October 19, 2005

A Blizzard of Privacy-Related Stories

Filed under: Business Moves,Consumer Outrage,Privacy/ID Theft,Taxes & Government — Tom @ 10:20 am

More indications, except in the spammer prosecutions noted below, that The Surveillance Society is not far away:

Diamonds Are Forever, and Data May Be Too

Google Has Data. Oh, does it have data:

Google Offers Glimpse at Data Collection

NEW YORK (AP) – Google Inc. (GOOG) is now disclosing more details on how it collects and uses data obtained from users, but it is remaining silent on several key questions that concern privacy advocates.
The company’s new privacy policy, though little changed in substance from one issued 15 months ago, is easier to read and reflects Google’s expansion beyond its core search engine business.
It also describes in greater detail what Google is doing to protect against abuses.
But it remains remains silent on how long information is kept. That’s an area of growing concern as Google offers more and more services that potentially collect and store a wealth of personal data, making the company’s servers a prime target for abuse by overzealous law enforcers and criminals alike.
….. Chris Hoofnagle, senior counsel with the Electronic Privacy Information Center, said the changes do nothing to diminish his worries that Google is amassing “quite a trove of transactional and personal data” through its various services, which include e-mail, driving directions, photo-sharing, instant messaging and Web journals.
Because storage is cheap, data from these services can be retained practically forever.
Wong said Google could not set a general time limit on data retention because needs vary by service.

It looks like thirty years from now, when a child who is now five years old decides to run for political office, he or she will have to explain that fifth-grade Frog in the Bookbag incident.

Great, More Things I’ll Need to Remember, or Stuff I’ll Need to Carry Around

As usual, the burdens of security are being pushed down to the consumer:

Feds Want Banks to Strengthen Web Log-Ons

BOSTON (AP) – Federal regulators will require banks to strengthen security for Internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.
Bank Web sites are expected to adopt some form of “two-factor” authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week.
In two-factor authentication, customers must confirm their identities not only through something they know, like a PIN or password, but also with something they physically have, like a hardware token with numeric access codes that change every minute.
…. Banks might also issue one-time passwords on scratch-off cards or require “secret questions” about a customer’s account, such as the amount of the last deposit or mortgage payment.
The council also suggested that banks explore technology that can estimate a Web user’s physical location and compare it to the address on file.
The most common way of stealing consumers’ personal identity data and financial account credentials online, known as phishing, typically involves sending e-mails that direct unwitting users to phony Web sites. Data harvested at such sites is then used fraudulently.
The Anti-Phishing Working group, an industry association, reported 13,776 unique types of phishing attacks in August.

Don’t get me wrong; consumers should be vigilant. But the financial services business has not paid nearly enough attention to fraud, identity theft, and especially data protection for years. Now the solution, courtesy of their federal regulators, is to make things more inconvenient for us. For example, the GPS comparison of where you are to where you should be (at home) is going to be roughest on those who travel and want to do business over the Internet, while criminals will surely figure out ways to make it look like they’re where they’re “supposed” to be.

Good News: A Couple of Detestable Spammers Were Thrown into the Junk Box

- New York Spammer Sentenced in Closed Session
- FBI Raid Shuts Down Suspected Spammer

Creepy: Your Printed Documents Can Be Traced to Your Printer

At least if you use Xerox DocuColor printers:

EFF Reveals Codes in Xerox Printers

NEW YORK (AP) – Just because a document from a color laser printer doesn’t carry your name doesn’t mean no one can trace it back to you, privacy advocates warn.
The Electronic Frontier Foundation says it has cracked the tracking codes embedded in Xerox Corp. (XRX)’s DocuColor color laser printers. Such codes are just one way that manufacturers employ technology to help governments fight currency counterfeiting.
“Underground democracy movements … will always need the anonymity of simple paper documents, but this technology makes it easier for governments to find dissenters,” said Lee Tien, EFF senior staff attorney. “Even worse, it shows how the government and private industry make backroom deals to weaken our privacy by compromising everyday equipment like printers.”
Researchers found patterns of yellow dots arranged in 15 by 8 grids and printed repeatedly over every color page, said Seth Schoen, a staff technologist at the San Francisco-based civil-liberties group.
The dots are visible only with a magnifying glass or under blue light, which causes the yellow dots to appear black.
By analyzing test pages printed out by supporters worldwide and by staffers at various FedEx Kinko’s locations, researchers found that some of the dots correspond to the printers’ serial numbers. Other dots refer to the date and time of the printing.

You can be sure that other printer makers either are using this identifying technology already or will be shortly. Despots around the world are surely pleased.

Update: Marginal Revolution wonders, “Would the Berlin Wall have fallen if East European governments had access to this kind of technology twenty years ago?”

Creepy II: Tracking Wireless Phone Use as an Indicator of Traffic Jams

Yeah, it’s only for traffic management–so far:

Missouri May Track Cell Phones for Traffic Data

JEFFERSON CITY, Mo. (AP) – Driving to work, you notice the traffic beginning to slow. And because you have your cell phone on, the government senses the delay, too. A congestion alert is issued, automatically updating electronic road signs and Web sites and dispatching text messages to mobile phones and auto dashboards.
In what would be the largest project of its kind, the Missouri Department of Transportation is finalizing a contract to monitor thousands of cell phones, using their movements to map real-time traffic conditions statewide on all 5,500 miles of major roads.
….. But privacy advocates are uneasy nonetheless.
“Even though its anonymous, it’s still ominous,” said Daniel Solove, a privacy law professor at George Washington University and author of “The Digital Person.”"It troubles me, because it does show this movement toward using a technology to track people.”

That may seem far-fectched to some. I don’t think so. We tend to naively assume tools like this will always stay in the hands of those who have our interests at heart. Thinking of a few of the people who have been in power in this country in the past 40 years, I submit that we cannot rely on that being the case, and that this technology, if allowed to run wild, could severely limit our right to be left the heck alone.

Share

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.