Regulation, Retention and Response...
The Internet is fast becoming a regulated environment with competing interests demanding access to an ever widening array of data.
-
All Change!
Posted on May 20th, 2010 No commentsWell, here we are, just a week or so since the announcement of a coalition between the Conservatives and the Liberal Democrats. Now the new government is taking shape and we know who has the top jobs.
But is it a Lib-Con or a Con-Dem - only time will tell.
Anyway - now the politicians have had a week or so to wait by the telephone (guess there are quite a few Tories who did not get a call that they might have expected) and to start to get policies announced ahead of the formal State Opening of Parliament. That will see the reading of the Queen’s Speech but it is clear that many of the contents of that speech have already been announced.
It is clear that this new Parliament is going to be different. For a start there are now more newly elected Members (new intake) than at almost any previous time. The Crusher wonders just how many of these will actually have some understanding of the online world - perhaps the fact that there are many younger members may suggest that they may have some idea about how to use email and the various social networking media. Perhaps some may even understand what an IP address is.
But, the interesting bits have come in this second week. Policy announcements have made it clear that many projects favoured by the previous administration have now fall out of favour with the new. Most of this is down to cost (as the former Chief Secretary to the Treasury left a message for the incoming replacement - ‘there is no money’) but there are some areas where it is clear that public concern has manifested in political action.
An announcement today made the point - suspending the widely unpopular Home Information Packs(HIP). Introduced in an attempt to make information available to house purchasers and to streamline the conveyancing process they included an energy efficiency assessment. The reality was that there was now a requirement for sellers to purchase an expensive pack that duplicated the work that would still have to be undertaken by solicitors in the conveyance process (who would still have to conduct searches etc. in order to ensure that liabilities were met). The pack had to be prepared before sale and was only valid for six months. In the current sales environment there was every likelihood that sellers would have to arrange for several packs.
So, with immediate effect, there is no longer a requirement to have a HIP in place. But the requirement for the energy assessment remains in place and sellers will have to have an assessment and a certificate within 28 days. Now this is a European requirement and is set out within a European Directive so the hands of the UK coalition are tied - they cannot scrap all of the HIP and must retain the requirement for the energy certificate - all dressed up in the words of promoting green behaviour etc.
The energy certificate is a pointer to some actions elsewhere. Nick Clegg, Deputy Prime Minister, set out a number of pointers this week:
“This government is going to transform our politics so the state has far less control over you, and you have far more control over the state …..
Three major steps, that will begin immediately:
One: we will repeal all of the intrusive and unnecessary laws that inhibit your freedom.
Two: we will reform our politics so it is open, transparent, decent.
Three: we will radically redistribute power away from the centre, into your communities, your homes, your hands.
Big, sweeping change. “
Nick Clegg continued:
“First, sweeping legislation to restore the hard won liberties that have been taken, one by one, from the British people.
This government will end the culture of spying on its citizens. It is outrageous that decent, law-abiding people are regularly treated as if they have something to hide. It has to stop.
So there will be no ID card scheme. No national identity register, a halt to second generation biometric passports. We won’t hold your internet and email records when there is just no reason to do so.”
There has certainly been concern over the use of RIPA (Regulation of Investigatory Powers) by some local authorities to keep tabs on parents, fishermen and dog walkers (and much more). It will be interesting to see how the actions of local authorities is to be curbed.
Cancellation of the ID card programme was always going to be on the cards as there were major cost implications. Quite simply it was a project too far, a project too expensive. Interestingly I recently saw a poster on the wall at an Identity and Passports Office - ‘ID cards are coming.’ Wonder if that has come down already!
‘We won’t hold your internet and email records when there is just no reason to do so.’ So far we have the Data Retention Regulations transposing the European Data Retention Directive - the UK implementation is rather idiosyncratic and is applied where the Home Office feels that there may be a need, somewhat less than the wording of the Directive. It is likely that the Regulations will remain (they are after all prescribed within European Law) but that the discussions for increased data gathering under the Internet Modernisation Plan will now go no further. IMP was causing concern with the suggestion that security services and law enforcement agencies could benefit from data gathered using deep packet inspection techniques implemented by ‘black box’ servers located within ISP networks. Forget concerns that the technology was not yet up to the task, nor really likely to be in the near future - the real problem was the potential cost. That is where the cut has fallen.
Another area that has raised much concern over recent years is that of the DNA database. The decision in the European Courts in S and Marper v United Kingdom made it clear that changes were required, however much the then Government disagreed and tried to back-track. Now it seems that there may well be a tide that will restrain the expansion of the database - restricting the collection of data to those who are actually convicted of a crime will be a start and removing all those records that relate to persons wholly innocent and with no conviction against them. Maybe, at long last, there will be the will to implement S and Marper.
Yes, the pendulum is now swinging towards change. How much will actually change remains to be seen but there is certainly a groundswell of opinion. We could well be heading for an interesting time. Not the least of which will be the realisation of where actions are restrained by Directives applied from Europe.
-
Identity - start by helping yourself ……
Posted on May 8th, 2010 No commentsWhilst we all mull over the results of the General Election held on May 6th here in the UK, a time to ponder some other topics. It seems that it will be a while before there is any clear indication on future policy and on departmental responsibilities and it may now be likely that there will be some form of coalition. If there is not then we may well be in for a period of minority government and the likelihood of another election in the coming months. If that is the case I will suggest Thursday October 21st as a suitable day.
That is, of course, Trafalgar Day, so a suitable day to decide the future path of the coun try. Remember, you saw that date here first!
But, to a different topic. The Crusher finds an opportunity from time to time to consider things away from the normal run of regulation and legal development. Now seems as good a time as any to do that.
A few weeks ago The Crusher updated links to online credit cart transactions. As part of the update, the bank offered a higher level of security and the availability of software to monitor access to banking accounts and to advise of any potential threats to personal security. All good stuff and good to see that the bank are taking steps to help customers with their online transactions. The latest applications now run alongside the standard anti-virus, anti-spyware, firewall and other tools - all of which should be part of the standard set-up for any online user.
The Crusher is only too well aware of the potential problems. At the beginning of this year one of our financial service suppliers advised that they had detected an unusual transaction for a fairly large sum. They asked if an online order had been placed with a US based supplier. Apparently the order had already been declined as it was outside the normal pattern and had been flagged as potentially suspicious by security software - the call confirmed the status and no payment was authorised.
Of course, the result of this was immediate cancellation of the account and a new card. Interesting to speculate on how the card number came to be used. Maybe it was collected from the home PC (unlikely to be honest), maybe from a remote merchant or maybe it was randonly generated. Whatever the source, the security and anti-fraud systems at the bank kicked in and spotted and blocked an unusual transaction.
Online fraud and identity theft is an increaqsing problem. The card issuers in the UK have attempted to tackle problems here by issuing ‘chip and PIN’ cards. If a card is used and the correct PIN is inserted then the transaction is verified and payment authorised. If a card is used for an online transaction then there are a series of checks to ensure that the card is being used correctly - entering exact name, registration address, card verification code (the last three digits on the reverse), start and expiry date etc. And then there are the further security steps using ‘Verified by Visa,’ 3D Secure etc. where the card owner is asked to insert a password or a selection from a pass-phrase to validate the purchase. All godd stuff - but it is clear that the move to ‘chip and PIN’ has made life more difficult for criminals and that there is now an increasing in online fraud.
Identity theft is now a recognised problem, much publicised in the press and by financial service providers with strong advice to users. It really is not a good idea to store details of the PIN in the same location as the card! Shred unwanted documents and store statements and others in secure locations. Most people will recognise the actions and will be taking steps - and are rightly aggrieved with the loss of personal data by large organisations including Government Departments and others.
But - prevention of identity theft must start at home. As alreadysuggested, make sure that there are firewalls, anti-virus, anti-spyware in place and that operating systems are fully patched and up-to-date. Those are all the obvious and technical things. But it is the warmware that is likely to be the weakest link - not the software or the hardware.
Warmware is, of course, the user. So why is that that The Crusher is writing about this right now? Well, again it is down to personal experience.
Last week my mobile phone broke - well, it was the tiny pin within the charging connection of the Nokia phone. Once that broke it was impossible to charge the battery so only a short time before the phone became completely u/s. It probably could be repaired but it is now a few years old and there were other faults as well. So, time to get a new one. Or, at least, new to me. Relatively new mobile phones can be picked up quite easily online, eBay and other sources can offer deals at well below the prices of high street suppliers.
So, a search for a new phone, an order and a delivery. Very rapid delivery and far faster than it would have taken to have got the old one repaired. More up to date model to with lots of new gizmos to play with!
OK, steps to update. Connect old phone to PC and download all contact details and stored messages etc. Now connect the new one ready to sync the details.
Ah ha - the new phone has a lot of data in it. Download all the contents to the PC to edit. Now what do I have - all the previous owners contacts, family, friends, work related etc. Music tracks, some data, some video and more.
Of course, I have now taken steps to erase all the data, both from the phone and from my PC. But, in this world of identity theft it really is a little worrying to see what someone, probably wholly inadvertently, has left for someone else to discover.
Now, I no longer have the data but I coud very easily have built up a profile of the user. That would have included their home location(it’s in the Midlands), the location of family members (parents, parents-in-law, brothers and sisters and others), exact work location (try Googling a business phone number), names of work colleagues etc. I know who the previous owner is likely to bank with, likely hobbies and interests and that they are likely to be concerned over crime or anti-social behaviour in their area.
This sort of information would be an absolute gold-mine for a criminal. It is clearly so easy to overlook but a potential warning for us all.
If you are going to dispose of any item that may have personal or other important data on it then do take steps to either thoroughly delete the data or to destroy the device before disposal. The Crusher knows of one person who took a 12-bore shotgun to a hard drive, another who used a lump hammer and an electric drill to break up the device. You really cannot be too careful!