[Quote:]

This is ingenious and a little scary. Normally, Javascript doesn’t have access to your browser’s history URLs. But Aza Raskin found a way:

How does SocialHistory.js know? By using a cute information leak introduced by CSS. The browser colors visited links differently than non-visited links. All you have to do is load up a whole bunch of URLs for the most popular social bookmarking sites in an iframe and see which of those links are purple and which are blue. It’s not perfect (which, from a privacy perspective, is at least a little comforting) but it does get you 80% of the way there. The best/worst part is that this information leak probably won’t be plugged because it’s a fundamental feature of the browser.

Incredible.

Now any website has a reliable way to detect whether you have recently visited any particular URL.

[Quote:]

Chris Frates at the Politico reveals how Republican Leader John Boehner is seeking wiretap protection for himself, but not for ordinary Americans:

When a federal judge ordered Rep. Jim McDermott to pay House Minority Leader John A. Boehner and his attorneys more than $1 million in damages and legal fees for leaking an illegally taped phone call to the media, Boehner said he pursued the case because “no one — including members of Congress — is above the law.”

Why, then, is the Ohio Republican trying to squash similar lawsuits against telecommunications companies who cooperated with the government in warrantless electronic surveillance, ask the attorneys behind the class action suits.

The blatant hypocrisy on display here is stunning.

[Quote:]

The Home Office will create a database to store the details of every phone call made, every email sent and every web page visited by British citizens in the previous year under plans currently under discussion, it has emerged.

The Government wants to create the system to fight terrorism and crime. The police and security services believe it will make it easier to access important data as communications become more complex.

Telecoms firms and internet service providers (ISPs) have already been approached by the Home Office, which would be given customer records if the plans were realised.

The security services and police would then be able to access records for any individual over the previous 12 months by gaining permission through the courts.

[Quote:]

Unable to afford a proper camera crew and equipment, The Get Out Clause, an unsigned band from the city, decided to make use of the cameras seen all over British streets.

With an estimated 13 million CCTV cameras in Britain, suitable locations were not hard to come by.

They set up their equipment, drum kit and all, in eighty locations around Manchester – including on a bus – and proceeded to play to the cameras.

Afterwards they wrote to the companies or organisations involved and asked for the footage under the Freedom of Information Act.

“We wanted to produce something that looked good and that wasn’t too expensive to do,” guitarist Tony Churnside told Sky News.

[Quote:]

My favorite terrorist is Hasan Elahi. Just saying his name makes my heart go up one Terror Alert level. Why Elahi? Well, to begin with, he’s innocent. A quality so rare in someone so guilty. You see, in 2002, Elahi was detained by the FBI on suspicion of hoarding explosives in a Florida storage unit. Turns out, he didn’t have any explosives. In fact, he was the only person in Florida without gunpowder. But the FBI refused to give Elahi a written letter clearing him of suspicion because he refused to change his name, religion and skin color. Instead, they just asked him to “check in” with them periodically. And here’s where I really like this guy: for the last six years, Elahi has taken the burden off government surveillance by surveilling himself. Everyday, Elahi takes hundreds of photos of his whereabouts and sends them to the FBI. Pictures of the airports he travels through, the bathrooms he visits, even the meals he eats. With these pictures, he’s ensuring that he’ll never be arrested on suspicion of terror, though by judging by some of the meals he’s eating, Gitmo might be an improvement.

[Quote:]

The Ninth Circuit’s recent ruling (pdf) in United States v. Arnold allows border patrol agents to search your laptop or other digital device without limitation when you are entering the country. EFF and many civil liberties, travelers’ rights, immigration advocacy and professional organizations are concerned that unfettered laptop searches endanger trade secrets, attorney-client communications, and other private information. These groups have signed a letter asking Congress to hold hearings to find out what protocol, if any, Customs and Border Protection (CBP) follows in searching digital devices and copying, storing and using travelers’ data. The letter also asks Congress to pass legislation protecting travelers’ laptops and smart phones from unlimited government scrutiny.

[..]

In the meantime, how can international travelers protect themselves at the U.S. border, short of leaving their laptops and iPhones at home?

The EFF has many suggestions, but it really boils down to: if you’re not a US citizen, don’t travel to the US if you can avoid it. If you are a US citizen, you’re fucked.

[Quote:]

There has been outrage in Italy after the outgoing government published every Italian’s declared earnings and tax contributions on the internet.

The tax authority’s website was inundated by people curious to know how much their neighbours, celebrities or sports stars were making.

The Italian treasury suspended the website after a formal complaint from the country’s privacy watchdog.

[..]

The timing of the move, just days before the current administration hands over to incoming Prime Minister Silvio Berlusconi, was intriguing too, says our correspondent.

The outgoing government came to power promising to tackle Italians’ notoriously lax approach to paying tax.

[Quote:]

“In 2001 Jose Emilio Suarez Trashorras was jailed in a Spanish prison for drug related offences. Whilst imprisoned, Trashorras established regular contact with Jamal Ahmidan who was serving time for a petty crime. Both individuals embraced radical Islamic fundamentalist ideas within the prison and were recruited in the Takfir wa al-Hijra group, a Moroccan terrorist groups linked with al-Qaida . Following their release, Ahmidan became the leader of the terrorist cell that conducted the Madrid bombing. In a drugs-for-bombs exchange with a third party, Trashorras provided the explosives for the 13 backpack bombs that killed 191 people and injured hundreds.“

So write Vassilis and Panos Kostakos in the department of computer science and the University of Bath in the UK, who have come up with a system that they say could spot and monitor these kinds of interactions in prisons.

Their idea? Fit inmates with RFID tags that allow their positions to be monitored, and then number crunch the resulting data sets to see who spends the most time with whom.

Not exactly rocket science but the Kostakos’s have an even more frightening idea. Why not test the idea by anonymously monitoring the movements of students, residents and workers of the city of Bath by listening out for their bluetooth-enabled devices as they move around the city. And that’s what they’ve done.

What the Kostakos found is that it is straightforward to capture data on people’s encounters using bluetooth. In fact they captured data on 10,000 unique devices during the 6 month study. Yep, that’s 10,000.

Exactly how much you can tell about these encounters isn’t clear. But hey, this is only a demonstration (either that or they’re keeping schtum about the juicy details).

These days there’s less and less difference between people inside and outside prisons..

Next up: mandatory bluetooth collars for everybody.

[Quote:]

The government has refused to investigate BT’s covert wiretapping of thousands of its customers in 2006 and 2007, despite its own expert’s view that without consent Phorm’s advertising targeting technology is a breach of criminal law.

Whitehall’s willingness to turn a blind eye to the fact that tens of thousands of people were spied on by big business in order to serve up targeted marketing has angered web users. “I’m absolutely sickened and appalled,” Pete John, who has tried to interest authorities, told The Register this week.

BT customers who have attempted to report the secret listening and profiling experiments to the police have been told to approach the Home Office. One was subsequently told over email by an official: “It is important to remember that private companies such as ISPs are allowed to do certain things under section 3 of [the Regulation of Investigatory Powers Act] that Law Enforcement Agencies cannot do without permission.”

All Hallow the Corporation!

[Quote:]

The Bush administration said yesterday that it plans to start using the nation’s most advanced spy technology for domestic purposes soon, rebuffing challenges by House Democrats over the idea’s legal authority.

[..]

Sophisticated overhead sensor data will be used for law enforcement once privacy and civil rights concerns are resolved, he said.

And it will be resolved by ignoring the relevant parts of the constitution, of course.

Feel safer yet?

[Quote:]

Phorm has agreed to allow an independent software expert to inspect its source code as it continues to battle the firestorm provoked by agreements with BT, Virgin Media and Carphone Warehouse to let it build profiles of their broadband customers’ web browsing.

It seems a move by the battered firm to try to win some public trust.

As in, yep, they’re screwing over your privacy and selling you out to the highest bidder, but at least they do so with bug-free code? How would that make any difference?

Davies, a London School of Economics researcher best known as the founder of the pressure group Privacy International, has come under increasing criticism for his commercial role in the Phorm affair.

[..]

The report is dated 10 February, and Davies has since praised the system. Defending himself against criticism on the influential UK-Crypto mailing list, he wrote: “For what it’s worth, we do believe the company [Phorm] has created some extremely interesting and privacy friendly technology. And in my view the company has gone above and beyond the norm to expunge personal data from its system.”

You know what my definition of “privacy friendly technology” is? Not collecting all that shit in the first place.

Like web inventor Sir Tim Berners-Lee, 80/20 argues that Phorm would only be allowable on an opt-in basis. The logic goes that if the “service” is so great, why wouldn’t people choose to be part of it?

And, of course, the same logic can be used to reason that since Phorm has no intention to do that, they expect as much people to opt in to their system as they would expect to accept a free enema on the town square.

As one of the comments on the Register states, which part of “FUCK OFF” don’t they understand?

[Quote:]

Primary school children should be eligible for the DNA database if they exhibit behaviour indicating they may become criminals in later life, according to Britain’s most senior police forensics expert.

Gary Pugh, director of forensic sciences at Scotland Yard and the new DNA spokesman for the Association of Chief Police Officers (Acpo), said a debate was needed on how far Britain should go in identifying potential offenders, given that some experts believe it is possible to identify future offending traits in children as young as five.

The younger you tell kids they’re suspected criminals, the younger they’ll start acting like one. Tell people you don’t trust them in anything, and they’ll act like it. Break down basic trust at ages as young as five, and your society will go down the crapper.

[Quote:]

Records of journeys made by people using smart cards that allow 17 million Britons to travel by underground, bus and train with a single swipe at the ticket barrier are among a welter of private information held by the state to which MI5 and police counter-terrorism officers want access in order to help identify patterns of suspicious behaviour.

The request by the security services, described by shadow Home Secretary David Davis last night as ‘extraordinary’, forms part of a fierce Whitehall debate over how much access the state should have to people’s private lives in its efforts to combat terrorism.

[..]

Currently the security services can demand the Oyster records of specific individuals under investigation to establish where they have been, but cannot trawl the whole database. But supporters of calls for more sharing of data argue that apparently trivial snippets - like the journeys an individual makes around the capital - could become important pieces of the jigsaw when fitted into a pattern of other publicly held information on an individual’s movements, habits, education and other personal details. That could lead, they argue, to the unmasking of otherwise undetected suspects.

Or, in other words, they want to spy on you, but they aren’t sure why, yet. However, they’re sure that if they watch you long enough, they’ll find something.

[Quote:]

BT staffer Adam Liversage has quietly confirmed that the operator conducted a “very small scale technical test” (secret trial) of Phorm’s data pimping system during 2007 (original news). Liversage issued the following statement to the operator’s community forums:

BT can confirm that we conducted a very small scale technical test of a prototype advertising platform on one exchange in June 2007. The test was specifically conducted to evaluate the functional and technical performance of the platform. Absolutely no personally identifiable information was processed, stored or disclosed during this trial. As with all Service Providers, it is important for BT to ensure that, before any potential new technologies are employed, they are robust and fit for purpose.

It’s understood that the trial was tried on a live exchange first with no prior customer consultation because those that witnessed the activity on their connection and enquired were mislead by BT into thinking, ironically, that it was a DNS hijacker.

Indeed we’d question how successful such a trial could be without any information being “processed [AND OR] stored“. That would be a bit like developing an operating system and never running it, although sometimes we think Microsoft probably do that too.

[Quote:]

These machines (which, I’m told, capture the shape of your fingertip instead of your fingerprint itself) are used to keep Disney World customers from sharing or re-selling their admission tickets, and are part of a general and growing police-state climate at the parks that includes routine bag-searches at each park entrance.

The readers aren’t very effective at stopping admission cheats. You can choose not to register your fingertip, and to use photo ID for admission instead (I’m thinking of having a random piece of photo identification made with the words “OFFICIAL BOGUS SECURITY IDENTIFICATION FOR HOTELS, THEME PARKS AND OTHER JUNIOR G-MEN” printed on it). So it would be very easy to share your pass: the person named on the pass enters with his ID, and the person with whom he’s sharing the card uses a fingertip — you could visit with your sister’s family and half of you could use the tickets in the morning while the other half hung around the pool and relaxed, then switch at lunch: the morning crew uses fingertip, the afternoon uses ID.

What these readers are effective at is conditioning kids to accept surveillance and routine searches and identity checks without particularized suspcion. One morning at Epcot Center, as we offered our ID to the castmember at the turnstile and began to argue (again — they’re very poorly trained on this point) that we could indeed opt to show ID instead of being printed, a small boy behind us chirped up, “No you have to be fingerprinted! Everybody has to be fingerprinted!”

[Quote:]

Mass fingerprinting, biometric passports, identity cards and international identity databases will not protect Britain and other European countries from terrorists or criminals.

This startling admission comes in a leaked European Commission report prepared for Home Secretary Jacqui Smith and other EU Home Affairs Ministers.

The report undermines Gordon Brown’s claims about the need for controversial new passports and identity cards to protect the country from terror attacks.

It raises new questions about the true purpose of Government databases, which will store intimate details of everyone in Britain, including their picture, fingerprints and confidential personal information.

The EU report, obtained by The Mail on Sunday, says most people behind terror attacks in the UK and Europe were living in the EU legally and so would not be affected by increased security measures.

It says: “None of the policy options contribute markedly to reducing terrorism or serious crime.

[Quote:]

The government will announce plans tomorrow to give every English child an identifying number and a database entry of their school qualifications.

The idea, if that’s not too strong a word, is that the database will include a mini-CV which employers will be able to check.

Every child of 14 will get a Unique Learning Number, different from the Unique Pupil Number which is deleted when you leave school, and different from the national ID database. This number will allow them to access the online database, known as managing Information Across Partners (MIAP). Potential employers will get a different password giving them limited access to a person’s record.

The government is supposed to be in the middle of reviewing the security of all the data it keeps on UK citizens, but the Department of Innovation, Universities and Skills was unable to tell us what impact this review has had or might have on the thinking behind the database. Most of the information on the database is already held somewhere, but not in one place.

People already have CVs that they send to prospective employers, right? What is this database for?

[Quote:]

The debate isn’t security versus privacy. It’s liberty versus control.

You can see it in comments by government officials: “Privacy no longer can mean anonymity,” says Donald Kerr, principal deputy director of national intelligence. “Instead, it should mean that government and businesses properly safeguard people’s private communications and financial information.” Did you catch that? You’re expected to give up control of your privacy to others, who — presumably — get to decide how much of it you deserve. That’s what loss of liberty looks like.

It should be no surprise that people choose security over privacy: 51 to 29 percent in a recent poll. Even if you don’t subscribe to Maslow’s hierarchy of needs, it’s obvious that security is more important. Security is vital to survival, not just of people but of every living thing. Privacy is unique to humans, but it’s a social need. It’s vital to personal dignity, to family life, to society — to what makes us uniquely human — but not to survival.

If you set up the false dichotomy, of course people will choose security over privacy — especially if you scare them first. But it’s still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” It’s also true that those who would give up privacy for security are likely to end up with neither.

[Quote:]

Gobby TV presenter Jeremy Clarkson has been forced to reverse his position after he lost money after publishing his bank account details in a newspaper column.

The Top Gear presenter rather rashly published his account details in a column in The Sun to back up his claims that the child benefit data loss furore, which resulted in the loss of unencrypted CDs containing bank details of 25m people, was a lot of fuss about nothing.

Clarkson published his bank account number and sort code, along with clues to his address, insisting that the worst that could happen was that someone could pay money into his account.

Days later Clarkson was forced to admit he was wrong after an unidentified prankster set up a £500 direct debit from the presenter’s account in favour of charity Diabetes UK, the BBC reports.

“The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again,” Clarkson said in a column published in the Sunday Times. “I was wrong and I have been punished for my mistake.”

Clarkson, never one to shy away from colourful or controversial commentary, is now hopping mad over the data loss. “Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy,” he said.

My response:

(Aside from the laugh, I have some respect for the man. He was wrong, admits it and, having learned from his mistake, is quite happy to change his opinion.)