
How people 'of no security interest' are keystrokes away in UK's spy databases - mocko
http://www.theregister.co.uk/2016/04/21/bulk_personal_datasets/
======
jsingleton
Credit to Privacy International for unearthing all this:
[https://privacyinternational.org/node/843](https://privacyinternational.org/node/843)

If you want to help this sort of work consider donating to:
[https://www.dontspyonus.org.uk](https://www.dontspyonus.org.uk)

------
rlpb
A search should automatically trigger a notification to the subject of the
search in 12 months. Active investigations could maintain a list of people to
whom notifications will be postponed. Investigators wanting to postpone
notification by over 12 (further) months should be required to go to a judge
for an extension.

In all cases, the default position should be that the subject of a search will
be notified within 12 months.

------
deepnet
_collateral intrusion_ is a wonderful neologism.

~~~
confluence
My favourite is _parallel construction_.

------
Natanael_L
Yet another reason to improve cryptography and get everything to use it

~~~
schoen
I'm not sure that all of the databases described in this article were obtained
via signals intelligence. Particularly because the article describes
legislative authority to demand information from British companies.

Ubiquitous encryption is a great solution to wiretapping, but nothing that we
can unilaterally deploy protects most of the other aspects of our privacy. One
thing that would clearly help is being able to do more things anonymously, but
that ability is often limited by laws or companies' business practices that
crypto alone won't solve.

Sometimes crypto _offers_ a way to do something anonymously, but the
counterparty needs to be willing to participate in the privacy-protective
protocol (for example, privacy-preserving metering and tolling schemes). If
the counterparty says "I'm just going to record your fine-grained usage data
with a traditional meter" or "I'm just going to record with RFID whenever you
cross the toll bridge", the fact that an alternative has been invented doesn't
help you. If we invent a privacy-preserving presence mechanism that could
allow mobile phones to be anonymous except when actively making a phone call,
or a way to pay for mobile data anonymously without revealing the identity of
the SIM or device, we still don't get a privacy win unless mobile companies
are willing to deploy it on their networks. If ZeroCash is deployed, we still
don't get a privacy win in any particular area of the economy unless sellers
are actually willing to accept it.

Privacy advocates started worrying a lot about databases in the 1970s as
database and storage technology improved. Privacy writers called them
"databanks" back then, and they were probably the major privacy preoccupation
of the day. All of these concerns sound super-quaint now that big data is so
ubiquitous, but at the same time the concerns were largely correct! And the
databank-preoccupied privacy advocates weren't necessarily thinking that the
databanks would be filled up with data from wiretaps or spying on the Internet
(which most people had never heard of at the time). They envisioned people
stockpiling or obtaining a lot of transactional records, and making people
register in order to do things, and linking one database to another by joining
on common fields. And that's happened.

