UK’s Digital Snooping Powers Illegal

A legal challenge by Labour MP Tom Watson against the UK government’s own digital mass surveillance legislation laws introduced in 2014 has led to a court deciding that the laws were illegal.

Legislation

The legislation that was successfully challenged in court was the Data Retention and Investigatory Powers Act (DRIPA), which was actually replaced at the end of 2016 by The Investigatory Powers Act, also known as the Snooper’s Charter.

What Was Wrong With DRIPA?

DRIPA required communications companies to store detailed personal information e.g. people’s mobile phone data, their emails, texts and internet communications.

Tom Watson has been reported as saying that, back in 2014, DRIPA was rushed through Parliament just before recess, and therefore lacked proper parliamentary scrutiny. This meant that one section was inconsistent with EU law. It was this section that UK judges agreed was illegal because it granted spy agencies and law enforcement access to UK citizens’ phone records and internet activity for reasons other than using the details to fight serious crime, all without seeking or getting approval from a court or independent authority.

What Difference Does This Make?

Even though DRIPA is defunct, many of those who objected to DRIPA have said that in the light of the court’s ruling, the current Investigatory Powers Act should be changed accordingly, and that a system of independent approval for access to communications data needs to be put in place.

Digital rights Charity Liberty is reported as saying that the judgement tells ministers that they are breaching the public’s human rights, and that the latest incarnation of the Investigatory Powers Act must now be changed.

Already Heading That Way Says The Government

The Security minister Ben Wallace is reported as saying that the government had already announced that it would amend the Investigatory Powers Act to address the two areas in which the Court of Appeal found against the previous data retention regime.

Current Snooper’s Charter In Crowdfunded Challenge

The current Investigatory Powers Act is being challenged separately by the charity Liberty with the help of £50,000 crowdfunding. Liberty wants to challenge the Charter on the argument that surveillance of everybody in the UK may not be lawful or necessary, and that whistleblowers and experts have warned that the powers would actually make it more difficult for security services to do their jobs effectively.

There are also the arguments that the new law puts too much power in the state’s hands, could be an invasion of privacy, and that the government’s storing of large amounts of sensitive information about each of us could in itself be irresponsible and a security risk.

Some critics have also expressed suspicions about the motives of the UK government for introducing the law e.g. to censor and control rather than to protect.

What Does This Mean For Your Business?

The ruling by the European Court of Justice back in December 2016 that DRIPA was unlawful, coupled with this latest agreement by judges with Tom Watson’s challenge will strengthen the need for the UK government to act quickly to make changes to what has been controversial legislation.

Most people would probably agree that people in the UK need to be protected from terrorist attacks, and that children and young people need to be protected from predatory behaviour and the activities of paedophiles online. Although the Investigatory Powers Act may include measures that could help with that, many people and businesses (communications companies, social media companies, web companies etc) are uneasy with the extent of the legislation and what it forces companies to do, how necessary it is, and what effect it will have on businesses publicly known to be snooping on their customers on behalf of the state. The 200,000+ signatures on a petition calling for the repeal of the Investigatory Powers Act after it became law, and the £50,000 crowdfunding raised from the public in less than a week to fight the bill, both emphasise the fact that UK citizens value their privacy and take the issues of privacy and data security very seriously.

 

Military Bases Exposed By Fitness App

A user activity ‘heat map’ published by fitness tracker Strava has unwittingly revealed the location and structure of military bases in other countries.

How?

The app, made by San Francisco-based Strava, uses a mobile phone’s GPS to track a subscriber’s exercise activity. Although the new version of the app, introduced in November last year, is reported to be built from a billion activities – three trillion points of data, covering 27 billion km (17bn miles) of distance run, jogged or swum, the data used to produce a ‘heatmap’ of user activity is not live data.

The latest heatmap published by the company, showing the paths its users log as they run or cycle, is intended to show the app’s popularity and is actually made from aggregated data from activities recorded between 2015 and September 2017.

Revealed

Unfortunately for Strava, since military personnel engage in regular exercise, and are generally limited to following the same exercise routes in or close to the base where they are stationed, Strava’s heatmap of user activity reveals the outline of military bases and the most popular routes taken by the soldiers there.

Danger

Even though the location and outline of many military bases are already known from satellite imagery, the heatmap from the app exposes the regular routes taken by soldiers when they are most likely not armed and at their most vulnerable. Also, the heatmap could expose the routes taken by other personnel such as aid workers and NGO staffers in more remote areas. All of this could mean that the app is exposing soldiers and other personnel to danger from attack or kidnap by state and non-state actors e.g. in countries such as Syria, Yemen, Niger, Afghanistan or Djibouti.

There is also a danger that hackers could access Strava’s database and find the details of individual users.

UK Personnel at Risk Too

Even though Strava is a US app, it has also been reported that user activity at the UK’s RAF base at Mount Pleasant in the Falkland Islands was also exposed by the app’s heatmap.

Privacy Settings

Privacy settings do exist on the app but the onus is on the user to explicitly opt out of data collection for the heatmap.

US Already Takes Measures To Protect

The US government already takes measures to guard against similar risks to those posed by the app heatmap. For example, it has already published a tract called Enhanced Assessments and Guidance Are Needed to Address Security Risks in DOD, and in 2016, banned Pokémon GO from government-issued mobile phones.

What Does This Mean For Your Business?

This is not the first time that the negative aspects of fitness-tracking device companies and their activities have been featured in the news i.e. that the devices are transmitters as well as recorders of data about us. Back in February 2016, a study by a Canadian research team revealed that popular types of fitness trackers actually transmit a signal via bluetooth that could act as an ‘identifier’ signal that could be picked up by beacons that are now being used by retail stores and shopping centres to track, recognise and profile customers.

In the case of Strava, although the company could be forgiven to an extent because of the relatively unforeseen risk that its activities may have caused, there is an argument that a better approach would be to make the device opt-out by default, and to give users the choice to opt-in should they wish to. It may also have been better to avoid publishing any heatmaps, and to simply publish some statistics instead.

In addition to the possible risk to the life of service personnel (and others) that the map has caused, it has also highlighted other important issues relating to fitness-tracking devices and consumer protection e.g. data protection and privacy implications, the risk of hacking the devices, and the need for greater transparency about what is stored and transmitted by the devices.

Companies producing devices that store and transmit personal data need to ensure that they comply with data protection laws, and that they are mindful of potential identifiers and other security risks.

UK Most Targeted Region For Cyber Threats

The Malwarebytes annual State of Malware report has revealed that the UK is now the most targeted region in the world for cyber threats.

Big Rises

The UK has been elevated to the unenviable position at the top of the targets table after a huge 165% increase in UK bound ransomware was recorded, and after a 134% rise in hijacking attempts against British machines. This means that as well as being most at risk, the UK’s ransomware attack rate is now double that of the US.

Why Is The UK Being Targeted?

One reason is that ransomware use worldwide saw a 90+% increase against businesses in 2017 up until the end of year, when ransomware’s use began to decrease as criminals turned more to the use of banking Trojans and cryptocurrency mining. In 2017, the UK was famously hit by the massive WannaCry ransomware attack, which is believed to have originated in North Korea, claimed victims in 150 countries, and led to around 130,000 infections of computers. Older computer systems, such as those in the NHS, were particularly badly affected.

Spyware Increase

The Malwarebytes data also showed a big increase in the use of spyware last year – an increase of 882%.

Move To Trojans

The report data also shows that cyber-criminals are turning to different attack methods as awareness is raised about ransomware and more measures are taken to combat it. For example, Trojans are now being used in more than 20% of global attacks, and the use of banking Trojans doubled in the second half of 2017.

Earlier this month, security researchers discovered a new type of malware (called Android.banker.A2f8a) targeting 232 banking apps on Android devices, stealing login details, hijacking SMSs, as well as uploading contact lists and SMSs on a malicious server. Banking Trojans of this kind can spy on the credentials entered by the user, and intercept incoming and outgoing SMS.

Move To Crypotocurrency Mining

It appears that cyber-criminals are also moving into cryptocurrency mining, using cryptomining tools to exploit malware infected machines in order to generate and steal digital currencies. Criminals were attracted by the rapid growth in the value of cyptocurrencies such as Bitcoin and Malwarebytes is reported to have blocked an average of 8 million drive-by mining attempts each day in September.

A recent report by Ernst & Young has also highlighted the fact that 10% of all funds raised through Initial Coin Offerings (ICOs) are stolen by hackers using techniques such as Phishing.

What Does This Mean For Your Business?

In 2018, some security experts and commentators are predicting a further rise in the use of drive-by mining tools, new mining platforms and new forms of malware to steal virtual currencies. It seems that 2018’s criminals are more likely to be interested in simply stealing than rather than trying to hold businesses to ransom.

The IoT may continue to be a target, and businesses should be careful to guard against supply chain attacks, malware possibly targeting Mac computers, and more weaponised zero-day vulnerabilities. Giving 3rd parties in your company supply chain / value chain access to systems and sensitive data, combined with increased levels of sophistication in hacking tools and strategies, plus increased oversight from regulators, and potentially ‘weak link’ companies in terms of cyber-security now make the risk of supply chain attack very real for companies in 2018.

Businesses need to increase cyber-security awareness and training, and employ a holistic risk-based authentication infrastructure across multiple vectors in order to stay one step ahead of the developing cyber threat.

The use of enhanced technologies, and the assistance of greater regulation for cryptocurrencies may also help to reduce some of the risks shown in the Malwarebytes report.

Tech Tip: Windows 10 – Create Multiple Desktops

If your work involves having different jobs that need different sets of apps, or if you need to have lots of different things open and you only have one monitor, you may find that it helps to create multiple desktops.

To create multiple desktops:

  • Click on the task view button next to the search bar on the taskbar.
  • Go to the button at the bottom-right corner of your screen labelled ‘+ New desktop.’
  • Click on this to create a new desktop.
  • To switch between desktops, click on the task view button and then, click on either of the thumbnails at the foot of the screen.

Nominet To Walk Away From Own Charitable Trust

Questions about Nominet Trust’s direction and accountability have led to Nominet announcing that it is withdrawing from its own charitable foundation that it set up over a decade ago.

What Is Nominet Trust?

Nominet Trust is the charitable foundation that was set up by Nominet, the UK’s domain-name registry, as a way of dealing with the excess revenue from registrations of .uk domain names.

What’s Gone Wrong?

An email sent by Nominet CEO Russell Haworth cites problems with the Trusts “grant-giving, single funder model” which was set up in 2008, as being at the heart of the reason for Nominet wanting to walk away from its own Trust.

It has been reported, however, that some members of the Trust became concerned that, rather than using the money from .uk to find good causes, money may have been used to fund unrelated business expansions, including loss-making ventures.

There was also concern after Nominet raised its prices by 50% for reasons that were unclear to many, and that contacts Nominet had signed to run dozens of new domain registries, may have been won by offering below-market rates.

The announcement of the move away from the Trust by Nominet was accompanied by the resignation of the chair of trustees Natalie Campbell, and by two of its directors, former Nominet board member Nora Nanayakkara, and Jemima Rellie.

Trouble At The Top?

There appears to have been a history of trouble at the top at Nominet with previous CEO, Lesley Cowley, reportedly giving the board members more power over the funds.

Some commentators have noted that the arrival of new Chief Executive Russell Haworth, a former acquisition and venture specialist with no experience of the domain name registry market, brought more of a shift from non-profit with a strong public benefit remit to a profit-seeking investment vehicle.

Mr Haworth’s arrival in 2015 also coincided with the resignation of the entire Nominet Trust team, including the chief executive, chair, several trustees, and most of its senior staff.

It has also been noted that under Haworth’s leadership, the organization appeared to ignore the recommendations of an independent study into its governance that would have given members a greater say in Nominet’s direction.

What Now?

Nominet’s CEO has stated that the Nominet Trust should now be free to attract other investors in order to fulfil its social tech ambitions, which means that the Trust will become a separate entity with a new name, and with different governance and funding structures. The Trust is reported to be in a healthy financial position and is continuing running its programmes.
Nominet is still willing to be involved as a member of the Trust during the transition period.

It is thought that the new version of the Nominet Trust will be led by new Chair Bill Liao, who joined the Board back in 2014. It is reported that Mr Liao has the full support of Trustees Sebastien Lahtinen, Beth Murray and Hannah Keartland.

What Does This Mean For Your Business?

It seems that a change in CEO, the focus way Nominet now does business, and most probably the culture (after resignations) and power shifts, and led to questions which, in turn led to the registry and its Trust going their separate ways.

Nominet was set up as a non-profit, public-interest, government-designed operator of the UK’s internet registry, and the Trust was set up to make use of money for good, charitable causes. It is important that organisational structures of this kind maintain accountability and transparency, and that the original charitable focus of Trusts is protected by members who have enough power.

Although businesses and charities need strong leadership, too much power at the top, and power and focus wasted on internal struggles can cause problems for the health of an organisation. As it stands, Nominet has a stable annual revenue of £30m, and the Trust (and the good causes it gives to) have benefitted from £44m since 2008. The hope is, therefore, that the change will mean stability restored to the Trust and that any problems with direction and accountability can be investigated and put right.

10% of Cryptocurrency ICOs Are Stolen

A report by Ernst & Young has highlighted the fact that 10% of all funds raised through Initial Coin Offerings (ICOs) are stolen by hackers using techniques such as Phishing.

What Is An ICO?

An Initial Coin Offering (ICO) is a controversial way of start-up companies raising money / crowd funding to build new technology platforms or to fund businesses that use crypto currencies (also called tokens), and the underlying blockchain technology. The tokens only become functional units of currency if / when the ICO’s funding goal is met, and the project finally launches.

The controversy about ICOs centres around the fact that, although it is an innovative new source of venture funding, some commentators view ICO projects as unregulated securities that allow their founders to raise an unjustified amounts of capital, and that valuations of ICO tokens may be driven too much by the fear of missing out and, therefore, seem to result in investors rushing to put money into projects that ignore some important market fundamentals, such as project development.

$400 Million Stolen

After analysing more than 372 ICOs, Ernst & Young has reported that approximately $400 million of the total $3.7 billion funds raised to date has been stolen by hackers. The most widely used technique to steal the digital cryptocurrency funds was found to be Phishing, resulting in the theft of $1.5 million in ICO proceeds per month.

ICOs are an opportunity for scammers because they are able to take advantage of the promise of people making a huge return from a relatively low investment.

As well as scammers taking money, the study also found that underlying software code in some projects contains hidden investment terms that have not been disclosed, or that contradict previous disclosures e.g. saying there will be no further issuance of a cryptocurrency, while the code may leave that option open.

Challenges To Reaching Targets For ICOs

The Ernst & Young research shows that the volume of ICOs has been slowing since late 2017, with less than 25% reaching their target in November 2017, compared with 90% in June. Recent ICOs have faced challenges in reaching their targets, a drop in quality i.e. more low quality projects with higher fundraising goals are being presented, and issues from earlier projects are now being highlighted.

Crypto-based investment of choice is therefore waning, organizers and contributors are now facing increased regulatory scrutiny, and they are therefore now under more pressure to prove the longer-term potential of their product or service to an increasingly sceptical audience.

What Does This Mean For Your Business?

A drop in the value of popular cryptocurrency Bitcoin (its value has fallen 12% over 24 hours), added to warnings about investing in cryptocurrencies from the chairman of UBS and warnings by billionaire investor Warren Buffett (who said he would never invest in cryptocurrency), and news reports of scams such as a fake sale con for instant messenger service Telegram to unsuspecting would-be investors have all served as warnings about the risks of cryptocurrencies and of ICOs.

This latest Ernst & Young research has only served to cement that message to businesses and investors, and some commentators now think that ICOs could soon disappear altogether as a viable fundraising option, unless they can address the issue of security urgently and effectively.

WhatsApp For Business Launches in UK

The new business-focused version of WhatsApp for Android is now available for download in the UK.

Small Business Needs

The new WhatsApp Business can be downloaded for free at Google Play, and is specifically aimed at the needs of small businesses, which account for 99.3% of all private sector businesses in the UK (FSB).

Facebook-owned WhatsApp has said that it wants people to use WhatsApp to connect with small businesses, and that the new ‘WhatsApp Business’ will make it easier for companies to connect with customers, and offers a more convenient way for the 1.3 billion WhatsApp users to chat with businesses.

Why Launch WhatsApp Business?

Since Facebook acquired WhatsApp in 2014 for $22 billion, the company has been looking for ways to monetize the app which, although was developed for use by individuals, is now being widely used by people in business, and in large and small organizations as a collaboration tool for staff.

This move by WhatsApp is also designed to gain a march on rivals in what has become a battle for the attention of consumers by messaging apps including Apple’s iMessage, Facebook’s Messenger, Kik, Slack for business, and others.
What Can It Do?

The launch in the UK (and the US, Indonesia, Italy and Mexico at the same time) is part of the wider worldwide rollout. According to WhatsApp, 80% of small businesses already using the App in India and Brazil say WhatsApp helps them both communicate with customers and grow their business (Morning Consult study figures).

Features

Features of the App include:

  • Business Profiles: to help companies to provide useful information to customers e.g. business description, email or store addresses, and website.
  • Smart Messaging Tools: to enable companies to respond quickly with answers to frequently asked questions, also greeting messages to introduce customers to the business, and away messages that let them know you’re busy.
  • Messaging Statistics: simple metrics like the number of messages read to see what’s working, and to give businesses a way of measuring and monitoring the effectiveness of the app.
  • WhatsApp Web: to enable the sending and receiving of messages with WhatsApp Business on the desktop.
  • Account Type: so that customers will know that they’re talking to a business because it is listed as a Business Account. This can become a Confirmed Account later (similar feature to Twitter’s verification process), and once confirmed, the account phone number will match the business phone number.
  • WhatsApp allows users to send photos, it has end-to-end encryption security (n important feature for businesses), allows for easy document sharing (up to 100 MB), and allows for seamless syncing of your chats to your computer so that you can chat on whatever device is most convenient.

What Does This Mean For Your Business?

Since many business people (and more importantly, their customers) were using WhatsApp for general communication anyway, it makes sense for Facebook to develop a version that is focused more specifically on small businesses. Clearly, this is a very large market in countries across the world, and it will, of course, present opportunities for monetisation and probably advertising using the Facebook-owned network in future.

From the perspective of businesses, WhatsApp provides a lot of powerful, useful, and cost saving features for a handy free app, and with speed and versatility of communications being an important factor in getting the business in today’s environment, WhatsApp Business is likely to prove popular.

WhatsApp Business offers businesses / brands the potential for building a relationship with their customers on a 1:1 level. The huge user base of the app, its speed and reliability, and the verification system of the business version could provide new opportunities for businesses that are able to harness it in a value-adding and engaging way.

There are many possible applications for WhatsApp Business e.g., KLM’s use of the app for flight confirmations and updates, brands using the app on competitions, and WhatsApp Business could work well in industries such as hospitality. WhatsApp could be a perfect way to enable customers to book a hotel room, get customer support, and even access an on-site member of staff such as a concierge. Retail brands could use the app for many purposes in addition to just shipping confirmations.

Many tech and business commentators are saying that 1:1 messaging is the future of personalized commerce and post-purchase customer service, and WhatsApp Business is well positioned enough, and widely used enough to provide opportunities for businesses worldwide to improve their communication and relationship marketing.

Amazon’s ‘No Checkout’ Grocery Store Opens

Amazon has opened a revolutionary checkout-free, bricks-and-mortar grocery store called ‘Amazon Go’ in Seattle, after more than a year of testing.

How Can It Have No Checkouts?

The Amazon Go store uses infra-red ceiling-mounted cameras and electronic sensors to track what shoppers remove from the shelves (which have weight sensors), and what they put back. Some items carry a visual dot code, which acts like a barcode, to help the cameras to identify them.

The system uses a deep learning element so that it can differentiate between customers as they move around the store and between similar looking items for sale. The items for sale are added to the customers’ Amazon Go account as they pick them up, and items are deleted from the account if they put back on the shelves. An electronic receipt is issued as the customer exits the store.

Cash is not needed as customers are billed to the card that Amazon has on file. The ‘grab and go’ concept of the Amazon Go “just walk out” store means that it has no checkout operators or self-service tills because the whole process is automated.

As yet, there is no information about how accurate the system is, and there have only been some reports of minor teething problems.

Super-Convenient

The fact that Amazon Go appears to have eradicated the challenges of long queues which can deter shoppers, and removed the challenge of human error and other messages and authorisation processes that can disrupt self-service tills, could mean that the new store concept poses a real challenge to other retailers.

Whole Foods

Amazon began challenging grocery retailers in the US such as Wal-Mart in the bricks-and-mortar world last summer when it bought Whole Foods Market Inc. for $13.7 Billion, with industry insiders saying that it would be a long and costly process for Amazon to revolutionize grocery delivery the way they revolutionized online retailing. Before groceries, Amazon moved into brick-and-mortar retailing with the opening of a bookshop in Seattle in 2015 – there are now 13 in the US, plus dozens of pop-up outlets.

Amazon launched its ‘Amazon Fresh’ grocery delivery service in the UK back in 2016, and reports indicate that it is 25% cheaper to use Amazon Fresh than shopping in traditional supermarkets.

What Does This Mean For Your Businesses?

The strengths and reach of Amazon has meant that it has spent the last 3 years diversifying and challenging more businesses in more markets. The scaling up of its parcel delivery, plus drone and robot deliveries, Amazon Fresh, its purchase of Whole Foods, and its opening of its Amazon Business online trade counter have seen more (small and large) businesses facing a tough new competitor. It is also worth noting that Amazon has a presence and therefore a potential instant grocery ordering system in many homes in the UK in the form of the Amazon Echo, thereby giving them a further advantage over the traditional big supermarkets.

For the big supermarkets here in the UK, although Amazon Go won’t challenge profits directly now (Amazon Go is one store in Seattle at the moment), the fact that it exists, it works, it appears to address key customer concerns (no queues), and its in the hands of a company with the scale, reach, and brand awareness to expand it is a worry and another challenge to the big grocery retailers.

On the plus side, if the technology could be replicated, it could serve as a blueprint for something that could be copied by the big supermarkets in some key locations.

Some commentators have pointed out that, while Amazon is not yet making large amounts of money (in big player terms) from its retail stores, they are helping to raise brand awareness and to promote Amazon’s Prime membership scheme.

HP Worldwide Recall of ‘Fire Hazard’ Laptop Batteries

HP has announced that it is launching a worldwide voluntary safety recall and replacement program for certain notebook computer and mobile workstation batteries over safety concerns.

Fire Hazard

The reason given for the recall is that the batteries, including those for the ProBook, ZBook, x360, Pavilion and Envy, is that HP says they have the potential to overheat, posing a fire and burn hazard to customers.

The fire hazard risk appears to have been reported by the Consumer Product Safety Commission (CPSC) which identified eight cases of the batteries overheating, melting, or charring. There has also been a report of one person suffering a first-degree burn from the battery, and three others suffering damage to property totalling $4,500.

How Big Is The Problem?

The CPSC estimates that as many as 50,000 units sold in the U.S. are at risk, and possibly, a further 3,000 more units sold in Canada.

Which Batteries?

HP says that the affected batteries were shipped with specific HP Probook 64x (G2 and G3), HP ProBook 65x (G2 and G3), HP x360 310 G2, HP ENVY m6, HP Pavilion x360, HP 11 notebook computers and HP ZBook (17 G3, 17 G4, and Studio G3) mobile workstations sold worldwide from December 2015 through December 2017. This includes those sold as accessories or provided as replacements through HP or an authorized HP Service Provider.

HP has provided a list of the notebook product names for batteries that may be affected at the foot of this page on its website: https://batteryprogram687.ext.hp.com/en-US/Home/ProgramSummary

How to Check Your Battery

On the same web page, HP has provided a downloadable HP Validation Utility which will check whether the battery is in your notebook is affected. The utility will also verify the battery as being one of HP’s, and this means that HP will be able to send a free replacement battery.

What If You Can’t Get To The Battery?

HP have stated that in cases where the battery is internal to the system (and isn’t customer replaceable), they will provide a “free battery replacement service” for each verified, affected battery validated on their HP Battery Recall website. This will mean that the battery will be replaced by an authorized technician at no cost to the customer.

Battery Safety Mode

In the light of the news about fire risk, if customers need to continue using their notebook, HP says that they can do so by enabling the Battery Safety Mode by connecting the notebook to an HP power adaptor.

What Does This Mean For Your Business?

The reports of people suffering burns and property being damaged are alarming, and the immediate advice for businesses with HP notebook computers and mobile workstations is to go to the HP Battery Recall website https://batteryprogram687.ext.hp.com/ to check if their battery is affected, learn about the BIOS update that contains the Battery Safety Mode feature, and to order a free battery and battery replacement services, if eligible.

In times where mobile devices are becoming ever more popular and powerful, and globalisation means that products can be widely shipped in large numbers before a problem is identified, stories such as these are becoming all-too-common. For example, there was the case of the Galaxy Note 7 phone recall due to explosive batteries, and last August, 10,000 Galaxy Note 4 batteries were recalled for risk of overheating. In the case of HP, they appear to have acted quickly, and to have provided adequate help and advice to customers. This story is also, therefore, a reminder of the importance of a having Disaster Recovery Plans in place.

Licence Plate Recognition -1 Million Mistakes a Day!

Concerns over the possible misreading of hundreds of thousands of vehicle licence plates each day have led to calls for statutory regulation of the UK’s automatic number plate recognition (ANPR) system.

Over 1 Million Mistakes Per Day!

The ANPR system uses 9,000 ANPR cameras, to record and store up to 30 million vehicle records each year. Unfortunately, it is also reported to be recording a staggering (up to) 1.2 million false readings of number plates every day! That’s the equivalent to over 400 million incorrect readings each year!

The implication is that innocent motorists may be wrongly accused and punished for a variety of motoring offences, and that real offenders may be escaping punishment. This has led to calls for statutory regulation of the camera system.

Police In the Dark

Not only does The National ANPR Data Centre (NADC) accept data from all police ANPR systems, without carrying out any checks on the effectiveness of those systems, but it is also believed that Police currently have no meaningful data on the accuracy of ANPR, or on the contribution surveillance cameras make to tackling crime.

Also Cyber Attack Risk

Not only is it unclear what contribution the camera system could be making to cutting crime, but it has also been revealed that some systems could be at risk from cyber attack, thereby possibly allowing data to be changed, making it impossible to use as evidence anyway.

A recent example in the U.S. left over half of the surveillance cameras covering the city of Washington’s public spaces unable to record footage for three days, until experts were able to remove ransomware from the recording devices.

Facial Recognition Camera Concerns

There are growing concerns too, particularly where data protection and privacy are concerned, about the increased use of facial recognition cameras to identify suspects by matching camera images against 19 million custody images held by police. For example, Leicestershire Constabulary faced criticism after using automatic facial recognition at the Download concert in 2015, in Donnington Park, and the Metropolitan Police used similar technology during last year’s Notting Hill Carnival to match images of people with photographs stored on its Electronic Wanted and Missing Systems (EWMS).

Surveillance Camera Commissioner Says…

The England and Wales Surveillance Camera Commissioner, Tony Porter, has said that he is yet to be convinced that an assertion that national ANPR meets performance standards holds water.

What Does This Mean For Your Business?

Although there may be valid concerns about inaccuracies in the ANPR system and the impact these could have on businesses and individuals, other surveillance cameras can play an important role for business security monitoring systems. Used responsibly and only for the intended purpose, they can add value, and provide a low cost, cost saving, and vital way to maintain security.

Camera surveillance generally is now an almost unnoticed part of daily life in what, according to Big Brother Watch, is now the most surveilled western democracy, where there is now an estimated 6 million+ surveillance cameras. The worry among some of those being watched is that privacy and security are at risk, the fact that we are being watched constantly by unknown parties (and our images potentially stored and shared) is sinister, mistakes can be made with the responsibility being placed on the victim to clear their name and prove inaccuracy, regulations are not adequate, and that many cameras are operated by businesses, and quasi-government organisations.

For many people, an argument that ‘if you’re doing nothing wrong you’ve got nothing to worry about’ is not a valid argument because it simply gives a green light to the further erosion of rights without considering the consequences, and occasionally we all do something wrong (but perhaps not intentionally) which is more likely to be caught on camera than ever before, and the punishment may not feel as though it fits the crime with the inflexibility of some camera-based systems and their operators.

The introduction of GDPR will also have implications for what images from surveillance cameras are stored, where and how securely they are stored. For example, GDPR could apply to stored facial images of individuals.