Monthly Archives: March 2013

Current issues in payments (part 1)

Banking security, Social networks

In this first of a two or three part instalment. In them Laurent Simon and I comment on our impressions of David Birch’s Tomorrow’s Transactions Forum, which we attended thanks to Dave’s generosity.

NOTE: Although written in first person, what follows results from a combination of Laurent’s and my notes.

This was a two day event for a handful of guests to foster communication and networking. I appreciated the format.

After a brief introduction, the first day kicked off with my ever growing presentation on the origins of the cashless society (you can see it here ).

The following act was Tillman Bruett (UNCDF), who was involved in the drafting of The journey towards cash-lite (at least so say the acknowledgements).
Continue reading Current issues in payments (part 1)

New medical confidentiality campaign

Legal issues, News coverage, Politics, Privacy technology

Regular readers of this blog will have noticed growing issues with medical privacy. On April 24th, a new medical confidentiality campaign will kick off in London.

New legislation that comes into force next month will permit the upload of identifiable patient data directly from family doctors’ records to central systems, from which it will be sold and made available to researchers and private companies. Other developments include the creation of online patient records, and a proposal to create shared record systems across health and social care.

MedConfidential has been formed to deal with these multiple threats to patient privacy, and is hosting its first conference on April 24th in central London. This will be a one-day briefing session to provide details of the new policies and explain their potential impact. The conference is free of charge but places are limited. If you would like to attend, please contact Terri Dowty: terri@medconfidential.org

PhD Position on Privacy Enhancing Technologies and Anonymous Communications

Jobs, Meta, Privacy technology

Applications are invited for one PhD position in the Security Group at the Computer Laboratory to work with Dr Steven Murdoch. Funding for this position is provided by the Engineering and Physical Sciences Research Council (EPSRC) in collaboration with the Royal Society.

The successful candidate will undertake research on methods to analyse the security of anonymous communication systems and privacy enhancing technologies. This broad research topic falls within an EPSRC priority area and provides considerable scope for the PhD candidate to find his or her own research direction.

Further details can be found in the advertisement (NR27372). The closing date for applications is 31 May 2013.

Dangerous Blogs Act

Legal issues, News coverage, Politics

The UK Government are currently in a tremendous rush to legislate (and create a Royal Charter) before the political consensus around “implementing Leveson” evaporates. Their proposals catch not just the print media, but also online publications. That’s only proper — a newspaper should meet the same integrity standards for their journalism whether it appears in ink and paper, or on their website.

However, the Governments approach has not been to describe the activity that they wish to regulate, but to describe the various media involved and then try to write exceptions to avoid regulating the whole Internet. Those exceptions are poorly thought out and will have all sorts of unintended consequences. They might even include this blog!
Continue reading Dangerous Blogs Act

Call for Nominations: 2013 PET Award

Academic papers, Awards, Call for papers, Privacy technology

I am on the award committee for the 2013 PET Award and we are looking for nominations of papers which have made an outstanding contribution to the theory, design, implementation, or deployment of privacy enhancing technology.

The 2013 award will be presented at Privacy Enhancing Technologies Symposium (PETS) and carries a prize of $3,000 USD thanks to the generous support of Microsoft. The crystal prize itself is offered by the Office of the Information and Privacy Commissioner of Ontario, Canada.

Any paper by any author written in the area of privacy enhancing technologies is eligible for nomination. However, the paper must have appeared in a refereed journal, conference, or workshop with proceedings published in the period from 16 April 2011 until 31 March 2013.

To submit a nomination, please see the instructions on the award page.

UK bank fraud up by 11% in 2012, but how much do customers lose?

Banking security, News coverage, Security economics

Today, the UK Cards Association (UKCA) published their summary of bank fraud for 2012. This provides an important insight into banking fraud, and the level of detail which the UK banks provide is very welcome. The UKCA figures go back to 2007, but I’ve collected the figures from previous releases going back to 2004. This data reveals some interesting trends, especially related to the deployment of new security technologies.

UK Cards Association fraud statistics 2012
larger version (PDF)

The overall fraud losses in 2012 are £475.3m, up 11% from the 2011 level, but for the purposes of comparison it is helpful to exclude the losses from phone banking since these figures were only available since 2009 (and are only 2.7% of the total). If we look at the resulting trend in total fraud  (£462.7m) we can see that while there was an increase in 2012, that is from a starting position of a 10-year low in 2011 so isn’t a reason to panic. We are still far from the peak in 2008 of £704.3m.

[You may have noticed the miniaturised graph in line with the text above, which an an example of a sparkline and I’ll be using these throughout this post to more clearly show trends in the data. Each graph shows the change in a single value over the 2004–2012 period, and is followed by the figure for 2012 in red.]

However, there is a large omission in the UKCA data – it records losses of the banks and merchants but not customers. If a customer is a victim of fraud, but the bank refuses to refund them (because the bank claims the customer was negligent), we won’t see it in these figures – as confirmed by a UKCA representative in an interview on BBC Radio Merseyside on 2007-02-19. We don’t know how much is missing from the fraud statistics as a result, but from the Financial Services Authority statistics we can see that there were 483,666 complaints in the first half of 2012 against firms regarding disputed charges, so the sums in question could be substantial. But despite this limitation, the statistics from the UKCA are valuable, especially in that it gives a break down of fraud by type.

Continue reading UK bank fraud up by 11% in 2012, but how much do customers lose?

Health record privacy in Scotland

Legal issues, News coverage, Politics, Privacy technology, Security economics

Last week I spoke at a conference on digital health at the Scottish parliament. The talks are now online; my talk is here, and my slides here. At present, medical records in Scotland are organised differently under its fourteen different health boards, with wide variations in privacy, safety and functionality. Needless to say, officials in Edinburgh see this as an opportunity for centralisation; they want to follow the sad story in England. The political dynamic north of the border is much the same: officials want to grab all the data, GPs are not keen, but the public’s not paying attention.

If you’re interested in these issues, save April 24th in your diary; there will be a big medical privacy event in London organised by a number of NGOs.