Hackers post politicians’ ID numbers online

Hackers have published online the social insurance numbers of all Norwegian parliamentarians in a bid to start “talks” on digital privacy issues.

Government ministers could read their names and identifying numbers on the website Pastebin courtesy of the name Anonymous. The website lets people anonymously paste in text, as the hackers themselves did with a “press release” declaring their motives.

“We wish to draw attention to the use of birth dates (in the social insurance number) as so-called identification,” the message said.

The “hacktivists”, as theye are known by their peers, say they want Norway to stop using the one birthdate-based social insurance number, or personal number, as blanket ID required for a variety of official electronic exchanges, from purchases to contact with tax authorities and banks. The hackers fear identity theft and excessive tracking of citizens.

The hackers say it’s all too easy to create programmes that retrieve the personal numbers.

“(Politicians) who make decisions should have first-hand experience with … and experience the feeling of how uncomfortable it is to know that this information is available for whomever.”

Norwegian privacy overseer the Datatilsynet told newspaper Dagbladet that uploading the personal numbers — including those of Prime Minister Jens Stoltenberg and former finance minister Kristin Halvorsen — was illegal.

A number of Norwegian banks have been hacked online via programmes that mimic net-banking forms. Customers accustomed to entering their social security, or personal numbers, in online bank forms have unwittingly typed the critical information into the malware forms of criminals using the same online session to track passwords.

Norway’s tax offices recently started issuing one-use personal passwords akin to those the hackers say are issued in Germany.

Member comments

Log in here to leave a comment.
Become a Member to leave a comment.


How Austrian privacy activists are taking on tech giant Google

Austrian online privacy activist Max Schrems has taken on a new battle: taking Google to task for the "illegal" tracking code on its Android mobile phones.

How Austrian privacy activists are taking on tech giant Google
Google headquarters in the rain. Photo: TOLGA AKMEN / AFP

The action against Google is the latest in what Schrems, 33, describes as “David versus Goliath” struggles against the internet’s giants.

Leading a team of seasoned lawyers at his privacy campaign group NOYB (None Of Your Business), the relaxed and affable Schrems tells AFP he is motivated simply by the fact that companies that dominate the internet “make profits from violating the laws”.

READ MORE: Eight weird and wonderful Austrian place names

NOYB was set up in 2018, at the same time as the European Union implemented its landmark General Data Protection Regulation (GDPR), legislation aimed at making it simpler for people to control how companies use their personal information.

The handful of employees at NOYB are currently pursuing no fewer than 150 complaints in various jurisdictions.

“Ideally we should not exist,” says Schrems, pointing to publicly funded watchdogs that ought to be keeping companies in line.

“The problem is that in many member states that is not properly done,” he adds. He cites the example of Ireland, where numerous multinationals have their European headquarters.

That means around 4,000 complaints are filed with the Irish authorities every year but according to Schrems “this year they plan to have six to seven decisions.”

That means that “99.9 percent of the cases… are simply taken and thrown in the trash can”.

“That is a fundamental problem we have in Europe, we are very good at passing laws and praising ourselves about… how great we are at human rights, but we are actually not very good at enforcing it,” he says.

‘Wilful’ rule-breaking 

The latest complaint against Google has been filed with the CNIL, France’s data protection authority.

At the same time, NOYB has an active complaint against Apple over a similar tracking code issue, despite Apple’s stated intention to update its operating system later this year to force app developers to ask users’ permission before tracking their activities across other companies’ apps and websites.

A decade after Schrems tackled his first cases, his outrage at the opaque workings of internet giants has not dimmed, in particular at what he terms “wilful” rule-breaking.

“If no one follows the rule and gets away with it, then why even bother having a democratic process in the first place?” he asks.

He laments the tendency for groups such as the internet’s “Big Four” — Google, Facebook, Amazon and Apple — to engage in “responsibility shifting” to users by introducing new and often bewildering layers of privacy settings.

For example, “Facebook regularly puts out a hundred more buttons with options and then they present it as more privacy for the user, whereas in reality no one in the world is going to click on these buttons,” he says. 


In the context of a debate that has sprung up in relation to coronavirus contact tracing apps, Schrems said he was surprised at the widespread concern over the apps’ privacy implications — despite many of them being well designed in this respect.

“It is a bit strange to think that people trust Google with all their data, but they wouldn’t trust their health ministry,” he says.

Alongside his current legal battles, Schrems is also keeping an eye on talks between the EU and the United States on the thorny matter of data transfers.

He has won two of his most famous legal victories in relation to that issue: in 2020 one of his complaints led the EU’s top court to strike down an online data arrangement known as “Privacy Shield” between Europe and the US.

In 2015, another case brought by Schrems scuppered a previous EU-US deal on which tech giants depended to do business.

What are the chances of a replacement deal that won’t meet a similar fate?

Schrems expects “a half-half solution” that will lead to “Schrems 3,4,5” being thrashed out in the courts, adding: “It’s kind of weird to have your name on a case.”

He strikes a modest tone when reflecting on the way he has become something of a poster boy for online privacy, the “anti-Zuckerberg”.

“You need a David versus Goliath and so on, so I accepted to be that David for the sake of having stories on it,” he says.

In the same way that “you need a Greta Thunberg to have a face on climate change because it’s a very abstract debate… I may sometimes be the face of that privacy debate,” he says.