Month: January 2010

Privacy International’s stance on body scanners at airports

by

9 January 2010

15:46

Leave a comment on Privacy International’s stance on body scanners at airports

Bodily Privacy, Netherlands, U.K., U.S.

, ,

Following a previous post on the use of body scans at airports, I have come across the PI statement on proposed deployments of these body scanners in airports.

This is taken from their website….

    PI feels that the technology raises a number of troubling issues:
    First, the scanners produce strikingly graphic images of passengers’ bodies. Those images reveal not only our private body parts, but also intimate medical details such as colostomy bags. That degree of examination amounts to a significant – and for some people humiliating – assault on the essential dignity of passengers that citizens in a free nation should not have to tolerate. Deployment of the technology was recently halted at Manchester Airport in Britain in part because the scanners violated child protection laws by electronically strip searching children and young people. There have also been calls in the European Parliament for a Europe-wide ban on the technology.

    Second, Privacy International is skeptical about the privacy safeguards that the US Transportation Safety Administration (TSA) is touting. The TSA say that the technology is capable of obscuring faces, but this claimed protection is just a software fix that can be undone as easily as it is applied. And obscuring faces does not hide the fact that rest of the body will be vividly displayed. This is the equivalent of asking passengers to parade their bodies in front of the screeners, but with bags over their heads.


Read more at Privacy International…

France’s three strikes law not striking yet!

by

8 January 2010

23:10

Leave a comment on France’s three strikes law not striking yet!

France, Legislation

,

The French legislature has passed its controversial anti-P2P “three strikes and you’re off the Internet” law for a second time, after a constitutional court found the first version unacceptable. France’s long talked-out law to kick repeat copyright infringers off the Internet. However the French government department that examines the data privacy implications of new legislation is refusing to sign off on the country’s tough new “three strikes” law until it gets more information about what data will be retained… and how. Read more here…

Unique note on a receipt from El Corte Inglés

by

7 January 2010

21:35

Leave a comment on Unique note on a receipt from El Corte Inglés

Information Privacy, Spain

Well hello to you all,

This is the first time I ever blog and I just wanted to share with you something that caught my attention a few days ago. As most of us have, I’ve been wandering around shopping centers during the Xmas holidays. In my case this year, I went to Spain to celebrate it with my family. The celebration brought of course lots of shopping along  -I just love shopping in Spain so much than in Sweden because of the limited selection of products they have over here-. But anyway I was caught when at Spain’s largest department store I get my shopping receipt and I read at the bottom:

” Para gestionar el cobro, todos los datos de la operación,  son transmitidos a un fichero informático gestionado por El Corte Inglés, S. A., con domicilio en Madrid, c/Hermosilla, 112, donde podrán ejecitarse los derechos de acceso y rectificación. “

Which I (not being an official translator) would translate into English like:

To transact this payment, all the operation data are transmitted to a computer file/database managed by the El Corte Inglés, S. A., residing in Madrid, c / Hermosilla, 112, where you may pursue rights of access and rectification.

I don’t know whether this (refers only to tickets) is a requirement by law however I wouldn’t think so as this particular store is the only one I found this little note. And I can promise you the pile of receipts I brought back home is not small. So there must be something unique in the El Corte Inglés way of doing.  They do have a customer data policy on their site but, as my curiosity has now been waken up, I do have a new item on my ‘to do’ list and find out whether this is a new rule or only an example for other companies to follow… .  So far I have not seen anything similar in Sweden but of course I’ve been a lot home because: 1) it’s too cold to go out and my car won’t start and 2) my account is just empty 🙁

Cybersitter is suing the Chinese government

by

6 January 2010

15:35

Leave a comment on Cybersitter is suing the Chinese government

Censorship, China, Cybercrime

In addition to the vulnerabilities discovered in Green Dam, the filtering software now installed on every PC sold in China since July 2009… the American company that created this program is has filed a $2.2bn (£1.4bn) lawsuit in the US accusing Beijing of stealing lines of code.

The software was created to stop people looking at “offensive” content such as pornographic or violent websites, however it seems that it also inadvertently blocks sites dealing with sexual health issues. Read more at BBC News.

Naked at the airport!

by

5 January 2010

23:59

Leave a comment on Naked at the airport!

Bodily Privacy, Netherlands, U.K., U.S.

I have been watching with some interest the activity on body scanning at the airports that basically creates images as you pass through of your naked body… all in the name of security. Jack made a posting on this and has linked through a video describing what it is.. also I saw that bbc news have something today.

I guess when it comes to security at airports we are all a little jumpy, wanting safety over everything else, even at the cost of our time and inconvenience. However to know that you will be seen naked at airport barriers …..

Will be interesting to see what rules are created concerning their use. Terri Dowty has something to say here on the potential abuse of these images, i.e. child pornography. These and all images need to be removed as soon as they are deemed as not dangerous to national security… i.e. some minutes or specified time after the scan.

EU ePrivacy Directive amendment

by

3 January 2010

15:28

Leave a comment on EU ePrivacy Directive amendment

European Union, Information Privacy

, , , ,

A recently passed amendment to the EU Privacy Directive will require Internet users’ consent before cookies can be placed on their computers. This is part of a revised ePrivacy Directive that is close to enactment, that includes improvements on security breach, cookies and enforcement. The new provisions will bring vital improvements in the protection of the privacy and personal data of all Europeans active in the online environment. The improvements relate to security breaches, spyware, cookies, spam, and enforcement of rules. The revised ePrivacy Directive must be implemented by the Member States within 18 months.

The changes introduced include:

    For the first time in the EU, a framework for mandatory notification of personal data breaches . Any communications provider or Internetservice provider (ISP) involved in individuals’ personal data being compromised must inform them if the breach is likely to adversely affect them. Examples of such circumstances would include those where the loss could result in identity theft, fraud, humiliation or damage to reputation. The notification will include recommended measures to avoid or reduce the risks. The data breach notification framework builds on the enhanced provisions on security measures to be implemented by operators, and should stem the increasing flood of data breaches;
    Reinforced protection against interception of users’ communications through the use of – for example – spyware and cookies stored on a user’s computer or other device. Under the new Directive users should be offered better information and easier ways to control whether they want cookies stored in their terminal equipment;
    The possibility for any person negatively affected by spam , including ISPs, to bring effective legal proceedings against spammers;
    Substantially strengthened enforcement powers for national data protection authorities. They will for example be able to order breaches of the law to stop immediately and will have improved means of cross-border cooperation.

What this means is that the current laws that the data subject has increased protection online. If their personal data has been exposed, they must be notified. As such they must be informed if personal information on them is being collected, and they should have the option to opt-out (or more preferably opt-in). This is not possible with the way cookies are used today where they are just downloaded onto the users’ PCs without warning. All security to warn the user of tracking cookies are provided by the web-browser. This will now have to be included in the cookie itself.. I think. Any experts out there that know how this could work in practice, please jump in here and comment 🙂

I also read some references to how the use of RFID for the collection of personal information falls in the scope of this amendment.

And finally enforceability is key. Hence each member state must have the appropriate legilsation implemented to make this amendment effective and enforceable.

Wishing you a prosperous 2010!

by

1 January 2010

17:00

Leave a comment on Wishing you a prosperous 2010!

Out of the Box

Today 1st January 2010 this blog is three years old, and at the end of 2009 I expanded authors to this blog to include esteemed colleagues in the realm of information security and privacy. I hope that you will enjoy the richness that they will surely add to “Virtual Shadows, the privacy blog” in 2010. Authors added since my last post are Jack (USA) and Martin (Sweden). Jack I see has already added his bio, as has David (Australia), more are to come 🙂

In reflection, and for myself, 2009 has been a good year for my publishing: the book “Virtual Shadows” was published in January. What’s more in 2009 I have been busy publishing articles: in March (Right for Privacy) and May (Talk Differently) with the BCS ITNow, September with FUMSI (Get to Know Your Plumbing), November “The Hindu” (Being invisible online is no longer an option) and December ISSA (A Simple Guide to Data Privacy). Check them out if you feel for some bedtime reading 😉

What’s more my writing has been somewhat influenced by the MBA I am studying with Henley School of Management during the last 1½ years. I have been inspired and driven by my studies, the dynamics of how we communicate and are sharing information on ourselves is changing not only how we reach out and network in our private lives but also within and outside of the organisations boundaries, both physical and logical.

The blog has suffered a little in 2009 as I was busy also preparing for my daughter who was born in September. She is quite beautiful and has added a new dimension of richness to my life.

Hence, it has surely been a beautiful year for myself, both professionally and personally. I am looking forward to an amazing 2010, and I am looking forward to sharing this year with you, regular visitors to Virtual Shadows and with the newly formed Virtual Shadows research team!

Happy New Year!