As Evan Davis said on this morning's Today programme - "I've lost track of how many of these incidents we've reported recently". People ask me why I oppose Data Breach Notification - well, there's your answer...
]]>For a while I've used the following slide to test the mood of conference audiences before I wade in with a wrong approach. In every single case I get a unanimous show of hands that they've become increasingly concerned about their privacy - even those who are adamant that they sit in the 'nothing to hide, nothing to hear' camp. I, meanwhile, have been fashioning a very fetching cap out of bacofoil...
Opinions about the trial are mixed: clearly Phorm are delighted at this next stage, although protesters are incensed that it has been allowed to proceed. The trial will involve 10,000 volunteers from BT's customers. As an aside, Phorm reported increased losses of £13.8m in the first half of 2008 - which sounds enormous, but is not so scary in the context of the sort of burn rates we saw during the dot-com boom.
The most important issue here is whether an IP address can be considered to be Personally Identifiable Information (PII). Much of Europe takes the opinion that IP does count as PII - after all, an ADSL connection can maintain a consistent IP address over a long period, which would permit detailed profiling of the user(s) on that address. The influential Article 29 Working Party thinks IP addresses are PII. The UK, on the other hand, does not treat them as PII.
My concern here is that we will build an ecosystem of influential commercial enterprises that rely on being able to profile IP data without having to worry about the Data Protection Act. Once sufficient companies are involved, they will carry far greater parliamentary influence than protesters and privacy advocates, and it's going to be very hard indeed to turn back the clock to bring us in line with Europe. The sooner that Parliament faces facts and reviews this situation, the less trouble we will store up for the future.
]]>Whilst the paedophile argument is, I suppose, legitimate, it smacks of pandering to the red-tops for a bit of a soundbite. However, the policy itself is sound, and in fact essential for the Conservatives if they are to maintain their continued opposition to the National Identity Scheme.
My fears about ContactPoint stem from the incredible potential for function creep. The government has already said that it will be used to 'track criminals', so it's only a matter of time before its usage extends far beyond the protection of chiildren. After all, councils are at pains to emphasise that it won't record fruit and vegetable consumption - which can only mean that this has been given serious consideration at some point. Good grief.
Furthermore, how can data be kept secure on a system with an expected 300,000 authorised users? Well, it can't. Plain and simple. And that's why the policy is that it won't contain the contact details for children of celebrities and political figures. That's OK then, since the rest of us are so much less important and our details simply aren't worth having.
I understand that the ContactPoint team have been to great pains to ensure that they comply with the Data Protection Act, and I've heard representatives from the Information Commissioner's Office confirm this. But it's a classic example of the Data Protection Act being used as the maximum target for what needs to be achieved, rather than the minimum needs for protecting privacy. This is the DPA as an annoying compliance hurdle rather than something to be embraced and respected. And that needs to change.
]]>On this topic, my experience is that cracks are beginning to appear in the Telephone Preference Service. After a year or two of peace and quiet, I now typically receive 2-3 unsolicited automated calls to my home phone number which is ex-directory but registered with TPS. Of course the calls don't indicate the CLI number. The bulk are trying to flog debt consolidation services, and whilst I've never listened to the tape for long enough to find out who's calling, I'll bet they're UK companies: what we're witnessing is a downturn where the commercial 'benefits' of complying with data protection laws and respecting privacy (and those benefits are normally very hard to quantify) are dwarfed by the commercial opportunities to sell certain services. Such an attitude is abhorrent but a fact of life - sometimes it's a better business decision to ignore the regulations and pay the fines if they come your way.
]]>Of course the cards themselves are a red herring that will please the popular press - they have little practical purpose in verifying entitlement to remain in the UK - because the real issue here is the capture of biometric details in a register for the broader range of purposes covered in the ID Act. Furthermore, the system is (as I understand it) intended to be temporary, being replaced by the National Identity Register if and when that appears. What we actually have here is a proof of concept scheme, so it will be interesting to see how the scheme - and its compulsory participants - fare over the coming months.
]]>This is an exceptionally important area of research, since at present we lack simple, universal models to express consent in a meaningful way when we hand over data. The consequences of this include organisations using blanket privacy policies that offer no real protection, and individuals with-holding or misrepresenting data in order to gain access to services because they're concerned about how their data might be misused.
Expect to see good results from this piece of work - the research team includes the likes of Prof Sadie Creese from Warwick University, Dr Edgar Whitley at the LSE, and Pete Bramhall of HP Labs - all heavy hitters in the privacy space.
]]>"Surveillance mania is spreading. Governments and businesses register, monitor and control our behaviour ever more thoroughly. No matter what we do, who we phone and talk to, where we go, whom we are friends with, what our interests are, which groups we participate in - «big brother» government and «little brothers» in business know it more and more thoroughly.
"The resulting lack of privacy and confidentiality is putting at risk the freedom of confession, the freedom of speech as well as the work of doctors, helplines, lawyers and journalists."
The protest has a range of demands, including:
A commendable set of demands, and one that won't sit comfortably with current UK government policy.
The London protest - which like the other cities is planned as a peaceful event - will meet at New Scotland Yard at 1pm on 11 October - further details are available here.
]]>This is, very sadly, a classic example of woolly, misinformed, knee-jerk legislation. I've already made my opinions on data breach notification clear, but I'm shocked that the EC can come up with something quite as muddle-headed as this.
]]>The motion states ""Congress sees absolutely no value in the scheme or in improvements to security that might flow from this exercise and feels that aviation workers are being used as pawns in a politically led process which might lead to individuals being denied the right to work because they are not registered or chose not to register in the scheme."
IPS has already stated its intention to make airside workers register for ID cards as some of the first people to receive them under the provisions of the Act (the cards to be issued to foreign nationals in November this year are ID cards, but will be issued under the UK Borders Act rather than the Identity Cards Act). The idea of forcing them upon airport workers struck me as dangerous when it was first announced; there seems to be little benefit in issuing to that particular group first when they're already subject to their own identifying credentials that work perfectly well; and more importantly whether or not they object to them, the initiative is a great bargaining tool for the unions to use against the Home Office.
It will be brave government that picks a fight with the TUC over this at a time when the leadership is under threat; my guess is we'll see this idea fizzle out and another less powerful group of individuals will be selected for early adoption.
]]>The Census has always been seen as the epitome of best practice in personal data management: its entire model depends upon individuals trusting the government not to misuse the data provided, otherwise mass dissent would follow (i.e. even more than us turning into a nation of Jedi Knights). The Office of National Statistics has always had an extremely good reputation for respecting personal data, particularly relative to certain other public sector bodies, so it will be interesting to see how they face up to the challenge of maintaining that reputation now that public awareness of data loss incidents has peaked.
]]>Meanwhile, ad giant M&C Saatchi has been hired to promote ID cards, the first of which are issued in November to foreign nationals (under the UK Borders Act, not the ID Cards Act). Luckily for them much of the work's already been done - Absolute Power predicted this in 2005.
[Edited 15:15hrs 10/09/08 to reflect fresh information]
]]>Clearly where sensitive personal information is lost, such as in the case of trainee doctors’ sexual orientation being erroneously posted on the Internet, there is a case for penalising the organisations concerned. Likewise, if fraud can be directly traced back to the loss or theft of data, then this should be prosecuted in accordance with existing laws.
Rather than creating a cumbersome and self-serving new regulator tasked with notifying individuals of breaches, we need to provide a ten-fold increase in funding for the existing Information Commissioner’s Office, which would give his team the necessary resources to investigate and enforce existing data protection laws. The US model succeeds because of a powerful and well-funded Federal Trade Commission, coupled with a litigious culture – not because of a well-meaning rule to force disclosure.
Of course other browsers have offered enhanced privacy features for a while now - for example, Firefox has a host of security and privacy plug-ins - but this is particularly important because of Microsoft's 76% browser market share (depending upon how you measure it). The majority of Internet users have Explorer, and I suspect that the majority of 'novice' users - those who are worst-placed to protect themselves - will use Explorer because it came with their PC.
Critics have of course joked about InPrivate browsing in fact providing a 'pr0n mode' for users of shared or corporate machines to access adult content, but the mode is equally useful for accessing online banking where you might not want to leave any residual data on the machine. I'm less convinced by arguments that it can protect users on shared PCs - this is only true if you trust the machine, since it can't be long before someone 'skins' IE7 or IE8 to fool users into thinking they've enabled InPrivate browsing when in fact the machine is recording every keystroke and click. However, that's no different from the current situation for Internet cafes, and if you use them for anything sensitive then you'd be well advised to use a 'browser on a stick' such as an IronKey.
But that's just a minor point here. Microsoft's enhancements are welcome and timely. I'm upgrading to IE8 (you can do so here) and will continue to use it alongside Safari (my main browser because I'm a Mac user) and Firefox.
(Click through for further details of the new features in IE8)
]]> From Microsoft's Press Release:Delete Browsing History offers the ability to delete users browsing history while preserving data on sites they have been saved as favorites. This enhancement significantly increases utility and ability for users to control their data and privacy.
InPrivate™ browsing helps to protect your data and privacy by keeping any data from being retained “locally” by the browser. When a user opens an InPrivate browsing session either through the Safety menu or new tab page, the browser session does not retain your browsing history; no data is stored in either your temporary files or your history. This new feature is designed for users of a shared PC who might be shopping for gifts for family members and desire this added level of privacy or when using a public PC and Internet cafes.
InPrivate blocking, a user controlled option integrated with InPrivate browsing provides notice and ability for users to allow or block third party content providers which might be in a position to track and aggregate their online activity. Today, when a user visits a website, the user has made a decision to view content from that site and is knowingly sharing some information with it. However, that site may also contain content such as advertisements, stock tickers, or weather information which is served by third-party sites and content syndicators. By simply browsing their favorite sites, users can unknowingly share their information and browser profiles with multiple third-party sites. When a user has opened an InPrivate™ browsing session, they concurrently have “ opted-in” to InPrivate blocking, providing users the added control on the visibility and potential usage of the data by others.
InPrivate is a Microsoft trademark.