James O'Neill's Blog

August 7, 2012

The cloud, passwords, and problems of trust and reliance

Filed under: Privacy,Security and Malware — jamesone111 @ 9:02 pm

In recent days a story has been emerging of a guy called Mat Honan. Mat got hacked, the hackers wanted his twitter account simply because he had a three letter twitter name. Along the way they wiped his Google mail account and (via Apple’s iCloud) his iPhone, iPad and his Macbook. Since he relied on stuff being backed up in the cloud he lost irreplaceable family photos, and lord only knows what else. There are two possible reactions Schadenfreude – “Ha, ha I don’t rely on Google or Apple look what happens to people who do” , “What an idiot, not having a backup”, or “There but for the grace of God goes any of us”.

Only people who’ve never lost data can feel unsympathetic to Mat and I’ve lost data. I’ve known tapes which couldn’t be read on a new unit after the old one was destroyed in a fire. I’ve learnt by way of a disk crash that a server wasn’t running it’s backups correctly. I’ve gone back to optical media which couldn’t be read. My backup drive failed a while back – though fortunately everything on it existed somewhere else, making a new backup showed me in just how many places. I’ve had memory cards fail in the camera before I had copied the data off them and I had some photos which existed only on a laptop and a memory card which were in the same bag that got stolen (the laptop had been backed up the day before the photos were taken). The spare memory card I carry on my key-ring failed recently, and I carry that because I’ve turned up to shoot photos with no memory card in the camera – never close the door on the camera with the battery or memory card out. I treat memory cards like film and just buy more and keep the old cards as a backstop copy. So my data practices look like a mixture of paranoia and superstition and I know, deep down, that nothing is infallible.

For many of us everything we have in the cloud comes down to one password. I don’t mean that we logon everywhere with “Secret1066!”  (no, not my password). But most of us have one or perhaps two email address which we use when we register.  I have one password which I use on many, many sites which require me to create an identity but that identity doesn’t secure anything meaningful to me. It doesn’t meet the rules of some sites (and I get increasingly cross with sites which define their own standards for passwords) and on those sites I will set a one off password. Like “2dayisTuesday!” when I come to use the site again I’ll just ask them to reset my password. Anything I have in the cloud is only as secure as my email password. 
There are Some hints here, first: any site which can mail you your current password doesn’t encrypt it properly the proper way to store passwords is as something computed from the password so it is only possible to tell if the right password was entered not what the password is. And second, these computations are case sensitive and set no maximum password length, so any site which is case insensitive or limits password length probably doesn’t have your details properly secured.  Such sites are out there – Tesco for example – and if we want to use them we have to put up with their security. However if they get hacked (and you do have to ask , if they can’t keep passwords securely, what other weaknesses are there ?) your user name , email and password are in the hands of the hackers, so you had better use different credentials anywhere security matters – which of course means on your mailbox.

So your email password is the one password to rule them all and obviously needs to be secure. But there is a weak link, and that seems to be where the people who hacked Mat found a scary loophole. The easiest way into someone’s mailbox might be to get an administrator to reset the password over the phone – not to guess or brute force it. The only time I had my password reset at Microsoft the new one was left on my voicemail – so I had to be able to login to that. If the provider texts the password to a mobile phone or resets it (say) to the town where you born (without saying what it is) that offers a level of protection; but – be honest – do you know what it takes to get someone at your provider to reset your password, or what the protocol is ?  In Mat’s case the provider was Apple – for whom the hacker knew an exploitable weakness – but it would be naive to think that Apple was uniquely vulnerable.

Mat’s pain may show the risk in having only a mailbox providers password reset policy to keep a hacker out of your computer and/or your (only) backup. One can build up a fear of other things that stop you having access to either computer or backup without knowing how realistic they are.  I like knowing that my last few phones could be wiped easily but would I want remote wipe of a laptop ? When my laptop was stolen there wasn’t any need to wipe it remotely as it had full volume encryption with Microsoft’s bitlocker (saving me a difficult conversation with corporate security) and after this story I’ll stick to that. Cloud storage does give me off-site backup and that’s valuable – it won’t be affected if I have a fire or flood at home – but I will continue to put my faith in traditional off-line backup and I’ve just ordered more disk capacity for that.

Advertisements

December 8, 2010

One small step for IE9, one giant leap for privacy

Filed under: Internet Explorer,Privacy — jamesone111 @ 3:06 pm

After reading an an announcement from Microsoft , I feel the need to go back to an old draft post I saved 6 weeks or so ago –  parts of which appear in italics here. 

I’ve been playing with the beta of Internet Explorer version 9 and as with most betas there is stuff to like in it, with the occasional “why did they have to change that”. Certainly it is faster, and all the tests show it is a lot more complaint with standards – some of which are still emerging. Dragging a tab to the task bar to make a short-cut to a page (complete with support for jump-lists) is neat… …I expect more accusations that Microsoft is  half hearted over In-Private filtering – streamlining has made it less visible; it still can’t download a block-list from a a central service and still doesn’t stay turned on without going to the registry.

The Microsoft announcement means the last sentence is out of date.  Here’s a quote from  Christopher Soghoian’s blog , which I picked up courtesy of Privacy international. Soghoian needs a bit of convincing: early on he says:

Microsoft today announced that it will be improving the InPrivate Filtering feature in its browser — which would have been a great feature, if the company hadn’t intentionally sabotaged it in response to pressure from people within the company’s advertising division.

That’s the expected charge of being half hearted over In-Private filtering, but after seeing the change to IE he ends:

“This is a great, pro-privacy and strategically savvy move on Microsoft’s part. I am delighted to see companies competing on privacy, and building better features into their products”

Soghoian goes into a lot of detail and his post is worth reading. But I’m aware a lot of people either don’t know about In-Private-Filtering or muddle it up with In-Private Browsing, which is the history-less working sometimes called “porn mode”.  In-Private-Filtering is a system to compile a list of “Bad” third party sites, whose content is embedded on other sites’ pages – with the support of those sites’ owners. “Bad” ranges from ads with attention getting flash that stops me reading the content of a site, to a single invisible pixel which allows someone to track where you have been. In private filtering blocks this stuff – it can build a list of what to block or it can import an allow/block list from XML file. But filtering is off by default and only the registry hack I mentioned above will keep it on between sessions. The XML file is actually formatted as an RSS feed, IE8 can’t to subscribe to the feed; According to the WSJ article Soghoian links to, subscriptions were planned for IE8, then cut at the behest of Microsoft’s own ad business. 

I maintain one of these XML files – which today needs to  imported manually; back in that old draft post I wrote:

The feature I like best is the [F12] developer tools view, this was present in IE8,  [but new in ] IE9 there is a network tracking tool which helps developers spot troublesome pages – those that are slow or fail to load at all.

image_thumb5

No wonder this page is slow – the status bar says 75 items and 600KB , a lot a home page probably less than 10% is content and the rest is advertising slurry. In the middle of the list you can see it’s getting content from SmartAdServer,  which I might want to block. 

IE 9 will allow users to subscribe to a block/allow list – just by clicking on a link as they can in IE8 to add Accelerators, Search providers and Web slices. So now I can publish my XML file of bad sites, so can anyone else. And I expect that good lists – those managed with a degree of professionalism to filter the ever-shifting list of third party content that nobody wants – will be very popular. 

You expect this to be worrying for ad industry: the internet they have know so far has been good to them. If  it becomes easy people to withdraw their consent to be profiled or to have certain ads sent to them, some ad firms will die, and the likes of the Electronic Frontier Foundation will dance on their graves. It’s easy to categorize the EFF as the lunatic fringe – but now they seem to have dance partners in  Wall Street Journal and US government bodies including Federal Trade Commission in the US there is talk of legally enforcing this.  I’ve seen the same quote from the Direct Marketing Association  in multiple places.

“Any ‘do-not’ national list doesn’t work and undermines the basis of the Internet as we know it now, in terms of free content and companies being able to monetize the Internet… Self-regulation is the way to go.”

It doesn’t work, but it is ruinous… they would say that, wouldn’t they?  I’m looking forward to seeing how this one pans out.

October 18, 2010

An unexpected call from a help desk? Hang up.

Filed under: Privacy,Security and Malware — jamesone111 @ 2:04 pm

My phone rang: it was my dad. Father/son combinations don’t ring to chat like mother/daughter ones do, and Dad had been having computer problems. Specifically, Excel had been crashing but managing to recover his work. Each time it had offered to send data to Microsoft and each time he had declined. Then his phone had rung and the caller said it was about the problems he was having problems with his computer.

To me this was immediately suspicious, there is nothing in the Microsoft reporting process which sends personal information like phone-numbers. In fact when you register Windows you don’t put a phone number in, and it is not stored anywhere in the configuration of the machine.  Dad doesn’t have a support contract with anyone so even if personal information were being sent I wouldn’t expect a phone call.  It would need quite some call centre to manage a courtesy call every time an app crashed. The  only way the caller could know that there was a problem and have his details was if something malign on the machine was telling them.
Dad assumed the caller was legitimate:  he assumed they’d been given his details by Microsoft, we only give your personal information to a 3rd party if you have requested a specific service which needs us to do that, or said you were happy to be called about something specific by a partner (which is Opt-in, not opt-out).   
They had his confidence and things now went from bad to worse, the caller got Dad to give him remote access to the PC for 50 minutes. There’s no telling what went on in that time, but at this stage I had to assume his machine could be doing anything and everything on it machine was potentially compromised. Changing passwords would do no good if a key-logger had been installed.
After 50 minutes they called back and told Dad they’d removed 300 viruses from his machine (A bit of a dent for the Anti-virus software he was using, and almost certainly untrue) and signed him up for a £180 support contract which he paid by credit card. When he went to use the card… as if you couldn’t guess, it bounced.  

I told him to turn everything off and quarantine the PC. Having realised he’d been taken in, he took steps to get his credit card re-issued, and he set about changing all the passwords which might have been exposed on this machine -using a different one. He’d heard about someone whose stock portfolio had been compromised: the crook had changed address and bank details and it was only when they tried to sell everything, that the broker’s system spotted something might be wrong. I had to visit, and

  • Remove the hard disk and connect it to another machine.
  • Copy all the data off, for safety,
  • Scan for Malware (nothing found)
  • Roll windows back to a checkpoint before all this occurred.
  • Re-apply updates from Windows updates since that check point
  • Replace the anti-virus he was using with Microsoft Security essentials and let it scan the machine (nothing found).
  • Re-run the Malicious Software Removal tool (MRT.EXE) – again nothing was found.

My father was a smart man – smarter than me if I’m honest – and although he has been retired for nearly 20 years I don’t think he has lost his wits. I spent the afternoon of that phone call moving between rage and incomprehension – how could he be so stupid. (Many readers will know the famous “Word Perfect support call ” story – put that into Bing or Google if you don’t: it ends with  "unplug your system and pack it up just like it was when you got it. Then take it back to the store you bought it from."  “What do I tell them?" "Tell them you’re too stupid to own a computer." ) . The problem is – of course – that confidence tricksters are plausible, and anyone can fall for social engineering if it is well enough done. 

It turns out that this is a scam being used by a couple of firms in India – they don’t get malware onto the machine and then call to fix it; they randomly call people and tell them they have a problem. It was a company using the name of OnlinePcCare.com who scammed my Dad . One interesting thing was they put the credit card transaction through a third party G2S.com, and it may be that which triggered a fraud alert, the credit card company wouldn’t say. A search on Bing for “onlinePcCare +scam” finds plenty of other victims or near misses. This one from Ireland was immediately familiar “can you start event viewer…  are there any errors in the application log ?”.  If the event log is empty, logging itself is broken. Some people recorded the scammers and have posted the call to you-tube – these come near the top in a search and Digital toast has a selection – together with a list of other names used by these people.

Charles Arthur at The Guardian has been covering this story for a little while, see Police crack down on computer support phone scam, and Virus phone scam being run from call centres in India. His blog post Those ‘PC virus’ phone call scams: the unanswered questions is a worth reading too; it confirms my finding that no malware seems to get installed, and shares my opinion that this fits the definition of obtaining money by deception. (Dad’s call to the police got a response of “here’s a crime number – we’ve got a big file on this and we’ll add you to it”) 

If you act as family tech support, do yourselves a favour.  As well as pointing out that none of those nice men in Nigeria will really have a fortune which they will share, and that it is statistically nearly impossible to have a large lottery win and at the same time be unaware of entering the draw, now you need to add  “no one really knows if you have a problem with your computer and calls to fix it” (you may be yelling at the computer but in cyberspace no-one can hear you scream.)  

You might add “If you don’t like unsolicited calls register with the telephone preference service,  no reputable company will call you once you’ve registered and any company which does call you is, by definition, not reputable

Postscript. While I was working on this post I got a call from OnlinePcCare. It may be one of those random things or they may be stepping up their activities.

This post originally appeared on my technet blog.

January 25, 2010

I’m a photographer, not a terrorist (or any other kind of bogeyman)

Filed under: Photography,Privacy — jamesone111 @ 11:39 am

Click for a larger version Every now and then in photography forums someone will ask “Do I need a release to publish pictures of someone”, the law varies enormously round the world but English law grants rights to the owner of copyright (the photographer or their employer), and not to people who appear in the pictures. The photographer can publish, exhibit or sell pictures provided nothing improper was done to get them in the first place: deceiving a model, trespassing to get a shot, taking a picture somewhere that conditions of entry meant not taking pictures or waiving the normal rights of a copyright holder, or using a long lens and a step ladder to see someone where they would have an expectation of privacy would all be examples of “improper”. The rule of thumb for photography in a public place is sometimes summarized as “if it shows what anyone else could have seen had they been there, its OK”.

Except it is becoming less and less OK. It used to possible to take photographs of children playing in public if it made a good photo. Photographers won’t do that now for fear of being branded paedophiles. People seem to be unable to tell the difference between making a picture of child having fun and a picture of a child being abused – which is far more likely to be at the hands of someone they know. If someone does not interact with a child in any way then logic says no protective action is needed; yet people have stopped taking pictures because of what others think might be in their head.
But photographers have a newer problem – people are losing the ability to distinguish Tourists from Terrorists. Again there seems to be a fear of what might be (but probably is not) in someone’s head. The number of news stories concerning photographers being prevented from taking pictures has been rising, and it triggered a protest this weekend in London, which I went along to. It was organised via the internet, but only ITN made the pun of such a gathering of photographers being a “flash mob”. I noticed the British Journal of Photography was supporting it – they’ve been around since the days of glass plates and have seen a lot of things come and go, so don’t tend to get worked up over nothing. 
Usually these stories concern section 44 of the Terrorism act 2000. Some people were protesting about the act itself , although I see it more as “section 44 is being used far too often on a random basis without any reasoning behind its use” – not my words but Lord Carlile, Government independent reviewer of anti-terrorist legislation quoted by the BBC. If you look up section 44 it says

An authorisation under this subsection authorises any constable in uniform to stop a vehicle, or a pedestrian in an area or at a place specified in the authorisation and to search…
It says that the Authorisation must be given by a police officer for the area who is of at least the rank of assistant chief constable (or Commander for the Metropolitan and City of London forces) and they must consider the authorisation expedient for the prevention of acts of terrorism. Section 46 says the authorisation must specify an end date which must not occur after the end of the period of 28 days beginning with the day on which the authorisation is given. (although the authorisation can be renewed on a rolling basis.)

IMG42743 A list of the authorisations issued would be a draft list of possible targets, so the police don’t publish such a list: however a constable acting under S44 must be able to show they hold the office of constable (Police Community Support Officers, Security Guards and so on have no powers) and that proper authorisation has been given. It would be interesting to see what happened if an officer mentioned section 44 and got the response “You claim to have authorisation issued in the last 28 days by an officer of suitable rank, covering this place. Could you substantiate that claim please.”  It’s my belief that in a lot of cases where an someone claims to be acting in the name of section 44 they either lack the proper authority or exceed the powers it gives them, which are set out in section 45, as follows
The power conferred by an authorisation under section 44(1) or (2) may be exercised only for the purpose of searching for articles of a kind which could be used in connection with terrorism  and Where a constable proposes to search a person or vehicle by virtue of section 44(1) or (2) he may detain the person or vehicle for such time as is reasonably required to permit the search to be carried out at or near the place where the person or vehicle is stopped.

There is no power to demand any personal details or the production of ID – indeed for the time being we are free to go about our business without carrying ID. The power is only to search for items which could be used for terrorism and not to detain a vehicle or person for any longer than reasonable to carry out the search. There is no power to seize photographs or to demand they be deleted.

What is interesting to a photographer is section 58.
It is a defence for a person charged with an offence [of collecting or possessing information likely to be useful to a terrorist] to prove that he had a reasonable excuse for his action or possession.

Train spotters have fallen foul of the act  (seriously, what use would a terror cell have for rolling stock serial numbers – an on-line train timetable would give them all they need) and they have to use their hobby as “reasonable excuse” , just as photographers have to when taking pictures of St Paul’s Cathedral or the Houses of Parliament. (And if you photograph trains well…). Of course there are sites with legitimate bans on photography – the photographer not a terrorist website has a map of them, and you can see just how good a picture Google maps gives of each of them. It does make you wonder why anyone planning an attack would go out with a camera.

None of this post has anything much to do with the normal content of this blog [I’ll post separately on the social media aspect] except that photography having gone mostly digital it is bound up with IT, and anyone who works in technology should be concerned when that technology is used to erode freedoms we take for granted, whether it is governments targeting data held by Google  the planned requirement to provide a National Insurance number when registering to vote – using a single key in many databases makes it so much easier to go on a fishing trip for information – or the national DNA database with it’s pretext that everyone is a potential criminal.  That mentality gave us the Kafkaesque sounding “National safeguarding Delivery unit” which checks people against another database to make sure they can be trusted to work with children but whose boss admits they give a false sense of security, and anecdotal evidence says that the need to be vetted puts people off volunteering. Even the people who will operate the new scanning machines at airports object to being vetted – oh the irony. And as Dara O’Briain put it on Mock the Week recently “If the price of flying is you have to expose your genitals to a man in the box, then the terrorists have already won.”

Ultimately the Photographers gathering this weekend was about that. We won’t go to bed one night in a liberal democracy and wake the next morning in a “Police state”, but if little by little we lose our right to go about our lawful business unmolested, if checks and surveillance become intrusive and if the only people allowed to point a camera at anyone else are unseen CCTV operators then we’ve lost part of the way of life which we are supposed to be safeguarding. The Police seemed to have made the decision that if photographers were demanding that the law shouldn’t be misused they’d just follow the advice given by Andy Trotter, of British Transport police, on behalf of ACPO that “Unnecessarily restricting photography, whether from the casual tourist or professional, is unacceptable.” and leave the photographers to it with minimal police presence. It wasn’t a rally, no speeches were arranged and so we had the fun of photographing each other, in the act of photographing each other. A couple of staff from the national gallery got mildly annoyed with photographers obstructing the gallery entrance but they kept their sense of proportion.  I didn’t take many pictures – the light was dreadful – but you can see a couple here.  As I said above the social media side has given me enough material for at least one more post

This post originally appeared on my technet blog.

August 5, 2008

A great demo of Google’s privacy issues.

Filed under: Privacy — jamesone111 @ 11:52 am

Back when I was a student, there seemed to more cases of newspapers invading people’s privacy (or possibly we were just more aware of them) , and the thought struck me just what a wheeze it would be to publish the details of the private lives of newspaper editors. This was quickly followed by the thought that the only people who could publish such a story would be other newspaper editors, and since they weren’t likely to wage war on each other it would never happen.

While on the subject of newspapers I’m always a bit nervous when I find I’m on the same side as the Daily Mail – I can’t find their front page article from the beginning of July which screamed out that Google was destroying our privacy (Granted I found Google is watching you! The internet colossus is amassing an awesome amount of information on every one of us, and Dodgy Dips- Have the Google Earth gatecrashers got your swimming pool in their sights ? not to mention one which makes them out to be friends of Terrorists – Fatah using Google to plan Israel strikes – but I was looking for one about what they call Google ‘burglar’s charter’ street cameras …)

Of course the Internet  – especially in these Web 2.0 days – is more "democratic" – anyone can publish anything.You might not be able to go into print with an attack on a press baron but you can do so on-line; and there is no coterie of Internet barons who can hinder the publication of things about each other.  The BBC ran an article on Google’s view that there is no longer any such thing as privacy -  drawing on court papers filed by Google and published on the Smoking Gun with a quote from the US-based "National  Legal and Policy Center" . Now the NLPC have gone a step further, this morning I bumped into a story on Computerworld.com "How to carjack a top Google Exec … according to Google", explains that they have  published a Dossier showing the home of a "top Google executive" in some detail. If your company tells people that "Complete privacy does not exist", then I guess you can’t be surprised if you are used to prove the point.

Now, lets see how long the Google Search box remains on the NLPCs web site :-) 

 

Technorati Tags: ,

This post originally appeared on my technet blog.

April 3, 2008

Blockers. What would we want from IE 8… or 9

Filed under: Internet Explorer,Privacy — jamesone111 @ 1:31 pm

I have used this blog to grumble about "Flash turds" – those super-annoying adverts whose determination to grab the eye brings them to the point of being a test for epilepsy. I’m not seeing many of them being built in Silverlight, yet, but it can only be a matter of time.

Fortunately I use IE7-Pro which has both an AD blocker and a Flash-blocker, which is more effective than simply disabling the Flash add on in IE – a box appears which says "Flash blocked" and I just have to click it if it is some part of a site which I want to see. It’s not 100% effective – Our own Live Spaces manages to bury its flash too deeply for IE7Pro to un-pick it, but IE7Pro will run scripts against pages it loads and I found a script in their forums to plug that gap. Hooray !

As O’Brien passed the telescreen a thought seemed to strike him. He stopped, turned aside and pressed a switch on the wall. There was a sharp snap. The voice had stopped.
Julia uttered a tiny sound, a sort of squeak of surprise. Even in the midst of his panic, Winston was too much taken aback to be able to hold his tongue.
‘You can turn it off!’ he said.
‘Yes,’ said O’Brien, ‘we can turn it off. We have that privilege.’

George Orwell: 1984

Once, we had to tolerate things like Pop-ups, then blockers became something that you had to add to a browser and now anyone with a reasonably up to date browser can take it for granted that Pop-ups will be blocked by default. IE7pro fills some of the gaps which were apparent in IE7 back when it was in beta (search on the context menu being an obvious one – and something IE8 addresses in a really smart way with "Activities"). IE7Pro also does a good job of blocking anti-social behaviours on otherwise useful web sites.  The issue I find I come back to again and again is the responsibility of being Microsoft – not so much because we might squeeze third parties out of the market, but is it improper to have blocking abilities, out-of-the-box ?  Making it too easy to block (lets say) Google Ads would have two problems – firstly if Microsoft is to develop its own advertising business, blocking a competitor would bring regulators down on us in minutes. Secondly there are plenty of sites out there which depend on Ad revenue, choking off their funding wouldn’t be good for anyone: I singled out Google’s ads because they are about as inoffensive as it is possible to make an ad (so unlike the Flash turds the reader gets no benefit by dumping them).

It’s all very well for me as one individual to rail against Bad Flash used in advertising, but there’s a question of what is legitimate to block. Pop-ups were universally hated, but what about blocking specific active-X controls (Flash, Silverlight, you choose) with a "click to re-enable" option ?  What about providing methods to allow customers to block insidious advertisers, like Phorm ?
In case you haven’t picked up stories appearing everywhere from the BBC to The Register a number of UK ISPs propose to intercept the web traffic of their customers and pass it on to a third party to target advertising. The range of opinion runs from Sir TIm Berners-Lee saying he he would change his internet provider if it introduced such a system to a home office legal adviser suggesting that it was an interception of a communication within the meaning of sections 2(2) and 2(8) of the Regulation of Investigatory Powers Act 2000 (RIPA), to Trend Micro telling the Register that "The nature of Phorm’s monitoring of all user web activity is certainly of some concern, and there is a very high chance that Trend Micro would add detection for the tracking cookies as adware in order to protect customers.". This sets my privacy antennae twitching , not least because my ISP is one of those said to be planning to use Phorm.  What’s the best way to deal with it ?

  • Legal – using things like RIPA and the office of Information Commissioner (as the FIPR has done)
  • Market – ensuring any company which attempts to use Phorm loses business as a result. Like Sir Tim Berners-Lee I’ll be changing ISP if Virgin decide to spy on me; and I’ll try to Boycott any company which hosts Phorm ads on its site or places adverts with them. No doubt someone will publish a list of these companies.
  • Or Technological – blocking it in the browser

Comments welcome (as ever).

(update – somehow lost a crucial NOT in there)

This post originally appeared on my technet blog.

January 19, 2008

One of our laptops is missing.

Filed under: Privacy,Windows Vista — jamesone111 @ 1:17 am

A snowclone I guess, with films like one of our Aircraft is missing , and Thomas Dolby’s “One of our submarines”  (“One of our Submarines is missing, tonight. Seems she went aground on manoeuvres” ) something with a slightly military edge to it.

The latest evidence that when it comes to anything relating to IT the UK government achieves a rating of “Not fit to run a whelk stall” comes form the Ministry of Defence. According to the BBC

West Midlands police are investigating the theft of a laptop from a Royal Navy officer which held the personal details of 600,000 people.
the MoD said.  “In some cases, for casual enquiries, the record is no more than a name.  But for those who progressed as far as submitting an application to join the Forces, extensive personal data may be held, including passport details, National Insurance numbers, drivers’ licence details, family details, doctors’ addresses and National Health Service numbers.”

I watched the Lib-Dem leader on TV earlier and he got some good points over about the ID card and the database state – he actually used the term more than once. But if were  an opposition politician I would be demanding to know why  – when Microsoft have been shipping  Bitlocker in Windows Vista for a year, and third party solution are available for Windows XP (and I belive non-Microsoft OSes as well) – MoD officials are still carrying huge amounts of unencrypted data. (And if I were the Information commissioner I’d want to know why one person needed both casual contacts and a full set of intimate details on their laptop)

Vista Service pack 1 will be out soon. Now some people like to wait for the first service pack – it’s an idea which really belongs to the 1990’s but it’s still there. Sometime I wonder if it is a way of making Luddite behaviour sound like prudence. If your organization has sensitive data (your employees’, customers’ or partners’) then you’ll be in the news if you lose it, and you’re not using bitlocker or an add on product which does the same thing,  that would mean you’re negligent and deserve everything that comes your way.

Technorati tags: , , ,

Share this:

This post originally appeared on my technet blog.

November 20, 2007

7M families personal data mislaid by government.

Filed under: Privacy — jamesone111 @ 4:36 pm

At Tech-ed IT Forum I went to watch a couple of Steve Riley’s session, he’s quite the showman, but I’d never been to watch him in action – I found he got me to think about stuff I already knew in a new way.

One question he threw out to the audience. “How many of say e-mail is so important that it can only be Accessed from a managed corporate PC on the Corporate network ? i.e. you forbid mobile devices, access from Kiosks, from home, from the airport” {I’m going to call this model A} 1 person put their hand up, “And how many of you say e-mail is so important that it must be accessible from anywhere, using devices, Kiosk PCs, Public Wireless etc ?” {We’ll call this model B}. Most hands went up  “Why”  he asked “does that only apply to e-mail ?”.  Steve’s not alone in thinking about the trade-off between being secure (saying “no” to everything) and getting stuff done (saying “yes” to anything), and questions of acceptable risk. I may expand on some of these ideas when I’m talking about Terminal services at next week’s road-show.

The other thing that Steve was talking about was the threats to data and three axes to classify it. The first axis was Confidentiality (from public information, through boring internal information and commercially confidential information to private personal information), the second  retention (regulated – kept long term, Historical business data – medium term, to transient data)  and the third was recovery (segmented into business critical ,  Urgent and non urgent).

I’ve thought about one of Steve’s points before, but as I said he got me thinking about it in a new way. I’ve long known that we look at 3 dimensions of protecting data; it has to be available (it’s no good if we can’t get to it). It has to be correct (corrupt data is useless) and we have to guard its confidentiality. We rely on preventing access – the “Model A” approach to enforce confidentiality by controlling possession. But we’re living more an more in a “Model B” world, where possession is outside our control. What happens when the company’s secrets are on laptops or shared with partner companies ?  In the end the protection must be on the thing you are trying to protect. That means among other things protecting documents with Rights Management and hard-disks with bit locker (or equivalent technologies). These deal with data “at rest” as Steve puts it. Other technologies (like SSL or S/Mime encryption of mail) protect documents “in flight”.

Today the Chancellor has had to admit that HM Revenue and Customs have lost details of 25 Million child benefit recipients, which includes the bank details of 7 Million families. Since everyone with children in the UK receives child benefit that means my data is probably among them. If you’ve got kids and live in the UK  there’s no knowing where your data (Name, Address, dates of birth, NI numbers etc) is or what use it might be put to.

This isn’t the first time HMRC have lost a big pile of personal data, and this time their Chairman has resigned. Encryption would have saved all this. I’m moved to wonder (a) Why the data was being put on disks and sent through the post ? and (b) If government departments are so inept, why aren’t more people worried about them getting more data about us. (c) Can anyone get a top civil servant to resign just by hiding a couple of key CDs ?

 

Update. Inspector Gadget has his take on all of this. He ends with a comment about Blackadder Jokes. For those who think I’m not good at self restraint I’ll point out that the I never joked about the chancellor’s name, and  even saved the link to this private-eye cover for an update.

This post originally appeared on my technet blog.

June 12, 2007

Should we be working on our privacy ranking ?

Filed under: Privacy — jamesone111 @ 11:56 am

Steve characterizes some conversations as being “You suck.” “No – You Suck” types, and 

 Privacy international published a report last week which rated a couple of dozen organizations with a major presence on the web. The BBC fared pretty well. Google came out bottom – the only one labeled “Hostile to privacy”. Google’s Matt Cutts thought the best way to handle this was to play the man not the ball: complaining that  other people did bad things too, and so it must be a bad study. It seems some of his colleagues took the idea to heart and started ringing up the press and saying “Casper Bowden is on their PI’s Advisory board. Casper is now a Microsoft employee. Therefore PI is biased in favour of Microsoft ” Put Casper’s name into your chosen search engine and decide for yourself if he’s the kind of chap an organization like PI would want on its board. As PI say in an open letter to Google, they have given Microsoft a pretty good kicking on privacy over the years. If their report is biased – it’s pretty subtle of us to push Google down and keep Windows Live in the second to bottom category (with Apple and AOL) and Microsoft as a whole in the next one up.

Google has a problem on privacy right now. Everything from the EFF worrying about Governments spying on users via Google Desktop search to The Times talking about the privacy risks of  “All-seeing Google Street View”  to privacy bodies petitioning the Federal Trade Commission about Google acquisition of DoubleClick, to the  infamous Eric Schmidt comment that Google wanted to know enough about you “to enable Google users to be able to ask the question such as ‘What shall I do tomorrow?’ and ‘What job shall I take?’ ” provoking reactions from  a raised eyebrow in the FT  to howls of derision in the Grauniad to personal abuse at ZDnet. One of the best posts I’ve read in all this is from Shelly Powers it includes a summary of what Google knows about her and ends with a quote I like

isn’t it about time Google realized that not everyone shares the same faith in the company’s purity of purpose; nor the same belief in the inherent neutrality and fairness of algorithms? Two years. What was I searching for two years ago–I can’t remember now, but Google can. Two years. That’s longer than my first marriage. Come to think of it, Google probably knows as much about me, or more, than my first husband. Considering my first husband, though, this isn’t surprising and one of the many reasons I divorced him.

Unfortunately, I don’t have the option to divorce Google.

I  don’t want to get into a You suck.” “No – You Suck” conversation – the story isn’t being written “Apple, AOL, Facebook, Windows Live all suck, Google worse still”, and maybe it should. Any organization needs to win my trust in their “Purity of purpose” before gathering information about me. In an earlier post Shelly talks about people who “ love it when Google ‘personalizes’ everything. But what cost personalization? At what point can we no longer trust what we’ll be receiving on the internet? ” These questions are the ones that I find interesting. Ultimately would you like Microsoft to have better regard for your privacy, or do you trust the purity of purpose of big organizations (from Supermarkets, to Internet companies to the government) ?  Do you think people consciously trade information for something they value (making a call on how trustworthy the organization is) or do you think many of us are sleepwalking into something sinister ?

 

Technorati tags: ,

This post originally appeared on my technet blog.

May 30, 2007

Privacy again

Filed under: Privacy — jamesone111 @ 10:57 am

I’ve managed to get a lot of my concerns about privacy down to a simple statement. “Databases of everything” worry me. Where we’ve been, what we’ve bought, who we’ve associated with. I alluded to a conversation I was in last week where we talked about the information that could be gathered by Live ID –  during that conversation someone made the observation that people stop worrying about privacy when they see utility.  Even with my paranoia I’m fairly happy for Amazon to tell me things I might like, because the know what I’ve bought in the past. I haven’t bought many things – and some gifts I’ve bought lead to odd recommendations. But I don’t use a supermarket loyalty card because (or even use the same credit/debit card each time I shop) because that’s somehow the wrong side of the line.

I thought there might a place where everyone would draw the line… ?  For example implanting RFID into people is pure sci-fi, right ? Wrong: I thought when I read that doctors were talking doing just that to track patients with Alzheimer’s – the technology comes from Verichip makers of “VeriGuard™ “the first radio frequency identification (RFID) security solution to combine access control [with] VeriChip’s patented, human-implantable RFID microchip. “  

The BBC has previously reported on surveillance uses of RFID tags and last Friday they reported how RFID can be used in combination with Wifi : 
Angelo Lamme, from Motorola, said tracking students on a campus could help during a fire or an emergency. “You would know where your people are at any given moment,” he said. ‘ 
Yes. You’d know where they are every moment of every day – a classic “database of everything”.  1.8 Million people signed the Downing Street Petition against tracking every vehicle movement for road-pricing – clearly this didn’t offer enough utility to offset the loss of privacy. But the Motorola representative thinks Emergency protection does.

As I said, we were chatting informally about the Utility/Privacy trade-off and was it acceptable for Windows Live to be a database of everything ? Around the same time, Google’s CEO, Eric Schmidt was telling to the press he has grander ambitions in that direction.. To quote the FT he said

Gathering more personal data was a key way for Google to expand and the company believes that is the logical extension of its stated mission to organize the world’s information. Asked how Google might look in five years’ time, Mr Schmidt said: “We are very early in the total information we have within Google. The algorithms will get better and we will get better at personalization. “The goal is to enable Google users to be able to ask the question such as ‘What shall I do tomorrow?’ and ‘What job shall I take?’ ” 

Worrying for privacy or great utility ? The next day a piece by Mark Lawson in the Guardian was introduced with the words “Anyone stupid enough to do a computer’s bidding is not losing civil liberties so much as their marbles” Over at ZDnet Andrew Keen really had a swing at Eric. He calls him “the Chauncey Gardiner of Silicon Valley” (twice) and “Google’s Chief Eccentric Officer” (also twice) ouch. “Eric” he says “I thought you were a businessman rather than a looney”. I remember Eric’s time in charge of Novell, so I’ve got a view on which he is. Andrew’s colleague on ZDNet, Donna Bogatin – who posted a summary of my post on Google’s stance on T-shirts – calls him “Harmless” with links to explanatory posts.

Plainly I’m not the only one worrying about databases of everything. It doesn’t matter who it is. What I wonder, and would love your comments on, is just what privacy will people give up for utility ?

Technorati tags: , , ,

This post originally appeared on my technet blog.

May 22, 2007

When the police think we’re becoming a Surveillance society…

Filed under: Privacy — jamesone111 @ 4:16 pm

Here’s an interesting factlet. A couple of miles from my house, in one of those villages with a double-barreled name which could belong to an old English actor, behind a 900 year old English parish church, is the grave of George Orwell.

I’ve mentioned Orwell before. It was 1948 when he wrote the book which gave the word Orwellian to the English language. To get the title he simply swapped the last 2 digits. I’ve called 1984 the usage scenario for a 36 year long government IT project (and observed that like may government IT projects it looks like it will take twice the anticipated time to complete). 

I fret about privacy, and I’m not alone Governments Information commissioner has said  Fears that the UK would “sleep-walk into a surveillance society” have become a reality, and Orwell came up in a report prepared for him 

Our image of state surveillance is often shaped by novels and films. [Like Franz Kafka’s The Trial or George Orwell’s Nineteen-Eighty-Four ] These highlight the crucial role of information (or lack of it, for the surveilled) within bureaucratic governments, alongside the constant threat of totalitarianism (paragraph 3.6)

I think we should be wary of more than just governments- it would be naive to automatically trust large companies to do the right thing with information about us. This morning I was in a meeting where we talked about some of the possibilities of Windows Live ID, and it was plain to all in the room that we need to go further to prove that we deserve people’s trust. Symmetry plays a part – government and businesses have information, the Surveilled do not. For example if Microsoft records where you have used your live ID that information is “asymmetric”  – you’re unaware that it is being gathered, and you can’t use it. If we mail you a list of sites where your ID is used each month and which of your details they accessed then that can work for you.

The home office has come out with proposals for Council staff and Doctors to tip off police about people who might be potential offenders – with warning signs including “Heavy drinking, mental health problems and a violent family background”.  A police network of those willing to inform on prospective criminals was a key part of the infrastructure Orwell described in 1984. So was a huge network of surveillance cameras. The report I quoted above also says “In March 2005, the Association of Chief Police Officers demanded a national network of Automatic Number Plate Recognition (ANPR) [Cameras  with capacity to process reads at a rate of]  50 million by 2008 ” (paragraph 9.5.5).  But even senior police officers are beginning to worry about the level of surveillance. Over the weekend the BBC reported  the Deputy chief constable of Hampshire Ian Readhead, expressing concern after a small town spent £10,000 on CCTV.  “If it’s in our villages, are we really moving towards an Orwellian situation where cameras are at every street corner ? … I really don’t think that’s the kind of country that I want to live in.” he said.

The police can see the value of cameras in the fighting crime, but not if that means going to 1984 lengths. In the same way I want to see Microsoft technology in great Internet applications – some will use personal information. The flip side  is the quote I used from Caspar Bowden “It is very easy to collect all of our data and the fact that it is there means governments will come up with a good list of reasons as to why they need access”.  How much of your information should we keep ?  

Of course I can’t mention Hampshire police on the BBC without giving you this link – you know the old , old Joke which ends, “Police say they have nothing to go on” … ?

Technorati tags: , ,

This post originally appeared on my technet blog.

May 6, 2007

If your data is in the cloud… where’s your privacy ?

Filed under: General musings,Privacy — jamesone111 @ 6:57 pm

Another story which has been doing the rounds this week, has been stories that has been the rounds this week has been about a crack for HD DVD content


Catching up on my reading I found Sharon’s post Who controls your data. There are a couple of issues in this


(a) The AACS have a system of intellectual property to protect, but choose your phrase.  “The internet treats censorship as damage and routes around it”, Or Eileen’s “The internet has no delete key” or “You can’t put the genie back in the bottle.” The Wired post Sharon links to has be visited by “blog-spam” bots posting the key which is central to the crack.


(b) Sharon’s post and the Wired one were about Google looking through your information and deciding what you may keep and what you may not. One of my correspondents was extolling the virtues of lodging data with Google. Sharon puts the counter case in this scenario.
I use Gmail for email. Someone sends me an email containing content that might infringe copyright. Google receives a notification from the copyright owner and issues notices similar to the one above with 3 days to comply. I happen to be on holiday and don’t check my email, so have not even read the alleged offending email, let alone seen the takedown notice. When I return to work, my entire Gmail account has been deleted. What if I ran my entire business using Google services?”


And no, this isn’t a swing at Google per-se. I’ve no reason to think that Microsoft would react any differently to a “take down” notice under the DMCA (for which see another of Sharon’s posts). Being outside the US the DMCA doesn’t apply to me… it will be interesting to see if


Sharon replied to a comment in yet a third post,
“I’m not too comfortable with the idea of my master copies being in the cloud, but I know the next generation behind us views the world differently….   [They] have fewer privacy/ownership concerns. That approach too will have a dark side for them, likely in how the content is exploited by less altruistic motives.”


And what was the quote from Caspar that I included yesterday
“It is very easy to collect all of our data and the fact that it is there means governments will come up with a good list of reasons as to why they need access”


Technorati tags:

This post originally appeared on my technet blog.

May 5, 2007

Privacy. And a tale of headless riders, Police blogs and security theatre

Filed under: General musings,Privacy,Security and Malware — jamesone111 @ 3:10 pm

When dealing with data privacy, we need to think about proper use of Personally Identifiable information (PII) the kind which can be used to identify someone and which tells us something about them. In the UK, the Information Commissioner , oversees operation of the Data Protection Act, which has principles and conditions for processing information. Everyone in Microsoft does mandatory privacy training to ensure that we use you information only in ways which comply with the Act and often go further.


A macabre case of PII misuse has been in the news recently. Telling to the press about their “Arrive Alive” campaign, North Wales Police used what they termed “Harrowing Pictures”. These included a decapitated motorcyclist in a T-Shirt telling the police to “ p*** off And catch some REAL criminals.”. The T-shirt slogan, had been publicized at a biker’s inquest – so it identified the man (and his family). Stories appeared with his name and the fact of his decapitation – which his father had kept from the rest of his family, and they had no idea this was coming. There is to be an investigation into the behaviour of the police although the not of the press.


I’ve said before that Inspector Gadget’s blog helps to develop public understanding of what police officers go through – his piece “The rich girls are weeping” is full of pathos and almost poetic, so is his one from this week. Seriously you should follow those links. I’m not interested in other Police blogs so I was surprised to learn from the BBC that the North Wales Chief Constable has a blog with his side of the biker story. He seems robust, his message boils down to “Want to portray me as a Speed Obsessed loony? First you should know what we have to clear up


Sadly the Chief Constable is engaged in “Safety Theatre”. We encounter Security theatre on a daily basis, whether it’s as air travellers required to stand in large groups (read “target formations”) to perform strange rites before boarding, as photographers shooting in a public place being accused of being terrorists on reconnaissance or being child abusers , or as Computer users required to change (complex) passwords so often we write them down. Steve has a post on the logic of “buy [this security product] or the sky will fall down“. It is taboo to criticize anything, however bogus, linked to safety or security. In Britain the government tells us ID cards will protect us from terrorists, but they would not have prevented 9/11, the Madrid Bombings, the 7/7 London bombing or helped to catch the recent “Crevice” plotters. The Information commissioner seems like another robust chap; he has said that the UK could sleepwalk into a Surveillance Society as a result of ID cards, other opponents talk about a database state.


Part of the theatre effect is rebranding Speed Cameras as “Safety cameras”. Some accidents (maybe up to 1/3) are caused by excess speed: so making people slow down removes that cause: so the argument runs keeping to speed limits must increase safety. Evidence to the contrary is buried. Reality is more complex; cameras only address one aspect of irresponsible driving, unfortunately, drivers tend to do more stupid things shortly after passing a camera and watching the speedo instead of the road makes accidents of inattention more likely. Published figures show the number of road deaths has stopped falling in recent years, while the number of cameras has rocketed.


Safety theatre means the North Wales Police can show a corpse with the implication “Speed cameras could stop this“. It’s not true: the biker was caught on camera doing 125MPH, six hours before he died; cameras have meant automated processes replace human enforcement, so he wasn’t stopped. A court summons would have been sent out – although it’s alleged that the number plate on the bike had been altered so perhaps not. In any event he had no license to lose; Cameras had no effect on him.


 Cameras may not save lives, but they are part of the Surveillance Society; last year the BBC reported the information commissioner again, saying Fears that the UK would “sleep-walk into a surveillance society” have become a reality’ with a link to an Academic report – here’s a quote


The intensification of surveillance of the motorist is set to expand rapidly. In March 2005, the Association of Chief Police Officers demanded a national network of Automatic Number Plate Recognition (ANPR) ‘utilising police, local authority, Highways Agency, other partner and commercial sector cameras including the integration of the existing town centres and high street cameras, with a National ANPR Data Centre, with an operational capacity to process 35 million ANPR reads every day increasing to 50 million by 2008 (paragraph 9.5.5)


Who’s in charge ACPOs policy on Road Policing? The Chief Constable of North Wales! Whilst he may be keen on implementing the “surveillance society”, but he is against a Police state: in his blog exchange with the BNP he says joining the police means …“not being able to play an active part in politics… It is precisely because I want to live in a parliamentary democracy, and not a police state, that I actively welcome this restriction on my private life.”. It’s a fine distinction because “Police State” and “Totalitarian” go hand in hand and as that report says


Our image of state surveillance is often shaped by novels and films. [Like Franz Kafka’s The Trial or George Orwell’s Nineteen-Eighty-Four ] These highlight the crucial role of information (or lack of it, for the surveilled) within bureaucratic governments, alongside the constant threat of totalitarianism (paragraph 3.6) 


So on the one side we have the Chief Constable wanting Cameras to keep us safe and secure, and on the other side the Information commissioner seeing their use in a the Surveillance Society. As well as ID cards he worries about facial recognition cameras (the ID cards database will hold facial data) as well as the ANPR cameras mentioned above. Last week he issued a press release saying he was


“proposing new safeguards – including privacy impact assessments and inspection powers – to ensure public confidence in initiatives and technologies which could otherwise accelerate the growth of a surveillance society. Giving evidence before the Home Affairs Select Committee the Information Commissioner will also call for stronger powers to allow his Office (the ICO) to carry out inspections and audits.”


If you’ve read this far you may be thinking But what has this got to do with Microsoft ? Well there a couple of obvious basic points about protecting PII – One of the data protection principles is “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.” Which recognises it is a matter of process as much as technology. Of course when I read Staff at M&S have been warned they may be at risk of identity crime after the theft of a laptop I did think “Bitlocker would solve that.” {I’d love to hear from anyone looking at a large scale implementation of bitlocker by the way}


On the same day as they said the Information Commissioner’s fears had become a reality the BBC published a piece called “How to hide in a connected world” and in the middle the heading “Microsoft as a privacy leader ?” The BBC repeats criticism of the initial incarnation of passport – it was good at “Oiling the wheels” in identity transactions but lots of people, including me, didn’t like a single organization to amassed so much PII. New systems like Card space can give users control of which details they share in any given situation. (Notice that we don’t trust people to follow the data processing principles of only doing with it what people consented to when they provided it, and only keeping it as long as necessary to do what they consented to.)
But what about the wider questions ? Neither Kafka nor Orwell foresaw technology’s ability to retrieve and cross reference information about us. A colleague from the former East-Germany describes the surveillance we have in Britain today as beyond the dreams of the Stasi. The BBC piece had a quote It is very easy to collect all of our data and the fact that it is there means governments will come up with a good list of reasons as to why they need access “ it came from Caspar Bowden – who joined Microsoft with a reputation for being tough on governments and industry over privacy issues. I’m curious to know what people, in the UK especially, think. Do you think this is domestic politics, and Microsoft as a US company should keep out, or you think as the worlds biggest player in IT we should have an opinion and voice it. ? Do post a comment.


 Update another case where bit locker would have protected peoples privacy

This post originally appeared on my technet blog.

Blog at WordPress.com.