Connect with us

Technology

UK watchdog would cease to enforce data protection law if Supreme Court sided with Google, its lawyer tells judges • The Register

Published

on

A barrister for the Information Commissioner’s Office hinted the regulator would stop enforcing the law on data breaches if the Supreme Court sides with Google in a case about class-action lawsuits.

The startling threat was made on behalf of the ICO by barrister Gerry Facenna QC, who was intervening on the authority’s behalf in the Lloyd v Google data protection case.

“If a large number of data subjects have had their data lost, then they have per se suffered damage: harm of the type that I described, namely loss of control of their data,” Facenna told judges in the UK’s highest court. “That is the commissioner’s view of these provisions, that’s the basis on which she takes regulatory action at the moment. If the word ‘damage’ in this regime does not include mere loss of control, it would have to be taken into account in the exercise of those regulatory barriers.”

Facenna was speaking about the difference between a “loss of control” of data by a data controller and “damage” suffered by data subjects as a result of that loss. A loss of control (as alleged here, using personal data given for one purpose for something else altogether) is against the law.

Google previously argued in the case that in law there should be a difference between loss of control and damage, saying that even though it caused the loss of control of millions of Safari users’ data it shouldn’t be held liable because there is no coherent proof anyone suffered damage (in the legal sense) as a result.

Facenna’s written submissions to the Supreme Court about this made the ICO’s position plain, saying:

The barrister also insisted that the ICO was not siding with Richard Lloyd, whose Google You Owe Us campaign aims to extract up to £3bn from Google for its early-2010s Safari Workaround naughtiness, up to half of which will go to a venture capital fund backing the campaign.

You can’t consent to something that’s unlawful

Before Facenna’s arguments came Hugh Tomlinson QC, who was putting Lloyd’s case against Google to the Supreme Court’s judges. Tomlinson had argued the exact same thing as Facenna; drawing a legal distinction between loss of control and damage caused by a data breach would, he said, create a great big hole in data protection law for companies who set out to deliberately misuse it.

While accepting that British users of Apple’s Safari browser in the early 2010s were “very unlikely” to have “suffered material damage” from Google slurping their browser-generated information to beam targeted ads at them, Tomlinson added: “It’s obvious the members of the class have the same interest in the claim. Their interest is in establishing Google breached their data protection rights by operation of the Safari Workaround.”

Profiteering and vindication

Lord Burrows, one of the judges, pondered why “culpability for the breach is relevant” for a loss-of-control case. How could suing Google for loss of control be “effective” when the alleged naughtiness was “profiteering” by a business rather than an overtly criminal act?

“My lord,” answered Tomlinson, picking his words carefully, “we say, from the point of view of the claimants, that losing control of your data or private information where someone has given it away, is a different and more serious wrong than one where it has been done accidentally.”

Killer robot

Vivaldi update unleashes the ‘Cookie Crumbler’ to simply block any services asking for consent (sites may break)

READ MORE

Unsatisfied, Lord Burrows got to the heart of his question: “But it sounds to me – I’m putting it to you now, that what you’re focusing on is not loss of control, you’re focusing on the nature of the breach and that is what you’re seeking the award for. This isn’t compensation at all, that you are in effect asking about something like vindicatory damages.”

It was explained earlier that vindicatory damages wouldn’t be available for Lloyd’s claim against Google. Dropped in front of a treacherous hill, Tomlinson shifted down a gear, looking the least confident that he had at any point in this case since 2018.

“I am certainly, as your lordship knows for reasons which concern the constitution of a representative action – I cannot focus on the individual circumstances of the claimants because that would make it impossible to have a collective action. So I am focusing on the nature of the breach,” said the QC.

And we get back to the money

As for the funding of Lloyd’s case, Tomlinson was blunt: without Therium Capital Partners LLC backing it and paying Lloyd his £50,000 salary, suing Google “wouldn’t have been practical in this case.” He also revealed that Lloyd’s lawyers would be “seeking an order that [if it lost the main case] Google paid damages to the representative on behalf of the members of the class.”

This means Lloyd and his backers would have control of whatever compensation Google was ordered to pay out.

Lord Leggatt, another judge, asked about this. “Suppose damages are awarded on the basis the claimants are entitled to £500 or whatever it is. What is the legal basis for the first part of that sum to be paid out to the litigation funders without their consent? [The members of the class] never signed up to the litigation funding?”

“Because,” replied Tomlinson, “that is the cost of obtaining the damages. It’s the cost of getting in the fund.”

Lord Leggatt replied: “They didn’t choose that the funders should get the first 40 per cent or whatever it is.” Google has previously pointed out in court that Therium Litigation Funding IC is in fact entitled to 50 per cent of the winnings.

Tomlinson dismissed this by saying members of the representative class could take whatever pittance Lloyd offered them or go away and start their own lawsuit, saying: “Your lordship is right, of course, they didn’t authorise it but the position is, without the funders, there’d be no fund at all, and as I say [members of the class] have the option to come to court and say ‘we don’t want anything to do with this action.’ Or ‘we want to proceed on our own.’ Or ‘we’re not interested in it in any way.'”

Realising this approach would mean that damages awarded to millions of people would end up concentrated in the pockets of a tiny handful, Lord Leggatt persisted: “I’m not sure how you say damages awarded to them can be allocated without their permission to litigation funders… what’s the legal principle there, more precisely? Inherent jurisdiction, restitutionary principle? What is it?”

“Mr Lloyd is the trustee of the funds,” explained Tomlinson. “He would hold it on trust for a member of the class. The trustee is entitled to remuneration for getting in the trust’s property. It is on that analogy, we say, one of the costs of getting in the trust property is the cost of funding the litigation.”

The case has now concluded and judgment will be handed down in the not-so-near future. It will set a binding precedent on how class-action lawsuits go ahead in future, so the principles here will set the tone of mass data protection lawsuits for the 2020s.

Once the Supreme Court rules on the legal question being decided here (whether Lloyd should have been refused permission to serve his not-quite-a-class-action case on Google), a lower court will have a full hearing of the Data Protection Act rights and wrongs – and, in turn, that court’s future decision will probably end up being appealed every which way. The odds of any ordinary person receiving a payout from Google are remote in the meantime, but El Reg will be chronicling it all nonetheless. ®

Source link

Technology

For a true display of wealth, dab printer ink behind your ears instead of Chanel No. 5 • The Register

Published

on

Printer ink continues to rank as one of the most expensive liquids around with a litre of the home office essential costing the same as a very high-end bottle of bubbly or an oak-aged Cognac.

Consumer advocate Which? has found that ink bought from printer manufactures can be up to 286 per cent more expensive than third-party alternatives.

Dipping its nib in one inkwell before delicately wiping off the excess on some blotting paper, Which? found that a multipack of colour ink (cyan, magenta, yellow) for the WorkForce WF-7210DTW printer costs £75.49 from Epson.

“This works out at an astonishing £2,410 a litre – or £1,369 for a pint,” said Which?.

The consumer outfit also reported that since the Epson printer also requires a separate Epson black cartridge for £31.99, it takes the combined cost of replacement inks for the Workforce printer to a wallet-busting £107.98.

On the other hand, if people ditched the brand and opted for a full set of black and colour inks from a reputable third-party supplier, it would cost just £10.99 – less than a tenth of the price.

Printing has become essential for plenty of workers holed up at home during the pandemic. The survey by Which? of 10,000 consumers found 54 per cent use their printer at least once a week. Which? said it estimates an inkjet cartridge would need to be replaced three times a year.

The report discovered tactics used by the big vendors to promote the use of “approved”, “original”, and “guaranteed” ink supplies.

It found Epson devices, for example, flagging up a “non-genuine ink detected” message on its LCD screen when using a non-Epson cartridge, and HP printers are actively blocking customers from using non-HP supplies.

Adam French, a consumer rights champion at Which?, reckons this situation is simply unacceptable.

“Printer ink shouldn’t cost more than a bottle of high-end Champagne or Chanel No. 5,” said French. “We’ve found that there are lots of third-party products that are outperforming their branded counterparts at a fraction of the cost.”

In a rallying call to consumers he said that third-party ink should be a personal choice and not “dictated by the make of your printer.”

“Which? will continue to make consumers aware of the staggering cost differences between own-brand and third-party inks and give people the information they need to buy the best ink for their printer,” he said.

Which is exactly what the Consumers Association said almost 20 years ago when it reported that printer ink cost around £1,700 a litre. Then – as now – the Consumer Association advised consumers to steer clear of brand-name printer cartridges and pick cheaper alternatives instead.

The survey by Which? found that 16 third party brands beat the big brands in terms of ink prices.

Epson wasn’t the only printer biz to be singled out for sky-high ink prices. Canon, and HP were fingered too.

For its part, Epson said customers “should be offered choice… to meet their printing needs” and listed a number of options including its EcoTank systems and a monthly Ink Subscription service.

And in a nod to anyone looking to save money by using a third party, Epson said: “Finally, as non-genuine inks are not designed or tested by Epson we cannot guarantee that these inks will not damage the printer. Whilst Epson does not prevent the use of non-Epson inks, we believe that it is reasonable, indeed responsible, that a warning is displayed as any damage caused by the use of the inks may invalidate the warranty.”

As part of its investigation, Which? found that some HP printers use a system called “dynamic security” which recognises cartridges that use non-HP chips and stops them from working.

HP has tried to battle against third party ink makers trying to capture supplies sales by overhauling the model of its printer business: by shifting to ink tanks printers that come pre-loaded with supplies for an estimated timeframe; or by selling the printer hardware for more upfront and allowing biz customers or consumers to buy the supplies they want.

In response to Which?, HP said it “offers quality, sustainable and secure print supplies with a range of options for customers to choose from, including HP Instant Ink – a convenient printing subscription service with over 9 million users that can save UK customers up to 70 per cent on ink costs, with ink plans starting at £0.99 per month.”

Reg readers may remember the kerfuffle around HP’s Instant Ink. The free plan was reinstated, sort of. For existing customers.

Over at Canon, a spokesperson said third-party ink products can work with its printers, but the “technology inside is designed to function correctly with our genuine inks which are formulated specifically to work with Canon technology.”

“Customers are encouraged to use genuine inks to ensure the longevity of their printer, and also to ensure that their final prints are of a standard we deem Canon quality. In addition, the use of third party inks invalidates the warranty of the printer.”

With almost four in ten (39 per cent) people saying that they do not use third-party cartridges because of fears that they might not work with their printer, it might go some way to explain why more than half (56 per cent) of the consumers quizzed said they persist with using potentially pricey original-branded cartridges despite cheaper alternatives being available. ®

Source link

Continue Reading

Technology

Repligen to create 130 new jobs in Waterford site expansion

Published

on

The project adds to the 74 people already employed at the Artesyn Biosolutions facility acquired by Repligen in 2020.

Repligen Corporation is undertaking an expansion of its Waterford site which will see 130 new jobs created, Tánaiste and Minister for Enterprise, Trade and Employment Leo Varadkar, TD, has announced.

The life sciences company is building a new 3,000 sq m facility which will be a centre of excellence for single-use consumable products used in bioprocessing applications. The site currently hosts a 1,000 sq m facility employing 74 people, which was established by Ireland’s Artesyn Biosolutions before that company was acquired by Repligen last November.

Repligen Corporation is a multinational that produces bioprocessing products for use in the pharmaceutical manufacturing process. Headquartered in Massachusetts, the company has sites across the United States and in Estonia, France, Germany, Sweden and the Netherlands, as well as here in Ireland.

According to the company, the new building will be certified silver on the Leadership in Energy and Environmental Design (LEED) rating system from the US Green Building Council. The consumable products manufactured there will be used in filtration and chromatography systems during the production of vaccines and other biopharmaceutical products.

Commenting on the announcement, Varadkar said: “This is excellent news from Repligen with the creation of 130 new jobs in Waterford. It comes on foot of a major jobs announcement by Bausch and Lomb. Waterford is on the move as a centre for jobs and investment.

“I wish the team the very best with their expansion plans.”

James Bylund, senior vice-president at Repligen, added: “We are thrilled to continue the collaboration with the Irish Government and the IDA that was initiated by the Artesyn team. This build-out is an important step in expanding our capacity and establishing dual manufacturing sites for key single-use consumable products used in manufacture of biological drugs.

“With its LEED Silver designation, the facility is closely aligned with our commitment to responsible growth and sustainability.”

Dr Jonathan Downey, managing director at the Waterford facility, said: “Having delivered beyond our commitment in 2019 to bring new jobs to the region through our development of high-end manufacturing capabilities, we are energised and excited about our integration with Repligen and this next phase of growth.

“In addition to our expansion of Artesyn products, and the transfer of manufacturing of certain of Repligen’s current products to our Irish operations, we expect to be utilising the Irish sites to advance additional research, development and innovation programs.”

Source link

Continue Reading

Technology

Emmanuel Macron ‘pushes for Israeli inquiry’ into NSO spyware concerns | France

Published

on

Emmanuel Macron has reportedly spoken to the Israeli prime minister, Naftali Bennett, to ensure that the Israeli government is “properly investigating” allegations that the French president could have been targeted with Israeli-made spyware by Morocco’s security services.

In a phone call, Macron expressed concern that his phone and those of most of his cabinet could have been infected with Pegasus, hacking software developed by the Israeli surveillance firm NSO Group, which enables operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones from infected devices.

The leaked database at the heart of the Pegasus project includes Macron’s mobile phone number.

NSO has said Macron was not a “target” of any of its customers, meaning the company denies he was selected for surveillance using Pegasus. The company says that the fact that a number appeared on the list was in no way indicative of whether that number was selected for surveillance using Pegasus.

The Pegasus project could not examine the mobile phones of the leaders and diplomats, and could therefore not confirm whether there had been any attempt to install malware on their phones.

Quick Guide

What is in the Pegasus project data?

Show

What is in the data leak?

The data leak is a list of more than 50,000 phone numbers that, since 2016, are believed to have been selected as those of people of interest by government clients of NSO Group, which sells surveillance software. The data also contains the time and date that numbers were selected, or entered on to a system. Forbidden Stories, a Paris-based nonprofit journalism organisation, and Amnesty International initially had access to the list and shared access with 16 media organisations including the Guardian. More than 80 journalists have worked together over several months as part of the Pegasus project. Amnesty’s Security Lab, a technical partner on the project, did the forensic analyses.

What does the leak indicate?

The consortium believes the data indicates the potential targets NSO’s government clients identified in advance of possible surveillance. While the data is an indication of intent, the presence of a number in the data does not reveal whether there was an attempt to infect the phone with spyware such as Pegasus, the company’s signature surveillance tool, or whether any attempt succeeded. The presence in the data of a very small number of landlines and US numbers, which NSO says are “technically impossible” to access with its tools, reveals some targets were selected by NSO clients even though they could not be infected with Pegasus. However, forensic examinations of a small sample of mobile phones with numbers on the list found tight correlations between the time and date of a number in the data and the start of Pegasus activity – in some cases as little as a few seconds.

What did forensic analysis reveal?

Amnesty examined 67 smartphones where attacks were suspected. Of those, 23 were successfully infected and 14 showed signs of attempted penetration. For the remaining 30, the tests were inconclusive, in several cases because the handsets had been replaced. Fifteen of the phones were Android devices, none of which showed evidence of successful infection. However, unlike iPhones, phones that use Android do not log the kinds of information required for Amnesty’s detective work. Three Android phones showed signs of targeting, such as Pegasus-linked SMS messages.

Amnesty shared “backup copies” of four iPhones with Citizen Lab, a research group at the University of Toronto that specialises in studying Pegasus, which confirmed that they showed signs of Pegasus infection. Citizen Lab also conducted a peer review of Amnesty’s forensic methods, and found them to be sound.

Which NSO clients were selecting numbers?

While the data is organised into clusters, indicative of individual NSO clients, it does not say which NSO client was responsible for selecting any given number. NSO claims to sell its tools to 60 clients in 40 countries, but refuses to identify them. By closely examining the pattern of targeting by individual clients in the leaked data, media partners were able to identify 10 governments believed to be responsible for selecting the targets: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates. Citizen Lab has also found evidence of all 10 being clients of NSO.

What does NSO Group say?

You can read NSO Group’s full statement here. The company has always said it does not have access to the data of its customers’ targets. Through its lawyers, NSO said the consortium had made “incorrect assumptions” about which clients use the company’s technology. It said the 50,000 number was “exaggerated” and that the list could not be a list of numbers “targeted by governments using Pegasus”. The lawyers said NSO had reason to believe the list accessed by the consortium “is not a list of numbers targeted by governments using Pegasus, but instead, may be part of a larger list of numbers that might have been used by NSO Group customers for other purposes”. They said it was a list of numbers that anyone could search on an open source system. After further questions, the lawyers said the consortium was basing its findings “on misleading interpretation of leaked data from accessible and overt basic information, such as HLR Lookup services, which have no bearing on the list of the customers’ targets of Pegasus or any other NSO products … we still do not see any correlation of these lists to anything related to use of NSO Group technologies”. Following publication, they explained that they considered a “target” to be a phone that was the subject of a successful or attempted (but failed) infection by Pegasus, and reiterated that the list of 50,000 phones was too large for it to represent “targets” of Pegasus. They said that the fact that a number appeared on the list was in no way indicative of whether it had been selected for surveillance using Pegasus. 

What is HLR lookup data?

The term HLR, or home location register, refers to a database that is essential to operating mobile phone networks. Such registers keep records on the networks of phone users and their general locations, along with other identifying information that is used routinely in routing calls and texts. Telecoms and surveillance experts say HLR data can sometimes be used in the early phase of a surveillance attempt, when identifying whether it is possible to connect to a phone. The consortium understands NSO clients have the capability through an interface on the Pegasus system to conduct HLR lookup inquiries. It is unclear whether Pegasus operators are required to conduct HRL lookup inquiries via its interface to use its software; an NSO source stressed its clients may have different reasons – unrelated to Pegasus – for conducting HLR lookups via an NSO system.

Thank you for your feedback.

The Macron-Bennett phone call reportedly took place on Thursday, but was first reported by Israel’s Channel 12 News on Saturday evening after the end of Shabbat, the Jewish day of rest.

The prime minister’s office has declined to comment on the phone call or the two leaders’ conversation. According to Channel 12, an unnamed source said Bennett had stressed that the alleged events occurred before he took office in May, and that a commission was examining whether rules on Israel’s export of cyberweapons such as Pegasus should be tightened.

The Pegasus project – a consortium of 17 media outlets, including the Guardian – revealed last week that government clients around the world have used the hacking software sold by NSO to target human rights activists, journalists and lawyers.

The investigation has been based on forensic analysis of phones and analysis of a leaked database of 50,000 numbers, including that of Macron and those of heads of state and senior government, diplomatic and military officials, in 34 countries.

In multiple statements, NSO said the fact a number appeared on the leaked list was in no way indicative of whether it was selected for surveillance using Pegasus. “The list is not a list of Pegasus targets or potential targets,” the company said. “The numbers in the list are not related to NSO Group in any way.”

But the list is believed to provide insights into those identified as persons of interest by NSO’s clients. It includes people whose phones showed traces of NSO’s signature phone-hacking spyware, Pegasus, according to forensic analysis of their devices. The analysis was conducted by Amnesty International’s security lab, which discovered traces of Pegasus-related activity on 37 out of 67 phones that it analysed.

Q&A

What is the Pegasus project?

Show

The Pegasus project is a collaborative journalistic investigation into the NSO Group and its clients. The company sells surveillance technology to governments worldwide. Its flagship product is Pegasus, spying software – or spyware – that targets iPhones and Android devices. Once a phone is infected, a Pegasus operator can secretly extract chats, photos, emails and location data, or activate microphones and cameras without a user knowing.

Forbidden Stories, a Paris-based nonprofit journalism organisation, and Amnesty International had access to a leak of more than 50,000 phone numbers selected as targets by clients of NSO since 2016. Access to the data was then shared with the Guardian and 16 other news organisations, including the Washington Post, Le Monde, Die Zeit and Süddeutsche Zeitung. More than 80 journalists have worked collaboratively over several months on the investigation, which was coordinated by Forbidden Stories.

Thank you for your feedback.

While the rest of the world grapples with the seismic consequences of the revelations, in Israel reaction has been muted. Meretz, a leftwing party long in opposition but now part of the new government coalition, has asked the defence ministry for “clarification” on the issue, but no party is seeking a freeze of export licences or an inquiry into NSO’s close links to the Israeli state under the tenure of the former prime minister Benjamin Netanyahu.

The defence minister, Benny Gantz, has defended export licences for the hacking tools, claiming that “countries that purchase these systems must meet the terms of use”, which are solely for criminal and terrorism investigations.

But as the mammoth impact of the disclosures has become clearer, the diplomatic pressure on Israel is mounting. On Thursday, the senior Israeli MP Ram Ben-Barak – a former deputy head of the Mossad spy agency – confirmed that the Israeli defence establishment had “appointed a review commission made up of a number of groups” to examine whether policy changes were needed regarding sensitive cyber exports.

US defence officials have also asked their Israeli counterparts for more details on the “disturbing” disclosures stemming from the Pegasus project, the Israeli newspaper Haaretz reported on Saturday.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!