Monday, October 25, 2004

Google Desktop Search - Security Risk


I suppose I was naive when I cheered the new Google Desktop Search tool thinking it was ONLY a great way to help ease my computer info-glut and help organize my hundreds of hard-drive stored documents, emails and files. It seems that now I have to worry about how bad guys and busy-bodies will use it to spy on me!

The Google Desktop Search Tool Poses a Security Risk to users of public or networked computers according to an Information Week article. If you use public computers at work or at libraries, internet cafes, Kinko's or the local Mailboxes Etc. store, now you've got to worry that previous users of that public machine, or worse, the business owner or employees, have installed Google Desktop Search on that machine to purposely spy on users.

It's possible to retrieve secure pages from the Desktop Search memory of machines running the program. While it is possible to turn off that function - bad guys using Google Desktop search specifically to spy on you won't be turning it off, eh? So now I've got to do that every time we use a public computer.

Although I wrote previously of my love for the Google desktop search tool - it appears to have a BIG downside. The slippery slope of good tools being used for illicit purposes could destroy a great piece of software because it is simply too powerful.

The public will be up in arms over Desktop Search and Google may have to withdraw it from public Beta. Though Google seems to have weathered the storm over a similar uproar about the searchability and thus the privacy of their beta G-mail webmail, it could be a bigger storm brewing over Desktop search. We'll watch for comment from privacy advocates on the subject.

At this point it is tempting to simply shrug and say, "I hope Google figures out how to stop illicit use of the Desktop Search Tool," it's not likely. More likely is that it will become one more headache to network administrators at businesses who have to write scripts to stop the installation of Desktop Search and small business owners who must find a way to stop employees from installing it on public computers at internet cafes, just as they must currently watch for key logging software and other spyware on public computers.

We'll all have to be extremely cautious when using public machines at those small businesses and libraries and we'll have to check for the Google Desktop Search icon in the system tray of virtually every computer we use to be certain that our use is not monitored.

Protecting private passwords for online banking sessions while in Kinko's and keeping online job searches out of the view of our bosses will get even tougher for employees using networked machines at work.

I'm STILL in love with Google Desktop Search for my own machine at home but now I fear Google Desktop Search on public machines. The issue doesn't stop with Google because both Microsoft and Yahoo are racing to develop a desktop search of their own. It means they'll all have to either make it possible for ALL users to disable their desktop search tools temporarily or create entirely different machines for public use.

I've long made it a practice to open the browser preferences to clear the web history and dump the cookies from machines I've used at conference press rooms and internet cafes in dozens of cities. That drops my web mail passwords and online banking sessions from the cache, so I don't have to fret over who might be able to retrieve passwords after I'm gone. I do it automatically now every time I use a public machine.

But now I've got to look for Google Desktop Search before I use a public machine and turn it off while I'm using that machine. Grrrrr! You have to take the good with the bad I suppose.

There's a lot to love about Desktop Search but I simply HATE that others can use it to spy on me. I have no doubt that it will be used by both bad guys for identity theft and by nosey snoops, who are simply busy-bodies, to virtually look over my shoulder in secret.

I'm sure Desktop Search will be used by parents to monitor instant messaging chats, emails and internet travels by their kids and possibly by spouses to check up on their sweethearts. I'm not at all concerned that anyone will use my home machine and Google Desktop Search to check up on me. (Although I've been startled at phrases that turn up in the occasional spam from my in-box in Outlook that turns up in Google Desktop Search) I'm more worried that people will use it as a spying tool on public computers.

I've also written before on the privacy risks of Google online searches in an article on how to protect yourself from the Google Reverse Phone Lookup. You can enter any phone number in the search box at Google and see the owner of that phone numbers' name, address and a map to their front door! Google seems to be too powerful for its own good sometimes. Fortunately there is an opt-out method at Google, but the databases they draw upon are a bigger problem.

I'll continue to use Google Desktop Search on my home machine and will continue to love the tool for my web centered work online to search for client emails, documents and previously visited researched web sites. But now I'll be even more wary - on public machines - of bad guys and of Google Desktop Search. Damn those bad guys!

------------------------------------------------------------Mike Banks Valentine practices Search Engine Optimism at: http://SEOptimism.com
As a privacy advocate, his love of search technology sometimes
clashes with his privacy concerns at: http://PrivacyNotes.com/privacy_blog/
This article is available online at: http://realityseo.com/2004/10/google-desktop-search-security-risk.html with working links to web resources.

Save To Del.icio.us    Digg! Digg This!
posted by RealitySEO at 1:48 PM 0 comments

Thursday, October 21, 2004

Privacy Security Conferences and Events


Privacy Security Conferences and Events
===========================

2004 Big Brother Awards Netherlands. October 24, 2004. Amsterdam, Netherlands

2004 Big Brother Awards Austria. October 26, 2004. Vienna, Austria.


IAPP Privacy and Data Security Academy & Expo. International Association of Privacy Professionals. October 27-29, 2004. New Orleans, LA.

Privacy and Security: Seeking the Middle Path. Office of the Information & Privacy Commissioner of Ontario; Centre for Innovation Law and Policy, University of Toronto; and Center for Applied Cryptographic Research, University of Waterloo. Toronto, Ontario, Canada. October 28-29, 2004.

2004 Big Brother Awards Germany. October 29, 2004. Bielefeld, Germany.

The 2004 Isaac Pitblado Lectures: Privacy -- Another Snail in the Ginger Beer. The Law Society of Manitoba, The Manitoba Bar Association and the University of Manitoba Faculty of Law. November 19-20, 2004. Manitoba, Canada.


2004 Big Brother Awards Hungary. November 25, 2004. Budapest,Hungary.

CFP2005: Fifteenth Annual Conference on Computers, Freedom and Privacy. April 12-15, 2005. Seattle, WA. For more information:



Save To Del.icio.us    Digg! Digg This!
posted by RealitySEO at 9:37 PM 0 comments

FDA Approves VeriChip RFID Implant


FDA Approves VeriChip RFID Implant for Health Care Use
==============================

The Food and Drug Administration has approved the use of an implantable computer chip for health care information applications. VeriChip is a radio frequency identification (RFID) device about the size of a grain of rice. Each chip contains a unique verification number that is revealed by passing a scanner over the chip. This unique number in turn links to a medical record (blood type, patient's allergies, prior treatments, etc.) stored on a database. The chip manufacturer claims that the chip, by disclosing a patient's medical information to doctors with a RFID reader, could save lives and limit injuries from errors in medical treatment. The company promotes the chip as a universal means of identification, and expects the device to be used in a variety of applications including financial and transportation security, residential and commercial building access, military and government security.

Although the RFID tag in the VeriChip is passive at this stage of the technology -- which makes it impossible for current RFID readers to scan the chip from more than a few feet away -- quick progress in the technology could soon make a chip active. This would enable the chip to spontaneously broadcast radio waves, allowing for human tracking on a permanent basis without requiring the presence of a scanner. The chips have already been used in recent years for non-medical purposes.

Once implanted, a VericChip could threaten an individual's right to privacy if she is not able to remove the chip or prevent further scanning of the chip. Indeed, The director of the Office of Device Evaluation at the FDA Center for Devices and Radiological Health told the Privacy Times (Vol. 24 Number 19, Oct. 20, 2004) that "by agreeing to have the chip implanted, the understanding would be that a patient has tacitly agreed to make information [stored in the VeriChip] available to someone with a reader." She added that the potential for unauthorized medical records access "is an issue."

Although no regulation currently exists in the United States to restrict potential abuses of the chip, the European Union and a few other countries around the world already have rules or guidelines in place that apply basic data protection principles to any collection and use of information through the use of RFID technology. The U.S. Federal Trade Commission recently acknowledged that it would have jurisdiction over unfair or deceptive practices that involve the use of RFID tags, particularly in cases where a companyinvolved in tag scanning does not comply with its posted privacy policy.

For more information about VeriChip, see EPIC's VeriChip Page

For more information about radio frequency identification, see EPIC's
RFID Page
:


Save To Del.icio.us    Digg! Digg This!
posted by RealitySEO at 9:18 PM 0 comments

Secure Flight Passenger Records & Government Demands


Government to Demand Passenger Records for "Secure Flight"
EFF: EFFector Vol. 17, No. 35, September 24, 2004

Iwas sitting in the Oakland, California airport at 5:48am on September 11, 2001 when the world turned upside down and everything changed for all of us.

But the travel industry has changed more than any other single business and the Federal Government has clamped down on air travel like no one would ever be able to understand before those awful events.

I've endured my share of travel inconveniences since then, but put up with most of them to continue to enjoy the priviledge of free travel. But I will never agree with the kind of foolishness that can ground Senator Ted Kennedy or keep anyone off of their flight when they are clearly not a risk.

CAPPS II is exactly that kind of foolishness and I encourage everyone to resist their personal travel details being stored, analyzed and scrutinized the way this bad law is designed to do.

I urge everyone to take action to stop the foolishness of CAPPS II and now "SecureFlight". Visit UnsecureFlight.com and take action against the erosion of our right to free travel.

Save To Del.icio.us    Digg! Digg This!
posted by RealitySEO at 2:44 PM 0 comments

Tuesday, October 12, 2004

Protecting Personal Privacy


PRIVACYnotes
Protecting Privacy is Good for Business


Respecting Privacy on the Web

PRIVACYnotes provides a forum for web professionals who deal with the sometimes volatile issue of respecting and protecting the most valuable information their company can possess: personally identifiable customer data. On PRIVACYnoteswe cover a diverse range of issues -- from e-mail marketing (andspam)
to the importance of security toward protecting customer privacy.

Lapses in security or disregard for customer privacy have led to some high-profile bad press for large companies, who have dramatically learned the danger of publicly exposing even a small amount of customer information.


  • Do you use "cookies" on your site?
  • Have you asked permission to contact (not spam) customers via e-mail?
  • Is your customer database "hacker-proof"?
  • Where do you stand on .NET or the Liberty Alliance?
  • Are you protected from cyber-terrorism?
  • Do you favor an opt-in or opt-out policy?
  • What are "web bugs"?
  • Is "data-mining" advisable... cost effective... legal?
  • Do you know the latest requirements for customer access?
  • Have you assigned a Chief Privacy Officer (CPO) for your business?


These are the hot-button issues that can make or break a web business, and you can't afford to be ignorant of any of them -- whether you are the webmaster of a micro-business with a ten page site, or the corporate CIO in charge of multiple web properties.


Posted privacy policies accessible from the most prominent pages of a business web site are now mandated by the Federal Trade Commission in the United States.


Most web site visitors fail to read a posted privacy policy so the World Wide Web Consortium (W3C) http://www.w3.org/ has initiated the Platform for Privacy Preferences (P3P) http://www.w3.org/P3P/.
Standards are being developed for a default browser function that will notify visitors of the strictness of your privacy policy and warn them if you don't honor their preferences.


We've discussed these issues in a lively manner with minimal technical jargon, so even the layman and small business webmaster can understand. Although our discussion list is no longer active, it contains extensive information with links to news and privacy resources for those interested in privacy issues. Articles are added on an ongoing basis as new issues are covered. Please feel free to suggest resources and submit articles for reproduction here.Privacy Policy ;-)



PRIVACYnotes Moderator: Mike Banks Valentine


Mike Banks Valentine is a champion of the true small online business. He advocates a do-it-yourself approach to e-commerce through online learning for the small office, home office (SOHO) or emerging entrepreneur who lacks major venture capital funding or corporate marketing budgets.


Mike is the founder of WebSite101, an educational resource for small businesses creating initial Web presences. His writing has appeared in international publications and his work praised by Entrepreneur Magazine. He does small business web marketing and search engine optimization.


Contact Mike Banks Valentine



Save To Del.icio.us    Digg! Digg This!
posted by RealitySEO at 3:58 PM 1 comments