NTR Deal introduces number plate surveillance

'Invisible' toll part of €600m deal to buy out West-Link bridge - Irish Independent:

It is understood that NTR will be operating the toll on behalf of the State, which will effectively become the new landlord. This will involve photographing the registration of every vehicle and billing them unless they have a prepaid arrangement... Drivers are only tolled now if they cross the West-Link bridge. Under the new deal, everyone using the M50 will be charged.

Expect this to be used to justify the roll out of number plate recognition and the monitoring of all car journeys.

Garda leaks and the right to privacy

RTÉ News reports:

A family who were forced to leave their new home in Kerry because of the leaking of confidential information by gardaí to journalists have been awarded €70,000 in the High Court.

Alan and Phyllis Gray and their son Francis are originally from Blanchardstown in Co Dublin but moved to Ballybunion under the Rural Resettlement Programme.

They sued the Minister for Justice for breach of privacy.

They say they had to leave their home after gardaí leaked to the media that Mr Gray's nephew, who had served a sentence for rape, was staying with them.

This case follows the 1997 decision in Hanahoe v. Hussey where gardaí tipped off the media to the fact that a solictor's office would be searched under a search warrant, leading to a "media circus" when gardaí arrived with damage to the reputation of the firm, and ultimately resulting in an award of £100,000 in damages. In that case, the basis for the decision was that the wrongful and negligent disclosure of this information amounted to negligence under the principles in Ward v. McMaster. It's not clear from the media coverage whether the decision in this case goes further, or whether data protection principles were also considered. (Compare section 7 of the Data Protection Acts, 1988-2003, creating a duty of care in respect of the handling of personal data.)

It does, however, represent an interesting application of the Hanahoe v. Hussey principle that public bodies may owe you a duty of care to keep certain information confidential. It also reflects Hanahoe v. Hussey in that it shows a judicial willingness to impose vicarious liability in respect of unauthorised garda disclosures.

Update: Eoin O'Dell links to the full decision here with an interesting discussion of the issues involved.

Bar Camp talk - Who owns software?

Does your employer own software that you write on your own time at home? Can a client who commissions you to write software prevent you from reusing portions of that code for a different project? Are you entitled to modify software developed for you by an outside programmer? If you don't own copyright, will you have an implied licence to use software? Will an implied licence limit you to using software in a particular market sector or a particular jurisdiction? Does it matter how much you've paid for the software? Does it matter whether you've given / been given the source code? What about databases you commission from a third party?

Come to Bar Camp South East and find out. I'll be talking on the topic of "Who owns software?" - taking a practical look at the problems of determining who owns copyright and other rights in software and giving tips as to how you can protect your position.

[edited to add] I've since published an article dealing with these topics in more detail.

From "the innocent have nothing to fear" files - mortgage brokers selling financial information on buyers to estate agents

Unless you've been living on Mars recently, you'll have heard of the RTÉ Prime Time exposé of dodgy dealings in the property market. Amongst other things, that program revealed that estate agents are (illegally) buying information from mortgage brokers about prospective purchasers: how much they have to spend, how much they've received in mortgage approval, how much they might have from other sources (such as parental gifts). Unsurprisingly, they are using this to extract every last penny from purchasers.

Hopefully we'll remember this the next time somebody tries to tell us that if you've done nothing wrong, you've nothing to fear.

From "the innocent have nothing to fear" files - police kept record of beautiful women

Cops kept record of beautiful women - Peculiar Postings - MSNBC.com:

STOCKHOLM, Sweden - Two Swedish border control officers risk disciplinary action for keeping a photo collection of 'exceptionally beautiful' women who passed through their checkpoint, police officials said Tuesday.

The officers, who were working at a ferry terminal near Stockholm, made photocopies of the women's passport photos and placed them in a binder. They also noted the date of birth next to each entry, the Stockholm police department said.

The binder contained instructions on how to compile the collection, and orders to make backup copies in case the binder would go missing or be confiscated by 'evil-minded bores,' police said.

Irish law on metatags and keywords

I've written (together with Paul Lambert of Merrion Legal solicitors) a piece on the legal issues involved where businesses find their trademarks being used by competitors as metatags or keywords. The full article (with the kind permission of Thomson Roundhall) is available here. Excerpt:

As cybersquatting declines we find that trade mark owners now have to defend their names in a different context. As search engines become more sophisticated, users are tending to rely on them as their primary means of navigation. Rather than type in a domain name directly (or rely on a bookmark), many users will simply enter a term—such as a company name or product – into a search engine, expecting the site they are looking for to appear high in the list of results. Consequently, the importance of domain names is diminished and search engines take on a new prominence. As Nielsen puts it:

“Web users are growing ever-more search dominant. Search is how people discover new websites and find individual pages within websites and intranets. Unless you're listed on the first search engine results page … you might as well not exist.”

This poses a new problem for trade mark holders—what happens when a competitor uses their trade mark in such a way that a person searching for the term will be shown a competing site in the list of results, or will be shown an advertisement for the competitor? ...

At first glance the unauthorised use of trade marks as metatags or keywords might seem to be a clear infringement of the mark in question. The trade mark holder will certainly argue that the metatag or keyword improperly takes advantage of the goodwill in the trademarked term and confuses the user into believing that there is some link between the trade mark and the search results or advertisements displayed in response. It can also be argued that the search engine is itself guilty of infringement by selling the trademarked term as a keyword. In addition, the tort of passing-off may be available.

However, look more closely and the position becomes more complicated. Trade mark law was not drafted with metatags or keywords in mind, making it difficult to bring these situations within the legislative language. There will be some situations where the trade mark use is legitimate, for example, a company which manufactures spare parts for BMW cars might be entitled to use “spare parts suitable for BMW” in its metatags.

The likelihood of consumer confusion may also be less in metatag / keyword cases as the trade mark is being used “invisibly” — that is, in a way which is not directly visible to the user, reducing the likelihood that the user will associate the search result or the advertisement with the trade mark. If a search engine faces liability for selling trademarked keywords, it may be hard to determine whether that liability is direct or merely contributory. (Some cases suggest that the search engine should not be liable for the keywords chosen by its clients.)

In addition, some would argue that provided users are not confused, presenting advertisements for competing goods alongside search results is no more objectionable than a shop placing similar products in the same aisle.

Your personal information is for sale: Bank worker uses information to stalk model

From BreakingNews.ie:

A 27-year-old former bank official who harassed Irish model Glenda Gilson and her family has been given a three month suspended sentence and ordered to stay 100 yards from the victims.

Daniel Rooney, of Castleknock Cottages, Castleknock, pleaded guilty at Dublin Circuit Criminal Court, to harassment of the Gilson family by persistently communicating with Glenda Gilson and her parents Noel and Aileen Gilson by e-mail and telephone at various locations on dates between November 12, 2004 and March 21, 2005.

Defence counsel Mr Luigi Rea BL, said Rooney was underachieving at that time in his life and he had became "jealous and obsessed" about Miss Gilsons progress in her modelling career. He had used his computer skills to "obtain telephone numbers he should not have".

Judge Bryan McMahon said one should not under estimate the "sinister impact these calls from a unknown quarter" can have on their victims but said he would take the mitigating factors into account and treat this as an "aberration".

He said this case was a "a feature of modern technology and mobile phones and the access to people on these phones" and that it was "indicative of the personal data of all citizens" which corporations hold.

Garda Deirdre Conway told Mr Paul Carroll BL, prosecuting, that there had been 49 calls to the family over the five month period. She said the harassment began on November 12, 2004, when Miss Gilsons model agency, Assets, received a call and an e-mail purporting to be from a friend.

It soon became evident that the caller was using a false name as he started shouting abuse about Miss Gilson and her career. Miss Gilson later received abusive calls on the land line at her parents home and also on her mobile. Many of the calls made to Miss Gilson’s home were answered by her parents...

Mr Rooney worked for AIB at the time and had been able to access the phone numbers though his work.

Despite Judge McMahon's comments, I suspect that it will take many more cases like this before people realise the dangers of their private information being open to abuse.

Your personal information is for sale: Call centre edition

The BBC reports that

One in 10 of Glasgow's financial call centres has been infiltrated by criminal gangs, police believe.

The scam works by planting staff inside offices or by forcing current employees to provide sensitive customer details.

The information is then used to steal identities and fraudulently set up accounts or transfer money...

Det Ch Insp Derek Robertson of Strathclyde Police told the BBC's Newsnight Scotland programme that there were a large number of call centres in the Glasgow area...

"I would say approximately 10% have been infiltrated in the past and we are working very hard to reduce that number."

Detectives believe that criminal crews are sent out to recruit volunteers to work in the centres.

Once they agree, they are asked to supply financial information in return for a fee.

Another tactic is to identify pubs where call centre workers visit and intimidate the employees to pass on the details.

Det Ch Insp Robertson said: "There are a number of different ways to do it.

"We know of organised crime groups who are placing people within the call centres so that they can steal customers' data and carry out fraud and money laundering.

"We also know of employees leaving the call centres and being approached and coerced, whether physically, violently or by being encouraged to make some extra money.

"And of course you have the disgruntled employee who may turn their hand to fraud just to benefit themselves."

Expect data retention to be a goldmine for criminals.

UK rules requiring all pub-goers to be fingerprinted at the door

Words fail me. From The Register:

The government is is funding the roll out of fingerprint security at the doors of pubs and clubs in major English cities.

Funding is being offered to councils that want to have their pubs keep a regional black list of known trouble makers. The fingerprint network installed in February by South Somerset District Council in Yeovil drinking holes is being used as the show case...

The council had assumed it was its duty under the Crime and Disorder Act (1998) to reduce drunken disorder by fingerprinting drinkers in the town centre.

Some licensees were not happy to have their punters fingerprinted, but are all now apparently behind the idea. Not only does the council let them open later if they join the scheme, but the system costs them only £1.50 a day to run.

Oh, and they are also coerced into taking the fingerprint system. New licences stipulate that a landlord who doesn't install fingerprint security and fails to show a "considerable" reduction in alcohol-related violence, will be put on report by the police and have their licences revoked.

Edited to add:
Ralf Bendrath kindly posted a link to his detailed analysis of this measure.

Samizdata have an enlightening take on the abuse of regulatory authority behind these rules.

Your personal information is for sale: Italian telco in wiretapping scandal

BBC News has reports of an Italian scandal involving telecom company insiders:

Telecom Italia has been in the headlines in recent weeks
Italy's justice minister has started an investigation into whether government officials were involved in an alleged wire-tapping scandal at Telecom Italia.

The news comes a day after police said they had arrested 20 people as part of an investigation into the case.

Prosecutors say the spy ring taped the phone conversations of politicians, industrialists and even footballers.

Of course the information stored by the same telecoms companies under data retention won't be abused. Oh no. Perish the thought.

Godaddy caves in rateyoursolicitor.com case?

This is a fascinating development in the ever-entertaining rateyoursolicitor.com saga. American company blocks off access to 'rate your lawyer' site - Irish Independent:

"AN American domain name provider has suspended access to the controversial rateyoursolicitor.com website after an Irish High Court issued a court order to remove offensive material about a barrister from the site.

Godaddy.com, an award winning internet site, suspended access to the rateyoursolicitor.com portal within 24 hours of an injunction issued by Judge Michael Hanna.

Last Wednesday, Judge Hanna issued an order that defamatory material posted about Jayne Maguire, a barrister, on rateyoursolicitor.com must be removed with immediate effect.

Ms Maguire has claimed that John Gill, of Drumline, Newmarket on Fergus, defamed her by posting offensive remarks on rateyoursolicitor.com.

Mr Gill, chairman of the Victims of the Legal Profession Society, denied that anything concerning Ms Maguire was published or posted on the site.

Ms Maguire is seeking damages for defamation and privacy and an interlocutory injunction of the statements about her on the site which she says is administered by Mr Gill.

Godaddy.com have locked access to the site domain name until High Court proceedings are concluded. Lawyers acting for Ms Gill served notice on www.gmax.net, an American Internet Service Provider that is host to the site.

It had been thought that Godaddy.com was hosting the site which invites Irish people to rate their lawyers, however gmax.net has now been identified as the ISP and has received notice of the High Court proceedings.

Slashdot has some interesting comments. More on this when I get the chance - but if these reports are accurate I'll certainly be moving my own registrations and hosting from Godaddy.

Gardaí disclosing confidential information to media

This RTÉ News report is worrying, and reinforces the DRI complaint earlier this year about the leaking of mobile phone records by gardaí.:

"Garda Commissioner Noel Conroy is this afternoon to appoint a senior officer to investigate the circumstances surrounding the release of video footage to RTÉ News.

The footage, broadcast yesterday, features two men convicted of dangerous driving, videoing themselves driving at high speed on the N4, near Mullingar, Co Westmeath.

District Court judge John Neilan this morning requested the commissioner to commence an internal investigation.

Judge Neilan said his relationship with the force was deeply strained as a result of events this week.

Judge Neilan said he was appalled by the conduct of the garda officers in the case.

He said the case had first come before him in June and he was satisfied beyond any shadow of a doubt that one of the prosecuting officers had primed the media in respect of the case.

He said that since the tape from the camcorder found in one of the cars was not available to the court yesterday, the only evidence that was available was that as recounted by the Inspector at Mullingar District Court yesterday.

Judge Neilan also said that it was his belief that the evidence of the arresting officers was tainted and embellished by what they saw on the camcorder.

Charges withdrawn

He said that the prosecution had decided without indicating to the court or the media, which apparently had the inside track on the case, that it was withdrawing two of the charges.

Two of the charges related to the material which was used and retained on the camcorder.

The judge said the DPP did not give any reason to the court for not proceeding with those particular charges.

He said that the conduct of members of An Garda Síochána in discussing evidence and possibly releasing material which was intended to be used in the case yesterday was nothing short of scandalous.

Judge Neilan said that the material seized by gardaí was material which was under the authority of his court.

He warned members of the public to be cautious about what he called the hype surrounding this case, and he said that every member of the public should be aware that certain members of the gardaí are priming the media well in advance of any case being dealt with in accordance with the law.

Judge Neilan also said that certain members of the gardaí believe they have 'a God given right to undermine the cases of the DPP and generate as much hype and hysteria as they can'."

Digital Rights Ireland brings legal action over mass surveillance

The title says it all. Click here for full details and information on how you can support the action.

McGarr Solicitors and public access to court files

McGarr Solicitors have a new website which has two firsts for Irish solicitors - they're the first firm of Irish solicitors to have a blog (surprisingly Irish barristers have put down their quills and been to the front here), and (more significantly) they've been the first to make some court documents publicly available on their web site.

Court documents in Ireland currently exist in a legal limbo - although justice must be administered in public, the practice has been to limit access to the court file. This is so even though every document in the file might have been read out in open court, and even though there is no rule prohibiting disclosure of the contents. Consequently if you as a member of the public wish to see the papers in a case you are dependent on the good will of the parties. This is unlike other jurisdictions such as the United States, where it is generally presumed that court documents are public documents in the same way that the proceedings themselves are public. I've long felt that the Irish practice is far too restrictive, and it's good to see solicitors making it easier to view these documents.

Schools fingerprinting children - Data Protection Implications

It seems as though everybody wants to fingerprint your children these days. The latest issue is whether schools can fingerprint children without so much as a parental by your leave. The Register has a very interesting discussion of the data protection issues involved:

Parents cannot prevent schools from taking their children's fingerprints, according to the Department for Education and Skills and the Information Commissioner.

But parents who have campaigned against school fingerprinting might still be able to bring individual complaints against schools under the Data Protection Act (DPA).

DfES admitted to The Register that schools can fingerprint children without parents' permission.

This position has also been taken by the Information Commissioner, who interprets and enforces the Data Protection Act - the law privacy campaigners hope might be used to stop schools fingerprinting their children.

The Information Commissioner's Office (ICO) is drawing up guidance on the use of fingerprints for purposes other than law-enforcement. The guidance will say once and for all whether parents can prevent their children's fingerprints being taken.

David Smith, deputy Information Commissioner, said it was a complex issue that was still being worked out, but it was likely that parents did not have an automatic right to decide whether their children's biometrics could be taken by a school.

"The Data Protection Act talks of consent of the individual - essentially that's consent of the child," he said.

"Now there's a requirement that consent is informed and freely given. That will depend on the age of the child," he said.

Update: Spongebobb asks what the situation would be in Ireland. The Irish Data Protection Commissioner has given guidance on whether children can consent to the use of their personal information, though this doesn't specifically address this situation:

The minimum age at which consent can be legitimately obtained is not defined in the Data Protection Act, 1988.

Section 2A(1) of the Acts states that consent cannot be obtained from a person who, by reason of age, is likely to be unable to appreciate the nature and effect of such consent. Judging maturity will vary from case to case.

In the medical area, the GPIT Guide (www.GPIT.ie) suggests that an individual may be assumed to be competent to give consent for medical purposes on reaching the age of 16 years. Where the individual is below that age, consent may still be given, but this requires that the medical practitioner involved must assess whether a child or young person has the maturity to understand and make their own decisions about the handling of their personal health information. In relation to the right of access to health data, where the individual is below 16 years, it was recommended that the general practitioner should use professional judgement on a case by case basis, on whether the entitlement to access should be exercisable by (i) the individual alone, (ii) a parent or guardian alone, or (iii) both jointly. In making a decision, particular regard should be had to the maturity of the young person concerned and his or her best interests.

In the marketing area, where sensitive data is not involved, including on websites, a lower threshold may be permissible. For example, it is a matter for a company to judge if a 14 year old can appreciate the issues surrounding consent and to be able to demonstrate that a person of that age can understand the information supplied and the implications of giving consent. While care should be taken that a person under that age would not be enticed into a deception concerning his/her age, a clear statement that an age limit applies would normally suffice. Where the company becomes aware at a later date that a person has supplied false age-related information, then that data subject's details should be removed from the live site. Sufficient identifiers may be retained purely for the purpose of blocking future entry attempts by that individual.

Where the company accepts that an individual is a minor and are seeking parental consent, e-mail might not be the best medium, unless they can establish that the e-mail address is genuinely a parent/guardian's e-mail address. A postal address is more readily authenticated, though it still does not preclude a letter being addressed to a sibling.

The closest Irish precedent is a case involving a primary school which put the personal details of pupils on a website without parental consent. The Data Protection Commissioner took a dim view of this:

A parent contacted my Office to complain that the local primary school was publishing personal details of pupils on the school web site, without the knowledge or consent of parents. The details included photographic images of named individual pupils, as well as general details volunteered by pupils regarding their hobbies, likes and dislikes. The parent was concerned that the non-selective publication of children’s details in this way was inappropriate, and could expose the children to unnecessary risks. The parent had raised the matter with the school authorities and was very dissatisfied with the response she had received.

I immediately contacted the school principal to arrange that personal details relating to identifiable children would be deleted from the web site, pending an urgent meeting on this matter. At the meeting, the school principal explained that the web site had been set up several weeks previously in order to meet the educational needs of children in relation to computing. The pupils themselves had been quite positive about the development. Photographs of individual pupils in the junior and senior infants classes had been posted on the web site. Other pupils had been invited to contribute to the web site through other activities, such as filling out questionnaires giving personal information that would be of interest to pupils in other schools, both nationally and internationally. It was noted that the school web site had been given an award by an internet service company in recognition of its merit. As regards parental consent, the principal said that the new web site had been mentioned in a recent school newsletter, and that parents had been invited to come to the school to check it out for themselves.

I pointed out that section 2(1)(a) of the Data Protection Act requires that personal data "shall have been obtained, and the data shall be processed, fairly ". When dealing with personal data relating to schoolchildren, "fairness" in my judgement requires that the clear and informed consent of parents or guardians must be obtained before any use is made of the children’s data. This is particularly so where the use envisaged involves the posting of data on the worldwide web. The principal accepted these points and undertook not to post personal details of schoolchildren on the web site except with the express authorisation of a parent or guardian.

Of course, the children in this case were of primary school age and so unlikely to be able to give an informed consent. It leaves open the question of whether parental consent could still be required in respect of an older child.

Your personal information is for sale - HP spies on directors' home telephone calls

Newsweek has revealed that:

To catch a leaker, Hewlett-Packard's chairwoman spied on the home-phone records of its board of directors.

The confrontation at Hewlett-Packard started innocently enough. Last January, the online technology site CNET published an article about the long-term strategy at HP, the company ranked No. 11 in the Fortune 500. While the piece was upbeat, it quoted an anonymous HP source and contained information that only could have come from a director. HP’s chairwoman, Patricia Dunn, told another director she wanted to know who it was; she was fed up with ongoing leaks to the media going back to CEO Carly Fiorina’s tumultuous tenure that ended in early 2005. According to an internal HP e-mail, Dunn then took the extraordinary step of authorizing a team of independent electronic-security experts to spy on the January 2006 communications of the other 10 directors—not the records of calls (or e-mails) from HP itself, but the records of phone calls made from personal accounts. That meant calls from the directors’ home and their private cell phones. ...

The HP case specifically also sheds another spotlight on the questionable tactics used by security consultants to obtain personal information. HP acknowledged in an internal e-mail sent from its outside counsel to Perkins that it got the paper trail it needed to link the director-leaker to CNET through a controversial practice called “pretexting”; NEWSWEEK obtained a copy of that e-mail. That practice, according to the Federal Trade Commission, involves using “false pretenses” to get another individual’s personal nonpublic information: telephone records, bank and credit-card account numbers, Social Security number and the like. Pretexting is heavily marketed on the Web.

Typically—say in the case of a phone company—pretexters call up and falsely represent themselves as the customer; since companies rarely require passwords, a pretexter may need no more than a home address, account number and heartfelt plea to get the details of an account. According to the Federal Trade Commission’s Web site, pretexters sell the information to individuals who can range from otherwise legitimate private investigators, financial lenders, potential litigants and suspicious spouses to those who might attempt to steal assets or fraudulently obtain credit

The UK Information Commissioner has shown that "pretexting" is prevalent in the UK also, in his report "What Price Privacy? The Unlawful Trade in Confidential Personal Information". While we have no comprehensive report in respect of Ireland, it is likely that it is just as common here.

Incidentally, one of the most common misconceptions about privacy is that it's merely about trusting the government not to abuse its powers. This case illustrates that when you create vast databases, you have to cross your fingers and hope that there is no one else (such as your employer) with a motive to spy on you.

Update: It's now emerged that HP spied on journalists' telephone calls also. Particularly in the US, there's been media lethargy about privacy issues - hopefully there'll be more coverage of the issues as reporters realise that it may be their ox being gored.

Privacy: One law for them, one law for us

The Telegraph reports that "Celebrity children will get database privacy" in the Orwellian "Children's Index":

Children of celebrities will be given special safeguards in a new database that will store details of every child in England and Wales, it was disclosed yesterday. ...

Ministers said the contentious two-tier level of privacy will protect children of the rich and famous from intrusion.

Addresses and telephone numbers of celebrities will be removed from the database if, for example, their children are deemed at risk of kidnap.

But opponents of the £241 million Children's Index — a supposedly confidential system intended as an early warning system for children at risk of abuse — said the move underlined their concerns about its security.

In further embarrassment to the Government, an independent report commissioned by Parliament's Information Commissioner and due to be published next month, is understood to warn that the index is causing serious concern and is possibly unlawful.

There are fears that it does not comply with the European Convention on Human Rights and may contravene the Data Protection Act. ...

Files are held by many bodies on the 11 million children in England and Wales, but the index will link this sensitive information in one database accessible to hundreds of thousands of officials. ...

Lord Adonis, the education minister, told the House of Lords: 'Between 300,000 and 400,000 users will access the index. Children who have a reason for not being traced, for example where there is a threat of domestic violence or where the child has a celebrity status, will be able to have their details concealed.'

Robert Whelan, the deputy director of the think-tank Civitas, said Lord Adonis's remarks showed there were legitimate concerns about the security of the index.

'The Government is showing it has no confidence in this database,' he said.

'There have been all these assurances it is secure, but how can we believe them now? I will tell you who will be off the register — the Blairs' children. This is just politicians protecting their own.

'And how is the Government going to define celebrity? It is a very fluid term — an assembly of high-profile clergy, disgraced politicians, topless models, pop singers and reality TV contestants.' ...

But, in an interview for tomorrow's Channel 4 programme Your Kids Under Surveillance, Prof Ross Anderson, an author of the report sent to the Information Commissioner, expressed concern about security.

'There will always be bent insiders. If you connect all these systems up and if you've got over a million professionals needing to access this every day it will all get out.

'Paedophiles for example can use the database to find out which children in their neighbourhood are vulnerable and where they live.'

Yet another argument against ID cards - UK Edition

ID card fears as staff hack into Home Office database | This is London:

"Office staff are hacking into the department's computers, putting at risk the privacy of 40million people in Britain.

The revelation undermines Government claims that sensitive information being collected for its controversial ID Cards scheme could not fall into criminal hands.

The security breaches occurred at the Identity and Passport Service, which is setting up the National Identity Register to provide access to individuals' health, financial and police records as part of the £8billion ID card scheme scheduled to begin in 2008.

MPs and technology experts have expressed fears that the national register, which will store sensitive details of more than 40million people, will be a honeypot for hackers and identity thieves. Liberal Democrat

Home Affairs spokesman Mark Hunter said: 'These revelations show it is folly to put all the precious personal data of our citizens in one place.'

Personal information about every British passport holder - including their date of birth, mother's maiden name, address and photographs - is already held in the IPS computers.

A Home Office spokesman last night confirmed the IPS security breaches. He also confirmed that three staff involved had been sacked and a fourth had resigned before disciplinary procedures had concluded."

NY Times uses geolocation to avoid contempt of court

Times Withholds Web Article in Britain:

If Web readers in Britain were intrigued by the headline “Details Emerge in British Terror Case,” which sat on top of The New York Times’s home page much of yesterday, they would have been disappointed with a click.

“On advice of legal counsel, this article is unavailable to readers of nytimes.com in Britain,” is the message they would have seen. “This arises from the requirement in British law that prohibits publication of prejudicial information about the defendants prior to trial.”

In adapting technology intended for targeted advertising to keep the article out of Britain, The Times addressed one of the concerns of news organizations publishing online: how to avoid running afoul of local publishing laws.

“I think we have to take every case on its own facts,” said George Freeman, vice president and assistant general counsel of The New York Times Company. “But we’re dealing with a country that, while it doesn’t have a First Amendment, it does have a free press, and it’s our position that we ought to respect that country’s laws.”

Jonathan Zittrain, a professor of Internet governance and regulation at Oxford University, said restricting information fit with trends across the Internet. “There’s a been a sense that technology can create a form of geographic zoning on the Internet for many years now — that they might not be 100 percent effective, but effective enough,” Mr. Zittrain said. “And there’s even a sense that international courts might be willing to take into account these efforts.

Plans were made at The Times over the weekend to withhold print versions of the article in Britain, as well as news agency and archived versions.

But the issue of the Web was more complicated.

Richard J. Meislin, the paper’s associate managing editor for Internet publishing, said the technological hurdle was surmounted by using some of The Times’s Web advertising technology. The paper could already discern the Internet address of users connecting to the site to deliver targeted marketing, and could therefore deliver targeted editorial content as well. That took several hours of programming.

“It’s never a happy choice to deny any reader a story,” said Jill Abramson, a managing editor at The Times. “But this was preferable to not having it on the Web at all.”"

This sets an interesting precedent - if the NY Times is willing to filter content for one jurisdiction to avoid contempt of court problems, how long will it be able to avoid filtering for possible libel issues?

Yet another argument against ID cards - Australian edition

The Register reports:

Australia's identity card system was routinely searched for personal reasons by government agency employees, some of whom have been sacked.

Police are now investigating allegations of identity fraud resulting from the security breaches.

There were 790 security breaches at government agency Centrepoint involving 600 staff. Staff were found to have inappropriately accessed databases containing citizens' information. The databases are part of a massive federal Government smart card project which will link medical, welfare, tax and other personal data on Australia's 17m citizens.