Anonymity risk from phone place data

25 March 2013 Last updated at 07:09 ET By Jason Palmer Science and technology reporter, BBC News

Scientists say it is remarkably easy to identify a mobile phone user from just a few pieces of location information.

Whenever a phone is switched on, its connection to the network means its position and movement can be plotted.

This data is given anonymously to third parties, both to drive services for the user and to target advertisements.

But a study in Scientific Reports warns that human mobility patterns are so predictable it is possible to identify a user from only four data points.

The growing ubiquity of mobile phones and smartphone applications has ushered in an era in which tremendous amounts of user data have become available to the companies that operate and distribute them - sometimes released publicly as "anonymised" or aggregated data sets.

Continue reading the main story

Even if there's no name or email address it can still be personal data, so we need it to be treated accordingly"

End Quote Yves-Alexandre de Montjoye MIT

These data are of extraordinary value to advertisers and service providers, but also for example to those who plan shopping centres, allocate emergency services, and a new generation of social scientists.

Yet the spread and development of "location services" has outpaced the development of a clear understanding of how location data impact users' privacy and anonymity.

For example, sat-nav manufacturers have long been using location data from both mobile phones and sat-navs themselves to improve traffic reporting, by calculating how fast users are moving on a given stretch of road.

The data used in such calculations are "anonymised" - no actual mobile numbers or personal details are associated with the data.

But there are some glaring examples of how nominally anonymous data can be linked back to individuals, the most striking of which occurred with a tranche of data deliberately released by AOL in 2006, outlining 20 million anonymised web searches.

The New York Times did a little sleuthing in the data and was able to determine the identity of "searcher 4417749".

Trace amounts

Recent work has increasingly shown that humans' patterns of movement, however random and unpredictable they seem to be, are actually very limited in scope and can in fact act as a kind of fingerprint for who is doing the moving.

The new work details just how "low-resolution" these location data can be and still act as a unique identifier of individuals.

Researchers at the Massachusetts Institute of Technology (MIT) and the Catholic University of Louvain studied 15 months' worth of anonymised mobile phone records for 1.5 million individuals.

They found from the "mobility traces" - the evident paths of each mobile phone - that only four locations and times were enough to identify a particular user.

"In the 1930s, it was shown that you need 12 points to uniquely identify and characterise a fingerprint," said the study's lead author Yves-Alexandre de Montjoye of MIT.

"What we did here is the exact same thing but with mobility traces. The way we move and the behaviour is so unique that four points are enough to identify 95% of people," he told BBC News.

"We think this data is more available than people think. When you think about, for instance wi-fi or any application you start on your phone, we call up the same kind of mobility data.

"When you share information, you look around you and feel like there are lots of people around - in the shopping centre or a tourist place - so you feel this isn't sensitive information."

Privacy formula

The team went on to quantify how "high-resolution" the data need to be - the precision to which a location is known - in order to more fully guarantee privacy.

Co-author Cesar Hidalgo said that the data follow a natural mathematical pattern that could be used as an analytical guide as more location services and high-resolution data become available.

"The idea here is that there is a natural trade-off between the resolution at which you are capturing this information and anonymity, and that this trade-off is just by virtue of resolution and the uniqueness of the pattern," he told BBC News.

"This is really fundamental in the sense that now we're operating at high resolution, the trade-off is how useful the data are and if the data can be anonymised at all. A traffic forecasting service wouldn't work if you had the data within a day; you need that within an hour, within minutes."

Dr Hidalgo notes that additional information would still be needed to connect a mobility trace to an individual, but that users freely give away some of that information through geo-located tweets, location "check-ins" with applications such as Foursquare and so on.

But the authors say their purpose is to provide a mathematical link - a formula applicable to all mobility data - that quantifies the anonymity/utility trade-off, and hope that the work sparks debate about the relative merits of this "Big Data" and individual privacy.

Sam Smith of Privacy International said: "Our mobile phones report location and contextual data to multiple organisations with varying privacy policies."

"Any benefits we receive from such services are far outweighed by the threat that these trends pose to our privacy, and although we are told that we have a choice about how much information we give over, in reality individuals have no choice whatsoever," he told BBC News.

"Science and technology constantly make it harder to live in a world where privacy is protected by governments, respected by corporations and cherished by individuals - cultural norms lag behind progress."

But Mr de Montjoye stressed that there is far more to location data than just privacy concerns.

"We really don't think that we should stop collecting or using this data - there's way too much to gain for all of us - companies, scientists, and users," he said.

"We've really tried hard to not frame this as a 'Big Brother' situation, as 'we know everything about you'. But we show that even if there's no name or email address it can still be personal data, so we need it to be treated accordingly."

23.58 | 0 komentar | Read More

Saudi Arabia 'threatens Skype ban'

25 March 2013 Last updated at 14:51 ET

Encrypted messaging services such as Skype, Viber and WhatsApp could be blocked in Saudi Arabia, the telecommunications regulator there is reported to have warned.

It is demanding a means to monitor such applications, but Saudis say that would seriously inhibit their communications.

Saudi newspapers are reporting that the companies behind the applications have been given a week to respond.

No explanation has been given of why the demand has been made.

Ahmed Omran, a Saudi blogger who runs the Riyadh Bureau site, says that Saudi telecom companies may be tempted to go along with the request from the regulator - even though it will upset their customers - because of the loss of revenue they suffer from the free apps, which are hugely popular in the country.

One Saudi source goes further - with an article in the local Arab News suggesting that it may even have been the telecom companies themselves that have been demanding that action be taken against the apps.

The move is similar to attempts to rein in the Blackberry messaging service several years ago.

Simple and affordable

The explosion in social media networks has had a big impact in Saudi Arabia, which has the highest take-up of Twitter in the world, reports the BBC's Arab affairs editor Sebastian Usher.

Outside interest in the phenomenon has largely focused on how this has allowed Saudis to express themselves in a public forum on social or political issues in an unprecedented way.

Saudis see this latest threat a little differently, our correspondent says. Any move to monitor or block sites like Skype and WhatsApp would potentially deprive them of what has become an essential means of simply communicating with friends and family.

One Saudi user told the local media that she would feel uncomfortable talking to her relative on Skype without her hijab (headscarf) if she believed someone might be monitoring her.

Expatriate workers have messaged newspapers pleading with the Saudis not to stop their only affordable means of communication to their families back home.

If it did happen, though, one Saudi told the BBC that it would not take long for people to find a new way to communicate for free.

23.58 | 0 komentar | Read More

Bacteria to become 'bio-batteries'

25 March 2013 Last updated at 16:41 ET

Bacteria could soon be acting as microscopic "bio-batteries" thanks to a joint UK-US research effort.

The team of scientists has laid bare the power-generating mechanism used by well-known marine bacteria.

Before now it was not clear whether the bacteria directly conducted an electrical charge themselves or used something else to do it.

Unpicking the process opens the door to using the bacteria as an in-situ, robust power source.

Power play

"This was the final part of the puzzle," said Dr Tom Clarke, a lecturer at the school of biological sciences at the University of East Anglia (UEA), who led the research. UEA collaborated with the Pacific Northwest National Laboratory in Washington on the research project.

Before now, Dr Clarke told the BBC, the bacterium being studied had been seen influencing levels of minerals in lakes and seas but no-one really knew how it did it.

The bacterium, Shewanella oneidensis, occurred globally in rivers and seas, he said. "They are in everything from the Amazon to the Baltic seas," said Dr Clarke.

The strain used by the researchers was taken from a lake in New York.

"Scientists noticed that the levels of iron and manganese in the lake changed with the seasons and were co-ordinated with the growth patterns of the bacteria," Dr Clarke said.

However, he added, what was not known was the method by which the bacteria was bringing about these changes in mineral concentrations.

To understand the mechanism, Dr Clarke and his collaborators made a synthetic version of the bacterium and discovered that the organism generated a charge, and effected a chemical change, when in direct contact with the mineral surface.

"People have never really understood it before," he said. "It's about understanding how they interact with the environment and harnessing the energy they produce."

Understanding that mechanism gave scientists a chance to harness it, said Dr Clarke, and use it as a power source in places and for devices and processes in inaccessible or hostile environments.

"It's very useful as a model system," he said. "They are very robust, we can be quite rough with then in the lab and they will put up with it.

A paper about the research was published in the Proceedings of the National Academy of Sciences.

23.58 | 0 komentar | Read More

Prison for shining laser at aircraft

26 March 2013 Last updated at 07:58 ET

A 19-year-old California man has been sentenced to two and a half years in prison for shining a laser pointer at two aircraft.

In March 2012 Adam Gardenhire aimed a green laser pen at a business jet and then shone it at a Pasadena police helicopter sent to find the source.

He is the second person in the US to be sentenced for aiming a laser at an aircraft.

The act has been considered a federal crime in the US since February 2012.

Gardenhire pleaded guilty in October.

Commercially obtained laser pointers project just a tiny beam, but its diameter grows much bigger as the distance increases and can result in temporarily blindness if shone in someone's eyes.

According to the Civil Aviation Authority (CAA), the high intensity light can dazzle pilots during the crucial phases of take-off and landing.

The pilot of a Cessna Citation plane preparing to land at Bob Hope Airport in Burbank suffered "vision impairment that lasted for hours" after the incident, according to a statement from the Office of the United States Attorney Central District of California.

The helicopter pilot, who had been wearing protective eye gear, was uninjured.

Glenn Stephen Hansen, of Saint Cloud, Florida, was sentenced to six months in prison for a similar offence in August 2012.

Laser pen attacks on aircraft seem to be on the rise in many places around the world. In the past three years, there have been more than 4,500 reports of pilots being targeted by lasers.

23.58 | 0 komentar | Read More

Campaigners warn on Google Glass use

26 March 2013 Last updated at 08:06 ET

Google Glass and other augmented reality gadgets risk creating a world in which privacy is impossible, warn campaigners.

The warning comes from a group called "Stop the Cyborgs" that wants limits put on when headsets can be used.

It has produced posters so premises can warn wearers that the glasses are banned or recording is not permitted.

The campaign comes as politicians, lawyers and bloggers debate how the gadgets will change civil society.

"We are not calling for a total ban," one of the campaign workers called Jack told the BBC in a message sent via anonymised email service Hushmail.

"Rather we want people to actively set social and physical bounds around the use of technologies and not just fatalistically accept the direction technology is heading in," he wrote.

Based in London, the Stop The Cyborgs campaign began at the end of February, he said, and the group did not expect much to happen before the launch of Google Glass in 2014.

Personal privacy

However, the launch coincided with a push on Twitter by Google to get people thinking about what they would do if they had a pair of the augmented reality spectacles. The camera-equipped headset suspends a small screen in front of an owner and pipes information to that display. The camera and other functions are voice controlled.

Google's push, coupled with the announcement by the 5 Point Cafe in Seattle to pre-emptively ban users of the gadget, has generated a lot of debate and given the campaign a boost, he said.

Posters produced by the campaign that warn people not to use Google Glass or other personal surveillance devices had been downloaded thousands of times, said Jack.

In addition, he said, coverage of the Glass project in mainstream media and on the web had swiftly turned from "amazing new gadget that will improve the world" to "the most controversial device in history".

The limits that the Stop The Cyborg campaign wants placed on Google Glass and similar devices would involve a clear way to let people know when they are being recorded.

"It's important for society and democracy that people can chat and live without fear that they might end up being published or prosecuted," it said in a manifesto reproduced on its website.

"We are not anti-technology," said Jack. "We just want people to realise that technology is a powerful cultural force which shapes our society and which we can also shape."

In a statement, Google said: "We are putting a lot of thought into how we design Glass because new technology always raises important new issues for society."

"Our Glass Explorer program will give all of us the chance to be active participants in shaping the future of this technology, including its features and social norms," it said.

Already some US states are looking to impose other limits on augmented reality devices. West Virginia is reportedly preparing a law that will make it illegal to use such devices while driving. Those breaking the law would face heavy fines.

In addition, bloggers are debating the influence of augmented reality spectacles on everyday life. Blogger Ed Champion wrote up 35 arguments about the gadget saying it could force all kinds of unwanted changes. He warned it could stifle the freedom people currently have to enjoy themselves because they know they are not being watched.

23.58 | 0 komentar | Read More

Spreadsheets turned into video game

26 March 2013 Last updated at 08:52 ET

A Canadian accountant has managed to create a basic video game using only Excel spreadsheets.

The game, called Arena.Xlsm, is a turn-based fantasy game in which players fight monsters and gather loot to make their character more powerful.

Much of Arena is regenerated every time the game is played to lend variety to the way it is completed.

It was created using macros - simple programs and shortcuts that users create to speed up use of the program.

Chartered accountant Cary Walkin built the game during the spare time he had while studying for an MBA in Toronto.

In the game, players take on a series of increasingly tough enemies in an arena drawn using only the basic characters and punctuation marks available in Excel. Defeating enemies such as anacondas, black widow spiders and hyenas bestows fame points.

As a player builds up fame points they go up levels and get points to spend to boost the fighting abilities of their character.

The story framing the game is presented to the player in a series of letters. The ending for each game is chosen randomly from four potential conclusions.

Mr Walkin said it took about four months to create the game which has about 2,000 possible enemies, eight tough encounters with bosses and lots of different items players can gather to boost their fighting or defensive abilities.

The game is designed to work with Excel 2007, 2010 and 2013. It does not work on Mac versions of the spreadsheet program.

23.58 | 0 komentar | Read More

Icann launches new brand database

26 March 2013 Last updated at 10:09 ET

Net address regulator Icann has launched a database to allow businesses to register their brands, ahead of the release of a raft of new domain names.

It is hoped the Trade Mark Clearing House (TMCH) will mitigate concerns about cyber-squatting and trademark infringement.

Nearly 2,000 new suffixes, known as generic top-level domains (gTLD), will be introduced later this year.

Businesses fear that new addresses will compromise their brands.

Suffixes such as .bet, .web. .news will become available from May as alternatives to the well-known .com and .org.

Icann's (Internet Corporation for Assigned Names and Numbers) TMCH will offer companies priority registration for domain names that match their brands during what is known as the "sunrise" period before the names are offered to the general public.

Once this period of 30 days is over, names will be available for anyone, but the TMCH will notify brands when anyone registers a domain that matches their trademarks.

"So, for example, if someone applies for the suffix Apple, Apple will be able to see what the website is selling - whether it is a local orchard or someone selling fake Apple computers," said Jonathan Robinson, a consultant on the project.

"New top-level domain names present a land of opportunity, but there are also threats. Prior to this there has been no universal protection available to brand owners," he said.

"This goes a long way to mitigating the threat," he added.

Firms wanting to add their trademarks to the TMCH will have to pay a fee of between $95 (£62) and $150 (£98) per year per trademark record.

THE TMCH will be operated by Deloitte.

Mr Robinson expects hundreds of thousands of registrations in coming months.

Same price

Jason Rawkins, a partner at law firm Taylor Wessing's trademark group, is not so sure.

"This has been set up for the right reasons, but it is somewhat lacking in teeth," he said.

"Businesses may think they are protected, but this is purely a notification system and it will only notify you if someone registers an exact match, for example Pepsi. But if someone registers Pepsi Cola you wouldn't be told," he added.

In fact so-called watching services, which use third-party firms to keep an eye of domain registrations that may conflict with particular brands, already existed, he said.

"It is about the same price as the service Icann is offering and it will cover you for all close variations not just exact brand matches."

Offering businesses a priority registration was also not as useful as it may sound, he told the BBC.

"Only about 600 of these new gTLDs are open, ie anyone can apply for them - but that is still 600. If a brand wanted to protect itself across all 600 categories it would cost around half a million pounds per year. This is not going to work for most companies," he said.

The new top-level domain names have already courted controversy. There is anger about Amazon's application for the .book suffix and Google's for .search, for example.

An international body set up by more than 50 of the world's governments is overseeing these objections. The Government Advisory Committee will decide in April whether any of the suffixes warrant formal complaints.

23.58 | 0 komentar | Read More

Microsoft faces open software probe

26 March 2013 Last updated at 14:00 ET

A Spanish group of open-source users has accused Microsoft of making it difficult for users of Windows 8 to install alternatives.

The group of 8,000 Linux developers has filed a complaint to the European Commission about a mechanism that locks out other operating systems.

Microsoft said the mechanism was a security feature.

Earlier this month the commission fined the firm 561m euros (£484m) for failing to offer users a choice of web browser.

The Hispalinux group told Reuters The Unified Extensible Firmware Interface (UEFI) Secure Boot in Windows 8 was "a de facto technological jail for computer booting systems... making Microsoft's Windows platform less neutral than ever".

Its 14-page complaint said users needed to request digital keys from Microsoft to install another operating system.

Microsoft said in a statement: "UEFI is an industry standard aimed at improving computer security and the approach has been public for some time.

"We're happy to answer any additional questions, but we are confident our approach complies with the law and helps keep customers safe."

Richard Edwards, a principal analyst at research firm Ovum, said: "I can't see too many purchasers of Windows 8 calling foul over this.

"Microsoft will argue that the reason the technology has been developed is to provide enhanced security."

In January, when the issue was raised by a Euro-MP, European Competition Commissioner Joaquin Alumnia said the commission had no evidence the Windows 8 security requirements violated EU competition rules.

23.58 | 0 komentar | Read More

Anti-cyber threat centre launched

26 March 2013 Last updated at 22:02 ET By Gordon Corera Security correspondent, BBC News

A new initiative to share information on cyber threats between businesses and government is to be launched.

It will include experts from government communications body GCHQ, MI5, police and business and aims to better co-ordinate responses to the threats.

There will be a secure web-portal to allow access to shared information in real time, like a "secure Facebook".

UK networks are attacked by other states, criminals and companies seeking secrets, costing billions of pounds.

In 2012, the head of MI5 Jonathan Evans said the scale of attacks was "astonishing".

One major London listed company had incurred revenue losses of £800m as a result of cyber attack from a hostile state because of commercial disadvantage in contractual negotiations.

One government official told the BBC: "No one has full visibility on cyberspace threats. We see volumes of attack increase and we expect it to continue to rise."

The plan - the Cyber Security Information Sharing Partnership (CISP) - has emerged out of a 2012 pilot scheme known as Project Auburn.

Eighty companies from five sectors of the economy - finance, defence, energy, telecommunications and pharmaceuticals - were encouraged to share information.

The pilot was expanded to 160 firms. A more permanent structure is being announced on Wednesday.

The kind of information shared includes technical details of an attack, methods used in planning it and how to mitigate and deal with one.

At a new London base, large screens will monitor attacks and provide details in real-time of who is being targeted.

A group of 12-15 analysts with security clearance will work mainly during office hours.

Companies previously have been nervous of revealing publicly when they have been attacked because of the potential impact on reputation and share price if they are seen as having lost valuable intellectual property or other information.

It is hoped further firms will join the initial 160.

Cabinet Office minister Francis Maude said: "We know cyber attacks are happening on an industrial scale and businesses are by far the biggest victims in terms of industrial espionage and intellectual property theft, with losses to the UK economy running into the billions of pounds annually.

"This innovative partnership is breaking new ground through a truly collaborative partnership for sharing information on threats and to protect UK interests in cyberspace."

Government officials say they continue to be uncomfortable with an EU draft directive which would force companies to disclose when they have been attacked.

They hope a voluntary partnership will provide a more workable solution.

23.58 | 0 komentar | Read More

'Biggest ever attack' slows internet

27 March 2013 Last updated at 09:03 ET By Dave Lee Technology reporter, BBC News

The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history.

A row between a spam-fighting group and hosting firm has sparked retaliation attacks affecting the wider internet.

It is having an impact on popular services like Netflix - and experts worry it could escalate to affect banking and email systems.

Five national cyber-police-forces are investigating the attacks.

Spamhaus, a group based in both London and Geneva, is a non-profit organisation which aims to help email providers filter out spam and other unwanted content.

To do this, the group maintains a number of blocklists - a database of servers known to be being used for malicious purposes.

Recently, Spamhaus blocked servers maintained by Cyberbunker, a Dutch web host which states it will host anything with the exception of child pornography or terrorism-related material.

Sven Olaf Kamphuis, who claims to be a spokesman for Cyberbunker, said, in a message, that Spamhaus was abusing its position, and should not be allowed to decide "what goes and does not go on the internet".

Spamhaus has alleged that Cyberbunker, in cooperation with "criminal gangs" from Eastern Europe and Russia, is behind the attack.

Cyberbunker has not responded to the BBC's request for comment.

'Immense job'

Steve Linford, chief executive for Spamhaus, told the BBC the scale of the attack was unprecedented.

"We've been under this cyber-attack for well over a week.

Continue reading the main story

Writing exactly one year ago for the BBC, Prof Alan Woodward predicted the inherent weaknesses in the web's domain name system.

He wrote: "It is essentially the phone book for the internet. If you could prevent access to the phone book then you would effectively render the web useless."

Read Prof Woodward's full article

"But we're up - they haven't been able to knock us down. Our engineers are doing an immense job in keeping it up - this sort of attack would take down pretty much anything else."

Mr Linford told the BBC that the attack was being investigated by five different national cyber-police-forces around the world.

He claimed he was unable to disclose more details because the forces were concerned that they too may suffer attacks on their own infrastructure.

The attackers have used a tactic known as Distributed Denial of Service (DDoS), which floods the intended target with large amounts of traffic in an attempt to render it unreachable.

In this case, Spamhaus's Domain Name System (DNS) servers were targeted - the infrastructure that joins domain names, such as bbc.co.uk, the website's numerical internet protocol address.

Mr Linford said the attack's power would be strong enough to take down government internet infrastructure.

"If you aimed this at Downing Street they would be down instantly," he said. "They would be completely off the internet."

He added: "These attacks are peaking at 300 gb/s (gigabits per second).

"Normally when there are attacks against major banks, we're talking about 50 gb/s."

Clogged-up motorway

The knock-on effect is hurting internet services globally, said Prof Alan Woodward, a cybersecurity expert at the University of Surrey.

"If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps," he told the BBC.

"With this attack, there's so much traffic it's clogging up the motorway itself."

Spamhaus is able to cope, the group says, as it has highly distributed infrastructure in a number of countries.

The group is supported by many of the world's largest internet companies who rely on it to filter unwanted material.

Mr Linford told the BBC that several companies, such as Google, had made their resources available to help "absorb all of this traffic".

The attacks typically happened in intermittent bursts of high activity.

"They are targeting every part of the internet infrastructure that they feel can be brought down," Mr Linford said.

"We can't be brought down.

"Spamhaus has more than 80 servers around the world. We've built the biggest DNS server around."

23.58 | 0 komentar | Read More