Monthly Archives: November 2013

Your medical records – now on sale

Your medical records are now officially on sale. American drug companies now learn that MedRed BT Health Cloud will provide public access to 50 million de-identified patient records from UK.

David Cameron announced in 2011 that every NHS patient would be a research patient, with their records opened up to private healthcare firms. He promised that our records would be anonymised and we’d have a right to opt out. I pointed out that anonymisation doesn’t work very well (as did the Royal Society) but the Information Commissioner predictably went along with the charade (and lobbyists are busy fixing up the new data protection regulation in Brussels to leave huge loopholes for health service management and research). The government duly started to compel the upload of GP data, to join the hospital data it already has. During the launch of a medical confidentiality campaign the health secretary promised to respect existing opt-outs but has now reneged on his promise.

The data being put online by BT appear to be the data it already manages from the Secondary Uses Service, which is mostly populated by records of finished consultant episodes from hospitals. These are pseudonymised by removing names and addresses but still have patient postcodes and dates of birth; patient views on this were ignored. I wonder if US purchasers will get these data items? I also wonder whether patients will be able to opt out of SUS? Campaigners have sent freedom of information requests to hundreds of hospitals to find out; so we should know soon enough.

Don't believe what you read in the papers

Yesterday the heads of “MI5”, “MI6” and GCHQ appeared before the Intelligence Security Committee of Parliament. The uncorrected transcript of their evidence is now online (or you can watch the video).

One of the questions fielded by Andrew Parker (“MI5”) was how many terrorist plots there had been over the past ten years. According to the uncorrected transcript (and this accords with listening to the video — question starts at 34:40) he said:

I think the number since… if I go back to 2005, rather than ten years… 7/7 is that there have been 34 plots towards terrorism that have been disrupted in this country, at all sizes and stages. I have referred publicly and previously, and my predecessors have, to the fact that one or two of those were major plots aimed at mass casualty that have been attempted each year. Of that 34, most of them, the vast majority, have been disrupted by active detection and intervention by the Agencies and the police. One or two of them, a small number, have failed because they just failed. The plans did not come together. But the vast majority by intervention.

I understand that to mean 34 plots over 8 years most but not all of which were disrupted, rather than just discovered. Of these, one or two per year were aimed at causing mass casualties (that’s 8 to 16 of them). I find it really quite surprising that such a rough guess of 8 to 16 major plots was not remarked upon by the Committee — but then they were being pretty soft generally in what they asked about.

The journalists who covered the story heard this all slightly differently, both as to how many plots were foiled by the agencies and how many were aimed at causing mass casualties!
Continue reading Don't believe what you read in the papers

A new side channel attack

Today we’re presenting a new side-channel attack in PIN Skimmer: Inferring PINs Through The Camera and Microphone at SPSM 2013. We found that software on your smartphone can work out what PIN you’re entering by watching your face through the camera and listening for the clicks as you type. Previous researchers had shown how to work out PINs using the gyro and accelerometer; we found that the camera works about as well. We watch how your face appears to move as you jiggle your phone by typing.

There are implications for the design of electronic wallets using mechanisms such as Trustzone which enable some apps to run in a more secure sandbox. Such systems try to prevent sensitive data such as bank credentials being stolen by malware. Our work shows it’s not enough for your electronic wallet software to grab hold of the screen, the accelerometers and the gyro; you’d better lock down the video camera, and the still camera too while you’re at it. (Our attack can use the still camera in burst mode.)

We suggest ways in which mobile phone operating systems might mitigate the risks. Meanwhile, if you’re developing payment apps, you’d better be aware that these risks exist.

Offender tagging 2.0

Three of our clients have been acquitted of tampering with curfew tags after the Ministry of Justice and G4S were unwilling to have an independent forensic team examine their evidence. This brings to five the number of tag-tampering prosecutions that have been withdrawn or collapsed when the defence says “Right, prove it then.” I reported the first case here.

The three latest matters were high-profile terrorism cases, involving three of the nine men tagged under the new Terrorism Prevention and Investigation Measure (TPIM) – a kind of national-security ASBO handed out by MI5, and which had already been criticised by David Anderson QC, the government’s independent reviewer of terrorism legislation, for low standards of proof. Unlike a normal ASBO which a court gives “on the balance of probabilities”, you can get a TPIM if the Home Secretary declares she has a “reasonable suspicion”.

The Ministry of Justice should perhaps, when they let the tagging contracts, have read our 1994 paper on the John Munden case, or the post here about the similar case of Jane Badger. If you’re designing a system one of whose functions is to provide evidence, you’d better design it to withstand hostile review. “Trust us” doesn’t cut it in criminal trials, and neither does “I’m afraid that’s commercially confidential.”