Facebook May Have To Ask All Users To Vote On Privacy Policy

Posted on by
Reply

Changes to Facebook’s policy on data use could be decided by each and everyone one of us that has an account on the social network. The European activists “europe-v-facebook.org”, led by a group of Austrian students, say that there have been enough comments (the threshold is 7,000) regarding Facebook’s ‘Data Use Policy‘ to force the company to put the privacy proposal to a worldwide vote.

This whole saga goes back to last year when europe-v-facebook.org filed 22 complaints with the Irish Data Protection Commissioner, which partially led to the DPC issuing a report later the same year suggesting some changes to Facebook’s privacy policy. Since then there have been more suggestions put forth by both the IDPC and the German Data Protection Agency.

So how would this hypothetical Facebook vote take place? Facebook’s own “Statement of Rights and Responsibilities” has this to say about it:

“If more than 7,000 users comment on the proposed change, we will also give you the opportunity to participate in a vote in which you will be provided alternatives. The vote shall be binding on us if more than 30% of all active registered users as of the date of the notice vote.”

So essentially the whole process will rely on 300 million people (give or take) actually making the effort to have their say on privacy. At the moment Facebook are just doing the due diligence by making sure that there aren’t a significant number of duplicate or spam comments within the 7,000+ responses that would necessitate the public vote.

We’ll keep you posted on how this story develops.

Civil Service In Department Of Work And Pensions Data Breach

Posted on by
Reply

A year-long investigation into private detectives by Channel 4′s Dispatches programme has led to some startling revelations about the practices of civil servants entrusted with our personal data.

The aim of the investigation was to look into accusations that PIs sell access to private information such as health, benefit and criminal records, as well as mobile phone bills and bank accounts. In the programme it was also revealed that almost 1,000 staff from the Department of Work and Pensions (DWP) had been disciplined in a 10-month period for inappropriately or unlawfully accessing social security records.

The figures, released under the Freedom of Information laws, also showed that between April 2010 and March 2011 a total of 513 employees were disciplined for “unauthorised disclosure of official, sensitive, private and/or personal information … to anyone” from supposedly private and secure databases. The DWP database can be accessed by as many as 200,000 different people and holds the records of 98 million people.

If all other data offences – such as breaching the Data Protection Act or inappropriate browsing of personal records of people claiming benefits – are taken into account, almost 1,200 civil servants were reprimanded over the same period (Apr ’10 – Mar ’11). Across all departments there were 992 people who faced disciplining between April 2011 and January 2012, which equates to almost 5 individuals per working day.

So what can you do to make sure the government keep your data secure? Well, unfortunately not a lot. However, campaign groups are on the case, with a spokesman for the Equality and Human Rights Commission saying: “We want to work with the government to make personal information better protected by the law.”

A representative for the DWP said that there would be no hesitation in reprimanding staff if any of them had accessed data through inappropriate methods and that they are working hard to improve staff awareness of data protection. The Department of Health also said that ”the NHS takes protecting individual privacy extremely seriously and if any member of staff is discovered intentionally breaching this, they will be subject to appropriate disciplinary action.”

Third-Party Facebook Apps Retain Your Data After You Remove The App

Posted on by
Reply

Using third-party apps on Facebook is widely known to be somewhat of a minefield in terms of what will be posted ‘on your behalf’ by the app, and what personal information of yours that the apps will have access to. Last Friday Facebook announced some changes to its data use policy in an attempt to “enhance transparency” by posting a lengthy blog in the Facebook Privacy section of the social network.

The updates are set to include better explanations, examples, some revelations about how third-parties deal with users’ data and some ‘tips’ on how best to configure your settings. You can read the whole entry here on the Facebook Privacy blog.

I won’t dissect the whole batch of intended changes, but I do want to focus on the point that whether unknowingly or unintentionally, it is possible that your friends may be inadvertently sharingyourinformation whentheyuse a third-party app.

This excerpt from the blog illustrates the point:

“Your friend might also want to share the music you “like” on Facebook. If you have made that information public, then the application can access it just like anyone else. But if you’ve shared your likes with just your friends, the application could ask your friend for permission to share them”

Something else explained in Facebook’s blog that is worth taking note of is to do with what happens to your data if you decide to delete an app from your profile. Well, the app may no longer have access to your live account, but it will still have all the data you previously granted it permission to use.

If you want an application to delete the information that it holds about you, you will need to directly ask them to do this. Facebook clarified this point by saying that “if you’ve removed an application and want them to delete the information you’ve already shared with them, you should contact the application and ask them to delete it.”

In the past, even Facebook themselves have been somewhat sluggish when it comes to actually deleting your data. The social network says that it can take around 90 days (or in some cases, three years) for a deleted account or even photo to completely disappear from the web. Yet any content external to your account, such as posts to a group or private messages to another user, will remain stored on Facebook.

So plenty to think about here. When you say or do something online it can be very difficult to backtrack or to erase what has gone on before, especially if you don’t control the medium on which a statement was made. Likewise if you are sharing your own information with friends on social networks who are less privacy conscious than yourself, they may end up sharing your content with a wider audience than you’d wished for.

Cyber-Threats More Of A Concern To Americans Than Physical Terrorism

Posted on by
Reply

Terrorism can take many different forms and according to a new study, it seems that people in America are now more concerned with the threat of cyber-terrorists than they are with the likes of al-Qaeda.

The security study carried out by Unisys discovered that the top three priorities for Americans when it comes to matters of security in the presidential campaign are as follows:

  1. Protecting government computer systems against hackers and criminals (74 percent)
  2. Protecting our electric power grid, water utilities and transportation systems against computer or terrorist attacks (73 percent)
  3. Homeland security issues such as terrorism (68 percent)

Admittedly when you compare the phone survey sample size of only 1,000 people to the total national population which is over 311,000,000 it’s hard to say that these results are reflective of the entire country. However, this doesn’t mean that they should be disregarded.

The survey asked “How important is it for a candidate to emphasize the following issues in the upcoming 2012 presidential election?” and had some additional questions about how concerned people were about identity theft and online fraud.

But should people actually be more concerned with cyber-terrorists? Realistically, there is a higher chance (touch wood) that I would fall prey to online fraud or identity theft than there is of me being injured (or worse) in a physical terrorist attack. But at least with the former, there are much more tangible measures that we can each take as individuals to prevent such woes befalling us.

It’s important to remember that any information stored or submitted online will run varying risks of being intercepted, shared or destroyed. If you make a habit of sharing or storing personal information in the cloud or through public channels, then you must live with the possibility that someone else could gain access to your data and use it for malevolent purposes.

If you have sensitive information that you must share, then you’d be well advised to seek a method of private secure sharing. After all, it’s best to share with your own world, not the whole world.

Court Bans Dutch Pirate Party From Providing Pirate Bay Proxys

Posted on by
Reply

Despite recent rulings requiring ISPs to block access to The Pirate Bay, millions of internet users are finding ways to get around the restrictions. The Netherlands’ Pirate Party had been offering a proxy to let users gain access to the links hosted on The Pirate Bay without actually having to visit the site directly.

However, following a complaint lodged by the anti-piracy group Brein, a court in the Hague has ruled that The Pirate Party must cease publicising ways to circumvent blocks to The Pirate Bay. A subsequent court order has now instructed a further five ISPs to block access to the site in addition to two of the country’s biggest ISPs that were subject to a previous ruling.

The Dutch Pirate Party have responded to the ruling by posting on their homepage that the latest decision is ”a slap in the face for the free internet.” The statement continued: “More and more bits of the internet will have to be censored because they might be used to get access to ‘infringing’ sites, until eventually most of the internet will be unreachable.”

Meanwhile in the UK, despite the ruling on April 30th that ordered five ISPs to block access to The Pirate Bay, the UK’s Pirate Party still offers a proxy-based workaround enabling web users to procure links from there, allowing for the downloading of copyrighted material.

There has been no comment so far from the British Phonographic Industry (the organisation which pushed for legal action against The Pirate Bay in the UK) on whether or not it will be seeking a ruling similar to that gained by Brein.

Two Norwegian Teens Arrested After SOCA DDoS Attack

Posted on by
Reply

Last week we reported that the website of the UK’s Serious Organised Crime Agency (SOCA) was brought down by hackers who staged a DDoS attack. Now it has emerged that two teenagers in Norway have been arrested for a series of computer attacks with SOCA believed to have been one of their targets.

There may be further arrests or at the very least more people brought in for questioning, with Norwegian prosecutor Erik Moestue quoted as saying: “We have arrested the two we think were most important in these attacks, but we still want to talk to more people.”

He added: “We know SOCA was recently attacked, as well as Norwegian and American sites, and that is one of the things that we are looking into.”

A spokesperson for Norway’s National Criminal Investigation Service said that the sites in Norway and America had also been hit by a DDoS attack. The two suspects, aged 18 and 19, were charged at the end of last week after a period of sustained electronic attacks going on for several weeks.

Mr Moestue said the case was still under investigation and that it was too early to discuss the motive for the attacks. However, if the pair are found guilty then the maximum sentence for the offences they are being charged with is a six-year jail term.

A Norwegian press agency reported that the country’s largest financial services group DNB has been attacked, along with the Police Security Service, but NCIS would not confirm this.

Twitter Fighting Government Subpoena For #Occupy Information

Posted on by
Reply

Twitter are engaged in a legal wrangle with the New York City district attorney’s office over access to tweets made by an Occupy Wall Street protester who is being prosecuted for disorderly conduct. In a motion file on Monday, Twitter is requesting that the court order requiring it to hand over three months worth of tweets posted by Malcolm Harris, be thrown out.

Lawyers speaking on behalf of Twitter argue that the micro-blogging site is in the untenable position of “either providing user communications and account information in response to all subpoenas or attempting to vindicate its users’ rights by moving to quash these subpoenas itself.”

I’m not exactly what you’d call a legal expert and my understanding of the inner workings of the American judicial system leaves a lot to be desired. However, what I can deduce from this matter is that Twitter is doing its best to defend the privacy of their users while trying not to break the law themselves nor incur the wrath of the authorities.

So in short it seems that Twitter are exploring all of the various laws and statutes (in this case citing the fact they would be in violation of the Constitution’s Fourth Amendment if they handed over the information) before they pass this user’s data on to the authorities.

I don’t want to dwell on the legal specifics of this story, but instead move onto the point that what people say on social networks is viewed by prosecuting forces as suitable evidence to be used against them. In this case I don’t think telling a protestor to communicate in private would do much good – by their very nature protestors want attention and an audience.

However, be warned – even things said as a joke on Twitter have landed people in legal hot water before.  In two separate incidents within the last two years a British man and an Irish national were both detained on suspicion of being terrorists because of tweets meant as jokes.

If the authorities want to get more information about from Twitter, then the company still appear to be fighting your corner as is evident from the Malcolm Harris case. But who knows what will change legally in the near future? If there’s something you need to communicate that might be misinterpreted or taken in a way that could potentially cause problems for you, then it’s probably best to send it privately – or perhaps not at all.