Recent Blog Posts
Privacy and data protection
The Conservatives and Liberal Democrats have published their coalition agreement. This includes the following key lines: 10. Civil liberties The parties agree to implement a full programme of ...
It's a bright, sunny morning. Finally, we have a new government. I'm excited. I've a strong sense that a Conservative-Liberal coalition could be the best possible election outcome for the UK: a ...
At some point in the next few hours, we're likely to find out the shape of the next government. I deliberately avoided commenting on my political preferences in the run-up to the election, ...
Tonight is the premiere of David Bond's new film 'Erasing David,' which will also be shown on More 4 at 10pm on 4th May. If you have any doubt in your mind about whether we have already sleepwalked ...
One of the biggest flaws in the National ID Scheme's architecture is its failure to support peer-to-peer authentication in any meaningful way. The government has promoted it as a way to interact ...
Identity, Privacy and Trust
Technology Strategy Board - Trusted Services Competition
Enterprise Privacy Group 07 Apr 2010The Technology Strategy Board has allocated up to £8m to invest in highly innovative collaborative research and development projects in the area of trusted services. The tools, techniques and ...
Please excuse the off-topic posting, but it's time for the annual charity event. Those of you whom I've pestered for sponsorship before will know that for the past three years I've cycled from my ...
Identity, Privacy and Trust
Privacy, Data Protection and Security - Post UK Election
Enterprise Privacy Group 31 Mar 2010As the country goes to the polls, the three main parties have committed to specific policies on Privacy, Data Protection and Security. In particular, the Conservatives have promised radical reform ...
Identity, Privacy and Trust
Information - Assurance or Atrophy?
Enterprise Privacy Group 30 Mar 2010Over the past few years the Government’s reputation for Information Assurance (IA) – managing the risks associated with information handling – has taken a beating. Individual incidents and serious ...
Google is reported to be recruiting bond traders. So what? They're a big company, they doubtless have a corporate treasury function (although being Google they've probably come up with a much more ...
A very unpleasant little amendment to the Licensing Act (2003) is in front of Ministers for approval as a Statutory Instrument (SI). If you're not familiar with the process, a SI is a delegated ...
The financial year end is nearly upon us. In a couple of weeks' time, government departments are expected to draw a line under many of their existing procurement contracts and move to a new budget ...
The US Federal Trade Commission has just found so-called privacy and security certification service ControlScan guilty of failing to monitor the practices of its certified sites. In their ...
Identity, Privacy and Trust
RSA Conference Europe opens call for speakers
Enterprise Privacy Group 01 Mar 2010The RSA Conference Europe is now accepting calls for papers for the conference on 12-14 October in London. I've always found the event to be a great mix of security, identity and privacy content, ...
Identity, Privacy and Trust
Italian Court Convicts Google Execs
Enterprise Privacy Group 26 Feb 2010An Italian court has flown in the face of the convention by convicting four Google executives - including Peter Fleischer, Google's Global Privacy Counsel - over a YouTube video that showed the ...
Identity, Privacy and Trust
Government backs down on increased data theft penalties
Enterprise Privacy Group 22 Feb 2010The Ministry of Justice has once again dropped plans to increase penalties against those who recklessly or deliberately misuse personal information. As part of its response to the Data Sharing ...
The Nudatrons* are back in the news again, as the Equality and Human Rights Commission has warned that their use in UK airports may be illegal, with a primary concern about how individuals might be ...
Identity, Privacy and Trust
Think your web browsing's anonymous? Think again.
Enterprise Privacy Group 04 Feb 2010The Electronic Frontier Foundation (EFF) has launched an interesting new project to highlight just how hard it is to avoid being tracked online. The project is based upon information theory - using ...
Identity, Privacy and Trust
Magistrates' details sent to prison
Enterprise Privacy Group 21 Jan 2010It doesn't particularly concern me as anyone can look in the phone book and find my name, but some magistrates could be really worried - there will be those who will be terrified.
Identity, Privacy and Trust
ICO gains new powers to fine organisations
Enterprise Privacy Group 15 Jan 2010The Information Commissioner has confirmed that from April he will have new powers to fine organisations up to £500,000 for wilful or reckless misuse of personal information. Actions likely to ...
The attempted Y-Front bombing of a US-bound flight by Umar Farouk Abdulmutallab on Christmas Day has been the dominant international news story of the past few weeks. The repercussions for privacy ...
I've noticed a somewhat grumpy trend in my blogs over recent months: the problem is that there's so much to grumble about. Public sector appears to be in meltdown with accusations of ministers ...
The Information Assurance Advisory Council has been quoted as threatening government with a refusal to change existing contracts in order to comply with the requirements of the Hannigan review of ...
It had to happen sooner or later - the police have been accused of arresting people solely for the purposes of adding further 'suspects' to the National DNA Database. It's time to revisit why the ...
Identity, Privacy and Trust
More on "The Identity Commissioner speaks - and drops the Home Office in it"
Enterprise Privacy Group 26 Nov 2009I wrote on the topic of the appointment of the new Identity Commissioner, and since then a comment has literally flooded in. I'm indebted to a spokesman for the Home Office, who writes: Today’s ...
Identity, Privacy and Trust
RIPA tears up the right to remain silent
Enterprise Privacy Group 26 Nov 2009Chris Williams of the Register has written an excellent analysis of the recent jailing of a schizophrenic man for refusal to release cryptographic keys to the police. This was a scenario foreseen ...
Identity, Privacy and Trust
The Identity Commissioner speaks - and drops the Home Office in it
Enterprise Privacy Group 24 Nov 2009Newly-appointed Identity Commissioner Sir Joseph Pilling has addressed the Home Affairs Committee in his first public appearance since taking up the post. What he had to say was interesting, and I ...
I attended a very good session at the RSA Conference Europe in London this afternoon, entitled "Privacy Concerns with Adopting DLP Technology". The panel, which comprised RSA's Katie Curtin-Mestre, ...
Identity, Privacy and Trust
Fail to build it... and they will come (and rip us off)
Enterprise Privacy Group 14 Oct 2009The Evening Standard reports that PC World was asked to withdraw a £750 printer after the Met police "revealed it could produce replicas of the proposed new ID card and EU driving licenses." It's ...
Returning from Spain yesterday, I thought I'd jump the queue by using the IRIS biometric entry system. It's been a while since I've used it, since on recent returns to the UK, the gateway has been: ...
Identity, Privacy and Trust
IPS launches Public Panel and Experts Group
Enterprise Privacy Group 17 Sep 2009The Identity and Passport Service has just launched a Public Panel and Experts Group. In their words: The Public Panels will provide an opportunity for IPS to have a conversation with the public ...
The Conservatives have unveiled their plans for reversing the rise of the surveillance state. Seeking to pull the surveillance infrastructure out of government, their views are commendable, but it ...
Identity, Privacy and Trust
Conservatives Reverse the Rise of the Surveillance State
Enterprise Privacy Group 16 Sep 2009The Conservatives will this morning describe their plans to reverse the rise of the surveillance state. Espousing three principles: that individuals, not the state, own personal information; that ...
DNA fingerprinting is 25 years old today. Speaking to the BBC, Professor Sir Alec Jeffrey, who pioneered the technique, called for the scrapping of innocent peoples' entries on the National DNA ...
Once in a while, a spam hits your inbox that raises a smile - which this one did. I've always rather liked Radisson hotels, but was particularly impressed with the list of jobs available in this ...
In the excellent Datonomy blog, Roger provides an interesting overview of the definition of 'Identity'. Arguing that it is about the autonomy of the data subject to control their personal data, he ...
The Home Office has refused to meet with Adam Laurie, the researcher who demonstrated an attack on the Foreign National ID Card last week. "...the Home Office again refused to see the ...
The Information Commissioner's Office has commissioned a study into the business case for privacy. Building on the Privacy by Design report, this project seeks to research and develop an easily ...
The BBC reports that Palm's long-awaited next-generation handset, the Pre, has been returning system and location data to Palm without users being aware or giving consent. Developer Joey Hess ...
Last week the Daily Mail published a feature piece in which it claimed that security expert Adam Laurie had managed to hack an ID Card in 12 minutes. The Home Office rubbished the article and ...
I was very disturbed to read the Guardian's claim that the police have been instructed by the Home Office to ignore the European Court's ruling that the UK DNA Database breaches human rights law, ...
Apologies for the lack of blogging over the past few weeks, I've been taking a break that included cycling to Paris and living in the woods for 10 days. In reviewing the mountain of news items that ...
Identity, Privacy and Trust
London to Paris - double our sponsorship!
Enterprise Privacy Group 17 Jul 2009Please forgive the off-topic post. Next week I will set out on the 400 miles ride from Hampshire up to London, then back to Paris via Portsmouth/St Malo. I'm part of a team cycling in aid of Action ...
Identity, Privacy and Trust
New CPS paper lays out possible Conservative ID policy
Enterprise Privacy Group 16 Jul 2009Centre-right think tank the Centre for Policy Studies has published a new paper that sets out a vision for IT policy under a Conservative government. Written by technologist and Conservative ...
Robin points out that the 118800 mobile phone directory service has been suspended. Operators Connectivity claim that the suspension is to allow revisions to the beta version of the service, but ...
Identity, Privacy and Trust
Increased fees for Data Protection notification
Enterprise Privacy Group 13 Jul 2009Datonomy reports on the new fee levels being set by the ICO for Data Protection notification. Small organisations won't see any hike from the existing £35 annual fee (free in certain cases), but ...
Identity, Privacy and Trust
Practical Privacy Impact Assessments
Enterprise Privacy Group 13 Jul 2009Sorry about the extended break from blogging - I've been away in the woods on a Bushcraft course, so no phone or email for me - but we're back to normal service now. I spoke on the topic of ...
Identity, Privacy and Trust
ID Cards: Communications Genius in Action
Enterprise Privacy Group 01 Jul 2009I'd like to offer my congratulations to the Communications team at the Identity and Passport Service for successfully pulling off one of the most audacious and downright clever pieces of media ...
Identity, Privacy and Trust
Scottish government reiterates opposition to ID Cards
Enterprise Privacy Group 30 Jun 2009It would be good to see the lessons being learned in Scotland replicated across the rest of the UK, rather than being rejected by the government. In the meantime, Scotland appears to be well on the ...
Identity, Privacy and Trust
Tories to ID Cards suppliers: don't sign the contracts
Enterprise Privacy Group 17 Jun 2009Shadow Home Secretary Chris Grayling appeared briefly on this morning's Today programme to ask the five framework suppliers under the National Identity Service - CSC, EDS, Fujitsu, IBM, Thales - to ...
The Digital Britain report is out, and I'm glad I didn't hold my breath waiting for it. Ian has summarised the main recommendations, which appear to consist of propping up unsustainable copyright ...
I've finally got round to reading the US Cyberspace Policy Review. Authored by Melissa Hathaway, Cybersecurity Chief at the National Security Council, this document was published at the end of May, ...
Identity, Privacy and Trust
Might Alan Johnson abandon the ID Cards scheme?
Enterprise Privacy Group 15 Jun 2009The Sunday Times reports that new Home Secretary Alan Johnson has ordered a review of the National Identity Service. Claiming inside information that he "is more sympathetic to civil liberties ...
Identity, Privacy and Trust
CBE for the Information Commissioner
Enterprise Privacy Group 15 Jun 2009Outgoing Information Commissioner Richard Thomas was appointed CBE in the Queen's birthday honours list at the weekend. Richard steps down from his post this Wednesday, and his successor ...
Identity, Privacy and Trust
Grab your Facebook identity before someone else does
Enterprise Privacy Group 14 Jun 2009I don't use Facebook much - there's nothing wrong with it, I suspect I'm just a little too old. My friends aren't big users, so there seems little reason for me to spend time there. However, thanks ...
Identity, Privacy and Trust
The Data Sharing Challenge - What Should the Public Sector Do?
Enterprise Privacy Group 10 Jun 2009Now - in the middle of a recession - is precisely the time to innovate. We need to challenge our assumptions about what is expected of public authorities; about how we procure IT and from whom; ...
Identity, Privacy and Trust
BS10012:2009 - Data Protection: Specification for a Personal Information Management System
Enterprise Privacy Group 02 Jun 2009The British Standards Institute has today published the first version of its BS10012:2009 - Data Protection: Specification for a Personal Information Management System. Is this the panacea that ...
Identity, Privacy and Trust
CCTV of Little Use - Well There's a Surprise
Enterprise Privacy Group 18 May 2009I've surfaced from last week's Identity and Privacy conference to start work on some lengthier and more detailed posts, but this particular item caught my eye - the Guardian reports on a review of ...
Identity, Privacy and Trust
Normal Service to be Resumed Shortly...
Enterprise Privacy Group 12 May 2009It's been the busiest of weeks for privacy, identity and consent: MPs' suffering data loss on the most spectacular scale (or at least that's their version of events); the Home Office choosing to ...
Identity, Privacy and Trust
A Case Study in Corporate Stupidity
Enterprise Privacy Group 06 May 2009Thinker, entrepreneur and social activist William Heath is engaged in a running battle with mobile telco Orange after a contract was fraudulently taken out in his name. Despite his reporting the ...
Identity, Privacy and Trust
Identity and Privacy 2009 - what to expect
Enterprise Privacy Group 04 May 2009Next week beings the first Identity & Privacy Forum. Our keynote speaker this year is the Information Commissioner, Richard Thomas. We also have a host of experts from the fields of privacy, ...
The National Programme for IT is steaming ahead within the NHS (if you believe the press releases), but remains controversial as ever. Pilots in two different areas demonstrate the incredible ...
The Register notes that the Identity and Passport Service refused to issue a passport to a woman who had changed her name to "Ms Pudsey Bear" (in aid of the BBC's Children in Need charity), despite ...
"Mark Thompson" has commented on the previous short item on 'Phiting Dirty,' and I think his comment merits a blog item in its own right. I've reproduced his text below: This new 'smear' website ...
Deep Packet Inspection outfit Phorm is busy covering itself with glory today. This morning we had the Freedom of Information revelation that contrary to previous statements, the Home Office not ...
Some weeks ago I was interviewed by the BBC, who asked what I thought the greatest security threat to the National Identity Scheme (NIS) would be. The answer was easy: the biggest threat to ID ...
The controversial deep-packet inspection service offered by Phorm has been making the news again. But despite some of the hostile coverage that Phorm has received, there are possible benefits as ...
Identity, Privacy and Trust
Set Your Videos: The Westminster Gravy Train
Enterprise Privacy Group 15 Apr 2009If you haven't already done so, set your video, Sky+ or PVR to record Sunday's Dispatches on Channel 4. Heather Brooke, the UK's leading Freedom of Information expert, investigator and journalist, ...
Professor Sir Alec Jeffreys, the scientist behind the development of DNA testing methods used in modern policing, has attacked the government DNA database. Speaking to the BBC, he said: "My concern ...
The Identity and Passport Service has announced the award of the first two contracts under the National Identity Scheme. CSC has been awarded the £385m contract for Application and Enrolment, whist ...
Identity, Privacy and Trust
And the Academy Award goes to... Osama Bin Laden
Enterprise Privacy Group 06 Apr 2009The Telegraph is reporting that in trials of facial recognition scanners at Manchester Airport, the machines had such difficulty recognising people against the facial image in their passport, that ...
I had a big clear-out of my attic over the weekend, and made in-roads into 15 years' worth of junk that had taken over the top of the house. Nothing exciting there (except for a mouse-filled Xmas ...
Google has launched its Street View service in the UK to inevitable howls of protest about the privacy implications. Is it really such a big deal? And might customisation offer a compromise for all ...
The Department of Social Scrutiny has published its identity theft guide - compulsory reading for all concerned citizens.
The government is once again bigging up the need for the proposed Interception Modernisation Programme (aka the GIMP) by arguing that it's essential to collect and retain all social networking ...
Identity, Privacy and Trust
Government Scraps Coroners and Justice Clauses
Enterprise Privacy Group 19 Mar 2009The government has announced that it will withdraw clauses 152-154 of the draft Coroners and Justice Bill in the face of a broadside of criticism from opposition parties, professional bodies and ...
Identity, Privacy and Trust
Police Intelligence Fails on Data Transfers
Enterprise Privacy Group 12 Mar 2009The BBC is reporting that a number of police authorities have admitted to data loss incidents and misuse of police computers by staff. Of these, the most disturbing is an incident involving Gwent ...
I've just received a cracking advance-fee fraud attempt that's trying to pitch leftover funds from some "sharp practice" in the stadium construction. I can't wait to see the first one claiming to ...
I'm delighted to announce that Identity and Privacy 2009 will be held in London on 14th and 15th May 2009. [I trust you'll forgive the blatant plug for this event, but it's not often I do such a ...
I don't normally bother reporting on spam emails, since we all accept them as part of the dot-com world. I assume that they must still work, otherwise the Lads from Lagos wouldn't keep sending ...
In yet another chilling demonstration of the burgeoning 'us and them' culture that has developed in Westminster over recent years, MPs have voted for their home addresses to be kept secret and not ...
Identity, Privacy and Trust
Privacy 101: Introducing the Laws of the Bleedin' Obvious
Enterprise Privacy Group 03 Mar 2009The Register is reporting that a number of prominent Scots - including Gordon Brown - had their medical records accessed by a doctor without authorisation: The files were part of the Emergency Care ...
The RSA Conference Europe 2009 has published its call for speakers. It's a great event for security professionals to learn and network, and remember that if your paper is accepted you gain free ...
I'm indebted to William van Zwanenberg, who has provided such a detailed and extensive comment on yesterday's "Nothing to hide, nothing to fear" (NTHNTF) article that is merits a blog entry in its ...
Identity, Privacy and Trust
Debunking a myth: If you have nothing to hide, you have nothing to fear
Enterprise Privacy Group 25 Feb 2009The idea that an individual can live in a surveillance society with nothing to fear so long as they have nothing to hide may, on the face of it, appear attractive. For those of us who think of ...
I spoke today at a Social Market Foundation event on biometrics. The keynote was Prof James Wayman, who was exceptionally fluent and interesting on the topic, and I was pleasantly surprised to see ...
I'd like to draw your attention to one of the most important civil liberties events of this - or any other - year. The Convention on Modern Liberty is a series of events running around the UK this ...
Identity, Privacy and Trust
Coroners & Justice: Government "retreat" is an ambush
Enterprise Privacy Group 24 Feb 2009The Independent reports that Justice Secretary Jack Straw is planning to amend the data sharing provisions of the Coroners & Justice Bill when it reached report stage next month, with the ...
Identity, Privacy and Trust
Coroners & Justice - is this what it's all about?
Enterprise Privacy Group 21 Feb 2009I wish there were an emoticon for <slaps forehead with one hand whilst lightbulb goes on over head>. I was pondering Coroners & Justice on the flight home last night, when I realised what ...
The Coroners and Justice Bill has had its second reading in the Commons and gone to Committee. Why should we care about a Bill that is, on the face of it, intended to reform the operation of ...
Identity, Privacy and Trust
Government ordered to publish ID Card gateway reviews
Enterprise Privacy Group 20 Feb 2009The government has been ordered to publish OGC Gateway reviews of the National Identity Scheme. The reviews, which are a standard component of major IT programmes in central government, examine the ...
The Register is carrying an entertaining story about Ireland's most prolific traffic offender - a Pole called "Prawo Jazdy" who had clocked up 50 speeding fines and parking tickets without ever ...
Social networking site Facebook has made an about-turn on changes to its privacy policy. On 4 February, the site published changes to its Terms of Service that would allow it to use any information ...
Identity, Privacy and Trust
The importance of privacy in the Cloud
Enterprise Privacy Group 10 Feb 2009There's little doubt that privacy is a major issue for Cloud Computing, and few can claim to fully understand the issue, but Sun Microsystems has made it clear how important the issue is: they've ...
Identity, Privacy and Trust
Woolies was using bargain basement payment security?
Enterprise Privacy Group 10 Feb 2009The excellent Datonomy blog has pointed out an article in the Daily Mail about the dumping of customer receipts as the stores closed down. But something feels wrong about this data loss story. The ...
Identity, Privacy and Trust
Google's Latitude - Are location services a privacy risk?
Enterprise Privacy Group 05 Feb 2009Google has just launched its 'next big thing' - Latitude, a location tracker that can be used to share your location details with others. Is this a great leap forward, or a threat to privacy? ...
Identity, Privacy and Trust
The Personal Information Privacy Promise
Enterprise Privacy Group 28 Jan 2009The ICO has published the full list of organisations that have signed up to its new Personal Information Promise. The list, which is copies below, includes many household names, who are to be ...
Wednesday 28th January is Data Privacy Day across Europe. I'm normally somewhat cynical about this sort of thing, but this year the Information Commissioner has come up with a real gem of an idea - ...
From the BBC technology website - does the government not notice that databases have a habit of getting breached?
Identity, Privacy and Trust
Home Office punished for prisoner data loss
Enterprise Privacy Group 23 Jan 2009The Home Office has been reprimanded by the Information Commissioner for last year's loss of 84,000 prisoner records on a memory stick issued to contractor PA Consulting. This is an important ...