All Privacy Invasion Fears Come True: Thanks, Alec

urinals.jpgIn March of 2005, Alec Muffett predicted “National loyalty cards,” and I mocked him for it. Since then, I’ve decided that all non-trivial privacy fears come true. And since then, Alec’s plan has taken another step.

The BBC reports about a new “Blair plan for ‘people’s panels’.” No, I didn’t make that up, Comrade. He really called them people’s panels, and the BBC tells us:

They will look at how retailers, such as supermarket giant Tesco, use loyalty cards to create databases of their clients and tailor-make services for them based on the information gathered.

That’s one of the three ‘major ideas’ they’re looking at. Apparently Parliament isn’t sufficiently obsequious any more.

Photo of urinals at the Las Vegas Hilton from

Chip, Pin and Tetris

chip-and-pin-tetris.jpgSaar Drimer and Steven Murdoch will be getting lumps of coal from the banking industry, and amused laughter from the rest of us:

It is important to remember, however, that even perfect tamper resistance only ensures that the terminal will no longer be able to communicate with the bank once opened. It does not prevent anyone from replacing most of the terminal’s hardware and presenting it to customers as legitimate, so freely collecting card details and PINs.

See “Chip & PIN terminal playing Tetris” at Light Blue Touchpaper, along with the video link.

Relentless Navel Gazing, Part 10

I’ve made explicit that that email addresses are optional when commenting.

I’ve added easy links to, Digg, Reddit, Furl, YahooMyWeb and NewsVine.



If you have a bookmark system you’d like me to add, let me know.

[Update: More navel gazing: added dates to post footers, and fixed underlining for links in the archives. As always, let me know what I broke.]

DHS says one thing, does another. Film at 11.

The Department of Homeland Security (DHS) Privacy Office conducted a review of the
Transportation Security Administration’s (TSA) collection and use of commercial data
during initial testing for the Secure Flight program that occurred in the fall 2004 through spring 2005. The Privacy Office review was undertaken following notice by the TSA
Privacy Officer of preliminary concerns raised by the Government Accountability Office
(GAO) that, contrary to published privacy notices and public statements, TSA may have
accessed and stored personally identifying data from commercial sources as part of its
efforts to fashion a passenger prescreening program.

Secure Flight Report (DHS)
Declan McCullough broke the story which led me to this document. He notes that:

The report, and a second one critiquing a government database called Matrix, was released on the last business day before Christmas, a tactic that federal agencies and publicly traded companies sometimes use to avoid drawing attention to critical findings.

Perhaps one way to prevent things like this would be to curtail the ability of private companies (the providers of the Secure Flight information) to collect and resell it in the first place without the express permission of those to whom it pertained. Probably a quaint, pre-9/11 notion, but let a guy dream on Christmas Eve, will you?

Radical Transparency and Society

In “Radical Transparency to improve resilience,” John Robb posts about Chris Anderson’s ‘radical transparency:’

Think about how these tactics can be applied to societal resilience:

  • Show who we are.
  • Show what we are working on.
  • “Process as Content.”
  • Privilege the crowd.
  • Let readers decide what is best (aka: wisdom of the crowd)
  • Wikify (this another way of saying: open the storehouse of background information) everything.

I think it’s a fascinating perspective on what frustrates so many of us about the Bush Administration. In their dragging us to torture prisoners, jail Americans without trial, secret laws and secret programs, they have implemented a program of radical transparency. What it shows about their souls is particularly unpleasant.

Related to ‘opening the storehouse,’ the New York Times reports that “U.S. to declassify secrets at age 25.” There’s fascinating commentary about how “The Bush administration could have said, ‘This is a Clinton thing,’ and abandoned it.” Nice way to look at laws. Process as content, indeed.

That wasn't so bad after all…

There’s an article in Wall Street and Technology, “When Risk Managers Cry Wolf.” It opens:

Avoiding “reputation risk” is a common justification for increasing security measures, protecting customers’ financial information and reporting security breaches in a timely manner. But now more than 18 months after the big ChoicePoint incident when 163,000 bogus accounts were created by ID thieves, the doom and gloom that financial services risk professionals have predicted has failed to come true.

So this means that the “reputation risk” card carries much less punch, now that consumers are content to have 97 million personal data records exposed since February 2005. Going forward, risk managers will need to rely more on the actual costs associated with data breaches, rather than play the reputation risk card.

Yep. These things don’t hurt nearly as much as some people were predicting. Can we move along, and start learning from them?