Email Error (Humour)

October 31, 2008 — 585

While not strictly an article for this site, the humor value of this is too much to pass up.

Email Error

 

When officials asked for the Welsh translation of a road sign, they thought the reply was what they needed.

Unfortunately, the e-mail response to Swansea council said in Welsh: “I am not in the office at the moment. Please send any work to be translated”.

So that was what went up under the English version which barred lorries from a road near a supermarket.

“When they’re proofing signs, they should really use someone who speaks Welsh,” said journalist Dylan Iorwerth.

Source

Tags:
Posted in Uncategorized. No Comments »

ICO Funding to Increase

October 30, 2008 — 585

The ICO’s budget is to increase from £12 million to £18million, which will allow it to take more enforcement action.

 

 

Tags:
Posted in Data Protection Act. Tags: . No Comments »

DT Reports on Data Misuse

October 30, 2008 — 585

BONN, Germany — Deutsche Telekom today announced more findings concerning breaches of data privacy regulations and the investigation of additional incidents. The new Member of the Board of Management responsible for Data Privacy, Legal Affairs and Compliance, Dr. Manfred Balz, explained the incidents the company is now investigating. “Data privacy is now represented directly at Board of Management level: As the new Member of the Board of Management, I am personally committed to the issue,” Balz emphasized. “At the same time, I extend this obligation to every manager and employee who has to do with the privacy and security of customer data.”

 

At the beginning of October the Board of Management tasked Group Internal Audit with the review of measures taken within the Group in response to the theft of 17 million sets of customer data in 2006. A report has now been submitted. The investigations were in response to open questions generated by the most recent findings relating to the theft of data

 

Source

Tags: , ,
Posted in Data Misuse, Data Theft. Tags: , . No Comments »

NHS: Medical Records are on the move again

October 28, 2008 — 585

The medical records in the UK seem to be constantly moving around.

One day its the government planning on passing the data to private companies, another its the police getting access to medical records for anti-terrorism purposes.

We also know that these medical records are often misused as well.

But now figures have been released that show over 300 million records have been transfered from the government to academic organizations (as there are only 60 million people in the UK, the figure must assume multiple records per person, and include individual visits to doctors and hospitals). These records are identifiable.

The NHS routinely lose data as it is, with four out of five NHS trusts having lost patient data, but the probability of data loss and misuse has now radically increased. It should be remembered that Universities are not immune from data loss and and data misuse.

With grey market companies specializing in selling personal data, for as little as £100 per item, the question is not who has access to you medical records but who does not?

 

 

 

 

 

 

Tags: ,
Posted in Data Loss, Data Misuse. Tags: , , . No Comments »

Police: Data Loss

October 27, 2008 — 585

The police, this time the Lancashire Police, have lost some more data. This time it is a laptop, containing witness statements and the like.

The laptop, which was, of course, not encrypted, was stolen from a car. To make matters worse the laptop was in the possesion of an off duty police officers when it was stolen. Once again government staff are taking home data, and are being supplied laptops that are not encrypted.

The damage does not look too much in this case, so its not likely to change anything, but what would?

Source

 

 

 

Tags: ,
Posted in Data Loss. Tags: , . No Comments »

TREC – Text REtrieval Conference

October 27, 2008 — 585

TREC, Text REtrieval Conference, e which now has 23 countries attending, was started in 1992 an has been co-sponsored NIST, National Institute of Standards and Technology and the US DoD (Department of Defense) throughout.

TREC has the following aims:

  • to encourage research in information retrieval based on large test collections;
  • to increase communication among industry, academia, and government by creating an open forum for the exchange of research ideas;
  • to speed the transfer of technology from research labs into commercial products by demonstrating substantial improvements in retrieval methodologies on real-world problems; and
  • to increase the availability of appropriate evaluation techniques for use by industry and academia, including development of new evaluation techniques more applicable to current systems.

An example of some of the publications by TREC is:  Experiment and Evaluation in Information Retrieval

 

Posted in e-discovery. No Comments »

ICAIL International Conforence on Artifical Intelligence and Law

October 27, 2008 — 585

International Conference on Artificial Intelligence and Law – ICAIL

ICAIL is a conference, which is linked to the DESI group, that works on issues such as Formal Modeling of Electronic Commerce,.

ICAIL has been running since 1987, when it was first run in Boston and is due to have the 2009 conference in Barcelona

 

Posted in e-discovery. Tags: . No Comments »

DESI Discovery of Electronically Stored Information

October 27, 2008 — 585

DESI – Discovery of Electronically Stored Information

This is a group, from around the world who have worked together on the problem of reviewing very large amounts of data – Including TREC and ICAIL

DESI  I (2007) – http://www.umiacs.umd.edu/~oard/desi-ws/

DESI II (2008) – http://www.cs.ucl.ac.uk/staff/S.Attfield/desi/

 

 

Posted in e-discovery. Tags: . No Comments »

File Sharing – Where do you stand?

October 25, 2008 — 585

The Current Climate

Earlier this year the UK’s ISPs have hand over information about names and addresses, following court action by those who feel their copyrights have been infringed, e.g the games and music industry.

These companies try and track those using file sharing technologies such as bit torrent or other peer to peer programs. What the investigators end up with is an IP address, e.g they can show that 81.112.50.32 has been sharing specific music files.

As the IP address are, generally, from home users, they only reveal the company providing the line, e.g BT, not the end user.

The IP address does not identify the person who was actually using the IP address at a given time. In addition to this most home IP addresses are also dynamic, which means that different people can have the same IP address at different times.

The only people who can resolve the IP addresses to a given person are the ISPs. E.g BT can identify who had IP address 81.112.50.32 on Saturday 25th October 2008 and who had it on June 1st 2008.

The ISP will not provide this information by a simple request, but they need to be compelled by a court order. Which is what happened earlier this year, and thousands of home addresses were resolved from IP addresses, by the ISPs. It is suggested that up to 25,000 home addresses were identified as part of these court orders. 

Once the investigators and their employers e.g BPI (British Phonographic Institute), games industry, etc, had identified the home addresses  these companies took different actions.

Some companies wrote to the home address trying to “educate” the users. Others wrote, via the solicitor Davenport Lyons, to the registered owners of the IP addresses identified and demanded that the users pay a £600 fine or face additional action.

Where do you stand?

So, the games and music industry is now getting tough. But where do you stand?

Firstly any firm is on a very sticky wicket if they try and issue a fine based purely on an IP address. It is entirely unreasonable to suggest that you can identify a user from a IP address. For example, a house with one computer may have multiple users. A home may have a family computer, the father pays the bill but its the son who is down loading the music (without his father’s knowledge). The father can not be held reasonable for that action any more than he can if his son goes out and steals a car.

Secondly most homes now have multiple computers, and the IP address just shows the house that was down loading music, and not which computer.

Think of a student house with 4 people living in it, one person pays the bill but another person down loads the music, one student can not be responsible for another, just because they live in the same house.

The first and second problem can be combined. E.g a house can have four people living it in, but the girl friend of one of the students stays over regularly and down loads music files, on her account on one of the computers in the house. Can the person who pays the bill in the house really be held responsible for the actions of the partner of a person he lives with? Of course not.

There is then the third option, insecure networks. Most routers come with wireless networks running as default and it is insecure. If your neighbor uses your network to down load music, should you be held responsible for this?

If the UK government cannot maintain control of critical information, how can a home user be expected to secure data?

Can they get more information?

As shown above the IP address is not enough to ensure a conviction/fine, the company would need to gain more information, from investigating the the suspected home computers. This is possible, legally.

A company, e.g BPI, could request an order/warrant to search a suspected house based on the IP address/home address provided previously, and that would could well be reasonable. 

If that did occur BPI would need to get the order, then attend the address, make an exact copy of the suspected hard drive(s) and then take the data away for analysis. This sort of operation would be conducted by contractors, so it is entirely technologically and legally possible. But the cost of doing this would be so expensive, probably £10,000s on per address, that it would be cost prohobitaive on a massive scale. But, the BPIs and the like could consider doing this on a selective scale to send out a message – it depends on how much they value their PR.

Is it legal?

Currently the ISPs have passed over the information, via a High Court order, and so it is entirely legal.

There have been no morning raids or Anton Piller orders, at home addresses reported in the press so far, but they would also be legal if they did occur. The ICO has not commented on the issue either, again showing that this is legal in the UK and there is no objection.

However, on 29th January 2008 the European Court of Justice in the case of “Productores de Música de España Promusicae vs. Telefónica de España“ the ECJ stated that the provision of traffic information for civil reasons, i.e resolving the IP address to the home address,  was not required by member states, but it could be required if necessary at a national level.

In this case the exact same court procedures started in Spain as they did in the UK: The music industry demanded information on users, from the IP addresses they had collected. The difference is that in Spain the ISP Telefonica refused to do this, stating that this information was there for criminal purposes only. Spain then referred the case to the ECJ for advice.

The ECJ agreed with Telefonica. Sadly the the UK ISPs are not inclined to defend their users as much as the other countries, but if an ISP did decided to make a stand for their users they are almost certain to win following the ECJ ruling.

 

 

 

Tags: ,
Posted in UK Law. Tags: , . No Comments »

Emerging Cyber Threats – Report 2009

October 24, 2008 — 585

On October 15, 2008, the Georgia Tech Information Security Center (GTISC) hosted its annual summit on emerging security threats and countermeasures affecting the digital world.

At the conclusion of the event, GTISC released this Emerging Cyber Threats Report—outlining the top five information security threats and challenges facing both consumer and business users in 2009. This year’s summit participants include security experts from the public sector, private enterprise and academia, reinforcing GTISC’s collaborative approach to addressing information security technology and policy challenges.

Full Report

Tags:
Posted in Data Misuse. No Comments »
« Older posts