- Email: [email protected]
European borders on privacy control
Computer Fraud & Security Bulletin
October 1992
that we are losing to foreign competition. Among the top things that people look for are security features." Julie Bort
European Borders on Privacy Control The European Community is developing a police computer system, the European Information System (EIS), in preparation for the abolition of border controls at the end of this year. However the UK government is expressing concern that data protection requirements for the system may be too tough. The system is a direct takeover of the Schengen Information System (SIS) developed by the nine signatories of the Schengen agreement to abolish border controls. The central support and data file transfer functions will be located in Strasbourg, but each individual police force will have its own copy of the complete database. Police forces will be able to ask other forces to conduct 'discreet surveillance' of suspect persons and vehicles, to make arrests, seize stolen goods and so on. A 'convention' associated with the system defines the data protection requirements and includes a reference to the Council of Europe recommendation 87(15) on police systems. The UK has entered a reservation to that recommendation which suggests (a) that lists of people who are not committing or suspected of a crime should not be compiled, and (b) that subjects should have access to the information held about them and be able to have errors corrected. The convention also defines the right of access, but subject to national law. According to the UK's data protection registrar, Eric Howe, this means that a person asking in the UK to see the information held about them could get a different answer than if they asked in, say, France. The discussions about the EIS take place in the Trevi group outside the normal institutions of the EC and its workings are kept secret, as
©1992 Elsevier Science Publishers Ltd
previously happened in the discussions of the Schengen treaty. When Dutch parliamentarians objected to the data protection clauses of the treaty they were told that no amendments could be made. The EIS is due to come into operation at the end of this year, so there will be little or no time for public discussion about the data protection aspects. Paul Gannon
US Prisoners Explore Hacking A new class of American PBX fraudster appears to have emerged. Computer hackers and drug dealers are the source of much of the discovered PBX fraud, however, the inmates of various US prisons are playing an increasing role in this problem. It is made possible by their abuse of Court-mandated access to outside telephone circuits. Several software products designed to alleviate this problem are being sold to prison administrators. Unfortunately, inmates at the Pennsylvania State Correctional Institution in Pittsburgh have already compromised a call restriction system, being tested at the prison by AT&T, several weeks after it was installed. One inmate was arrested after he had fraudulently ordered $3500 worth of jewellery by telephone from a New Mexico store. Belden Menkus
UK Cards Hit by Computer Fault Millions of credit card customers in the UK have been asked to check their statements after a software upgrade caused problems at First Data Resources, which handles over 10 million card accounts. Worst affected was the National Westminster Bank, which wrote to its 250 000 gold card customers warning them that their statements may be wrong. Other card issuers affected include Midland Bank, Lloyds Bank and the Royal Bank of Scotland. The problem was only discovered after customers started writing to their branch offices
5
October 1992
that we are losing to foreign competition. Among the top things that people look for are security features." Julie Bort
European Borders on Privacy Control The European Community is developing a police computer system, the European Information System (EIS), in preparation for the abolition of border controls at the end of this year. However the UK government is expressing concern that data protection requirements for the system may be too tough. The system is a direct takeover of the Schengen Information System (SIS) developed by the nine signatories of the Schengen agreement to abolish border controls. The central support and data file transfer functions will be located in Strasbourg, but each individual police force will have its own copy of the complete database. Police forces will be able to ask other forces to conduct 'discreet surveillance' of suspect persons and vehicles, to make arrests, seize stolen goods and so on. A 'convention' associated with the system defines the data protection requirements and includes a reference to the Council of Europe recommendation 87(15) on police systems. The UK has entered a reservation to that recommendation which suggests (a) that lists of people who are not committing or suspected of a crime should not be compiled, and (b) that subjects should have access to the information held about them and be able to have errors corrected. The convention also defines the right of access, but subject to national law. According to the UK's data protection registrar, Eric Howe, this means that a person asking in the UK to see the information held about them could get a different answer than if they asked in, say, France. The discussions about the EIS take place in the Trevi group outside the normal institutions of the EC and its workings are kept secret, as
©1992 Elsevier Science Publishers Ltd
previously happened in the discussions of the Schengen treaty. When Dutch parliamentarians objected to the data protection clauses of the treaty they were told that no amendments could be made. The EIS is due to come into operation at the end of this year, so there will be little or no time for public discussion about the data protection aspects. Paul Gannon
US Prisoners Explore Hacking A new class of American PBX fraudster appears to have emerged. Computer hackers and drug dealers are the source of much of the discovered PBX fraud, however, the inmates of various US prisons are playing an increasing role in this problem. It is made possible by their abuse of Court-mandated access to outside telephone circuits. Several software products designed to alleviate this problem are being sold to prison administrators. Unfortunately, inmates at the Pennsylvania State Correctional Institution in Pittsburgh have already compromised a call restriction system, being tested at the prison by AT&T, several weeks after it was installed. One inmate was arrested after he had fraudulently ordered $3500 worth of jewellery by telephone from a New Mexico store. Belden Menkus
UK Cards Hit by Computer Fault Millions of credit card customers in the UK have been asked to check their statements after a software upgrade caused problems at First Data Resources, which handles over 10 million card accounts. Worst affected was the National Westminster Bank, which wrote to its 250 000 gold card customers warning them that their statements may be wrong. Other card issuers affected include Midland Bank, Lloyds Bank and the Royal Bank of Scotland. The problem was only discovered after customers started writing to their branch offices
5