NOTICE TO VISITORS! WEBSITE101
HAS ESTABLISHED A NEW SITE EMPHASIZING PRIVACY ISSUES TO BETTER
SERVE CURRENT NEWS AND PRIVACY DEVELOPMENTS. PLEASE VISIT OUR
NEW SITE WHERE WE'VE EXPANDED COVERAGE AND MAINTAIN CURRENT
NEWS STORY LINKS!
A WASHINGTON REPORT
FROM SENATOR DIANNE FEINSTEIN
Friday, March 28, 2003
IDENTITY THEFT AND PRIVACY
In each of these newsletters, I will also try to give updates
on a specific area of legislative concern. Today, I would like
to share some details of our efforts to protect American’s
from identity theft. My goal is to protect American's personal
information – including medical data, financial data, social
security numbers and driver’s license information, and create
an appropriate balance between protecting personal information
from identity thieves and others who would misuse it, while allowing
legitimate business and government practices to go forward.
To achieve this, I have introduced a package of legislation designed
to:
• Combat the growing crime of identity theft;
• Give identity theft victims the ability to restore their
good names;
• Prohibit sale and display of social security numbers to
the public; and
• Set a national standard for how individuals personal information
is protected.
The Social Security Number Protection Act -- Makes it harder
for identity thieves to obtain Social Security numbers by restricting
public access to the number. Prohibits the sale or display of
Social Security numbers to the general public, removes Social
Security numbers from government checks and driver's licenses,
and requires Social Security numbers to be taken off documents
obtained via the internet. At the same time, the bill would permit
legitimate business and government use of the number.
The Identity Theft Prevention Act – Makes it harder
for identity thieves to get access to your credit card numbers
or take over your credit card account. Penalizes credit card companies
that ignore a victim's report of fraud and continue to issue credit
to the thief. Requires truncation of any credit card number printed
on a store receipt.We’ve had some good news on this front.
On March 6, I joined Visa CEO Carl Pascarella to announce new
Visa regulations prohibiting the display of all but the last four
digits of credit card numbers on consumer receipts. By taking
this action, Visa is joining in the fight against identity theft,
setting a new industry standard for the protection of personal
information.The Identity Theft Penalty Enhancement Act –
Strengthens the criminal penalties for those who use identity
theft as a means to perpetrate other serious crimes, including
terrorism, fire arms offenses and immigration violations. Makes
it easier for prosecutors to prove identity theft. This bill was
approved by the Senate on March 20.
The Privacy Act – Sets a national standard for protection
of personal information, including Social Security numbers, driver's
licenses and health and financial data, including information
collected both on-line and off-line. This bill will be introduced
in the next two weeks.
My home page has further details on these bills along with links
to learning how to better protect yourself from identity theft:
http://feinstein.senate.gov/
http://www.Reuters.com/news_article.jhtml?type=internetnews&StoryID=1233513
End of Feinstein news ----
Location-based wireless services are just around the bend, and a
good dose of controversy is bound to arrive with them. Though services
that can pinpoint a user's exact location through a mobile phone
signal offer promising applications, especially for public safety,
they also promise the opportunity for widespread invasions of privacy
. Location information can be used in many ways -- from beneficial
to downright malicious. What is troubling to many is that the power
to use the data properly rests almost entirely in the hands of mobile
operators.
Florida
Issues Subpoenas to Investigate Prozac Mailing On July 9, 2002,
the Florida Attorney General issued investigative subpoenas to Eli
Lilly & Co., Walgreens and a number of health care providers to
determine whether state laws were violated when Prozac tablets were
mailed unsolicited to a Florida resident. In the most recent twist
on direct marketing of pharmaceuticals to patients, the individual
received an envelope from Walgreens that included a letter encouraging
the patient to switch to Prozac Weekly along with a free one-month
trial of the drug. The Attorney GeneralÕs office is concerned not
only with the unsolicited delivery of a prescription drug, but also
with the possibility that privacy rights were violated by the misuse
of medical information to target likely candidates for a particular
drug.
Florida
Attorney General Settles Eckerd Marketing Investigation The
Florida Attorney GeneralÕs Office announced July 10, 2002, that
it had reached a settlement with Eckerd Drug Corporation in the
investigation of the companyÕs use of private medical information
for commercial purposes. The attorney general had been investigating
EckerdÕs practice of having customers sign a form that not only
acknowledged receipt of a prescription but also authorized the store
to release prescription information to Eckerd Corp. for future marketing
purposes. The form apparently did not adequately inform customers
that they were authorizing the commercial use of their personal
medical information.
WASHINGTON, July 9 Under Congressional pressure, the Bush administration
said today that it was open to the idea of installing a chief privacy
officer in a new Department of Homeland Security to make sure it
weighed issues of confidentiality and the secure handling of personal
information. "If you bring us a proposal, I think we'd look at it
very carefully, Privacy is a very important function." Mr. Barr
opened a subcommittee hearing by asking Mr. Everson what steps would
be taken "to ensure the privacy of personally identifiable information
as the new agency establishes necessary databases that coordinate
with other agencies of the government." http://www.nytimes.com/2002/07/10/national/10PRIV.html
For many interactive marketers, one solution to that threat is permission-based
(also called opt-in) marketing. Behind permission-based marketingÕs
significance is the mounting focus on privacy matters among the
American population. This focus is not simply an online or an e-mail
phenomenonÑand itÕs not even a "phenomenon," if that means a fad
or a trend. Instead, privacy concerns represent a sea change in
how people are ready to deal with corporations and government, and
what they expect from those institutions in return. http://www.emarketer.com/news/article.php?1001333&ref=ed
v More than 14 million Americans are under continual electronic
surveillance by their employers, who not only watch e-mail, chats,
and Web traffic but also look into employee files, according to
a July 2001 report issued by the Privacy Foundation, a Denver-based
advocacy group. In some cases, the monitoring is reactiveÑas was
the case with General Dynamics. Most of the time, however, companies
watch their workers hoping to nip problems in the bud. Any machine
that belongs to a company is fair game. The company doesn't need
a warrantÑor your permission. http://www.emarketer.com/news/article.php?1001333&ref=ed
Every new technology gives birth to new security and privacy fears.
When mobile phones first started gaining popularity in the late
'80s and early '90s, it seemed anyone who could navigate a Radio
Shack could put together a little receiver to intercept random cell
traffic from the air. Although carriers have made it a little harder
to do that today, the sense that some conversations are better had
in person, or over a wired line, has not disappeared. http://www.newsfactor.com/perl/story/18488.html
FORT LAUDERDALE, Fla., July 3 "Enclosed you will find a free
one month trial of Prozac Weekly," it said. "Congratulations on
being one step to full recovery." The mailing infuriated one recipient,
a 59-year-old home caregiver who filed a class-action lawsuit
this week in state court here. "They're going after me because
I have a problem," said the caregiver, who agreed to an interview
in her lawyer's office here on the condition that her name be
withheld. "It bothers me to think that somebody could get into
my medical records and start sending me dangerous medications."
The suit says Walgreens, a local hospital, three doctors and Eli
Lilly, which makes Prozac, misused patients' medical records and
invaded their privacy. It also accused the drugstore and Lilly
of engaging in the unauthorized practice of medicine. http://www.nytimes.com/2002/07/06/national/06PROZ.html
Cellphones, with their unlisted numbers, have long been more
or less safe from the marketing that bombards kitchen phones,
mailboxes and e-mail in-boxes. But that electronic cocoon is starting
to fray. Telemarketers are increasingly reaching people on their
cellphones. Wireless phone services say they are receiving a growing
number of complaints from consumers angry because the calls are
costing them money. So many complaints, in fact, that a backlash
has begun. Companies and consumers are suing telemarketers. Legislators
in at least four states are trying to regulate such calls, and
a bill barring cellphone spam has been introduced in Congress.
http://www.nytimes.com/2002/07/05/business/05JUNK.html
Eye
scans, satellite tracking and digital video surveillance are among
the technologies that Silicon Valley officials recommended
Monday to bolster the San Jose airport's security and make travel
more efficient for passengers. Conscious of questions about an
erosion of civil rights, the group argued that its recommendations
would not infringe upon privacy rights. ``None of the recommended
technology applications have the potential (as face recognition
software would, for example) to radically change the amount of
private information that airports, airlines or the government
gathers about the public,'' the report stated.
From the Bill Gates e-mails unveiled during the Microsoft trial
to the Enron debacle, the digital trails people leave have provided
stunning insight into their beliefs and habits. Now the FBI is
hoping to capture and corral more of our digital detritus in the
name of fighting terrorism. The Senate Judiciary Committee on
Thursday will examine proposed Justice Department guidelines that
would give federal investigators new license to mine publicly
available databases and monitor Web use. The changes, which come
after a major FBI shakeup last week, have sparked intense
debate over the merits of expanding government surveillance powers
as the country faces ongoing threats of terrorist attacks.
Researchers Nathaniel S. Good and Aaron Krekelberg have found
that users of Kazaa
and other P2P filex sharing networks often share files that they
would probably rather keep private. "We discover[ed],"
said the HP researchers, "that the majority of the users
in our study were unable to tell what files they were sharing,
and sometimes incorrectly assumed they were not sharing any files
when in fact they were sharing all files on their hard drive."
What you are about to read is a solution
to spam that requires no reengineering of e-mail, the Web
or any other systems. It could be set up to guarantee spam blocking
using simple, existing technologies. I've dealt with corporate
intranets in the past, which have completely blocked e-mail from
the outside unless one is on an approved list. Contact must always
go through the network administration. Individuals working within
these institutions receive absolutely NO spam inside their network
because they have turned the filtering problem on its head. In
typical spam filtering, you filter information from select addresses
or with select content. In reverse filtering, you only permit
information from select addresses or with select content.
North Dakotans voted overwhelmingly last Tuesday to require banks
and credit unions to get customers' permission
before selling data on them, and privacy advocates say the vote
will send a message across the country. The result of the
statewide referendum, in which 72 percent of those casting ballots
favored a tightening of privacy law, "shows that when given
a chance, the voters of a conservative Plains state will vote
to protect their privacy, It gives the lie to the idea that privacy
is either a liberal idea or out of the mainstream." The editor
of Privacy Journal, published in Providence, R.I., said the vote
would encourage other groups working on privacy issues, and added,
"It might deter some legislators from going with corporate
interests."
Seth
Godin argues that privacy and anonymity lead to bad behavior.
Better to be transparent and identifiable than obscure, opaque
and anonymous. He floats a raft of good points worth serious consideration.
Are we ready to be fully visible?
The creator of an add-on
program for AOL Time Warner's Instant Messenger plans to eradicate
a component that phones home after critics called the feature
"spyware." The recent decision comes after some users
of Big-O Software's AIM+ program--which adds chat logging, ad
removal and other features to AIM--complained that the program
violated their privacy by sending information about their online
identity back to a Big-O server. "The fact that AIM+ returns
information to the Big-O Software servers has never been hidden
from the users," Mark Swiss, beta tester and community organizer
for Big-O Software, said last Friday in a
response to consumers' complaints on the company's online forum.
Best
Buy is changing its online privacy policy, allowing the company
to combine customer information from its Web site with that collected
in its stores. As part of the policy modification, the company
also said it may share with third parties information collected
from surveys or reviews on its site. The company has begun notifying
customers of the changes via e-mail; the updated policy will go
into effect June 9. The shift raised the eyebrows of some privacy
advocates. The changes are only the latest in a disturbing trend
of companies revamping their privacy policies to the detriment
of consumers, advocates say. Companies usually make such changes
themselves, taking little input from customers and leaving them
with little recourse.
Five
owners of a controversial digital video recorder sued the entertainment
world's biggest firms Thursday, asking a federal judge to
uphold consumers' rights to record TV shows and skip commercials.
The owners of the ReplayTV 4000 claim an entertainment oligopoly
of U.S. television networks and movie studios is trying to label
them as criminals. "I'm just trying to exercise my normal
rights in terms of video recording," said one of them, Craig
Newmark, founder of the popular community listings site Craigslist.org.
Features like commercial skipping, he added, help parents "protect
their kids from excessive consumerism."
North Dakota voters on Tuesday will be the first in the country
to make their own choice about how to regulate financial
privacy. A statewide referendum will decide if banks and other
financial institutions can continue to share or sell data without
obtaining customer permission. A disparate coalition seeking tighter
privacy restrictions, reaching from labor and the American Civil
Liberties Union to a small conservative organization, the Constitution
Party, forced the referendum on the ballot. There are unusual
allies on the other side, too: the banks and credit unions, which
often fight each other on financial regulation.
Privacy
and Security on your PC. Spyware, nosy bosses, unnecessary
demographic information,
the government: the efforts to learn what you're up to are constant.
In this first installment, know your adversaries, their tools--and
your rights. Extremetech covers the six layers of information
security.
He
cuts off telemarketers on the phone, regularly reminds direct-mail
associations to keep him off their lists and diligently opts
out of mass e-mail lists. But he didn't hesitate to give his fingerprint,
credit card information and phone number to a company he had never
heard of. He is one of the 2,000-plus customers of a Thriftway grocery
store in West Seattle who signed up in a pilot program run by Oakland,
Calif.-based Indivos Corp. that links customers' fingerprints with
their credit or debit cards, allowing them to buy groceries by simply
running a finger over a scanner.
The Justice
Department said today that it would immediately loosen restrictions
on the F.B.I., giving the bureau broad new powers to go after
terrorists without violating the United States Constitution. Attorney
General John Ashcroft and the F.B.I. director, Robert S. Mueller
III, announced the changes this afternoon. Mr. Ashcroft said that
far from endangering the rights of Americans, the changes would
allow federal agents to do things that members of the public already
do. Under the current guidelines, the bureau cannot send undercover
agents to investigate groups that gather at places like mosques
or churches unless investigators first find probable cause or evidence
that leads them to believe that someone in the group may have broken
the law. Now they can attend any function open to the public.
New York
State has taken aim at the growing amount of spam plaguing consumers
by filing suit against online marketing company MonsterHut and two
of its executives. "Every day, New Yorkers are being inundated
with unsolicited commercial e-mails, or spam," Spitzer said.
He called a portion of the spam "a vehicle for fraud"
and noted that some of it is "inherently fraudulent."
Spitzer leveled the suit at MonsterHut, company CEO Todd Pelow and
chief technical officer Gary Hartl, accusing them of representing
the company’s e-mail marketing service as an opt-in offering.
Their claims, the suit alleges, are intended to convince outsiders
that every consumer who has received commercial e-mail from MonsterHut
specifically requested it.
A Tennessee man who devised an audacious
identity-fraud scheme to bilk jewelers and corporate executives
out of $730,000 worth of diamonds and Rolex watches was sentenced
to eight years in prison yesterday by a federal district judge in
Manhattan. The defendant, James Rinaldo Jackson, 41, said when he
pleaded guilty in 2000 that he found the names of corporate executives
in "Who's Who in America" and paid $50 to $100 to buy
their Social Security numbers from Internet information brokers.
He also fraudulently obtained their credit card numbers and other
personal data, and impersonated his victims on the telephone to
buy the jewels and watches. "The defendant's crimes are everyone's
worst nightmare,"
Glitches
in a controversial FBI system to monitor the e-mail of suspected
criminals likely hampered an investigation of al Qaeda two years
ago, according to internal FBI documents released on Tuesday. According
to memos obtained by the Electronic Privacy Information Center,
FBI investigators threw out the results of an e-mail wiretap in
March 2000 because the system, commonly known as "Carnivore,"
collected electronic messages of regular Internet users as well
as the target of the probe. FBI officials have told Congress the
system captures only a narrow field of information for which interception
is authorized by a court order. The documents showed Carnivore had
occasionally grabbed the e-mail messages of other Internet users,
especially when set up to work on unusual e-mail systems.
Technology
companies are enlisting in the war on terrorism, seeking to
profit by making Americans more secure. But some of the new technologies,
including lie detectors that claim to read brain waves and electronic
scanners that see through clothing, raise concerns about possible
invasions of privacy. "In the wake of Sept. 11, a wide array
of corporations, with the active encouragement of the U.S. government,
are developing new and extremely intrusive systems to capture
personal data, biometric data and video information," said
Wayne Madsen, a privacy researcher at the Electronic Privacy Information
Center in Washington. All technology companies seek to share in
the billions of dollars budgeted for homeland security.
BRUSSELS, May 27 (Bloomberg News) - The European Commission has
begun an inquiry into Microsoft because of concerns that its .NET
Passport system may violate privacy rules. The European Commission
said last week that it had concerns about the legality of Microsoft's
Passport, which stores identity data on the company's servers
so that Internet users do not have to re-enter it as they move
among programs and Web sites. Microsoft already faces the threat
of a fine by the commission for abusing the dominant position
of the company's Windows operating system, which runs 90 percent
of the world's personal computers.
TRUSTe, the nonprofit organization widely known for its
leading privacy certification and seal program, and ePrivacy
Group, a respected privacy consulting, training and technology
company, have joined forces to launch a groundbreaking email certification
and seal program to bring consumer trust to commercial email.
Under the banner “Trusted Sender,” this new program
includes beta testers Microsoft, DoubleClick and Topica. Announced
in January.
Researchers in Scotland are developing a new kind of Web monitoring
software that they claim can collect enormous amounts of data
on Web
surfers while remaining nearly undetectable. The University of
Strathclyde received the award for an undisclosed sum Thursday.
Dr.
Lykourgos Petropoulakis, who is heading the 18-month research
project,
declined to comment on the technology, calling it "highly
classified"
information. Web surveillance software has drawn intense interest
from
consumer advocates, who fear the interactive nature of the Internet
can
provide
unprecedented power for governments, corporations and individuals
to trample people's privacy.
The agency responsible for the U.S. Defense Department's global
networks and classified command and control systems has a gaping
security hole in its front yard -- security cameras at its headquarters
in
Arlington, Va., are connected to a nonsecure and unencrypted wireless
LAN. Chris O'Ferrell, chief technology officer at NETSEC Inc.
in Herndon,
Va., which provides intrusion-detection services to numerous federal
agencies and commercial customers, detected the nonsecure
wireless
LAN at the Defense Information Systems Agency (DSIA) last
Friday.
While parked across the street from DISA's headquarters, O'Ferrell
was
able to easily map the topology of the agency's network, including
the
Service Set Identifier (SSID) numbers of access points and numerous
IP
addresses.
Ford Motor Credit informed 13,000 consumers Friday that their
personal
information -- including Social Security number, address, account
number and payment history -- was accessed by hackers
who broke
into a database belonging to the Experian credit reporting
agency. Federal
Bureau of Investigation special agent Dawn Clenney told NewsFactor
that the data breach is being investigated and that law enforcement
is
working with Ford, which believes the hack occurred sometime between
April 2001 and February 2002. Letters to the 13,000 people, 400
of
whom were Ford credit customers, were mailed out in the last three
weeks. Privacy advocates, who point to identity theft's ascent
as the
top crime in the United States, called the exposure another example
of
insufficient privacy protection in the country.
A Senate committee appeared set on Thursday to pass a controversial
measure that would limit the way businesses could use customers'
personal
information, until it was delayed by a parliamentary maneuver.
The Senate Commerce Committee voted to approve several changes
to
the bill, designed to increase Internet privacy by limiting how
businesses use phone numbers, purchase records and data collected
through their Web sites. But a final vote to send the bill to
the full
Senate was blocked by Sen. Trent Lott, who invoked an obscure
parliamentary rule that can prohibit a committee from taking action
two
hours after the Senate convenes.
Provisions of two new bills -- one to increase online "cybersecurity,"
the other to aid in the prosecution of online child pornography
-- would
remove
statutory protections that safeguard personal data in the
hands
of Internet Service Providers (ISPs). Current law protects the
privacy of
electronic communications by prohibiting ISPs from disclosing
to the
government their customers' e-mail without a court order. The
two new
bills open loopholes in that protection by creating broad new
categories
of "voluntary" disclosure.
On May 16, the Senate Commerce Committee marked-up S. 2201, the
Online Privacy Protection Act, introduced by Senator Ernest
Hollings (D-SC).
"Marking up" a bill means amending it in a formal Committee
session
where Members or Senators offer amendments, debate them and vote
on
them. Often at mark-up many amendments are rolled into a single
"substitute" offered by the bill's sponsor. The Hollings
bill as introduced,
CDT's analysis of it, and the text of the amendments on May 16
are all
available at:
E-mail
address appending is the process of adding an individual’s
e-mail
address to that individual's record inside a marketer’s
existing database.
This is accomplished by matching the marketer’s database
against a
third party, permission-based database to produce a corresponding
e-mail address. I was amazed that the organization (Direct Marketing
Association) danced around privacy issues by creating a loophole
extravaganza. The document was written by marketers for marketers,
culminating in a classic case of a wolf in sheep’s clothing.
Opinion
column by Rodney Much.
New
York Times Letters to the Editor on Privacy Issues
Tens of thousands of
stolen credit-card numbers are being offered for sale each
week on the Internet in a handful of thriving, membership-only
cyberbazaars, operated largely by residents of the former Soviet
Union, who have become central players in credit-card and identity
theft. The marketplaces where credit card prices fluctuate with
supply and demand in a sort of black stock market offer a window
into a crime that costs the financial system $1 billion or more
a year. They also show how readily personal information is being
stolen and traded in the computer age.
(Free membership required, read the privacy policy!)
Two University of Cambridge computer security researchers plan
to describe on Monday an ingenious and inexpensive attack that
employs a $30 camera flashgun and a microscope to extract secret
information contained in widely used smart cards. The newly
discovered vulnerability is reason for alarm, the researchers
said, because it could make it cost-effective for a criminal to
steal information from the cards. Smart cards are used for dozens
of different applications, including electronic identity protection,
credit and debit cards and cellular phone payment and identity
systems.
(Free membership required, read the privacy policy!)
Researchers in Scotland are developing a new kind of Web monitoring
software that they claim can collect enormous amounts of data
on Web surfers while remaining nearly undetectable. "Technology
like this, once it's spread around, means
people can be tracked from site to site," said Lee Tien,
senior staff attorney for the Electronic Frontier Foundation.
"Whatever (the Scottish Enterprise) is doing, this is part
of a long-standing practice by governments to fund the development
of spying technology or, more generally, technology that facilitates
law enforcement and national security."
Since "Googling"
-- looking up a new acquaintance on Google before going out on
a date -- has become a popular research tool, this could become
a real liability. It happens sometimes, said Google software engineer
Matt Cutts. Your Web presence depends on things that you can't
always control -- "how long you've been on the Internet,
whether you have a home page, how actively you seek out social
contacts online," he said. Finding the right balance between
recognition and privacy is difficult. Chris Hoofnagle, legislative
counsel at the Electronic
Privacy Information Center, a Washington-based nonprofit, outlined
a few options for people seeking to control their own Google identity.
Yahoo, the vast Internet portal that set off howls of protest
when it abruptly changed its marketing policy in March. Suddenly,
Yahoo
granted itself the right to send advertising messages to tens
of millions of its users who had previously asked to receive
none. The blanket permission went beyond e-mail to include postal
mailings and telemarketing phone calls. Immediately, privacy advocates
reacted with criticism, and outraged postings flooded message
boards all over the Internet. In the four weeks from March 25
to April 21, nearly a million Internet users in the United States
looked at Yahoo's new privacy policy.
A troubling trend in constitutional law: the erasing of the line
between commercial and noncommercial speech. Last month, a court
struck down a federal law banning junk faxes and affirmed
the right of a company called American Blast Fax to continue to
blast away. If other courts push corporate free speech to this
illogical limit, laws against spam e-mail may suffer the same
fate, as judges elevate the right to send e-mail ads for get-rich-quick
schemes and Internet pornography sites to a constitutional imperative.
Editorial Opinion.
A NEW survey shows a correlation between the actions of Sacramento
politicians on financial-privacy legislation and the amount
of contributions they have received from the measure's opponents.
Opponents of legislation that would require banks and insurance
companies to obtain customer permission before selling or sharing
personal financial information contributed nearly $5 million to
legislators and the governor since the 2000 election cycle, Common
Cause found in its study, titled "Privacy for Sale."
If you shop on the Internet, you may fret about keeping your credit
card number safe. But when
you pay a bill to a hospital or clinic, you probably don't think
about where those computerized
account records end up. Nor is that foremost on your mind when
you start a job and provide
your employer a home address and Social Security number. Yet the
way those bills and records are handled can determine whether
you become
a victim of identity theft, the top online consumer complaint
at the Federal Trade Commission.
San
Francisco Chronicle Opinion on privacy legislation. AN UNACCEPTABLY
weak
financial-privacy bill
reaches a critical juncture today in the state Assembly's Judiciary
Committee. This is the moment for sponsoring Assemblyman Joe Nation,
D-San Rafael, to deliver on his promise to produce truly meaningful
consumer protections in AB1775. It may require Nation to break
his alliance with Gov. Gray Davis, who undermined a strong privacy
bill last year -- and appears determined to do so again.
Homeland Security Director Tom Ridge for the first time disclosed
Thursday the Bush administration is studying ways to set
national standards for driver's licenses that would assist
in preventing fraudulent identification and expose aliens who
overstayed their visas.
Once the musings of science fiction writers and technology whiz
kids, the promise of fingerprints and retinas opening some doors
-- and keeping others locked -- has been rushed into reality.
Companies around the world are perfecting ways to scan,
store and process faces, fingers, voices, hands and eyeballs.
The Sept. 11 attacks spurred a mini boom in security products
and services, and scuttled some of the privacy and civil liberties
concerns that long hampered the industry.
"We've
been ordered to invade the privacy of our customers,'' said
Ken Potashner, SonicBlue's chairman and chief executive. ''This
is something that we find personally very troubling.'' Privacy
advocates condemned the ruling which came during the pre-trial
discovery process of a series of lawsuits against SonicBlue. Last
October, the studios and networks accused SonicBlue of permitting
copyright-infringement with its latest digital video recorder.
The machines work like a VCR but record to a hard drive instead
of video tape.
As wireless laptops, scanners and other gadgets become more popular
in businesses and homes, threats
to privacy are growing as well. Just this week, Best Buy suspended
use of wireless cash registers over concerns that eavesdroppers
could obtain credit card numbers and other customer data by sitting
in the parking lot with the right equipment.
Federal
authorities announced a nationwide sweep of identity theft arrests
today, charging the people with using false credentials to cover
up a murder, sell homes belonging to the elderly and exercise
176,000 stock options belonging to an unknowing company executive.
Attorney General John Ashcroft announced the prosecutions, many
of them fraud cases, to demonstrate sharply stepped-up federal
efforts, and he called on Congress to pass legislation to ensure
that identity thieves received longer sentences (Free membership
required, Read the Privacy Policy!)
Intrusion Explosion. Forget all about old-fashioned consumer surveys
or even focus groups. The hot new technique in exploring your
buying decision is called "observational
research" or "retail ethnography." This buying-spying uses
hidden surveillance cameras, two-way mirrors and microphones concealed
under counters. Opinion from William Safire. (Free membership
required, Read the Privacy Policy!)
Free-speech group Peacefire.org
has won a legal round in its fight against unsolicited e-mail,
invoking Washington state's anti-spam law. The King County District
Court in Bellevue, Wash., on Monday granted Peacefire $1,000 in
damages in each of three complaints filed by Peacefire Webmaster
Bennett Haselton. The small-claims suit alleged that Red Moss
Media, Paulann Allison and Richard Schueler sent unsolicited commercial
messages to Haselton that bore deceptive information such as a
forged return e-mail address or misleading subject line.
Disguise
your desk and keep your boss out of your office if you want any
privacy. Personal spaces such as offices and bedrooms are an
"incredibly rich" source of information about people's personalities,
according to new research by psychologist Samuel Gosling of the
University of Texas and his colleagues. Their study found people
are "remarkably accurate" at guessing some aspects of others' personalities
-- in particular whether they tend to be open and conscientious
-- based only on a look at either their offices or their bedrooms.
A Senate
effort to limit what businesses can do with information they collect
online from their customers is under attack from Internet companies
and getting tepid support from consumer advocates. The proposed
online privacy legislation, introduced last week by Sen. Ernest
Hollings, D-S.C., would require businesses to tell visitors to their
Web sites what information is being gathered on them and how it
will be used. Online businesses would then have to get consumers'
permission before sharing with third parties sensitive information
such as bank accounts, medical information, political or religious
affiliation or Social Security numbers. Anyone who finds sensitive
data was misused and can prove harm could sue for up to $5,000 for
each use of the information.
Microsoft and other technology makers struggling to define new Web
services business models have another obstacle: consumer
distrust of online authentication systems. A new Gartner study
indicates that despite compulsory sign-up programs, consumers aren't
interested in online identity and authentication accounts--such
as Microsoft's Passport and AOL's Screen Name service--and won't
be anytime soon. Moreover, few people trust Microsoft and AOL to
safeguard the personal or financial information necessary for conducting
online transactions.
Seven months after terrorism trumped privacy as a Congressional
concern, bipartisan alliances in both houses are seeking to rekindle
the issue. In the House, Representatives Bob Barr, Republican of
Georgia, and Jerrold Nadler, Democrat of Manhattan, ideologically
as far apart on other issues as two members can be, are pushing
legislation to
require government regulators to include a "privacy impact statement"
in any new regulatory proposals. Such statements listing the privacy
consequences of any regulation could then be the subject of court
battles, delaying the rule-making process.
Federal
regulators Monday fined the Web site operator for the Etch-A-Sketch
toy and sent warning letters to more than 50 other Internet operators
regarding children's privacy online. The Ohio Art Company, which
makes the children's doodling toy, has agreed to pay $35,000 to
settle charges it violated the Children's Online Privacy Protection
Rule, the Federal Trade Commission said. The site was collecting
information from children before obtaining parental or guardian
consent, the FTC said in a statement. Companies must make their
privacy policies compliant with the law.
ISPs
oppose Minnesota Web privacy bill A controversial bill before
the Minnesota state legislature would limit how Internet service
providers (ISP) use consumers' private information, and a lobbying
group warned that ISPs will pull out of the state if the bill becomes
law. The bill would prevent ISPs from collecting data on customers'
Web surfing habits and then selling that data to other companies.
It's the talk of Silicon Valley: How
did someone break into the voice mail of Hewlett-Packard Co.'s chief
financial officer, snag a sensitive message from his boss, Carly
Fiorina, and leak it to the local newspaper? HP executives were
shocked. But experts in phone systems and computer security say
they're not surprised - largely because voice mail is digital and
is stored on computers. "If you don't want it publicized, don't
say it digitally," said Bruce Schneier, founder of Counterpane Internet
Security Inc. "Don't put it in e-mail, don't record it in a voice
mail, don't put it in a Power Point presentation. Basically, all
of this stuff is vulnerable."
Leak
of a private voice mail from (HP CEO Carly) Fiorina to (HP CFO Bob)
Wayman, left March 17, two days before the shareholder vote
on the Compaq merger. The voice mail, sent anonymously to the (San
Jose) Mercury News earlier this week, details strategy for last-minute
lobbying of two key shareholders by Fiorina and other executives.
In his e-mail Thursday, Wayman told employees he felt "personally
violated" by the voice mail leak, adding "it is illegal and damaging
to the company and your fellow employees." Wayman said HP is "vigorously
investigating" this breach along with others that have occurred
in recent weeks. The perpetrators, he warned, will be prosecuted
"to the fullest extent."
Jeffrey
Rosen, law professor at George Washington University Law School,
in his feature article for the New York Times Magazine, Sunday April
14, discusses in detail the connect-the-dots database concerns elicited
in my comments from last week's list. Larry Ellison says, "Central
databases already exist. Privacy is already gone." Rosen ends his
lengthy article with a question to Ellison, "In 20 years, do you
think the global database is going to exist, and will it be run
by Oracle?" "I do think it will exist, and I think it is going to
be an Oracle database," he replied. "And we're going to track everything."
Thousands of people who have installed a popular
wireless video camera, intending to increase the security of
their homes and offices, have instead unknowingly opened a window
on their activities to anyone equipped with a cheap receiver. The
wireless video camera, which is heavily advertised on the Internet,
is intended to send its video signal to a nearby base station, allowing
it to be viewed on a computer or a television. But its signal can
be intercepted from more than a quarter-mile away by off-the-shelf
electronic equipment costing less than $250.
Bye, Bye Yahoo. Opinion
piece discussing YAHOO! Desperation Tactics.
A
Greeting Steals Its Way Onto Your Hard Drive. Outlook owners,
look out. Users of Microsoft popular e-mail program are the targets
of a new computer virus, made by an artist, that arrives disguised
as an electronic greeting card. When the card is opened, the virus
spreads by randomly picking three images from the recipient's hard
drive and sending them in a flickering message to everyone in the
victim's Outlook address book.
Microsoft,
I.B.M. and VeriSign plan to announce a new technical approach
today that they hope will ensure greater security and thus stimulate
commercial development of an emerging Internet technology called
Web services. Web services is the term used to describe clever software
that in theory could bring a new level of automation and greater
productivity to all kinds of online transactions among companies,
suppliers and consumers. Yet the new, unproven technology Ñ which
uses the Web to find and share data in electronic databases of companies
or individuals Ñ has stirred concerns about data security and personal
privacy.
Microsoft
has quietly shelved a consumer information service that was
once planned as the centerpiece of the company's foray into the
market for tightly linked Web services. The service, originally
code-named Hailstorm and later renamed My Services, was to be the
clearest example of the company's ambitious .Net strategy. It was
intended to permit an individual to keep an online persona independent
of his or her desktop computer, supposedly safely stored as part
of a vast data repository where there could be easy access to it
from any point on the Internet.
Seeking
Profits, Internet Companies Alter Privacy Policy. Internet companies
are increasingly selling access to their users' postal mail addresses
and telephone numbers, in addition to flooding their e-mail boxes
with junk mail. Yahoo, the vast Internet portal, just changed its
privacy policy to make it clear that it has the right to send mail
and make sales calls to tens of millions of its registered users.
And it has given itself permission to send users e-mail marketing
messages on behalf of its own growing family of services, even if
those users had previously asked not to receive any marketing from
Yahoo.
Now that HTML e-mail has become increasingly common, cookies
are showing up in HTML e-mail messages, many of which are sent
by spammers, who have little or no obligation to disclose how they
use consumer data they collect. Whereas cookies on Web sites generally
collect data "anonymously," e-mail cookies have the potential to
connect individuals' surfing habits with particular e-mail addresses.
A three-judge panel hearing a case against the Children's Internet
Protection Act were openly skeptical of the law at the end of the
two-week trial. The plaintiffs, including libraries, library patrons,
and operators of Web sites, want to overturn the law because it
mandates
Internet filters that the group says restrict free speech. The
judges seem to agree.
Most
passwords are hopelessly easy to guess and many employees put
company information at risk by using easily guessed or simple to
break passwords. Very few employees are ever trained in rudimentary
security measures which puts networks at peril.
DoubleClick
settlement details begin to slowly emerge from the shadows after
last week's announcement of the class action suit against privacy
protection advocates. The online advertising company has agreed
to pay $1.8 million in legal fees and will purge their list of names
on a regular basis.
YAHOO! flames
flying after they opt-in users to spam last week. Because word
travels fast online, even users who have not yet been notified by
YAHOO! are angry about the changes to their privacy preferences,
even though YAHOO! claims that no changes take effect for 60 days
from the day the user is notified of the change.
Corporate
hack attacks go unreported to law enforcement or federal authorities
due to concerns of public exposure of privacy and security problems
at those companies suffering attacks.
Ezine-Tips discusses problems
with BBB privacy seal and third party list hosts. Web sites
approved by BBB online are required to place the seal on every page,
including that of list hosts. If those hosts don't allow posting
of the BBB seal for members, then those list owners cannot get the
BBB privacy seal at all.
As the number of wireless
devices in use continues to grow, security concerns regarding
them are mounting as well. New market research reports from Gartner
and IDC suggest that corporate users and consumers have reason to
question how much information they could be giving away through
their wireless devices.
International Business Machines Corp. (IBM) said on Wednesday it
is releasing free software that will allow companies to
automate their Internet privacy practices, while AT&T Corp.
T.N has free software to alert Web surfers to different privacy
settings on Web sites.
A poll taken just after the six-month anniversary of the September
11th attacks on New York's World Trade Center
and the Pentagon showed that Americans' support for and confidence
in electronic governmental surveillance is waning. http://www.newsfactor.com/perl/story/17029.html
Informix spin-off Ascential Software Inc. last week said it's buying
privately held data-cleansing software vendor Vality Technology
Inc. for about $92 million in cash. The deal, slated to close in
April, would let Ascential
(ASCL-Nasdaq) expand its tool suite for building data warehouses.
http://www.informationweek.com/story/IWK20020312S0085
The U.S. Federal Trade Commission has joined eight state law enforcers
in the United States and four Canadian agencies in an initiative
targeting deceptive spam and Internet fraud. The agencies have
brought 63 law enforcement actions against Web-based scams ranging
from auction fraud to bogus cancer cure sites, and have sent more
than 500 letters warning people sending deceptive spam that it is
illegal. The task force has been dubbed "NetForce"
DoubleClick
agrees to settle Privacy Litigation. Internet advertiser DoubleClick
Inc. on Friday said it had agreed to purge consumer information
it had collected and adhere to an enhanced privacy policy, as part
of a settlement of federal and state class action lawsuits filed
against the firm. DoubleClick agreed to notification and opt-in
approval for combining individual clickstream data with other personally
identifiable data. It also agreed to pay $1.8 million in legal fees.
A lot of companies are busy gathering customer data, but knowing
how to put that data to good use remains an obstacle for many firms.
Data mining is growing dramatically, but data warehousing poses
huge obstacles to that fine line between personalization and privacy
invasion. This
study of Customer Relationship Management implementation skims
the surface of what to do with all that data once collected.
Crime-Fighting
by Computer Widens Scope. New York City's renowned Compstat
(short for computational statistics) crime-fighting program, originally
created to measure and map serious crime in city neighborhoods,
has grown into a sweeping data-collection machine that traces hundreds
of factors, many of which appear distant from the nuts and bolts
of police work.
Yahoo March 28 Ñ The giant
web portal has revised its privacy policy to more clearly describe
how user data will be treated in certain circumstances, company
officials said. THE NEW POLICY states Yahoo will share information
to investigate circumstances involving illegal activity such as
fraud, violations of its terms of service agreement and the use
of its service for potential threats. The revision also said Yahoo
will transfer user information if it is acquired by another company
and abide by the acquiring companyÕs privacy policy.
A Loss to Medical
Privacy Opinion By DONNA E. SHALALA, former Health and Human
Services Director for Clinton Administration says that the Bush
administration must be careful not to accept changes to regulations
that could lead to the misuse of patients' personal health information.
Got a mobile phone? We know where, when, and who you are! Mobile
industry proposes opt-in policy for cellular users to help them
avoid location-based
mobile text messaging spam.
Budweiser has launched a World Cup promotion using global positioning
satellite technology. It has hidden special transmitters inside
beer cans and bottles sold in multi-packs in stores across the UK.
Opening a special can or bottle will be picked up by communications
satellites. Winners
will be tracked down and receive a trip to see England and Ireland
in the World Cup finals.
Bush administration proposed dropping a requirement at the heart
of federal rules that
protect
the privacy of medical records. It said doctors and hospitals
should not have to obtain consent from patients before using or
disclosing medical information for the purpose of treatment or reimbursement.
Scannable
driver licenses threaten privacy when scanned and stored by
businesses such as bars, convenience stores and other commercial
interests by keeping detailed records locally and making them accessible
by any employee with access to the scanner.
Privacy Issues Weighty Ecommerce Concern. Privacy has been a
growing topic of concern among the US public since 11 September.
Harris found that 91% of US consumers say they would be more likely
to do business with a company that verified its privacy practices
with a third party.
On March 4, 2002, Privacy International presented the 4th
annual UK "Big Brother" awards to the government and private
sector organisations that have done the most to invade personal
privacy in Britain.
Best place for a break-in? The front door! Professional
hacker Daniel Lewkovitz says if you look like you belong, employees
will hold the doors open for you.
Modem
LED's transmit data stream optically and can be intercepted
optically if your modem is visible through a window, regardless
of your stringent internal security measures.
RIM Blackberry Internet edition openly
transmits your unencrypted email to anyone who wants to intercept
it across wide geographic areas within the Mobitex network.
Massive Identity Theft
