SEARCH CLINIC

The Irish data protection commissioner has recommended widespread changes to improve personal data privacy on Facebook.They include making its terms and conditions clearer and offering users greater control over how their data is used on the site.

The findings are particularly significant because Facebook Ireland was given responsibility for all non-US and Canadian data in September 2010.

Facebook has six months to implement the changes.

Commissioner Billy Hawkes will conduct a formal review of its progress in July.

Commenting on the report, he said: “This was a challenging engagement both for my office and for Facebook Ireland. The audit has found a positive approach and commitment on the part of FB-I [Facebook Ireland] to respecting the privacy rights of its users.”

The review was conducted partly in response to complaints about Facebook’s data and partly as routine assessment of firm conducted by the commission.

The report suggested widespread changes, including:

• a mechanism for users to make informed choices about how their information is used and shared on the site, including in relation to third party apps
• increased transparency and controls over how personal data is used for advertising purposes
• transparency and control for users via the provision of all personal data held to them on request and as part of their everyday interaction with the site
• the deletion of information held on users and non-users via what are known as social plug-ins, and more generally the deletion of data held from user interactions with the site much sooner than at present
• an update to its data use policy/privacy policy to take account of recommendations as to where the information provided to users could be further improved
• an additional form of notification for users in relation to facial recognition/”tag suggest” that, it is considered, will ensure Facebook Ireland is meeting best practice in this area from an Irish law perspective
• an enhanced ability for users to control tagging and posting on other user profiles
• an enhanced ability for users to control their addition to groups by friends

One of the first changes users will notice in the new year will be prominent notices informing them about the facial recognition tag which suggests names for labelling photos. Users will be offered the chance to disable it.

It’s not that long ago that Facebook felt able to ignore complaints about the way it handled users’ data, confident that everyone would eventually fall in line with Mark Zuckerberg’s exhortation to share more. That has all changed.

Under growing attack from privacy campaigners, governments and regulators, the social network is now doing its best to sound more sensitive to their concerns.

The idea that internet firms could ignore local regulators by simply moving elsewhere now looks out of date. If the likes of Facebook and Google want to operate globally, they are finding that they have to respond to local concerns.

But further clashes loom. Facebook’s business depends on advertisers who want to know more about the likes and dislikes of its users. Balancing their demands for more data with the privacy concerns of 800 million people will be a difficult line to tread.

Facebook has agreed to tighten privacy controls as part of a settlement with US regulators over yet another abuse of user data.The Federal Trade Commission said Facebook would tighten consent rules on privacy, and close access to deleted accounts in 30 days or less.

The case began in 2009, when Facebook changed settings to make public details users may have deemed private.

In a blog post, Facebook founder Mark Zuckerberg said the company had made a “bunch of mistakes”.

But he added that this has often overshadowed the good work that the social networking site had done.

Facebook had addressed many of the FTC’s concerns already, he said.

The FTC said Facebook, which has 800 million users, had agreed to get consumers’ approval before changing the way it shares their data.

Facebook did not admit guilt and was not fined, but it was barred from “making any further deceptive privacy claims” and will undergo regular checks on privacy practices, the FTC said.

“The proposed settlement requires Facebook to take several steps to make sure it lives up to its promises,” the FTC said in a statement.

That includes giving consumers “clear and prominent notice and obtaining consumers’ express consent before their information is shared beyond the privacy settings they have established”.

Mr Zuckerberg said in his blog: “We’re making a clear and formal long-term commitment to do the things we’ve always tried to do and planned to keep doing – giving you tools to control who can see your information and then making sure only those people you intend can see it.”

The settlement follows a similar agreement in March between the FTC and Google over the web search firm’s own social network, Buzz.

Software installed on millions of Android phones is thought to be secretly tracking every key stroke, Google search, and text message by their users, it has been claimed.An Android app developer in America has posted a video showing what he claims is ‘conclusive proof’ that ‘Carrier IQ’ software installed by manufacturers of many US phones records the way those phones are used in real time, as well as their geographic locations.

Carrier IQ has claimed that the software only tracks information for the benefit of users, not for any spying purposes, and that it is “counting and summarising” information rather than recording it.

However, in a YouTube video the developer, Trevor Eckhart, did a “factory reset” on his Android phone, returning it to the condition in which it is shipped to customers, and linked it to a computer screen which allegedly displayed what the Carrier IQ software was tracking.

The demonstration shows that the software reads every keystroke put into the phone, as well as every text message sent to it. It also appeared to log location data, and transmit this to Carrier IQ.

Mr Eckhart, claims it is used by manufacturers of phones that use Google’s Android operating system, as well as some BlackBerry and Nokia handsets. It is not thought to be used in Apple’s iPhones.

It is not known if Carrier IQ is in use in Europe, where it might present a serious breach of the Data Protection laws.

A source at a leading mobile operator said his company didn’t install it but that he had been investigating whether UK manufacturers had done so and “couldn’t give a definitive answer”.

A flaw in Facebook’s personal privacy security has allowed users access to supposedly private photographs- including those of the website’s chief executive, Mark Zuckerberg.The step by step guide on how to circumvent Facebook’s privacy systems have been circulating online for more than two weeks.

The method, which was blocked on Tuesday, involved exploiting systems meant to stop users posting explicit material on the web’s largest social network.

After reporting a public profile picture as inappropriate because of “nudity or pornography”, intruders were offered the chance to report more photographs posted by the same user. Facebook then presented them with a thumbnail gallery of private images which could be enlarged by making a simple change in the browser address bar and downloaded.

“Facebook could take action on your account should this be abused,” the original poster wrote. “I urge you to use on a dummy account if you care about keeping your Facebook profile active.”

It was verified by experts on Hacker News, a widely-read software development website.

“If that doesn’t prove that [Facebook's] developers aren’t thinking about security, I don’t know what would,” said one developer.

“Nobody who is in a culture of protecting security would even consider building this.”

Using the method, the website’s users raided Mark Zuckerberg’s private albums and posted their contents on other websites.

The 27-year-old is shown in a series of candid shots with his girlfriend Priscilla Chan and his Hungarian sheepdog puppy, Beast.

Zuckerberg’s private photographs also include a picture of him holding an apparently live chicken by its legs; the billionaire has said he only eats meat from animals he kills himself. Some of the photographs were already publicly available.

The 14 pictures were posted anonymously on an image sharing website under the heading “It’s time to fix those security flaws Facebook”.

As well as being potentially personally embarrassing for Mr Zuckerberg, the flaw has been exposed at an awkward time for the firm he co-founded at Harvard University.

Last week Facebook admitted “a bunch of mistakes” after American regulators accused it of “unfair and deceptive” privacy practices.

The Federal Trade Commission investigated a series of controversies over sharing user data with advertisers, access to user data by third party apps and changes to privacy settings that made more user data public without warning.

Facebook was forced to agreed to external inspections of its privacy systems and agree to fines of $16,000 per day for new violations.

UK shoppers are buying more online products and services and at a faster pace than many other countries- a survey of global shopping habits by KPMG has found.Seventy seven per cent of British shoppers prefer to buy goods like CDs, DVDs, books and video games online – compared with 65% globally.

But when it comes to mobile banking, consumers in the UK are more reluctant than those in other parts of the world.

KPMG surveyed 9,600 consumers aged between 16 and 65, across 31 countries.

When buying goods or services, the majority of customers (both in the UK and globally) now said that they look at social networks such as Facebook and Twitter and online review sites.

“From buying goods on their mobile phones to keeping up with friends on social networks, consumers are increasingly reliant on a range of technologies that perform important – yet often overlapping – tasks,” said Tudor Aw, KPMG’s European head of technology.

“This new ‘converged lifestyle’ will have huge implication for retailers.”

Eighty eight per cent of respondents in the UK and worldwide reported downloading an app to their mobile.

In the UK, 74% of consumers said they were more likely to buy flights and holidays online and six in 10 used some form of online grocery shopping.

In the US, by contrast, the same amount would book flights but only 21% said they were more likely to buy groceries online.

But when it comes to mobile banking, only 27% in the UK said they had used some form of mobile banking in the past six months.

That compares with 52% globally – a massive jump from just under 20% in 2008, according to the audit firm.

Consumers in the UK are also more reluctant to embrace the cloud – storing their data online rather than on their own computers – with 53% of respondents saying they do some compared with 65% globally.

“The report also shows that consumers’ concerns over privacy and data security have increased over the last few years and companies across all sectors need to take this concern seriously,” Mr Aw said.

Last month Facebook admitted that hackers are breaking into hundreds of thousands of Facebook accounts every day.Out of more than a billion logins to the website every 24 hours, 600,000 are impostors attempting to access users’ messages, photos and other personal information Facebook said.

The figure is the first time that the social network has revealed how it is bombarded by hackers on a daily basis.

Security experts said the figure is a “big concern” and that people need to be more careful when choosing their passwords across the web.

Facebook is just one of the main target sites for hackers.

Web users need to make sure that their passwords across email, banking and other digital services more complicated in order to avoid their personal information being compromised.

Top tips for choosing an internet password:

- Vary different types of characters in your passwords; include numbers, letters and special characters when possible.
- Choose passwords of eight characters or more. Separate short words with spaces or underscores.
- Don’t use the same password and username combination for multiple websites. Use an online password manager to keep track of your different accounts.

Here are a list of the 25 ‘worst’ internet passwords- if you use ANY of these you should seriously change them NOW:
1. password
2. 123456
3.12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

Privacy campaigners have welcomed a suggestion that Facebook may finally be about to ask it’s users to opt into any changes in the way it uses their personal information.The social network previously announced alterations to its members’ settings without asking for fresh consent.

The website is changing its policy after an investigation by the US Federal Trade Commission, according to a report by the Wall Street Journal.

The report suggests the site has also agreed to privacy audits by an independent organisation over the next 20 years.

“Facebook has historically been extremely resistant to transparency in its own operations, so we welcome measures that would force the company to obtain express consent of its users,” said the advocacy group Privacy International.

“However, it seems likely that the FTC’s demands will only present a temporary obstacle in the path of Facebook’s ambitions to collect its users’ information.

“Faced with reams of small print, most users are likely to automatically agree to policy changes, with each change bringing us one step closer to Zuckerberg’s vision of a privacy-free future.”

The FTC’s intervention is being linked to the Washington-based campaign group, Electronic Privacy Information Center (EPIC).

It filed a complaint with the commission in December 2009 claiming that privacy setting changes “violate user expectations, diminish user privacy and contradict Facebook’s own representations”.

EPIC noted that the website’s users, security experts and others had voiced opposition to the change.

The organisation filed a follow-up complaint in 2010 claiming the social network had violated consumer protection law.

This year, EPIC also asked the FTC to investigate Facebook’s use of facial recognition software on users’ uploaded photographs and changes that gave the firm “far greater ability to disclose the personal information of its users to its business partners”.

Facebook says it has more than 800 million members who have used the site at least once in the past 30 days.

Legal experts say any settlement with the FTC is likely to have implications for other internet firms.

The head of Scotland Yard’s e-crime unit has made an attack on judges over the sentencing of cyber criminals.Det Supt Charlie McMurdie said e-crime cost the UK economy an estimated £27 billion a year and was not victimless.

She said fraudsters and robbers get longer sentences than cyber criminals.

Her comments come after the FBI busted an Estonian gang who infected four million computers in 100 countries with code redirecting users to online ads, allegedly making them £9 million ($14 million).

Security firms hailed Operation Ghost Click as the “biggest cyber criminal takedown in history”.

Det Supt McMurdie said: “Sentencing is still an issue. Some of these people have made millions and if it was fraud or robbery they would get eight or 10 years but they get less because it’s cyber crime.”

She pointed to a number of successes in recent years, including Operation Lath and Operation Pagode, which had resulted in several people being convicted in British courts.

Det Supt McMurdie said Operation Pagode centred around a criminal “cyber supermarket” website where up to 8,000 people exchanged information about stolen credit cards, and bomb making and drug making kits.

She said it was “the largest English-speaking forum of its kind” and contained details of 130,000 compromised credit cards.

Operation Lath saw Ukrainian nationals Pavel Klikov, 29, and Yevhen Kulibaba, 33, from Chingford, Essex, jailed for withdrawing an estimated £3 million from victims’ bank accounts, having used Trojans to infect them.

But Det Supt McMurdie believes their sentences of four years and eight months did not reflect the severity of the crime.

“Sentencing powers are sufficient but it’s the appreciation of the harm these individuals are causing that is lacking,” she said.

“In total some of these cases involve £5m or £6m. People think there are no victims, no-one loses out because individuals get their money back from the banks. But it’s a loss to the UK economy and a gain for that criminal organisation.”

She said there was a “significant cyber threat around the Olympics” and said there was already a lot of fraud involving online ticketing but the picture was “constantly evolving”.

Det Supt McMurdie said the police nationally had been given an extra £650 million from the government to fight cyber crime and her own team had grown from 20 officers to 104.

In January, three new regional e-crime units will be launched in north-west England, the East Midlands and Yorkshire/Humberside.

The Met’s e-crime unit is also involved in the ongoing investigation of internet activist groups like Anonymous and LulzSec.

Hacking by foreign governments and corporations is putting British companies out of business and has cost the economy £27 billion, the country’s head of cyber security has warned.‘The biggest threat to this country by cyber is not military, it is economic,’ said Major General Jonathan Shaw, a veteran of the Falklands War and Iraq.

Maj Gen Jonathan Shaw said that British firms are routinely having valuable commercial information stolen from them by overseas rivals.

In a recent instance, a firm in Warrington, Cheshire, that designed a revolutionary blade for wind turbines went bust after hackers stole the blueprint and produced a cheaper version.

Maj Gen Shaw, the head of the Ministry of Defence’s cyber security programme, said that Britain will lose its position as one of the world’s leading hi-tech manufacturers unless companies improve cyber security.

“The cyber threat could affect anyone, and we all need to take measures to protect ourselves against the threat it poses. If the moment you come up with a brilliant new idea, it gets nicked by the Chinese then you can end up with your company going bust.”

Earlier this week, it emerged that a new version of the Stuxnet virus that crippled Iran’s nuclear programme is being targeted at European firms that play a critical role in nuclear power and other critical industries.

The variant of the virus, Duqu, targets the software that controls power stations and other facilities.

The Chinese pose the biggest threat, Maj Gen Shaw said, and regularly target British companies and government institutions to acquire highly sensitive information.

To protect itself against future cyber attacks, Britain needed to have “an effective national response where everybody had to be involved”, he said.

Undertaking simple tasks, such as regularly changing passwords and making checks of computer software, could help to prevent attacks. “About 80 per cent of our cyber problems are caused by what I call poor cyber hygiene,” Maj Gen Shaw said. “Many of them would go away if our cyber hygiene was better. We have embraced the opportunities provided by new technology, such as computers and mobile phones, without giving proper consideration to the downsides.”

Maj Gen Shaw says that Britain needs to be more like China, where the government introduced a programme of training schools to educate businesses to protect themselves from cyber attacks.

“Anyone can take part in these courses and learn how to implement effective precautions against cyber attacks,” he said. “We should do the same here.”

The UK has been subject to a “disturbing” number of cyber attacks, the director of communications intelligence agency GCHQ has said.Sensitive data on government computers has been targeted, along with defence, technology and engineering firms’ designs according to Iain Lobban the GCHQ chief.

There was a “significant” unsuccessful internet based attack on Foreign Office computer systems this summer, he added.

Tomorrow the government hosts a two day conference on the issue.

Foreign Secretary William Hague convened the London Conference on Cyberspace after criticism that ministers are failing to take the threat from cyber warfare seriously enough.

It aims to bring together political leaders, such as US Secretary of State Hillary Clinton and EU digital supremo Neelie Kroes, with leading cyber security experts and technology entrepreneurs such as Wikipedia founder Jimmy Wales and Cisco vice-president Brad Boston.

Mr Hague believes a “global co-ordinated response” is required to forge policy on cyber development.

Writing in the Times, Mr Lobban said such an inclusive approach was vital.

“The volume of e-crime and attacks on government and industry systems continues to be disturbing,” he wrote.

“I can attest to attempts to steal British ideas and designs – in the IT, technology, defence, engineering and energy sectors, as well as other industries – to gain commercial advantage or to profit from secret knowledge of contractual arrangements.

“Such intellectual property theft doesn’t just cost the companies concerned; it represents an attack on the UK’s continued economic wellbeing.”

Mr Lobban added that government online taxation and benefits services could be targeted in future, and said a black economy had already developed which saw UK citizens’ credit card details offered for sale.

The Ministry of Defence foiled more than 1,000 cyber attacks in the last year from criminals and foreign intelligence services.

The Foreign Secretary William Hague revealed in February that computers belonging to the government have been infected with the “Zeus” computer virus after users opened an e-mail purporting to come from the White House and followed a link.

He said cyberspace was providing “rich pickings” with UK defence contractors also being targeted.

A leading think tank, Chatham House, has said there is a reluctance by government to share information with the private companies that might be targeted.

It also criticised those same companies for putting up with an “unacceptably high level of risk”.

The government says it ranks cyber security as a top priority.

Last year it announced £650m of additional funding to help tackle computer-based threats.

Around £130m, or 20%, is specifically earmarked for critical infrastructure projects.