Saturday, November 24, 2007

The 25M data loss correspondence

Spyblog has done a lovely dissection of the correspondence related to the loss of child benefit data containing the personal details of 25 million people.

Friday, November 23, 2007

ARCH on the HMRC data loss

ARCH has been deluged with requests for advice in the wake of the HMRC data loss.

"I doubt there’s anyone who doesn’t know about HMRC’s Child Benefit debacle by now. As you can imagine, we’re a bit busy and the phone has got heat exhaustion.

This is the press release we put out earlier (NB the numbers have gone up since we sent this out):



Action on Rights for Children is stunned to learn that HMRC has lost computer disks containing the details of the UK’s 15 million children.

Terri Dowty, Director of ARCH said: “This appalling security lapse has placed children in the UK in immediate danger especially those who are already vulnerable. Child Benefit records contain every child’s address and date of birth. We are not surprised that the Chair of HMRC’s Board has resigned immediately.”

Last year Terri Dowty co-authored a report for the Information Commissioner which highlighted the risks to children’s safety of the government’s policy of creating large, centralised databases containing sensitive information about children. The government chose to dismiss the concerns of the reports authors.

“The government has recently passed regulations allowing them to build databases containing details of every child in England. They have also announced an intention to create a second national database containing the in-depth personal profiles of children using services. They have batted all constructive criticism away, and repeatedly stressed that children’s data is safe in their hands.

“The events of today demonstrate that this is simply not the case, and all of our concerns for children’s safety are fully justified.”


The report ‘Children’s Databases: Safety and Privacy’ can be downloaded from:"

Kim Cameron says the government should be listening to folks like Terri.

"Here is more context on the HMRC identity catastrophe.

According to Terri Dowty, Director of Action on Rights for Children (ARCH):

“This appalling security lapse has placed children in the UK in immediate danger especially those who are already vulnerable. Child Benefit records contain every child’s address and date of birth [italics mine - Kim]. We are not surprised that the Chair of HMRC’s Board has resigned immediately.”

Last year Terri Dowty co-authored a report for the British Information Commissioner which highlighted the risks to children’s safety of the government’s policy of creating large, centralised databases containing sensitive information about children. But the government chose to dismiss the concerns of the reports authors.

Dowty’s remarks demonstrate a clear instance of my thesis that reduction of identity leakage is still not considered to be a “must-have” rather than a “nice-to-have”

“The government has recently passed regulations allowing them to build databases containing details of every child in England. They have also announced an intention to create a second national database containing the in-depth personal profiles of children using services. They have batted all constructive criticism away, and repeatedly stressed that children’s data is safe in their hands.

“The events of today demonstrate that this is simply not the case, and all of our concerns for children’s safety are fully justified.”

The report ‘Children’s Databases: Safety and Privacy’ can be downloaded here.

I urge fellow architects, IT leaders, policy thinkers and technologically aware politicians to consider very seriously the advice of advocates like Terry Dowty. We can deeply benefit from building safe and privacy-enhancing systems that are secure enough to withstand attack and procedural error. Let’s work together to translate this thinking to those who are less technical. We need to explain that all the functionality required for government and business can be provided in ways that enhance privacy, rather than diminish it or set society up for failure.

Today the “inconvenient” input of people like Terry Dowty is often dismissed - much the way other security concerns used to be - until computer systems began to fall under the weight of internet and insider attacks…"

Kim Cameron on UK's identity Chernobyl

I hope Kim Cameron doesn't mind me quoting him in full on the HMRC 25 million data loss

" The recent British Identy Chernobyl demands our close examination.


  • the size of the breach – loss of one person’s identity information is cause for concern, but HMRC lost the information on 25 million people (7.5 million families)
  • the actual information “lost” – unencrypted records containing not only personal but also banking and national insurance details (a three-for-one…)
  • the narrative – every British family with a child under sixteen years of age made vulnerable to fraud and identity theft

According to Bloomberg News,

Political analysts said the data loss, which prompted the resignation of the head of the tax authority, could badly damage the government.

“I think it’s just a colossal error that I think could really rebound on the government’s popularity”, said Lancaster University politics Professor David Denver.

“What people think about governments these days is not so about much ideology, but about competence, and here we have truly massive incompetence.”

Even British Chancellor Alistair Darling said,

“Of course it shakes confidence, because you have a situation where millions of people give you information and expect it to be protected.

Systemic Failure

Meanwhile, in parliament, Prime Minister Gordon Brown explained that security measures had been breached when the information was downloaded and sent by courier to the National Audit Office, although there had been no “systemic failure”.

This is really the crux of the matter. Because, from a technology point of view, the failure was systemic.

From a technology point of view, the failure was systemic.

We are living in an age where systems dealing with our identity must be designed from the bottom up not to leak information in spite of being breached. Perhaps I should say, “redesigned from the bottom up”, because today’s systems rarely meet the bar. It’s not that data protection wasn’t considered when devising them. It is simply that the profound risks were not yet evident, and guaranteeing protection was not seen to be as fundamental as meeting other design goals - like making sure the transactions balanced or abusers were caught.

Isn’t it incredible that “a junior official” could simply “download” detailed personal and financial information on 25 million people? Why would a system be designed this way?

To me this is the equivalent of assembling a vast pile of dynamite in the middle of a city on the assumption that excellent procedures would therefore be put in place, so no one would ever set it off.

There is no need to store all of society’s dynamite in one place, and no need to run the risk of the collosal explosion that an error in procedure might produce.

Similarly, the information that is the subject of HMRC’s identity catastrophe should have been partitioned - broken up both in terms of the number of records and the information components.

In addition, it should have been encrypted - even rights protected from beginning to end. And no official (A.K.A insider) should ever have been able to get at enough of it that a significant breach could occur.

Gordon Brown, like other political leaders, deserves technical advisors savvy enough to explain the advantages of adopting new approaches to these problems. Information technology is important enough to the lives of citizens that political leaders really ought to understand the implications of different technology strategies. Governments need CTOs that are responsible for national technical systems in much the same ways that chancellors and the like are responsible for finances.

Rather than being advised to apologize for systems that are fundamentally flawed, leaders should be advised to inform the population that the government has inherited antiquated systems that are not up to the privacy requirements of the digital age, and put in place solutions based on breach-resistance and privacy-enhancing technologies.

The British information commissioner, Richard Thomas, is conducting a broad inquiry on government data privacy. He is quoted by the Guardian as saying he was demanding more powers to enter government offices without warning for spot-checks.

He said he wanted new criminal penalties for reckless disregard of procedures. He also disclosed that only last week he had sought assurances from the Home Office on limiting information to be stored on ID cards.

“This could not be more serious and has to be a serious wake-up call to the whole of government. We have been warning about these dangers for more than a year.

I have never understood why any politician in his (or her) right mind wouldn’t want to be on the privacy-enhancing and future-facing side of this problem."

The Infringement Age

From TechDirt: The Infringement Age: How Much Do You Infringe On A Daily Basis?

"Boing Boing points us to a paper from John Tehranian, called Infringement Nation: Copyright Reform and the Law/Norm Gap (pdf), which attempts to show how far out of whack copyright laws are, with the simple tale of a hypothetical law professor (coincidentally named John, of course) going about a normal day, tallying up every big of copyright infringement he engages in. Replying to an email with quoted text? Infringement! Reply to 20 emails? You're looking at $3 million in statutory damages. Doodle a sketch of a building? Unauthorized derivative work. Read a poem outloud? Unauthorized performance. Forward a photograph that a friend took? Infringement! Take a short film of a birthday dinner with some friends and catch some artwork on the wall in the background? Infringement!
"By the end of the day, John has infringed the copyrights of twenty emails, three legal articles, an architectural rendering, a poem, five photographs, an animated character, a musical composition, a painting, and fifty notes and drawings. All told, he has committed at least eighty-three acts of infringement and faces liability in the amount of $12.45 million (to say nothing of potential criminal charges). There is nothing particularly extraordinary about John’s activities. Yet if copyright holders were inclined to enforce their rights to the maximum extent allowed by law, he would be indisputably liable for a mind-boggling $4.544 billion in potential damages each year. And, surprisingly, he has not even committed a single act of infringement through P2P file sharing. Such an outcome flies in the face of our basic sense of justice. Indeed, one must either irrationally conclude that John is a criminal infringer—a veritable grand larcenist—or blithely surmise that copyright law must not mean what it appears to say. Something is clearly amiss. Moreover, the troublesome gap between copyright law and norms has grown only wider in recent years."
While the paper calls this "infringement nation," it clearly goes beyond our nation. We are living in the "infringement age," where it's impossible not to infringe on copyrights every single day -- yet many people still don't understand why it makes sense to change copyright laws to make them more reasonable."

The poor man's Benkler and Lessig

Martin Weller, at a fascinating seminar given by John Naughton on Yochai Benkler's book, The Wealth of Networks, today described our recent exchange on the future of content as a debate between 'the poor man's Larry Lessig' (me - the pessimist) and 'the poor man's Yochai Benkler' (Martin - the optimist).

There are worse things in life than being thought of as the poor man's Lessig. John reckons I should stick it on the back cover of my book. When Martin becomes famous maybe I'll stick it on the front as a quote from the poor man's Benkler himself.

Update: I should have said that John set up a useful wiki for the seminar and Martin has very helpfully saved me the pleasure of producing a succinct summary of session.

John first set the context for the book, talking about the semiotics of the title and borrowed Castell's term about informed bewilderment to describe our current state when we look at the changes around us. That is, we have no shortage of data about what's happening, but we are still unsure as to what it all means. Benkler's book can be seen as an attempt to cast a scholarly light on this state of bewilderment.

Part of the reason for this bewilderment is that our analytical tools are not as useful as they once were (which is not to say they are completely useless). As John put it economics can be categorised as the analysis of scarcity, whereas what we have in a digital world is abundance. The scarce resource now is attention, and here the competition is now greatly increased from the days of TV dominance.

John also talked about the 'convergence fantasies' of many industries which always boil down to 'converge on to my device'. He argued that convergence happened long ago - onto the net.

He summarised Benkler's book as having six main arguments:

  • Until recently we had a highly industrialised info economy
  • This marginalised non market cultural production (“social production”)
  • ICT has reduced the cost of production and publication
  • Greatly enhanced power and potential of social production
  • This has major implications for economic, social cultural and political life
  • There will be a struggle between old world and new world.

We then went on to discuss three issues:

  1. How plausible is Benkler's analysis?
  2. What might it mean for education (and the OU)?
  3. What might it mean for society?

In terms of 1) I made the point that to an extent it was empirically true - that in open source communities, wikipedia, flickr, etc social production was already a major economic force. So even though critics (Carr, Gorman, Keen et al) may argue against it, the best response is 'yes but look at the facts'. I was reminded of Clay Shirky's memorable phrase regarding AT & T programmers when they first saw open source support in action:

"They didn't care that they'd seen it work in practice, because they already knew it couldn't work in theory."

Martin's given his blog a makeover too now he's in line for Edublog's best ed tech support blog award. Very post modern. Yet another reminder of the need to do something about the b2fxxx look and feel. Tony Hirst has also been nominated in the same category. Good luck to both.

Idealgovernment on the HMRC data loss

William Heath's initial reaction to the HMRC 25 million data loss is worth reading.

"CIO responsibility

Paul Gray who chairs the Board of HMRC assumed responsibility and has gone, but this is fairly and squarely a CIO responsibility. We need CIOs to run reliable systems that respect people’s personal data, and to educate their Boards about the political and business risks of what they are being asked to do in creating e-enabled “transformed” public services. I dont believe they have. I wonder how HMRC’s CIO and the HMG CIO see this today.


People like Ross Anderson are dismissed as “having an agenda” and vilified behind their backs (or in the case of Simon Davies, publicly).


Value of the data

What were those disks worth? The FT tells us a person’s full bank account details sell for £15-200 on the black market. We’re dealing here with a fuller profile also including NI number and dates of birth for the whole family. And there are 25m records, and 7.25m families. Assuming the families have one bank account each that values the data at £100m-£1.5bn.


Now, it is implied this data was lost by a nitwit, and doubtless there are some honest incompetents still working in the ever-leaner HMRC. But plenty of people working there will be smart. And if it’s possible to create disks of this sort of value, which can easily be copied before they’re posted, we can see there has been an irresistible temptation for some time now. It would be extraordinary, an unbelievable tribute to the universal integrity of human nature (and an insult to the energy and ingenuity of the contempory British crook) if this data had not been stolen already, perhaps many times.


After rightly resisting for about six hours the shrill Paxman/Peter (thingy from Radio Five-Live) calls for the government to recompense any financial loss we read in today’s FT that Darling says the government WILL cover losses. This means that banks (who are now the only people able to manage this greatly increased risk) can pay out money to the wrong place confident that the taxpayer will pick up the bill.


Lessons for the ID System

The Chancellor seems to think this episode strengthens the case for ID cards. I disagree.

It may underline the case for good ID management now and in future, but underlines that
- government is not the right place to do it (remember the Home Office is way below HMRC on the scale for competence, quality and morale of staff etc)
- such data should not be centralised
- it’s bad enough losing our NI numbers and account details but worse still to put our biometrics into wide circulation
- and that government is clueless about restitution when it all goes wrong (which is the only thing we want - we all know nothing is secure).

The more we control and manage our own data the less likely this sort of thing is to happen. And we are the ones who care about it most. "

William is also working with Blindside to provide the government with some constructive feedback on this incident. Sadly Nu Labouts ...sorry... Nu Labour is so committed to transformational government - putting more and more personal data into bigger and bigger databases to which hundreds of thousands of people need access as a routine part of their job - that it is virutally impossible to break through their fingers in the ears NOT LISTENING NOT LISTENING instinctive reaction to any feedback, constructive or otherwise, on the subject. One of the most important things government could do is, as Wendy G says in commenting, is to:

"stop dismissing the advice of
knowledgeable experts such as those at FIPR, No2ID,
Privacy International, the LSE, Cambridge University’s
security folks (Ross Anderson et al), and ORG as to
the risks involved on the grounds that they are “a
vocal minority” (that can be safely ignored)"

Thursday, November 22, 2007

Amnesty International campaign against Torture

Via Cory:

"Amnesty International's "Unsubscribe Me" campaign invites us to unsubscribe from the use of torture in fighting the "war on terror;" to tell the world's governments that torture cannot be done in our name. As part of the campaign, they've released an incredibly moving and disturbing video reenacting a CIA-approved "stress position" torture taken straight out of a CIA interrogation manual. In order to make the film, the directors put the actor into a stress position for six hours -- the whimpers and trembling we see are real, the anguish you feel even when you choose to do this, let alone when you are kidnapped and subjected it for weeks, months or years. Amnesty is making two more videos and then doing a theatrical release for all three. We will never be made free by adopting the tactics of dictatorships. Link"

The Amnesty site warns that the video should not be viewed by under 14s.

Child benefit data loss correspondence

The NAO have released some of the correspondence related to the loss of child benefit data containing the personal details of 25 million people.

It seems pretty clear from what's here that it was not the isolated error of a 23 year old junior official who, the BBC reported, has resigned.

Wednesday, November 21, 2007

Jon Snow and Peter Sommer on 25M Benefit details scandal

Jon Snow's interview with Peter Sommer at the end of (about 4 minutes in) this piece on the government's scandalous loss of copies of the personal details of 25 million people is absolutely compulsive viewing. (Click on the "Watch the report" link).

I've seen Peter Sommer give a variety of talks over the years on computer security and forensics and related issues and he has always been the calm rational voice of reason, even in the face of hostile questioning. I don't think I've ever seen him quite so animated as he is in this short interview with Jon Snow, getting right to the heart of the serious structural and cultural problems government has with computer systems.

Ross Anderson was also on the BBC last night being equally forceful and articulate on the government's shambolic approach to computer systems and transformational government whereby the government have been putting more and more personal data into larger and larger aggregated databases to which more and more people need routine access in order to do their jobs. Such a situation is absolutely impossible to secure.

Hopefully someone will stick these interviews on YouTube for posterity.

Tuesday, November 20, 2007

Family doctors to shun national database of patients' records

John Carvel, social affairs editor at The Guardian says:

"Nearly two-thirds of family doctors are poised to boycott the government's scheme to put the medical records of 50 million NHS patients on a national electronic database, a Guardian poll reveals today.

With suspicion rife across the profession that sensitive personal data could be stolen by hackers and blackmailers, the poll found 59% of GPs in England are unwilling to upload any record without the patient's specific consent."

Good for GPs.

HM&C lose disc with details of 25 million child benefit recipients

Things just get worse with personal data security by government.

"Alistair Darling has blamed mistakes by junior officials at HM Revenue and Customs after details of 25 million child benefit recipients were lost.

The Chancellor said information, including bank details of 7m families, had been sent on discs to the National Audit office by unrecorded delivery.

The discs had never arrived at their destination, Mr Darling told MPs.

He apologised for what he said was "an extremely serious failure" but insisted people were not at risk from ID fraud."

Oh look there's a flying pig! At least Richard Thomas is still talking sense, though the chances of Nu Labour paying any serious attention to his repeated calm and rational analysis of data protection issues in government is virtually negligible.

"Information Commissioner Richard Thomas said: "This is an extremely serious and disturbing security breach. This is not the first time that we have been made aware of breaches at the HM Revenue and Customs - we are already investigating two other breaches.

"Incidents like these illustrate that any system is only as good as its weakest link. The alarm bells must now ring in every organisation about the risks of not protecting people's personal information properly.

"As I highlighted earlier this year, it is imperative that organisations earn public trust and confidence by addressing security and other data protection safeguards with the utmost vigour."

Mr Thomas welcomed the Chancellor's announcement of an independent review of the incident by Kieran Poynter of PricewaterhouseCoopers and said he would decide on further action once he has received the report. "

The Perils of IP seminar

I gave a talk in the OU Computing Department's seminar series last week, entitled "The Perils of Intellectual Property in a Digital Age". The slides are below.

Thanks to my colleagues for the invitation. It was a fun session and I enjoyed the Q&A.

Virtual London removed from Second Life - at Ordnance Survey request

The UCL Virtual London folks have been asked by the Ordinance Survey folks to remove their model from Second Life. Dr Andrew Hudson-Smith, the team leader of the Virtual London group at UCL writes:

"Our Virtual London model in Second Life has been removed from the collaborative environment at the request of the Ordnance Survey.

The research is currently 'pending license clearance' as the Ordnance Survey are 'uncomfortable' with the use of the data.

Details on the work currently unavailable are in the post below, we are reserving comment at request on this one, but i guess you know our views...

Three Dimensional Collaborative Geographic Information Systems (3DC/GIS) are in their infancy, Google Earth opened up the concept of three dimensions to the mainstream but issues with data copyright, the inability to effectively tag data to buildings and the asynchronous nature of the platform have limited developments.

Second Life however provides a synchronous platform with the ability to tie information, actions and rules to objects opening the possibility of a true multi-user geographical information system. It has been notoriously difficult to import 3D data into the Second Life but at CASA we have managed to import our Virtual London model of 3 million plus buildings into a scrolling map. The map is built from prims that 'res' our of a central point to build accurate models based on Ordnance Survey MasterMap with height data supplied by InfoTerra."

Monday, November 19, 2007

Oz Broadcasters want to disable ad skipping PVRs

From The Age:

"The free-to-air television industry has declared war on ad-skipping personal video recorders as it prepares to release a free electronic program guide for the first time.

Despite releasing the guide, the industry is pressuring PVR makers to limit the advertisement-skipping functions of their products before they are authorised to access it."

Remember when Jamie Kellner of Turner Broadcasting said, five years ago, that viewers have a contract to "watch the spots", that anyone skipping ads was "actually stealing the programming" but there could be a "certain amount of tolerance for going to the bathroom."?

Update: See also No EPG for you! at iTWire.

Identity fragmentation

Francis Shanahan has been thinking about his digital identity.

"A few weeks ago I joined Facebook (after much resistence). Facebook sucks you in, making it so easy to give up bits of information about yourself, many times without even realizing it. It occurred to me that I'm leaving pieces of my identity everywhere.

Last night I took a stab at listing out the various entities that know me, regardless of how they know me. The list is overwhelming. It quickly became apparent that to develop a comprehensive list was not feasible. What I ended up with was a good all around representation. I then generalized it to include things not solely pertaining to me as an individual (e.g. I'm an immigrant, I can never have govt clearance).

With all the talk of identity and claims federation, this was a good way to step back and at least understand the problem space a little better. I'm sure there are other such diagrams out there but the benefit for me was to go through the process of drawing it rather than take one off the shelf.


In theory these entities could share Identity Providers. I believe we'll start to see this quite soon in the social networking space most likely through OpenSocial.

Ultimately, Identity Providers themselves will begin to exchange claims although it's questionable if this is an appropriate model.

This is by no means a complete model. I worry that I'll never be able to effectively manage all the pieces of me that I'm absent-mindedly handing out."

His diagram demonstrates, more clearly than I have seen anywhere else, the fragmented nature of online identity, the amount of personal information we thoughtlessly release to a variety of entities, and the potential power of aggregation when others (e.g. Google and DoubleClick) start linking this all together. For the skeptics on the privacy front, before you say "so what", factor fingerprints, iris scans and other poorly secured biometric data into the mix and think about the potential implications.

Japan follow US lead on fingerprinting visitors

Japan's plan to follow the US lead in photographing and fingerprinting foreigners entering the country begins today. They're scared of terrorists too.

French comedian wins copyright case v MySpace

According to Nicolas Jondet, a French comedian has won his copyright infringement suit against MySpace

"The court considered that MySpace, acting as a publisher, was liable for copyright infringement as unauthorized copies of the comedian’s work had been posted on the web page of a MySpace member."

He's been awarded €60,000 in damages.

Guardian profile Usmanov

As an Arsenal fan I've been watching stories related to Alisher Usmanov, the Uzbek billionaire with a 23% stake in the club. This morning, the Guardian have a couple of articles and an email exchange in which he challenges the allegations that have been made against him by Craig Murray and others.

UK and US at odds over defamation laws

From Dan Tench in the Guardian: Britain and the US are not shoulder to shoulder over defamation

"English libel law itself could face scrutiny in a US court, in a case brought by a US author in New York.

Rachel Ehrenfeld's Funding Evil: How Terrorism is Financed - and How to Stop It was published in 2003, and alleged that Saudi businessman Sheikh Kalid bin Mahfouz, among others, financed terrorism, a serious defamatory allegation. The book was published in the US, but 23 copies were made available for sale in the UK.

In 2004, Mahfouz won a default defamation claim against Ehrenfeld in the high court from the libel judge Mr Justice Eady. Ehrenfeld is seeking to resist the enforcement in New York of that English libel judgment...

If Ehrenfeld's action is successful, it will not only insulate her from the effects of the English libel award, but it might also constitute an effective retort to the implicit criticism of her from the English judgment and undermine the vindication Mahfouz obtained from it."

NO2ID calling in the pledge

Now that the government are pressing ahead with the ID infrastructure, the NO2ID campaign are calling in the pledge, made by more than 10,000 people in 2005, to refuse to register for an ID card and donate £10 to a legal defence fund.

Hello, you have received this message because you signed my pledge, "I will refuse to register for an ID card and will donate £10 to a legal defence fund but only if 10,000 other people will also make this same pledge" back in 2005. In fact 11360 other people also did. Thank you all.

You may have seen that recently high-profile figures have begun to follow you, by committing themselves to non-compliance too.

The Identity Cards Act 2006 is now law, and - despite growing opposition, significant delays and rising costs - the new Prime Minister shows no sign of calling a halt to the National Identity Scheme. In 2008, the government intends to pilot fingerprinting and to issue the first 'biometric residence visas' to non-EU foreign nationals as a precursor to registering British Citizens.

The legal powers to do these all these things will shortly begin to be applied. Now is the time to call in the legal defence fund part of the pledge.

Please send your donation, by cheque made payable to 'NO2ID' to:

NO2ID (Legal Defence Fund)
Box 412
19-21 Crawford Street
London W1H 1PJ

If you also send in your contact details (we have no way to identify you otherwise - this message is forwarded by PledgeBank) we will keep you informed about the NO2ID campaign and how we can, working together, stop the disastrous National Identity Scheme. We will not pass your details to anyone else.

Phil Booth
National Coordinator, NO2ID

My £10 is on the way.

Happy Birthday ORG

The Open Rights Group is two years old today. Becky Hogge writes:

" Today I’m proud to be able to publish a review of the Open Rights Group’s first two years of activity, including our first year’s accounts. I hope that ORG supporters will enjoy reading how their contributions - financial, mental and physical - have collectively created an organisation that has had a demonstrable effect on UK digital rights issues. I also hope that ORG’s story so far will encourage more people to join the swelling ranks of ORG supporters.

As ORG chair Louise Ferguson writes in her foreword to the Review:

“ORG benefits from all manner of support from the many people involved in this grassroots organisation. From the individuals who support us financially or in kind, to the scores of people who keep our lively email list buzzing and those who generously volunteer their time and expertise, there are hundreds of people who contribute to ORG’s success. Our supporters and volunteers, who come from right across the political spectrum, drive our organisation, informing debates on a wide range of issues and providing amazing energy for projects and campaigns”

But today is not all about back-slapping. Now, more than ever, ORG needs your support. 2008 holds new challenges. Content industries, not satisfied with controlling your devices, are seeking to control your internet connection too. And next year will be a decisive one in the fight against the surveillance state, as political energy mounts around securing individual citizens’ rights to privacy. ORG needs to be there, speaking up for your digital rights.

So if you’re not yet supporting ORG, please start today.

If you’re not sure whether you are supporting ORG, please email me or Michael (becky AT; or michael AT openrightsgroup DOT org) and we’ll let you know. And if you are supporting ORG, please use today to spread the word about ORG to your friends and colleagues, and let them know why they should be too.

Finally, huge thanks to everyone who has made ORG’s first two years such a success - we’ve tried to namecheck as many of you as possible, but I’m sure we’ve left some people out. Here’s to building on our success, and to a bright future for our digital rights!"

Sunday, November 18, 2007

Facebook's Privacy Default

David Weinberger has been looking at Facebook's privacy defaults and, though he is appreciative of the company not letting advertisers know the identity of the folk they are advertising to, generally he is none too impressed.

"Facebook makes an astounding array of information available to its advertisers so that they can precisely "target" likely suspects. This is great for advertisers, and — given that the ad space is going to be filled up one way or another — it's arguably better for users to see ads that are relevant than are irrelevant. (The counter-argument is that targeting makes ads more successfully manipulative, not just more relevant.) Facebook is scrupulous, however, about not letting advertisers know the identity of those to whom it's advertising. So, Blockbuster might buy ads for all men aged 18-24 who have joined the Pauly Shore fan club, but Blockbuster doesn't know who those people are.

When Facebook talks about preserving user privacy, that's what they have in mind: They do not let advertisers tie the information about you in a profile (your age, interests, etc.) to the information that identifies you in your profile (your name, email address, etc.). That is the informational view of privacy, and Facebook is likely to continue to get that right, if only because so many governmental agencies are watching them. I also think that the Facebook folks understand and support the value of maintaining privacy in this sense.

Yet, I find myself creeped out by this system because Facebook gets the defaults wrong in two very significant areas.

When Blockbuster gives you the popup asking if you want to let your Facebook friends know about your rental, if you do not respond in fifteen seconds, the popup goes away ... and a "yes" is sent to Facebook. Wow, is that not what should happen! Not responding far more likely indicates confusion or dismissal-through-inaction than someone thinking "I'll save myself the click."

Further, we are not allowed to opt out of the system. At your Facebook profile, you can review a list of all the sites you've been to that have presented you with the Facebook spam-your-friends option, and you can opt out of the sites one at a time. But you cannot press a big red button that will take you out of the system entirely. So, if you've deselected Blockbuster and the Manly Sexual Inadequacy Clinic from the list, if you go to a new site that's done the deal with Facebook, you'll get the popup again there. We should be allowed to Just Say No, once and for all.

Why? Because privacy is not just about information. It's all about the defaults.

If a couple is walking down the street, engaged in deep and quiet conversation, it certainly would violate their privacy to focus listening devices on them, record their conversation, and post it on the Internet. The couple wold feel violated not only because their "information" — their conversation — was published but because they had the expectation that even though their sound waves were physically available to anyone walking on the street who cared to listen, norms prevent us from doing so. These norms are social defaults, and they are carefully calibrated to our social circumstances: The default for sidewalks is that you are not allowed to intercede in private conversations except in special circumstances...

Facebook is getting privacy right where privacy is taken as a matter of information transfer. But it is getting privacy wrong as a norm."

Kindergarten Kopyright

From Forbes:

"The scene: a classroom of students busily completing an assignment testing their understanding of copyright law. The setting: not a law school, but a class of pint-size kindergartners. A program by the Entertainment Software Association, a computer and videogame trade group, aims to have kids as young as 5 learn about the evils of copyright infringement."

No comment.

Daft patent no. 4,022,227

In May 1977, the US Patent Office granted a patent on a Method of concealing partial baldness to Frank and Donald Smith. The patent abstract reads:

"A method of styling hair to cover partial baldness using only the hair on a person's head. The hair styling requires dividing a person's hair into three sections and carefully folding one section over another."

DHS delay Real ID implementation; EU get into the PNR business

Also via EPIC:

"The Department of Homeland Security has announced major changes to the
planned REAL ID national identification system. The original deadline
for implementation was 2008, but has been pushed back to 2013. Now, DHS
may delay implementation until 2018 and may significantly reduce the
requirements set out in draft regulations released in March of 2007.
EPIC and others have repeatedly detailed security and privacy problems
with the system that creates a national ID database and imposes federal
responsibilities upon state agencies that have neither the trained
employees nor the resources to fulfill these responsibilities. The final
regulations, originally to be released in September of 2007, have yet to
be published. Congress is debating legislation to repeal the national
identification scheme."


"The European Commission has unveiled a proposal to establish a passenger
name records (PNR) system similar to that of the US. The European PNR
system would require PNR data for all flights entering or departing the
European Union. The data will be processed for the purpose of carrying
out a risk assessment of passengers' "threat levels," in order to assist
in terrorism and organized crime investigations. Air carriers already
have an obligation to communicate Advance Passenger Information to
Member States for the purpose of fighting illegal immigration. The new
scheme increased the amount of data required, and the purposes for which
it will be used.

EU PNR Proposal Press Release:

EPIC's page on EU-US Passenger Data Disclosure:"

US Government Releases Information Sharing Privacy Principles

Via EPIC: US Government Releases Information Sharing Privacy Principles

The US government has released its "National Strategy for Information
Sharing." The strategy describes information sharing between state and
local governments, the private sector and foreign governments, and
includes the administration's "core privacy principles" for protecting
privacy. Privacy guidelines, developed by the Attorney General and
Director of National Intelligence, are built on these core principles.

Privacy is described as a "core facet" of information sharing efforts.
The privacy principles limit information sharing to the broad and
undefined "terrorism, homeland security or law enforcement information
related to terrorism." Participation in information sharing is not
conditioned on successful implementation of the principles. For
implementation, the President directed the creation of the Privacy
Guidelines Committee, consisting of the Attorney General, Director of
National Intelligence and agency privacy officers. No citizen advocates
sit on the committee.

The National strategy summarizes some of the completed information
sharing tasks. The strategy touts the creation of an "Information
Sharing Environment"; significant grant funding to stated and local
"information fusion centers"; the consolidation of watchlists in a
"terrorist screening center"; and the creation of the "Homeland Security
Information Network" for two-way information sharing between federal and
stated and local officials.

Per the strategy, information needs of state and local entities grow as
they incorporate homeland security into their day-to-day crime fighting
activities. Fusion centers are the are the "primary focal points" for
sharing of terrorism related information. Private sector information
sharing focuses on sharing with operators and owners of "critical
infrastructure." In receiving foreign information the "guiding
objective" is to ensure that the US can disseminate the information "as
broadly as possible." The impact on US persons' privacy of sharing their
information with foreign governments is to be "considered."

National Strategy for Information Sharing:

EPIC's page on Fusion Centers:"

Shamir says public key cryptography vunerable

Adi Shamir (the "S" in RSA) says increasing complexity of modern microprocessor chips is almost certain to lead to undetected errors, which make RSA based cryptographic security programs on these microprocessors vunerable to attack. From Shamir's note:

"With the increasing word size and sophisticated optimizations of multiplication units in modern

microprocessors, it becomes increasingly likely that they contain some undetected bugs.

This was demonstrated by the accidental discovery of the obscure Pentium division bug

in the mid 1990's, and by the recent discovery of a multiplication bug in the Microsoft

Excel program. In this note we show that if some intelligence organization discovers (or

secretly plants) even one pair of integers a and b whose product is computed incorrectly

(even in a single low order bit) by a popular microprocessor, then ANY key in ANY

RSA-based security program running on ANY one of the millions of PC's that contain this

microprocessor can be trivially broken with a single chosen message. A similar attack can be

applied to any security scheme based on discrete logs modulo a prime, and to any security

scheme based on elliptic curves (in which we can also exploit division bugs), and thus almost

all the presently deployed public key schemes will become vulnerable to such an attack. "