The Privacy, Identity & Consent Blog

The US needs a federal privacy law

Fri, 16 May 2008 08:53:13 +0000

The US has a wealth of state and federal laws intended to protect privacy, but what it doesn't have is a federal equivalent to the EU Data Protection Directive. There's even a law to protect privacy of video rental information (and if you're not familiar with the story behind that, then it makes for great reading). The US Constitution doesn't specifically protect privacy, although this is covered in the 9th amendment. Despite that, an aggressive Federal Trade Commission and active litigation combine to offer good privacy protection.

Security guru Bruce Schneier has called for a US privacy law - a federal equivalent to the EU Directive. I'm sceptical that this will happen, but it would certainly be worth a try.

ICO gets a big stick!

Wed, 14 May 2008 08:36:06 +0000

The Criminal Justice Justice and Immigration Act has received Royal Assent. Why does this matter? Because it gives the Information Commissioners Office new powers to fine organisations that deliberately or recklessly abuse the Data Protection Act. ICO representatives have been talking a much tougher story recently, so let's hope that they're prepared to follow through with rigourous action against offenders. The acid test will be whether they're prepared to fine public authorities who fail to look after personal information.

Data Security Failings at DWP?

Fri, 09 May 2008 13:01:00 +0000

According to a Press Association report, the Department for Work and Pensions has allegedly been breaching its own security policies:

Government staff have been sending out highly sensitive data in packages that include the passwords.

The errors at the Department for Work and Pensions "defeat the purpose" of tighter security rules brought in after last year's data loss scandals, according to an internal email.

The startling admission comes in a message circulated to staff by one of the DWP's security advisers, and will provoke fresh doubts over Government systems.

CCTV fails to cut crime - so let's take identity out of the equation

Tue, 06 May 2008 08:36:13 +0000

A senior police officer has stated that the pervasive use of CCTV in the UK has failed to cut crime and is an 'utter fiasco'. with only 3% of London's street robberies being solved using security cameras.

Identity systems will save the world

Wed, 23 Apr 2008 09:09:57 +0000

At Monday's Enterprise Privacy Group meeting, a debate arose around the value of identity management - and in particular the Identity Metasystem - in the grand scheme of human endeavour. Why do we fret about identity when there are lots of apparently bigger issues out there? But stacked up against climate change, curing cancer and ending world hunger, identity management is a lot more important than you might think.

Why I won't be at Infosecurity (but there's a competition if you are)

Tue, 22 Apr 2008 08:50:23 +0000

Infosecurity starts today, and it will doubtless be the biggest, busiest and boldest conference yet. So why am I feeling rather underwhelmed at the prospect?

Environment Agency takes phishing rather too literally?

Mon, 21 Apr 2008 08:47:15 +0000

A friend's application for an angling license ~~reveals~~ may reveal that the Environment Agency is either sloppy with its personal data or is deliberately obfuscating its privacy policies. If government is to build trust in its management of personal information, then these 'small incidents' must come to an end. [Editor's update: 30 April - Please see comments below for the Environment Agency's response and note that this entry has now been amended as indicated with strikethrough / italics.]

The battle for the Internet

Fri, 18 Apr 2008 19:17:27 +0000

I'm going to draw a line under my Phorm commentary. They've opened up their plans to a privacy expert, held a public meeting, and hired a Chief Privacy Officer. This article outlines my feelings on the subject. So, time to declare closed season on Phorm and give them a chance to get it right.

Laptop privacy on the train

Fri, 18 Apr 2008 19:12:20 +0000

As one of the unfortunate millions who has to commute, I use my laptop on the train, and sometimes don't want the person next to me looking at what's on the screen. To date, I've used an excellent 3M Privacy Filter, but thanks to the folks at Engadget for pointing out this fantastically practical fusion of clothing and privacy filter. I'm looking forward to getting one already.

The Telegraph's Matt on Surveillance

Tue, 15 Apr 2008 20:04:17 +0000

A fantastic surveillance cartoon by Matt.

Phorm public meeting

Tue, 15 Apr 2008 08:39:47 +0000

High-profile online advertising service Phorm is holding an open meeting with its supporters and critics this evening. The meeting will be chaired by Dr Ian Brown, and speakers include Simon Davies, Dr Richard Clayton and Kent Ertegrul, CEO of Phorm.

A meeting of this type is unprecedented: Phorm are taking the stage with critics and supporters alike, and the CEO and CTO will be open to questions from the audience. If you have a criticism of, or interest in, Phorm then you need to be there. It's an open meeting, so anyone can attend. Location details, timings and registration are available here.

Listen in, Directors: privacy matters

Mon, 14 Apr 2008 10:49:26 +0000

Tony reports that the board of HM Revenue & Customs has been suspended following an external review of last November's loss of child benefit data. Since the incident, three non-exec directors have stepped down, one has resigned and another has moved to a new job. The Chancellor's public statement on the incident and subsequent resignation of HMRC's acting chairman were widely reported. The board will be replaced with an Executive and Advisers Committee pending a reorganisation.

Whilst the incident itself should of course never have been allowed to happen, the subsequent transparency and accountability is very welcome indeed. Finally we see senior executives held to account for privacy breaches. Not so long before, senior civil servants would have been able to shrug off such an incident and blame it on the system / a junior clerk / external suppliers / flawed systems inherited from the previous government* [delete as appropriate]. Hopefully this will put an end to such attitudes, and executives across the public and private sectors will follow HMRC's example by taking privacy seriously.

Enigma, Ultra and Bletchley Park

Sun, 13 Apr 2008 13:30:27 +0000

Anyone with an interest in the history of cryptography and codebreaking will want to listen to last week's edition of The Reunion on BBC Radio 4, in which a team of Bletchley Park employees reminisce about their work and its contribution to the war effort.

Phish fingers

Thu, 10 Apr 2008 10:05:32 +0000

The past few days have seen the emergence of a new attack group - phish fingers. After the Chaos Computer Club published a fingerprint of a German minister, there's a reward out for fingerprints from the UK Prime Minister and Home Secretary.

Phorm opens itself to independent scrutiny

Wed, 09 Apr 2008 08:46:30 +0000

Online advertising company Phorm has responded to its critics' demands by allowing an inspection of its plans by a respected security expert. Unfortunately, he doesn't like what he's seen.