People grumbling to friends about their health or waiting times at hospitals is nothing new. But as more choose to do so on internet forums and social networks such as Twitter and Facebook, they may be surprised to learn that hospitals and healthcare professionals are “listening in”.
Organisations such as the Care Quality Commission, the health and social care regulator, and several NHS hospitals are starting to trawl the web for clues about where they need to investigate low standards or direct extra resources.
Social-media monitoring is becoming common in the private sector, as companies listen out for complaints about their own services, or those of competitors, to help poach customers.
In the public sector, where the pace of technological change is often glacial, “eavesdropping” on online conversations can tap opinions from people who may not want to fill in a formal survey form.
The commission has been working with Qinetiq, the defence technology company and former government agency, to help it scan and automatically categorise internet comments. Similar technology is used by security services to look for terrorist “chatter” online.
The commission plans to pilot the service early next year, initially looking at comments on hospital websites, local news reports and health forums – all with the intention of helping its inspectors to prioritise the sites they need to investigate more closely.
The system, which builds on its existing information gathering and management technology, could then be extended to Twitter and Facebook, said Richard Hamblin, the commission’s director of intelligence.
From next spring, the commission will regulate 45,000 nursing homes, GP surgeries, dental practices and other healthcare outfits, up from 27,000 today – although it will not have new funds to increase its team of inspectors in proportion.
“We are being forced to think about how to do more with less,” said Mr Hamblin. “Even if you quadrupled [staffing], you would not get round as many as you would want to, so you need to get smarter about where the biggest risks are and concentrate resources there.”
The agency uses a team of four to categorise manually about 1,000 comments from 15 different sources every month. It is testing cutting-edge linguistic technology developed by a team at Oxford University to categorise automatically more qualitative information.
That will allow new data to be processed from a greater number of sources from around the web, and the same team can move into more sophisticated tasks, analysing the results. The project is likely to cost less than half that of processing the information manually over its first year.
Within the NHS, many hospitals – including London’s St George’s Trust, West Middlesex and Barts – and primary care trusts have created Twitter and Facebook accounts.
Although most use social networks only to share information and health tips, some are used to scan for patients tweeting about their ailments or treatment, mentioning the hospital’s name.
A group of NHS social media enthusiasts hold a virtual meeting on Twitter every Monday to discuss how best to use the new channels.
Samuel Ridge, senior communications manager for St George’s Trust, said the hospital had picked up on concerns tweeted by a kidney patient and photographs posted of damaged facilities.
“[Patients] speak openly and honestly in what is a friendly but public environment. These informal forums don’t exist within the NHS,” he said.It’s quite early days but we have quite comprehensive monitoring in place. It gives us a clear impression about what people feel about us as a hospital and the NHS.”
Mr Ridge admits that this “eavesdropping” could raise questions about patient confidentiality. His team is careful not to reveal personal information by replying to patients in public; individual follow-ups are always made by phone, e-mail or private message.
“We are not playing big brother,” Mr Ridge says. “If we can provide support to patients via that medium, it’s a brave step to make but there might be some strong patient benefits.”
The ongoing criminal case involving Sacramento real estate magnate Michael Lyon is prompting Sacramento’s district attorney to seek legislative relief for alleged victims of video voyeurism.
At issue: the state’s three-year statute of limitations, which sets a limit on the time prosecutors can initiate criminal proceedings after the offense occurred. Each state determines its own statute of limitations for criminal and civil matters, which aims to balance a victim’s right to justice with a would-be defendant’s right to be free from open-ended legal action.
Memories fade, investigations grow stale and witnesses die or move away.
In California and elsewhere, though, the statute of limitations for video voyeurism has presented a quandary for law enforcement officials, who say predators often operate for years before their activities are discovered. When they are, evidence may literally be staring investigators in the face, but the case is “too old” to seek justice for victims in the criminal courts.
“It’s just basic fairness here,” said Sacramento County Assistant Chief Deputy District Attorney Jeff Rose.
“The whole purpose of somebody having surreptitious recordings is to keep it secret. Therefore, they get rewarded if they keep it secret long enough – i.e., three years – where they can never be prosecuted. Somehow, that just doesn’t seem fair.”
Rose said the Sacramento County District Attorney’s Office has asked the California District Attorneys Association to back legislation that would start the meter running when the illegal videotaping is discovered – not when the offenses occurred.
In Lyon’s case, investigators have discovered sordid images of people being secretly taped in private acts dating back to at least 1988, including two former nannies, sources told The Bee.
However, given the three-year statute of limitations, the District Attorney’s Office was able to bring charges based only on Lyon’s alleged sexual encounters with three prostitutes in 2008 and 2009.
Wiretap charges filed
In late August, Lyon, 54, stepped down as CEO of the company his father founded amid an investigation into whether he had illegally recorded houseguests, friends and prostitutes with cameras hidden in bathrooms and bedrooms.
A 16-month federal probe was closed that same month after the U.S. attorney’s office concluded it lacked the evidence to bring federal charges. But the Sacramento County sheriff and district attorney picked up the investigation in light of the allegations of long-running illegal taping and arrested the prominent businessman in November.
Lyon faces four felony counts of recording confidential communications, charges that stem from allegations that he recorded his sex acts with three prostitutes, without their knowledge, over the past three years. His attorney, William Portanova, has said his client will fight the charges, and Lyon is expected to enter a plea at his next hearing on Jan. 12.
Portanova has repeatedly said Lyon did nothing wrong and recently told The Bee that his client “does not electronically eavesdrop on anybody without their permission, period, plain and simple.”
Lyon is being charged under the state’s wiretapping law, which makes it a crime to record or eavesdrop on private communications – which has been interpreted in California to include sexual relations. The state also has a law specifically addressing video voyeurism, a misdemeanor with a one-year statute of limitations.
By filing under the wiretapping law, the district attorney was able to pursue the more serious felony charges and get a wider berth with a three-year statute of limitations. While the current case revolves around prostitutes, Rose recently told The Bee that prosecutors may be able to present the older evidence involving the nannies, houseguests and others to establish a pattern of conduct.
Cory Salzillo, director of legislation for the California District Attorneys Association, said the group will have no formal position on the proposal to change the statute of limitations until after the legislation committee meets in January.
Statutes trail technology
Meanwhile, the idea intrigues several legal experts and victims rights advocates, who say many states’ statute of limitations on illicit recording failed to keep pace with technology and the increasing ease with which unsuspecting victims can be monitored.
Law enforcement documents reviewed by The Bee indicate Lyon concealed high-tech cameras inside clock radios and other household items. Detectives who served search warrants at his home and on his vehicles seized computers, cameras, digital storage devices and a pair of high-tech eyeglasses that can be used to watch videos or make recordings, court documents indicate.
Rose said California’s statute of limitations treats similar crimes unevenly. For instance, in cases of fraud, the three-year time period in which prosecutors can bring charges begins when the crime is discovered. Rose likened fraud to video voyeurism, in that perpetrators of both crimes rely on secrecy and deception and often avoid detection for years.
“Why shouldn’t it be the same in these cases?” he asked.
California’s civil courts also are less restrictive, with victims of illegal taping given one year to file suit from the time the crime was discovered.
In fact, Lyon is being sued by a former nanny and a long-time family friend for allegedly videotaping them secretly when both were teenagers. The two, whose names were not revealed in the lawsuit, accuse Lyon of committing “an egregious breach of societal norms” by taping them while they used bathrooms in his homes.
The former nanny was taped in the shower and bathroom of the Lyon family vacation home near Lake Tahoe sometime around 1992, according to law enforcement documents reviewed by The Bee. The woman was about 16 at the time she was recorded emerging from the shower and blow-drying her hair, the documents state.
The other plaintiff is a family friend who was 18 at the time he was recorded in 2006 while in the bathroom of the Lyon’s Arden Arcade-area home.
Shock is still fresh
Despite the passage of time, the injuries are fresh to the plaintiffs, who recently had to identify themselves on tapes recovered by the FBI, said their attorney, Robert Zimmerman. The recordings have revealed numerous people – not just prostitutes – who were captured in private moments in Lyon’s homes, the attorney said.
“When you see the cross-section of people involved in this secret monitoring, it just violates trust on so many different levels,” Zimmerman said.
Portanova, Lyon’s attorney, said the limits on prosecuting alleged crimes “are on the books for a reason.” Evidence gets old, memories falter.
“It is difficult to prove your defense years after the fact,” he said. “Generally speaking, the most heinous crimes like murder have no statutes of limitations, and of course that makes sense. But most misdemeanor crimes are prosecutable within a year or the opportunity to prosecute is gone forever, as it should be.”
Every crime – misdemeanors and felonies – has its own statute of limitations enacted by the Legislature over the past 100 years, he said.
“There’s a balance that has to be found between rational law enforcement and the ability of an individual to gather evidence to meet the accusation,” Portanova said.
Others believe the balance has tipped too far toward defendants when it comes to video voyeurism.
Susan Howley of the National Center for Victims of Crime said she believes it “makes a lot of policy sense” for states to re-examine their statutes for these unique crimes, especially with advancing technology.
“When you have cases like this where you have significant evidence – and the prosecutor believes he or she can move forward and make the case – there shouldn’t be an arbitrary cutoff of justice here,” she said.
“For many victims, it can be just as devastating – even after the passage of time.”
CATCHING UP WITH THE LYON CASE
• In late August, real estate magnate Michael Lyon, 54, stepped down as CEO of the company his father founded amid an investigation into whether he had illegally recorded houseguests, friends and prostitutes with cameras hidden in bathrooms and bedrooms.
• A 16-month federal probe was closed that same month after the U.S. attorney’s office concluded it lacked the evidence to bring federal charges.
• The Sacramento County sheriff and district attorney picked up the investigation in light of the allegations of long-running illegal taping and arrested Lyon in November. He faces four felony counts.
• Lyon’s attorney has said his client will fight the charges, and Lyon is expected to enter a plea at his next hearing on Jan. 12.
© Copyright The Sacramento Bee. All rights reserved.
Call The Bee’s Marjie Lundstrom, (916) 321-1055.
KNOXVILLE — Heads up kids: Big Brother can’t tap your phones, but mom and dad can.
So says the state Court of Appeals in a legally groundbreaking opinion that uses a Knox County custody battle as the backdrop.
“The parties agree that this is an issue of first impression in Tennessee,” Appellate Judge Charles D. Susano Jr. wrote in a recently released opinion, meaning that this is the first case of its kind.
Since 1994, it has been a crime in Tennessee to secretly record or eavesdrop on a phone call between two unsuspecting adults.
That made tapping a cheating spouse’s phone, for instance, to garner proof of a liaison a legal no-no, punishable by jail time and civil damages.
But what if mom secretly records a chat between dad and daughter and uses it in a custody fight? Do children have a right to telephonic privacy?
Until now, the issue had never been tested. Enter Knox County parents Chris Lawrence and Leigh Ann Lawrence and their toddler daughter, then 30 months old.
While father and daughter chatted on the phone in the spring of 2007, Leigh Ann Lawrence held up a tape recorder to a phone in another room and recorded the conversation.
Read full story at the Knoxville News Sentinel.
The 802.11n standard was ratified in 2009 and WiFi really took off in 2010, with support showing up in an array of consumer electronic devices. Unfortunately security related issues escalated right along with growing acceptance.  Here’s a look back at the WiFi security issues that emerged this year.
Virtual WiFi leads to rogue access points: The Windows 7 virtual WiFi capability, or soft AP, became popular in the early part of 2010, with users downloading millions of copies of free programs such as Connectify to exploit feature.  But it didn’t take long for security experts to see the danger and warn organizations about the possibility of employees creating possible rogue access points using virtual WiFi. These rogue APs can create a hole in your network security and allow an unauthorized user to “ghost ride” into the corporate network.  This type of access can be difficult to notice using traditional wire-side techniques, so experts advocated watching carefully for the appearance of rogue APs while upgrading machines to Windows 7.
MiFi gains popularity: Â Steve Jobs experienced a WiFi malfunction during the iPhone 4 launch in June 2010. An examination after the fact revealed that around 500 mobile hotspot networks were in use, supporting some 1,000 WiFi devices. This incident brought to light the security issues that can crop up from use of MiFi, and experts suggest using dedicated monitoring solutions capable of detecting these unauthorized devices on a 24×7 basis.
Google’s WiFi snooping controversy: In the middle of 2010 Google admitted that their cars used to collect Street View information also mistakenly collected payload data from unsecured WiFi networks. Many viewed the act as a privacy breach because the data collected included personal information such as email, passwords, fragments of files, browsed Internet data, pictures, video clips, etc. The controversy was a major black eye for Google but served as a big wake up call for all those WiFi users who still haven’t secured their WiFi networks. Â
Russian spies and peer-to-peer WiFi links: The use of private, adhoc WiFi networks for secret communication came to light when the FBI arrested a group of Russian spies who were using the tools to privately transfer data. Such adhoc WiFi networks set up links between WiFi users without using a centralized WiFi router. Corporations are advised to deploy monitoring tools that can snoop out such connections.
Fake WiFi stealing data from smartphones: Security experts discover that using a smartphone’s WiFi capability to access an open or public network can lead to a vulnerability if the user doesn’t tell the phone to forget the network.  Users that don’t follow this advice are in danger of getting trapped into a fake WiFi network by someone with malicious intents. Once trapped, users can end up leaking passwords and other private data, and might be at risk of malware and worms.
Hole196 uncovered for WPA/WPA WiFi networks: Â The name Hole196 was used for the vulnerability that was uncovered at security conferences in Las Vegas in July by AirTight Networks. The vulnerability was mainly targeted at WPA2 (using AES encryption) WiFi networks configured with 802.1x Authentication mechanism. Before Hole196 showed up, such networks were considered some of the most secure WiFi deployments around. With Hole196, these networks can be subjected to a fatal insider attack, where an insider can bypass the WPA2 private key encryption and 802.1x authentication to scan devices for vulnerabilities, install malware and steal personal or confidential corporate information. Although specially targeted at WPA (AES)/802.1x networks, the vulnerability also applies to the WPA/WPA2-PSK networks.
The folks that found Hole196 say exploiting the vulnerability is simple and the attack isn’t detected by traditional wire-side IDS/IPS systems. Being an insider attack, the importance of Hole196 was downplayed by some experts, but reports point out that, with the rise of insider attacks, Hole196 is now considered important. Security experts strongly advocate the use of a comprehensive WIPS solution.
Firesheep turns layman into WiFi hackers: Firesheep, the Firefox extension developed by Eric Butler, was released for public use in late 2010. Since then it has gained tremendous attention because it has almost automated the task of hacking over insecure WiFi networks such as hotspots. With Firesheep and a compatible WiFi client card, a malicious user just needs a single click to see the details of various people in his/her vicinity, visiting their respective accounts on websites (using unencrypted after-login session), such as Facebook, Twitter, Amazon, etc.
Another click and the malicious user can log into these sites, meaning even laymen can become hackers. Security experts remind people to exercise extra precaution while enjoying unsecured WiFi connections. The world is hoping Firesheep’s popularity will motivate the popular social network websites to take further steps to protect user security.
Smartphone as WiFi attacker: The year 2010 witnessed the release of many new high end smartphones but these devices are now being seen as active threats. While attackers previously needed to carry a notebook to eavesdrop on WiFi links or launch sophisticated WiFi attacks, they can now perform these tasks using a high end smartphone.
Reviewing the list of WiFi security issues that came up in 2010, it can be expected that 2011 will witness more of the same. With new WiFi attack vectors emerging, corporations will realize they need additional layers of security that can provide active protection.
About the author: Ajay Kumar Gupta is presently working with an enterprise dealing in WiFi security products. He has been in the field of wireless security for more than five years and is a frequent contributor to leading security magazines and blogs. He holds a master’s of technology degree from IIT Bombay in India.
Read more about anti-malware in Network World’s Anti-malware section.
You may not believe to see it but Rupert Murdoch‘s British tabloid News of the World has rules.