Invasion of Privacy Laws
August 29, 2008
Privacy laws are supposed to protect the rights of individual citizens. The advent of the information age has made privacy a bit of a challenge. Invasion of privacy is now much more common place as personal information on individuals is readily available and many organizations that collect certain bits of information on customers, employees, servants and officers don’t do enough to protect privacy.
Invasion of privacy laws are imperative because the loss of privacy can mean not only a small inconvenience but major loss of assets and/or opportunity. Loss of privacy can mean (among other things) identity theft, financial fraud or and inability to get a job.
Many first world and emerging technological countries must deal with this challenge. There are many invastion of privacy laws designed to protect common citizens:
United States, Privacy Act of 1974, designed to hold those that handle private information accountable for its protection.
* Health Information Privacy Accountability Act — Office for Civil Rights U.S. Department of Health and Human Services
* Financial Services Modernization Act (GLB), 15 U.S. Code §§ 6801-6810
* Final Rule on Privacy of Consumer Financial Information, 16 Code of Federal Regulations, Part 313
* Fair Credit Reporting Act (FCRA), 15 U.S. Code §§ 1681-1681u
Australia, Privacy Act of 1988, sets out principles in relation to the collection, use, disclosure, security and access to personal information.
Canada Privacy Law
Personal Information Protection and Electronic Documents Act governs the collection, use and disclosure of personal information in connection with commercial activities and personal information about employees of federal works, undertakings and businesses. Wiki
Popularity: 1% [?]
The rise of “intelligent” CCTV
June 24, 2008
I think its great that we have better technology in security. What is disconcerting are laws like the Patriot Act and FISA bill which take right from citizens for the sake of more security. With this increased technological power in security, there needs to be more balance, but it seems the rights of citizens (particularly privacy and civil liberties) are taking a back seat to all manor of political will. All this powered by the fear of terrorism after 9/11.
I’m not saying we should not be more cautious or more aware. I’m not saying that more security is not necessary. What I am saying is that Taking away liberties is not necessary. And even if you feel it is necessary to spy on all citizens indefinitely to “catch terrorist” shouldn’t there be checks and balances on the watchers. Who will watch the watchers? How will we ensure that their powers are not abused.
New Technologies:
Smart CCTV – There are now smart security cameras with pattern recognition that allow them to alarm when some one does something suspicious such as climb a fence, or put down a bag and walk away. That technology has been developed by companies like ObjectVideo Inc. Defense Advanced Research Products Agency (DARPA) hopes to take it a step further by creating systems that can learn everyday patterns and send alarm when things are outside of their known pattern, also known as anomaly detection.
http://govtsecurity.com/mag/fighting_terror_technology/
read more | digg story
Popularity: 2% [?]
What Privacy Policy?
June 23, 2008
Company security and marketing executives differ on how to handle customer data.
Companies are in the business of selling your personal information. You that little Privacy Statement that your credit card company send to you. If you read the fine print, they are usually telling you that they are about to send your personal information to their “partners” an/or third party organizations unless you send them a written document to opt out.
I got one from Dexonline once. The law seems to favor these corporations, because it can be difficult to get off of all these lists. Its like a Anti-Privacy Virus. Once one company has your data, they send you information to there third party partners (with your silence as permission) then the third party vendors attempt to sell you an item and do the same thing (with your sheep like compliance) and so on. Pretty soon your personal information is on 10 or 20 revolving marketing lists.
I’m not opposed to some solicitations, but US law is pretty flimsy on the privacy of individuals. The CAN-SPAM act is just no enough anymore. Consumer should have to sign-up not just opt-out in written form via mail. But what happens is that companies like Comcast, AT&T, Visa, Master Card and many, many others put their right to give out your information right in the USER Agreement (which nobody reads). Since there are few alternatives that protect your privacy, they don’t feel any pressure to side with your privacy. By law, they have to provide a method of opt-out prior to selling your information, but like I said, I don’t think its enough.
Local government privacy is even worse, I’ve been reluctant to write about it because I fear that I will make it easier to for more bad guys to do bad things just because they can.
Popularity: 1% [?]
ECHELON of human underachievement
June 16, 2008
Knowledge is power. In the information age this is more and more true every minute of every day. I believe it is inevitable that we would have the super secret parts of government would begin to collude to monitor all telephone, data and fax communications. It seems equally inevitable that very powerful individuals will challenge that same system.
Human nature being what it is, such a system is guaranteed to be abused for the power and positioning a dominate minority. My panic and indignation on such things is slowly supplemented by an acceptance and humor of human behavior that is self centered, greedy and in constant state of fear, loathing and self gratification. The funny part is that the behavior continues even though it proves to implode over time. Again and again Rome rises only to crash on the shores of reality. Caesar conquers, assimilates and raises taxes then fades out.
It frustrated me because I know that humanity has the capacity to do better. Better for the planet, better for itself and better for every species. We are capable of doing great, great things but we choose to live in a state of fear, self gratification an loathing.
http://www.whatreallyhappened.com/RANCHO/POLITICS/ECHELON/echelon.html
ECHELON
Main article: ECHELON
NSA/CSS, in combination with the equivalent agencies in the United Kingdom (Government Communications Headquarters), Canada (Communications Security Establishment), Australia (Defence Signals Directorate), and New Zealand (Government Communications Security Bureau), otherwise known as the UKUSA group[16], is widely reported to be in command of the operation of the so-called ECHELON system. Its capabilities are suspected to include the ability to monitor a large proportion of the world’s transmitted civilian telephone, fax and data traffic, according to a December 16, 2005 article in the New York Times.[17]
Technically, almost all modern telephone, internet, fax and satellite communications are exploitable due to recent advances in technology and the ‘open air’ nature of much of the radio communications around the world. The NSA’s presumed collection operations have generated much criticism, possibly stemming from the assumption that the NSA/CSS represents an infringement of Americans’ privacy. However, the NSA’s United States Signals Intelligence Directive 18 (USSID 18) strictly prohibits the interception or collection of information about “…US persons, entities, corporations or organizations…” without explicit written legal permission from the Attorney General of the United States [18] The U.S. Supreme Court has ruled that intelligence agencies cannot conduct surveillance against American citizens. There are a few extreme circumstances where collecting on a U.S. entity is allowed without a USSID 18 waiver, such as with civilian distress signals, or sudden emergencies such as the September 11, 2001 attacks; however, the USA PATRIOT Act has significantly changed privacy legality.
There have been alleged violations of USSID 18 that occurred in violation of the NSA’s strict charter prohibiting such acts.[citation needed] In addition, ECHELON is considered with indignation by citizens of countries outside the UKUSA alliance, with numerous allegations that the United States government uses it for motives other than its national security, including political and industrial espionage.[19][20] Examples include the gear-less wind turbine technology designed by the German firm Enercon[21][22] and the speech technology developed by the Belgian firm Lernout & Hauspie. An article in the Baltimore Sun reported in 1995 that aerospace company Airbus lost a $6 billion contract with Saudi Arabia in 1994 after the NSA reported that Airbus officials had been bribing Saudi officials to secure the contract.[23][24] The chartered purpose of the NSA/CSS is solely to acquire significant foreign intelligence information pertaining to National Security or ongoing military intelligence operations.
In his book Firewall, Andy McNab speculates that the UKUSA agreement is designed to enable the NSA, GCHQ, and other equivalent organizations to gather intelligence on each other’s citizens. For example, the NSA cannot legally conduct surveillance on American citizens, but GCHQ might do it for them.
– http://en.wikipedia.org/wiki/National_Security_Agency
Document 13: NAVSECGRU Instruction C5450.48A, Subj: Mission, Functions and Tasks of Naval Security Group Activity (NAVSECGRUACT) Sugar Grove, West Virginia, September 3, 1991
While NSA directs and manages U.S. SIGINT activities, almost all collection activity is actually carried out by the military service SIGINT units—including the Naval Security Group Command. The role of the unit at Sugar Grove in intercepting the international leased carrier (ILC) communications passing through INTELSAT satellites was first revealed in James Bamford’s The Puzzle Palace. (Note 12)
The regulation reveals that Sugar Grove is associated with what has become a highly controversial program in Europe, North America, Australia, and New Zealand. The program, codenamed ECHELON, has been described as a global surveillance network that intercepts and processes the world’s communications and distributes it among the primary partners in the decades-old UKUSA alliance—the United States, Canada, the United Kingdom, Australia, and New Zealand. (Note 13)
In reality, ECHELON is a more limited program, allowing the UKUSA allies to specify intelligence requirements and automatically receive relevant intercepts obtained by the UKUSA facilities which intercept satellite communications (but not the U.S. facilities that receive data from SIGINT satellites). It is also limited by both technological barriers (the inability to develop word-spotting software so as to allow for the automatic processing of intercepted conversations) and the limitations imposed on collection activities by the UKUSA allies—at least as regards the citizens of those countries. (Note 14) Thus, the NAVSECGRU instruction also specifies that one of the responsibilities of the commander of the Sugar Grove site is to “ensure the privacy of U.S. citizens are properly safeguarded pursuant to the provisions of USSID 18.”
http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB24/nsa13.pdf
Popularity: 1% [?]
untraceable movie
May 28, 2008
untraceable movie
I just saw a movie called Untraceable. It is cyberterrorism meets Seven. Although it is very violent, it falls short of the pure “torture porn” genre (i.e. Hostel, Saw). They didn’t sensationalize the FBI computer crime team. They made the characters real people with real problems.
The best part of the movie is that it addresses hard societal questions that we are still struggling with. The killer’s greatest weapon was the Internet itself. He used the anonymity and distributed non-centralized power of the net to broadcast killings on the Internet. Once he captured a victim, he would put them in a contraption that would torture them to death based on how many people came to the site. The FBI is at a loss, because their equipment (while it can easily bait & hunt small time phishers, criminal hackers and adults soliciting sex from kids online) it is useless against this serial killers level of software, Internet, and electronics sophistication. They eventually call upon the NSA, who tell them that they are not allowed to use their resources for domestic issues. With the Patriot Act and NUMEROUS presidential NSA acts, I don’t believe this is entirely true. But the movie seems to suggest that it is.
Although, I disagree with the message of giving more power to the FBI & NSA to catch bad guys (as it would require the loss of more civil liberties of law abiding citizens), I definitely recommend this movie.
Movie fact:
The site used by the killer (www.killwithme.com) actually exists. It’s owned by the movie studio and it’s used to promote the movie. In it, users are taken to a replica of the FBI computer used by the character Jennifer Marsh. Her desktop gets hacked by the killer who provides the visitor with four test he/she must complete to deactivate his site.
Popularity: 3% [?]
UK planning to monitor and record every phone call, web page, and email sent by citizens
May 24, 2008
The Home Office will create a database to store the details of every phone call made, every email sent and every web page visited by British citizens in the previous year under plans currently under discussion, it has emerged.The Government wants to create the system to fight terrorism and crime. The police and security services believe it will make it easier to access important data as communications become more complex.
Telecoms firms and internet service providers (ISPs) have already been approached by the Home Office, which would be given customer records if the plans were realized.
Only a matter of time before the same happens in the U.S. It might already be underway by the NSA. Who knows.
more at Telegraph.co.uk
Popularity: 3% [?]
LifeLock Guy Hacked :(
May 22, 2008
I think this is a sad day. A sad day indeed. Todd Davis, CEO of Lifelock (his social security #457-55-5462). Todd Davis has promoted his company by advertising his social security number on the web, radio, tv and billboard signs.
My name is Todd Davis
My social security number is 457-55-5462I’m Todd Davis, CEO of LifeLock, and yes, that’s my real social security number*. Identity theft is one of the fastest growing crimes in America, victimizing over 10 million people a year and costing billions of dollars. So why publish my social security number? Because I’m absolutely confident LifeLock is protecting my good name and personal information, just like it will yours. And we guarantee our service up to $1 million dollars.”
While I’ve always thought that it was a risky way to promote one business (lol), I’ve always believed that it was a good idea. What they do is monitor your credit card and fico information and alert you if there is anything suspicious. It works (you can also do your self for free). But the Life lock service doesn’t protect you 100% from identity theft.
Some guy in Texas took Todd’s personal information and used it for a pay day load (there is not system to actively keep track of the Payday loan market). So the guy was able to get $500. When it was time to pay back the Payday loan (+1million% interest or whatever it is) the Payday store called the REAL Todd Davis (social security #457-55-5462). I think its unfortunate because it seems like a pretty good service. They are one of the few organizations in the U.S. actually trying to help people take on what is now and epidemic with now grassroots effort to slowdown ID theft and financial fraud.
Although Todd Davis was hacked, I believe their product will still be an effective way to be proactive method of protecting yourself from ID theft & financial fraud. But you should definitely take extra steps to safe guard your personal information. Don’t advertise your social security, your physical address, phone number, birthday or critical information.
Its $10 a month. I’m thinking of doing it just so I can contribute to their cause.
Popularity: 4% [?]
Computers Hacking People ver 2.0
May 10, 2008
I honestly think you ought to calm down; take a stress pill and think things over. – Hal, 2001 Space Odyssey
Information Systems will eventually have the infrastructure and ability to “socially engineer” its creators. This is far fetched science fiction blooming before our very eyes being created by our own hands.
It will happen when three criteria are in place: 1) The creation of laws that can completely disregard the privacy and sovereignty of human beings. 2) The advancement of Information Awareness System and 3) Smart Artificial Intelligence
LAWS
Lets discuss the situations that will give governments the pretext to implement laws to track their citizens. This is happening now. Laws and systems are being created for unchecked monitoring of individuals under the guise of security, safety and prosperity. Systems such as national ID cards.
They were implemented after the Sept 11 attacks on the World Trade Center and in the U.K. after the 7 July attacks in London.
It was 19th Century philosopher Samuel T. Coleridge who said, “In politics, what begins in fear usually ends in folly.”
Imagine it: The PATRIOT ACT IV is passed as a result of recent Critical Infrastructure cyber-terrorism attacks. International terrorists implement a globally synchronized Distributed Denial of Service Attack against the worlds Root nameservers and successfully cripple the Internet for three days. The impact is devastating as corporations lose billions.
Domestic Cyber Terrorists infiltrate hospitals by becoming apart of the staff only to socially engineer and infecting HIPPA protected networks with virus’ that wipe out databases and actually scramble prescriptions causing an array of death by misdiagnoses.
Local police and security personnel repeatedly thwart numerous attempts by religious fundamentalists to detonate suit case sized tactical nuclear weapons inside major United State cities but security professionals predict that it is only a matter of time before at least one slips through the cracks. All the enemy needs is one.
Patriot Act IV is the patron saint of lawmakers who have been screamed at by constituents to “DO SOMETHING NOW!” The new Patriot Act is eventually internationally accepted and allows for unrestricted Data Mine into commercial and state owned databases worldwide (US-EU). It of course has deferent names and variations world wide but its application is the same. In the United Kingdom it is called the Civil Contingencies Bill. The data mining would tap into the “transaction space” by accessing hospital, financial transaction and legal databases world wide to be shared by all law enforcement agencies (county, federal, city local and international). The system works like a global Amber Alert system that can track criminals anywhere in the world and notify the respective local agency immediately. The system works very, very well.
I honestly think you ought to calm down; take a stress pill and think things over. – Hal, 2001 Space Odyssey
Information Systems will eventually have the infrastructure and ability to “socially engineer” its creators. This is far fetched science fiction blooming before our very eyes being created by our own hands.
It will happen when three criteria are in place: 1) The creation of laws that can completely disregard the privacy and sovereignty of human beings. 2) The advancement of Information Awareness System and 3) Smart Artificial Intelligence
LAWS
Lets discuss the situations that will give governments the pretext to implement laws to track their citizens. This is happening now. Laws and systems are being created for unchecked monitoring of individuals under the guise of security, safety and prosperity. Systems such as national ID cards.
They were implemented after the Sept 11 attacks on the World Trade Center and in the U.K. after the 7 July attacks in London.
It was 19th Century philosopher Samuel T. Coleridge who said, “In politics, what begins in fear usually ends in folly.”
Imagine it: The PATRIOT ACT IV is passed as a result of recent Critical Infrastructure cyber-terrorism attacks. International terrorists implement a globally synchronized Distributed Denial of Service Attack against the worlds Root nameservers and successfully cripple the Internet for three days. The impact is devastating as corporations lose billions.
Domestic Cyber Terrorists infiltrate hospitals by becoming apart of the staff only to socially engineer and infecting HIPPA protected networks with virus’ that wipe out databases and actually scramble prescriptions causing an array of death by mis diagnosis.
Local police and security personnel repeatedly thwart numerous attempts by religious fundamentalists to detonate suit case sized tactical nuclear weapons inside major United State cities but security professionals predict that it is only a matter of time before at least one slips through the cracks. All the enemy needs is one.
Patriot Act IV is the patron saint of lawmakers who have been screamed at by constituents to “DO SOMETHING NOW!” The new Patriot Act is eventually internationally accepted and allows for unrestricted Data Mine into commercial and state owned databases worldwide (US-EU). It of course has deferent names and variations world wide but its application is the same. In the United Kingdom it is called the Civil Contingencies Bill. The data mining would tap into the “transaction space” by accessing hospital, financial transaction and legal databases world wide to be shared by all law enforcement agencies (county, federal, city local and international). The system works like a global Amber Alert system that can track criminals anywhere in the world and notify the respective local agency immediately. The system works very, very well.
Information Awareness Systems
The system, developed under the direction of John Poindexter, then-director of DARPA’s Information Awareness Office, was envisioned to give law enforcement access to private data without suspicion of wrongdoing or a warrant. — Electronic Privacy Information Center.
Government funded unrestricted Data Mining and Information Awareness programs develop and run revolutionary Information Awareness Systems. Despite public opinion, these National Security systems continue to work to protect the nation against enemies foreign and domestic. The system extracts data from its transactional databases and recognizes patterns of behavior that would fit that of a terrorist. The system is so exhaustive that is works with 70% accuracy and seamlessly in conjunction with systems such as Next Generation Facial Recognition systems and Activity, Recognition Monitoring for enhanced surveillance.
Artificial Intelligence
Within thirty years, we will have the technological means to create superhuman intelligence. Shortly after, the human era will be ended. – Vernon Vinge, 1993, What is the Singularity?
Artificial Intelligence has been in use for many years. It is greatly relied upon for businesses, hospitals, military units and even in forms of entertainment such as video games. However Strong Artificial Intelligence, the development of cognitive systems simulating the human brain, have been developing quietly in research labs around the world under programs dedicated to the “scientific understanding of the mechanisms underlying thought and intelligent behavior and their embodiment in machines. (AAAI)”
Smart Information Awareness is Strong Artificial Intelligence merged with Information Awareness Systems. Smart Information Awareness seems to go beyond merely recognizing patterns of behavior as it predicts the future actions of a given psychological profile with over 75% accuracy allowing Law Enforcement to be like an all seeing eye with incredible new methods of forensics and counterterrorism. Crime as a whole will be greatly reduced. System that recognize criminal patterns have been around for some time, Smart Information Awareness systems are a new trend.
The Smart Information Awareness system is so accurate in determining human behavior trends that it is used to track and manipulate consumer buying habits for corporations. With its accuracy, the system will be able to determine what marketing tools can be used to influence the behavior of buyers.
With unfettered access to consumer’s personal transactions, buying habits, methods of payment, and credit history a system would be able to pin point buyers who demonstrate interests in certain products and offer “special deals” a specific group of highly interested buyers.
Inevitably the very system (laws, practices and technologies) that successfully protects humanity from itself is used to manipulate and exploit humanity.
Perhaps you believe that there is nothing wring with this level of target marketing. If so, I submit to you these questions: What will separate humanity from cattle if every man, woman and child is seen as nothing but a number and a consumer to the system that we rely on to survive? Since we are already regarded as merely numbers and consumers by the corporate beast, how much control and information will we allow them to have?
Perhaps this is a bit much. Perhaps I exaggerate the technology and extent of fear that will breed it.
http://www.p2pnet.net/issue03/page1.html
http://www.jbholston.com/weblog_discussion.php?post_id=74
Statewatch.com - Secret EU-US agreement being negotiated. http://www.statewatch.org/news/2002/jul/11Auseu.htm
http://www.eff.org/Privacy/TIA/20030523_tia_report_review.php
nin - TheSlip (thanks Trent)
Ray Kurzweil @ Google Zeitgeist
Eschelon TIA - Total Information Awareness
Popularity: 4% [?]
US CERT Tips on Privacy & Information Collection
May 7, 2008
Cyber Security Tip ST05-008
You may think that you are anonymous as you browse web sites, but pieces of information about you are always left behind. You can reduce the amount of information revealed about you by visiting legitimate sites, checking privacy policies, and minimizing the amount of personal information you provide.
What information is collected?
When you visit a web site, a certain amount of information is automatically sent to the site. This information may include the following:
* IP address - Each computer on the internet is assigned a specific, unique IP (internet protocol) address. Your computer may have a static IP address or a dynamic IP address. If you have a static IP address, it never changes. However, some ISPs own a block of addresses and assign an open one each time you connect to the internet—this is a dynamic IP address. You can determine your computer’s IP address at any given time by visiting www.showmyip.com
* domain name - The internet is divided into domains, and every user’s account is associated with one of those domains. You can identify the domain by looking at the end of URL; for example, .edu indicates an educational institution, .gov indicates a US government agency, .org refers to organization, and .com is for commercial use. Many countries also have specific domain names. The list of active domain names is available from the Internet Assigned Numbers Authority (IANA).
* software details - It may be possible for an organization to determine which browser, including the version, that you used to access its site. The organization may also be able to determine what operating system your computer is running.
* page visits - Information about which pages you visited, how long you stayed on a given page, and whether you came to the site from a search engine is often available to the organization operating the web site.
http://www.us-cert.gov/cas/tips/ST05-008.html
Popularity: 2% [?]
Authentication Chip Under my Skin
March 11, 2008
I dreamt that I had an authentication chip under my skin in my right palm. It had some sort of RFID proxy reader allowing me so simply wave my hand over a point of sale device in a store and automatically purchase items. I could also get entry into certain facilities with the device. It was an automated authentication device that identified me based on “something I had”, but also included loads of very personal data.
In retrospect, its kind of scary. Reminds me of the “Mark of the Beast” in Revelations or a Philip K. Dick novel.
Popularity: 4% [?]
