STE WILLIAMS

Lulzsec Leader Apparently Arrested in Essex

The Press Association reports that, “A 19-year-old suspected of being a mastermind behind notorious international computer hacking group LulzSec has been arrested in Essex, after a joint operation by the FBI and Scotland Yard.”

A spokesman for the Metropolitan Police states, “The arrest follows an investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.

“Searches at a residential address in Wickford, Essex, following the arrest last night have led to the examination of a significant amount of material. These forensic examinations remain ongoing.”

Calls For A Single UK Privacy Comissioner

The UK needs a single privacy commissioner, and not the tangle of officials it is creating to police the area, an alliance of pressure groups claimed yesterday.

Terri Dowty, Director of Action on Rights for Children (ARCH), warned of the uncoordinated and ineffective proliferation of commissioners now operating in this area. Dowty made the call on behalf of a number of other campaign groups, including Privacy International, Genewatch UK and NO2ID.

The call came in a statement broadly welcoming of government proposals to cut back on its predecessor’s over-bearing regulation of everyday life, Dowty expressed concern that the Protection of Freedoms Bill, which received its second reading in Parliament this week, proposes the establishment of two new commissioners for biometrics and CCTV. This would expand the number of commissioners responsible for privacy and surveillance from three to five.

However, Dowty said: “[this] will not necessarily lead to greater protection for the public and may even fracture the protection that already exists.

She went on: “The only way of providing meaningful oversight of freedom and privacy is to bring all of these commissioners into a single privacy commission”.

Over the last few years, the UK has invested heavily in “Commissioners”, with individuals bearing that title employed to look after areas as diverse as Children, Traffic and Immigration Services. We already have:

  • An Information Commissioner, responsible for promoting and enforcing compliance with the Data Protection Act 1998
  • An Interception of Communications Commissioner created by s57 Regulation of Investigatory Powers Act 2000, whose duties include the oversight (but not the investigation) of those who issue warrants and the procedures of those acting under warrants
  • A Chief Surveillance Commissioner with similarly limited powers, charged with keeping under review the operation of the powers and duties of directed and covert surveillance under RIPA.

The Repeal Bill proposes adding two more Commissioners whose remit would broadly cover issues of privacy. Clause 34 of the Bill would establish a Surveillance Camera Commissioner, responsible for advising the Home Secretary on the drawing up of a code of practice (on the use of surveillance cameras) “encouraging” compliance with the code and reviewing its operation.

Clause 20 would establish a Biometrics Commissioner, whose role would be limited to reviewing any national security determinations made under existing terrorism legislation or under Clause 9 of the Bill, and with the power to order the destruction of biometric material if it cannot lawfully be retained.

A spokesman for the Home Office told us that such rationalisation was not being proposed, because the areas covered by each Commissioner and the powers granted to each were wholly different. This response also implied a certain lack of joined-up thinking on the part of government, as they suggested that since some of these roles fell under the Ministry of Justice, some under the Home Office, a single view on the subject of Commissioner rationalisation was not possible.

However, according to those in favour of rationalisation, this is simply rhetoric disguising some very real flaws in current proposals.

First, as ARCH points out, there is already overlap of powers (on CCTV, for instance), leading to confusion as to which Commissioner is responsible for particular fields and also the creation of gaps that no single Commissioner feels empowered to cover.

Second, the proliferation of Commissioners has costs attached – and while these may not be massive (of the order of £2m for an “ordinary” Commissioner, and £17m for the Information Commissioner) there are clearly savings to be made.

Finally, by limiting the powers of individual Commissioners to such narrow areas, the government is failing to future-proof its Freedoms Bill and instead is creating an inevitable requirement for future Commissioners to be created in response to new threats to privacy, such as RFID, or additional obligations set by EU directives.

Is government really opposed to the idea of a Privacy Commissioner? Or is it possible, as Dowty suggests, that the idea just hasn’t occurred to them??

Source…

Home Secretary promises £63m for cybercrime fight

Home Secretary Theresa May has announced a £63m boost to police budgets for combating cyber crime.

The money will come from the £650m being spent on beefing up the UK’s national cyber defences announced last year.

The move to a proactive, and attacking, form of cyber defence was explained to the Reg by “senior Whitehall officials” in 2009. They warned the newly-formed Office of Cyber Security, within the Cabinet Office, that the main threats to UK infrastructure comes from organised criminals, not terrorists.

Officials also made clear that attacks were no longer likely to be “online only” – 90 per cent of UK high street transactions are now “online” in some sense.

A potted statement from the Home Office said: “This proposed new funding will be used to develop the UK’s overall response to cyber crime. The Government is determined to build an effective law enforcement response to the cyber crime threat building upon the existing expertise within SOCA and the Met Police Central e-Crime Unit.

“More details of the funding allocation will be made public in due course.”

The Home Office press office was unable to confirm the figure of £63m, which was reported by eGovmonitor reporting comments made by Theresa May. ®

?Source

National Identity Card holding chumps have buyer’s remorse

The horror that was the National Identity scheme may be dead – its end pronounced yesterday – but it is not altogether gone and now, zombie-like, supporters of the ID card are returning to haunt the Coalition.

And while el Reg has not been known for its support of the scheme – or the NI register that under-pinned it – it is possible that the complainers have a point.

In the months between the launch of the National Identity card and its abrupt termination at the hands of the Coalition, some 30,000 individuals are estimated to have signed up for the card, at a modest £30 a time.

Fingerprinted, photographed and details neatly recorded, the promise to these identity guinea pigs was that less hassle at banks and shops throughout the UK – where the demand for documentation grows ever more pressing – and the ability to carry their card with them at all times, while abroad, instead of the rather more cumbersome and costly UK passport.

Two individuals who took up the offer were Angela Epstein, a freelance journalist, frequently to be found writing for the Good Health section in the Mail, and Investment Banking Consultant Nicholas Hodder. They are not best pleased that the cards are being scrapped – though for slightly different reasons.

Ms Epstein, who was the very first individual in the UK to sign up for a card, feels that the card performed a useful function: she will mourn its passing. She is also less than amused that the government is scrapping her 10-year card without providing a refund.

Mr Hodder made extensive use of his card when abroad, presenting it at border checkpoints in excess of 30 times. He dislikes carrying a passport: he finds the card that much more convenient.

Both were on the BBC last week, on Rip-off Britain, making the case for the government to offer either a refund, or continued recognition of the card, over its lifetime, for those who do not opt to receive their money back. Mr Hodder points out that at UK Borders, the only check made is whether cards or passports are blacklisted. So there are no major database implications of retaining the card as a stand-alone identity document.

These views have gained some ground in Parliament. In November, the matter was debated in the Lords, where peers on both sides of the House expressed dissatisfaction at the proposal to scrap the cards without providing a refund.

Lord Brett pointed out that although the intention to scrap them had been made perfectly clear by both Tory and Lib Dem manifestoes, neither party had stated a position on whether it would offer a refund or not.

Lib Dem peer Lord Phillips of Sudbury reckoned that few ordinary members of the public would have read the manifestoes. Speaking of his own experience, he said: “I will be quite frank – I did not even read my own party’s manifesto. It was 115 pages long, for a start.”

He also queried the view expressed by the deputy director of policy at the Identity and Passport Service, who claimed that the ID card was not a consumer good – and therefore exempt from consumer protection law.

Putting in a plug for UK SME’s, Lord Erroll expressed scepticism about a claimed £20m needed to refund the card cost, suggesting that the government “have clearly fallen into the hands of the large systems integrators again, who are siphoning off our taxpayers’ money to America”.

On 17 November, the Lords voted an amendment to the Identity Documents Bill that would have required the government to pay compensation to cardholders. This was agreed on 24 November and passed across to the Commons earlier this week as part of the process known as “parliamentary ping-pong” which takes place whenever Lords and Commons cannot agree on an issue. The Commons has now appointed a Committee of MPs to look into the matter.

According to a statement from the Identity and Passport Service: “The Identity Card scheme has already cost the taxpayer millions of pounds. Combined with development work on biometric data, some £292 million has been spent on ID cards.

“The amendment to pay refunds would add a further cost to be picked up by the taxpayer.

“The Government will reverse this expensive change when the Bill returns to the Commons.”

With the abolition of ID cards becoming law yesterday, Mr Hodder’s suggestion is pretty much history: however, the question of whether or not to pay refunds is a quite different matter, and despite Home Office hopes to the contrary, it may yet be one that returns to bite the government, in the courts.

Gov will spend £400k to destroy ID card data

Taxpayers will finally see some value for money out of the former goverment’s ID card scheme.

The cost of destroying the personal data collected under the ill-starred programme will be a mere £400,000, Home Office minister Damian Green revealed yesterday.

The figure came in a commons reply to Paul Goggins MP, who’d asked what security standards would be applied in the destruction of the National Identity Register, what the arrangements were for the data destruction, and what the cost would be.

Green replied that the standards applied had been set out in a document placed in the House of Lords Library last November.

The destruction will be carried out by a a CESG accredited and approved supplier, securely and in accordance with established secure destruction policy, procedures and guidelines, Green said. These include compliance with the HMS IA Standard No. 5-Secure Sanitisation of Protectively Marked Sensitive Information. Physical equipment holding the data will be degaussed and physically shredded.

While scrapping the system will save £86m over the next four years, said Green, costs from asset write-offs and the like will be £5m in 2010-2011.

The actual dismantling of the systems and the destruction of the personal data will be a mere £400,000, though. Which seems like a bargain compared to the £330m Labour spent on the scheme, of which £41m went on “developing the policy, legislation and business case for the introduction of identity cards”.

A cheaper option of course might have been to simply shove the data in the Lords Library. As Green himself demonstrated to Goggins, no one thinks of looking for anything in there

More privacy for the Queen, less for everyone else

The coalition government has detailed the changes it wishes to make to the Freedom of Information Act – reducing the 30-year rule and increasing the number of bodies which must obey the law.

Secretary of State for Justice Kenneth Clarke told the House the Freedom of Information Act would be extended to include the Association of Chief Police Officers (ACPO), the Financial Ombudsman Service and the University and Colleges Admissions Service (UCAS).

Clarke said the government would consult with other bodies on their inclusion into the remit of the Act including Examination Boards, Harbour Authorities, the Local Government Association and the NHS Confederation.

The coalition is also speeding up the release of public documents by changing the 30-year rule to a 20-year rule. It will also look at ways to reduce the time that some other information like court records and ministerial correspondence is kept secret.

Clarke also promised to enhance the independence of the Information Commissioner’s Office.

But there will also be changes to the Constitutional Reform Act to strengthen privacy rights for the Queen, the heir to the throne (Prince Charles) and the second-in-line (Prince William) or anyone acting on their behalf. The changes mean any communication between the government and these people is now an absolute rather than a qualified exemption.

The exemption will last for 20 rather than 30 years, or the lifetime of the person plus five years.

Clarke said the changes were needed to “protect the long-standing conventions surrounding the monarchy and its records, for example the sovereign’s right and duty to counsel, encourage and warn her Government, as well as the heir to the throne’s right to be instructed in the business of Government”.

Finally Clarke said the coalition would engage in “post-legislative scrutiny” to see what impact the changes have and whether more tinkering is required.

Go here to read Clarke’s statement on Freedom of Information, from Hansard