A British advertising company claims to have built the world's largest database of individuals' internet behaviour, which it says will
track almost 100% of the UK population.
The announcement plunges WPP straight into the middle of the privacy debate surrounding online marketing. The company said it was pooling data from many of the world's major websites, networks of online advertisers and even sources following what
people are buying in high street stores.
FTSE 100-listed WPP is one of the most powerful well-connected advertising companies in the world, and its clients include some of the most famous global brands. Many, though not yet named, are providing WPP with data about visitors to their
websites as part of the company's new database venture, called Xaxis.
The internet is an advertising-supported medium, and much of the web is free because advertisers want to put messages in front of people, said Brian Lesser, chief executive of Xaxis. We are supporting the broader internet economy by
improving the targeting of ads, while also playing by the strictest privacy rules.
It has built individual profiles of 500 million internet users across the world, covering, it says, almost 100 per cent of the people online in the countries in which it operates, including the UK, US, Australia and eight others.
Privacy campaigners warned against the concentration of so much data about individuals.
Knowing the pattern of websites you go to makes it very easy to identify you, said John Buckman, chairman of the Electronic Frontier Foundation (EFF). The greatest problem with data gathering is not from the people gathering it, but
where it goes afterwards. When the cat is out the bag, you can't put it back in. The safest protection for data is to never have it in the first place. The principle should be for the minimum amount of data to be captured wherever possible.
The company is promising advertisers an unprecedented level of precision and zero waste , so that only people likely to be interested in their products will see adverts. But Mr Lesser added that WPP could be trusted not to try to
unscramble the data and match it to individuals. Who the person is is not really important to us, he said. We will never get to the point that we know so much that we know who the person is.
A plan to set up an agency to manage large IT database systems across the European Union has taken a step forward, after the Council of
Ministers gave its approval to the scheme. The European Council said it will back the scheme if it gains further approval from the European Parliament.
The as-yet-unnamed agency would take over the operational management of three major and related databases: the second-generation Schengen Information System (SIS II), the Visa Information System (VIS) and the Eurodac fingerprint-comparison system.
The new agency might also be made responsible for the preparation, development and operational management of additional large-scale IT systems that are planned for the same field, although new legislation and impact assessments would be
needed to allow this to happen.
The aim is for the new agency to start work in the summer of 2012. It will be based in Tallinn, Estonia, although development and operational management tasks will be carried out in Strasbourg, France. A back-up site will be established in the
Austrian ski resort town of Sankt Johann im Pongau.
A website that allows members to monitor CCTV cameras has been ordered to make changes by privacy regulators after
footage from a shop was uploaded to YouTube.
Security video streamed to amateur snoops' computers by Internet Eyes was saved and posted online in violation of data protection legislation, according to the Information Commissioner's Office.
The regulator received a complaint after the clip, which included an identifiable image of an innocent shopper, was discovered on Google's video sharing website.
A subsequent investigation found that Internet Eyes had not implemented adequate safeguards to protect the privacy of legitimate shoppers and had no way of finding out which of its members uploaded the footage.
The Information Commissioner ordered the site to encrypt its video streams and ensure it keeps records of which members have monitored which shops and when.
Supermarket staff are being trained by UK health officials to spy on customer shopping baskets, it has emerged.
The government-backed scheme to be rolled out at Sainsbury's stores nationwide supposedly aims to identify hidden carers , people who look after elderly, sick or disabled relatives who do not realise they could be entitled to support.
Under the scheme, cashiers will be asked to watch out for unusual shopping habits and taught to discretely ask customers about their personal circumstances while serving them. Tell-tale signs include shoppers who have two baskets of groceries and
pay for each separately.
Pharmacists will also be trained to quiz people who are picking up prescriptions for other people.
A pilot scheme in Torbay, Devon, led to more than 140 people seeking help in just two months. Sainsbury's cashiers will be asked to discretely ask customers about their personal circumstances while serving them
Daniel Hamilton, of the campaign group Big Brother Watch, said: It strikes me as something that will make a lot of people uncomfortable. They are trying to do the right thing but they have to be careful about how they do it.
Simon Davies, of Privacy International, said posters and leaflets would be less intrusive. He added: They may have the best of intentions but I would have thought that this not the way to do it. It is crossing the creepy line.
The British government has revealed plans for a national proof-of-identity scheme that privacy campaigners say has
echoes of the ID card project that was scrapped less than six months ago.
The identity assurance scheme, announced by Cabinet Office minister Francis Maude, will create services that will verify a person's identity when they access public services online.
The scheme will, according to Maude, allow people to access various government services online without having to remember multiple log-in details.
Guy Herbert, general secretary for NO2ID, said the project has shades of the ID card scheme in some of its aims and in the officials involved but added there are no firm details on how the proposed scheme will affect personal privacy.
Herbert said his biggest concern is officials using the scheme to piece together a profile of an individual using information held by multiple government departments.
What we don't want to see, and what could easily happen, is that this could be used as an excuse to share and Hoover up more: information using the assurance element of the scheme, he said.
Under the proposed scheme, private companies will run the accreditation services that verify a person's identity when they log in to a service online.
A year ago, the Coalition Government was formed. On page 11 of the Coalition Agreement, the Conservatives and Liberal Democrats made the following commitment to the British people:
We will be strong in defence of freedom. The Government believes that the British state has become too authoritarian, and that over the past decade it has abused and eroded fundamental human freedoms and historic civil
liberties. We need to restore the rights of individuals in the face of encroaching state power, in keeping with Britain's tradition of freedom and fairness.
So – how have they done?
When it comes to advancing the cause of civil liberties in the United Kingdom, the Coalition has some real achievements to speak off. In particular, ministers should be congratulated for taking steps to scrap ID cards and
remove the profiles of the one million innocent people held on the national DNA database. They should also be praised for doing away with the ContactPoint database of children's details and reforming the criminal record check regime.
The Coalition's record is, however, imperfect. Police stop and search powers remain in place, Control Orders remain virtually unreformed and there has been no opt-out from the European Arrest Warrant. When it comes to
E-Borders, the Summary Care Record and Intercept Modernisation Programme, they have continued to implement the previous government's policies – warts and all.
This paper outlines the progress to date and suggestions for where further improvements can be made.
The Metropolitan police has bought Geotime, a security programme used by the US military, which shows an individual's movements and
communications with other people on a three-dimensional graphic. It can be used to collate information gathered from social networking sites, satellite navigation equipment, mobile phones, financial transactions and IP network logs.
Campaigners and lawyers have expressed concern at how the software could be used to monitor innocent parties such as protesters in breach of data protection legislation.
Alex Hanff, the campaigns manager at Privacy International, called on the police to explain who will decide how this software will be used in future: Once millions and millions of pieces of microdata are aggregated, you end up with this very
high-resolution picture of somebody, and this is effectively what they are doing here. We shouldn't be tracked and traced and have pictures built by our own government and police for the benefit of commercial gain, he said.
According to Geotime's website, the programme displays data from a variety of sources, allowing the user to navigate the data with a timeline and animated display. The website claims it can also throw up previously unseen connections between
Links between entities can represent communications, relationships, transactions, message logs, etc and are visualised over time to reveal temporal patterns and behaviours, it reads.
Security researchers have revealed that Apple's iOS 4 mobile operating system, which runs on the highly popular iPhone and iPad devices, constantly tracks and stores users' approximate location information without their knowledge or consent.
It has now been learned that law enforcement agencies have known about the secret iOS tracking for at least the last year, and have used the data to aid criminal investigations, according to CNet.
The information recorded by Apple is not a users' exact location; instead, the company tracks which cell tower each iOS device uses to connect to a wireless network.
services. In a letter responding to Congress queries, Apple said that it intermittently collected cell tower and Wi-Fi access point information, which is transmitted to Apple every 12 hours.
According to a company called Katana Forensics, however, the unencrypted data is also used by law enforcement for their own purposes. The information on the phone is useful in a forensics context, said Alex Levinson of Katana, who spoke
with CNet. The company's iOS data extracting software, Lantern 2, is often used by small-town local police all the way up to state and federal police, different agencies in the government that have forensics units.
Apple's iOS isn't the only mobile OS that collects user location information. Devices running Google's market-leading Android OS also keep a record of the locations and unique IDs of the last 50 mobile masts that it has communicated with, and
the last 200 Wi-Fi networks that it has 'seen,' according to the Guardian.
There may be a glimmer of hope for the little man in this, however. Representative Edward Markey has come to the rescue, asking Apple CEO Steve Jobs in a letter sent this week to explain his company's privacy-encroaching ways. I am concerned
about this report and the consequences of this feature for individuals' privacy, Rep. Markey wrote in the letter, followed by a series of questions about the location data file and why, exactly, it exists.
The Obama administration has said that it's moving ahead with a plan for broad adoption of Internet IDs despite
concerns about identity centralization, and hopes to fund pilot projects next year.
There's no reliable way to verify identity online at the moment, Commerce Secretary Gary Locke sai: Passwords just won't cut it here.
A document [pdf]
released by the White House adds a few more details to the proposal, which still remains mostly vague.
It offers examples of what the White House views as an identity ecosystem, including obtaining a digital ID from an ISP that could be used to view your personal health information, or obtaining an ID linked to your cell phone that would let
you log into IRS.gov to view payments and file taxes. The idea is to have multiple identity providers that are part of the same system.
Administration officials plan to convene a series of workshops between June and September of this year that would bring together companies and advocacy groups and move closer to an actual specification for what's being called the National Strategy
for Trusted Identities in Cyberspace, or NSTIC.
During his speech, Locke lashed out critics of the proposal. A column in NetworkWorld.com, for instance, called NSTIC a great example of rampant, over-reaching, ignorant, and ill-conceived political foolishness.
The Czech Constitutional Court has overturned the country's implementation of the EU Data Retention Directive (DRD), on the
grounds that it violates fundamental privacy rights and is a disproportionate response to what it is trying to achieve.
The ruling comes after Sweden delayed implementing the DRD. Germany, Romania, Cyprus and Hungary have overturned their implementations, while Greece, Ireland and Austria have so far refused to implement the Directive at all.
Google and Facebook are among a group of net heavyweights taking the French government to court.
The legal challenge at the State Council, France's highest judicial body, has been brought by The French Association of Internet Community Services (ASIC) and relates to government plans to keep web users' personal data for a year.
More than 20 firms are involved, including eBay and Dailymotion.
The law obliges a range of e-commerce sites, video and music services and webmail providers to keep a host of data on customers. This includes users' full names, postal addresses, telephone numbers and passwords.
The data must be handed over to the authorities if demanded. Police, the fraud office, customs, tax and social security bodies will all have the right of access.
ASIC head Benoit Tabaka believes that the data law is unnecessarily draconian. ASIC also thinks that passwords should not be collected and warned that retaining them could have security implications.
BT will not be prosecuted for snooping on the web browsing habits of its customers.
The Crown Prosecution Service (CPS) has dropped a request to bring charges against BT and Phorm - the firm that supplied the monitoring system. The Webwise software used cookies to track people online and then tailored adverts to the sites they
Trials were carried out in 2006 and involved more than 16,000 BT customers. When the covert trials became public they led to calls for prosecution because BT and partner Phorm did not get the consent of customers beforehand. Snooping is an offence
under the Regulation of Investigatory Powers Act which outlaws unlawful interception.
At present, the available evidence is insufficient to provide a realistic prospect of conviction, said the CPS in a statement: We would only take such a decision if we were satisfied that the broad extent of the criminality had been
determined and that we could make a fully informed assessment of the public interest. It added that there was no evidence to suggest that anyone who unwittingly took part in the trial suffered any harm or loss.
Britain is trying to set up an EU-wide network of travel databases to record the movements and personal details of millions of
air passengers within Europe.
The home secretary, Theresa May, is hoping that European justice and home affairs ministers will back a massive expansion of EU proposals, which as they stand would apply only to flights in and out of Europe and see travellers' details anonymised
after 30 days.
May, who was elected on a pledge to scale back the database state , has been lobbying hard for the data, known as passenger name records (PNR), to also be collected for flights within Europe, tripling the number of journeys tracked. She
wants the data to be stored for up to six years. She has already won the backing of 17 other EU member states for the move but is heading for a civil liberties clash with the European parliament and the German government.
She has claimed that the expansion is needed to combat terrorism but it seems that the UK wants to use it for immigration as well.
The 19 separate items of personal information involved include home address, passport number, credit card details, mobile phone number and the traveller's itinerary.
Google's GMail service has announced that it will be trawling people's email to try and extract signals that it can use to more
selectively target ads.
Coming soon: Better Ads in Gmail
Fewer irrelevant ads
Gmail's importance ranking applied to ads
Offers and coupons for your local area
Bad ads tend to annoy people. We're trying to cut down on these ads, and make the ones you do see much more useful.
With features like Priority Inbox, we've been working hard to help sort out the unimportant messages that get in your way. Soon we're going to try a similar approach to ads: using some of the same signals that help predict
which messages are likely to be important to you, Gmail will better predict which ads may be useful to you. For example, if you've recently received a lot of messages about photography or cameras, a deal from a local camera store might be
interesting. On the other hand if you've reported these messages as spam, you probably don't want to see that deal.
As always, ads in Gmail are fully automated-no humans read your messages- and no messages or personally identifiable information about you is shared with advertisers.
The town of Royston in Hertfordshire is to become Britain's first ring of steel town, with hidden Automatic Number Plate Recognition
(ANPR) cameras installed on every single road in and out of the town by next month.
Town bosses rolled out the usual platitudes to explain the introduction of this nefarious system:
...make Royston the safest town in Hertfordshire...They give the police hard evidence as they track known villains...It will make us the safest town in Hertfordshire and you won't be able to drive in or out of the town
without being clocked...We will be the only town in Britain that will have ANPR on every approach to the town.
Chris Farrier, a spokesman for the civil liberties group No CCTV, expressed serious concerns about the dangers of systems like this:
It is a hugely worrying development. It has been developed with no public scrutiny and government legislation. This is the biggest surveillance network that the British public have never heard of. The people of Royston had
better get informed because their one is being described as a 'ring of steel.
The public have not been consulted about this cruel abuse of privacy to monitor and store the movements of everyone who visits the town of Royston on a centralised database for 5 years.
The inevitable conclusion is a nationwide network of ANPR cameras, ensuring that all movement of citizens can be monitored.
Hertfordshire Constabulary attempted to shutdown an anti-ANPR website in Royston. This wasn't done via a court order, but through a bungling communications officer who contacted Andrew Fowley the site host. Andrew feeling threatened by the
request, and considering it an order the host took down the site. Only later after advice from this solicitor put it back up, and ask for the police to issue an injunction against it.
Cambridge News reported on all of this, complete with quotes from Steve Jolly the anti-surveillance campaigning who helped defeat project Champion. Steve rightly said that people should be intimidated by the police. This news report from Cambridge
News has now vanished from their website, which is odd as normally they keep their stories up for a number of years.
The anti-ANPR site has been back up a couple of days, but has now switched to displaying a blank page. It's almost like it never happened....