Privacy on The Truth Imperative

Security and Privacy "Certifications" often mean the opposite

Fri, 06 Oct 2006 06:56:00 -0700

An excellent paper summarizing many of the problems with certifiers such as TRUSTe as well as showing that sites that get these certifications to prove their trustworthiness are actually more likely to NOT be trustworthy!

I know companies who are simply concerned about wanting customers to _think_ that their site was secure that they worked on getting a certification instead of investing in actually _making_ their site secure. No corrective action was taken to align technology or processes to the spirit or letter of the “certification”. The same crummy procedures and mindsets that existed before the certification were there after the certification.

Opposition To Nominated Us Chief Privacy Officer

Thu, 10 Aug 2006 21:07:00 -0700

I’m so tired of seeing privacy officers and council members who are lawyers first. They may understand the law, but they often don’t understand privacy. And lawyers tend to not consider risks outside of the legal/liability context. I’ve experienced privacy lawyers say that it was okay to not encrypt data anywhere internally because we only said “via our website” in our privacy policy. That may be true in a strict legal sense, but from an overall customer privacy and privacy threat model perspective, it doesn’t adequately ensure either adequate protection for customer privacy (the intent of the policy and assurances to customers) nor does it ensure an adequate privacy environment or mindset in a company (which itself often leads to more lax treatment of sensitive information and therefore breaches).

Bypass Compulsory Registration

Sat, 29 Jul 2006 13:32:00 -0700

Bugmenot.com - login with these free web passwords to bypass compulsory registration

What a great idea.

Cartoon The Revised Revised Story About Nsa Wiretapping

Sun, 09 Jul 2006 07:42:00 -0700

WorkingForChange-This Modern World: The revised revised story

Nsa'S Math Problem

Sun, 09 Jul 2006 07:36:00 -0700

https://www.liveammo.com Security News Blog

legal or not, this sort of spying program probably isn’t worth infringing our civil liberties for — because it’s very unlikely that the type of information one can glean from it will help us win the war on terrorism.

Interesting mathematical analysis of how effective the NSA domestic call-tracking spy program could possibly be.

At Amp T Usurps Customer Records

Sun, 09 Jul 2006 03:28:00 -0700

Time to switch your phone company. AT&T rewrote its privacy policy to basically say that your data is theirs and they will do what they please. Some legal manoevering to allow them to continue to sell those records to the NSA to spy on you. All Cingular customers should now be wary since AT&T will own them once the acquisition is complete.

But I guess, what do you expect when we live in a country that doesn’t explicitly grant privacy protections like the EU and where privacy is routinely tromped on by companies and the government for their own ends? And when the US public has been trained that this is okay?

The Tyranny of the Executive

Tue, 27 Jun 2006 14:19:00 -0700

Atheist Ethicist

My concern is that the Bush Administration may be spying only on suspected terrorists the way that it invades only countries supporting those who attacked the United States on 9/11. My concern is with the possibility that Bush Administration officials might have an agenda, with an ulterior motive, that would involve invading a country so they rationalize a way of thinking about this country that makes it seem to them to be worthy of attack.

Nsa Surveillance Only The Tip Of The Iceberg

Sun, 25 Jun 2006 10:18:00 -0700

A gaggle of links about the illegal NSA domestic spying program. More apropos in light of even more spying by the Bush Administration – this time on international wire transfers

Think Progress: NSA Whistleblower To Expose More Unlawful Activity: ‘People…Are Going To Be Shocked’

Media Matters - Myths and falsehoods on the NSA domestic call-tracking program

Zphone: Encrypt your VOIP

Sun, 19 Mar 2006 12:40:00 -0800

Boing Boing: Encrypted VOIP from PGP creator Zimmermann: Zfone

Encrypted VOIP from PGP creator Zimmermann: Zfone

Good reason to switch to VOIP instead of traditional phones to protect yourself from Big Brother Bush.

Richard Stallman Quot Foils Quot Rfid Quot Security Quot-

Wed, 30 Nov 2005 13:51:00 -0800

quot-

GNU project founder foils UN security

Glad my passport does not expire for many years to come. Perhaps by then passports won’t have RFID tags in them any longer. But if they do, I guess this is an easy way to keep myself from being a target for a shoulder-fired missile overseas.

FOUNDER of the GNU project, Richard Stallman, got in trouble at the UN World Summit on the information society in Tunis for putting tin foil around his RF ID.

Lawyers Gone Wild

Wed, 23 Nov 2005 11:44:00 -0800

When Legal Strikes—Chaos Theory Meets DRM

Sadly, as management gets more cautious about legal repercussions, lawyers get a voice in decisions in which they not only have no expertise (such as IT), but in customer-facing initiatives, as well.

Sony’s aggressive spyware approach to DRM smells to high hell of the kind of good-intentions-turned-cognitive-dirty-bomb so many Legal-inspired projects descend into.

This is an interesting opinion that I think is only potentially applicable to situations where the lawyer in question is representing the company’s explicit interest. I haven’t seen this happen in general though–particularly where the corporate lawyers are addressing issues that are _not_ in regards to the company interest (e.g. privacy law).

Eff Breaks Secret Tracking Quot Dot Code Quot-

Sun, 30 Oct 2005 14:33:00 -0800

EFF: DocuColor Tracking Dot Decoding Guide

This is a breakthrough. It has been rumoured for years that printers and copy machines include secret codes on documents to track them back to the source machine but the EFF now has real evidence and even tools that you can use to perhaps decode your printer’s secret tracking information.

This guide is part of the Machine Identification Code Technology project. It explains how to read the date, time, and printer serial number from forensic tracking codes in a Xerox DocuColor color laser printout. This information is the result of research by Robert Lee, Seth Schoen, Patrick Murphy, Joel Alwen, and Andrew “bunnie” Huang. We acknowledge the assistance of EFF supporters who have contributed sample printouts to give us material to study. We are still looking for help in this research; we are asking the public to submit test sheets or join the printers mailing list to participate in our reverse engineering efforts.

Restrictions Placed On Fbi Cellular Tracking

Sun, 30 Oct 2005 01:18:00 -0800

FBI Dealt Setback on Cellular Surveillance

Finally some restraint on use of the PATRIOT act powers. Especially in light of recent FOIA documents that EPIC found that show abuses by law enforcement.

The FBI may not track the locations of cell phone users without showing evidence that a crime occurred or is in progress, two federal judges ruled, saying that to do so would violate long-established privacy protections.

Anecdotal Study Of Data Aggregator Quality

Fri, 20 May 2005 07:41:00 -0700

PrivacyActivism.org - Data Aggregators: A Study of Data Quality and Responsiveness

Results of a study conducted by PrivacyActivism show that data aggregators have significant problems with accuracy and responsiveness, potentially serious issues for an industry already under fire for massive security breaches.

100% of the eleven participants in the study discovered errors in background check reports provided by ChoicePoint. The majority of participants found errors in even the most basic biographical information: name, social security number, address and phone number (in 67% of Acxiom reports, 73% of ChoicePoint reports). Moreover, over 40% of participants did not receive their reports from Acxiom – and the ones who did had to wait an average of three months from the time they requested their information until they received it.

A Message To Choicepoint Customers Just How Helpful Is The Data You Are Buying

Mon, 16 May 2005 02:24:00 -0700

The Five Most Shocking Things About the ChoicePoint Debacle - CSO Magazine - May 2005

Maybe it was the fact that this wasn’t a hack. Personal information of nearly 145,000 people wasn’t stolen from ChoicePoint. In fact, the company sold the information to inadequately vetted bogus businesses–this when the company itself helps other businesses verify cred[entials of employees or others using the data in their databank].

Rfid Passport Security Proposal Defeating The Purpose

Mon, 16 May 2005 02:07:00 -0700

Schneier on Security: RFID Passport Security

“The solution would require an RFID reader to provide a key or password before it could read data embedded on an RFID passport’s chip. It would also encrypt data as it’s transmitted from the chip to a reader so that no one could read the data if they intercepted it in transit.”

The devil is in the details, but this is a great idea.

Reverse Surveillance

Thu, 14 Apr 2005 04:52:00 -0700

Wired News: Surveillance Works Both Ways

At this year’s Computers, Freedom and Privacy conference in Seattle, Steve Mann enlisted volunteers to film those who were filming them in local Seattle businesses. They got varied responses. I think this would be really useful in airports to monitor what the TSA does. But, I bet they would not be so happy about that.

“The totalitarian regime is the regime that would like to know everything about everyone but reveal nothing about itself”

Getting To The Root Of Id Theft Problems

Mon, 11 Apr 2005 01:50:00 -0700

There is an article on ID theft causes that has a great summary of the fundamental factors in ID theft from entities entrusted with your private data They can’t steal data you don’t have

We have observed that some of the sensitive data that gets stolen fits into one of several categories:

Data that was never needed

Data that was needed but should never have been stored

Data that was originally needed but was kept far beyond its useful life

Loose Lips When Reporting Privacy Breaches

Fri, 08 Apr 2005 08:34:00 -0700

Computer theft may expose data on 180,000 patients - Computerworld

APRIL 08, 2005 (COMPUTERWORLD) - A San Jose-based medical practice has notified about 180,000 current and former patients about the theft of their personal information contained on two computers stolen from its offices during a burglary March 28.

And recall the other recent privacy breach due to a lost laptop:

Stolen UC Berkeley laptop exposes personal data of nearly 100,000

Anonymity Bibliography

Tue, 03 Jun 2003 01:38:00 -0700

If you are interested in research into the field of anonymity, check this site out.

The “goal is to set up something we can point at for people new to the field [anonymity] (and most of us are still new to the field, it seems), so they know which papers to look at to get up to speed. The ones I particularly recommend have boxes around them.”

Anonymity Bibliography

undefined

Thu, 13 Mar 2003 23:08:00 -0800

07:00

PrivacyChoices

How Mobile Phones And An 18m Bribe Trapped 911 Mastermind

Tue, 11 Mar 2003 05:04:00 -0800

Guardian Unlimited | Special reports | How mobile phones and an �18m bribe trapped 9/11 mastermind

Big Brother Is All Around You

Fri, 07 Mar 2003 08:59:00 -0800

ABCNews is reporting that several police agencies are under fire for domestic spying. Those of you who think that the government can have all the power it thinks it wants without checks and balances should take heed that this certainly breeds abuses. Read this article. See the trend toward more domestic spying. Be afraid.

I hope that Seattle maintains their current ban on this practice.

ABCNEWS.com : Is Police Spying Back in Fashion?

Microsoft Spyware

Wed, 26 Feb 2003 14:38:00 -0800

tecChannel reverse-engineered Windows Update to find that it can spy on other installed applications. It is unclear whether it actually does spy though. Although an article at The Inquirer claims as much.

They are offering a utility that you can run yourself to spy on the spyware. You have to pay 1.99 Euro for the full article and get the software included. A summary can be found for free though at The Inquirer.

Ebay Rolls Clock Back To 1984

Thu, 20 Feb 2003 02:32:00 -0800

-1984

“Big Brother is watching you - and documenting eBay, ever anxious to up profits, bends over backward to provide data to law enforcement officials”

Buyer (and seller) beware…

Ha’aretz - Article

Patriot 2 Encryption An Aggravating Circumstance

Thu, 13 Feb 2003 15:23:00 -0800

Declan McCullagh asks a good question on the cryptography list:

When encryption is omnipresent in everything from wireless networks to hard drives to SSH clients, might the basic effect of such a law [Patriot 2] be to boost potential maximum prison terms by five years?

It is a terrible idea to presume that using encryption is an aggravating circumstance. “Why are you using encryption? You must have something to hide…”