A British advertising company claims to have built the world's largest database of individuals' internet behaviour, which it says will track almost 100% of the UK population.
The announcement plunges WPP straight into the middle of the
privacy debate surrounding online marketing. The company said it was pooling data from many of the world's major websites, networks of online advertisers and even sources following what people are buying in high street stores.
FTSE 100-listed WPP
is one of the most powerful well-connected advertising companies in the world, and its clients include some of the most famous global brands. Many, though not yet named, are providing WPP with data about visitors to their websites as part of the
company's new database venture, called Xaxis.
The internet is an advertising-supported medium, and much of the web is free because advertisers want to put messages in front of people, said Brian Lesser, chief executive of Xaxis. We are
supporting the broader internet economy by improving the targeting of ads, while also playing by the strictest privacy rules.
It has built individual profiles of 500 million internet users across the world, covering, it says, almost 100 per
cent of the people online in the countries in which it operates, including the UK, US, Australia and eight others.
Privacy campaigners warned against the concentration of so much data about individuals.
Knowing the pattern of websites
you go to makes it very easy to identify you, said John Buckman, chairman of the Electronic Frontier Foundation (EFF). The greatest problem with data gathering is not from the people gathering it, but where it goes afterwards. When the cat is out
the bag, you can't put it back in. The safest protection for data is to never have it in the first place. The principle should be for the minimum amount of data to be captured wherever possible.
The company is promising advertisers an
unprecedented level of precision and zero waste , so that only people likely to be interested in their products will see adverts. But Mr Lesser added that WPP could be trusted not to try to unscramble the data and match it to individuals. Who the person is is not really important to us,
he said. We will never get to the point that we know so much that we know who the person is.
A plan to set up an agency to manage large IT database systems across the European Union has taken a step forward, after the Council of Ministers gave its approval to the scheme. The European Council said it will back the scheme if it gains further
approval from the European Parliament.
The as-yet-unnamed agency would take over the operational management of three major and related databases: the second-generation Schengen Information System (SIS II), the Visa Information System (VIS) and the
Eurodac fingerprint-comparison system.
The new agency might also be made responsible for the preparation, development and operational management of additional large-scale IT systems that are planned for the same field, although new
legislation and impact assessments would be needed to allow this to happen.
The aim is for the new agency to start work in the summer of 2012. It will be based in Tallinn, Estonia, although development and operational management tasks will be
carried out in Strasbourg, France. A back-up site will be established in the Austrian ski resort town of Sankt Johann im Pongau.
A website that allows members to monitor CCTV cameras has been ordered to make changes by privacy regulators after footage from a shop was uploaded to YouTube.
Security video streamed to amateur snoops' computers by Internet Eyes was saved and
posted online in violation of data protection legislation, according to the Information Commissioner's Office.
The regulator received a complaint after the clip, which included an identifiable image of an innocent shopper, was discovered on
Google's video sharing website.
A subsequent investigation found that Internet Eyes had not implemented adequate safeguards to protect the privacy of legitimate shoppers and had no way of finding out which of its members uploaded the footage.
The Information Commissioner ordered the site to encrypt its video streams and ensure it keeps records of which members have monitored which shops and when.
Supermarket staff are being trained by UK health officials to spy on customer shopping baskets, it has emerged.
The government-backed scheme to be rolled out at Sainsbury's stores nationwide supposedly aims to identify hidden carers , people who look after elderly, sick or disabled relatives who do not realise they could be entitled to support.
Under the scheme, cashiers will be asked to watch out for unusual shopping habits and taught to discretely ask customers about their personal circumstances while serving them. Tell-tale signs include shoppers who have two baskets of groceries and
pay for each separately.
Pharmacists will also be trained to quiz people who are picking up prescriptions for other people.
A pilot scheme in Torbay, Devon, led to more than 140 people seeking help in just two months. Sainsbury's cashiers
will be asked to discretely ask customers about their personal circumstances while serving them
Daniel Hamilton, of the campaign group Big Brother Watch, said: It strikes me as something that will make a lot of people uncomfortable. They are
trying to do the right thing but they have to be careful about how they do it.
Simon Davies, of Privacy International, said posters and leaflets would be less intrusive. He added: They may have the best of intentions but I would have
thought that this not the way to do it. It is crossing the creepy line.
The British government has revealed plans for a national proof-of-identity scheme that privacy campaigners say has echoes of the ID card project that was scrapped less than six months ago.
The identity assurance scheme, announced by Cabinet Office
minister Francis Maude, will create services that will verify a person's identity when they access public services online.
The scheme will, according to Maude, allow people to access various government services online without having to remember
multiple log-in details.
Guy Herbert, general secretary for NO2ID, said the project has shades of the ID card scheme in some of its aims and in the officials involved but added there are no firm details on how the proposed scheme will affect
Herbert said his biggest concern is officials using the scheme to piece together a profile of an individual using information held by multiple government departments.
What we don't want to see, and what could easily
happen, is that this could be used as an excuse to share and Hoover up more: information using the assurance element of the scheme, he said.
Under the proposed scheme, private companies will run the accreditation services that verify a
person's identity when they log in to a service online.
A year ago, the Coalition Government was formed. On page 11 of the Coalition Agreement, the Conservatives and Liberal Democrats made the following commitment to the British people:
be strong in defence of freedom. The Government believes that the British state has become too authoritarian, and that over the past decade it has abused and eroded fundamental human freedoms and historic civil liberties. We need to restore the rights of
individuals in the face of encroaching state power, in keeping with Britain's tradition of freedom and fairness.
So – how have they done?
When it comes to advancing the cause of
civil liberties in the United Kingdom, the Coalition has some real achievements to speak off. In particular, ministers should be congratulated for taking steps to scrap ID cards and remove the profiles of the one million innocent people held on the
national DNA database. They should also be praised for doing away with the ContactPoint database of children's details and reforming the criminal record check regime.
The Coalition's record is, however, imperfect.
Police stop and search powers remain in place, Control Orders remain virtually unreformed and there has been no opt-out from the European Arrest Warrant. When it comes to E-Borders, the Summary Care Record and Intercept Modernisation Programme, they have
continued to implement the previous government's policies – warts and all.
This paper outlines the progress to date and suggestions for where further improvements can be made.
The Metropolitan police has bought Geotime, a security programme used by the US military, which shows an individual's movements and communications with other people on a three-dimensional graphic. It can be used to collate information gathered from
social networking sites, satellite navigation equipment, mobile phones, financial transactions and IP network logs.
Campaigners and lawyers have expressed concern at how the software could be used to monitor innocent parties such as protesters in
breach of data protection legislation.
Alex Hanff, the campaigns manager at Privacy International, called on the police to explain who will decide how this software will be used in future: Once millions and millions of pieces of microdata are
aggregated, you end up with this very high-resolution picture of somebody, and this is effectively what they are doing here. We shouldn't be tracked and traced and have pictures built by our own government and police for the benefit of commercial gain,
According to Geotime's website, the programme displays data from a variety of sources, allowing the user to navigate the data with a timeline and animated display. The website claims it can also throw up previously unseen connections
Links between entities can represent communications, relationships, transactions, message logs, etc and are visualised over time to reveal temporal patterns and behaviours, it reads.
Security researchers have revealed that Apple's iOS 4 mobile operating system, which runs on the highly popular iPhone and iPad devices, constantly tracks and stores users' approximate location information without their knowledge or consent.
It has now been learned that law enforcement agencies have known about the secret iOS tracking for at least the last year, and have used the data to aid criminal investigations, according to CNet.
The information recorded by Apple is not a users' exact location; instead, the company tracks which cell tower each iOS device uses to connect to a wireless network.
Apple has never publicized any information about the tracking function.
collected cell tower and Wi-Fi access point information, which is transmitted to Apple every 12 hours.
According to a company called Katana Forensics, however, the unencrypted data is also used by law enforcement for their own
purposes. The information on the phone is useful in a forensics context, said Alex Levinson of Katana, who spoke with CNet. The company's iOS data extracting software, Lantern 2, is often used by small-town local police all the way up to state
and federal police, different agencies in the government that have forensics units.
Apple's iOS isn't the only mobile OS that collects user location information. Devices running Google's market-leading Android OS also keep a record of the
locations and unique IDs of the last 50 mobile masts that it has communicated with, and the last 200 Wi-Fi networks that it has 'seen,' according to the Guardian.
There may be a glimmer of hope for the little man in this, however.
Representative Edward Markey has come to the rescue, asking Apple CEO Steve Jobs in a letter sent this week to explain his company's privacy-encroaching ways. I am concerned about this report and the consequences of this feature for individuals'
privacy, Rep. Markey wrote in the letter, followed by a series of questions about the location data file and why, exactly, it exists.
The Obama administration has said that it's moving ahead with a plan for broad adoption of Internet IDs despite concerns about identity centralization, and hopes to fund pilot projects next year.
There's no reliable way to verify identity
online at the moment, Commerce Secretary Gary Locke sai: Passwords just won't cut it here.
A document released by the White House adds a few more details to the proposal, which still remains mostly vague.
It offers examples of
what the White House views as an identity ecosystem, including obtaining a digital ID from an ISP that could be used to view your personal health information, or obtaining an ID linked to your cell phone that would let you log into IRS.gov to view
payments and file taxes. The idea is to have multiple identity providers that are part of the same system.
Administration officials plan to convene a series of workshops between June and September of this year that would bring together companies
and advocacy groups and move closer to an actual specification for what's being called the National Strategy for Trusted Identities in Cyberspace, or NSTIC.
During his speech, Locke lashed out critics of the proposal. A column in NetworkWorld.com,
for instance, called NSTIC a great example of rampant, over-reaching, ignorant, and ill-conceived political foolishness.
The Czech Constitutional Court has overturned the country's implementation of the EU Data Retention Directive (DRD), on the grounds that it violates fundamental privacy rights and is a disproportionate response to what it is trying to achieve.
ruling comes after Sweden delayed implementing the DRD. Germany, Romania, Cyprus and Hungary have overturned their implementations, while Greece, Ireland and Austria have so far refused to implement the Directive at all.
Google and Facebook are among a group of net heavyweights taking the French government to court.
The legal challenge at the State Council, France's highest judicial body, has been brought by The French Association of Internet Community Services
(ASIC) and relates to government plans to keep web users' personal data for a year.
More than 20 firms are involved, including eBay and Dailymotion.
The law obliges a range of e-commerce sites, video and music services and webmail providers
to keep a host of data on customers. This includes users' full names, postal addresses, telephone numbers and passwords.
The data must be handed over to the authorities if demanded. Police, the fraud office, customs, tax and social security bodies
will all have the right of access.
ASIC head Benoit Tabaka believes that the data law is unnecessarily draconian. ASIC also thinks that passwords should not be collected and warned that retaining them could have security implications.
BT will not be prosecuted for snooping on the web browsing habits of its customers.
The Crown Prosecution Service (CPS) has dropped a request to bring charges against BT and Phorm - the firm that supplied the monitoring system. The Webwise
software used cookies to track people online and then tailored adverts to the sites they visited.
Trials were carried out in 2006 and involved more than 16,000 BT customers. When the covert trials became public they led to calls for prosecution
because BT and partner Phorm did not get the consent of customers beforehand. Snooping is an offence under the Regulation of Investigatory Powers Act which outlaws unlawful interception.
At present, the available evidence is insufficient to
provide a realistic prospect of conviction, said the CPS in a statement: We would only take such a decision if we were satisfied that the broad extent of the criminality had been determined and that we could make a fully informed assessment of the
public interest. It added that there was no evidence to suggest that anyone who unwittingly took part in the trial suffered any harm or loss.
Britain is trying to set up an EU-wide network of travel databases to record the movements and personal details of millions of air passengers within Europe.
The home secretary, Theresa May, is hoping that European justice and home affairs
ministers will back a massive expansion of EU proposals, which as they stand would apply only to flights in and out of Europe and see travellers' details anonymised after 30 days.
May, who was elected on a pledge to scale back the database
state , has been lobbying hard for the data, known as passenger name records (PNR), to also be collected for flights within Europe, tripling the number of journeys tracked. She wants the data to be stored for up to six years. She has already won the
backing of 17 other EU member states for the move but is heading for a civil liberties clash with the European parliament and the German government.
She has claimed that the expansion is needed to combat terrorism but it seems that the UK wants to
use it for immigration as well.
The 19 separate items of personal information involved include home address, passport number, credit card details, mobile phone number and the traveller's itinerary.
Google's GMail service has announced that it will be trawling people's email to try and extract signals that it can use to more selectively target ads.
soon: Better Ads in Gmail
Fewer irrelevant ads
Gmail's importance ranking applied to ads
Offers and coupons for your local area
Bad ads tend to annoy people. We're trying to cut down on these ads, and make the ones you do see much more useful.
With features like Priority Inbox, we've been working hard to help sort out
the unimportant messages that get in your way. Soon we're going to try a similar approach to ads: using some of the same signals that help predict which messages are likely to be important to you, Gmail will better predict which ads may be useful to you.
For example, if you've recently received a lot of messages about photography or cameras, a deal from a local camera store might be interesting. On the other hand if you've reported these messages as spam, you probably don't want to see that deal.
As always, ads in Gmail are fully automated-no humans read your messages- and no messages or personally identifiable information about you is shared with advertisers.
The town of Royston in Hertfordshire is to become Britain's first ring of steel town, with hidden Automatic Number Plate Recognition (ANPR) cameras installed on every single road in and out of the town by next month.
rolled out the usual platitudes to explain the introduction of this nefarious system:
...make Royston the safest town in Hertfordshire...They give the police hard evidence as they track known villains...It will make us the
safest town in Hertfordshire and you won't be able to drive in or out of the town without being clocked...We will be the only town in Britain that will have ANPR on every approach to the town.
Chris Farrier, a spokesman for the
civil liberties group No CCTV, expressed serious concerns about the dangers of systems like this:
It is a hugely worrying development. It has been developed with no public scrutiny and government legislation. This
is the biggest surveillance network that the British public have never heard of. The people of Royston had better get informed because their one is being described as a 'ring of steel.
The public have not been consulted about
this cruel abuse of privacy to monitor and store the movements of everyone who visits the town of Royston on a centralised database for 5 years.
The inevitable conclusion is a nationwide network of ANPR cameras, ensuring that all movement of
citizens can be monitored.
Hertfordshire Constabulary attempted to shutdown an anti-ANPR website in Royston. This wasn't done via a court order, but through a bungling communications officer who
contacted Andrew Fowley the site host. Andrew feeling threatened by the request, and considering it an order the host took down the site. Only later after advice from this solicitor put it back up, and ask for the police to issue an injunction against
Cambridge News reported on all of this, complete with quotes from Steve Jolly the anti-surveillance campaigning who helped defeat project Champion. Steve rightly said that people should be intimidated by the police. This news report from
Cambridge News has now vanished from their website, which is odd as normally they keep their stories up for a number of years.
The anti-ANPR site has been back up a couple of days, but has now switched to displaying a blank page. It's almost
like it never happened....