----------------------------------------------------------------------
PRIVACYnotes Digest
Protecting Privacy is Good for Business
----------------------------------------------------------------------
Published by: Mike Banks Valentine
website101 privacy@website101.com
www.website101.com
----------------------------------------------------------------------
May 30, 2002 Issue # 012
----------------------------------------------------------------------
.....IN THIS DIGEST.....
// -- MODERATOR
COMMENT -- //
"Snake Oil
Security?" ~ Mike Valentine
// -- NEW
DISCUSSION -- //
"Gutting
Medical Privacy" ~ Janlori Goldman
// -- NEW
DISCUSSION -- //
"Hacks Happen"
~ Mike Valentine
// -- CONTINUING
DISCUSSION -- //
"Email Appending"
~ Anonymous
// -- PRIVACY
NEWS -- //
"The Latest
in Privacy Issues"
----------------------------------------------------------------------
// -- MODERATOR
COMMENT -- //
Technology
vendors think they can save the world, if only everyone buys their
product. The following is a quote from a Wharton School of Business,
University of Pennsylvania interview with Tom Siebel of Siebel
Systems, a manufacturer of CRM (Customer Relationship Management)
software for big business.
"Tom Siebel
has been attacked for his proposal to use Siebel software to sniff
out terrorist plots. In February, Siebel told a Congressional
committee that a specially tailored Siebel system might have deterred
the Sept. 11 attacks. "Security agencies can use this technology
to maintain a 'logically' centralized ? although physically disparate
? consolidated view of terrorist related information gathered
from multiple sources and channels and make this information immediately
accessible to authorized personnel in the homeland security network,"
Siebel testified."
"Had such
technology been in place prior to September 11, there may have
been a different outcome. President Bush himself asked corporate
America to join the fight against terrorism, Siebel said. "This
is not an opportunistic capital- ization of tragic events. This
is a combined effort between the U.S. government and private enterprise
to avoid a repeat of September 11th." He added that since November
of last year, various government and non-profit agencies have
purchased the Siebel Homeland Security product to anticipate,
track, prevent, and respond to national security threats."
<http://knowledge.wharton.upenn.edu/articles.cfm?catid=4&articleid=563&homepage=yes>
(Free membership
required to read stories, check the privacy policy.)
Siebel Homeland
Security product? Wow! Can I get a copy for my laptop and another
for my PDA? Must be a hot selling item, and it's working like
a charm, too. I wonder why it's not available worldwide, since
it IS so effective? It seems that between Larry Ellison and his
National ID database and Tom Siebel's Homeland Security product
we've got the problem of terrorism licked. But wait, it seems
that the hardware guys want a piece of the snake oil action.
"If we had
advanced (technology) tools in place prior to Sept. 11, it is
almost certain that some of the terrorists would have been detained
and possibly some of the plots would have been foiled," said a
report from the Progressive Policy Institute, a Washington research
center associated with the Clinton-Gore administration.
A story
at NewsFactor.com points out that new tech spy gear is being hawked
to the government at unimaginable rates. That story is linked
in the Privacy News section at the bottom of this issue.
"With some
exaggeration, Transportation Secretary Norman Mineta, whose department
is responsible for airport safety, told the Senate Appropriations
Committee earlier this month: "We've got every salesman - 20,000
of them, I think - approaching us about how they've got some machine
that will take care of everything we do, including not only detecting
explosives but athlete's foot as well."
That snake
oil is pretty slippery guys. Software powering advanced hardware
is impressive, but not magical. Where is the sheriff to chase
off these high tech charlatans? It seems that we've got a movie
script in production in Washington, D.C. The remake of "Music
Man" has 20,000 high tech salesmen pitching their wares to Uncle
Sam -- apparently.
~ Mike Banks
Valentine
Comment?
mailto:privacy@website101.com
// -- NEW
DISCUSSION -- //
From: Janlori
Goldman <info[AT]healthprivacy[DOT]org>
A Need to
Protect Medical Privacy Available at http://www.nytimes.com/2002/05/23/opinion/L23PRIV.html
Far from
taking a reasonable approach to protecting the privacy of people's
medical information, the Bush administration is proposing to gut
the first-ever federal medical privacy rule.
Under pressure
from the health care industry, the administration is proposing
to eliminate the new rule's core consent requirement and authorize
the use of people's medical records for far more than just "health
professionals' communicating among themselves." The administration
is also proposing to open up medical records without patient consent
for marketing, legalizing the growing practice of pharmacies'
being paid by drug companies to contact patients to urge them
to switch to a new or different drug.
None of
these changes will improve patient care or lower barriers to care;
in fact, they will do just the opposite. Consent is central to
fostering trust and confidence in the health care system.
Janlori
Goldman Director, Health Privacy Project Georgetown University
(ÒModifying
Medical Privacy,Ó The New York Times, May 20, 2002, is available
at http://www.nytimes.com/2002/05/20/opinion/20MONDAY4.html.)
Comment?
mailto:privacy@website101.com
// -- NEW
DISCUSSION -- //
===>
TOPIC: Hacks Happen
This month
caught Experian Credit and The California State Employee database
with their digital pants down allowing easy access by crooks to
sensitive personal information for over a quarter million people.
These are only the breaches of digital britches we've been told
about. What of the 90% that go unreported and the even higher
number that go un-noticed? Here's a quote from Steve Maviglio
(in the San Francisco Chronicle), the California governor's spokesman,
meant to calm our fears and ease all concern.
"This happens
to thousands of computers worldwide, it's not isolated to the
state. From all initial reports, it looks like we might have nipped
this in the bud . . . We did all we could to prevent this and
we'll do all we can to prevent any adverse consequence."
<http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2002/05/25/MN179392.DTL>
Hoo Boy
is that a relief! It happens worldwide! We're not alone in being
digitally raped! That makes me feel all warm and fuzzy. What can
be done "to prevent any adverse consequence" is precisely nothing.
A quarter million state employees' social security numbers with
names, addresses and phone numbers to match are now in the hands
of hackers. The only thing to prevent the illegal use of that
information will be the goodwill and honesty of those who stole
them. Be nice you guys, OK?
Security
and privacy are now inextricably linked issues. Without one, there
is not a chance of having the other. Digital personally identifiable
information on virtually everyone is stored in databases which
are essentially repeated over and over again everywhere from the
local car repair shop to the credit reporting agencies. Somewhere,
somehow, the information is accessible to any nerd with a modem
and too much time on his hands. We can't possibly believe that
it's just a few15 year old dorks with black rimmed glasses are
doing the hacks and that they won't know what to do with all that
information. You can bet that it is a network of organized high
tech criminal geeks with rather more than simple mischievous intent
who are raiding those digital vaults.
Comment?
mailto:privacy@website101.com
// -- CONTINUING
DISCUSSION -- //
===>
TOPIC: Email Appending
From: Anonymous
Having my
own domain, I often give out brand new email addresses to companies
I do business with.
CDNow.com
is one that got a new, un-used email address, several years ago
when I bought some CD's from them.
A few months
ago, I started receiving spam to that address. Porno, credit-repair,
and the usual garbage.
I never
gave the address to anyone but them. That's clear evidence that
they sold my address to some spam outfit. Now that the address
has been distributed, there is no way to avoid the spam. Currently
it all gets filtered into the spam inbox, so I don't have to pay
much attention to it. Eventually, I'll probably set up that address
to bounce, just to keep from having to deal with it.
But CDNow
won't see any more of my business. They abused my information
the last time I did business with them, and they've been unwilling
to even reply when I send complaints.
I enjoyed
your article, and it happened to bring this situation to mind.
Moderator
Comment: Anonymous is referring to my article in CRMdaily that
was made up of an expanded version of my comments on email appending
from last issue. You can see that longer article at the following
address.
http://www.crmdaily.com/perl/story/17914.html
Mike
Comment?
mailto:privacy@website101.com
// -- PRIVACY
NEWS -- //
Moderator
note: There are two ways to access previously listed privacy news
stories. One is to visit PRIVACYnotes archives, the other
(simpler) way is to visit http://privacynotes.com/privacy_news.html
where I also keep a privacy news archive.
Privacy
and Security on your PC. Spyware, nosy bosses, unnecessary demographic
information, the government: the efforts to learn what you're
up to are constant. In this first installment, know your adversaries,
their tools--and your rights. Extremetech covers the six layers
of information security.
http://www.extremetech.com/article/0,3396,s=1024&a=27365,00.asp
Technology
companies are enlisting in the war on terrorism, seeking to profit
by making Americans more secure. But some of the new technologies,
including lie detectors that claim to read brain waves and electronic
scanners that see through clothing, raise concerns about possible
invasions of privacy. "In the wake of Sept. 11, a wide array of
corporations, with the active encouragement of the U.S. government,
are developing new and extremely intrusive systems to capture
personal data, biometric data and video information," said Wayne
Madsen, a privacy researcher at the Electronic Privacy Information
Center in Washington. All technology companies seek to share in
the billions of dollars budgeted for homeland security.
http://www.newsfactor.com/perl/story/17942.html
BRUSSELS,
May 27 (Bloomberg News) - The European Commission has begun an
inquiry into Microsoft because of concerns that its .NET Passport
system may violate privacy rules. The European Commission said
last week that it had concerns about the legality of Microsoft's
Passport, which stores identity data on the company's servers
so that Internet users do not have to re-enter it as they move
among programs and Web sites. Microsoft already faces the threat
of a fine by the commission for abusing the dominant position
of the company's Windows operating system, which runs 90 percent
of the world's personal computers.
http://www.nytimes.com/2002/05/28/technology/28SOFT.html
TRUSTe,
the nonprofit organization widely known for its leading privacy
certification and seal program, and ePrivacy Group, a respected
privacy consulting, training and technology company, have joined
forces to launch a groundbreaking email certification and seal
program to bring consumer trust to commercial email. Under the
banner ÒTrusted Sender,Ó this new program includes beta testers
Microsoft, DoubleClick and Topica. Announced in January.
http://www.truste.org/about/TrustedSenderReleaseFINAL.html
Mike Banks Valentine is a champion of the true small online business.
He advocates a do-it-yourself approach to e-commerce through online
learning for the small office, home office (SOHO) or emerging entrepreneur
who lacks major venture capital funding or corporate marketing budgets.