Monday, July 27, 2009

Bill Gates Demostrates Lack of Privacy Comprehension

Quotes from Gates make one wonder if the Microsoft founder comprehends the security problems posed by over-tracking of individuals. Indeed, he does not seem to grasp the basic problem of everyone around you knowing your name and health history before you even introduce yourself:

Gates Faults U.S. Policy on Data Privacy and Immigration - NYTimes.com

It is little wonder that privacy advocates shy away from Microsoft. It will be interesting to see how they are able to compete with this inablity to comprehend the need for privacy or to act with best practices.

Privacy comprehension and practice have become a proving ground of international business, on which the US is, at least for now, failing miserably.

BACKLASH TO US FOREIGN BANKING INFORMATION GRAB

In the end, banking customers make the choice. For now, it seems that Europe's more individualist and consumer-friendly approach to privacy regulation has gained the upper hand. The US has a long way to go to regain its reputation as a defender of privacy rights.

The story is also that of the US losing its bid to house the massive, job-producing data center of SWIFT, by which virtually all banks transfer funds across borders. This loss is due entirely to the fact that the US is no longer a credible location for data, due to warrantless searches, seizures, spying, insider deals and a host of related accusations. Integrity and transparency have suffered in the wake of the implementation of the USA Patriot Act, standards of practice and other regulations put into place since 9/11/2001.

The US also lost the bid for storage and management of the ID data held by identify.nu, the passport ID storage and delivery facility of the Consular Chamber of Commerce. This data was moved to Denmark for the privacy protection offered by the more comprehensive and transparent EU and Denmark regulation.

US Snooping Rights in Europe: Criticism Grows over Banking Data Deal - SPIEGEL ONLINE - News - International

The EU is about to enter talks with the US on giving it access to banking data in its fight against terrorism. German politicians from across the political spectrum are up in arms, and members of the European Parliament say they will try to scupper any deal that violates data privacy.

Sunday, July 26, 2009

Israeli Biometric ID - Israel National News

Israelis voice concern over biometric identification gathering by the Israeli government, including facial and fingerprint collection:

Opponents of Biometric Law: 'It's a Step to a True Police State' - Inside Israel - Israel News - Israel National News

Ethiopia Goes to Biometric Tax ID

Ethiopians are concerned about privacy in the face of required fingerprinting by the Country's national taxing authority:

Ethiopian Revenue and Custom Authority Collecting Fingerprints

Friday, July 17, 2009

U.S. vs. UBS: A Fight Over Secret Swiss Bank Accounts

Privacy showdown.

I love it when the US flexes diplomatic muscle. This, however, is not the proper purpose or venue. The US can't win this. Obama needs to reign in the Treasury. If the accounts were in the US, the IRS likley would not be able to get the data with the same methods.

U.S. vs. UBS: A Fight Over Secret Swiss Bank Accounts


Individuals the world over - including in the US - are siding with Switzerland 9-1. It's not the way to keep improving our standing in the world.

If the US has the names, they can pressure the individuals by other means, as we all know. They are instead looking for UBS to do their work for them. Treasury boys need to do their own homework, stick to legal methods. Yes, even if there are tax evaders in the bunch (which has yet to be determined).

Kaiser Bellflower is fined $187,500 for privacy breach [Updated] | L.A. Now | Los Angeles Times

State of California deserves congratulations for catching this one:

Kaiser Bellflower is fined $187,500 for privacy breach [Updated] L.A. Now Los Angeles Times

If the State protects the medical privacy even of idiot reality show clowns, we can all be pretty confident.

I wonder how CA caught the accessing of the medical records. The article gives us no clues. Anyone got any feedback?

Twitter Hack Raises Flags on Security of Web Tools - NYTimes.com

Don't Twitter your life away.

It's social engineering, actually, not hacking. The invasion is done by someone who figures out your password because your entire life is public.

They got the CEO of Twitter, and his wife. They got his Paypal account, and his credit cards. Here's how:

Twitter Hack Raises Flags on Security of Web Tools - NYTimes.com

Tuesday, July 14, 2009

Deal Sought in Swiss Bank Suit - washingtonpost.com

Deal Sought in Swiss Bank Suit - washingtonpost.com

US cools threats against UBS when Swiss government backs decision not to allow US 'fishing expedition'. Negotiations back under way.

Saturday, July 11, 2009

Chips in official IDs raise privacy fears - Yahoo! News

Nightmare security issues with the new US Passport and e-Passport (Passport Card) call into question the compliance of these documents with even the most basic security issues.


Chips in official IDs raise privacy fears - Yahoo! News


The Dept. of Homeland Security did much to avoid risk of hackers getting in to the database, by making the number a mere pointer to their own files grounded in DHS computers. But the very function of the RFID chip, broadcasting an ID number, is easily co-opted by the private sector (retailers), and combined with the other information the retailer collects.

No need to obtain the government's data file, just about anyone can buy the data collected by the retailer, including your identity, all of your buying habits and payment options, demographics information, etc. The data then is neatly wrapped up and tied together with your RFID number, then sold, legally, to any number of buyers.

Now you walk through the mall, with your new drivers license, passport or passport card in your wallet, and that Israeli chick at the kiosk with the Dead Sea soap calls you by name - from 30 feet away.

Worse, some creepy guy likes what he sees when you pull up next to him in traffic. He inputs your RFID on his mobile, and gets everything about you, including address. He may even add your license plate number to the database app on his iphone.

Worse again, you can be completely watched on cameras which turn on only when you are within 30 feet, anywhere in the world. You might not be worried about that at home, but what about when you are at a foreign airport, or in a foreign city? How about when you are crossing between two foreign countries?

It seems that RFID has no redeeming value. Please comment.

Friday, July 10, 2009

Report: Bush surveillance program was massive - Yahoo! News

Watch your back...

Report: Bush surveillance program was massive - Yahoo! News: "'President's Surveillance Program' did not have any connection to terrorism"

- Team of 5 US Inpectors General, July 10, 2007.

Is this what they mean by "less government?"
Maybe this is this the example we set when we say we are "spreading democracy."
Is the "freedom" our soldiers fight for?

Social-networking site Tagged accused of massive invasion of privacy traffic - San Jose Mercury News

Social-networking site Tagged accused of massive invasion of privacy traffic - San Jose Mercury News

Never, never, never give any social networking site access to your email address book. Big mistake. Huge.

Virtually every social networking site attempts to gain access to your email address book right off the bat. Best practice is not to let them in to it.

Thursday, July 9, 2009

Privacy breach shocker | Alberta | News | Edmonton Sun

Article:

Edmonton Sun

The liability of holding this information on local hard drives far outweighs any benefit. The people who's information has been breached can be blackmailed, fired, divorced or worse when this information goes to those in their communities. The class actions will cost American companies, many of which have had the same problem and not let it hit the news, billions.

Health service providers are notoriously cavalier in the security of data and in HIPAA practices. Data security is everything here, and they's better take notice.

Tuesday, July 7, 2009

Court: IP Addresses Are Not 'Personally Identifiable' Information 07/07/2009

MediaPost Publications Court: IP Addresses Are Not 'Personally Identifiable' Information 07/07/2009

Watch your back! Ip addresses are now considered public. The judge who decided this probably does not realize that anyone now can pull his IP address off of his email, and come to his home.

Is it Personally Identifiable Information then?

If you would rather mask your IP address, go to http://jonathanwarren.wordpress.com/.

Monday, July 6, 2009

The Management of Privacy

It is amazing how much information is available regarding personally identifiable information. The consumer slander sites are providing easy dissemination of libelous material under the guise of free speech. Free speech does not protect speech that hurts others and damages people.

Whats just as scary are the data brokers like Intellius, US Search, People Finder among many others that culminate information into a neat file that anyone can pay nominal fee to ascertain past addresses, phone numbers, income, real assets, tax liens, civil suits, criminal charges or convictions, schools attended, etc. Is anything safe?
Well there is a service from http://jonathanwarren.wordpress.com/2009/06/30/privacy-for-high-profile-and-politically-exposed-individuals/ that provides privacy protection. Part of their service includes getting much of your personal data removed from these data brokers on the Internet.

Your County Assessor may have information publicly available you may want to hide such as your signature. Go to your local County Assessor website and look up your homes information and see there is any sensitive information displayed about you. You may be able to redact or remove this information with a written request.

Hire someone knowledgeable that knows where to find and snuff out your private information from public distribution.

Google Street View Pitfalls

Google's Streetview product, a free service seems to be more controversial in Europe, where the dangers are more commonly understood:

http://www.sbpost.ie/post/pages/p/story.aspx-qqqt=IRELAND-qqqm=news-qqqid=42911-qqqx=1.asp

Want to scare yourself? Google your home phone number, in this format: xxx-xxx-xxx. See if it produces your address anywhere. If it does, google the address. Check Street view.

A single woman showed me how her un-listed phone number directs anyone who cares directly to her home. It also showed her car in the driveway.

The liability here is tremendous. Not only is her phone number on the FTC do-not-call list, but combining it with such information as a photo of her home may be tantamount to trading in her Personally Identifiable Information, an FTC violation.

Eliminate these risks at http://jonathanwarren.wordpress.com/2009/06/30/privacy-for-high-profile-and-politically-exposed-individuals/

Wife of Sir John Sawers, the future head of MI6, in Facebook security alert - Times Online

Wife of Sir John Sawers, the future head of MI6, in Facebook security alert - Times Online

Unbelievable! Sir John and his wife could use a briefing from http://jonathanwarren.wordpress.com/2009/06/30/privacy-for-high-profile-and-politically-exposed-individuals/

pissedconsumer.com, ripoffreport.com, complaintsboard.com Violate FTC Regs

A NEW SCAM

Newly formed complaint sites have sprung up in several incarnations. Each is designed to take the Better Business Bureau model to a new, for-profit extreme.

Ripoffreport.com, pissedconsumer.com (formerly pissedcustomer.com until they lost their domain name), and complaintsboard.com are happy to take any complaint about any person or business. Any gripe will do, true or not. The sites then generate a URL which includes the name of the "defendant" (read "victim") of the complaint. Complainants have learned to place the name of their adversary in the complaint line, making the complaint pop up whenever anyone executes a google search on that person or business.

High maintenance customers of small business have married themselves to these sites, using them bully retailers of all sorts into capitulation.

Search the rolls of complaints, and you will find that everyone from the President to your corner deli has hatemail posted.

How do you remove it? Generally speaking, you don't. Lawsuits have been pursued fruitlessly, with few exceptions (see http://www.citmedialaw.org/threats/johnson-v-complaintsboardcom#description) The sites hide behind freedom of speech, while using the traffic generated by your name to sell ads. And they don't just sell ads. Inquire about removal and you will quickly learn about their "Reputation Management" programs. Lucky you, now you can pay a few grand to have these anonymous gutter vermin "manage your reputation", which really means pay-to-remove-your-complaint. Yes, that's probably a form of blackmail. Tell some one who cares.

THE WEAKNESS

Slander sites may have a serious problem. Many people who want to attack a person or business will post their victim's name, address, phone number or more on the site. These pieces of information, taken together, are considered Personally Identifiable Information by the Federal Trade Commission.

By federal privacy regulations, you must have an option to remove your personally identifiable information from nearly any publication. Even worse for these blackmail sites, they trade in your information by selling ads to place in font of viewers seeking your information. Without your data, they don't have advertisers.

That amounts to trading your personally identifiable information. That's an FTC violation.

A POSSIBLE REMEDY

Anyone with personally identifiable information posted on any of these slander sites could therefore file a simple complaint with the FTC at https://www.ftccomplaintassistant.gov/. There is a wizard to help you quickly file your complaint at https://www.ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en

If need help filing your complaint, I will be happy to help you myself. You can contact me at http://www.jonathanwarren.org/