Think of past stories like top secret information in a digital camera that got sold for a few pounds on eBay or the discovery of an USB stick outside a pub containing information about 12 million British citizens.

This time it was mere paper that was responsible for a data leak. Most users would think that pre-computer age politicians would know how to handle at least secure information on paper properly. This is apparently not the case as police chief Bob Quick managed to carry a document marked secret in public which immediately caught the attention of bystanding photographers.

The document, which can be viewed on the Guardian’s website contained information about an anti-terrorist raid. The details were extensive including names, addresses and command structures. The raid had to be conducted in bright daylight because of the security leak.

As Dante, who send me a link to the story points out: “It’s not just electronic security that
counts. It’’s also what happens when a user prints out the data.”

There is not a single card reader in Great Britain – with the exception of prototypes probably – that can read the new cards. This essentially means 4.7 Billion pounds well spend on a piece of plastic that does not serve any other purpose than a standard old fashioned ID. One would think that the production of card readers would be set to the highest priority. This is seemingly not the case as Identify Minister Meg Hillier mentioned that “there’s no prospect in the immediate future for the government directing anybody [...] to buy those things”.

Minister Hillier did point out that the British government will not direct anybody to purchase card readers in the near future. They do expect on the other hand that organizations will start buying card readers once a critical mass has been reached.

via Dailytech

A side-effect was that users of those Internet Service Providers in the United Kingdom were not able to modify other Wikipedia articles anonymously anymore.

It did not take long however before some users created a Greasemonkey script Antiproxy 4 Wikipedia so that users from the United Kingdom who cannot edit Wikipedia entries anonymously anymore have the opportunity to do so. A Firefox extension based on that Greasemonkey script has been designed in the meanwhile which can also be used to edit articles anonymously.

A more technical explanation can be found at Computerworld:

The measures applied caused the ISPs to redirect traffic for a significant portion of the UK’s Internet population through six proxy servers, which can log and filter the content that is available to the end user, Wikinews say. But the knock on effect resulted in Wikipedia being unable to distinguish UK users from one another by their IP address. That triggered Wikipedia’s anti-abuse mechanism, blocking all non-registered UK users from editing articles, according to the foundation.

A search for Virgin Killer will reveal the album cover on many websites who are still available for UK users.

Update: The Firefox extension has been taken down, it is no longer available on the Mozilla website. You can still use the userscript.

The last incident came to light this Sunday. The Times Online is reporting that an USB Stick was found outside a Brewers Fayre chain pub in Cannock, Staffordshire which contained confidential passwords, security software and the source code of the Government Gateway. The data on the stick could be used to access the personal details of more than 12 million individuals who registered on the system including names, addresses, national insurance numbers, credit card information or passwords.

The system had been shut down shortly after the USB stick was found (again) to protect the data of the citizens. According to government officials the system has not been breached by then. Even more pressing than the discovery of the data on the stick is the source code which could be used to exploit the system to a much larger extent.

Investigations are in full swing and should reveal additional information soon. Gordon Brown commented on the incident with the words: “It is important to recognize we cannot promise that every single item of information will always be safe because mistakes are made by human beings.”

James Bond on the other hand would be ashamed of the most recent incident. A 28-year old delivery men thought that he made the bargain of his life by purchasing a Nikon Coolpix camera for roughly $30 on eBay.

Imagine his surprised look when he found out that the camera was filled to the brim with top secret information from Britain’s Secret Intelligence Service. According to Techcrunch the camera was filled with information about “al-Qaeda cells, names, images of suspected terrorists and weapons, fingerprint information, and log-in details for the Secret Service’s computer network, containing a “Top Secret” marking”.

This incident leads to two conclusions: Even if politicians claim that there will be no data privacy leaks they can and will happen. The second is that it will happen again. One only wonders how many hard drives and other storage devices have been sold with sensitive information on them.

No, I won’t reveal my methods to you or anyone else. The evidence is solid and you have to take my word for it, and remember, I’m in high standing and trusted. My commercial interests do not play a role, I work thoroughly..

While this could look like a joke it is unfortunately reality in several parts of the world. Last to join the party are users from the United Kingdom who will receive warning letters send from their Internet Service Providers who received the information from the British Phonographic Industry who do not disclose the process of gathering the data in first place.

Scientific studies have shown that the data gathering process of most organizations that send out DMCA notices is flawed and provided access to several methods that explained why. One of the methods was to actively frame other users and they managed to get DCMA takedown notices for one of their network printers to prove the point.

There is definitely a problem with the system if the British Phonographic Industry has the unchallenged might and right to notify the Internet Service Providers of copyright infringements and make them send out warning letters to their customers.

On Friday another blunder came to light, not related to filesharing but to privacy and ethics which somehow connects it to warning letters case.

The British Government has apparently passed millions of DNA profiles to private companies without the consent of the involved. Since 1999 the Government has accepted 25 requests for access to the database which contains 4.2 million DNA profiles of British citizens.

Officials quickly let everyone know that the data was stripped of information that could connect it to the person behind.

Paul Debenham, the director of innovation and development at LGC, said: “It is like being given a list of number plates but having no idea about the make of the car.”

A fairly interesting quote. I’m not familiar with the British Driver and Vehicle Licensing Agency (Welsh: Asiantaeth Trwyddedu Gyrwyr a Cherbydau) but they probably keep records of drivers and their license plates in their database.

A spokesman for the National Policing Improvement Agency, which oversees the database, said: “These are completely anonymous profiles which are not identifiable in any way. After approval, they were made available for authorised research purposes demonstrating, clear, potential operational benefit to the police in terms of detecting and solving crime.”

Where have we heard this before?

The ISPs in question, those that are better avoided like the plague from now on are: BT, Virgin Media, Orange, Tiscali, Sky and Carphone Warehouse. I really do not care as much for the reason why they signed the agreement as to that they did sign it at all. The Register thinks that they agreed to the “voluntary” code to avoid or even mute further legislation of the matter which might have forced them to invest in monitoring and storage equipment.

There is no word on punishment yet but it is interesting that the ISPs, Ofcom and the music industry have a few month to agree on a punishment. And I thought it would be the law that would determine the punishment, boy was I wrong.

The Music Industry is favoring the three strikes and you are out punishment which means that if your name, sorry IP, turns up three times you will be kicked out of your contract with the broadband company. No word yet on how they are going to manage false positives and identify offenders in first place and if the user has the right to appeal against the offending letter.

One of the Internet Service Providers (TalkTalk) published a FAQ already on their website that is answering some of the most pressing questions that their customers might have.

It will be interesting to watch how this unfolds.