UK Data Breaches Were an Inside Job

Privacy advocates in the United Kingdom got the unfortunate opportunity to say “we told you so” last week, following revelations that nearly 1,000 civil servants working at the UK government’s Department for Work and Pensions had been disciplined for accessing citizens’ private and confidential data, including criminal records, employment histories and social security details. More than 150 of those data breaches occurred at the Department for Health, an agency tasked with providing health services – and maintaining all UK medical records.

The unsettling news came to light after reporters with an investigative television broadcast series filed Freedom of Information requests and published their findings.

As ZDNet’s Zack Whittaker shrewdly points out, the most disconcerting aspect of this rampant leakage is that it wasn't caused by a system malfunction, but rather active exploitation at the hands of “the very people we supposedly trust with our data.”

Not Guilty? Met Police Can Still Snoop Through Your Cell Phone

Metropolitan Police in 16 London boroughs are now employing technology to instantly extract mobile phone data from suspects in custody. The upgrade allows police to access call history, texts and phone contacts, while eliminating the need for a forensic examination that used to take several weeks.

A particularly glaring problem with this new policy is that police will continue to retain the mobile phone data regardless of whether charges are brought, according to a BBC report. Privacy International has characterized the new policy as a “possible breach of human rights law,” arguing that since it’s already illegal to indefinitely retain DNA profiles from detainees, sensitive mobile phone data should be held to the same standard. Another worry springing out of the new policy: Extracting mobile phone data at a police station is just a heartbeat away from doing the same during a stop-and-search on the street.

FBI Cozying Up with Europol on Cybersecurity

The European Union is actively seeking closer collaboration with the United States Department of Homeland Security (DHS) to fight cyber crime. In fact, EU Home Affairs Commissioner Cecilia Malmström recently went so far as to say, “EU-U.S. cooperation is not a choice, but a necessity.” She then predicted the success of joint cybersecurity operations between the FBI and Europol. Malmström added that she has been working closely with DHS Secretary Janet Napolitano on joint cyber crime initiatives as part of a working group that's planning “a fully fledged EU-U.S. cyber exercise” in 2014.

“Yesterday, I had the opportunity to follow the work of the FBI and I was impressed by how advanced they are,” Malmström noted. “This has reinforced my view that we should continue to deepen transatlantic cooperation against cyber threats.” Her comments were delivered on May 2 in Washington, D.C., at the Transatlantic Cyber Conference, organized by the Center for Strategic and International Studies, the European Security Roundtable and SRA International.

Land of #OzLog: Data Retention Back on the Agenda in Australia

“OzLog” is shorthand for a proposed mandatory data retention policy the Australian government has been toying with the idea of implementing, despite popular backlash. Patterned after the notorious European Directive on Data Retention, the proposal would require Internet service providers Down Under to store information about customers’ web usage history for two full years.

Dormant for months, it was looking as though OzLog would make a comeback in recent weeks as part of a broader surveillance monstrosity taking shape under Australia’s Federal Attorney-General, Nicola Roxon. To flesh out the plan, the government sought feedback on ideas such as: “increase powers of interception; make it easier for [the Australian Security Intelligence Organization] to break into computers and computer networks, including those of third parties not targeted in warrants; [facilitate] the prosecution of anyone who names an ASIO officer; and [implement OzLog],” according to Crikey, an Aussie news outlet.

Fortunately, opposition to the proposed surveillance scheme is mounting. Australia’s Parliamentary Joint Committee on Intelligence and Security rejected the plan’s terms of reference last week, sending it back to the drawing board. And Sen. Scott Ludlam, a spokesperson for the Australian Greens, expressed bitter opposition, saying: “This is the idea that all our personal data should be stored by service providers so that every move we make can be surveilled or recalled for later data mining. It is premised on the unjustified paranoia that all Australians are potential criminal suspects.”

Hey, Teachers! Leave Those Kids Alone!

High school students in the Australian state of Queensland who lack their own computers are given government-issued laptops to take home with them from school – but they come with a hidden price. A recent news report revealed that “screen spy” monitoring software run by the AB Tutor Client Program quietly takes time-stamped screenshots, monitors printing, and logs visits to websites and keystrokes. Students’ online activity is monitored even when they are working at home, and one mother complained that a screenshot had been taken of her daughter’s Skype conversation. During class, teachers can remotely control the computers.

Despite the uproar that was unleashed when parents and civil liberties advocates discovered the extent of the laptop monitoring, officials with Education Queensland, the governmental department responsible for running the schools, stuck by the practice. Responding to questions from the press, Queensland Education Minister John-Paul Langbroek noted that parents had signed an agreement disclosing that online communications could be audited and traced back to students. He then delivered a line that is often repeated but known by privacy advocates to be completely wrongheaded. “If they've done nothing wrong,” he said, “they've got nothing to fear."

In Canada, Telcos Got Inside Track On Surveillance Bill

Several weeks before Canada’s controversial online surveillance legislation, Bill C-30, was introduced, major telecommunication companies partnered with government officials to develop a secret forum on “Lawful Access,” the deceptive term used to describe governmental interception of online activity and information. The closed-door collaboration was revealed in documents obtained via Canada’s Access to Information Act (the equivalent of the U.S.’s Freedom of Information Act), according to Michael Geist, a law professor at the University of Ottawa. News of the secret meeting served to clear up confusion as to why Canada’s telcos stayed mum on C-30 when it reached the height of controversy earlier this year.

After Bill C-30 had formally entered the approval process, government officials continued to work with telcos behind the scenes to respond to their concerns — such as whether they would receive “adequate compensation” in exchange for providing subscriber information, according to the released documents.

As Geist points out, the behind-the-scenes collaboration essentially “created a two-tier approach to Internet surveillance policy, granting privileged access and information for telecom providers.” Though it’s on the back burner for now, Bill C-30 nevertheless remains in legal limbo, with Public Safety Minister Vic Toews promising that it will be sent to committee for further study.