Tuesday, December 6, 2005

News Item 4367 John Battelle's Searchblog: Only In The Movies? A Privacy Scenario

As I mentioned in my last post, I get asked about privacy a lot. I am not an expert on these issues, but I've stared at them just enough to formulate a few opinions. I am guessing that my readers know more than I do, so instead of assuming I've got it all figured out, I thought I'd just toss out this scenario and see what you all think. I've mentioned it a few times to reporters who've called, and also laid it out at Yahoo, and it seemed to go over OK.

So the set up goes like this: as I've written elsewhere, there is a ton of information about all of us that we willingly (social networks, registration data, search history, etc.) and sometimes unwittingly (clickstream data) leave, forever, on third party servers.

Now, we may trust those third parties not to mess with our data, and not to do evil things, and for the most part, I am quite sure they won't - if they do and they get caught, they'd be crucified, and the competition is just one click away. And it's pretty much out of their control if the government decides it wants access to that data - they have to give it up, and stay quiet about it (more on that here and here.)

But...Google, Yahoo, Microsoft, eBay, Amazon, etc. are not small companies. They are made up of thousands of individuals, a few of whom just might be...well...a bit off balance.

So this scenario involves one of those types of folks.


12:39:19 PM  PermaLink   / trackback []  

News Item 4366 Search Engine Lowdown :: News: Battelle Invisions USA PROTECT Act, Worst Case Online Privacy Scenario

Battelle, in a post and in a presentation at Yahoo, outlined his worst case online privacy scenario.

The scenario begins with an engineer's ardent admiration of a "hot young thing" and ends with "the USA PROTECT Act (I'll figure out what that stands for later) which, in essence, is about as stupid and ill thought as the PATRIOT Act.) In short, it makes it nearly impossible for the Internet industry to do just about anything with individuals' data unless they expressly agree to it, in writing."

Why should you read it? It's an extreme case, but I hope it's a wake up call for companies everywhere to better protect the data of their customers, both from the creeps on the outside as well as the inside.

Check out Only In The Movies? A Privacy Scenario and be sure to read through the comments.

12:37:13 PM  PermaLink   / trackback []  

News Item 4365 A gift list from 'Security Claus'.

A gift list from 'Security Claus'. Security expert Ira Winkler offers this list of gift ideas for the security-inclined and those who could use a little more security, and who doesn't? [Computerworld Privacy News]
12:34:10 PM  PermaLink   / trackback []  

News Item 4364 E-tracking may change the way you drive | Tech News on ZDNet

Commentary--Trust federal bureaucrats to take a good idea and transform it into a frightening proposal to track Americans wherever they drive.

The U.S. Department of Transportation has been handing millions of dollars to state governments for GPS-tracking pilot projects designed to track vehicles wherever they go. So far, Washington state and Oregon have received fat federal checks to figure out how to levy these "mileage-based road user fees."

Now electronic tracking and taxing may be coming to a DMV near you. The Office of Transportation Policy Studies, part of the Federal Highway Administration, is about to announce another round of grants totaling some $11 million. A spokeswoman on Friday said the office is "shooting for the end of the year" for the announcement, and more money is expected for GPS (Global Positioning System) tracking efforts.

[...]

Zero privacy protections
Details of the tracking systems vary. But the general idea is that a small GPS device, which knows its location by receiving satellite signals, is placed inside the vehicle.

Some GPS trackers constantly communicate their location back to the state DMV, while others record the location information for later retrieval. (In the Oregon pilot project, it's beamed out wirelessly when the driver pulls into a gas station.)

The problem, though, is that no privacy protections exist. No restrictions prevent police from continually monitoring, without a court order, the whereabouts of every vehicle on the road.

No rule prohibits that massive database of GPS trails from being subpoenaed by curious divorce attorneys, or handed to insurance companies that might raise rates for someone who spent too much time at a neighborhood bar. No policy bans police from automatically sending out speeding tickets based on what the GPS data say.

The Fourth Amendment provides no protection. The U.S. Supreme Court said in two cases, U.S. v. Knotts and U.S. v. Karo, that Americans have no reasonable expectation of privacy when they're driving on a public street.

The PR offensive
Even more shocking are additional ideas that bureaucrats are hatching. A report prepared by a Transportation Department-funded program in Washington state says the GPS bugs must be made "tamper proof" and the vehicle should be disabled if the bugs are disconnected.


12:26:44 PM  PermaLink   / trackback []  

News Item 4363 E-Tracking May Change the Way You Drive.

E-Tracking May Change the Way You Drive. frdmfghtr writes  "ZDNet.com is running a story about a runaway idea of a tracking automobiles via GPS. Not to be confused with the Canadian project geared towards anti-speeding ideas, this one does in fact have the goal of tracking your vehicle. 'The U.S. Department of Transportation has been handing millions of dollars to state governments for GPS-tracking pilot projects designed to track vehicles wherever they go. So far, Washington state and Oregon have received fat federal checks to figure out how to levy these 'mileage-based road user fees.' However, the article goes on to talk about how there is no provision in place to prevent the uncontrolled surveillance of motorists without a court order." [Slashdot: Your Rights Online]
12:22:22 PM  PermaLink   / trackback []  

News Item 4362 Buy, Play, Trade, Repeat - New York Times

THE record company Sony BMG recently got in trouble after attempting to stem piracy by encoding its CD's with software meant to limit how many copies can be made of the discs. It turned out that the copy-protection software exposed consumers' computers to Internet viruses, forcing Sony BMG to recall the CD's.

This technological disaster aside, though, Sony BMG and the other major labels need to face reality: copy-protection software is bad for everyone, consumers, musicians and labels alike. It's much better to have copies of albums on lots of iPods, even if only half of them have been paid for, than to have a few CD's sitting on a shelf and not being played.

The Sony BMG debacle revealed the privacy issues and security risks tied to the spyware that many copy-protection programs install on users' computers. But even if these problems are solved, copy protection is guaranteed to fail because it's a house of cards. No matter how sophisticated the software, it takes only one person to break it, once, and the music is free to roam and multiply on the peer-to-peer file-trading networks.


12:19:20 PM  PermaLink   / trackback []  

News Item 4361 NYT Opinion Piece on DRM And P2P.

NYT Opinion Piece on DRM And P2P. bsartist writes "The NYT is running an opinion piece written by a working musician who has a pretty healthy dislike of copy protection and DRM. From the article: 'As for musicians, we are left to wonder how many more people could be listening to our music if it weren't such a hassle, and how many more iPods might have our albums on them if our labels hadn't sabotaged our releases with cumbersome software.'"  [Slashdot: Your Rights Online]
12:16:32 PM  PermaLink   / trackback []  

News Item 4360 Consumer advocates push for network neutrality.

Consumer advocates push for network neutrality.

Would Internet users want to pay US$0.05 every time they visit Google.com, Yahoo.com or any other Web site? That's one possibility if the U.S. Congress fails to include strong "network neutrality" rules as it debates a comprehensive telecom reform bill, a group of open Internet advocates said Friday.

A more likely possibility: Broadband providers such as Verizon Communications and Comcast block access to services such as competing VOIP (voice over Internet Protocol) services or video downloads, said panelists at an open Internet forum for congressional staffers in Washington, D.C.

[Public Knowledge - Breaking News]
12:10:06 PM  PermaLink   / trackback []  

News Item 4359 Free speech under Net attack, study says.

Free speech under Net attack, study says.

Web site owners and remix artists alike are finding free-expression rights squelched because of ambiguities in copyright law, a recent study says.

The report, released Monday by a pair of free-expression advocates at New York University Law School's Brennan Center for Justice, argues that so-called "fair use" rights are under attack. It suggests six major steps for change, including reducing penalties for infringement and making a greater number of pro-bono lawyers available to defend alleged fair users.

[Public Knowledge - Breaking News]
12:07:07 PM  PermaLink   / trackback []  

News Item 4358 Phishing scam at first fools auction site, but not a customer.

Phony E-Mail Tricks eBay. Phishing scam at first fools auction site, but not a customer. [PCWorld.com - Latest News Stories]
12:04:42 PM  PermaLink   / trackback []  

News Item 4357 Two N.Y. hospitals launch patient smart card initiative.

Two N.Y. hospitals launch patient smart card initiative. Two major hospitals and a smart card vendor have allied in a pilot project to deploy smart cards to about 100,000 patients in the New York metro area.

  [Computerworld Data Mining News]


12:00:06 PM  PermaLink   / trackback []  

News Item 4356 Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com)

Few things in the world of digital documents are as pesky and revealing as "metadata" -- the information automatically embedded in documents by popular software such as Microsoft Word or Adobe Acrobat. When the government or a business forgets to purge metadata from documents before releasing them to the public, the results can range from embarrassing to dangerous.
11:57:31 AM  PermaLink   / trackback []  

News Item 4355 Linux Exposed :: The Linux Security and Hacking Resource - Database Security Explained

The problems a database server may encounter should sound familiar:

  • Server compromise. Any software, especially code written in languages such as C or C++, has the potential for buffer overflows, format-string attacks, and other exploits that are by now all too familiar. And software written in any language has logic errors and plain old blunders.

  • Data theft. Data can be extracted from the database even if everything seems to be configured well. It just takes one logical error or an overly permissive access control.

  • Data corruption or loss. The person in the mirror may do as much damage inadvertently as the hooded and cloaked database vandal does by design.

  • Denial of Service. MySQL is fast but does not always degrade gracefully under load. We'll see how far it bends before it breaks, and how to prevent the latter.


11:52:43 AM  PermaLink   / trackback []  


© Copyright 1997- 2006 Paul Hardwick, with Web Hosting provided by MacRonin.com .
Last update: 1/1/06; 11:29:27 PM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Privacy Digest: Privacy News (Civil Rights, Encryption, Free Speech, Cryptography)" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.