Peter A Clarke

A consistent problem with maintaining appropriate protection of personal information is training staff who handle that  information and maintain information systems, whether on line or in hard copy form.  The Australian Privacy Principles and their guidelines make clear that staff training is an important part of maintaining appropriate data security. Having appropriate anti virus software and appropriate protections in website architecture is important.  But having appropriate and easily understood protocols regarding the accessing, handling and posting of data is critical.  That necessarily involves training and monitoring.

Itnews reports in Review reveals extent of access to leaked Immigration data that the leakage of personal information about Read the rest of this entry »

The impact of technology in the classroom has been both profound and growing.  On the hardware side computers are ubiquitous but becoming outdated tools for school children and teachers.  Users are migrating to tablets. On the software side programmes are becoming more and more attuned to curricula needs. But there are real privacy concerns in the use of technology.  Collecting data Read the rest of this entry »

The Economist has produced an excellent article titled Hiding from big data.  While it ostensibly reports on ways individuals and companies are trying to avoid the use of big data to breach their privacy it covers the developing field of privacy technologies.

Massive data analysis using algorithms focused on linkages to de anonymise individuals data and monetise it is a continuing and growing threat to those who want their personal information to remain private and are prepared to invest in or use technology to do it.  The article considers in an simple to understand way (not easy in this area) a broad range of data security techniques to protect privacy including homomorphic encryption, differential privacy techniques, compartmentalisation, anonymous credentialing and, of course, Tor.  It is an article that anyone interested in the area should come back to.

The Economist also highlights the need for businesses who want to promote their privacy protections to Read the rest of this entry »

It should become a matter of routine that data collected by organisations and agencies are encrypted.  Communication through cyberspace should also have such protection.  That is not the norm for many organisations. The Privacy Commissioner’s guidelines on Australian Privacy Principle 11, relating to data security, expects organisations to have appropriate data security in place.  The guidelines are not specific as to the extent of such security and its application throughout the organisation.

Itnews reports on the move to encrypt data to avoid external surveillance in Tech giants launch Reset the Net project. It is Read the rest of this entry »

The Age has run a story titled Edward Snowden and Reset the Net: Eight ways to take back your online privacy regarding the various apps, programs and procedures to enhance privacy on line.

It provides:

A year ago, Edward Snowden’s leaks about the US mass surveillance program made headlines around the world.

Now he’s urging internet users to stop relying on governments to protect their rights online and claw back their privacy themselves.

“We’re past the point where citizens are entirely dependent on governments to defend our privacy, we don’t have to ask for our privacy, we can take it back,” said Mr Snowden, speaking via video link at the Personal Democracy Forum conference in New York.

The forum was part of Reset the Net, a day of pro-privacy action supported by a coalition of tech companies, human rights and privacy groups that have come together to protest mass surveillance.

“This is the beginning of a moment where we the people begin to protect our universal human rights with the laws of nature rather than the laws of nations,” said Mr Snowden in a statement for initiative.

Reset the Net includes a pack of apps to do exactly that. Here are the recommendations:

Safe texting

To protect your SMS messages from interception, the Reset the Net coalition recommends four apps:

• ChatSecure: available on Read the rest of this entry »

Google’s email security, or at least what Google reads of or into its users gmail, has been the subject of some controversy.  See the Guardian’s article from August 2013, Is Gmail secure enough for my private emails.  There has been improvement on that front with The Electronic Frontier Foundation as it reported on 4 June 2014 in New Gmail Data Shows the Rise of Backbone Email Encryption which provides:

For the past few years, EFF has been working on promoting the universal use of encryption for Internet protocols. We started by pushing major sites to switch from HTTP to HTTPS, and gave individual users ways to pull things along.

Last November, we launched our Encrypt the Web Scorecard, which in addition to Web encryption, added a second focus on securing SMTP email transmissions between mailservers. We believe this is a vital protection against non-targeted dragnet surveillance by the US and other governments. In the months after we started rating their support for STARTTLS email encryption, a number of major sites including Yahoo!, Twitter, LinkedIn and Read the rest of this entry »

Singapore’s data protection laws are far from comprehensive. Even Singapore’s Personal Data Protection Act, which takes effect on 2 July 2014, will  provide inadequate regulation.  While it regulates the collection, use, disclosure and care of personal data government bodies are exempt from its operation.  There is no good public policy reason for such a carve out of privacy regulation.  It is completely anomolous given the amount and sensitivity of personal information government agencies would hold about the Singaporean populace.  That the populace must provide the Government.  This can be partly, if not mainly, explained by the fact that scrutiny of government departments of the city state is minimal on any objective view.

The problem with having a ubiquitous open source software that is a key part of the security framework  for communications in cyberspace is that where problems arise the impact is tremendous and potentially disastrous.  The Heartbleed episode demonstrated that in no uncertain terms.  Changes to passwords, rushed out patches and changes to security protocols all came with cost, aggravation and no shortage of concern.

OpenSSL has identified flaws in the cryptographic library which makes it vulnerable to a man-in-the-middle-attack (which is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker) in an advisory which relevantly provides:

OpenSSL Security Advisory [05 Jun 2014] 

SSL/TLS MITM vulnerability (CVE-2014-0224)

An attacker using Read the rest of this entry »

The US Federal Trade Commission (the “FTC”) has given evidence to the Senate’s subcommittee for privacy, technology and the law of the Committee on the Judiciary on geolocation privacy on 4 June 2014. It is a very interesting statement which effectively describes the privacy implications of the use of geolocation apps and software.  The lack of transparency in the marketing and delivery of those apps and software is a significant concern.  As the FTC makes clear the data that can be collected is often sensitive.  It can also be an effective tracking, if not stalking device.  The management, use and disclosure of that data can have significant consequences for individuals.  Apart from the obvious breach of privacy the data can be used for predictive analytics.

The FTC media statement provides:

The Federal Trade Commission testified before Congress on the Commission’s efforts to address the privacy concerns raised by the tracking of information about consumers’ location, as well as proposed legislation to protect the privacy of geolocation data.

Delivering testimony before the Senate Judiciary Committee’s Subcommittee for Privacy, Technology and the Law, Jessica Rich, Director of the FTC Bureau of Consumer Protection, outlined the FTC’s ongoing efforts to protect the privacy of consumers’ geolocation information through enforcement, policymaking, and consumer and business education.

Precise geolocation data is sensitive personal information increasingly used in consumer Read the rest of this entry »

The records of almost 3000 members of the South Central Ambulance Service were the subject of a significant data breach according to the BBC in South Central Ambulance Service staff data breach.  The breach reportedly included publishing the age, sexuality and religion of members.  This information is regarded as sensitive information under the Privacy Act and should attract greater protection.

The report provides:

The personal data of thousands of ambulance service staff has been accidentally published online, it has been revealed.

The data breach by South Central Ambulance Service (SCAS) included publishing the age, sexuality and religion of almost 3,000 staff members.

The information has been revealed Read the rest of this entry »