdered or found dead in pomona california in 2005
  • characteristics of a sociopath in a relationship
  • a person that shows lack of empathy
  • help in writing a letter to a abusive narcissistic ex boyfriend
  • how to hurt the narcissistic man
  • retaliating against the narcisisstic man

The NY Times puts a face on one of AOL's victims

A Face Is Exposed for AOL Searcher No. 4417749 - New York Times:
Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher’s anonymity, but it was not much of a shield.

Thelma Arnold’s identity was betrayed by AOL records of her Web searches, like ones for her dog, Dudley, who clearly has a problem.

No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from “numb fingers” to “60 single men” to “dog that urinates on everything.”

And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,” several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.”

It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,” she said, after a reporter read part of the list to her." ...

Ms. Arnold, who agreed to discuss her searches with a reporter, said she was shocked to hear that AOL had saved and published three months’ worth of them. “My goodness, it’s my whole personal life,” she said. “I had no idea somebody was looking over my shoulder.”

In the privacy of her four-bedroom home, Ms. Arnold searched for the answers to scores of life’s questions, big and small. How could she buy “school supplies for Iraq children”? What is the “safest place to live”? What is “the best season to visit Italy”?

Her searches are a catalog of intentions, curiosity, anxieties and quotidian questions. There was the day in May, for example, when she typed in “termites,” then “tea for good health” then “mature living,” all within a few hours.

Her queries mirror millions of those captured in AOL’s database, which reveal the concerns of expectant mothers, cancer patients, college students and music lovers. User No. 2178 searches for “foods to avoid when breast feeding.” No. 3482401 seeks guidance on “calorie counting.” No. 3483689 searches for the songs “Time After Time” and “Wind Beneath My Wings.”

At times, the searches appear to betray intimate emotions and personal dilemmas. No. 3505202 asks about “depression and medical leave.” No. 7268042 types “fear that spouse contemplating cheating.”
If this story disturbs you, you might want to visit Digital Rights Ireland and support our campaign against data retention.

Tuesday, August 08, 2006

Your personal information is for sale, episode 8,763 - AOL reveals users search history

From Techcrunch :
AOL must have missed the uproar over the DOJ’s demand for “anonymized” search data last year that caused all sorts of pain for Microsoft and Google. That’s the only way to explain their release of data that includes 20 million web queries from 650,000 AOL users.

The data includes all searches from those users for a three month period this year, as well as whether they clicked on a result, what that result was and where it appeared on the result page. It’s a 439 MB compressed download, expanded to just over 2 gigs. The data is available here (this link is directly to the file) and the output is in ten text files, tab delineated.

The utter stupidity of this is staggering. AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the abilitiy to analyze all searches by a single user will often lead people to easily determine who the user is, and what they are up to. The data includes personal names, addresses, social security numbers and everything else someone might type into a search box.

The most serious problem is the fact that many people often search on their own name, or those of their friends and family, to see what information is available about them on the net. Combine these ego searches with porn queries and you have a serious embarrassment. Combine them with “buy ecstasy” and you have evidence of a crime. Combine it with an address, social security number, etc., and you have an identity theft waiting to happen. The possibilities are endless.

Marketers are going nuts over the possibilities, users are calling for a boycott of AOL, and others are just enraged:

User 491577 searches for “florida cna pca lakeland tampa”, “emt school training florida”, “low calorie meals”, “infant seat”, and “fisher price roller blades”. Among user 39509’s hundreds of searches are: “ford 352″, “oklahoma disciplined pastors”, “oklahoma disciplined doctors”, “home loans”, and some other personally identifying and illegal stuff I’m going to leave out of here. Among user 545605’s searches are “shore hills park mays landing nj”, “frank william sindoni md”, “ceramic ashtrays”, “transfer money to china”, and “capital gains on sale of house”. Compared to some of the data, these examples are on the safe side. I’m leaving out the worst of it - searches for names of specific people, addresses, telephone numbers, illegal drugs, and more. There is no question that law enforcement, employers, or friends could figure out who some of these people are.

There is some really scary stuff in this data.

Bear in mind that this was not an accidental or inadvertent disclosure - much less a security breach. AOL took a deliberate and planned decision to release this information.

Wednesday, August 02, 2006

Today's outrage - Millions of children to be fingerprinted

The Observer reports that:
British children, possibly as young as six, will be subjected to compulsory fingerprinting under European Union rules being drawn up in secret. The prints will be stored on a database which could be shared with countries around the world.

The prospect has alarmed civil liberties groups who fear it represents a 'sea change' in the state's relationship with children and one that may lead to juveniles being erroneously accused of crimes. Under laws being drawn up behind closed doors by the European Commission's 'Article Six' committee, which is composed of representatives of the European Union's 25 member states, all children will have to attend a finger-printing centre to obtain an EU passport by June 2009 at the latest.

The use of fingerprints and other biometric data is designed to prevent passport fraud and allow European member states to meet US entry visa requirements, but the decision to fingerprint children has disturbed human rights groups.

The civil liberties group Statewatch last night accused EU governments of taking decisions in which 'people and parliaments have no say'. It said the committee's decisions were simply based on 'technological possibilities - not on the moral and political questions of whether it is right or desirable.'

'This is a sea change,' said Ben Hayes, spokesman for Statewatch. 'We are going from fingerprinting criminals to universal fingerprinting without any real debate. In the long term everyone's fingerprints will be stored on a central database. You have to ask what will be the costs to a person's privacy.'
[Edited to add]

It's not clear what effect this may have in Ireland. The legal basis is Regulation 2252/2004 which is a Schengen act and therefore not binding on Ireland. The Government's current policy is not to include fingerprints on passports - see the Dept. of Foreign Affairs FAQ. However, if and when Ireland does enter Schengen this will be a fait accompli.