Posts Tagged ‘data protection’

AIB confirms payment receipts mix-up

Monday, June 29th, 2009

AIB confirms payment receipts mix-up
23-11-2007
ENN.ie
By Cian Ginty

AIB confirmed Thursday evening that a computer error caused 15,000 payment advice slips to be sent to the wrong addresses.

The bank apologised for the mistake and said that it is writing to customers affected. AIB also stated it had informed the Office of the Data Protection Commissioner. The payment advice slips, which contain confidential bank details, are receipts that record foreign currency lodgements.

Ironically, the revelation from the bank came just 24 hours after the Data Protection Commissioner told RTE’s News at One programme that private organisations are taking data security responsibility more seriously then the public sector.

The commissioner pointed out that, in the event of a data breach, banks would have to compensate customers and deal with a public backlash.

“This issue of the dangers of information technology applies also to the private sector, but I must say I’ve evidence that large private organisations are perhaps taking their responsibility more seriously in this area than public sector agencies,” Billy Hawkes, the Data Protection Commissioner, said on Radio One’s lunch time news on Wednesday.

The commissioner was speaking with reference to the massive UK data breach that saw the disappearance of bank and other personal details of 25 million people after two discs containing this information were lost while being transported between two Revenue & Customs offices.

He said the events in the UK should be a “wakeup call” to Ireland and the possibility of a large-scale public sector data loss should be a concern to all because similar amounts of information is held in central government databases in Ireland.

Meanwhile, Simon Coveney TD of Fine Gael has called on AIB to explain how the error occurred in the first place. “AIB needs to provide clarity on the security of customers’ bank accounts without delay and to make contact with the 15,000 customers involved in this fiasco to reassure them of the security of their accounts.”

“The privacy of customers’ bank account details is essential to the security of any banking system. The details that AIB has given in relation to this issue are totally insufficient to reassure customers that account details may not have fallen into the wrong hands,” said Coveney.

Recent high-profile breaches from Irish government databases include information from both the Garda PULSE national computer system and the social welfare systems being leaked to private investigators hired by insurance firms.

Early this year a senior civil servant at the Department of Social and Family Affairs resigned after it was reported he improperly accessed and passed on records of up to 40 people, while over 100 staff at the department reportedly accessed the computer files on a EuroMillions Lotto winner.

Tags: , , ,
Posted in Uncategorized | Comments Off

Registering mobile phones: is it practical?

Monday, June 29th, 2009

Registering mobile phones: is it practical?
24-07-2007
ENN.ie
By Cian Ginty

The Department of Communications had previously classed plans to introduce mandatory registration of all mobile phones as “not practical” in the fight against crime.

The idea to register mobile phones re-emerged last month in the Programme for Government agreed between government parties.

In a statement released early this year the Department of Communications said that the idea of a register for mobile phones had been extensively reviewed by officials, who concluded that the proposal would be of “limited benefit, in that it would not solve the illegal and inappropriate use of pre-paid mobile phones and was not practical”.

At that time department officials also concluded that problems could occur with regards to the registration of currently held pre-paid phones.

A spokesperson for the Department of Communications told ENN: “Minister Ryan will be discussing the question of mobile phone registration with Minister of State Carey in the coming weeks. Both departments are conscious of the complex legal, technical and data-protection issues that surround this commitment in the Programme for Government.”

The department said that it would, in conjunction with the Department of Community, Rural and Gaeltacht Affairs, be reviewing the situation and seeking advice from the Attorney General to work to resolve issues as far as practical.

“The Government is looking at all options that can assist in the fight against illicit drugs,” she said.

“If you’ve nothing to hide, you’ve nothing to fear. There may well be confidentiality or civil liberties issues but there are lives of people at stake as well, which I believe overrides any of those,” said Pat Carey, Minister of State at the Department of Community, Rural and Gaeltacht Affairs. Minister Carey, with a responsibility for the Drug Strategy, who made the comments in an interview with the Irish Independent.

The new plan aims to stop the current practice of buying pay-as-you-go mobile phones anonymously. Minister of State Carey said it would aid in stopping “rampant use” of mobile phones in prisons. It has been highlighted recently that some criminals have continued to operate, even behind bars. The Irish Prison Service has been slow to introduce signal blocking systems due to possible interference with communication systems used by prison guards.

Minister for State Carey said the new registry would also be used as a tool against lower level drug dealers that use the “shopping-centre carpark, the church car park or the local football field”.

Meanwhile, mobile phone operators are set to meet with the minister on Tuesday and are expected to tell him that his plans are unworkable and that no other European country has ever attempted to register mobile phones. They will also argue that SIM cards can be purchased relatively easily abroad and used in Ireland, thus ensuring user anonymity.

This latter point is something the communications department also alluded to in its statement back in January. “Having looked at the situation in other administrations, considered the ease with which an unregistered foreign or stolen SIM card can be used and the difficulties that would be posed in verifying identity in the absence of a national identification card system, and having consulted with the Office of the Attorney General and other interested parties, it was concluded that the proposal would be of limited benefit…”

Tags: , , ,
Posted in Uncategorized | Comments Off

Data laws: protecting society or invading privacy?

Monday, June 29th, 2009

Data laws: protecting society or invading privacy?
15-02-2008
Business & Finance /  ENN.ie
By Cian Ginty

Data retention measures currently include the logging and storing of data pertaining to phone calls and text messages, as well as location details from mobile phones, for up to 18 months.

A new EU directive, however, is to expand current rules to include holding e-mails and other internet traffic data for up to two years. The Gardai and the Defence Forces will be able to access this data without a court order or warrant.

While the Government has said it is not going to rush through the new rules, it has said it is eager to come in line with Europe. The Department of Justice claims data retention is needed to tackle crime and for the security of the State. A spokesman from the Department said the measures were needed for “the prevention, detection, investigation, or prosecution of crime and for the safeguarding of the security of the State.”

Irish internet service providers and civil rights groups suggest that these new blanket surveillance laws are unlikely to catch serous criminals, or terrorists. Strict take-up of the directive here could also harm Ireland Inc, they say.

The association of internet service providers in Ireland points out that those wanting to cover their digital footprints are unlikely to be caught. Internet Protocol (IP) addresses — a method of identifying internet users — can easily be blocked, or manipulated, or are often only temporarily assigned on a ’session’ basis.

“The very people that you want to capture know exactly what they need to do to make sure any tracks they may leave are totally unreadable,” said Paul Durrant, general manager of the Internet Service Providers Association of Ireland (ISPAI).

“The European ISP association has always questioned the true effectiveness of data retention to tackle serious crime and terrorism for which it was it was brought in.”

The Department of Justice also claimed data retention constitutes a responsible and legitimate balancing of privacy and the need to protect people from crime and terrorism. This assertion is described as “nonsense” by Digital Rights Ireland, a group set up to protect civil rights in a digital age.

TJ McIntyre, chairman of DRI, said: “A system whereby everyone — judge, jurist or jailbird alike — has their communications and movements logged automatically, without any requirement for a warrant or any prior suspicion, cannot possibly be proportionate. This is especially so when we remember that the State has been pushing for this to be extended to the internet also.”

McIntyre says current and expanding retention laws will essentially lead to the creation of “digital dossiers” on every person in the country.

“This means the telecommunications and movements of every person in the State must be tracked and logged by the telecommunication firms and kept for three years. Even Orwell didn’t dream of surveillance this intrusive.”

DRI and the ISPAI also repetitively speak of their concerns that the law will be used in the cases of minor crimes and for so-called “fishing expeditions”, where a wide net is cast for large amounts of data with the hope of finding significant information.

“The Data Protection Commissioner has revealed that there were approximately 10,000 requests for this information last year. This is not the sign of legislation being used sparingly and proportionately,” said McIntyre.

Critically for ISPs, it is they that will have to foot the bill to log and store all this extra data. “It has been made quite clear to us that data retention is not being funded by the Government, it is a business cost to us. And we have pointed this out to the public when trying to raise greater concern about this law before it was passed at European level. ISPs and telecom companies are commercial organisations and therefore we have to pass this cost on to the consumer,” explains Durrant.

There will be three areas of cost for ISPs: the initial set-up including equipment and software, the costs of maintaining and keeping the data secure, and the costs surrounding servicing data requests.

While the full costs are still unknown the ISPAI says that their French counterpart has estimated that large European service providers could see costs spiral to reach into the millions.

For now, ISPs in Ireland remain uncertain as to what’s required of them as the directive is open to interpretation by member states when transposing it into national law.

“The terminology is rather vague from a technology perspective and so therefore it’s very difficulty to know exactly what the expectations should be in terms of what should be retained by whom and under what circumstances,” explained Durrant. “The whole point of Europe getting involved was to have harmonisation, yet as you can interpret this one hundred and one different ways it doesn’t say much for the harmonisation that’s going to happen across Europe.”

He warns that this indecisiveness is one of their largest concerns as it could place Ireland at a disadvantage compared to other countries competing against us for much-valued foreign direct investment.

“It’s a very real threat to Ireland Inc; it could become a criterion in people’s location decisions and this is something we have tried to bring to the Government’s attention in the past. I don’t want to start being alarmist but it is a reality that the Government needs to think long and carefully about.”

Tags: , , , ,
Posted in Uncategorized | Comments Off