Friday, April 28, 2006

Total Information Awareness Lives

Cancelled TIA Project is actively continuing according to a Mark Williams piece at MIT's Technology Review. This long article starts by focusing on the recent Electronic Frontier Foundation (EFF) vs AT&T law suit which asserts that the National Security Agency (NSA) has a direct line to trillions of AT&T phone calls made over the last decade.

There can be little doubt that the officially cancelled Total Information Awareness (TIA) project continues under multiple agencies with varied code names and diverse funding sources to obscure it's continuing build of the largest database on the planet.

Tidbits of news seem to keep popping up suggesting that the TIA program is continuing.

Save To    Digg! Digg This!
posted by RealitySEO at 10:00 AM 0 comments

Thursday, April 27, 2006

UK DNA database Removal

Getting off the UK DNA database:
The UK Association of Chief Police Officers (ACPO) explains how - first request of the Chief Police Officer, the deletion of your record as an unlawful collection of DNA sample because your arrest was mistaken identity or whatever reason it was you were arrested and a DNA sample taken. " Because that is the only way to protest and request removal "where the original arrest or sampling was found to be unlawful." Chief Police Officers will then, according to instructions given to them,
"The Chief Officer is asked to consider any response and either reply to the applicant rejecting the application for the removal of the record(s) or refer the case papers to the DNAFRP [DNA & Fingerprint Retention Project], thus ensuring that a consistent approach is adopted nationally."
So you first request that your DNA records be deleted, then they deny your request and refer it to the DNAFRP. There is no instruction to the public as to procedure for requesting deletion after denial by the ACPO and and referral to the DNAFRP.

This came to light after Britons discovered their DNA was being built into a UK National DNA database, even though that was denied officially. So certain are the ACPO that they'll need to protect those records in the database that they've issued instructions to their members on how to deal with "recent widespread media coverage relating to the retention of DNA" - and have instructed them to deny requests for deletion of DNA records and refer them to another agency.

No doubt the UK DNAFRP will respond with instructions to deny claims filed with them and refer them elsewhere. Because once a database record is established, it should be protected, cherished, forever retained and shared with dozens of other agencies, associations, projects and governments.

Save To    Digg! Digg This!
posted by RealitySEO at 7:21 AM 0 comments

Wednesday, April 26, 2006

Australian National ID Card

Aussies to get pseudo-ID Card
It appears that Australia is jumping into the national ID scheme and will require all citizens to have one if they wish to continue having their health benefits. A quote from the story linked above:
Australia's biometric non-ID card will be used to replace 17 existing health and social service cards. It will also be backed up by the thing that makes an ID card an ID card - a massive database, shared across government departments.
So the Australian government is now going to require a national ID, but claim it is for health benefits. They are claiming that the card will only hold a digital photo in its data chip, but it will only require an upgrade once the national database and infrastructure are in place.

Again, as mentioned in that quote above, it appears that the system will merge data from multiple programs and multiple existing databases into one. The database merging continues - now in Australia. There will no doubt one day be a single worldwide database containing all information about every human on the planet - if we live long enough.

Save To    Digg! Digg This!
posted by RealitySEO at 10:55 PM 1 comments

GAO on Homeland Security Privacy Concerns

GAO report on privacy causes worry for Maine Congress members according to this story. Congress members OIympia Snowe, Susan Collins, Michael Michaud and Tom Allen are all calling for tighter privacy protections on Homeland Security information gathering and handling.

One major concern appears to be the purchase of information from private contractors, including ChoicePoint and Lexis/Nexis commercial data brokers. The DHS and Justice Department, State Department and Social Security Administration together spent $30 million last year to purchase data on law abiding Americans from data brokers. That information is often out of date and inaccurate, but those agencies are each incorporating that data into their databases.

The concern of the congressional delegation from Maine was caused by a Governmental Accountability Office (GAO) report citing privacy violations in handling information on US citizens. Rep. Collins had insisted on the creation of a "Privacy Board" when the Department of Homeland Security was created, but the Bush Administration has failed to fund or appoint members to that board. Collins is suggesting that privacy shortcomings from the GAO report be addressed by a (so far non-existent) DHS Privacy Board.

But the larger problem addressed by the GAO report is that data brokers are not constrained by Government "Fair Information" practices which require that citizens have a right to access information about them and make changes, corrections and deletions to make certain that information is completely accurate. The data brokers buy their information from commercial sources and are under no restrictions as to reliability of source or accuracy of information they hold on consumers.

Those government agencies now using that commercially obtained data are treating it as though it is complete and accurate, and that is the conlcusion of the GAO report and the Congressional delegation from Maine. Citizens must be given access and be allowed to edit for accuracy to live up to guidelines established, as stated by Government Accountability Office:

To address our objectives, we identified and reviewed applicable laws such as the Privacy Act of 1974 and the E-Government Act, agency policies and practices, and the widely accepted privacy principles embodied in the Organization for Economic Cooperation and Development (OECD) version of the Fair Information Practices.
Once this data is incorporated into government agency databases, it is treated as though it were accurate and gains a cache not applied to commercial sources due to assumptions about government information being reliable - even though it is now tainted by outdated and inaccurate information obtained from those commercial data brokers.

This spiral of information sources being drawn into central government databases and being viewed as gospel cannot continue if we truly respect our privacy and wish governement to do the same. This database merging and sharing is happening in Britain as well, as mentioned in yesterday's post. It has got to stop if we want to see privacy protected. Kudos to the Maine Congressional delegation for standing up for privacy.

Save To    Digg! Digg This!
posted by RealitySEO at 10:34 AM 0 comments

Tuesday, April 25, 2006

ID Database as Population Register

ID database will become national population register This story is proof once again that once a database is established, it will be shared, multipurposed and merged with others. The British "Identity & Passport Service" will supplant the "Office for National Statistics" on the "Citizen Information Project" database to become the "National Identity Register" in the UK.

A database is a database is a database. So why have overlapping and redundant data stores when you can merge them all and combine all those bits into a single monolithic information source with all possible data about every citizen stored and shared with every agency, bureau, commission, administration and organization, public and private, profit and non-profit?

Save To    Digg! Digg This!
posted by RealitySEO at 3:06 PM 0 comments

Cyber Crime Do it Yourself Prevention

Analysis: How to catch a cyber criminal? Do it yourself - This story looks at the lack of knowledge, resources, manpower and will to track down and prosecute online crime perpetrated against companies and consumers by hackers, phishing, spoofing, spyware and other forms of criminal activity online.

The lack of trained cyber crime fighters has lead many companies to take an active role in chasing down crooks that have hacked into their networks or successfully phished personal information via spoof sites and emails to consumers.

Not many individuals will have the knowledge or ability to track down criminals that often attack remotely via computer or foreign hosted web sites.

Thirty countries participating with the Organization for Economic Co-operation & Development (OECD) is now joining forces with the Federal Trade Commission (FTC) in the US to combat spam, but very little is being done to stop major crime involving hacking, data theft, spyware or phishing crimes leading to financial loss through identity theft.

This story makes it apparent that nobody seems to know what to do about privacy and security issues beyond passing the buck and cover your assets type of activity by corporations worried about data breach reporting laws. It seems that cyber crime requires both international reach and a global will to overcome online criminal activity and privacy protection.

Will the OECD/FTC spam fight escalate to serious crime or concentrate only on the annoyance of junk email?

Save To    Digg! Digg This!
posted by RealitySEO at 2:08 PM 0 comments

Monday, April 24, 2006

Real ID Opposition in New Hampshire

Is Real ID a sign of the apocalypse? - Concord Monitor Online - Concord, NH 03301 New Hampshire Republican State Representative Neal Kurk made a House speech opposing Real ID (National De-facto Driver License) that has privacy advocates singing praises. Quicktime Video of Kurk Speech.

Unfortunately for those opposing Real ID, the argument is once again bringing in religious connections to the "Mark of the Beast" references mentioned here recently. Rep. Kurk made a religious reference in his speech, but the core of his remarks avoided the book of revelations and emphasized the New Hampshire "Live Free or Die" state motto in recommending his state refuse to participate in the Real ID program as a pilot state in testing the scheme.

New Hampshire Caspian (Consumers Against Supermarket Privacy Invasion & Numbering) is fighting Real ID and supporting Kurk from the religious viewpoint, the same emotional appeal that helped launch National CASPIAN among religious conservatives concerned with biblical references from the Book of Revelation.

And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads. And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
Revelation 13:16-17

The linked story from the Concord Monitor newspaper discusses those religious ties and support for Kurk based on those convictions and questions whether religion should be tied to the debate. I hope that costs to US states of a National Driver License is considered a bigger issue, along with the problem of encoding our driving record in that "machine readable" ID which merchants, banks and anyone requiring ID will then have access to if given those cards. Privacy is bigger than the religious issues attached to the Real ID debate. It's disturbing that few citizens have the fervor of privacy convictions outside of biblical prophecy.

Save To    Digg! Digg This!
posted by RealitySEO at 10:04 AM 0 comments

Thursday, April 20, 2006

Anti-ID-Theft Bill Watered Down

Wired News: The Anti-ID-Theft Bill That Isn't This Bruce Scheier authored article in Wired News is an excellent assessment of the reasons that data breaches and data theft is rampant and worsening. Those who hold the data face little to no risk of financial loss when their data is breached.

A California law requiring disclosure of data breaches lead to major press coverage of first the ChoicePoint breach, then CardSystems, CitiGroup, Lexis/Nexis, etc. over the past year or so. The press coverage due to the required disclosure laws and public battering (in the press) taken by those companies that lost the data is the only reason that identity theft and data breaches has gotten so much attention recently.

The law proposed in Federal legislation has been watered down and weakened to the point of being protective of those businesses which treat private financial information they hold on consumers in so cavalier a manner that they sell it to criminals posing as businesses, lose it to unprotected and casual shipment methods like UPS, and suffer hacking attacks and computer thefts and dozens of other potential Ooops! moments.

Until companies face strict liability for loss of sensitive information they hold, they will continue to treat that information in a cavalier manner. Right now they have lobbyists in Congress seeking watered down legislation that will essentially absolve them of blame and relieve them of the duty to notify those exposed to the risk of identity theft.

But the biggest problem in that federal legislation is the fact that it preempts stronger state legislation curently in effect in 23 states and relieves data brokers and financial institutions of responsibility or public shaming. Data breaches will return to obscurity and the press will no longer have anything to report on, due to lack of disclosure of those breaches, thefts or hacking losses by data brokers and financial institutions that lose it.

Save To    Digg! Digg This!
posted by RealitySEO at 10:25 AM 0 comments

Wednesday, April 19, 2006

RFID "PASS" Cards a Privacy Threat?

"People Access Security Services" or "PASS" cards being mandated the Department of Homeland Security for frequent border crossing for people crossing between Canada and the US. The cards are being considered with long range readability, similar to toll road passes which can be read from thirty feet and at speeds up to 55 miles per hour as cars pass security checkpoints at border crossings.

The page linked above in the headline is for a press release discussing the Smart Card Alliance Government Conference. It's interesting to see those in the "Smart Card Alliance" openly discussing privacy implications of RFID. Bravo. It appears that concerns of privacy advocates are being heard by the industry and they realize that it is critical to the success of their business to address privacy issues early.

Several privacy related issues are mentioned in the release, including use of RFID in US passports, and the "Registered Traveler Program".

Save To    Digg! Digg This!
posted by RealitySEO at 6:15 PM 0 comments

UK Car Surveillance Delayed

UK car tracking database delayed to boost capacity | The Register
Known as the "Auto Number Plate Recognition" or "ANPR" system, this UK road spying and automated speed ticketing system is being expanded before it is even off the ground.

Cameras across Britain will record license plate numbers of every car passing thousands of roadside monitoring stations. The plate numbers are sent to a database tracking where that plate has been seen over time. West Yorkshire bobbies have been given hand held computers to access that information at any time by scanning the plate of motorists they stop for violations.

Now, the police in West Yorkshire are looking at adding RIM BlackBerry's to the mix for wireless access to the ANPR database. The enthusiasm of police departments across the UK wishing to access the system has many worried that they will overwhelm the system and require further expansion of capacity.

There is debate over how long to store the travels database and argument over who will have access to travel records of surveilled autos over differing time periods - in order to limit requests to a system overburdened before it has luanched. Hmm. Perhaps private eyes will want access to those records to track wandering spouses, then insurance companies to rate risk to policyholders based on their travels, then taxing authorities to customize tolls and tariffs for individuals, then marketing firms, then auto makers, then roadside vendors ...

It appears that several British motorists have wised up to the Big Brother system and are using a ruse to avoid ticketing for speeding when caught by the roadside cameras and "ANPR" system by using "mass mailing" addresses to register their cars. Many of those photographed speeding through the surveillance system have been seen making obscene gestures to the camera, knowing that their car cannot be traced back to their address.

Save To    Digg! Digg This!
posted by RealitySEO at 11:36 AM 0 comments

Monday, April 17, 2006

Terrorist Concern About Privacy

Terrorists' Web Chatter Shows Concern About Internet Privacy This is a story seems a bit topsy turvy to think of bad guys being concerned about privacy. But the headline tweaks things a bit as it really applies to supporters of the bad guys who are not tech savvy, much as privacy advocates are aiming their warnings at non-tech-savvy citizens in their warnings about internet privacy.

There are mentions in this story of advice given by the geeks among terrorists warning supporters in chat rooms and forums - where radicals gather to discuss extremist & violent views - that they should protect their privacy.

It seems very normal for bad guys to be furtive, secretive and low profile. Now they are warning their protege's to do the same and warning them to protect their identities.

I imagine that this story, originally in the Washington Post, caused Homeland Security and NSA types to wish it hadn't made headlines - because it only encourages extremist bad guys (and their supporters) to keep a lower profile.

It's likely that our spooks track the more vocal and less careful supporters to find the more tech-savvy and careful bad guys. How odd that things have been turned on their heads here.

The ill-informed and non-tech-savvy bad guy supporters could betray their cause inadvertently - just as ill-informed and non-tech-savvy citizens could become identity theft victims (or worse) by succumbing to bad guy identity thieves who might be supporting the bad guy cause financially.

Save To    Digg! Digg This!
posted by RealitySEO at 10:36 AM 0 comments

Tax Refund Phishing Scams & Identity Theft - Beware of tax refund 'phishing' scams - Apr 14, 2006 The IRS had previously warned about fake emails seeking to convince taxpayers to give scammers their financial information, social security numbers, bank account and credit card numbers.

Identity theft has increased exponentially online and tax time seems like a reasonable time to hear from the IRS, but consumers are being duped by email scams from fraudulent web sites that pretend to be the IRS or other government sites by spoofing the look of official government entities and asking for financial information through online forms.

The recent scams include emails purporting to be official, but which mislead innocent taxpayers to fake sites, offer fake phone numbers and use fake email addresses. The IRS warns that they will never ask detailed financial information of taxpayers in emails and you should never provide that information to a web site you reach by clicking on an email link or by return email. Email links can be spoofed, just as web sites can be made to look official.

Take care and use common sense against this scam at tax time.

Save To    Digg! Digg This!
posted by RealitySEO at 9:48 AM 0 comments

Friday, April 14, 2006

MIT Launches RFID Privacy Site

MIT Launches RFID Privacy Site and although it is pretty empty and spare as of the week of the announced launch, it promises to offer some reasoned and intelligent discussion of the topic.

There is an unfortunate link to Christian biblical prophecy in most efforts to oppose ubiquitous RFID. That emphasis has kept many interested in the issue of RFID privacy from paying much attention to the opponents of wide RFID adoption because they don't want to enter into discussion of the religious dogma of the "Mark of the Beast" pointed to by those opposed to RFID on religious grounds.

While privacy advocates and RFID opponents Katherine Albrecht and Liz McIntyre have significant credentials in the book they co-authored book "Spychips, How Major Corporations and Government Plan to Track Your Every Move With RFID" the related website called "Caspian" for "Consumers Against Supermarket Privacy Invasion and Numbering" began with an emphasis on the biblical warnings against the "Mark of the Beast" as mentioned in the Bible:

And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads. And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
Revelation 13:16-17
Clearly, MIT will steer clear of the religious arguments and emphasize the technology solutions to the RFID privacy issue, keeping the book of Revelation far from the discussion so rational secular discussion can be had outside the emotional aspects of religion.

Save To    Digg! Digg This!
posted by RealitySEO at 12:54 PM 0 comments

Thursday, April 13, 2006

ATT & NSA Surveillance Case Chapter 2

Wired News: Whistle-Blower Outs NSA Spy Room Here's another chapter in the illegal wiretapping case of the Electronic Frontier Foundation (EFF) versus the National Security Agency (NSA) and AT&T.

The source of the information that the EFF used to sue AT&T appears to be a retired AT&T technician turned whistle blower named Mark Klein, who spirited away documents from work and presented them to EFF because he believed that AT&T was allowing wholesale and undifferentiated eavesdropping of all AT&T calls and internet traffic. That cloak and dagger surveillance action appears to split off regular phone and internet traffic and send them to a "Secret Spy Room" staffed by special AT&T employees and routed to NSA somehow.

That secret spy room is using systems designed by a company called Narus, which is described in the Wired News story like this:

"The secret room also included data-mining equipment called a Narus STA 6400, "known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets," according to Klein's statement.

Narus, whose website touts AT&T as a client, sells software to help internet service providers and telecoms monitor and manage their networks, look for intrusions, and wiretap phone calls as mandated by federal law."

Narus claims that the publicity surrounding this case is hurting their business. ATT wants the documents returned that Klein accessed and provided to the EFF. The entire case is likely to simply disappear without public comment after an expected NSA challenge to the case under the State Secrets Act which has been used successfully in every case it has been applied to. It will be interesting to see if the judge in the case will allow portions of it to go forward and expose the over-reaching surveillance and highlight the illegal spying being done on US citizens.

The decision will likely turn on the political leanings of the judge and whether he supports Bush Administration and NSA domestic wiretapping and surveillance. It is possible to keep state secrets out of public view while determining the legality of the extensive AT&T and NSA hand holding - along with whatever else they do in that secret room.

Save To    Digg! Digg This!
posted by RealitySEO at 9:41 AM 0 comments

Wednesday, April 12, 2006

Shred It Identity Theft Prevention Promo

Shred-it, Crime Stoppers and Wal-Mart Help Americans Beat Identity Theft This is a press release from a mobile shredding service using identity theft as a promotional opportunity by having the Shred-it company show up in parking lots of 200 Wal-Mart stores across the US on April 1, 8, 22 and 29.

This type of service is usually employed by substantial businesses with sensitive financial or corporate data they need to destroy. The cost is substantial for small businesses and they usually forego the service and attempt to shred their own documents in personal shredders on-site.

So while this allows a feel-good community service opportunity for Wal-Mart and Shred-it companies, it's likely Wal-Mart is simply paying the going rate for businesses to have consumer bank and credit card statements shredded by Shred-it.

I'd be surprised if Wal-Mart didn't set up outdoor displays of all their available shredders and handy-dandy cash registers so customers don't even need to go inside the store to buy one.

Identity theft has caught everyone's attention and shredding is a highly recommended deterent to that crime. This event allows Wal-Mart to gain a little lustre back after lots of bad press over lack of health care plans for low paid employees disclosed in Walmart: The High Cost of Low Price movie and the resulting media coverage.

Save To    Digg! Digg This!
posted by RealitySEO at 10:22 PM 0 comments

Tuesday, April 11, 2006

Privacy Nightmare of Laptop Robberies

Laptop thieves descend upon wireless cafes / Grab-and-run robbers find pricey computers easy to resell. This San Francisco Chronicle article looks at a laptop robbery at knife point from a wi-fi hot spot in a coffee shop. Thieves are targeting expensive laptops for thefts which can turn violent if computer owners resist.

The victim in this case was stabbed and spent six days in a hospital. He was a finance manager - which means he could potentially have valuable personal financial information on clients or access via stored passwords or saved cookie-based logins to sensitive financial information through web site extra-nets.

We all hope that thieves are not becoming sophisticated enough to track and find those with sensitive data on their laptop hard drives, then follow them to steal that valuable information, and that they simply want a pricey laptop to sell easily on the street. The data on some laptops could be extremely valuable in providing access to sensitive financial information.

But you've got to wonder when and if things will progress to that level of sophistication considering the value to some criminals of vast troves of potential identity theft victims and/or access to financial network logins stored on laptop hard drives carried by executives from banks, brokerages and other financial institutions.

Save To    Digg! Digg This!
posted by RealitySEO at 10:43 PM 0 comments