Monday, May 23, 2005

Private Personal data for the taking

Personal data for the takingis a May 18 CNET story by Tom Zeller Jr. about an experiment by Republican Senator Ted Stevens in which he told staffers to "Steal his Identity" and how successful they were at doing so. This story was widely quoted by increasing numbers of media sources and blogs around the web last week. It AGAIN points up how important it is to reduce public web access to personal, medical and financial records of everyone.

Finally though, it is politicians who are seeing the light and introducing legislation to stop easy access and commercialization of private personal and financial information online. I'm glad to see that action is finally being taken after years of watching the problem grow and evolve to a bigger monster than it had to be if we'd taken action earlier.

Save To    Digg! Digg This!
posted by RealitySEO at 10:48 AM 0 comments

Tuesday, May 10, 2005

Medical Information Privacy Concerns May Require Legislative Action

Medical Information Privacy Concerns May Require Legislative Action.
Copyright 2005 Terry McDermott

Medical information is among the most sensitive and personal information that can be collected and shared. It has always been accepted that privacy of personal medical data is central to the doctor-patient relationship. But, surprisingly, there is no comprehensive federal medical information privacy law.

Records containing medical information are less protected than credit reports or video rental records. There is a patchwork of state health privacy laws. Some laws cover specific individuals or organizations or specific medical conditions. But state laws vary widely and few address medical information privacy concerns in a comprehensive fashion.

For a variety of reasons a new sense of urgency exists for privacy rules governing the use of personal medical conditions information. Some are as follows:

- Rise in managed care -
- New information and communications technology
- Concerns raised by mapping of the human genome
- Increased demand for health data
- Commercial use of health data

Increased access to medical information can result in an increased risk of misuse. Stricter privacy guidelines can prevent access by those who are not bound by ethical or legal standards or who are motivated strictly by profit or curiosity.

Some patients adopt privacy protecting behavior like paying out-of-pocket or doctor hopping. Others may be reluctant to give accurate or complete medical information. In the worst-case scenario, people will avoid care altogether. As a result, a patient puts him/herself at risk because of undetected or untreated conditions. In addition, without full patient participation up-front, the medical data collected will be unreliable for users elsewhere in the system. Ultimately, health care initiatives that depend on complete and accurate information may be undermined.

Protecting medical conditions information privacy ensures access to care and improves the quality of care for individuals and their communities.

About the Author:

J. Terrence McDermott is administrator and webmaster for Home Medical Suppies Central at - a site featuring medical supplies and equipment and resources for home caregivers. He can be reached at

Save To    Digg! Digg This!
posted by RealitySEO at 1:13 PM 0 comments

Friday, May 06, 2005

Your Identity, Open to All

Your Identity, Open to All in this story about, another public records search engine. Xeni Jardin interviews the ZabaSearch CEO Robert Zakari and chairman Nicholas Matzorkis about their public records search engine, which provides extensive data about you to anyone. Another division of their company sells additional data not available at ZabaSearch to companies, government, law enforcement and media for a fee. Chairman Matzorkis says government use of ZabaSearch is more than 20 percent, military use is a percentage of use in the low to mid teens.

Both Zakari and Matzorkis make excuses for being in the data aggregation and sales business by saying something akin to 'If we didn't do it others would' when they say, "We do not oppose new legislation. But we are not society's caretakers. We are technologists and entrepreneurs." So then it's really saying, 'It's not illegal to do this and we can make money at it, so we do!' Pretty sleazy excuse for making money off of private and personal information they've dug up from their multiple databases and vendor databases.

When confronted about the many data theft and loss incidents over the past few weeks, the pair push aside the fact that they store and use personal private information from one arm of their company (PeopleData) when they say. "ZabaSearch is not a public record broker, it is a search engine. Yes, we'll offer additional information and services for a fee, but the idea is closer to Google or Yahoo -- it's a search engine that gives results and sells ads, integrated links, other services. PeopleData sells information which is not made available on ZabaSearch.

How are you protecting that data guys and what is your plan to reimburse those exposed when YOUR database is hacked or when greedy employees sell information that they have access to as insiders?

Save To    Digg! Digg This!
posted by RealitySEO at 10:16 AM 0 comments

Wednesday, May 04, 2005

Spitzer Targets Spyware, Sues Intermix

Spitzer Targets Spyware is a short article mentioning New York Attorney General Eliot Spitzer suing a company called Intermix Media for Spyware installed without the knowledge of computer owners as part of a bundle of programs. Mention is not made of how or what information is collected, but is mostly notable for Spitzer's bulldog like attack on spyware overall. Intermix claims the spyware was part of another company it purchased and that they are no longer using the technique of secret installations and spyware in their business.

Save To    Digg! Digg This!
posted by RealitySEO at 2:48 PM 0 comments

Hooked On Phishing & Identity Theft

Hooked On Phishing is a good overview of Phishing and identity theft by Oxford Analytica through Forbes Magazine. The article contains data on the past three years of phishing and identity theft info which shows the activity growing dramatically and pointing out that risk of arrest is low for identity thieves with only 5% ever arrested. Good coverage for those new to the problem. The first paragraph ends with a shocking number claiming US citizens lost over 52 billion to identity theft in 2004. Worth a read.

Save To    Digg! Digg This!
posted by RealitySEO at 2:41 PM 0 comments

Privacy - TSA Revives CAPPS II for travelers

U.S. TSA asks for more data on travelers even after a huge data mining program called CAPPS II was dropped due to privacy concerns, the TSA is quietly launching another program to do similar things. CAPPS II was goverment speak for "Computer Assisted Passenger Prescreening System" is now being raised from the dead in a new program called "Secure Flight" that asks for only your full name and birth dates where CAPPS II required those plus home phone number and home address. Two airlines will be required to provide the full name and phone number data to TSA beginning in August. The stated reason being "for comparison with a terrorist watch list". The TSA expects to name the airlines within a week. The linked story here states that the information will NOT be REQUIRED of travelers, but their chance of being detained and added to watch lists increases dramatically if they refuse the information. All of the data the TSA is asking for is already included on most or the documents that airlines are required to see to allow boarding of planes, it just wasn't recorded and given to the TSA before. Another example of a program that is killed due to privacy concerns initially, but revived later under another name with slightly less onerous requirements.

Save To    Digg! Digg This!
posted by RealitySEO at 10:26 AM 0 comments

Monday, May 02, 2005

States Take Spyware Action

States Take Spyware Action as Feds take too long. Anti-Spyware issues and privacy violations via secret software installed with other seemingly harmless applications is becoming a larger issue. Class action suits are being launched on behalf of consumers taken in by software that spies on their actions and routes through computer information to gather personal and financial info without their knowledge. This will very likely expand to include major corporations like internet service providers who provide so-called "support" software that monitors problems encountered by consumers while using their computers.

An application called "Motive SmartBridge" which monitors system performance, supposedly only as it relates to ISP's that provide the software has delivered popup dialog boxes on users computers asking to connect to the web to retrieve updates. Most users, not knowing what that software is doing, will click the "OK" button just to get rid of the popup. A search for "Motive SmartBridge" turns up a discussion forum loaded with posts from worried users asking, "What is this and why is it on my computer?" Further posts in forums across the web note that uninstalling the service provider "support" software will remove this secret program from computers and stop it from requesting internet access. What is not discussed in those forums is the fact that those who DO uninstall that program end up damaging their computer's Windows Registry, sometimes seriously damaging or diabling their systems.

Spyware like this is being increasingly monitored and removed by wary consumers who are becoming more careful of spyware on their home and office computers.

Save To    Digg! Digg This!
posted by RealitySEO at 1:56 PM 0 comments

Credit Card Privacy Litigation

Credit Card Privacy Litigation in San Francisco Superior Court has been filed for all holders of credit cards serviced by Household Credit Services and has a California address. From the privacy lawsuit web site linked above:

Any person or entity who, between September 9, 1995 and August 31, 2001: (1) had a credit card serviced by Household Credit Services, Inc. ("Household"); (2) had a California mailing address for purposes of communicating with Household; and (3) at the time that they had that California mailing address, had certain information (name, address, telephone number and scrambled or unscrambled credit card number ) disclosed by Household to any third-party vendor with whom Household has or had a contract, agreement or understanding to disclose certain information and pursuant to which Household was entitled to receive money, directly or indirectly, as a result of any sales of goods, programs, or services by the third-party vendor to Household credit card holders or through an administrative, service or transaction fee (the "Household Class"). Excluded from the Household Class is Household, any parent, subsidiary or affiliate of Household, and all officers and directors who are, or who have been, employed by Household from September 9, 1995 to August 31, 2001.

This is no doubt only one of hundreds of this type of suit to be filed for privacy violations of financial information disclosures in the near future. The class action front for privacy violations and identity theft is just opening.

Save To    Digg! Digg This!
posted by RealitySEO at 10:34 AM 0 comments

Sunday, May 01, 2005

RFID - A Bit of Privacy

RFID - A Bit of Privacy is an article by Ari Juels for RFID Journal, an industry publication, in which he argues for implementation of something of his own invention called the "Privacy Bit". This is a simple switch that allows RFID tags to have a toggle on/off for readability of tags used on consumer items to facilitate later use of tags for automated refunds on tagged items, parts replacement on durable goods, refill notices on consumables and every conceivable later use of RFID tags. There is a concept of internet enabled tag readers, cell phone tag "blockers" for items within a certain range of the phone and multiple other scenarios for allowing consumers to decide.

Save To    Digg! Digg This!
posted by RealitySEO at 6:43 PM 0 comments