Tuesday, November 8, 2005

Government Maintains Tight Control in China. Government Maintains Tight Control in China. Even as China moves towards a more globalized economy, political freedom in the communist country remains restricted. The seventh report on China looks at the difficulty of innovation in a censored environment. By NewsHour with Jim Lehrer. [NewsHour with Jim Lehrer Podcast | PBS] 1:39:16 AM  PermaLink   / trackback []

QDN: Trade secrets vs. personal liberties A ruling came out of the Florida courts yesterday that's managed to pique my interest a bit. In the case, a group of accused drunk drivers requested access to the program code for the breathalyzer that was used to document their blood alcohol levels; the court agreed with their request, and ordered the state to provide them with the code. The kicker is that the manufacturer of the breathalyzer claims the source code as a trade secret and is refusing to surrender it to the state, meaning that all of the drunk driving convictions obtained by using the device can now be called into question (and potentially overturned). 1:16:10 AM  PermaLink   / trackback []

KEYC Television, Mankato, MN - Medical Privacy In our money talks segment, there are numerous ways that your private medical information can become public. In this exclusive report, money reporter Stacy Johnson reveals the sick truth about your lack of medical privacy". I believe that the doctor has a degree of assurances that my medical records will not be common knowledge" 1:02:31 AM  PermaLink   / trackback []

Security and Data Privacy in Sun Connection. Security and Data Privacy in Sun Connection. Sun's experience helping customers build highly secure IT infrastructures has led Sun to design its product and service offerings to simplify security and to help maintain data privacy. Sun Connection, Sun's new vision for always available service and support, takes advantage of Sun's expertise in security and data privacy and includes a trusted service connection that offers new opportunities for creative solutions to business needs. [ITPapers.com - Recent Privacy Issues White Papers] 12:58:03 AM  PermaLink   / trackback []

Federal rules adopted for electronic U.S. passports. Federal rules adopted for electronic U.S. passports. The U.S. State Department will begin moving later this year to RFID-equipped electronic passports that officials said have been designed to address privacy concerns about potential data theft and tracking. [Computerworld Privacy News] 12:55:58 AM  PermaLink   / trackback []

Working Late" Won't Work Anymore - New services can track you-or your loved ones-by cell phone It sounded too Orwellian ever to succeed. In 2000, Korean cellular carrier SK Telecom introduced a service called "find friends" that lets others follow your every move, using a signal beamed from your handset. At the time, many wondered whether anyone would consent to such tracking.  But five years -- and countless terrorist attacks, earthquakes, and other calamities -- later, the service is taking off. "I used to be worried when my boyfriend didn't answer my calls," says Shim You Sun, a 25-year-old accountant who pays 11 cents each time she checks up on him. "Now I can rest assured that he is at work or busy attending a seminar." She's one of more than 4 million Koreans who have signed up for various services using technology that can determine a cellular subscriber's location. One, costing $3 per month, will send a message with your coordinates to friends and family periodically while you're traveling. Another will automatically dispatch a text message to friends who get within a block or so of each other as they move around town. Yet another, costing 29 cents a day, will send a message if a person isn't at a specified place at a certain time and then allows the tracker to see the person's movements over the previous five hours. And 20,000 parents pay $10 per month for alerts if their children stray from the route between school and home. The Korea Association of Information & Telecommunication reckons such services are growing by 74% annually, with revenues expected to triple in 2007, to $1.54 billion, from $500 million last year. In Korea, the future may have arrived early. Elsewhere it might take a while before consumers warm up to the idea of cellphone tracking. In the U.S., a company called Teen Arrive Alive offers parents a $20-a-month tracking service for their teens. But to date the company has sold the service to only one cell-phone carrier, Nextel. Others are having a tough time, too. Cingular phased out a tracking service offered by AT&T Wireless when the two carriers merged last year. Small wonder: Less than 20% of Americans are willing to pay for such info, says market watcher Jupiter Research. 12:53:46 AM  PermaLink   / trackback []

FBI Pushing Patriot Act Powers. FBI Pushing Patriot Act Powers. As the Patriot Act comes up for renewal, lawmakers react to a Washington Post report of the FBI's use -- and possible abuse -- of the law to gain access to private phone and financial records of ordinary citizens. [Wired News: Security Blanket] 12:48:46 AM  PermaLink   / trackback []

Computerworld | Retailers under pressure to tighten security Privacy concerns and proposed laws governing the use of sensitive personal information are making it more important for retailers to be able to demonstrate due diligence when it comes to information security practices, according to IT managers at the Retail Data Security Forum in Chicago this week. An inability to do so could expose companies to serious damage to their reputations, financial losses and customer churn, they said. "The brand can suffer real consequences" from a security breach, said Brian Kilcourse, chief strategist at the Retail Systems Alert Group, the Newton, Mass.-based organizer of this week's forum. "In the eyes of the customer, if their data is compromised, the retailer is legally and ethically bound to report that breach." The issue is particularly urgent given that a survey by the Retail Systems Alert Group shows that retailers are amassing a growing amount of information on their customers, Kilcourse said. Increasingly, retailers are associating demographic information and transaction-level details to customer profiles -- even though they don't appear to be using the data to deliver specialized services for customers, he said. 12:45:17 AM  PermaLink   / trackback []

Black Hat Organizer Unbowed. Black Hat Organizer Unbowed. As Ciscogate closes, the man behind the Black Hat security conference reflects on the impact of the controversy on computer security research and network safety across the globe. Wired News interview by Kim Zetter. [Wired News: Security Blanket] 12:41:35 AM  PermaLink   / trackback []

IBM Develops Scratch-Off RFID Tags IBM researchers have developed a method to ensure consumer privacy while using RFID tags that emulate scratch-off lottery tickets or perforated clothing labels.  While the RFID device would remain on the shirt, can, or package itself, IBM's idea is attach a partially-destructible RFID antenna so that the consumer can remove it after purchase. IBM researchers introduced the concept in a paper presented Monday.  Destroying part of the antenna would degrade the antenna range from a few meters down to a few inches, helping to alleviate concerns that hidden RFID scanners could "read" the contents of a consumer's shopping cart, identifying what they purchased. Although RFID technology could be used by a variety of applications, the technology has been assailed by pro-privacy groups worried that the technology could be used to spy on their belongings. On Monday, Nicholas Chavez, chief executive of RFID Inc., published a 25-page rebuttal of a recent book, SpyChips, which examined the RFID industry from a privacy perspective. 12:39:41 AM  PermaLink   / trackback []

Wired News: Fatal Flaw Weakens RFID Passports (By Bruce Schneier) In 2004, when the U.S. State Department first started talking about embedding RFID chips in passports, the outcry from privacy advocates was huge. When the State Department issued its draft regulation in February, it got 2,335 comments, 98.5 percent negative. In response, the final State Department regulations, issued last week, contain two features that attempt to address security and privacy concerns. But one serious problem remains. Before I describe the problem, some context on the surrounding controversy may be helpful. RFID chips are passive, and broadcast information to any reader that queries the chip. So critics, myself included, were worried that the new passports would reveal your identity without your consent or even your knowledge. Thieves could collect the personal data of people as they walk down a street, criminals could scan passports looking for Westerners to kidnap or rob and terrorists could rig bombs to explode only when four Americans are nearby. The police could use the chips to conduct surveillance on an individual; stores could use the technology to identify customers without their knowledge. RFID privacy problems are larger than passports and identity cards. The RFID industry envisions these chips embedded everywhere: in the items we buy, for example. But even a chip that only contains a unique serial number could be used for surveillance. And it's easy to link the serial number with an identity -- when you buy the item using a credit card, for example -- and from then on it can identify you. Data brokers like ChoicePoint will certainly maintain databases of RFID numbers and associated people; they'd do a disservice to their stockholders if they didn't. The State Department downplayed these risks by insisting that the RFID chips only work at short distances. In fact, last week's publication claims: "The proximity chip technology utilized in the electronic passport is designed to be read with chip readers at ports of entry only when the document is placed within inches of such readers." The issue is that they're confusing three things: the designed range at which the chip is specified to be read, the maximum range at which the chip could be read and the eavesdropping range or the maximum range the chip could be read with specialized equipment. The first is indeed inches, but the second was demonstrated earlier this year to be 69 feet. The third is significantly longer. 12:23:36 AM  PermaLink   / trackback []

Fatal Flaw Weakens RFID Passports. Fatal Flaw Weakens RFID Passports. fmwap writes "Wired news is reporting on new measures being taken to ensure RFID in US passports are not traceable. Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner. The problem is the RFID serial number used for collisions will not be encrypted as is required for communication, thus still allowing tracking."  We've previously reported on the decision to chip U.S. passports. From the article:  "To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed."  Update: 11/04 16:08 GMT by Z : Edited for accuracy. [Slashdot: Your Rights Online] 12:20:21 AM  PermaLink   / trackback []

The Ethics Of Data Brokers. The Ethics Of Data Brokers. c0d3h4x0r writes "MSNBC's Bob Sullivan asks, Whatever happened to the ChoicePoint bill? and raises some good points: 'Few experts believe that there was a sudden lack of computer security this year. Rather, there was a sudden bout of truth, thanks to California state law. [...] But in other ways, all the legislation misses the point. The ChoicePoint data leak story was not really about identity theft. It was about this: "Who the hell is ChoicePoint, and why is it making money selling my personal information?"' This makes me wonder what the Slashdot crowd thinks: should anyone be able to sell information about you at all? The general public seems to think not, while our elected officials seem to think it's just fine. How does the information gathered and sold by data brokers differ from the information collected and sold by a private investigator, or is there even a real difference?"[ Slashdot: Your Rights Online] 12:17:27 AM  PermaLink   / trackback []

Whatever happened to the ChoicePoint bill? - The Red Tape Chronicles - MSNBC.com This year, 1 in 10 Americans received a letter saying a U.S. company had somehow lost their personal data. What could be worse than that? Not getting the letters. Never knowing the data was lost or leaked or exposed. That's one possible outcome of legislation being considered by Congress right now. The Data Accountability and Trust Act, which was approved by the House Commerce, Trade, and Consumer Protection Committee on Thursday in a straight party line vote, would reduce both accountability and trust. It is the first privacy bill to reach this stage, but it still faces several hurdles before it becomes law. Earlier this year, dozens of companies had to fess up that they'd leaked personal data, all because a California law forced their hands. For the first time, consumers got a glimpse at how fragile their privacy is. But federal legislation under consideration would undercut the California law, and other state laws like it. The fragility of our privacy would slip back into the shadows, and once again become a tightly guarded secret. As it was written for Thursday's vote, the Data Accountability and Trust Act would grant consumers fewer privacy rights, not more. To explain the problem: If the bill were in effect earlier this year, it's possible consumers never would have found out about ChoicePoint, Lexis-Nexis, or the other 75 data breaches that exposed some 50 million identities. At issue is the "trigger" that would force companies to disclose data breaches. Congress is considering a very high standard for that trigger. The mere discovery of lost data is not enough; the consumer must be deemed at "significant risk" of a crime. Who does the deeming? Whose finger is on the trigger? The company. That's a much less consumer-friendly standard than California's state law - the one that shined the light on ChoicePoint data leak earlier this year. It's also a higher bar than laws passed this year by some 20 other states, in light of the ChoicePoint incident. But if Congress passes its version, it will trump all state laws, a tactic known as pre-emption. Who knows what Lexus-Nexis, et al, would have done if such a law were in effect last year. But it's easy to imagine many of those firms would have decided the lost data tapes or computer hacks didn't pose a significant risk to consumers. No California law, no notices. Few experts believe that there was a sudden lack of computer security this year. Rather, there was a sudden bout of truth, thanks to California state law. Were that law trumped, we would likely end up back in the dark. 12:14:23 AM  PermaLink   / trackback []

Carnegie Mellon Resists FBI Tapping Requirement. Carnegie Mellon Resists FBI Tapping Requirement. roach2002 writes "Carnegie Mellon University is fighting back against a requirement that taps on campus internet access must be quickly obtainable. The technology that would allow the FBI to monitor internet access, after a court order, "at the flip of a switch" would cost at least $450 per student. MIT is also covering the story." From the article: "'The Department of Justice wants 24/7 access, whenever they need it, and they want remote access. We find that too extremely burdensome in terms of money, staff, and technology,' said Maureen McFalls, Director of Government Relations for Carnegie Mellon and the coordinator of Carnegie Mellon's response to this issue. According to an ACE press release, the cost to universities could be upwards of $7 billion, or at least $450 extra on each student's tuition bill." [Slashdot: Your Rights Online] 12:09:10 AM  PermaLink   / trackback []

Unsecured Wi-Fi to Become Illegal? Unsecured Wi-Fi to Become Illegal?  echucker writes "News.com is carrying a story for a draft proposal for law in Westchester County in New York state that would outlaw unsecured wi-fi connections. Public internet access would require a network gateway server with a firewall and also require home/business office users to install firewalls to protect personal info, even if their connection is encrypted. Violations would carry fines of $250-$500."  [Slashdot: Your Rights Online] 12:06:43 AM  PermaLink   / trackback []

MIT Wireless Campus Tracking Users. MIT Wireless Campus Tracking Users. * * Beatles-Beatles writes to tell us the Associated Press has an interesting article about MIT's newly upgraded wireless network. The new network not only allows internet connectivity, but allows people to view how many people are logged on at a particular location. If the user has opted to make their information public the network will even allow you to see personal information on each user that is logged in. [Slashdot: Your Rights Online] 12:05:00 AM  PermaLink   / trackback []