Bruce Schneier comments on “Apple’s Differential Privacy:” So while I applaud Apple for trying to improve privacy within its business models, I would like some more transparency and some more public scrutiny. Do we know enough about what’s being done? No, and my bet is that Apple doesn’t know precisely what they’ll ship, and aren’t […]
One of the most effective ways to improve your software is to use it early and often. This used to be called eating your own dogfood, which is far more evocative than the alternatives. The key is that you use the software you’re building. If it doesn’t taste good to you, it’s probably not customer-ready. […]
There’s a new study on what people would pay for privacy in apps. As reported by Techflash: A study by two University of Colorado Boulder economists, Scott Savage and Donald Waldman, found the average user would pay varying amounts for different kinds of privacy: $4.05 to conceal contact lists, $2.28 to keep their browser history […]
The program for the 2013 Privacy Enhancing Technologies Symposium is up, and there’s a lot of fascinating looking papers and talks. If you’re interested, registration is also open. PETS is one of my favorite conferences of the year.
The next Workshop on the Economics of Information Security will be held June 11-12 at Georgetown University, Washington, D.C. Many of the papers look fascinating, including “On the Viability of Using Liability to Incentivise Internet Security”, “A Behavioral Investigation of the FlipIt Game”, and “Are They Actually Any Different? Comparing 3,422 Financial Institutions’ Privacy Practices.” […]
It’s common to hear that Facebook use means that privacy is over, or no longer matters. I think that perception is deeply wrong. It’s based in the superficial notion that people making different or perhaps surprising privacy tradeoffs are never aware of what they’re doing, or that they have no regrets. Some recent stories that […]
It would not be surprising if an article like “Firefox Cookie-Block Is The First Step Toward A Better Tomorrow” was written by a privacy advocate. And it may well have been. But this privacy advocate is also a former chairman of the Internet Advertising Bureau. (For their current position, see “Randall Rothenberg’s Statement Opposing Mozilla’s […]
Facebook’s new Graph search is a fascinating product, and I want to use it. (In fact, I wanted to use it way back when I wrote about “Single Serving Friend” in 2005.) Facebook’s Graph Search will incent Facebook users to “dress” themselves in better meta-data, so as to be properly represented in all those new […]
It’s Data Privacy Day, and there may be a profusion of platitudes. But I think what we need on data privacy day are more tools to let people take control of their privacy. One way to do that is to check your privacy settings. Of course, the way settings are arranged changes over time, and […]
In my post on gun control and schools, I asserted that “I worry that reducing privacy around mental health care is going to deter people who need health care from getting it.” However, I didn’t offer up any evidence for that claim. So I’d like to follow up with some details from a report that […]
There’s a really interesting article by Toby Stevens at Computer Weekly, “Proof of age comes of age:” It’s therefore been fascinating to be part of a new initiative that seeks to address proof of age using a Privacy by Design approach to biometric technologies. Touch2id is an anonymous proof of age system that uses fingerprint […]
So as Facebook continues to trade at a little over half of their market capitalization of 3 months ago, I think we can learn a few very interesting things. My goal here is not to pick on Facebook, but rather to see what we can take away and perhaps apply elsewhere. I think there are […]
Every now and then, a headline helps us see the answer to the question “Will people ever pay for Privacy?” Quoth the Paper of record: The seclusion may be the biggest selling point of the estate belonging to Robert Hurst, a former executive at Goldman Sachs, which was just listed by Debbie Loeffler of the […]
I’ve observed a phenomenon in computer security: when you want something to be easy, it’s hard, and when you want the same thing to be hard, it’s easy. For example, hard drives fail at seemingly random, and it’s hard to recover data. When you want to destroy the data, it’s surprisingly hard. I call this […]
The Future of Privacy Forum (FPF) is an interesting mix of folks trying to help shape, well, the future of privacy. They have an interesting mix of academic and industry support, and a fair amount of influence. They’re inviting authors with an interest in privacy issues to submit papers to be considered for FPF’s third […]
The fine folks at Mozilla have announced that they’ll be hosting a BBQ in Dallas to thank all their supporters. And the cool thing about that BBQ is it’s gonna be vegan by default. You know, vegan. No animal products. It’s good for you. It’s the right default. They’ll have dead cow burgers, but you’ll […]
That’s my takeaway from a new study of 2,000 households by Consumer Reports: There are more than 150 million Americans using Facebook at this point, and that number is growing. … a new exhaustive study from Consumer Reports on social networking privacy found that 13 million American Facebook users have never touched their privacy settings. […]
So there’s a new startup in town, The Calyx Institute, which is raising money to create a privacy-protecting ISP and phone company. I think that’s cool, and have kicked in a little cash, and I wanted to offer up some perspective on the market for privacy, having tried to do this before. From 1999 until […]
On the off chance that you’ve been hiding under a rock, there’s been a stack of news stories about organizations (both private and governmental) demanding people’s Facebook passwords as part of the process of applying for jobs, with much associated hand-wringing. In “I hereby Resign“, Raganwald discusses the downside to employers of demanding to look […]
Ivan Szekely writes in email: A team of young researchers – my colleagues – at the Budapest University of Technology and Economics developed a cross-browser fingerprinting system in order to demonstrate the weaknesses of the most popular browsers. Taking Panopticlick’s idea as a starting point, they developed a new, browser-independent fingerprinting algorithm and started to […]
There were a couple of excellent posts about Google+ which I wanted to link in, but the post took a different path: “Google+ and The Trouble With Tribbles” The trouble with social is that it is social – with all the norms, behaviors and expectations that come with that. You cannot re-engineer that overnight (Facebook […]
One of the most common bits of feedback about my post “Google+ Failed Because of Real Names” is that Google+ is now a huge service, and that the word failed is an exaggeration, or a trick of the rhetorician. Some folks might advise me to stop digging a hole, put down the shovel and walk […]
It’s now been a few months since the launch of Google+, and it’s now fairly clear that it’s not a mortal threat to Facebook, or even Orkut. I think it’s worth thinking a bit about why Google+ isn’t doing better, despite its many advantages. Obviously, Google wants to link Google+ profiles to things in the […]
The firm’s annual Banking Identity Safety Scorecard looked at the consumer-security practices of 25 large banks and credit unions. It found that far too many still rely on customers’ Social Security numbers for authentication purposes — for instance, to verify a customer’s identity when he or she wants to speak to a bank representative over […]
@RobArnold tweeted: “Someone thinks targeted Facebook ads are an effective way to ask for Firefox features. Any other Mozillians see this?” The irony of using a targeted ad, on Facebook, to ask for more privacy protection…
There are semi-regular suggestions to allow people to copyright facts about themselves as a way to fix privacy problems. At Prawfsblog, Brooklyn Law School Associate Professor Derek Bambauer responds in “Copyright and your face.” Key quote: One proposal raised was to provide people with copyright in their faceprints or facial features. This idea has two […]
It turns out that it’s very hard to subscribe to many podcasts without talking to Podtrac.com servers. (Technical details in the full post, below.) So I took a look at their privacy statement: Podtrac provides free services to podcasters whereby Podtrac gathers data specific to individual podcasts (e.g. audience survey data, content ratings, measurement data, […]
Three stories, related by the telephone, and their impact on privacy: CNN reports that your cell phone is being tracked in malls: Starting on Black Friday and running through New Year’s Day, two U.S. malls — Promenade Temecula in southern California and Short Pump Town Center in Richmond, Va. — will track guests’ movements by […]
But in the last year and a half, at least 50 diners at restaurants like the Capital Grille, Smith & Wollensky, JoJo and Wolfgang’s Steakhouse ended up paying for more than just a fine piece of meat. Their card information — and, in effect, their identities [sic] — had been stolen by waiters in a […]
In the Atlantic Wire, Uri Friedman writes “Did the CIA Do Enough to Protect Bin Laden’s Hunter?” The angle Friedman chose quickly turns to outrage that John Young of Cryptome, paying close attention, was able to figure out from public statements made by the CIA, what the fellow looks like. After you’re done being outraged, […]
So MySpace sold for $35 million, which is nice for a startup, and pretty poor for a company on which Rupert Murdoch spent a billion dollars. I think this is the way of centralized social network software. The best of them learn from their predecessors, but inevitably end up overcrowded. Social spaces change. You don’t […]
First, for those who might have missed it, Google has released Google Refine, a free tool for cleaning dirty data sets. It allows you to pull in disparate data, then organize and clean it for consistency. Next, some interesting thoughts on how “anonymized” data sets aren’t, and some thoughts on the implications of this from […]
According to Groklaw, Microsoft is backing laws that forbid the use of Windows outside of the US. Groklaw doesn’t say that directly. Actually, they pose charmingly with the back of the hand to the forehead, bending backwards dramatically and asking, “ Why Is Microsoft Seeking New State Laws That Allow it to Sue Competitors For […]
Act: Get this 2-page Passenger’s Rights Sheet: http://saizai.com/tsa_rights.pdf Outrage: “Gaping Holes in Airline Security: Loaded Gun Slips Past TSA Screeners” (Matthew Mosk, Angela Hill and Timothy Fleming, ABC News) “TSA + Police + JetBlue Conspire Against Peaceful Individual at JFK” (George Donnelly, WeWontFly.org) “TSA Lies Again Over Capture, Storage Of Body Scanner Images” (Steve Watson, […]
Intrusiveness and outrage: “Homeland Security Is Also Monitoring Your Tweets” “‘Baywatch’ Beauty Feels Overexposed After TSA Scan” (David Moye, AOLnews) “the agent responded, ‘Because you caught my eye, and they’ — pointing to the other passengers — ‘didn’t.’” “POLICE STATE – TSA, Homeland Security & Tampa Police Set Up Nazi Checkpoints At Bus Stations ” […]
Outrage “Adam Savage: TSA saw my junk, missed 12″ razor blades” (Ben Kuchera, Ars Technica with video) “DHS & TSA: Making a list, checking it twice” (Doug Hadmann, Canada Free Press) claims that DHS has an internal memo calling those 59% of Americans who oppose pat downs “domestic extremists.” No copies of the memo have […]
A senior officer said they had found examples of young women who had declared themselves exempt posting photographs of themselves on Facebook in immodest clothing, or eating in non-kosher restaurants. Others were caught by responding to party invitations on Friday nights – the Jewish Sabbath. (“Israeli army uses Facebook to expose draft dodgers,” Wyre Davies, […]
Analysis: “‘Strip-or-Grope’ vs. Risk Management” Jim Harper, Cato@Liberty blog. Really solid thinking, although I usually don’t like asset-centric approaches, I think that for the physical world they make more sense than they do in software threat modeling. TSA more likely to kill you than a terrorist. thread at Flyertalk (thanks Doug!) “Has Airport Security Gone […]
Outrage: Transcript: Senate hearing on TSA, full-body scanners (yesterday, not one Senator cared.) Today’s hearing: http://www.c-span.org/Watch/C-SPAN3.aspx TSA Success Story (You can win in line.) If someone had done that to me at a nightclub I’d call the cops. Violated Traveling with scars Search this one for “pump” to learn about a diabetic’s experience. What would […]
There’s no news roundup today, the stories are flying, unlike people, who are sick and tired of the indignities, the nudeatrons and the groping. If you want to see them, you can follow me on twitter or National Opt Out day Tomorrow, there’s a Transportation Security Administration Oversight Hearing whose only witness is TSA Administrator […]
“‘Naked’ scanners at U.S. airports may be dangerous: scientists” (National Post) The head of the X-ray lab at Johns Hopkins says “statistically, someone is going to get skin cancer from these X-rays.” “DHS chief tells pilot, tourism reps scans and patdowns will continue ” (Infowars.com) includes link to a CNN story “Growing backlash against TSA […]
Earlier this week, the White House responded to the UC San Francisco faculty letter on nudatrons. (We mentioned that here.) National Academy of Sciences member John Sedat says “many misconceptions, and we will write a careful answer pointing out their errors.” TSA has claimed that pictures will have blurred genital areas to “protect privacy.” Except […]
Facebook Changes Photo Memories to No Longer Show Your Ex-Boyfriends or Ex-Girlfriends: In response to numerous complaints, Facebook has changed its Photo Memories sidebar module to no longer display friends who a user was formally listed as in a relationship with. [Sic] But it’s not just about selective remembering because “Your Memories Will Be Rewritten.” […]
First, a quick news roundup: EPIC is suing DHS for improper rulemaking, violations of the fouth ammendment, the privacy act, the religious freedom restoration act, and the video voyerism prevention act. The ACLU has a news roundup and a form to report on TSA behavior. The Airline Pilots Association advises pilots to show resistance. So […]
Very entertaining video: I love it because curtains are privacy people will pay for, but even more, because, ironically for a privacy-enhancing technology, it generates more attention than not using it.
October 18th’s bad news for the TSA includes a pilot declining the choice between aggressive frisking and a nudatron. He blogs about it in “Well, today was the day:” On the other side I was stopped by another agent and informed that because I had “opted out” of AIT screening, I would have to go […]
In the general case, you are not anonymous on the interweb, but economically-anonymous, which I propose to label “enonymous”, and that’s not the same thing at all. If you threaten to kill the President, you will be tracked down, and the state will spend the money it takes on it. But if you call Lily […]
In the past, I’ve been opposed to calling impersonation frauds “identity theft.” I’ve wondered why the term impersonation isn’t good enough. As anyone who’s read the ID Theft Resource Center’s ‘ID Theft Aftermath’ reports (2009 report) knows that a lot of the problem with longterm impersonation problems is the psychological impact of disassociation from your […]
(San Diego, CA) Since the 1980?s, children in the US have been issued Social Security numbers (SSN) at birth. However, by law, they cannot be offered credit until they reach the age of 18. A child?s SSN is therefore dormant for credit purposes for 18 years. Opportunists have found novel ways to abuse these “dormant” […]
Interesting interactive data app from the Wall Street Journal about your privacy online and what various websites track/know about you. http://blogs.wsj.com/wtk/ Full disclosure, our site uses Mint for traffic analytics.
Frank Pasquale follows a Joe Nocera article on credit scores with a great roundup of issues that the credit system imposes on American citizens, including arbitrariness, discriminatory effects and self-fulfilling prophecies. His article is worth a look even if you think you understand credit scores. I’d like to add one more danger of credit scores: […]
Over the last week, there’s been a set of entertaining stories around Blizzard’s World of Warcraft games and forums. First, “World of Warcraft maker to end anonymous forum logins,” in a bid to make the forums less vitriolic: Mr Brand said that one Blizzard employee posted his real name on the forums, saying that there […]
[The ACLU has a new] report, Policing Free Speech: Police Surveillance and Obstruction of First Amendment-Protected Activity (.pdf), surveys news accounts and studies of questionable snooping and arrests in 33 states and the District of Columbia over the past decade. The survey provides an outline of, and links to, dozens of examples of Cold War-era […]
It’s hard not to be impressed by an ad like this.
So the news is all over the web about Apple changing their privacy policy. For example, Consumerist says “Apple Knows Where Your Phone Is And Is Telling People:” Apple updated its privacy policy today, with an important, and dare we say creepy new paragraph about location information. If you agree to the changes, (which you […]
Well, Amazon has a new update for Kindle (with folders! OMG!), and I’m planning to apply it. However, last time I installed an update, I noticed that it lost the “wireless off” setting, and was apparently contacting Amazon. I don’t want it to do so, and leave wireless off. It’s safer that way, whatever promises […]
Some worthwhile reads on Facebook and privacy: Facebook’s Privacy Reboot: Is That all You’ve Got for Us? “The devil is in the defaults” Entire Facebook Staff Laughs As Man Tightens Privacy Settings
Waitress Is Fired for Her Complaint on Facebook: Lesson Learned for Employers?. From [German Consumer Protection] Minister Aigner to Mark Zuckerberg: the importance of privacy Farewell, Facebook “Why one super-connected internet enthusiast decided it was time to pull the plug” 5 WTFs: I quit Facebook Today Quit Facebook Day versus 10 Reasons You’ll Never Quit […]
The last week and a bit has been bad to Facebook. It’s hard to recall what it was that triggered the avalanche of stories. Maybe it was the flower diagram we mentioned. Maybe it was the New York Times interactive graphic of just how complex it is to set privacy settings on Facebook: Maybe it […]
Let me tell you how it will be There’s one for you, nineteen for me Chorus: If privacy appear too small Be grateful I don’t take it all Thanks to Jim Harper for the link.
Adam Harvey is investigating responses to the growing ubiquity of surveillance cameras with facial recognition capabilities. He writes: My thesis at ITP, is to research and develop privacy enhancing counter technology. The aim of my thesis is not to aid criminals, but since artists sometimes look like criminals and vice versa, it is important to […]
There’s a bunch of folks out there who are advocating for publishing all SSNs, and so wanted to point out (courtesy of Michael Froomkin’s new article on Government Data Breaches ) that it would be illegal to do so. 42 USC § 405(c)(2)(C)(viii) reads: (viii)(I) Social security account numbers and related records that are obtained […]
Where there’s smoke, there’s fire, goes the adage. And in the case of an allegedly-theoretical exploit outlined in a new paper by Chris Soghoian and Sid Stamm (the compelled certificate creation attack), the presence of a product whose only use it to exploit it probably indicates that there’s more going on than one would like […]
The Guardian has reported the first official incident of misuse of full-body scanner information The police have issued a warning for harassment against an airport worker after he allegedly took a photo of a female colleague as she went through a full-body scanner at Heathrow airport. The incident, which occurred at terminal 5 on 10 […]
Today is Ada Lovelace Day, an international day of blogging to celebrate the achievements of women in technology and science. For Lady Ada Day, I wanted to call out the inspiring work of Aleecia McDonald. In a privacy world full of platonic talk of the value of notice and consent, Aleecia did something very simple: […]
Via a tweet from @WeldPond, I was led to a Daily Mail article which discusses allegations that Facebook founder Mark Zuckerberg “hacked into the accounts of [Harvard] Crimson staff”. Now, I have no idea what happened or didn’t, and I will never have a FB account thanks to my concerns about their approach to privacy, […]
In “U-Prove Minimal Disclosure availability,” Kim Cameron says: This blog is about technology issues, problems, plans for the future, speculative possibilities, long term ideas – all things that should make any self-respecting product marketer with concrete goals and metrics run for the hills! But today, just for once, I’m going to pick up an actual […]
That’s the key message of Ethan Zuckerman’s post “Internet Freedom: Beyond Circumvention.” I’ll repeat it: “We can’t circumvent our way around internet censorship.” It’s a long, complex post, and very much worth reading. It starts from the economics of running an ISP that can provide circumvention to all of China, goes to the side effects […]
Or, Security and Privacy are Complimentary, Part MCVII: Later, I met one executive who told me that at the same time of my incident at another restaurant owned by the corporation, a server was using stolen credit card numbers by wearing a small camera on him. He would always check ID’s and would quickly flash […]
The language of Facebook’s iPhone app is fascinating: If you enable this feature, all contacts from your device will be sent to Facebook…Please make sure your friends are comfortable with any use you make of their information. So first off, I don’t consent to you using that feature and providing my mobile phone number to […]
There’s a huge profusion of dating sites out there. From those focused on casual encounters to christian marriage, there’s a site for that. So from a product management and privacy perspectives I found this article very thought provoking: Bookioo does not give men any way to learn about or contact the female members of the […]
Privacy and security often complement each other in ways that are hard to notice. It’s much easier to present privacy and security as “in tension” or as a dependency. In this occasional series, we present ways in which they compliment each other. In this issue, the Financial Times reports that “Hackers target friends of Google […]
Orr Dunkelman, Nathan Keller, and Adi Shamir have released a paper showing that they’ve broken KASUMI, the cipher used in encrypting 3G GSM communications. KASUMI is also known as A5/3, which is confusing because it’s only been a week since breaks on A5/1, a completely different cipher, were publicized. So if you’re wondering if this […]
Secretly stolen from Joy of Tech.
There’s a fascinating article in the NYTimes magazine, “Who Knew I Was Not the Father?” It’s all the impact of cheap paternity testing on conceptions of fatherhood. Men now have a cheap and easy way to discovering that children they thought were theirs really carry someone else’s genes. This raises the question, what is fatherhood? […]
Following the No Child Left Behind mandate to improve school quality, there has been a growing trend among state departments of education to establish statewide longitudinal databases of personally identifiable information for all K-12 children within a state in order to track progress and change over time. This trend is accompanied by a movement to […]
Bob Blakley has a very thought provoking piece, “Gartner Gets Privacy Dead Wrong.” I really, really like a lot of what he has to say about the technical frame versus the social frame. It’s a very useful perspective, and I went back and forth for a while with titles for my post (The runner up […]
In a lawsuit filed Sept. 28 in Los Angeles Superior Court, Amber Duick claims she had difficulty eating, sleeping and going to work during March and April of last year after she received e-mails for five days from a fictitious man called Sebastian Bowler, from England, who said he was on the run from the […]
With the kind help of our awesome readership, Amazon and Glazer’s, I’ve acquired a camera, some books, a tripod, a prime 50mm, a flash diffuser, a polarizing filter, a graduated neutral filter, and some other random photography toys tools. You might question this, but I can quit anytime. Really! I even offered to loan my […]
Jennifer Granick reports that in Massachusetts, Cops Can’t Convert Car Into Tracking Device Without Court’s OK. Connolly decided that the installation of the GPS device was a seizure of the suspect’s vehicle. “When an electronic surveillance device is installed in a motor vehicle, be it a beeper, radio transmitter, or GPS device, the government’s control […]
So I’m sitting on the plane home from* Seattle, and I had a really interesting conversation on race with the woman next to me. We were talking, and she asked me, why is it so hard to have conversations like this. I thought that the answer we came to was interesting, and insofar as it […]
Ten years ago, I left Boston to go work at an exciting startup called Zero-Knowledge Systems. Zero-Knowledge was all about putting the consumer in control of their privacy. Even looking back, I have no regrets. I’m proud of what I was working towards during the internet bubble, and I know a lot of people who […]
Quarter of a million Welsh profiles added to DNA database since 2000. [I forget who linked to this one.] CCTV in the spotlight: one crime solved for every 1,000 cameras [Via the security metrics mailing list.]
So I’m having a conversation with a friend about caller ID blocking. And it occurs to me that my old phone with AT&T, before Cingular bought them, had this nifty feature, “show my caller-ID to people in my phone book.” Unfortunately, my current phone doesn’t have that, because Steve Jobs has declared that “Apple’s goal […]
So I was thinking about the question of the value of privacy, and it occurred to me that there may be an interesting natural experiment we can observe, and that is national security clearances in the US. For this post, I’ll assume that security clearances work for their primary purpose, which is to keep foreign […]
Quick follow up to Adam’s Monday post New on SSRN. Rob Westervelt over at SearchSecurity.com tells us about a social network privacy study finds identity link to cookies. Turns out that passing unique identifiers in referring URLs isn’t such a smart idea after all. Color me shocked. The full paper is linked to from Rob’s […]
There’s new papers by two law professors whose work I enjoy. I haven’t finished the first or started the second, but I figured I’d post pointers, so you’ll have something to read as we here at the Combo improvise around Cage’s 2:33. Paul Ohm has written “Broken Promises of Privacy: Responding to the Surprising Failure […]
One of the best ways to upset someone who cares about privacy is to trot out the “nothing to hide, nothing to worry about” line. It upsets me on two levels. First because it’s so very wrong, and second, because it’s hard to refute in a short quip. I think what I like most about […]
Dennis Fisher talks with Microsoft’s Adam Shostack about the Privacy Enhancing Technologies Symposium, the definition of privacy in today’s world and the role of technology in helping to enhance and protect that privacy. As always, a fun conversation with Dennis Fisher. Ran longer than I think either of us expected at 41:15. And speaking of […]
Demonstrating that no one’s data is safe, the names, pay records, and other personal information of 90,000 English soldiers was placed on the Internet. These soldiers, who served with king Henry V at Agincourt now have their information listed at www.medievalsoldier.org, exposing them to the chance of identity theft after nearly 500 years. They soldiers […]
In case you haven’t heard about it, there is a brouhaha about Amazon un-selling copies of two Orwell books, 1984 and Animal Farm. There has been much hand-wringing, particularly since it’s deliciously amusing that that it’s Orwell. The root cause of the issue is that the version of the Orwell novels available on the Kindle […]
Well, by now it’s all over the blogo/twitter spheres, and everything that might be said has already been said about Eric Blair, a publisher and Amazon: This morning, hundreds of Amazon Kindle owners awoke to discover that books by a certain famous author had mysteriously disappeared from their e-book readers. These were books that they […]
So Clear’s Verified Line Jumper service has shut down. Aviation Week has a blog post, “ Clear Shuts Down Registered Traveler Lanes.” Clear collected a lot of data: The information that TSA requires us to request is full legal name, other names used, Social Security number (optional), citizenship, Alien Registration Number (if applicable), current home […]
As I’ve said before, all non-trivial privacy warnings are mocked and then come true. Sixty years ago today, George Orwell published 1984. He unfortunately failed to include a note that the book was intended as a warning, not a manual. Today, in England, there are an unknown number of surveillance cameras, including many around Orwell’s […]
In an important sense, privacy is a modern invention. Medieval people had no concept of privacy. They also had no actual privacy. Nobody was ever alone. No ordinary person had private space. Houses were tiny and crowded. Everyone was embedded in a face-to-face community. Privacy, as idea and reality, is the creation of a modern […]
aka it’s not nearly as funny when you are the subject of the probe. At a recent conference Justice Scalia said “”Every single datum about my life is private? That’s silly,” Well, a professor at Fordham University decided to take Mr Scalia at his word, and had one of his classes collect a dossier on […]
So while Statebook is a pretty entertaining demo, “Database State” is a disturbing look at how real the underlying data collection is in the U.K. Via Boingboing.
The Get FISA Right group is publicizing our need to re-think the laws. They have discussion going on on their site, as well as on The Daily Kos. I recommend catching up there, or reading Adam’s recent post here. I have to ask what was wrong with the old FISA? It wasn’t a bad system, […]
Jim Burrows is working to kick off a conversation about what good reform of US telecom law would be. He kicks it off with “What does it mean to “get FISA right”?” and also here. To “get it right”, let me suggest that we need: One law that covers all spying Require warrants when the […]
A few years back, I gave a talk titled “Will People Ever Pay for Privacy.” As they say, a picture is worth a thousand words: Tiger Woods’s Boat, Privacy, Attracts Plenty of Onlookers. Photo: Tiger Woods’ Yacht, TheLastMinute.
Robert Scoble, discussing Facebook founder Mark Zuckerberg: He also said that his system looks for “outlying” behavior. He said if you behave like an average user you should never trigger the algorithms that will get you kicked off. Let’s be specific here: if you behave like the system’s Harvard undergraduate founders and primarily-male engineering staff […]
Law Prof Dan Solove took the A-Rod question I posted, and blogged much more in depth in A-Rod, Rihanna, and Confidentiality: Shostack suggests that A-Rod might have an action for breach of contract. He might also have an action for the breach of confidentiality tort. Professor Neil Richards and I have written extensively about breach […]
Peter Fleischer is Google’s chief privacy counsel. I met Peter once at a IAPP event, and spoke pretty briefly. We have a lot of friends and colleagues in common. He’s now threatened with three years of jail in Italy. Google took under 24 hours to remove a video which invaded the privacy of someone with […]
In 2003 the deal was simple: The players would submit to anonymous steroid testing, and if more than 5 percent tested positive, real testing with real penalties would begin in 2004. But in 2003, the tests were going to be (A) anonymous and then (B) destroyed. Those were the rules of engagement, and in any […]
First, the Economist, “Everybody Does It:” WHY is a beer better than a woman? Because a beer won’t complain if you buy a second beer. Oops. There go your correspondent’s chances of working for Barack Obama, America’s president-elect. (Ironically, the Economist’s articles are all anonymous.) Second, Fraser Speirs, “On the Flickr support in iPhoto ‘09:” […]
Lernert Engelberts and Sander Plug have taken the AOL search data which AOL released “anonymously,” and made a movie with the searchs of user #711391. I Love Alaska, via Guerrilla Innovation. Worth checking out, but be warned, it’s a little on the languid side, using pacing and the voice to build the story. Also, note […]
(h/t to Concurring Opinions) The Daily Show With Jon StewartM – Th 11p / 10c Bill O’Reilly’s Right to Privacy Daily Show Full EpisodesImportant Things With Demetri Martin Funny Political NewsJoke of the Day
The 9th Privacy Enhancing Technologies Symposium will be in Seattle August 5-7. Papers are due March 2nd. The call for papers is here.
(Or, the presentation of self in everyday donations) So I’ve had a series of fairly political posts about election finance, and in one of them, I said “I’d prefer that the rules avoidance be minimized, and I think transparency is the most promising approach there.” Well, in the interests of transparency, I need to comment […]
Speaking of how you’re presented and perceived…”How to request your travel records,” by Ed Hasbrouck. By popular demand, I’m posting updated forms to request your PNR’s and other records of your international travel that are being kept by the U.S. Customs and Border Protection (CBP) division of the Department of Homeland Security (DHS)… If you […]
There’s an interesting (and long!) “Final Report of the Internet Safety Technical Task Force to the Multi-State Working Group on Social Networking of State Attorneys General of the United States.” Michael Froomkin summarizes the summary.” Adam Thierer was a member of the task force, and has extensive commentary on the primary online safety issue today […]
(I’d meant to post this in June. Oops! Chaos reigns!) Peter Swire and Cassandra Butts have a fascinating new article, “The ID Divide.” It contains a tremendous amount of interesting information that I wasn’t aware of, about how infused with non-driving purposes the drivers license is. I mean, I know that the ID infrastructure, is, […]
First, the European Court of Human Rights has ruled that the UK’s “DNA database ‘breach of rights’:” The judges ruled the retention of the men’s DNA “failed to strike a fair balance between the competing public and private interests,” and that the UK government “had overstepped any acceptable margin of appreciation in this regard”. The […]
There have been a couple of interesting stories over the last week that I wanted to link together. Verizon Employees Snoop on Obama’s Cellphone Records (followed shortly by “Verizon fires workers over Obama cell phone records breach“) and “4 more Ohio officials punished in ‘Joe’ data search.” There’s a couple of things happening here. The […]
A Wide Diversity of Consumer Attitudes about Online Privacy shows this picture of Flickr users setting privacy preferences: green is public (default) and red is private. I hope Flickr shares some of the underlying data. I don’t know what anyone would do with it, and there’s two ways to find out. One is to talk, […]
And the reason it doesn’t work is that just because you’re allowed to own something doesn’t mean you’re allowed to export it. The use, ownership, production, etc. of crypto was never restricted, only its export. In an Intenet-enabled world, export control brings lots of hair with it, which is why it was important to fight […]
Adam and I have discussed Debix several times in the past, so it will come as no surprise, that I am again posting about them. Debix now has a blog, which will be covering issues around identity theft, breaches and privacy. Debix also released a new research study examining child identity theft. The most recent […]
In reading Arthur’s post on “Canadian PM FAIL,” I was thinking of the odds that this would be investigated and dealt with under Canadian privacy law. Now, I’m not an expert on that, but my recollection is that the main private sector law, PIPED complements a Federal Privacy Act which would likely be the relevant […]
Metal plates send messages to airport x-ray screeners. I want one with the 4th amendment on it.
[Update: Michael Zimmer points out that it wasn’t Facebook, but outside researchers who released the data.] I wanted to comment quickly on an interesting post by Michael Zimmer, “ On the “Anonymity” of the Facebook Dataset.” He discusses how A group of researchers have released a dataset of Facebook profile information from a group of […]
According to The New York Times in, “Surveillance of Skype Messages Found in China,” the Chinese provider TOM has software in place that reads Skype text messages, and blocks ones that use naughty words and terms, like “Falun Gong,” “Independent Taiwan,” and so on. A group of security people and human rights workers not only […]
If you are the sort of person who looks at odd legal rulings and opinions, you may remember that a few years ago the US DOJ issued an opinion that stored emails are not protected under the Stored Communications Act. The DOJ reasoning is that when you leave read email on your server, it’s not […]
Over at the Burton Identity and Privacy Strategies blog, there’s a post from Ian Glazer, “Trip report from the Privacy Symposium,” in which he repeats claims from Jeff Rosen: I got to hear Jeffery Rosen share his thoughts on potential privacy “Chernobyls,” events and trends that will fundamentally alter our privacy in the next 3 […]
Wonderful graffiti art by Mau Mau at the Cans Festival II. Photo taken by Alan Bee.
Dan Solove sent me a review copy of his new book, “Understanding Privacy.” If you work in privacy or data protection either from a technology or policy perspective, you need to read this book and understand Solove’s approach. That’s not to say it’s perfect or complete, but I think it’s an important intellectual step forward, […]
Congratulations to Arvind Narayanan and Vitaly Shmatikov! Their paper, “Robust De-Anonymization of Large Sparse Datasets,” has been awarded the 2008 Award for Outstanding Research in Privacy Enhancing Technologies. My employer has a press release which explains how they re-identified data which had been stripped of identifiers in the Netflix dataset. In their acceptance remarks, they […]
Transport for London is trying to get as many people as possible to use Oyster Cards. They are cheaper — and theoretically easier to use — than traditional tube / bus tickets. However, using one means that TfL has a record of your journeys on the transport system, which is something that not everybody is […]
All around cool guy, and former provost of the University of Chicago, Geoffrey Stone (the Edward H. Levi Distinguished Service Professor at the University of Chicago Law School), posted earlier this week proposed that “The next president should create a brand new position, which should become a permanent part of the Executive Branch in the […]
Slyck News has a story, “SSL Encrpytion Coming to The Pirate Bay” a good summary of which is in the headline. However, may not help, and may hurt. Slyck says: The level of protection offered likely varies on the individual’s geographical location. Since The Pirate Bay isn’t actually situated in Sweden, a user in the […]
Kim Zetter on Threat Level has written about Larry Lessig’s comments about Judge Alex Kozinski’s problems with having files on a personal server made public. Zetter has asked to hear people’s opinions about the issue. I thought I’d just blog about mine. Basically, I agree with Lessig. The major place that I disagree with Lessig […]
One of the curious features of Quantum Cryptographers is the way they harumph at mathematics. “Don’t trust that math stuff, you should trust physics.” It’s easy to sneer at this attitude because physics has traditionally gotten its cred because of its foundations in math. Physicists are just mathematicians who don’t squick at canceling dxes. Quantum […]
The Telegraph reports in “Hats banned from Yorkshire pubs over CCTV fears” that Pubs in Yorkshire have been ordered to ban people from wearing flat caps or other hats so troublemakers can be more easily recognised. And in other news this weekend, MPs have stamped their little feet insisting that Britain is not a surveillance […]
You may have seen this article from the India Times, “Govt may get keys to your BlackBerry mailbox soon.” Many people have been commenting on it, and the hand-wringing should build up to a good storm in a few days. The gist of the article is that the Indian Government has told RIM that if […]
The “I’ve Been Mugged” blog has a great three part series on outsourcing by credit bureaus: “Is It Wise For Credit Bureaus To Outsource To Foreign Call Center Firms? (Part 1),” “part 2” and “part 3.” He digs deep into how extensively TransUnion outsources, and where. I went looking, and was surprised to see that […]
Use of CCTV images for court evidence has so far been very poor, according to Detective Chief Inspector Mick Neville, the officer in charge of the Metropolitan police unit. “CCTV was originally seen as a preventative measure,” Neville told the Security Document World Conference in London. “Billions of pounds has been spent on kit, but […]
Various estimates have been made regarding the quantity of personal identifying information which has been exposed by various mechanisms. Obviously, though, we only know about what we can see, so seeing more would make such estimates better. One way to see more would be to look in more places, for example on peer-to-peer file sharing […]
How much do you make? How surprised would you be to learn that your magic number had been posted on the Internet by the government? And that it was not by mistake, as in other recent breaches of privacy. How Much Do You Make? The Nation Already Knows. The data has already been removed from […]
The idea of “watchlists” has proliferated as part of the War on Terror. There are now more than 63 of them: As part of its regular “risk management” service, which provides screening, tracing, and identity and background checks on potential clients or trading partners, MicroBilt will now offer a “watch list” service that checks these […]
Banksy has done a wonderful service. The well-known artist has given us delightful commentary on surveillance. Better than that, he did it in a site above a Post Office yard in London (Newman Street, near Oxford Circus), behind a security fence and under surveillance by CCTV. His team erected three stories of scaffolding on Saturday, […]
Lauren Gelman writes: I’m breaking blog silence to report on an amazing decision out of the DC Circuit holding that the federal Privacy Act’s requirement that Plaintiffs show actual damages does not require pecuniary harm but can be met by a showing of emotional distress. Am. Fed’n of Gov’t Employees v. Hawley, D.D.C., No. 07-00855, […]
At the International Association of Privacy Professionals meeting last week, I had the pleasure of meeting Wendy Richmond. Richmond is intrigued with the ways in which we share our public space. Some of us create invisible buffer zones for quiet reverie; others enhance or negate reverie through portable technology like iPods, cell phones and laptops. […]
The Washington Post reports: The State Department said last night that it had fired two contract employees and disciplined a third for accessing Sen. Barack Obama’s passport file. Obama’s presidential campaign immediately called for a “complete investigation.” State Department spokesman Tom Casey said the employees had individually looked into Obama’s passport file on Jan. 9, […]
The New York Times had a story, “Tax Inquiry? Principality Is Offended:” After weathering days of criticism from Germany over a spectacular tax evasion case, Liechtenstein — sometimes seen as the inspiration for the satirical novel from the 1950s about a tiny Alpine principality that declared war on the United States — is digging in […]
I was dismayed to learn that footage of Spitzer’s (alleged) rent-a-babe “Kristin” performing in a class play while in elementary school has been featured at various web sites — among them serious sites that should know better. One could argue that this woman made her bed, and now she can lie in it (puns intended). […]
Eliot Spitzer made a name for himself attacking banks. Setting aside the legitimacy of those attacks, I find it shocking that he didn’t realize how much banks know about each one of us. It’s doubly shocking that he didn’t expect revenge. The New York Times claimed that the “Revelations Began in [a] Routine Tax Inquiry.” […]
I am tremendously pleased to say that Microsoft has closed an acquisition of Credentica‘s U-Prove technology. This technology adds a new and important set of choices in how we as a society deal with identity and properties of people. Kim Cameron has the official announcement, “Microsoft to adopt Stefan Brands’ Technology” and Stefan Brands has […]
Dan Solove has an interesting article up, “Coming Back from the Dead.” It’s about people who are marked dead by the Social Security Administration and the living hell their lives become: Dan starts with quotes from the WSMV News story, “Government Still Declares Living Woman Dead” According to government paperwork, Laura Todd has been dead […]
Last week, Siva Vaidhyanathan, of Sivacracy, released a new column in the Chronicle of Higher Education, Naked in the ‘Nonopticon’ has some refreshing thoughts on privacy and surveillance that I wish more of us on the security side understood better. His main themes are (in his own words): 1) Anyone who claims “young people don’t […]
The Economist emails: Our second series of three debates kicks off today and the first proposition raises important questions about civil rights and the trade-off between Privacy vs. Security. As a blogger and member of the community that The Economist aims to serve with this lively debate, we wanted to extend an invitation to you […]
On December 19th, Denebola, the student run newspaper of Newton South High School, broke the news that video cameras had been secretly installed in their school. Not only were students and parents not notified of the cameras but apparently neither were any of the teachers. From the student article: According to Salzer, only he, Superintendent […]
A surgeon who allegedly took a photo of a patient’s penis during an operation at a US hospital is no longer working there, it has been announced. Dr Adam Hansen, of Arizona’s Mayo Clinic Hospital, is accused of taking the snap while conducting gallbladder surgery earlier in December. (BBC, “US ‘penis photo doctor’ loses job.”) […]
There’s a bunch of press around Ask.com’s marketing of their new privacy service. I applaud them for thinking about this, and for drawing attention to the issue of search privacy. The New York Times had a story, “Ask.com Puts a Bet on Privacy” and now Slashdot jumps in with “Will Privacy Sell?” This is the […]
Life is about to get a lot more complicated for companies that do business in California. I completely missed this getting signed back in October, but on 10/14, the Governator signed AB1298 which updates CA1386 to mandate that medical and health insurance policy information also are to be treated as PII. To say that this […]
The Telegraph is concerned that The most senior British intelligence official, appointed yesterday to oversee MI5, MI6 and GCHQ, has a website revealing his home address, phone numbers and private photographs of himself, family and friends. www.telegraph.co.uk The upshot seems to be that the gent in question, Alex Allan, lacks the circumspection one would demand […]
Privacy in the EU has been hugely in the news in the last week. Check these out: European Union justice ministers Friday agreed on a minimum set of rules protecting the cross-border exchange of personal data by law-enforcement agencies in the 27 member states. There’s were lots of other proposals discussed, including ones that mimic […]
The “gPhone” was announced today. I put gPhone in quotes, because there was no actual phone announcement. What was announced was the “Open Handset Alliance” and their toolkit, Android. They are “…committed to commercially deploy handsets and services using the Android Platform in the second half of 2008.” and “An early look at the Android […]
I asked Bob Blakley and Mike Neuenschwander some questions about Limited Liability Personae. Rather than focusing on the implementation, I wanted to talk about the high level purposes, as well as concerns that most people have with the idea of a persona. Whenever I discuss personae, there are issues that frequently come up, for example: […]
There’s a story in InformationWeek about the latest TSA privacy violation, “TSA Promises Privacy For Subjects Of Clothing-Penetrating Scans:” “We are committed to testing technologies that improve security while protecting passenger privacy,” said TSA administrator Kip Hawley in a statement. “Privacy is ensured through the anonymity of the image: It will never be stored, transmitted, […]
You can find out, by making a request under the privacy act. “Read Your Own DHS Travel Dossier.” Good commentary and context at Threat Level, “Howto: Check Your Homeland Security Travel File.”
…airport police Sgt. Dave Karsnia, who was investigating allegations of sexual conduct in airport restrooms, went into a stall shortly after noon on June 11 and closed the door. Minutes later, the officer said he saw Craig gazing into his stall through the crack between the door and the frame. After a man in the […]
In light of well-publicized failures to maintain appropriate controls by the ‘final four’ audit firms, giving data to auditors without a clear and compelling business purpose is a bad idea. It’s such a bad idea, even an auto body shop objects: Auto body repair shops in British Columbia are complaining to the province’s privacy commissioner […]
So with the small, literal men at the New York Times poking through the veil of anonymity that allowed Fake Steve to produce the best blog since “The Darth Side,” we have a serious threat to the stability of the republic, which is the false hope that by assigning people names, we can control them. […]
There’s a fascinating little sidebar article in the Economist (4 August 2007), “Misconceived:” Now that anonymity is no longer possible, there has been a huge decline in the number willing to donate. So more patients travel for treatment to countries where anonymity is still legal. If this new proposal is implemented, it may give such […]
I’ve been too busy with travel to Blackhat, WOOT and Metricon to really cover the new wiretap law, or the very encouraging results of de-certifying electronic voting machines. I hope to be less buried soon. In the meanwhile, Photo is “Dan Perjovschi´s installation at the Moma, NYC” by Tibau1.
The assessment of the Federal Criminal Police Office (BKA) according to which biometric visual-image search systems are not advanced enough to be used by the police to search for persons has led to mixed reactions. The Federal Criminal Police Office presented the fairly sobering research results of its visual-image search systems project on Wednesday in […]
For the last several years, Microsoft has worked with the Privacy Enhancing Technologies community to support a prize for the best work done in the field. I’ve been involved as a member of the selection committee, but when I joined Microsoft, stepped away from that. It’s important to us that the prize is independent. This […]
I currently love my mortgage company. Those that know me in real life, know that I recently bought a house. Yesterday, I received a privacy notice in the mail from them. I figured it was the standard template that everyone uses saying that if I didn’t want my information shared, I should call them up/email […]
At Law.com, “Hospitals Fear Privacy Claims Over Medical Records:” The Health Insurance Portability and Accountability Act is raising new legal fears for health care providers in light of tougher government enforcement and recent court rulings that could trigger private lawsuits. Labor and employment attorneys who represent health care providers are especially concerned about the prospect […]
There’s an article in Federal Computer Week explaining that “Agencies face SSN scrubdown.” We mentioned this last week in “White House Data Breach Prevention Guidelines.” I am pleasantly surprised to learn that some data actually will be be declared ‘unnecessary:’ Agencies can eliminate some SSN uses by asking employees not to write their SSNs on […]
Luc Wathieu and Allan Friedman have an article in Harvard Business School’s ‘working knowledge,’ titled “An Empirical Approach to Understanding Privacy Valuation.” In it, they present the results of a survey of 647 people with regard to a number of privacy hypotheses. Their results include: Contrary to some research, the chief privacy concern appears based […]
Woo hoo! I feel so much safer! The TSA reports, “Transportation Security Officers SPOT Passenger in Fake Military Uniform at Florida Airport.” Picture at right is my foofification of the picture on the TSA site. Our brave protectors write: A TSA behavior detection team at a Florida airport helped catch a passenger allegedly impersonating a […]
In 27 B Stroke 6 Threat Level, Kevin Poulsen writes, “News from Bizzaro World: Ashcroft Opposed Taps.” Kevin, your reality tunnel is showing. There are many things that Ashcroft was (I apologize for using the past tense), starting with prig and prude. I’m not particularly a fan of his, but the Venn diagram of what […]
On Dave Farber’s list, Brock Meeks pointed us to a delightful Facebook Smackdown. Brock says, What do Facebook, the CIA and your magazine subscription list have in common? Maybe more than you think… http://www.albumoftheday.com/facebook/ Trust me, it’s worth the look. And indeed it is worth looking at, along with Patrick Schitt’s contribution of the background […]
My team at work announced the launch of “The Security Development Lifecycle” blog today. After the intro post, Michael Howard leads off with “Lessons Learned from the Animated Cursor Security Bug.” I’m pretty excited. We’re focused on transparency around what we’re learning as we continue to develop the SDL.
So I hate Evite, even when it brings me to cool parties. You know who you are. Encouraging my friends to enter social network information, and then using it to contact me feels tremendously invasive. Failing to understand that annoys me. Their lame privacy policy infuriates me. Their success at co-opting my friends to sucking […]
“Among other changes, the revisions to our Privacy Policy may have changed your preferences for receiving postal mailings from Alaska Airlines and its partners.” Now that’s the power of policy! Photo, text from “Privacy policy update from Alaska Airlines, received March 24, 2007” by JasonJT, on Flickr. He has great outraged commentary.
So Mike Rothman thinks that anonymity is for cowards: During the discussion last night, one guy pointed out that sometimes things are too sensitive or controversial or unpopular to say, so anonymity allows folks to do that. I call bullshit on that. Anonymity is the tool of a coward. And while I agree with Mike […]
Dan Solove writes: Professor Neil Richards (Washington University School of Law) and I have posted on SSRN our new article, Privacy’s Other Path: Recovering the Law of Confidentiality, 96 Georgetown Law Journal __ (forthcoming 2007). The article engages in an historical and comparative discussion of American and English privacy law, a topic that has been […]
The DailyBreeze tells us about how Lorna Herf discovered South Bay BMW in Torrance’s sales policy of “No fingerprint, no car.” The dealership claims that this is an effort to prevent identity theft, though how this would help the customer is unclear. Additionally, this effort is being actively supported by the sheriff’s office. I think […]
…terrorism suspects from atypical backgrounds are becoming increasingly common in Western Europe. With new plots surfacing every month, police across Europe are arresting significant numbers of women, teenagers, white-skinned suspects and people baptized as Christians — groups that in the past were considered among the least likely to embrace Islamic radicalism. The demographics of those […]
My friend Shimrit saw Cluechick’s post on the dating (“Emerging Dating Paranoia“) and wanted to add a bit herself. She works for the UK’s biggest online dating provider. She has a new book coming out, and a blog at “Everyone’s Guide to Online Dating.” She writes: With all the current craziness surrounding online dating background […]
Two reports in the New York Times: “Driver’s License Emerges as Crime-Fighting Tool, but Privacy Advocates Worry” and “Warnings Over Privacy of U.S. Health Network.” Naturally, we’ll have that sorted out by the time the system ships. No reason for you to be worried that your health records will be automatically scanned to see if […]
There’s a great editorial about how your prescriptions are bought and sold all over the place, “Electronic prescribing is no panacea” by Dr. Deborah Peel, in Government Health IT. Also, Health Care IT news reports that “Federal privacy panel leader resigns, raps standards:” The leader of a federal panel charged with providing privacy recommendations for […]
The SnoopStick offers full realtime monitoring of another computer. It’s Vista-ready, too, which perhaps says something about Vista security, or perhaps about people who have had trouble working with Vista, or both. Any time you want to see what web sites your kids or employees are visiting, who they are chatting with, and what they […]
The Canadian Privacy Commissioner has issued a number of new rulings, essentially ruling that anyone in Canada can request an ID card whenever they want. The first, summarized by Michael Geist in “Privacy Commissioner on Domain Name Registrant ID Requirements” says: requirements of personal identification, such as a driver’s license, in order to change the […]
There’s a really fascinating article in New York Magazine, “Say Everything:” And after all, there is another way to look at this shift. Younger people, one could point out, are the only ones for whom it seems to have sunk in that the idea of a truly private life is already an illusion. Every street […]
I received the following in the mail the other week and while I was initially amused that I was getting this without asking for it, it took my wife pointing out the irony of there being an actual directory at all:
Montreal, QC (PRWEB) February 13, 2007 — Credentica , a Montreal-based provider of innovative security software for identity and access management, today announced the immediate availability of its U-Prove product for user-centric identity management. The U-Prove product enables organizations to protect identity-related information with unprecedented security throughout its lifecycle, wherever it may travel. It is […]
Following up on the issue of astronaut screening, there’s an article at MSNBC, “Former NASA doctor says agency must do more,” in which “NASA flight surgeon and professional psychiatrist Patricia Santy” discusses the screening which takes place. It’s an interesting article, in which she discusses the tension between NASA’s organizational culture and psychological screening. What […]
Privacy, being the right to be left alone, is hard to get with a telephone. Two interesting stories make a trend, and we report on trends here. Or something. I think that the profusion of new services around telephone privacy are the start of an interesting market backlash against the cell phone’s effect of making […]
Arthur wrote recently about an NYT article about dangers of the iPhone. The NYT has a bizarre policy about articles which makes them available for only a few days, so likely you’ll have to take my word about that article. I liked this article a lot because it mentions eMusic. I’m an eMusic customer and […]
So, I’m really irked by headlines like “Microsoft’s ‘Secret’ Security Summit.” First, it wasn’t Microsoft’s summit. It was an ISOTF meeting that had public web pages. Microsoft provided conference facilities and lunch. I don’t think we even bought the beer. Second, it wasn’t a secret. It has web pages: “Internet Security Operations and Intelligence II […]
“The spread of the credit check as civil rights issue,” in the Christian Science Monitor: Bailey, with her lawyer, has lodged a complaint against Harvard charging racial discrimination. The reason: Studies show that minorities are more likely to have bad credit, but credit problems have not been shown to negatively affect job performance. and “Insurers […]
The NYT reports, “Rough Treatment for 2 Journalists in Pakistan” and indeed reporting is dangerous in countries where they do not respect the sort of basic rights we in the civilized world have championed for nigh 800 years. However, a computer was seized, sources were roughed up and possibly jailed or killed: Since then it […]
There’s a fascinating article in Sunday’s New York Times, “Money Doesn’t Talk.” The money quote: Through her store, Pesca, Ms. Azizian has earned her financial independence, but to avoid the disapproval of her husband of 27 years, she adopts a low profile by using cash. “His tastes aren’t as expensive as mine, and he doesn’t […]
Michael Arrington writes at Techcrunch about a former law firm, all of whose records are going to be opened to the public: Brobeck, Pleger & Harrison LLP was a well known law firm in silicon valley during the first Internet boom. They had thousands of startup and public company clients and handled all aspects of […]
In “The Vehicular Thomas Crowne Affair: how to creatively defeat photo radar,” Scrollin On Dubs points out that: I just got my plate from AZ DMV and happily installed it this morning. It can still be read by the keen eye but from one of those crappy photo radar pictures it will be a non-trivial […]
In March of 2005, Alec Muffett predicted “National loyalty cards,” and I mocked him for it. Since then, I’ve decided that all non-trivial privacy fears come true. And since then, Alec’s plan has taken another step. The BBC reports about a new “Blair plan for ‘people’s panels’.” No, I didn’t make that up, Comrade. He […]
The Department of Homeland Security (DHS) Privacy Office conducted a review of the Transportation Security Administration’s (TSA) collection and use of commercial data during initial testing for the Secure Flight program that occurred in the fall 2004 through spring 2005. The Privacy Office review was undertaken following notice by the TSA Privacy Officer of preliminary […]
Daniel Akaka and John Sununu have introduced a bill to repeal title II of the Real ID Act. From the press release: The Identification Security Enhancement Act (S. 4117) replaces REAL ID with language from the Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108-458), which took a more measured approach in mandating tougher […]
The Wall Street Journal reported yesterday that “Stars Find Privacy Breached In Aspen by Phone Book” (behind paywall, sorry). According to the Journal: When the Yellow Book directory for Aspen, Colo. came out recently, residents of this ultra-chic ski town found it contained more than the usual list of local bars, hair salons and ski […]
Topping the list, Vodaphone has been fined $100M (€76M) for failing to protect 106 mobile accounts. “Greek Scandal Sees Vodaphone fined” at the BBC, via Flying Penguin. On this side of the Atlantic, Choicepoint, Experian and Reed-Elsevier are looking to pay $25 million to settle claims that they invaded the privacy of 200 million drivers […]
The BBC reports that “Prozac ‘found in drinking water’” in Britain, and that: In the decade leading up to 2001, the number of prescriptions for antidepressants went up from nine million per year to 24 million per year, says the paper. They point to a Observer story, “Stay calm everyone, there’s Prozac in the drinking […]
hold the RFID. I just got my US passport renewed, and I was pleasantly surprised when it came back Old Skool — no RFID. I’m happy…until 2016 anyway.
There’s a really interesting story in the New York Times last Sunday, “Health Hazard: Computers Spilling Your History.” Money quote: Some patients are so fearful that they make risky decisions about their health. One in eight respondents in a survey last fall by the California HealthCare Foundation said they had tried to hide a medical […]
“Please put your bra in the bin,” at Flyertalk: items used to augment the body for medical or cosmetic reasons such as mastectomy products, prosthetic breasts, bras or shells containing gels, saline solution, or other liquids; and, … 1. Separate these items from the liquids, gels, and aerosols in your quart-size and zip-top bag. 2. […]
In “Citadel, Sensitive Data, and Plusfunds’ Bankruptcy” Paul Kedrosky looks at the impact of youthful chattiness on an industry: Apparently hedge fund Citadel is trying to purchase data from bankrupt Plusfunds that would detail trading strategies at some of its major competitors. The latter company had run a hedge fund index underlying which were trading […]
Phil Schwan, who was able to read to the end of “Homeland Security tracks travelers’ meals” without blowing a gasket, noticed that they said they’d only gotten 15 comments: I tried for 30 goddamn minutes to figure out how to comment. That’s why there are only 15 comments. All I could find was a Privacy […]
Michael Giest is covering Canadian Parliamentary hearings over that country’s privacy law in “PIPEDA Hearings – Day 01 (Industry Canada)” “PIPEDA Hearings – Day 02 (B.C. Privacy Experts)” Bakelblog vents about the petty tyranny of immigration bureaucrats in “Welcome to America, Fuckwads!” Alec Muffet has interesting and detailed comments about the broken security of the […]
Via the Beeb: Drivers who get stopped by the police could have their fingerprints taken at the roadside, under a new plan to help officers check people’s identities. A hand-held device being tested by 10 forces in England and Wales is linked to a database of 6.5m prints. Police say they will save time because […]
So, I was commenting over on Econlog, and noticed this: “Email Address (Required. Your email address will not display to the public or be used for any other purpose.)” So, umm, what is it being used for? This is both snarky (obviously) and serious (less obviously). The less obvious part is that information is being […]
A few months back, I said “Ironically, privacy advocates warned that the number would become a de facto national ID, and their concerns were belittled, then proven right, setting a pattern that still goes on today.” In thinking about Alec Jeffrey’s come-to-Jesus moment, I realized that we can state that another way: All non-trivial privacy […]
There’s the Budapest Declaration on Machine Readable Travel Documents: By failing to implement an appropriate security architecture, European governments have effectively forced citizens to adopt new international Machine Readable Travel Documents which dramatically decrease their security and privacy and increases risk of identity theft. Simply put, the current implementation of the European passport utilises technologies […]
A pioneer of Britain’s DNA database said on Wednesday it may have grown so far beyond its original purpose that it now risks undermining civil rights. Professor Alec Jeffreys told BBC radio that hundreds of thousands of innocent people’s DNA was now held on the database, a disproportionate number of them young black men. … […]
Cutaway, over at Security Ripcord provides us with an alternate take on the fact that security needs to understand the business constraints and goals of the organization. He (She?) quite rightly points out that security is a part of the “Service and Support” Group. He has two essential points: I have been hearing a lot […]
Someone who likes his privacy sent me this link to an “Encyclopedia of Privacy.” It’s 672 pages, for $199. How many people are going to read that? How many copies are they going to sell? Its sad that they’ve chosen to lock up all that work that way, rather than putting it somewhere where the […]
Bob Sullivan has an article at Red Tape, “Health care privacy law: All bark, no bite?” and focuses on the lack of penalties. Two years ago, when Bill Clinton had heart surgery performed in New York’s Columbia Presbyterian Medical Center, 17 hospital employees — including a doctor — peeked at the former president’s health care […]
There’s a fascinating article in the New York Times last week, “Expunged Criminal Records Live to Tell Tales” about how companies like Choicepoint which collect and sell public records don’t pick up orders to expunge those records. I didn’t have much to add, and figured the Times doesn’t need me to pimp their articles (they […]
Well calling it cracked implies encryption or some semblance of security of which there is none according to the New York Times. In Researchers See Privacy Pitfalls in No-Swipe Credit Cards we learn that a team of folks from UMass Amherst and EMC/RSA tested a small batch of RFID Credit Cards from Amex, Visa and […]
With recent data leaks at AOL, governments seeking information from Google on its users, and no simple user privacy solutions available, a standard for empowering user search privacy has finally been proposed. PoundPrivacy.org is spearheading a search privacy revolution with its proposed #privacy standard. Our proposal is that the #privacy flag could be added to […]
On August 10, after his family was refused a home loan, an Arcata man was mortified to find the phrase “son of Saddam Hussein” included on his credit report. “I looked at it and couldn’t believe my eyes!” Said the Arcata man who asked that only his middle name, Hassan, be divulged. The routine credit […]
This seems to be the weekend of redux posts and back tracking to earlier in the year. Way back in January, Adam wrote about the RFID Zapper created by the folks at the annual Chaos Computer Club conference. Along a similar vein, Julian of exremflug.de, has also produced an RFID Zapper made from a disposable […]
Here in the U.S., one of our Old Order Amish communities has recently suffered an infamous crime — the murder of several schoolchildren. Interest in this case has been high. Naturally, the public’s right to know has been ably served, as journalists took plenty of funeral photographs, despite the fact that the Amish, on strict […]
There’s a really interesting article at Blogging on the Identity Trail, “Bouquets and brickbats: the informational privacy of Canadians:” In the course of our investigations, I frequently found myself reflecting on two broader questions: first, I wondered how best law could protect the personal information of Canadians—and by extension the privacy of Canadian citizens—in the […]
There is a Workshop on Privacy in The Electronic Society taking place at the beginning of November. We (George Danezis, Marek Kumpost, Vashek Matyas, and [Dan Cvrcek]) will present there results of A Study on the value of Location Privacy we have conducted a half year back. We questioned a sample of over 1200 people […]
Social Security Administration officials believe computerization of files has contributed to their security. In the manual era, the applicant’s record was an individual ledger sheet. Thus if a person could get to the file drawer and then the ledger, he could check any record. Although entry to the files area was restricted by guards who […]
Stupid bills before legislatures seem to be a target rich environment which is to say, its hard to even say where to start. So allow me to offer a suggestion: California’s SB768 will slow RFID stupidity. Take a look at EFF’s fact sheet, and then, if you’re in California, call your local Governator, and tell […]
Read “Google is Watching You” for the worksafe details. Via Sivacracy.
..’cause she’s Dunn! What’s the over/under on how long Hurd lasts? Image credit: progodess
Last month, CSO Magazine ran an article “Avoid a Meltdown: Reacting to a Security Breach.” The article had some great advice on breach handling, however as usual, the magazine resorts to scare tactics in order to get its point across. It is articles like this that give CSOs a bad reputation for not understanding business […]
In “Walt Disney World: The Government’s Tomorrowland?” Karen Harmel and Laura Spadanuta discuss how Disney has moved from finger geometry (to constrain ticket re-sale) to fingerprinting their customers. I think the most important bit about this is about the links between Disney and the government: Former Disney employees have filled some of the most sensitive […]
Eric Rescorla ties HP’s use of traffic analysis to that of the NSA in “I told you traffic analysis was useful.” Apparently, HP didn’t just chase down directors and reporters, but also the father of at least one journalist. See “HP Leak Investigation Extended Beyond Reporters, Directors.” (I say HP rather than HP’s investigators because […]
It’s only with the understanding that privacy has many meanings that I can comprehend people on Facebook complaining about privacy. (People interested in this should read Alessandro Acquisti’s work.) That’s not what I wanted to post about. What I wanted to post about was the great way the CEO of Facebook took the wind out […]
The best posts I’m seeing are coming from Paul Kedrosky, who has posts like “Patricia Dunn Lectures on Corporate Governance,” and Playing Truth or Dare with HP’s Patricia Dunn” and Robert Scoble, with posts like “HP Story Keeps Getting Worse,” and “HP Has Major Ethical Problem, Day 2.” I’m using Scoble’s picture here. Don’t miss […]
Various folks at Northwestern’s Medill School of Journalism have done some great work, which they call Data Dilemma: Privacy in an Age of Security. I was led to this by various stories about the US Department of Education feeding information on financial aid applicants to the DHS for five years without bothering to inform those […]
[Update 3: I should have disclosed affiliations with Debix in this post. See “Mea Maxima Culpa.”] Debix is reporting that 40% of fraud alerts don’t propagate between all three major credit agencies. You remember those fraud alerts? They’re supposed to protect you from identity theft, right? Well, let me let you in on a secret. […]
AOL’s CTO has “decided to leave” the company, “effective immediately”, according to an email message sent to remaining employees by CEO Jon Miller. Additionally, CNet news reports that the researcher who posted the data, and the researcher’s supervisor (a direct report of ex-CTO Maureen Govern) have been fired.
Dave Weinberger absolutely nails why I worry about the whole Identity 2.0 plan, in “Anonymity as the default, and why digital ID should be a solution, not a platform.” If you know what Identity 2.0 means, you owe it to yourself to read this post. If you build Identity 2.0 platforms/solutions/best-of-breeds, you owe it to […]
Don’t miss the picture that Jerry Fishenden paints in “biometrics: enabling guilty men to go free? Further adventures from the law of unintended consequences:” Outside, armed policemen, guard dogs and riot barriers prevent the curious crowds pushing too close. On the office rooftops – police marksmen. In the Victorian drains below the courtroom – boiler-suited […]
Kip Esquire has a blog post about liabilities and restatments and product liabilities with an interesting twist for the capture-everything crowd: As for the costs of warning: How geographically diverse are the customers? How easy or difficult would it be to communicate the warning — would a press release be sufficient? Is the product likely […]
Is that enough acronyms yet? In Adam’s previous post, Justin Mason commented: There’s another danger of this — even if the number is an opaque ID, the *presence* of the RFID chip means than an attacker can remotely detect the presence of an I-94, therefore a foreign passport, therefore a tourist ripe for a mugging […]
So two stories came out recently, and they’re connected by a thread, which is the assignment of identifiers. The first was in Government Computer News, “IG: U.S. Visit RFID needs better security controls,” which opens: The RFID on the Form I-94s was designed with privacy protections, the inspector general said. Specifically, the RFID tag, which […]
Most readers will have read by now of America Online publicly releasing a large sample of search records. From the README supplied with the data: The data set includes {AnonID, Query, QueryTime, ItemRank, ClickURL}. AnonID – an anonymous user ID number. Query – the query issued by the user, case shifted with most punctuation removed. […]
Not that it needed clarification. RFID passports have been a boondogle without a purpose for a long time. It’s been clear that they make us less secure. Now it turns out they can be easily cloned: German computer security consultant has shown that he can clone the electronic passports that the United States and other […]
‘The Australian’ has a great story on “Focus key to crack money-laundering.” Its focused on the testimony of a British expert on “money laundering” and includes: Last year, British banks, accountants and lawyers made some 200,000 reports to the authorities. But in the three years since Britain’s law was implemented, there had been only one […]
As mentioned by Ben Laurie; Simon Davies, the Director of Privacy International, was quoted in IT Weeks’s Will industry rescue the identity card? as saying: “I’ve believed for some months that a ‘white knight’ consortium from industry is needed,” Davies said. “Companies that can see the benefits of the ID card idea should approach the […]
There are about twenty good posts talking about the Symposium on Usable Security and Privacy (SOUPS) over at Ka-Ping Yee’s Usable Security blog. If you’re reading this in the archives, start here and go forward, or here and go back. Some favorites: How will the scourge really be killed? (Panel) Decision Strategies and Susceptibility to […]
(Via Caspar and Nicko.) I hesitated before posting this. I’m pretty sure it’s a Dr. Fun cartoon, but the jerks in “my confined space” have obscured the signature. I try hard to attribute all the images I use here. I’ve given credit to Galerie which we use to produce the frames. (They even added a […]
According to Charlie Paglee, Skype has been cracked, and a compatible client implemented. This promises to have wide ramifications, about which Charlie writes at length.
“The Plot to Hijack Your Computer” in Business Week lays out some of the history of “Direct Revenue,” a spyware company whose products are so beloved of their customers that DR receives regular death threats. Cryptome presents an except from a complaint in a lawsuit against AT&T, claiming that “NSA/AT&T Spying Began 8 Months beofre […]
Over at the Counterterrorism Blog, Dennis Lormel writes “Initial Comments about Terrorist Financing and “The One Percent Doctrine”” and “U.S. Government Terrorist Financing Initiative Involving SWIFT:” …I was in the FBI in a leadership role responsible for terrorist financing. Immediately after 9/11, we realized we had to develop financial investigative methodologies different than anything we […]
The United States Treasury Department has had secret access to records maintained as part of the SWIFT system, which it has been using secretly for years to identify financial ties to terrorist entities. The Washington Post has more.
The Associated Press pushed a story to the wires about the Data Surveillance workshop which I’d mentioned a while back: As new disclosures mount about government surveillance programs, computer science researchers hope to wade into the fray by enabling data mining that also protects individual privacy. Largely by employing the head-spinning principles of cryptography, the […]
SiliconBeat has a story, “Jangl’s new angle on phone calling:” Jangl is a new phone service that, initially anyway, will allow people to anonymize their phone numbers the same way they can their email addresses when posting on places such as craigslist. When you sign up with Jangl, you get access to disposable phone numbers […]
Seriously. Plus, he says it wouldn’t be a civil liberties issue.
Paxx Telecom has issued a press release that they’ll hand over records only when given a court order: The recent revelation first made by USA Today that the National Security Agency (NSA) has been commandeering phone records of tens of millions of ordinary Americans has shocked those who cherish their privacy and do not agree […]
One of the motivators often discussed for voter ID card requirements is voter registration fraud. I believe that ID card requirements are like poll taxes, and are not justified. I believe that they’re not justified even if they’re free, because of personal privacy concerns, regarding addresses. You know, like Gretchen Ferderbar had before her 911 […]
An emotionally disturbed 911 emergency dispatcher abused his access to the call center’s databases while tracking his ex-girlfriend and her new boyfriend before murdering both of them. See Declan McCullagh, “Police Blotter: 911 dispatcher misuses database, kills ex-girlfriend,” which covers the court case stemming from a 2003 shooting, described in “Job loss tied to fatal […]
Via Kim Cameron (“Homeland Security Privacy Office Slams RFID Technology“), I read about “The Use of RFID for Human Identification.” This is an important report. The money quote is useful because it comes out of DHS: Against these small incremental benefits of RFID are arrayed a large number of privacy concerns. RFID deployments’ digitally communicated […]
We’ve announced the program for the 6th Workshop on Privacy Enhancing Technologies, and space is still available for registrants. The program is so cool that I’m not going to try to summarize it, but rather quote Kim Cameron (“SEE IF YOU CAN MAKE PET 2006“): Here’s one conference I definitely won’t miss. I’ve been lucky […]
Lack of trust in online banking among U.S. consumers is a serious constraint because of doubts about banks’ security measures, according to eMarketer’s new report, “Online Banking: Remote Channels, Remote Relationships?” The result is a slowing rate of adoption, with online banking households increasing by only 3.1% in the last quarter of 2005 — the […]
Massachusetts Congressman Ed Markey asks Dennis Hastert whether legislation protecting mobile phone users’ privacy has been sent to a “legislative ‘Guantanamo Bay’” in order to modify it so that intelligence gathering activities analogous to those affecting land lines would be unimpeded.
There’s a great article in the Guardian, “Q. What could a boarding pass tell an identity fraudster about you? A. Way too much:” This is the story of a piece of paper no bigger than a credit card, thrown away in a dustbin on the Heathrow Express to Paddington station. It was nestling among chewing […]
So pay no attention to the thoughtcriminals who are not bored, and their ridiculous propaganda documenting “Abuses of surveillance cameras.” We all know that cameras never lie, film can’t be edited or mis-interpreted, the police would never use cameras to look in your bedroom window, and that the videos taken will be strictly controlled. Those […]
I happened to look recently at the little card that Avis puts in the cars of frequent renters. The idea is that you land, get to Avis, see your name on a board, and walk directly to the car with one fewer line to stand in. So as you drive away, the fellow who checks […]
“We try to weed out those who pose a security risk,” Chertoff said in a briefing with reporters. “I don’t know … that background checks with people hired will predict future behavior.” Well, golly, Mr. Secretary, I don’t know…that either. So will you please cancel CAPPSIII/Secure Flight/Free Wheelchairs for Paraplegic Children, rather than invading the […]
Federal regulators today released Evolution of a Prototype Financial Privacy Notice… The report’s release concludes the first phase of an interagency project […] to explore alternatives for financial privacy notices that would be easier for consumers to read, understand, and use than many of the notices consumers currently receive from financial institutions. These six agencies […]
We’re looking for nominations of great work in Privacy Enhancing Technologies: The PET Award is presented annually to researchers who have made an outstanding contribution to the theory, design, implementation, or deployment of privacy enhancing technology. It is awarded at the annual Privacy Enhancing Technologies Workshop (PET). The PET Award carries a prize of 3000 […]
The Privacy Commissioner of Canada, Jennifer Stoddart, today announced the renewal of funding through her Office’s Contributions Program which, for the last three years, has allowed some of Canada’s brightest privacy experts to develop a wealth of information on various privacy challenges of the 21st century. From “Privacy Commissioner’s Office renews its cutting-edge privacy research […]
By Banksy, via Saar Drimer.
In “How private are your tax records? You’ll be surprised,” Bob Sullivan illustrates why the “opt-in/opt-out” way of discussing privacy is so destructive: Any information you give to a company that helps you prepare your taxes can be sold to anyone else. Only a single signature on a permission slip stands between you and the […]
I regularly talk about how privacy has many meanings, but haven’t put those in a blog posting. Since this blog has more readers than most of my talks have attendees, I figure it’s a sensible thing to blog about. The point of this list is to illustrate the dramatically different things people mean when they […]
I’d like to say more about the issue of privacy law, and clarify a bit of jargon I often use. (Alex Hutton pointed out it was jargon in a comment on “There Outta be a Law“.) As background, some people have objected to privacy laws as being at odds with the First Amendment guarantees of […]
One of the neat things about Blue Hat is that people get pulled aside and introduced to people who have problems that they’d like your thoughts on. In one of those meetings, it came out that the person I was meeting with was destroying lots of data before it came to his group. Very cool. […]
The CBC has a story on how “Global child porn probe led to false accusations:” An international investigation of internet-based child pornography has led to accusations against innocent victims of credit card fraud, a CBC News investigation has found. In other cases, victims of identity theft found themselves fighting to save their reputations, jobs and […]
…or, more generally, “I’m now doing that weird thing I saw an influential elder do, but now it seems to make sense”. I have several examples from my own life (generally rather predictable for a balding 40-something suburbanite), but just today I found another one, and I didn’t see it coming.
Surprise surprise, the Department of Justice doesn’t think that the Bush administration’s request for search data violates users’ privacy rights. [Edit: Fixed broken link] [Update: Try this link instead. ]
How are True.com’s Valentine’s Day e-mails targeted? Very simply: one version of their e-mail targets black singles, another targets East Indian lonely hearts, and other versions target the Asian and Hispanic loveless. (Our multi-cultural bots were lucky enough to get one of each). There’s nothing wrong with that on the surface. But we wondered how […]
Harold Hurtt has suggested that surveillance cameras be placed “in apartment complexes, downtown streets, shopping malls and even private homes”, according to this story in the Seattle Post Intelligencer. In response, I hereby found…. The Hurtt Prize The Hurtt Prize is a $1120 (and growing) reward for the first person who can provide definitive videotaped […]
The FCC has asked for comments on “TELECOMMUNICATIONS CARRIER’S USE OF CUSTOMER PROPRIETARY NETWORK INFORMATION AND OTHER CUSTOMER INFORMATION.” “Customer Proprietary Network Information” is newspeak for “selling your phone records.” Several anonymous readers commented on “Selling Your Phone Records” about their troubles with T-Mobile. Here’s a chance to tell the FCC what you went through. […]
Police say a convicted murderer used his job as a car salesman in Sandy to track a female customer to her home and rape her. Cleon Jones, 34, was arrested Wednesday on multiple first-degree felonies and remains in the Salt Lake County Jail without bail. Authorities allege Jones tracked down his victim by using her […]
Buried in your wireline and wireless telephone subscriber agreement is a notice concerning “customer proprietary network information” (CPNI). CPNI is your calling records. CPNI shows the phone numbers you called and received and for how long you talked. Privacy Rights Clearing House has a guide to “opting out of CPNI sharing.” This is great, because […]
As readers of this blog probably are already aware, Google has been subpoenaed. The United States government is demanding, in part, that they provide a list of all URLs they index. This is something I’d expect them, or any other search firm, to want to keep secret. Imagine my surprise when I read this in […]
Before I’d had much in the way of coffee, I thought that the “Firefox Ping URLs” might offer a way to scan the web for sites to avoid. It would be simple. For each site mentioned in a ping URL, add it to a blacklist. The trouble with this is that the same set of […]
It’s all over the internet that Mozilla has added a “ping” attribute to URLs: I’ve been meaning to blog about a new web platform feature that we’ve added to trunk builds of Firefox. It is now possible to define a ping attribute on anchor and area tags. When a user follows a link via one […]
For example, last fall, an IT director at a travel club in Wyomissing, Pa., told Computerworld that he had found personal information on magnetic hotel key cards when visiting three major hotel chains. The IT professional said he read the cards using a commonly available ISO-standard swipe-card reader that plugs into any USB port. At […]
Bruce Schneier links to an AP article about the hideous costs of the RealID Act. Early estimates were for $120 million, current estimates are for $300 million for the first year alone, and that’s just for three states, Pennsylvania, Virginia and Washington state. So we can safely say that nationally we’re looking at billions of […]
In a comment on “Atlantis Resort (Bahamas) 50,000, Hacker,” Ian Grigg explains that the reason Bahamas Casinos collected 55,000 SSNs is that the various and sundry “anti-money laundering” regulations force them to, or be labeled “naughty.” Err, ‘non-compliant.’ How’s that for NewSpeak? There’s a pretty large steamroller behind such rules and regulations, and the push […]
When you’re facing hard time, and the chips are down, you need to hunker down and dig up all the dirt you can on the stool pigeon who fingered you. That’s where whosarat.com comes in: Who’s A Rat is a database driven website designed to assist attorneys and criminal defendants with few resources. The purpose […]
I’ve been mulling over John Robb’s description of the (very cool) RFID zapper the Chaos Computer Club demoed at their conference. He calls them “the German branch (privacy activists) of the global guerrilla innovation network.” He also states that “In order to correctly route and track items from inception to purchase, these chips are attached […]
The Blog Safer Wiki was announced by the Spirit of America’s Anonymous Blogging project. There’s a lot of technology know how, and a lot of cultural issues that go into this, and Curt is doing a great job at bringing the technical knowledge to those who need it, and helping them help each other: Spirit […]
The study, which followed more than 1,300 adults over 2 years, found that those who consistently used a mobile phone or pager throughout the study period were more likely to report negative “spillover” between work and home life — and, in turn, less satisfaction with their family life. From “Cell phones tied to family tension,” […]
I realized today that Chris Hoofnagle’s blog at EPIC West wasn’t on my blogroll. He’s had lots of important posts up lately, from the informational (“ CA OPP: 13 New Privacy Laws in Effect“) to the amusingly disgusting (“Pretexting Isn’t Lying, According to Bestpeoplesearch.com“) California’s Office of Privacy Protection just released an announcement that 13 […]
Two leading governor candidates are trying to outdo each other in protecting Minnesotans’ privacy…The candidates’ dueling news conferences produced more politics than policy, with each charging the other with not doing enough to protect citizens’ privacy. From “Governor is seeking privacy law changes.” I don’t like some of the proposals. It seems to me that […]
I used to feel bad advocating for privacy laws. I’m generally down on laws restricting private contracts, and privacy laws seemed to be an intellectual inconsistency. I’ve resolved that feeling because almost a great many privacy invasive systems depend on either social security numbers, or government issued identity documents. It seems quite consistent to restrict […]
The Tallahassee Democrat reports on an interesting disclosure instance: whistleblowers revealing allegedly shoddy data security practices at their former employer. The twist is that those doing the talking are not the folks whose jobs were outsourced, but former employees of the outsourcing firm. From the article: In an affidavit taken for a lawsuit by five […]
[Adam updates: The reporter has recanted his story, “Federal agents’ visit was a hoax .”] Apparently, the Staasi are watching what we read. A senior at UMass Dartmouth was visited by federal agents two months ago, after he requested a copy of Mao Tse-Tung’s tome on Communism called “The Little Red Book.” Two history professors […]
“Bush Secretly Lifted Some Limits on Spying in U.S. After 9/11, Officials Say.” A 10 page story in the New York Times opens: Months after the Sept. 11 attacks, President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity without […]
One of the biggest issues I have with the gossip industry is how behavior that seems normal and expected is entered into databases and is used to judge us in unexpected ways. As the Tampe Tribune reports in “Insurers’ Road Service Could Prove Costly:” TAMPA – Andrea Davis can’t understand what two flat tires and […]
Speaking of tracking and databases: Mobile Landscape Graz in Real Time harnesses the potential of mobile phones as an affordable, ready-made and ubiquitous medium that allows the city to be sensed and displayed in real-time as a complex, pulsating entity. Because it is possible to simultaneously ‘ping’ the cell phones of thousands of users – […]
Ever-increasing requirements that every item be uniquely identifiable are combining with the power of the internet to invade everyone’s privacy. The Guardian (UK) has a story about how ‘planespotters’ are gathering data that allows the after-the-fact tracking of CIA torture planes. (“How planespotters turned into the scourge of the CIA.”) Paul last saw the Gulfstream […]
Candice “Candy” Smith, 44, of Blue Springs, Mo., pleaded guilty to making unauthorized inquiries into data aggregator LexisNexis’s database of non-public information on millions of consumers, such as driver’s license information and credit-history data. Many people might assume that only cops can look up this type of information, but Smith was granted access to the […]
Apparently, I woke up on the right side of the bed, and am just handing out kudos left and right today. Consumers will gain strong new protections when New Jersey’s Identity Theft Prevention Act takes effect Jan. 1, but businesses and institutions are facing headaches and added expenses. Social Security numbers will be out as […]
Michael Geist has a column today “Canada’s Privacy Wake-Up Call” in which he follows up on the Macleans story about the Canadian Privacy Commissioner’s phone records being stolen. (See my “Epic Problems With Phone Privacy.”) Although major Canadian telecommunications providers such as Bell Canada sought to characterize themselves as “victims” of fraudulent activity and claim […]
Recently, Hossein Derakhshan blogged about his denial of entry into the United States. (“Goodbye to America.”) This is really too bad. Hoder’s an insightful fellow, and even if he happened to be one of the 15 or so million living in the United States without official permission, we profited from his visits. I believe that […]
Riya is a Redwood City startup that makes facial recognition software. Rumor from Om Malik says Google is buying them. I believe that this purchase has some of the farthest reaching privacy implications we’ve yet seen from Google. Anonymity, in its most literal meaning of “without a name,” is the current state of many photographs […]
I appreciate all the notes you’ve been sending me telling me about “FBI, Pentagon pay for access to trove of public records.” I’d love to have something insightful to add to this, but I don’t. Ryan Singel has a bit more: The article, which relies on heavily redacted documents acquired through an open government request, […]
New Scientist reports “Anonymous sperm donor traced on internet:” LATE last year, a 15-year-old boy rubbed a swab along the inside of his cheek, popped it into a vial and sent it off to an online genealogy DNA-testing service. But unlike most people who contact the service, he was not interested in sketching the far […]
The [Stearns] bill would also require companies to notify not just consumers of a breach, but also the F.T.C., which would then be permitted to audit the company’s security program. “But it needs better enforcement language,” said Joseph Ansanelli, the chief executive and co-founder of Vontu, an information security company in California, who has frequently […]
There’s a fascinating story at imedia connection, “Why Consumers Trust American Express:” How has American Express retained its position? Kimberly Forde, an American Express spokesperson, told me that “American Express is very pleased to be recognized by consumers for its ongoing and strong commitment to privacy.” Moreover, she felt that American Express had done a […]
I just skimmed the Sessions’ bill which Chris linked to. It has a great provision for allowing the fox to not only guard the henhouse, but also to control the alarm system: 3(b)(1)(A) IN GENERAL- If an agency or person that owns or licenses computerized data containing sensitive personal information, determines, after discovery and a […]
Arlen Specter and Pat Leahy have proposed the “Personal Data Privacy and Security Act of 2005“. This is a comprehensive proposal, and is opposed big-time by various industry lobbies. As reported in the October 21, 2005 American Banker, this bill has hit a snag, and is languishing in Committee. Meanwhile, another bill, courtesy of Jeff […]
Via Alec Muffett’s dropsafe, I learned of a British SF television program which eerily predicted a future Britain in which a sinister governmental department that has abolished individual rights and introduced ID cards for all citizens, rationing and sophisticated electronic surveillance I would have preferred to have gotten a transdimensional police box.
The EFF has done some great work on how high resolution color printers are embedding tracers in every document they print. It’s at “DocuColor Tracking Dot Decoding Guide.” I’d call them high quality printers, but how could I? They intentionally distort every document they print on the off-chance it contains evidence of thoughtcrime. The work […]
Last week, I was in Redmond for a few days, filming a roundtable discussion with Amy Roberts of Microsoft, Gerry Gebel of the Burton Group and Peter Cullen, Microsoft’s Chief Privacy Strategist. I think we had a great discussion, the time went by really quickly. I hope that the good energy we had in the […]
Some prominent business organizations are complaining to Congress that the Patriot Act makes it too easy for the government to get confidential business records. These groups endorsed proposed amendments that would require investigators to say how the information they seek is linked to individual suspected terrorists or spies. The changes also would allow businesses to […]
A federal judge on Tuesday struck down a California law that restricts banks from selling consumers’ private information to their affiliates, ruling that the state law is pre-empted by federal rules. The American Bankers Association, the Financial Services Roundtable and Consumer Bankers Association had sued California Attorney General Bill Lockyer, arguing that the federal Fair […]
PaybyTouch has arrived, and that finger in their logo looks awfully short to me. Maybe subconsciously, they know the truth? See my “Fingerprint Privacy” or “A Picture is Worth A Thousand Words” for some actual analysis, rather than silly sniping. (via Silicon Beat, who has notes on their unusual financing techniques.)
Jim Harper writes: At this week’s meeting of the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee, Joanne McNabb, Chief of the California Office of Privacy Protection, and I circulated and presented a draft ‘Framework’ for assessing homeland security programs in terms of their consequences for privacy and related values. Members of the […]
It’s not like I was getting any work done anyway. (Ok, actually I was: Five of yesterday’s six posts took under 10 minutes, and four took 5 minutes or less.) But: Scientists invade the privacy of Giant squid, intruding on their long-preserved solitude. Also be sure to notice National Geographic’s beautiful user interface for selecting […]
At the Counter-Terror blog, Andrew Cochran writes: “Treasury Department’s FinCEN Unit Recovering From “Cyberjacked” E-Mail System:” The most important impact of the cyberjacking has been to shut down the automated system whereby FinCEN and law enforcement request and receive information from financial institutions for use in terrorism and money laundering cases. The system, enacted under […]
NudeCybot (hey, you’re blogging again!) asked me for opinions on Google Secure Access (or just GSA), and sent me a link to Kevin Stock’s Google Secure Access on Mac OS X. There’s a lot of critiques of Google’s Privacy policy around GSA: “Hide what you’re doing from everyone but us! And, umm, anyone who asks […]
A blogger who I’d recently discovered has retired: I’ve always had my two lives separated – my offline world and my online one. That’s the way I wanted it and that’s the way I set it up and I’ve got my own reasons for it. And someone decided to ruin all the fun and be […]
In “Stuck on the No-Fly List,” Ryan Singel discusses the procedure for, no not getting off the list [1], but for getting onto yet another “cleared” list.[2] Confused? I was too. The head of the Terrorist Screening Center [3] told me recently that I’d mixed up “No-Fly” and “Selectee.” As Daniel Solove explains in “Secure […]
Some of the precepts that proponents of national ID often put forth is that it can make “illegal immigration more unpleasant for immigrants,” or “a national ID system has some substantial potential to be the cornerstone of a national fraud-prevention system.” These are attractive notions, but will not be borne out in reality. Actually, the […]
Alan Chapell has some interesting thoughts in “CONSUMER WATCH: Localities put private data in harm’s way:” As an aside, some might argue that there’s little distinction between “evil doer” and “data broker”. I prefer to view the latter as the poster children for another unregulated industry that is screaming for the Government to step in. […]
My first reaction was shock, then anger. Why did the baby formula company have her due date? I had shared our baby’s due date with only two businesses: my health insurance company and a Web site for expectant and new parents. When I registered to enter the Web site, I specifically requested that it not […]
The term “right to privacy” has, in the debate over the Supreme Court, become a code-word for a woman’s right to abortion (or more specifically, to a liberty to choose without government interference.) As someone who believes that privacy is broader than that, I was very pleased to see that Roberts said: “Senator, I do. […]
EBay has bought Skype, for reasons that I don’t quite understand. Perhaps all that cash was burning holes in their pockets. The BBC reports: “Communications is at the heart of e-commerce and community,” said eBay chief executive Meg Whitman. “By combining the two leading e-commerce franchises, eBay and PayPal, with the leader in internet voice […]
Richard Bejtlich comments on a Federal Computer Week article, “Security clearance delays still a problem” in “Feds Hurry, Slow Down.” “ITAA officials said 27 member companies that responded to a survey are coping with the backlog by hiring cleared employees from one another, sometimes paying premiums of up to 25 percent.” I’m glad to see […]
In “Getting Serious about Smog,” Virginia Postrel writes: After many years of bureaucratic resistance, California is finally getting serious about air pollution from cars. These days, most cars don’t spew much pollution. But the few that do, account for a lot, and many of them still manage to pass state inspection. Now, the LAT reports, […]
Alex Haislip is blogging up a storm at VC Action. I love journalist bloggers; there’s so much interesting backstory that they talk about. And working at Red Herring, Alex has more dirt than he could dish and stay in business. 😉 Curt Hopkins points to a fascinating story about the folks who run the great […]
Frequent commenter Allan Friedman has started Geek/Wonk. In “Speaking of duct tape,” he links to an interesting essay Duct Tape Risk Communication. And Mario’s comments on tor vs the Freedom Network are interesting: Interestingly, the usability issues are _exactly_ the same as they were ~5 years ago! It’s sometimes s-l-o-w! While I agree with this, […]
David Cowan tells a sad story about his experience with unauthorized data collection and use in “Freshman Week.” Speaking of unauthorized data collection and use, Jonathan Krim reports that “License-Screening Measure Could Benefit Data Brokers:” Jason King, spokesman for the American Association of Motor Vehicle Administrators, said commercial data brokers are notorious for refusing to […]
In “Behind-the-Scenes Battle on Tracking Data Mining,” the New York Times reports that the Department of Justice really does care about privacy, and really doesn’t want those nosy Congressional committees poking about how the government operates. So, why should they care? Are they hiding something? Of course, this being a New York Times article, there’s […]
Michael Geist continues to take the Privacy Commissioner’s office to task for protecting the privacy of infringers: Moreover, the Commissioner canvassed other banks and found that at least two others did allow their customers to opt-out of such marketing. Now if only the Commissioner would reveal which banks respected their customers’ privacy and which decided […]
Kim Zetter reports in Wired, Bill Strives to Protect Privacy : Another bill introduced in the Senate judiciary committee about two weeks ago addresses some of the same issues in a comprehensive way, and several other bills address individual issues, such as notification to consumers. The commerce bill, however, is likely to go the distance […]
Larry Ponemon has a good article in Computerworld, “After a privacy breach, how should you break the news?:” We learned that about one-third of subjects believed that the notification was truthful. Another 41% believed that the notice they received failed to communicate all the facts. The remaining 26% were unsure about the integrity or honesty […]
Allan Friedman asks for comments on Lauren Weinstein’s post to Interesting People: (Lauren W) Ironically, it’s true that the probability of lost backup tapes being used opportunistically for ID theft is probably fairly low, at least in comparison to all the “ID theft supermarkets” that are out there — crooked commercial and government employees willing […]
Bruce Schneier mysteriously titles a post “Russia’a Black-Market Data Trade.” But its not clear to me that this is black-market at all. Does Russia have a data protection law? Quoting from The Globe and Mail: At the Gorbushka kiosk, sales are so brisk that the vendor excuses himself to help other customers while the foreigner […]
There have been a slew of stories lately about fingerprint readers being tied into payment mechanisms. I don’t particularly like the idea, but if you do, feel free. At least until your lack of care about privacy starts displaying externalities. Many of these vendors are making claims like it is not possible to recreate the […]
Usually, government ministers wait until a new program has been rolled out before they start reneging on their promised of how it will work. But in the brave new world of UK ID cards, they’re being honest. As the Independent reports in “Ministers plan to sell your ID card details to raise cash“: Personal details […]
In “Adoptees File Human Rights Complaint Against Canadian Privacy Commissioner,” Privacy.org reports on a dispute between the parents and children, mediated by the state: A group of Ontario adoptees has filed a human rights complaint against Privacy Commissioner Ann Cavoukian after she lobbied the province to amend its proposed adoption disclosure law with a clause […]
CSO has a “Do it Yourself Disclosure.” Hey, you skimped on security, you might as well skimp on the PR. Wired News comes out in favor of a data protection and privacy law for the US in “Conress Must Deal with ID Theft.” The Financial Times has an article on [UK] “Regulator urges tougher laws […]
In U.S. Medical Privacy Law Gutted, Bruce Schneier analyzes the new rules on who gets prosecuted for violating your medical privacy. Answer: fewer people than you’d think or hope: I’ve been to my share of HIPAA security conferences. To the extent that big health is following the HIPAA law — and to a large extent, […]
At MSNBC, Bob Sullivan reports “Got a nanny? You need a shredder:” Even if you ordered a background check on your kid’s coach, or nanny, or — as is the latest trend in online dating — on a prospective blind date, the law applies to you. Transgressions — such as tossing paperwork containing personal information […]
VikingZen posts her Two Cents about Revenge of The Sith, and closes with: My big question: Why didn’t Padme just release a can of whoop-ass on her husband? I mean, they’re secretly married, the guy’s off in some outer galaxy playing space cowboy while she’s lugging around a pregnant belly full of twins? How about […]
For more than 30 years, W. Mark Felt, and three co-conspirators have protected his privacy after one of the most spectacular whistleblowing act in history. He’s admitted to being Deep Throat in this Vanity Fair article. The Washington Post has coverage in “FBI’s No. 2 Was ‘Deep Throat’“, and “Conflicted and Mum For Decades.” I’ve […]
Jon Mills, who has been heading up Florida’s Committee on Privacy and Court Records. He has an article in the HeraldTribune: How do we balance the competing values of privacy and openness? The Internet makes possible greater openness, so indispensable to good government, and allows for greater convenience in accessing government services, including court records. […]
Justin Mason has a good post on the new backscatter radiation xray machines that TSA would like to deploy. My favorite part: They create child pornography. Interestingly, these are one of the relatively few places that a privacy invasion makes us safer. Also interesting is that different people perceive either the hand-pat or the naked […]
(Updated shortly after posting with Eric Rescorla’s evidence presentation.) Nick Owen has a post about Net Present Value and Annual Average Loss Expectancy. If you think security is all about vulns and 0day, you probably don’t need to read this post, and your boss is going to keep rejecting your spending proposals. Carrie Kirby argues […]
Last month, I asked “What Do You Need To Do To Get Fined?” in reference to CIBC’s improper disclosure issues. Now the Ottawa Citizen is reporting that “Bank springs another privacy leak:” Fresh off fax blunders that earned it a rebuke from the federal privacy commissioner, the Canadian Imperial Bank of Commerce admitted yesterday that […]
TechDirt points to a Cnet story by Declan McCullagh, “Kiss your old SSN goodbye:” Rep. Joe Barton, another Texas Republican who happens to chair the House Energy and Commerce Committee, said last week that he plans to “outlaw the use of Social Security numbers for any purposes other than government purposes.” … “The time has […]
In discussing private blogging at Blognashville, the idea of identifying bloggers by their writing style kept coming up. The example that was used (at least) twice was the “computerized” identification of the anonymous author of Primary Colors. The trouble is, the identification wasn’t done by computer. It was done by Vassar English Professor Don Foster. […]
The computer industry is good at coming up with Orwellian names for things. The software that call center operators and others use is called a “Customer Relationship Management” system (or ‘CRM.’) The goal of such systems is to help you decide which of your customers are profitable, and give them better service. Cynics might add: […]
I think the roundtable went well. Mark Glasser started us off with a review of the state of the world, with China having 67 bloggers in jail, Bahrain requiring bloggers to register, Cuba having a black market in email accounts with one costing $240, out of an average annual income of $1700. We talked a […]
Mike Solomon, of PithHelmet fame, comments on RSS spam, and promises to do something about it. (Incidentally, I’ve been wondering about NetNewswire’s cookie behavior when you load pages, but some rummaging in it’s files didn’t seem to turn up cookies, and I needed to go blog earn money.) Alan Chapell (whose blog is looking much […]
Gunnar Peterson offers up a label for software that he stole from Jeff Williams. I had a good, if short, back and forth with Geoff, of Screen Discussion, in his comments, on using photographs to enhance criminal background checks, by including photos with the records of criminals, so the viewer of a report can compare. […]
Building new technologies involves making tradeoffs. A programmer can only develop so many features in a day. These tradeoffs are particularly hard in building privacy enhancing technologies. As we work to make them more secure, we often want to show the user more information to help them make better decisions. This impacts usability. The security […]
Stupid Security covers an AP story: Security at U.S. airports is no better under federal control than it was before the Sept. 11 attacks, a key House member says two government reports will conclude. None of us here [at Stupidsecurity] are surprised. The real fun begins with the second paragraph: “A lot of people will […]
It turned out someone I had dinner with last night had gotten an Ameritrade letter. According to her, Amertrade is not offering credit monitoring service.* “Lotus, Surviving A Dark Time,” has some good analysis: Well, duh with a PR stamp. How could they have heard of any such “misuse?” If customers had any bad experiences, […]
As I covered in “Canadian Privacy Law and CIBC,” CIBC spent years faxing information to, amongst others, a West Virginia scrap yard. Today, the Privacy Commissioner released her report, and asks that they please, pretty please do better next time. See the press release, if you really want to. Via Dave Akin.
Capturing the Unicorn is an article at the New Yorker about the hubris of technologists trying to capture art. (The technologists win, but the archivist in me asks: CDs?) 13 things that do not make sense is a New Scientist article about, well, 13 things that don’t make sense. Some foolish people might look at […]
Newsday reports on Orange County, Florida Sheriff Kevin Beary abusing law enforcement access to records. He sent a letter to Alice Gawronski’s home, objecting to her letter to a local neswpaper. He claims it was “legitimate use of public records.” Dan Farmer’s new company, Elemental Security, has launched. Speaking of launched, Steve Hofmeyer, of Sana […]
Recently, I griped about AOL’s privacy policy. Today, PGP Corp announced their second public beta of PGP 9, which includes support for encrypting AIM sessions. Its not clear if this will be in the personal edition. I sure hope so.
The program has been posted for The Fifth Privacy Enhancing Technologies Workshop, which will be held in Drubrovnic , Croatia, 30 May – 1 June. (Corrected spelling.) There’s an affiliated executive briefing, 2-3 June.
Both Blog*on*Nymity and Kip Esquire are covering a massive student database, that seems to be there to ensure that, well, you know, look! A terrorist! More compulsory privacy invasions for little apparent benefit to anyone, except the newly fully employed bureaucrats. And you thought Berkeley losing a laptop was bad?
“DMV hopes to reassure clients about security.” The DMV on Wednesday will send out letters describing the incident and new driver’s licenses with different numbers to the 8,738 people whose personal information was stored on the stolen computer, said Kevin Malone, spokesman for the DMV. “Audit: State voter system left information vulnerable:” The state elections […]
Asteroid analyzes Sisyphean volunteers and the modern condition in a brilliant essay. It just goes to show, the Greeks really did invent everything. Robert Poole and Jim Harper debate the TSA in “Transportation Security Aggravation” at Reason. Tyler Hamilton looks at two schemes to cut your auto insurance premiums by monitoring your driving, and their […]
Jason Young has a great, thoughtful post at Blog*on*nymity: Like other nations, Canada has moved to adopt criminal sanctions for electronic voyeurism, a social problem that has become acute with the availability of cheap and inobtrusive surveillance technologies. The legislative efforts are welcome and yet I cannot help but wonder if we are missing the […]
As I mentioned previously, Daniel Solove and Chris Hoofnagle have written a paper on “A Model Privacy Regime.” This post makes a lot more sense if you’ve read their paper. I’ve read through it, and think that it’s pretty good. My responses to specific sections are below. First I’d like to comment on the free […]
Bad advice on use of social security numbers abounds, often in technical documentation. Credit goes to reader Jonathan Conway for digging many these out. There are a few very common errors which we can find, thank to Jonathan’s research: Social security numbers are un-changing. No, they are not. Victims of identity theft, domestic abuse, or […]
For a very long time, colleges have been using social security numbers as identifiers for their prospects, students, and alumni. This is starting to change, driven by liability and brand concerns. No school wants to transform your (hopefully) fond memories of your time there into a firestorm over privacy. From ZDNet: Dunn said [Boston] college […]
Justin Mason has a post on Open APIs, Open Source, And Giving Away The Crown Jewels. I talked about very similar issues in Emergent Uses of Technology a few days ago. Jim Henley has a great essay on “The Citizen or the Police” Nobody worth performing the Heimlich Maneuver on is going to tell the […]
In working on the Choicepoint roundup for tomorrow, I found Axinar pointing to this story about the Las Vegas DMV heist. Apparently, all that encryption? Err. Never mind. But Lewis said Friday that Digimarc Corp., the Beaverton, Ore.,-based company that provides digital driver’s licenses in Nevada, told her Thursday the information was not encrypted, and […]
Although you or the owner of the Content retain ownership of all right, title and interest in Content that you post to any AIM Product, AOL owns all right, title and interest in any compilation, collective work or other derivative work created by AOL using or incorporating this Content. In addition, by posting Content on […]
Dennis Bailey at The Open Society Paradox objects to my characterization of Hank Asher, and says: Rather than debate the merits of the program, they have to make this a personal attack on the man. Well, let’s talk about the programs. DBT, the first company Asher founded, was deeply involved in disenfranchising Florida voters. MATRIX […]
Latanya Sweeney has announced a new tool, Identity Angel, to crawl the web and discover if there’s enough information to steal an identity. Stefan Brands has made the first four chapters of a book on Electronic Money available. This will be a great reference for people wanting to think about privacy and payments. I’d like […]
With recent events (Choicepoint, Bank Of America, PayMaxx, and Lexis Nexis) leading to a new privacy law for the United States, what should it say? How can we tell a good law from a bad one? Some disclaimers: I’m not entirely in favor of a new law. There’s a lot of potential for harm when […]
There’s some great blogging at the Identity Trail conference. I wish I’d been there. Read the official blog for Friday, Saturday AM, Saturday PM, or Michael Froomkin‘s post.
One of the neat things about talking to different sorts of conferences is that you find neat stuff that you don’t otherwise see. At the Southeast Cybercrime Summit, I was supposed to talk about “Reducing Crime In Cyberspace, a Privacy Industry View.” (The talk I used to give for Zero-Knowledge.) Due to a small error […]
Pete Lindstrom suggests: My proposal: List SSNs publicly. The Social Security Agency can notify all of its intent to publish all SSNs at some point in the future – enough time for organizations to absorb and react to this news. The net result is to eliminate the notion that perhaps SSNs are “secure enough” for […]
I wasn’t going to blog on BofA‘s little kerfuffle. But then Ian went and blogged about it, and I think he gets it partially right and partially very wrong. His actual conclusion is spot on: In order to share the information, and raise the knowledge of what’s important and what’s not, we may have to […]
Blog*on*Nymity looks really good. Thanks to Stefan Brands for the pointer. Reason has an article on firearms and civil rights.
David Akin says CIBC is getting sued for faxing information around. Prior posts are “Privacy Lessons from CIBC and Canadian privacy law & CIBC. 19 days after the vulnerability was announced, Mozilla releases Firefox 1.01.
This Concealled I conference in Ottawa March 4-5 looks really good. Bob Dylan joins the cypherpunks in skipping Woodstock for his trig homework: “I wouldn’t even think about playing music if I was born in these times… I’d probably turn to something like mathematics.” (NME, via Scrivner.) Who did this: Privacy Enhancing Technologies, May 30-June […]
I remember when I was in college, discussing what we’d do if we discovered we had a terminal disease. Being college students, there were lots of ways to maximize short-term fun before the disease ate you. The game theory folks talk about “the long shadow of the future,” the idea that cooperation can be rewarded […]
Third, this may be all moot if the government takes the easy step of giving citizens a passport cover made of aluminum foil. According to one article “Even Schneier agrees that a properly shielded passport cover should solve the problem. He wonders why this wasn’t included in the original plans for the new passports.” writes […]
At RSA, I didn’t get a demo, but did talk to John Brainard of RSA about i-Mature, a fascinating biometrics company. There’s been some discussion on Interesting People. Vin McClellan discusses the tech, Seth Finkelstein maps their web site, reporter Andy Sullivan plays with one, Lauren Weinstein on probable attacks, Herb Lin on the limits […]
Ryan Singel has a good post on chipped passports: Bailey is right that the new passport will be harder to forge with the inclusion of RFID chips, especially since the chip would be digitally signed to prevent changes to the data in the chip. That’s a solid security measure. But, the chips create a new […]
The “Real ID” act is likely to get written into law, in two ways. First, it will pass the Senate, and be signed into law. Second, it will be one of the best examples of the law of unintended consequences in a long time. The bill would force states* to fingerprint people, and do various […]
This was first created in December 2004’s Intelligence bill, loosely called the Patriot II act because it snuck in provisions like this without the Representatives knowing it. The deal is basically a no-option offer to the states: either you issue all your state citizens with nationally approved cards, or all federal employees are instructed to […]
Wachovia said that, overall, 86 statements or tax forms were mistakenly sent to Pirozzi, including information on 73 individuals. Pirozzi said the number of pieces of mail was significantly higher, closer to 140. … Pirozzi tried desperately to get the problem fixed once the first batch arrived last spring, but he says that no one […]
Stefan Brands has a new blog. Stefan is not only one of the top two or three folks in the world in privacy enhancing cryptography, but he writes eloquently about the social reasons privacy is important. We worked together at ZKS, and I’m very sad we didn’t get further selling his technology. I look forward […]
JihadWatch is upset because (9/11 hijacker) Nawaf Alhazmi got a CA drivers license with a fake SSN. But so did 184,000 other people, most of whom have not turned terrorists. Perhaps we should focus on things other than SSN fraud in tracking down terrorists?
Ian Grigg and I have a letter to ICANN about Verisign. See his post. Eric Rescorla has a Kafka-esque excerpt from the “trial” of Mustafa Ait Idr, who wasn’t allowed to see the evidence against him. Mort points me to US Senate Bill 166116, introduced by Diane Feinstein, making it a crime to sell social […]
Put bluntly, the law of obscenity, no matter how longstanding, has never satisfied constitutional requirements, and it never will. Finally, a judge has been brave enough to say as much. This opinion is notable for that reason – and for Judge Lancaster’s novel approach. His opinion attacks the obscenity laws on privacy grounds – and […]
Bruce Schneier talks about the Secure Flight being an improvement over the current watchlist system, but can’t give us details. The new system will rely on more information in the reservation. But if we don’t have that more information on the person on the watchlist, what will happen? Eg, if there’s no known birthday for […]
Chapell points out a very interesting correction at the top of this Seattle Times story: A previous version of this story on Tukwila firefighter Lt. Philip Lyons being charged with first-degree attempted arson incorrectly stated that police reports indicated he had used his Safeway Club Card to purchase 16 fire-starters between June and August. Lyons […]
Longtime security and privacy researcher Richard M. Smith tells Farber’s IP list about Philip Scott Lyons, a Tukwila, Washington firefighter. Lyons was accused of arson because he’d bought the same type of fire starters at Safeway. Or, that’s what Safeway’s “Club Card” records show. How or why they were obtained isn’t clear. The charge was […]
SecurityFocus has a new article on blind buffer overflows. I’m glad these techniques are being discussed in the open, rather than in secret. Julian Sanchez has the perfect comment on Congressman Dreier’s new national ID plan, at Hit & Run. And finally, don’t visit this Looney Tunes site if you’re busy. (Via Steven Horowitz at […]
CIO Magazine has an article “Riding The California Privacy Wave,” reviewing California’s new and pending privacy laws. There’s bits I wasn’t aware of, such as SB 186 168, preventing “businesses from using California residents’ Social Security numbers as unique identifiers.” There’s a slew of new laws in California, a great many of which affect IT […]
I first met David Akin when he was covering Zero-Knowledge Systems, where I worked. David was always insightful, and even when he thought he saw us blowing smoke, he was pleasant about it. So I’m both disappointed and excited to see that he “will join CTV’s Ottawa bureau as a Parliamentary Reporter.” I sincerely hope […]
A friend wrote to T-Mobile and asked if his data was compromised in the T-Mobile break-in. A service droid sent him a press release. My comments are pointed to by the brackets. Customer, Please see the press release below regarding the hacker investigation with T-Mobile’s customer information. If your information was compromised you would have […]
In a comment yesterday, Chris Walsh said: In any case, this should not be a difficult nut to crack, in principle. The US government conducts surveys of businesses all the time, and is capable of obtaining quality samples and high response rates in which academics justly have confidence. In theory, I agree with Chris. In […]
Chapell nails the “why you might have nothing to hide, but hide anyway” angle: Even more troubling is the possibility that the person who’s DNA was inside this woman may very well have had nothing to do with the crime. But rest assured, that won’t matter to the hundreds of police, FBI, press, and other […]
The LA Times has a story on Jacobsen, the hacker, and the AP has a story with more technical details. The Infosec Potpourri blog has some analysis of the AP story.
Scrivner points out a basic lack of agreement amongst the pundits: Damn that Bush, cleverly whipping up this fantasy of a threat to scare people into voting for him. … Damn that Bush, ineptly bungling America’s defense against the most dangerous threat Ian has a post about Ron Paul trying to ban the government issuance […]
In responding to my comments about Truro’s DNA dragnet, with a fascinating discussion of signaling, Eric Rescorla writes: Even if they’re not the perp, they may have other reasons not to have their DNA collected–for instance they’ve committed another crime that their DNA might match to. (The police say they’re only going to use the […]
“In a very deep sense, you don’t have a self unless you have a secret, and we all have moments throughout our lives when we feel we’re losing ourselves in our social group, or work or marriage, and it feels good to grab for a secret, or some subterfuge, to reassert our identity as somebody […]
The city of Truro, Massachusetts is trying to collect DNA from all 790 residents to solve a crime, reports the New York Times. Its not clear why they believe that residents are more likely to be the criminal than non-residents, and it is clear that they don’t get the 4th amendment, against dragnet searches, or […]
Scrivner points out that the airlines, masters of price discrimination are giving up: In response they’ve become perhaps the world’s most expert practitioners* of price discrimination, mastering the art of charging the business traveler $1,000 more than the tourist in the next seat in exchange for a short-notice booking with few restrictions. But even that […]
Yesterday, I commented that Ryan Singel, in his review of Robert O’Harrow’s* new book, had an Amazon tracking URL. I was mostly noting the irony of aiding tracking in a post titled “Pay Cash for This Book,” but Ryan comments: “it got me to thinking that this site has no privacy policy.” Not to pick […]
Ryan Singel reviews Robert O’Harrow’s new book, No Place To Hide. O’Harrow covered the CAPPS-II and other privacy stories for the Washington Post. In the spirit of the story, I’ve left the little tracking bits from Ryan’s Amazon URL. If you’d like a less tracked version, click here, or type the title into Amazon. There’s […]
Eric Rescorla has two good posts on screening at Educated Guesswork. I’d still like to expand the range of questions, and ask, is intense personal screening effective or needed? Can we use air marshals, different aircraft designs, and armed pilots so that we don’t need to compare rub-downs to millimeter-wave xrays?
In writing about Delta Blood Bank earlier today, one of the issues I was thinking about was the unnecessary use of social security numbers, and how it’s an industry standard. One area where this is particularly evident is in the bifurcated market for cell phones. At one end are providers like Virgin and MetroPCS, who […]
Delta Blood Bank sent a letter Friday to donors, warning them a computer that held their personal information had been stolen and advising them to take steps against identity theft and credit card fraud. … In addition to the letter…The blood bank will no longer require Social Security numbers from its donors… No longer require […]
Europhobia nails the link between privacy and economics in the UK imposes national ID cards stupidity: But usually what gets them is “what? I’ll have to pay eighty-five quid for this thing?” No, Europhobia, they’ll have to pay 85 quid for the card, and another 10 quid in taxes for the backend database. (Figuring 60% […]
A friend writes and asks: I’m working in NYC now, as the Web Admin for Safe Horizon. We’re the largest service agency in the US for victims of violence, crime or abuse. We’re interested in putting in some features into our site, but we have to protect our visitor’s privacy, since they might be visiting […]
Nikita Borisov and Ian Goldberg have released Off-the-Record Messaging, an IM plugin for private communication providing not only the usual encryption and authentication, but also deniability and perfect forward secrecy. Deniability avoids digital signatures on messages (while preserving authenticity and integrity), so there is no hard-to-deny proof you wrote anything in particular; in fact, there […]
CIBC is a Canadian bank, who has recently been sued by a West Virginia scrapyard operator for faxing their customer’s private data to him. I’ve blogged about them here and here. (It turns out that other banks are doing the same thing, as David Akin blogs.) SB 1386 is a California law that requires companies […]
Writing to Farber’s Interesting People list, Lauren Weinstein writes: Their new system is obscuring *all* e-mail addresses in *all* netnews messages in the archive (including the vast numbers of messages that do not originate within the Google environment and/or that predate the existence of Google Groups). This includes not only the addresses of individual netnews […]
The disaster over at CIBC is telling, and bears a little exploration. The real victims, whose details were faxed to never saw the violation of their privacy. It was CIBC tossing data around incompetently, all the while publicly proclaiming their commitment to privacy. Wade Peer, a scrapyard operator in West Virginia brought the three years […]
Businesses can avoid potential public relations and legal nightmares by developing privacy policies, authentication processes and using cutting-edge technology. The Canadian Imperial Bank of Commerce learned this the hard way last week when U.S. scrapyard operator Wade Peer went public with his story about how one of Canada’s largest banks was flooding his fax machine […]
The CBC reports on documents that the US tried to bury by releasing the day after Thanksgiving, admitting that “…Canada, Germany, the Netherlands and Britain share the suspicion that the international standard set for the electronic passports inadequately protects privacy and security.” These chips can be read from 30 feet away, today. That’s the opinion […]
Ed Felten has an insightful analysis of Identification Codes on Printer Output over at Freedom To Tinker.
These women and a good many others, both frequent and occasional travelers, say they are furious about recent changes in airport security that have increased both the number and the intensity of pat-downs at the nation’s 450 commercial airports. And they are not keeping quiet. … Most of the women interviewed said they did not […]
Ryan Singel catches an AP article on RFID passports: On the latest passports, the agency has “taken a ‘keep it simple’ approach, which, unfortunately, really disregards a basic privacy approach and leaves out the basic security methods we would have expected to have been incorporated for the security of the documents,” said Neville Pattinson, an […]
A long story in the New York Times ends: Still, as Wal-Mart recently discovered, there can be such a thing as too much information. Six women brought a sex-discrimination lawsuit against the company in 2001 that was broadened this year to a class of about 1.6 million current and former female employees. Lawyers for the […]
The chief warned Anthony Johnson to point his video camera elsewhere, then wrestled the camera away and put Johnson in jail for recording communication without permission, court records say. … A 9th Circuit U.S. Court of Appeals panel last week reinstated Johnson’s suit, which had been thrown out by a federal magistrate in Tacoma, and […]
Not too long ago, I gave a talk on privacy technology to the Atlanta chapter of the High Tech Crime Investigators Association. It was a talk that several of us at Zero-Knowledge had learned to give. The basic method for talking to police about privacy is to start from the need to reduce and prevent […]
Canada Post has apparently told the world that they’ll only deliver mail with a return address. This is clearly silly, phone books are full of valid return addresses for your city. Over at StupidSecurity, nrh asks: Part of the reason I delayed was that I was trying to find out if this was even legal. […]
The Symposium on Usable Privacy and Security (SOUPS) will be held July 6-8, 2004 at Carnegie Mellon University in Pittsburgh, PA. This symposium will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature refereed papers, tutorials, a poster session, panels and invited talks, and […]
Last week, I commented on Michael Geist’s column. In part 2, he took an excellent direction. He suggests not only economics, but a legal structure that forbids Canadian companies’ compliance with US orders. Read it.
This month the B.C. government passed a law to prevent the U.S. from examining information on British Columbians that is in possession of private U.S. companies. The CBC reports on information about Canadians being sent to the US for processing, and the attendant legal risks. In Canada, they have strong-sounding data-protection laws that they don’t […]
A computer hacker accessed names and Social Security numbers of about 1.4 million Californians after breaking into a University of California, Berkeley, computer system in perhaps the worst attack of its kind ever suffered by the school, officials said Tuesday. (This is all over the web, I found a version at News.com.com.) A few questions […]
Michael Froomkin points to Wired’s article Inventor Rejoices as TVs Go Dark, is enough to make me want a TV-B-Gone. It fits on your keychain, “looks like an automobile remote, has just one button. When activated, it spends over a minute flashing out 209 different codes to turn off televisions, the most popular brands first.” […]
Michael Geist’s recent … Toronto Star Law Bytes column focuses on a recent Canadian privacy finding involving an inadvertent email disclosure. The column contrasts the finding with a similar incident in the United States and argues that for Canadian privacy law to garner the respect it needs to achieve widespread compliance, the Privacy Commissioner’s office […]
There’s a critique of Google’s new Desktop Search that it…wait for it…searches your computer! No, really, it does. And so it finds things that are … on your computer! Some of these things, like your email, your spouse’s email, your IM logs, are things that Microsoft hides intra-user are exposed. This is probably a bad […]
Ed Hasbrouck, who in a more perfect world would be paid to be the TSA’s chief privacy officer, writes RFID passport data won’t be encrypted: So an identity thief, using only the data secretly and remotely obtainable from your passport, will be able — without ever having actually seen you or your passport — to […]
Ryan Singel has a couple of good posts up: Why Privacy Laws and Advocates Matter and Trusty Logo Not Worth The Pixels It Is Printed On. The later explains in detail what economics predicts: Trusty won’t shaft its paying customers to make them actually enforce privacy policies, when people who rely on the trusty seal […]
Jean Camp and Stephen Lewis have done a great job of bringing together papers on Economics of Information Security in a new volume from Kluwer Academic press. (It’s even better because it has my first book chapter, which is What Price Privacy, joint work with Paul Syverson. We’ll put it online as soon as the […]
So Verisign has teamed up with I-safe to issue “USB tokens” to children. The ZDnet story states that it “will allow children to encrypt e-mail, to access kid-safe sites and to purchase items that require a digital signature, said George Schu [A Verisign VP].” To me that sounds a lot like an X.509 certificate, which […]
Ian Grigg has some very interesting comments on Verisign’s certificate business and what it means for privacy, over at Financial Cryptography
So it seems that two members of Congress have now been added to “watch lists.” “[Representative John] Lewis contacted the Department of Transportation, the Department of Homeland Security and executives at various airlines in a so-far fruitless effort to get his name off the list, said spokeswoman Brenda Jones.” It seems that this sort of […]