privacy - Page 3

  • our social security number on our traintickets ?

    If you are living in the US you would be falling from your chair by now or just think that this is a joke. No, this is EID land Belgium and they didn't learn anything from what has happened to the social security number in the US and all the problems that arise from that universal use as an Unique Identifier.

    So on the site of our national railwaycompany they are so proud to have found the egg of columbus. They have in fact to find a way to link your electronic ticket to your Identity and have some real proof that you are the same person sitting before the controller.

    They have decided to use the National Register Number (which is the same). How the privacycommission could agree to something like that is a big question because normally the privacycommission is very reluctant about the use of that number - just because it is an unique identifier. But as the privacycommission is an institution without enough money, resources and political cloud and in which you can find as advisers the same people that have to decide about their own projects (ehealth for example) you shouldn't be surprised that you can do whatever you want with our national register number. source

    And so your national ID unique identifier is becoming without any legal basis or protection or overview an Unique Identifier for a lot of things and applications. This way Identitytheft is becoming nearer at an increasing speed.

    For privacyadvocates it is also worrying that electronic traintickets can be identified and linked to a person. If you have problems with that, don't use electronic tickets. Less electronic is better privacy.

  • belgian sentenced to 1 year of prison for emailstalking of his local administration

    It would be funny if it wouldn't be true. But hey this is the country of Magritte and Ensor.

    A judge decided today that he would side with the commune of Blankenberge and convicted its assailant to 1 year of prison because of stalking its administration with 130 mails during 3 years. (That is really a flood - so if you want to submerge a local administration around here you only have to send more than 100 mails during 3 years).

    Normally an administration can't use the law on stalking because the law is made for individuals, not for administrations or organisations. It was also the administration as a whole that sued the assailant and not one individual civil servant or elected official.

    So if this is upheld in higher court than any actiongroup or individual that is using email as an instrument to lobby for or against something - or any persistant disgruntled citizen - can be sued and eventually sentenced to one year effective in jail in Belgium.

    The guy is also prosecuted for abuse of the infrastructure of the local administration by sending so much mails. This is a joke right ? Because with this we could not only sue any commercial emailer or spammer but also any mailserver that has been hacked and is sending out emails in the thousands to infect or spam us.

    Even if the person in question was insulting and launching all kinds of threats and insinuations, than he should have been prosecuted for this, whatever the communicative means he was using to do this. If this had been the case, the argument would have been about his insinuations and threats, not about the use of email to send them. THe danger of this jurisdiction is that email will now be put in a very strict legal environment that makes sending community-action based emails out from Belgium a very dangerous act in deed.

    If you use email as a public pressure you will have to search for mailservers outside the European Union and that are not part of the Google-Microsoft-yahoo infrastructure. The fact is that the US has the best defence of freedom of speech - something we don't know around there.

    So after blogging, now it is email and what will be next that will have to migrate to the states one day to protect the possibilities of Freedom of Speech.

    Bytheway couldn't they just send an antispamfilter on his mails with an autoresponder saying that this kinds of complaints and insinuations can't be handled in the form of an informal email and had to be send as an official letter ?

  • You can not delete your pictures from these sites

    this can change in the coming hours or days, but after an experiment during 30 days the following sites make it impossible to delete your pictures. If you have send the links there will always be a way to find your picture in cached ONLINE conten. We re-ordered it.

    Site Type CDN Operator Revocation

    Bebo Social Networking Bebo Unrevoked

    Facebook Social Networking Akamai Unrevoked

    hi5 Social Networking Akamai Unrevoked

    MySpace Social Networking Akamai Unrevoked

    SkyRock Blogging Téléfun Unrevoked

    Flickr Photo Sharing Yahoo Immediate

    LiveJournal Blogging LiveJournal Immediate*

    Orkut Social Networking Google Immediate

    Photobucket Photo Sharing Photobucket Immediate

    Windows Live Spaces Social Networking Microsoft N/A (cookies)

    Fotki Photo Sharing Fotki < 1 hour

    Picasa Photo Sharing Google 5 hours

    Xanga Blogging Xanga 6 hours*

    Blogger Blogging Google 36 hours

    Friendster Social Networking Panther Express 6 days

    Tagged Social Networking Limelight 14 days

  • e-health in the UK and Belgium ?

    We don't see anything, we don't hear anything so we don't know anything

    In the UK this is different for e-health and that this kind of controls is needed is shown in this article because it is not because it is on paper that the monkeys will do what they are supposed to do. It is only because you control, monitor and test.

    "A total of 140 security breaches were reported within the NHS between January and April this year. These included computers containing medical records stolen and left by skips, and passwords taped on encrypted discs with sensitive information, The Independent newspaper said."

  • British army loses unprotected background check data

    When you go to work for the army or police or any other information- or policysensitive position, specialised services will do a background check about you first. The more important your function or your access, the more profound this will be and the more dirt will be found and assessed. The purpose of this background check is to find every bit of information about you that could make you a possible target for blackmailing, which is a favorite technique used by all intelligence services. Political candidates in the US know what that means, but they can overcome the problems by 'coming out' and excusing themselves for that past behaviour.

    Or you pass that control without any problem or you will have to go through a second examination to have a better understanding of the risks if that person would get or continue to have access to some kind of secret information.

    Now it is appears that the British Army (of all institutions....) had this last kind of information (of all possible information....) unencrypted and unprotected on some hard disks that they lost. They don't know if it is stolen or not, it is just gone and 500 people in sensitive positions can find that information all over the internet if the thief wants to have some fun - and after the parliamentarians it will be the hierarchy of the army that will be shown to be human and vulnerable for all to see. If the thief wants to have some money he can sell it to about 20 countries that would be more than interested, especially as the UK has a private relationship with the US that gives them more access than any other European country - or will the US now have to review that access in the light of this incident. In the best case the thief will have read about the consequences and will bring back the hard disks - which also happens sometimes.But you are never sure that no copy has been made.

    It also detained personal and financial information about 50.000 members of their forces.

    The information was lost in september but it is only now that under the UK Freedom of Information act (Belgium can we get one or Europe impose us one ?) the memo about this other aspect of the loss became public.


  • another facebook group in the center of political debate during belgian elections

    This is a group by frenchspeaking hardliners to make Bruxelles (brussels) only frenchspeaking, greater and free from flemish influence. If you thought that this were hardline nuts, you are wrong. Even members of a coalitionparty of the government are member of this group.

    Flemish nationalists have filed a complaint because some quotes by some members were quite radical and racists in some way. But some of these flemish nationalists aren't in fact no better when they are describing people from another country, religion or language.

    Luckily there messageboard is being flooded for the moment by other belgian facebookmembers who prone tolerance and debate and respect.

    It shows the whole problem with using facebook for political purposes. At one side it gives the radicals the possibility to come out from the closet and to connect and to do together what they couldn't do on their own. At the other side it gives the moderates the possibility to publicly show how ridiculous they are. The problem with facebook is that there are no rules whatsover so you will find neonazi and islamic terrorist groups next to community driven democratic groups.

    Sooner or later the law will step in because some of those groups would be illegal in some countries. Google and ebay have learned this lesson. Youtube is learning it and Facebook will have to learn to geotrace their visitors and to limit access according to the national laws of the country of the IP address. (or proxy ?)



  • Facebook : your private opinions still need to stay private if you have a function that demands neutrality

    Facebook is being used extensively in this campaign. There were already some incidents about the kinds of neonazi friends some flemish nationalists had on their facebook and whatever is published is followed up very quickly by the journalists as 'news'. Just another wasted effort to make this campaign more interesting.

    Now Facebook - or better the use of it during elections - has become another center of debate. The sister of the liberal vice-prime minister Reynders (who wants to take the lead over from the socialists in the french speaking part of Belgium) is also on Facebook and has declared herself member of the facebook group who wants to do exactly that, take the leading role from the socialists as the main political party in the french speaking part in Belgium.

    Only she is a procureur, someone very high in the hierarchy of our judicial system, and she is supposed to be totally neutral in public. What she does in her private life is her business (and her right) but normally she can't do anything that would endanger the image and guarantee of neutrality that she has to sustain.

    What has happened has not been seen before and is sending shockwaves throughout the judicial system and its hierarchy. Web2.0 doesn't change anything about the obligations that are included in statues and rules from the 19th century.

    I am sure many younger people working in the judicial administration or any other where the same kind of neutrality is demanded are quickly going through all their postings and messages and are trying to delete stuff.

    the trouble is, it is very hard to delete things on the internet, it is better not to place things on the internet or to digitalize it or to put it on paper

  • University report about security of the Dutch smart meters

    The dutch smart meter systems were analysed by an university (they do that in Dutch universities, such interesting research.....) PS we will publish also such interesting work from Belgian universities about Belgian subjects

    "Smart meters enable utility companies to automatically readout metering data and to give consumers insight in their energy usage, which should lead to a reduction of energy usage. To regulate smart meter functionality the Dutch government commissioned the NEN to create a Dutch standard for smart meters which resulted in the NTA-8130 speci cation. Currently the Dutch grid operators are experimenting with smart meters in various pilot projects. In this project we have analyzed the current smart meter implementations and the NTA using an abstract model based on the the CIA-triad (Con dentiality, Integrity and Availability). It is important that no information can be attained by unauthorised parties, that smart meters cannot be tampered with and that suppliers get correct metering data.

    We conclude that the NTA is not speci c enough about the security requirements of smart meters, which leaves this open for interpretation by manufacturers and grid operators. Suppliers do not take the privacy aspect of the consumer data seriously. Customers can only get their usage information through poorly secured websites. The communication channel for local meter con guration is not secured suciently: consumers might even be able to reconfigure their own meters. Also, the communication channels that are used between the smart meter and gas or water meter are often not suciently protected against data manipulation.

    It is important that communication at all stages, starting from the con guration of the meter to the back-end systems and websites, is encrypted using proven technologies and protected by proper authentication mechanisms." source

    and why should it be different ? Because we have so many legal obligations and audits that the system is much more secure here ? With what we know we would say you still live in Disneyland if you believe that.

  • Holland refuses obligation to smart meters, in Belgium there is no discussion possible for now

    Smart meters are meters that monitor your use of electricity and gas and give that information in real time to your providers to give them a better appreciation about the use of the energy and so to develop beter marketing strategies and (the propaganda bit) strategies for a better energy distribution and use.

    Read this by this professor (and the rest on the blog) and maybe the decision in Belgium by our distribution company to start installing those privacy invasion tools without any democratic debate or guarantees can be reviewed - it are after all politicians who are paid to oversee this organisation (but how much democratic control they effectively have ?)

    "by Colette Cuijpers (assistant professor at Tilburg Institute for Law, Technology, and Society) 

    On 7 April 2009, the Dutch First Chamber declined to approve a Smart Metering Bill that would force all Dutch citizens to have a ’smart’ energy and gas meter installed in their home. This meter would transmit detailed data on energy use to the energy company. Refusing a smart meter would be considered an ‘economic offence’, punishable with a fine up to 17,000 euros or six months’ detention. The First Chamber considered the mandatory nature of smart metering as an unacceptable infringement of citizens’ privacy and security. As a result, the Minister will have to submit an amending bill to parliament to remove the mandatory nature from the Smart Metering Bill. Even though this removal is a step in the right direction, it does not go far enough to secure citizens’ right to privacy. In a report, commissioned by the Dutch Consumer Organisation, Bert-Jaap Koops and I have argued on several more counts than just the mandatory nature, that this bill, and the envisioned functionalities of the smart meter, violate the right to privacy as guaranteed by Article 8 of the European Convention on Human Rights.[1] The ratio of smart metering as laid down in Directive 2006/32/EC, being energy efficiency, is a valid interest which is important in our society. However, privacy is a valid interest as well. So in my view, we need to find a way to unite both interests, instead of making them opposites. The choice given by the revised bill will be to choose either a smart meter and potentially loose your privacy, or to uphold your privacy, without being able to benefit from the advantages of smart metering.[2] Instead of having to make this rigid choice, the focus should be on finding a middle ground; a smart meter which leads to awareness and reduction of energy consumption, without invasion of privacy. In this respect it is essential that several more aspects of the Dutch Smart Metering Bill besides the mandatory nature are reconsidered.

    read more here

    or google smart meter site:nl 

  • Belgians love facebook (but who says something about security and privacy)


    some privacy and security awareness seems to be in order here

    and with so many people using Facebook, what does the PrivacyCommission think


  • the first belgian firewall against a site  does not work with proxies, forget that link

    "You have been redirected to this stop page because the website you are trying to visit offers content that is considered illegal according to Belgian legislation.
    If you are the owner or administrator of this website and you consider to be wrongly redirected, you can report this by fax at +32(0)2/733.56.16. " is the message


    and than you google for "online proxy" and you go through the proxy

    but the text "offers content that is considered illegal according to Belgian legislation" is quite broad. i can name thousands of sites that could be blocked for all kinds of infringements to all different Belgian legislation. Even thousands of Belgian sites.

    Just as a reminder. The site is not a childporn site it is a site that names a few Belgian convicted and suspected child molesters and pedophiles. 13 to be exact.

    But it should be quite dangerous to visit because this would be the first time EVER that the Belgian police takes such drastic action on such a short notice. Except if they have decided to activate the Belgian firewall they have been rumored to prepare.

    another problem with the action is that the so-called illegal names are NOT on the site themselves but are on another site but they have links to that site. So does that mean that ANY BELGIAN SITE or SITE on the internet as the internet is a .com or .nl website that has - according to Belgian law (any Belgian law) - links to content or actions that are deemed illegal the next victim of such a firewall.

    maybe we could even be next. Welcome to the new Europe. Looks like China but it can become like China if we let it become like China.

    Another question what happens with the logs of the people who try to visit this site ? They have to be kept by the ISP's for about a year, no ? So what will happen with them because these people are all doing illegal acts according to the Belgian law. There is even clear intent. Or anyone who tries to use an online or other proxy or TOR service to see the sites without the filters.

    this is what it looks like (click on the images)



  • more greyzone investigations in Belgium

    We have been talking lately about the sector of intelligence and background information that is acting in more or less a grey zone - even if there are laws to abide. The last days a couple of other incidents showed that these are active.

    * Electrabel the main operator of our power grid asked an analysis of Greenpeace from some anti-terror specialists "European Strategic Intelligence and Security Center (Esisc)" who said the actions were organised in a military style, whatever that means. It is not clear if the information has been collected through espionage or infiltration or whatever illegal. The person responsable for the study has lost his licence as security consultancy afterwards for other illegal activities.

    * A populist politician Dedecker has asked a private detective to go through every aspect of family and business life of our Belgian minister of external affairs De Gucht (as numerous other international intelligence agencies did ....). He said he wanted to investigate some rumors but it seems he was out on revenge or parainoid like Nixon (everybody is lying and everybody is against me). In the US this seems to be a normal part of the political preparation of a campaign (even by your own party) but in Belgium this is a first.

    Both initiatives are just plain stupid and didn't take into account that the risks outweigh far the usefulness of the information. As explained before the internet gives you numerous ways to monitor your opponents and do research without involving any of these tactics. And it would cost you also less.

  • Even in a country with so much oversight, mission creep kills privacy

    As first reported by, the software, called a "computer and internet protocol address verifier," or CIPAV, is designed to infiltrate a target's computer and gather a wide range of information, which it secretly sends to an FBI server in eastern Virginia. The FBI's use of the spyware surfaced in 2007 when the bureau used it to track e-mailed bomb threats against a Washington state high school to a 15-year-old student.

    But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online. Shortly after its launch, the program became so popular with federal law enforcement that Justice Department lawyers in Washington warned that overuse of the novel technique could result in its electronic evidence being thrown out of court in some cases.

    So this is a clear example of mission creep that one should keep in mind when launching new initiatives and products for the surveillance society. You begin with the normal part (blocking childporn, prosecuting and following terrorists) and before you know it someone is using it for things that weren't supposed to be done by the civil part of the table but that was already on the minds of the intelligence-military-police part of the table. It is necessary that there should be a total trustlevel between the two sides about the respect for the real and normal obligations and fights to win but that at all cost the normal civil democratic rights and privacy should be respected and left alone.

    The police-military-intelligence part of the table should understand that the oversight and controls are necessary to build and keep that trust and that without that trust they won't get all the other projects and investments and manpower that they need to win the 'cyberwar' and bring some order and security in the Wild Wild Web.

    What is scareful is that in the US there are so many strong and protected means of oversight and controls - especially if you compare it to the European (dis)Union. We even don't have an European President, the members of the Cabinet are non-elected officials (european wise) and the members of Parliament are members of something but surely not of something that is worth being called a parliament (it doesn't have enough powers and will to be a truely independent representative parliament).

    Meanwhile there are lots of projects going on here on European level that should rise some eyebrowses. Sufficient Oversight nowhere to be seen.

  • have you the same name as a pedophile on the list

    You should check this because for several of the names without much information you can find several or one other person without being absolutely sure that

    * the information on the list is correct and the latest

    * the person online is someone else

    If you have that *luck* you will be in deep shit reputationwise online.

    You should surely pay attention who you connect to or make friends with online because it could be mistaken identities but that would confirm the suspicion that you are the same person....

    because you have some known pedos as friend in facebook or somewhere else....

  • Belgian pedo's with name and pics online

    It is one of these mini controversies getting totally out of hand here. Our Minister of Justice, Computer Crime Unit and Privacy Commission are all mobilized to get this thing under control in an coordinated effort we have NEVER seen for any of the other MAJOR problems with ITsecurity in Belgium. (the fastflux botnet blocking being the major exception).

    And who is being protected by this campaign ? The privacy of pedophiles.....

    But the internet ain't that simple.

    Once the information is out it is very hard to get it back into the can.

    So after the anti-pedo sites (official and non-official) in Holland, US and UK someone decided to get such a register online for Belgium.

    He couldn't with a Belgian domainname (the rootserver could block it) so he used a .com name out of Holland. But there is an European cooperation between the Justice and police Departments so that was not enough. So the files and the texts of the site are all adapted from out of the States (one mistake is enough to proof otherwise). But as there is also some cooperation between the US and the EU and you can't be too sure (even if in the US you have a Constitutional Right of Free expression and there are a lot of those sites around in the US, none of them is limited to Holland and Belgium).

    So the site with the names and the pics is based in Latin America (any proxies or mirroring foreseen ?). In fact if he was smarter he would look for a country with which neither Holland nor Belgium have an extradiction agreement nor an agreement about judicial cooperation that would cover this kind of stuff. Nearly failed states enough around the world.

    If he is really smart he sends his info to wikileaks and than it is just totally internetpublic. Just to proof that you won't keep this kind of information under 'the bed' in the internetconnected world of today if there is no official or more trustworthy alternative. (for example a database for schools, scouts and other institutions that work with children and by which they only do research under a Non Disclosure Agreement).

    If you look at the site www.  pedoseksuelenonline  .co  .cc (not a link) than you will see that there are only pics for some of the convicted and notorious pedos of Belgian criminal history (Dutroux and his gang of losers) and that the information about the others isn't that complete (even if the person says that he only publishes if there would be a complete file with criminal records about the person).

    This makes his project much more problematic and if he was smart he would review this list and only publish that information about which he is absolutely sure and has the criminal convictions in hand. As the list is now it shows the dangers of such initiatives and the contradictions between his declarations and intentions and the practical effects. The anti-pedo movement also attracts some lunatics and all-believeers (believe anything because you trust nothing official). They are the biggest danger for the movement because they will decend it in ridicule, mistakes, paranoia and disaster.

    It should be the state that should publicize this. But the government thinks that somebody should have a second chance and that making this (or anything else criminal) public online will harm this. Some other people believe that pedos will always stay pedos and that more care should be given to the fact that those people should be more closely followed up even if they have left prison long ago. Just to be sure.

    Than you won't need amateuristic dangerous websites like this.

    Just hitting this man won't make the controversy go away. THe state should give the parents the assurance that convicted pedos are being monitored closely and that they will never work with or live nearby children again for ever.

    Otherwise you will have acts like in France where someone was mobbed because he looked like a convicted pedo who was rumored to be keeping a watch on the local school and children. The fathers formed a lynch mob to protect their neighborhood and stood guard with a bad pic. As he looked like the man in question he was stopped and when he tried to flee he was mobbed. THe police had to intervene to rescue him. In the UK there were also acts like that against (suspected) pedos.

    If the state could earn the trust of the parents that they are doing all they can to monitor these predators and limit their possibilities to start it all over again elsewhere or with someone else than all those things wouldn't happen.

    But you have to earn trust, especially about the security of your children.

  • belgian joke Minister of Justice forgets privacy reglementation

    We have in Belgium on paper some very strict privacy rules that are set up by a more or less independent Privacycommission.

    The privacycommission had to intervene to recall to the politicians - who are ready to go to battle in the upcoming June elections - that the privacyrules are very strict and that it is far from evident that they could use listings of private citizens without their explecit approval.

    The incident was that the Minister of Justice wanted a listing of persons that were going to celebrate a great number of years of marriage.

  • Belgian joke 2 : forgot to use BCC in an internal mail

    A regional administration forgot to use BCC or a specific mailingsoftware so that no one would be able to see all the emailadresses of all the others who were receiving the newsletter.

    One of the workers gave this complete mailinglist to a small extreme rightwing party who used it to send its mailings around, which caused quite a stir in that multicultural environment.

    Nothing so simple as using BCC for your mail (and your own adress in the first place) or a specialised mailingsoftware.

    Legally it is spamming but it is not clear yet if a file will be filed. In fact every 'victim' of the mail from that party could to this.

  • Do you believe them ? Certified Service offers the possibility to our users to prove their true identity to other users over the Internet. Certified users store their certified identity information to the service and create a link between an Internet community and their verified true identity stored at Certified. By getting your digital ID certified, the service will compare it from trusted data sources such as your bank info and public registers.

    To get your ID Certified, you will need to enter your real information, such as your first and last name, date of birth…

    You will also need a credit card with the same name
    To finalize your ID Certification, you will have to provide your real postal address, where we will send you a printed letter with a 6-digits code. Once this step is completed, your ID will be certified. that you are certifying. We will charge you only once a random certification fee between €2 and €5. Then you will have to check your bank statement and fill in on the site the exact amount in Euro you’ve been charged. (We do not keep your credit card information).

    I believe in Santa claus and my name is IDthief. I hope their security is in order or is it also in beta

  • new word sexting

    the word comes from texting or sending an SMS

    as most mobiles have now incorporated cams and can receive and send instantly pics and movies, sex on mobiles (thought through or not) is one of the necessary side-effects.

    For some prosecutors in the US, teens that are hanging out (drunk or not) and showing different parts of their body or underwear equals childporn ( a word the media loves so it can also have more online readers).

    The EFF has decided to come into action because this was not the intention of the childporn laws.

    However everything you do digital will not go away so some things should never be digitalised or even memorized by anything more than the eyes, brains, dreams and heart of your other part.

  • online familytrees and security questions

    We have been discovering the fun of placing a familytree online and discovering and contacting new relatives (as funerals are perfect for that)

    But why do some services still like to pose security questions like what is your mothers maiden name or something like that.

    If it ain't on the blog it will be somewhere on a familytree by someone of your family and the bigger your family the bigger the chance it is online.

    And even if it is private it would be a perfect example of social engineering if you lost your control about who accesses your accounts (keyloggers, passwordstealers)