November Roundup

If you plan on spending any time in the UK in the near future, do be aware that staff of the Postal Services Commission will be able to look at everything you’ve been browsing on the Web. No, that’s not a somewhat strange hypothetical situation constructed to make you think a bit about digital privacy, it’s now the law, because, ladies and gentlemen, the fun and games on the Internet are over. These are certainly strange times we live in.

1. The Snooper’s Charter’s Here

There’s a good chance you didn’t hear about this one. There were other things happening. While we were looking in fascination at Brexit and the US election results, the ominously named Investigatory Powers Bill progressed through the UK parliament and became law on Tuesday 29th November. This is a sweeping piece of blanket surveillance legislation, the like of which has not been seen in a Western democracy before.

Notes for humans

Just one example here should suffice. This is a list of bodies who will be able to access the entire list of websites UK residents have visited in the preceding year.

Air Accidents Investigation Branch
Charity Commission
Commission for Healthcare Audit and Inspection
Commissioners of Revenue and Customs
Common Services Agency for the Scottish Health Service
Criminal Cases Review Commission
Department for Environment, Food and Rural Affairs (for the purposes of the Marine Fisheries Agency)
Department for Transport (for the purposes of transport security, Vehicle and Operator Services Agency, Driving Standards Agency and Maritime and Coastguard Agency)
Department for Work and Pensions
Department of Agriculture and Rural Development for Northern Ireland
Department of Enterprise, Trade and Investment for Northern Ireland (for the purposes of Trading Standards)
Department of Health (for the purposes of the Medicines and Healthcare Products Regulatory Agency)
Environment Agency
Financial Services Authority
Fire Authority for Northern Ireland
Food Standards Agency
Gambling Commission
Gangmasters Licensing Authority
General Pharmaceutical Council
Government Communications Headquarters
Health & Safety Executive
Her Majesty’s Chief Inspector of Schools in England
HM Revenue and Customs
Home Office (for the purposes of HM Prison Service and the UK Border Agency)
Information Commissioner
Marine Accident Investigation Branch
Maritime and Coastguard Agency
Ministry of Defence
NHS ambulance service Trust
NHS Counter Fraud and Security Management Service
Northern Ireland Ambulance Service Health and Social Services Trust
Northern Ireland Health and Social Services Central Services Agency
Northern Ireland Office (for the purposes of the Northern Ireland Prison Service)
Office of Fair Trading
Office of the Deputy Prime Minister
Office of the Police Ombudsman for Northern Ireland
Port of Dover Police
Port of Liverpool Police
Post Office Investigation Branch
Postal Services Commission
Rail Accident Investigation Branch
Royal Air Force Police
Royal Military Police
Royal Navy Regulating Branch
Scottish Ambulance Service Board
Scottish Environment Protection Agency
Secret Intelligence Service
Security Service
Serious Fraud Office
The Armed Forces
The Pensions Regulator
Special Police Forces (including the Scottish Drug Enforcement Agency)
Territorial Police Forces
Welsh Ambulance Services NHS Trust
Welsh Government (for the purposes of the NHS Directorate, NHS Finance Division, Common Agricultural Policy Management Division and Care Standards Inspectorate for Wales)

The designated senior person in these bodies will not require a warrant from a judge. This extraordinarily invasive power will be abused with ruinous effects for individuals. The articles below go into plenty more detail about the effects.

+ Why the Investigatory Powers Act is a privacy disaster waiting to happen

‘Extreme surveillance’ becomes UK law with barely a whimper

It’s official, the Snooper’s Charter is becoming law: how the IP Bill will affect you

2. It Was Nice Knowing You, Fun And Games

In the wake of the escalating DDoS attacks by connected household appliance on various targets, which we covered last month and the month before that, Bruce Schneier told the US House of Representatives’ Energy & Commerce Committee that the Internet is now dangerous. He’s not wrong.

Notes for humans

Be careful what connected devices you purchase and connect to your home network. Be aware that many of these devices have minimal to no security and can be attacked and taken over remotely. Join our campaign to have the Internet of Things renamed The Internet Of Things That Really Shouldn’t Be Connected To The Internet. (The details of this campaign are still being thrashed out. First item on the agenda is a snappier title. More on this in the new year, maybe.)

3. You’ve Got My Number

An app that promises to cut down on unwanted spam and let you look up who is behind those unlisted numbers that call you out of the blue sounds attractive, doesn’t it? Like so much else in the digital world, while these apps may provide you with a passably useful service they have another motivation. Acquiring personal information. The BBC reports that these apps have “huge databases – one app claims to have two billion numbers while another claims more than a billion.”

Meanwhile it seems that Apple is storing your call history on their servers, including calls made with other services such as Skype. Also, the phone numbers and home addresses of customers of Australian mobile operators are being offered for sale to the highest bidder. Premium prices charged for celebrities.

Notes for humans

Be careful who you give your phone number to. It is increasingly being used by organisations as a way of identifying you, providing backup security access to passwords and two-factor authentication. If hackers possess your phone number they can often use it to gain access to other aspects of your digital life.

Be equally careful who you give your contacts to. You have a responsibility not to share those people’s personal data without their consent.

A 10-Digit Key Code to Your Private Life: Your Cellphone Number

4. Private Email Servers, Irish Edition

What began as a simultaneously concerning and darkly amusing story about Garda Commissioner Nóirín O’Sullivan using a personal Gmail address to send and receive official Garda communications, with obvious parallels to the issue that had dogged Hillary Clinton for the last eighteen months became even more worrying as it emerged that a large number of senior Gardai were apparently doing exactly the same.

Notes for humans

Would you trust any arm of the state to securely store your personal information when this sort of thing is happening in the police force? Speaking of that trust issue and arms of the state …

5. eHealth. Like Bertie Ahern, It Hasn’t Gone Away, You Know

Dramatic times in the world of eHealth in Ireland this month, as the public relations push towards a digital health future ground relentlessly onward. Whether public awareness outside the HSE is being impinged upon at all by any of this remains doubtful, but presentations were given, talk was talked at conferences and awards were won. According to a source* one lucky child born in Cork this coming Saturday, 3rd December, will be Ireland’s first “digital baby”, immediately generating healthcare data to be stored in the cloud by the HSE. This will be the beginning of his or her’s Electronic Health Record. How do you opt out of that, eh?

“Ireland will allow a patient to “opt out” of having an electronic health record and the ability to do that will be straight forward. In the NHS you had to opt out 17 times to not have a digital record. In Ireland, you’ll be able to do that once. This is being built as a big infrastructure piece. The privacy side, the ability to see who has looked at your health record is another part.”

Notes for humans

Healthcare identity systems such as the one the HSE is in the process of building have become the number one target of hackers and identity thieves this year. Electronic health records are the most valuable pieces of personal identity information available for sale on the Deep Web. Medical systems are extremely vulnerable to attack. Breaches will happen. Breaches are widespread in the healthcare sector already. Breaches won’t be noticed. Breaches will be dithered over. Breaches won’t be reported. Patients will have to deal with the fallout. A lot more public consultation about the benefits and risks of this system is required.

*source = read it on Twitter

Honourable Mentions
  • A KPMG survey showed consumers favour privacy over convenience. Now we just have to wait for the worst of the profilers to realise that they should perhaps give up on the creepy stuff if they want to retain customers.
  • The Norwegian Consumer Council lodged a complaint against a group of fitness wristband manufacturers at the beginning of the month. “None of the four companies gives users proper notice about changes in their apps’ terms and conditions, the complaint claims, and all of them collect more data than is strictly necessary to provide their service. Nor do the companies fully explain who they may share user data with, or for how long they retain that data.” The story has a vague and not particularly reassuring statement from Fitbit which is cast in the past tense. Jawbone are a little more forthcoming and claim they will delete all user data on request.
  • Donald Trump became US President-elect and there was a sudden growth in signups for encrypted communications services. Switzerland-based encrypted email provider ProtonMail said numbers of new signups had doubled in the days following the election. Encrypted messaging service Signal saw a 400% increase in new users in the week following the election. By the way, we wholeheartedly endorse both ProtonMail and Signal. Even people who were totally comfortable with the vast surveillance powers of the NSA suddenly saw the light when the realisation that Trump would be in charge of those powers from now on sank in.

[Title image credit: Hannah Wei on Unsplash]

Leave a Reply

Your email address will not be published. Required fields are marked *