Archive for January, 2013

Alexander Hanff talks about the legal action against Google in the UK

January 29, 2013 Leave a comment

Coinciding with Data Protection Day – which was yesterday in case you missed it – news emerged of a new legal challenge in the UK against Google. It involves last year’s ‘Apple tracking’ incident where Google surreptitiously side-stepped the no-cookies block on Safari. Judith Vidal-Hall, one-time editor of Index on Censorship, is the first to begin legal action; and a ‘letter before action’ has been sent to Google. London-based Olswang lawyers are handling the case, and privacy activist Alexander Hanff is advising. I asked Alexander two questions:

  1. Google has sought to have [a similar] US class case dismissed because, for example, “Plaintiffs Have No Standing Because They Have Alleged No Actual Injury” ( Wouldn’t the same argument be even more effective under UK law?
  2. If Google acted illegally, why hasn’t the ICO acted?

No case
“With regard to injury,” he said, “as you know under UK law injury does not mean financial, or physical, it can also mean mental harm.” He argues that there was a loss of trust, which could be regarded as injury. And cannot “behavioural profiling without consent be considered injury in itself?” Hanff believes it can, and adds that there is a very significant injury to society where millions of people were monitored by a corporation without consent. “But even with all that said, I would argue that any judge needs to assess whether injury is a valid test for prosecution in Privacy cases given that Privacy is a fundamental human right as laid out by the Lisbon Treaty and the EU Covenant – any attack on human rights needs to be taken seriously and there should be legal consequences – a breach of a human right should be injury enough for a prosecution in my mind.” So for Hanff, the issue goes beyond mere national law and into international human rights where the courts must act.

“The ICO hasn’t acted because it suffers from regulatory capture,” he replied. Worryingly, “In 2010 I was told by a senior member of staff at ICO that Christopher Graham had [said] he did not want a fight with Google (this was during a discussion about the Google WiFi scandal); and as then the ICO has yet again failed to act against Google in the Safari case.” Hanff suspects that the ICO also has “a conflict of interests in taking enforcement action against Google as they use a large number of Google services. Finally,” he added, “as well as the reasons above, I believe another reason ICO doesn’t want to take action is because the cost of the appeal process would probably exceed their annual budget and human resources – they are significantly underfunded and understaffed.”

Hanff hopes that the action will grow into a group (class) action against Google. “I hope that this action encourages citizens in other countries across Europe to take similar action because until we start to hit these companies in their wallets, the abuses will continue. It is time to fight for our rights and take back our privacy – with a new data protection regulation on the horizon swarmed by a US corporate lobby which is trying to weaken our rights – we need to take control – carpe diem.”

Categories: All, Politics, Security Issues

Who owns the Black Bloc?

January 29, 2013 Leave a comment

The problem with children is that they sometimes grow stronger than their parents expect. This happened in Afghanistan where the US supported the Mujahideen against the Russian occupiers, which later splintered and evolved into the Taliban, which the US, ably aided and abetted by the UK, were forced to tackle by invasion.

It apparently is happening now in the Arab world where the West occasionally supports the Muslim Brotherhood when and where it suits their purpose; but is not so happy when the Muslim Brotherhood gains power and shows its independence – as now in Egypt?

So now, suddenly, there is a new force in Egypt: the Black Bloc. “We are the Black Bloc … seeking peoples’ liberation, the fall of corruption and the toppling of the tyrant,” proclaimed a video announcing the group’s formation, posted online on Thursday (says the Darker Net). “When approached by journalists, the masked activists said they refused to talk to the media, but mysteriously ‘mentioned anarchism’ as a source of inspiration for their tactics.”

Hang on a bit – anarchy is usually defined as the absence of authority; and with no authority there can be no organization.

Yesterday and after we finished our event, we met some of the revolutionary movements and decided to unite together in our next attacks. Hence we did our first two attacks:

1- Setting fire to Ikhwan (Muslim Brotherhood) online office.
2- Setting fire in the Ikhwan office in Al-Manial street in Cairo.

And we announced our revolution from today in Al-Tahrir Square until Egypt and its people get their rights back!

Life, Freedom and social justice!
Black Bloc communique to the Darker Net

Well the Black Bloc is clearly organized and has some internal authority and is therefore not anarchy. So what I want to know is, who is behind the Black Bloc pulling the strings?

Categories: All, Politics

Data Protection/Privacy Day on Monday

January 25, 2013 Leave a comment

January 28 is Data Protection Day in Europe and Data Privacy Day in US/Canada. The basic purpose is the same: to highlight personal privacy issues and reduce identity theft.

To get some idea of the problem, I visited the UK’s Stop-IDfraud website – a site supported by Fellowes, CIFAS, Norton, Equifax, Get Safe Online and Action Fraud. Heavyweight stuff.

It says,

New research shows that 24% of UK citizens have been a victim of identity fraud, which is the highest figure in Europe, plus a further 75% have been exposed to scams used by identity fraudsters.
Consumer Facts

How I hate this sort of stuff.

New. When exactly?

Research. By whom, and how was it done?

24% of UK citizens. So is that all residents, all residents with a UK passport, all residents with a UK passport over a certain age?

There is no clue to any of this – not even a date for when the details were published on the site.

So my first thought is that these figures cannot be trusted. They could have been made up on the spot. But let’s look at that 24%.

Glance up and down your street. You’re likely to have 100 UK residents living within a stones-throw. Scary to think that 24 of those neighbours have been a victim of ID fraud. OK, so neighbours these days tend not to talk to each other. So think of your immediate family and friends – again you’ll rapidly approach 100. Have anything like 24 of them indicated that they are victims of ID fraud, with two-thirds of them losing more than £1000, and have warned you to be careful? I’m here to be shot down, but I very much doubt it.

Now the second statistic. 75% have been exposed to scams used by identity fraudsters. Really? I get half a dozen or more spam scam phishing emails every day. I find it hard to believe that 25% of the population have never received a spam scam phishing email.

So, put simply, these unjustified and uncorroborated and unsupported figures make no sense to me whatsoever. Except they do sensationalize a very worrying fact: ID fraud is a serious problem. So serious that we really ought to support the government’s plans for the Communications Bill so that law enforcement can track and come down hard on all of these criminals that have defrauded so many of my friends and neighbours to such an extent that they won’t even tell me about it.

You couldn’t make it up. Except, maybe they did.

Microsoft: if it needs to be said, it’s said here first

January 23, 2013 Leave a comment

Ahem… I refer my honourable friends to my earlier post last year.

In which, I said,

So Microsoft’s new strategy could be to own both hardware and software – starting with its own tablet but moving into phones (perhaps by buying Nokia?) and desktops (perhaps by buying Dell or Acer, or even building new from scratch?)…
Toward a new strategy for Microsoft

Yesterday, Reuters reported,

Microsoft Corp is in discussions to invest between $1 billion and $3 billion of mezzanine financing in a buyout of Dell Inc, CNBC cited unidentified sources as saying on Tuesday.
Microsoft in talks to invest up to $3 billion in Dell

Keep up, chaps.

Categories: All, Security News, Vendor News

David Cameron has just won the next election

January 23, 2013 Leave a comment

He has promised the people an in-out referendum on Europe after the next election. Miliband, however, says, “My position is no – we don’t want an in out referendum.”

Cameron wins hands down, and will win the election on this basis alone.

The real fun will start after the election when Cameron has to find some way to break or manipulate or delay that promise – which he inevitably will. Filed under ‘all politicians are liars’.

Categories: All, Politics

eWeek ate my hamster

January 17, 2013 Leave a comment

Last summer I interviewed Space Rogue and did a story on his history of security hype: A cyber terrorist ate my hamster.

I must now report that the process is alive and well, courtesy of eWeek.

Over the last couple of days the media has been full of a story about two virus outbreaks in US scada installations. eWeek is clear in its own story USB Storage Drive Loaded With Malware Shuts Down Power Plant:

The U.S. Computer Emergency Readiness Team reports that a U.S.-based power generating facility was shut down after a contract employee introduced malware into the turbine control systems and into engineering workstations. The contractor routinely used his USB drive to perform updates on control systems as well as workstations in the power plant.

I would just like to point out, very politely, that this is what is known in polite circles as a ‘lie’. ICS CERT did not say that.

I covered this story in Infosecurity Magazine way back on January 4: The lessons of Shamoon and Stuxnet ignored: US ICS still vulnerable in the same way.

The truth is less dramatic than eWeek suggests – although dramatic enough. The virus was discovered while the system was in a scheduled shutdown. It delayed its restart, it did not cause its shutdown. But that’s far less dramatic and far less worrying…

The next stage in the security hype process is for politicians to seize on the eWeek story to justify the need of the next draconian piece of anti-terrorist cyber legislation, or the next exponential increase in some LEA’s budget request. Journalists really should read what they talk about before they talk about what they haven’t properly read.

A collection of news items from the end of 2012

January 16, 2013 Leave a comment

Briefly, towards the end of last year, I contributed a newsy column in the print version Infosecurity Magazine. The magazine has now kindly allowed me to post them here. There are eight items in total; viz,

False positives and the disposition matrix

Megaupload takedown – an unmitigated disaster?

Brace yourselves, Europe – the lawyers are coming

A strange spam variant with an exokernelized solution

What’s the main cause of movie piracy?

In deep space, no-one can see you surf

After Samsung, Apple turns its big patent guns on… a Polish grocer

Is your computer photochromatic?

 Just in case you missed any of them…

Categories: Uncategorized