Thursday, April 13, 2006

MercuryNews.com | 03/04/2006 | Your mortgage application is for sale When you get a mortgage rate quote or a preapproval, you probably assume that your inquiry with the lender is confidential, right? Wrong! Your loan officer may be unaware, but behind his or her back key financial details about you and your mortgage needs are being hawked to competing lenders within 24 hours of your credit bureau inquiry. Firms such as Mortgage Inquiry Data of Coral Springs, Fla., offer interested lenders nationwide ``access to everyone in your city who applied for a mortgage loan within the past 24 hours. You can contact these people the next day and offer them a preapproval for a better loan with your company.'' Intellidyn, based in Hingham, Mass., touts its overnight ``IntelliAlert'' program this way: ``Imagine the value of knowing which prospects have inquired or submitted a live application with your competition'' within hours. For ``Platinum'' customers -- those who commit to a monthly minimum purchase of $31,395 worth of hot leads -- Intellidyn promises to keep its clients on top of any mortgage inquiry, anywhere, anytime they want. So what, you say? Aren't our most intimate financial and credit affairs sliced, diced and served up to the highest bidders on a regular basis anyway? Sure, but consider the experience of Pat Barney, who lives outside Minneapolis. Barney recently applied for a home equity credit line from a large national bank. Shortly after application, he got a phone call from a competing lender trying to persuade him to switch to an equity line from her firm. 6:25:42 PM  PermaLink   / trackback []

Is Your Privacy Being Invaded By Lenders? When you apply for a mortgage, or even quietly ask for a rate quote, don't be surprised if that sensitive information almost immediately gets into the hands of other lenders, who will bombard you with competing offers. As explained in a well-done article in The Mercury News of San Jose, these other lenders can find out credit scores, open mortgage balances, loan-to-value ratios, monthly mortgage payments, revolving debt balances, plus other personal financial data about you. 6:22:30 PM  PermaLink   / trackback []

German group opposes sale of biometric passport data. German group opposes sale of biometric passport data. A nonprofit organization promoting IT in Germany has criticized a government plan to sell personal data to finance the country's new biometric passports. [Computerworld Privacy News] 6:15:39 PM  PermaLink   / trackback []

FIFA criticizes data gathering at World Cup. FIFA criticizes data gathering at World Cup. Some soccer fans and officials question whether the RFID chips embedded in all tickets to this spring's World Cup tournament in Germany are casting the data net a bit too widely. [Computerworld Privacy News] 6:13:10 PM  PermaLink   / trackback []

What Are the Rules for Drug Testing? | Legal > Employment Law We're thinking of starting a drug-testing program. Can we test some but not all our employees? What are the general rules? 6:11:03 PM  PermaLink   / trackback []

Homeless advocate, city lock horns Supporters acknowledge that SHARE is not a traditional social service provider. Its value is raising social consciousness about the realities of homelessness, said Sinan Demirel, an advocate who volunteers with the group. The issue that brought SHARE to impasse with the city is Seattle's insistence that any group receiving funds to help the homeless must participate in its Safe Harbors program, a data-collection system aimed, officials say, at monitoring the effectiveness of services. But SHARE, which gets about $260,000 annually from the city, balked. Feeding information about its members into the Safe Harbors computer system was, at best, an invasion of privacy, its organizers said. The anti-authoritarian stance, however, strikes some as disingenuous, because while SHARE publicly resists government oversight, it gladly takes government money. 1:15:07 PM  PermaLink   / trackback []

SeattlePI.com Buzzworthy - Privacy and the homeless Homeless advocacy group SHARE/WHEEL's refusal to disclose personal data about its clients to a City of Seattle tracking system looks, at first glance, like another stand against government intrusion into privacy rights. It's a high-stakes stand, too: SHARE/WHEEL's position would deny it city funds -- about $260,000 a year -- that it needs to operate its shelters. But, as a story in today's P-I points out, the situation is rather more complicated. Some people who work with and are sheltered by the group accuse it of putting its political agenda before helping the homeless. 1:11:54 PM  PermaLink   / trackback []

Anti Spyware Articles | Legal Action Against Spyware The United States House of Representatives recently passed the Securely Protect Yourself Against Cyber Trespass Act, or the SPY Act. The act requires any company that may be installing spyware in your computer to first make the user aware of its presence. Failing to give PC users the knowledge that spyware is being installed will cost the violator up to $3 million in fines. Unfortunately for internet users the Act will not do very much against protecting internet privacy. Much of spyware works by piggy backing its way in with the approved download of other programs. In the license agreement spyware makes itself known, following the stipulations of the Spy Act, but most users do not read through an entire user agreement, they simply click "I agree." Because of this spyware will be able to remain a prevalent internet threat. It should also be noted that most spyware threats originate outside of the United States, making it difficult to stop them if the Act is breached. The Spy Act will most likely have as little of an impact at the Spam Act to control junk email did. 1:07:27 PM  PermaLink   / trackback []

The One-Way Fishbowl (Reason magazine) The NYPD has been filming public protests for years, and had city lawyers argue recently that capturing anything going on in public is just fine--which does indeed seem to be a fair interpretation of privacy law as it has evolved. However, when their sauce is gored, or when asked if what's good for the goose is good for the ox, it is--predictably, I know--a different matter. And the Patriot Act is involved, somehow. As the Village Voice reports, a couple of advocates from "Transportation Alternatives" were investigating a practice that annoys them: cars illegally parked blocking sidewalks. When they did it outside the Fifth Precinct in Chinatown, they were held, questioned, and told to delete photos of police officers' personal cars parked on the sidewalk. 1:02:53 PM  PermaLink   / trackback []

village voice > news > Watching the Detectives by Sarah Ferguson ( The NYPD wants to take your picture--but beware of turning your lens on the cops ) Since 2003, the NYPD has been filming protesters at political demonstrations, regardless of whether anything illegal's going on. City lawyers were in court last month defending the practice, arguing that what happens in public view is fair game. But police evidently aren't so keen on surveillance when the cameras are turned on them--particularly when those cameras show them abusing free-street-parking privileges. On March 27, two volunteers from the advocacy group Transportation Alternatives were detained for taking pictures of police officers' private cars, which were parked on the sidewalk outside the Fifth Precinct in Chinatown. The volunteers say they were held and questioned at the precinct for about 20 minutes and instructed to erase the pictures. 12:48:11 PM  PermaLink   / trackback []

Irish Times Article - McDowell to draft core points of new Privacy Bill The Minister for Justice, Equality and Law Reform, Michael McDowell, is to draft the core elements of a new Privacy Bill over the next three weeks, following a Cabinet meeting yesterday. Mark Hennessey reports. The new legislation will not grant citizens extra privacy rights, however, butwill more clearly illustrate rights currently available under the Constitution and the European Convention on Human Rights. During a three-hour meeting, Ministers spent "a significant amount of time" examining Mr McDowell's proposed Defamation Bill and a report on privacy drafted by senior counsel Brian Murray. "There was general agreement to proceed with the Defamation Bill and the privacy report, and to discuss both matters again. They have agreed to finalise matters in two to three weeks," said a Government spokesman. Under the Defamation Bill, a press council set up under law but independently appointed would come into being to monitor the conduct of media organisations, and impose some penalties for wrongful behaviour. 12:44:01 PM  PermaLink   / trackback []

Terrorists' Web Chatter Shows Concern About Internet Privacy Terrorist groups, which for years have used the Internet and its various tools to organize and communicate, are paying more attention to addressing security and privacy concerns similar to those of other Web users, counterterrorism experts say. The Internet has long been a convenient gathering place for radical Islamists advocating violence against Western influences, known as jihadists. Through online chat, e-mail and Web postings, communities of people have relied on one another for advice, political debate, even movie reviews and biographical information on suicide bombers and religious leaders. Recently, postings on jihadist Web sites have expressed increasing concern about spyware, password protection, and surveillance on chat rooms and instant-messaging systems. One forum recently posted a guide for Internet safety and anonymity on the Internet, advising readers of ways to circumvent hackers or government officials. "The Shortened Way of How to be Cautious; To the User of the Jihadi Forums, In the Name of Allah, the most Gracious and Merciful" was posted last month by an al-Qaeda-affiliated group calling itself the Global Islamic Media Front and was translated by the SITE Institute, a group that tracks international terrorist groups. The posting advised Internet cafe users to set up a proxy -- a software program that erases digital footsteps such as Web addresses or other identifiable information -- before Web surfing. "I advise you to carry this program in your e-mail and it should be with you anywhere you are," it said. 12:40:29 PM  PermaLink   / trackback []

AP Wire | 04/12/2006 | Pa. trucking group pushing for statewide database on drivers PHILADELPHIA - In search of a new tool to weed out problem truckers, a Pennsylvania trucking association is pushing for a statewide database that would compile employer records on drivers' drug test results. Traffic violations and criminal convictions can be found on drivers' public records, but trucking companies say they often have no way to track whether drivers had any positive drug or alcohol tests at their previous jobs. Officials with the Pennsylvania Motor Truck Association, an industry group that represents trucking companies, argue that while most truck drivers have good histories, it can be hard for companies to keep track of the ones who consistently have blemishes on their records. "The more our companies have the ability to check on the background of the drivers, the better it is going to be all around," said Don Siekerman, the association's safety director. Siekerman said a statewide database also could include information such as whether a driver has his latest required medical certification. A handful of other states, including Washington, Oregon, North Carolina and Texas, have databases of positive drug tests by commercial drivers, according to Dave Osiecki, vice president for safety, security and operations with the American Trucking Associations. Others, including Virginia, have discussed the idea, and a trucking association in Idaho also recently asked the national group about it. "This is an issue that is clearly starting to ripen almost as we speak," Osiecki said. 12:33:46 PM  PermaLink   / trackback []

IRS Compels PayPal to Release Info. IRS Compels PayPal to Release Info.  An anonymous reader writes  "Just in time for the tax season, the IRS won a federal court ruling, allowing them to force PayPal to turn over records of American taxpayers who have certain foreign accounts. It's all part of an ongoing effort to track down money held in offshore accounts by would-be taxpayers. A spokesperson for PayPal acknowledged receiving the summons (PDF) and said 'We're still evaluating our options [...] The privacy of our customers' information is something we take really seriously.'"  Slashdot: Your Rights Online] 12:29:02 PM  PermaLink   / trackback []

AT&T Seeks to Hide Spy Docs. AT&T Seeks to Hide Spy Docs. UltimaGuy writes to mention a Wired article about some AT&T documents that have gone off the farm. An ex-employee provided some information to the EFF, to assist in their wiretapping case against the company. Ma Bell is now arguing the files are confidential, and shouldn't be used in a court case. From the article: "The documents, which the EFF filed under a temporary seal last Wednesday, purportedly detail how AT&T diverts internet traffic to the National Security Agency via a secret room in San Francisco and allege that such rooms exist in other AT&T switching centers." [Slashdot: Your Rights Online] 12:24:50 PM  PermaLink   / trackback []

Digital Copyright Law Hurts Consumers, Scientists, and Competition - "Unintended Consequences: Seven Years Under the DMCA" - EFF Digital Copyright Law Hurts Consumers, Scientists, and Competition. EFF Report Highlights More Unintended Consequences in Seven Years of DMCA San Francisco - In the seven years since Congress enacted the Digital Millennium Copyright Act (DMCA), examples of the law's impact on legitimate consumers, scientists, and competitors continue to mount. A new report released today from the Electronic Frontier Foundation (EFF), "Unintended Consequences: Seven Years Under the DMCA," collects reports of the misuses of the DMCA -- chilling free expression and scientific research, jeopardizing fair use, impeding competition and innovation, and interfering with other laws on the books. The report updates a previous version issued by EFF in 2003. The report tells the story of the delay of the disclosure of the Sony BMG "rootkit" vulnerabilities on millions of music CDs. The dangerous software flaws were initially discovered by Princeton graduate student J. Alex Halderman. But Halderman delayed sounding the alarm about the security problems for several weeks so he could consult with lawyers about potential violations of the DMCA. The report also details the DMCA's role in impeding RealNetworks from selling digital music to Apple iPod owners, along with other unintended consequences from the DMCA. "Rather than being used to stop 'piracy,' the DMCA has predominantly been used to threaten and sue legitimate consumers, scientists, publishers, and competitors," said EFF senior staff attorney Fred von Lohmann. "This law is not being used as Congress intended, and a review of the past seven years makes it clear that reform is needed." For "Unintended Consequences: Seven Years Under the DMCA": http://www.eff.org/IP/DMCA/?f=unintended_consequences.html For more on EFF and the DMCA: http://www.eff.org/IP/DMCA/ Contact: Fred von Lohmann Senior Intellectual Property Attorney Electronic Frontier Foundation fred@eff.org [EFF: Breaking News] 12:19:16 PM  PermaLink   / trackback []

Digital camera plus GPS = Flickr mapping heaven? Digital camera plus GPS = Flickr mapping heaven? I've stumbled across a few blog posts extolling the virtues of having a GPS-enabled digital camera. For example: My wife doesn[base ']t want to have to carry around two bulky devices and greatly extend the already considerable time it takes her to get photos online by manually tagging photos with lat-long, she just wants to be able to find all the 2004 photos of the kids in New Zealand in one quick search. Yep, that is a cool benefit of having locational data automatically attached to the photos that we post and share online. Of course, this also allows the following to occur: Law enforcement can search for all photos online matching the GPS coordinates & timing of a certain political rally, greatly broadening their ability to keep records of who was present. Combined with the increasing use of facial recognition technologies with shared online photos, stalkers (or other annoying folks) can search for a certain person[base ']s face, and determine the GPS coordinates of the coffee shop they seem to be pictured in every Tuesday morning. You get the idea[sigma]. [michaelzimmer.org] Editor: This would be one of those Good News / Bad news situations. As a first step I hope they make the logging (and loading/displaying) of the GPS data controllable by the individual picture taker 12:12:40 PM  PermaLink   / trackback []

Info Commissioner draws FOIA flak. Info Commissioner draws FOIA flak. Implementation issues The Freedom of Information Act has produced wider access to information âo[base "] but the legislation has been implemented in a way that hinders requests, and the Information Commissioner is partly to blame, a House of Commons committee has heard. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 12:04:35 PM  PermaLink   / trackback []

Alleged Pentagon hacker fears Guantanamo. Alleged Pentagon hacker fears Guantanamo. McKinnon fights extradition Lawyers for a Briton fighting extradition to the US on charges that he perpetrated the biggest ever hack against US government systems fear their client could end up in Guantanamo. Gary McKinnon, 40, might be tried under US anti-terror laws over alleged attacks on military and NASA systems between 2001 and 2002. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 11:49:16 AM  PermaLink   / trackback []

Secondary Screening: AT&T *69s EFF AT&T has responded to the Electronic Frontier Foundation's move to have a judge stop the company from allegedly helping the NSA eavesdrop on its customers, and the telecom giant says it wants its secret documents back pronto. 11:46:31 AM  PermaLink   / trackback []

Wired News: AT&T Seeks to Hide Spy Docs AT&T is seeking the return of technical documents presented in a lawsuit that allegedly detail how the telecom giant helped the government set up a massive internet wiretap operation in its San Francisco facilities. In papers filed late Monday, AT&T argued that confidential technical documents provided by an ex-AT&T technician to the Electronic Frontier Foundation shouldn't be used as evidence in the case and should be returned. The documents, which the EFF filed under a temporary seal last Wednesday, purportedly detail how AT&T diverts internet traffic to the National Security Agency via a secret room in San Francisco and allege that such rooms exist in other AT&T switching centers. 11:45:02 AM  PermaLink   / trackback []

CinemaNow's Funny Definition of "Anywhere" - (Marketing speak strikes again). Much has already been written about major movie studios' recently agreeing to sell downloads on Movielink and CinemaNow with remarkably high price points and ridiculous DRM restrictions. Buyer beware -- these services are misleading about how little you'll get to do with your media. For instance, CinemaNow's "How It Works" page says: "Anywhere"? Read the fine print further down the page: "6. Can I burn videos to a DVD? Not currently. Your DVD player will not be able to read the information properly since our videos use a special security protection. ... 9. Can I transfer movies to my video iPod, PSP or other portable player? At this time, CinemaNow movies are not available for the iPod or PSP, however we are working with our content providers to expand the options you have." Movielink lets you burn to DVD, but those DVDs can only be played on a computer, not your home theater system's DVD player. And that's just the tip of the movie store DRM iceberg. As usual with DRM, the customer is always wrong. 11:40:22 AM  PermaLink   / trackback []

Fear sells. Read the report | The Register Every two years the show serves as forum for the announcement of the DTI's Information Security Breaches Survey, touted as the UK's most authoritative look at security breaches. Latterly the lead up to the report has been accompanied by a string of press releases, sponsored by security vendors, highlighting a particular facet of security that (no surprise here) help to illustrate the importance of the particular firm's technology. So far this year we've had releases stating "virus infection remains biggest single cause of security incidents", that companies not doing enough to reduce identity theft and on staff misuse of the internet. In the two weeks before the show at least three more releases can be expected, if what happened in 2004 is anything to go by, leaving a the press corps with little enthusiasm for writing about the main launch. It's the information technology equivalent of releasing six different trailers to promote a movie. Please, someone, make it stop! 11:36:15 AM  PermaLink   / trackback []

The weakest link in the security chain? You Human error was responsible for nearly 60 per cent of information security breaches last year, a new study has found. According to the fourth annual CompTIA (Computing Technology Industry Association) study on information security and the workforce, released on Tuesday, this figure is significantly higher than the number in 2004, when 47 per cent of security breaches were blamed on human error alone. Despite the prominent role that human behaviour plays in information security breaches, just 29 per cent of the 574 organisations worldwide that participated in the survey said security training is a must for employees. Only 36 per cent of organisations offer security awareness training, the study found. "The primary cause of security breaches - human error - is not being adequately addressed," Brian McCarthy, chief operating officer of CompTIA, said in a statement. "The person behind the PC continues to be the primary area where weaknesses are exposed." CompTIA also noted that in the last several years, organisations have equipped themselves with sophisticated security infrastructure that better detect and prevent attacks. The study found that 96 per cent of respondents use antivirus software while 91 per cent have firewalls and proxy servers, in addition to disaster recovery plans, intrusion detection systems and information security policies. 11:25:01 AM  PermaLink   / trackback []