Category Archives: interception

Right now, you are being monitored

This morning, as I was leaving the house for work, I wanted to check the weather forecast so started tapping and swiping away at my newish iPhone to find the weather screen. I was startled to see some text appear which said

Right now, it would take you about 11 minutes to drive to [workplace address]

(It looked a bit like this (not my phone I stress)).

It was correct, it would indeed take me about that long to drive to work at that time, but I was genuinely taken aback. After a bit of research I see that this was a new feature in iOS7, (and, indeed, the weather widget was lost at the same time). Sure enough, I find that my new phone has been logging frequently visited locations, but must have also been logging the fact that I travel between A (home) and B (work) frequently. It is described by Apple as being a way to

Allow your iPhone to learn places you frequently visit in order to provide useful location-related information

I’m not going to argue whether this is a useful service or not, or even whether on general principles it is concerning or not. What I am going to say is that, because I’ve not had much time recently to sit down and learn about my new phone, to customise it in the most privacy-friendly way, I’ve been saddled with a default setting which has captured an extraordinarily accurate dataset about my travel habits without my knowledge. And yes, I know that tracking is a prerequisite of mobile phone functionality, but I would just rather it was, as default, limited to the bare minimum. 

p.s. to turn off this default setting, navigate to Settings/Privacy/Location Services [scroll to very bottom]/System Services/Frequent Locations and set to “off”

 

Leave a comment

Filed under Data Protection, interception, Privacy, surveillance, tracking

A balanced view on Optic Nerve

As I’m keen always to take a balanced view of important privacy issues, and not descend into the sort of paranoid raving which always defines, say, the state as the enemy, capable of almost anything, I sometimes think I end up being a bit naive, or at least having naive moments.

So, when outgoing Chair of Ofcom Dame Colette Bowe recently gave evidence to the House of Lords Select Committee on Communications, and said about consumers that

their smart TV may well have a camera and a microphone embedded in it there in their living room. What is that smart TV doing? Do people realise that this is a two-way street?

I thought for a moment “Oh come on, don’t be so scaremongering”. Sure, we saw the stories about Smart TVs and cookies, which is certainly an important privacy issue, but the idea that someone would use your TV to spy on you…?!

And then, of course, I quickly remembered – with a feeling of nausea – that that is exactly the sort of thing that GCHQ are alleged to have done, by jumping on the unencrypted web cam streams of Yahoo users, as part of the Optic Nerve program. And each time I remember this, it makes me want to scream “THEY WERE INDISCRIMINATELY SPYING ON PEOPLE…IN THEIR HOMES, IN THEIR BEDROOMS, FOR ****’S SAKE!”

And they were doing it just because they could. Because they’d notice a way – a vulnerability – and taken advantage of it to slurp masses of intensely private data, just in case it might prove useful in the future.

The intrusion, the prurience, the violation do indeed make me feel like raving against the state and its agents who, either through direct approval, or tacit acceptance, or negligence, allowed this to happen. Although *balance alert* GCHQ do, of course, assure us that “GCHQ insists all of its activities are necessary, proportionate, and in accordance with UK law”. So that’s OK. And yes, they really did call it “proportionate”. 

I know the web cam grabbing was by no means the only such intrusion, but for me it exemplifies the “something” which went wrong, at some point, which led to this. I don’t know what that something was, or even how to fix it, and I’ve never used a web cam, so have no direct interest, but I will closely watch the progress of Simon Davies’ request for the Attorney General to refer the matter to the police.

Leave a comment

Filed under Confidentiality, Data Protection, human rights, interception, Privacy, RIPA, surveillance

Is the BBC spying on whistleblowers?

A couple of the normal BBC-baiting newspapers report that that organisation has been “accused of spying on whistleblowers”, after a Freedom of Information request revealed that the BBC’s Investigation Service monitored emails of 30 workers last year. The Telegraph says this

raised fears that BBC management is engaged in a crack down on people it suspects of whistle-blowing about their concerns over the running of the corporation

There seems to be absolutely no evidence for this. To me it looks more like an employer intercepting communications on business systems in order to prevent or investigate potential unlawful behaviour. The law provides for this, and the paper reports that the BBC even said

The BBC Investigations Service does not target whistleblowers. The four cases of leaked information involved other matters such as the release of commercially sensitive information or the release of internal information – none of the four cases of leaked information could be considered as whistleblowing in any sense. The BBC has a clear policy protecting the right to whistleblow

The circumstances under which email communication can be intercepted by an employer are clearly prescribed by law. The much-maligned and -misunderstood Regulation of Investigatory Powers Act 2000 (RIPA) corrected the previous domestic position that workplace surveillance could not amount to an infringement of an employee’s Article 8 rights (a position criticised by the European Court of Human Rights in Halford v UK). The provisions of section 1 of RIPA create a criminal offence of unlawful interception of a communication (transmitted either by public or private telecommunications system) where the interception occurs without lawful authority. However, secondary legislation, made under RIPA, prescribes what “lawful authority” can mean within an employment context. The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (the “LBP Regulations”) provide inter alia that interception of emails will be lawful if it is done for the purposes of preventing or detecting crime, or for the purpose of investigating or detecting the unauthorised use of that or any other telecommunication system. This can be done without consent or notification as long as the business informs users of its systems in advance (normally by way of a policy) that emails may be intercepted for relevant purposes (I wrote on this in detail in None of our business? Private emails, FOI and lawful interception (PDP FOI Journal, Nov/Dec 2011
Volume 8, Issue 2, subscription only)).

So, provided the BBC have a policy informing staff that their emails could be intercepted (and I would be amazed if they don’t) they will have done nothing wrong, and nothing that a responsible employer, and public service provider, should be blamed for doing. Do the Telegraph and the Mail think the BBC should not investigate alleged unlawful – perhaps criminal – behaviour on the part of its staff?

Leave a comment

Filed under BBC, employment, interception, RIPA, surveillance