Passport Chip Privacy Criticism Grows

Passport Chip Privacy Criticism Grows According to privacy advocates, the scheduled inclusion of RFID tags in US Passports by the end of this year is like a "Beacon" to terrorists seeking out American victims in public places where they are likely to be carrying their passports. Critics claim that those embedded tags are readable from a distance and that anyone with an RFID reader in a public place can read ALL of the private details of your passport because the US passport office is refusing to install encryption on these tags. They claim the encryption would make the passports less readable and accessible by some countries. This is a clearcut case of the need for complete privacy protection of personal information included in required travel documents.

Save To Del.icio.us    Digg This!

NTIA Nixes Privacy for .US domain owners!

NTIA Nixes Privacy for .US Domain owners! according to this site operated by Bob Parsons, the owner of GoDaddy domain registrar. The site includes case studies of stalking and rape victims as well as other registrants with compelling reasons for WHOIS database privacy.

Currently when anyone registers a domain name, their information is publicly available to the world through searches of the Whois database. Godaddy and a few others offer a proxy registration service allowing a layer of protection to their personal information.

They accomplish this by registering domains through a proxy company which maintains accurate registration information on the domain owner, while providing the proxy company information in public WHOIS records - thus protecting the email, street address and phone number information of the actual domain registrant.

This site provides a petition protesting the government action, along with automated form for sending emails to your elected representatives. The National Telecommunications and Information Administration ("NTIA") at http://www.ntia.doc.gov/" the telecommunications and Internet arm of the Department of Commerce.

Currently this issue only affects .US domains, one-third of which are privately registered through Godaddy.com using their proxy service.

Save To Del.icio.us    Digg This!

FDIC & Federal Reserve Move Protects Privacy

FDIC: Press Releases - FDIC-PR-26-2005 March 22, 2005

The Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision have jointly issued Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice.

The guidance interprets the agencies’ customer information security standards and states that financial institutions should implement a response program to address security breaches involving customer information.

The response program should include procedures to notify customers about incidents of unauthorized access to customer information that could result in substantial harm or inconvenience to the customer.

The guidance provides that, "when a financial institution becomes aware of an incident of unauthorized access to sensitive customer information, the institution should conduct a reasonable investigation to promptly determine the likelihood that the information has been or will be misused."

"If the institution determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible," the guidance states. However, notice may be delayed if an appropriate law enforcement agency determines that notification will interfere with a criminal investigation.

Under the guidance, a financial institution should notify its primary federal regulator of a security breach involving sensitive customer information, whether or not the institution notifies its customers.

# # #

Save To Del.icio.us    Digg This!

People Will Give Away Their Identity Secrets!

People Will Sell Their Own Identity for the chance to win minor prizes, according to this BBC news story about a fake survey done to test what it takes to get consumers to give away their personal secret details including Mother's maiden names and pet names. This study was done in Britain, but had it been in the US, people certainly would have given away social security numbers to gain the CHANCE at a prize.

People must be made aware that providing personal financial information to strangers is a recipe for financial disaster!

Save To Del.icio.us    Digg This!

RSA Finds More Flaws in RFID

Flaws in RFID RSA Finds More according to this story from eWeek. Texas Instruments radio frequency ID tags used in car keys to allow users to unlock cars and to start them, and Exxon/Mobil's Speedpass to allow gasoline purchases attached to consumer credit cards to authenticate the bearer of those tags - both have been cracked.

It is very funny to see this situation crop up that could cause financial losses to companies who were not previously concerned about security of those tags when the only thing at stake was user privacy. Now their profits and consumer confidence are at stake and there will certainly be quick remediation of the problem.

These Texas Instruments made RFID tags can apparently be read by crude equipment that is within 10 feet of users, meaning consumers with this particular TI tag embedded in keys who simply unlock their cars and start them and those purchasing gasoline with Mobil "Speedpass" are vulnerable to theft of their RFID encoded data.

This will not only put the consumer at risk of loss, but now the auto manufacturers and Exxon/Mobil could lose substantially if this easy crack is replicated by bad guys. Right now it's the good guys in white hats at RSA Security doing the cracking, but it will certainly be exploited by increasingly technologically sophisticated bad guys.

Now that corporations have been proven at risk of loss, they will likely fix the security issues quickly on new products. It gives RFID tag manufacturers an excuse to charge more for "secure" tags and there is hope that they'll incorporate privacy protection into the mix.

Save To Del.icio.us    Digg This!

ID Theft Professionals in Web Mobs

Web Mobs ID Theft Professionals outlined in this linked story at BaseLine Magazine online are an example of why ID theft is booming online. It's easy work for those with some basic hacking skills using free online tools and a home computer. This thorough piece covers all the major players on both sides of the law and gives suggestions to help clean up the problem. Unfortunately, it seems like a huge task to keep online shopping trustworthy and safe. Another Wow story.

Save To Del.icio.us    Digg This!

VOIP Lawful Interception Wow!

Narus Lawful Intercept Enhanced to Support VOIP Lawful Interception; Lawful Intercept Product Supports Push to Talk over Cellular and Wireline VoIP
    
CTIA Wireless 2005
Booth #6925

NEW ORLEANS--(BUSINESS WIRE)--March 14, 2005--Narus, Inc., the leading Carrier-Class IP Platform software provider, today announced the enhancement of Narus Lawful Intercept (NarusLI(R)) to include support for Push To Talk over Cellular (PoC) and wireline Voice over Packet (VoP) for Tier-1 Carriers and broadband telephony companies. These enhancements add to the functionality of NarusLI, which already supports packet-mode data intercepts for cellular networks.

NarusLI is designed to meet the various government regulations for lawful intercept compliance around the world, and is one of many applications supported on the Narus IP Platform. Additional application areas are traffic anomaly detection, IP monitoring, IP mediation for Billing, and NarusView(TM) real-time traffic and customer analysis. When using the Narus IP Platform, adding other applications, such as NarusLI, is incremental.

Designed to the Lawfully Authorized Electronic Surveillance (LAES) model, NarusLI provides carriers with compliance to the CALEA and ETSI standards. NarusLI is an effective solution for carriers with the staff, facilities and expertise to properly execute intercept orders, or for managed service providers to whom the carriers turn to for support.

"The tremendous growth of VoIP applications has driven regulators to require lawful intercept support in VoIP networks," said Jay Thomas, vice president of product marketing, Narus. "Because of the scalability of the Narus IP Platform and the ease of extending it to support multiple applications, Narus is fast becoming the preference amongst network operators around the world."

Key features of NarusLI include:

-- Warrant Management System - for securely managing resources, LEA connections and users while performing audits and reporting

-- Streaming Interface - compliant with CALEA and ETSI standards

-- Subject Targeting - including, but not limited to NAI, IP Address, MIN, IMSI, EMEI, username, phone number, URI, and to/from e-mail address

-- Network and Vendor Agnostic - wireline including broadband, backbone, etc. and wireless including Wi-Fi; GPRS, CDMA and more

-- Carrier-Class IP Platform - active in multiple Tier-1 Carriers worldwide; speeds from DS3 and Fast Ethernet to Gigabit Ethernet, 10GigE

-- Enabling IP Platform - interfaces with multiple applications including anomaly detection, IP monitoring, billing mediation, traffic and customer analysis in real time

Narus will be demonstrating NarusLI at CTIA Wireless 2005 in New Orleans, LA, March 14-16 at Narus' booth, #6925.

About Narus

Narus provides a Carrier-Class IP Platform for the largest, most profitable networks in the world. The Narus IP Platform offers a "Total Network View" through the real-time collection and analysis of one packet to billions of packets across multiple networks at up to OC192 rates. The Narus IP Platform is used by Tier-1 Carriers to enable IP applications such as security, traffic and customer analysis, IP monitoring and billing. Narus is privately held and fully funded, backed by JP Morgan Partners, Mayfield, NeoCarta, Intel, Presidio Venture Partners, Sumisho Electronics and Walden Ventures. For more information, please visit www.narus.com.

Narus, Inc.
Jay Thomas, +1-650-230-9355
jthomas@narus.com
or
GolinHarris
Jane Yedinak, +1-415-274-7919
jyedinak@golinharris.com

Save To Del.icio.us    Digg This!

Medical Privacy Laws Communities Adjusting

Communities adjust to medical privacy lawsaccording to this Associated Press story. But it quotes several senior citizens who seem to be more upset that the rumor mill has been shut down in small towns. Several complained that the latest admissions to the local hospital were no longer broadcast on local radio! While this practice was apparently common in small town America, it is an offensive practice that is very privacy invasive to those being admitted to the hospital. The majority of the admissions were also apparently routinely published in local papers too.

While elderly snoops lament the lack of hospital gossip, those admitees now have the option to keep the busibodies out of their health business due to the Health Insurance Privacy and Portability Act (HIPPA). Nearly all opt out of public notices when given the choice. It's pretty clear that small town America is a less chatty place now that hospitalization has become a private matter not intended for public broadcast. Those snoopy oldsters and shallow busibodies will have to be told by family members about hospitalization now. Durnit.

Save To Del.icio.us    Digg This!

ChoicePoint Appoints Privacy Officer

ChoicePoint Appoints Carol A. DiBattiste, current deputy administrator of the U.S. Transportation Security Administration as Chief Privacy Officer of according to this linked TechWeb article.

That's just swell. Now the TSA is in charge of Choicepoint. Maybe they already had full access, since government is one of the biggest customers of data aggregation services like Choicepoint. It's not likely the new regulations being considered by lawmakers will apply to government agencies anyway.

The government will always be welcomed with open arms as wonderful clients of data aggregators since most of what they want to know about citizens is contained in those vast databases (run by private companies instead of public servants) that resemble the "Total Information Awareness" program that was smacked down by those same lawmakers who are legislating for privacy. Last year four US government agencies spent $30 million to buy commercial data from brokers, including ChoicePoint.

So put the feds inside the data aggregation companies and it is TIA all over again. Does anyone think they would accept the snubbing of the TIA idea? So even if DiBattiste quits that TSA position officially to head the Choicepoint "Privacy Office", will she use that position to protect private information or to feed data to Homeland Security, TSA, CIA, FBI spooks from her warm snuggly spot within the Choicepoint offices?

How does the public fall for this?

Save To Del.icio.us    Digg This!

LexisNexis customer ID theft consumer data

LexisNexis customer ID Theft Here's another "compromised database" story to add to the growing list (9 major breaches). I had previously mentioned the "Perfect Storm for Privacy Laws" story on CNET News in which multiple privacy blunders over the last month or less have caused an uproar from the public. The press took notice and is finally paying attention to the issue and now legislators are beginning to introduce and will no doubt pass stringent privacy laws across the country.

's about time

Save To Del.icio.us    Digg This!

Identity Theft? Privacy Gumshoe

ID stolen? Call a privacy gumshoe This story was inevitable once identity theft got as prominent as it has lately. The Choicepoint debacle has illuminated the problem and the bright light of notoriety is making the mess of identity theft a profitable enterprise for those who offer to clean it up for you.

Traditional private detectives are relabeling themselves as identity theft cleaners and will fix the problem if you've been a victim, doing everything for you except the required court appearances and conversations with police. They will do this if you are willing to pay hefty fees and give them complete access to your private life.

Actually those who are providing the identity theft clean-up mentioned in this Christian Science Monitor story are actually high priced body gaurds and detectives employed only by superstar celebrities. It would likely cost more to have Gavin de Becker & Associates do identity theft clean-up than anyone but Corporate CEO's can afford. They are a California consulting firm that among other things advises celebrities and other high-risk individuals on how to "hide your identity from people who'd like to steal it."

I recommend the other source mentioned in the story if you need to clean-up an identity theft problem. Do it yourself with the help of the Privacy Rights Clearing House tip sheets. and other linked resources for ID Theft.

Save To Del.icio.us    Digg This!

Free Public Record Search Engine - Pretrieve Person Search

Free Public Record Search Engine - Person Search is an example of the databasification of all public records. It's instructive to take a look at the results of a search for yourself in this free people search engine that is apparently used often by journalists. The linked page above takes you to the site home page which is a form allowing you to search for a person, business, address or phone number and the results pages are sometimes frightening.

The results are listed as questions on the Pretrieve.com site in a row of tabs labeled "Criminal, Court, Professional, Local Info, Miscellaneous and the first tab (Criminal) inserts your name or that of the person you are searching for in each possible source of criminal information under a link labeled "Registered Sex Offender Search" then a question with the searched name and state inserted: "Is anyone named (your name here) a registered sex offender in "your state here"? If you searched for your own name, it appears in that frightening position and startles you quite handily.

The arrangement of tabs with criminal info first must be done for the dramatic effect it has on what would otherwise be a rather mundane search of bland information. But when I went ahead and pressed that frightening link, I got a gratifying "no information could be found" result page. Whew! Then again on the link leading to the "Federal Inmate Search" I got a gratifying "Sorry. No Inmate Named (Your name here) Race: unspecified Sex: unspecified found." on the new window launched on the Federal "Bureau of Prisons" site search.

Since I write frequently online, there are hundreds of sources of information on me available in one of the results tabs labled "professional", I was happy to see that my occupation was correctly listed as "Search Engine Optimization Specialist" with sources coming mainly from resource boxes of my articles appearing across the web.

The interface of the Pretrieve.com result page also links you to organizations that have published information about you and fills in the name information, going directly to a search on the name entered at the new site. The interface of Pretrieve.com links you to their sources by launching new windows at different web sites.

The "professional" affiliations are tracked by a site called "Eliyon.com Business People Search" where links to web mentions are tied to the byline of my articles. Seems their forte is finding business mentions to connect with names. OK. But I was surprised to see that one company that I work with was incorrectly listed as being in Northern California, when they are in fact in Southern California. Oh, and they were incorrectly named, but correctly linked to the site of a company that I work with.

This type of error is probably common in online databases and are one of the biggest problems with this type of data aggregation. It is not kept current or accurate by all sources and there are dozens of others with the same name, etc.

A very interesting note comes from the Pretrieve.com privacy page where they make this curious statement: "It may seem contrary for a company dedicated to making public information more easily accessible to be an ardent supporter of information privacy, but the fact is we take information privacy rights extremely seriously. We believe public information should be open and made available to everyone as adamantly as we believe private information should remain private."

But doesn't making all sources of public information easily available, make possible private information easily available along with it? Actually, this only applies to informaiton directly available on the pretrieve site, which is nothing other than your computer and connection info as they don't require registration to use their service. They do place cookies on your hard drive, because the site won't apparently work to fill in the search info in the referred sites if you turn off that option in your browser. The information business seems to be full of contradictions.

Save To Del.icio.us    Digg This!

Cheap genetic testing at-home

Cheap at-home genetic testing opens Pandora's box according to this linked USA Today story. But I see a positive note in this for privacy issues of individuals wanting to keep their genetic history away from databases that sell the genetic information as well as those that would use that information to deny medical coverage based on genetic predisposition to specific diseases. "the companies note, the test results aren't usually jotted down on official medical histories, which keeps sensitive information away from insurance companies"

However, it places a big dose of trust on those companies holding your genetic fingerprints that they WON'T sell the information to the highest bidders once they have it in their databases. Regulation will no doubt be required to keep them honest.

Save To Del.icio.us    Digg This!

One in four 'touched' by ID fraud in Britain

ID Theft and Fraud in UK affect one in four adults. Yet most don't shred mail with potentially damaging personal information from banks, creditors and credit cards. This BBC story shows how many Brits are victims that don't know how to stem the tide of theft and fraud.

Financial institutions that still require mother's maiden name and place of birth as proof of identity are blamed as the biggest single issue since those are easily come by doing simple internet searches or through data aggregators who happily sell the information to anyone who pays for it.

The problem is worldwide, with far flung criminals accessing data via the web and using it locally through their network of financial crooks. When do we wise up and begin to fix this problem?

Save To Del.icio.us    Digg This!

ChoicePoint® Update on Fraud Investigation

ChoicePoint® Update on Fraud Investigation This page presents the company stance on their privacy breach in a CYA position. Choicepoint promises extensive "Re-credentialing" of customers to verify their "legitimate" access of data ChoicePoint sells to them.

They tell us they have hired a retired Secret Service agent, Robert McConnell to monitor organized crime access and use of information gained in this incident and serve as "liason" to law enforcement.

They list numbers of victims by state, with California at 34,000, Texas at 11,000 followed by Florida at 10,000, New York at 9300 and lesser numbers in all 50 states, District of Columbia and Puerto Rico, Guam and Virgin Islands.

Rather obvious we'll see legislation from all of this fuss.

Save To Del.icio.us    Digg This!

Perfect storm for privacy laws?

Perfect storm for privacy laws according to the above linked CNET news story that lists privacy related incidents at ChoicePoint, Bank of America, Science Applications Int'l, an online payroll services company and the T-Mobile Sidekick hacking of Paris Hilton.

Then there is the latest online application that allows you to spoof your caller ID by paying 5 cents a minute to send a fake signal to phones you call so that you can pretend to be someone else! It's painfully obvious that it is time for serious privacy protections in a database world.

Save To Del.icio.us    Digg This!