Tuesday, December 7, 2010

RFID Pickpockets in Full Effect

I don't want to say I told you so...but yes I do.

The RFID industry trade groups continue to defend this rediculous technology for use in all of the wrong applications. The two worst? As I've been saying for the past few years - credit cards and passports.

Imagine the ramifacations of this with celebrities, political or public figures. What can be scanned from your daughter's purse or backpack?

It's not what you have to hide, it's what you've got to lose.


Friday, October 8, 2010

Caught Spying on Student, FBI Demands GPS Tracker Back | Threat Level | Wired.com

Routine oil change uncovers unwarranted tracking device.  FBI shows up to reclaim it.  Oops.

Read the full story at Wired.com

Friday, August 20, 2010

New state law bans employer credit checks in hiring

Character assassination by HR department employees favoring friends in applicant pool:  $5 million

Privacy violation by leaks of credit reports of applicants by HR department employees:  $6 million

Actually having to do an interview and decide on ability rather than circumstance:  Priceless!

Clout St: New state law bans employer credit checks in hiring

Bravo, Illinois!

Thursday, August 12, 2010

TV Personality home address revealed by his cell phone photo. Yours is too.

Ever heard of "Geotags?"

Geotags are embedded in the photos taken by 'smart' mobile phones, and they give the exact longitude and latitude where the photo was taken. So disable the feature if your phone allows it, and be aware that when you post that photo on Twitter, Facebook or your blog, anyone can tell where it was taken.

Full Story:

Web Photo Geotags Can Reveal More Than You Wish - NYTimes.com

Think twice before referencing a photo to yourself, your home, or anyone else's. You may be jeopardizing the safety of your friends, your family, or yourself.

Saturday, August 7, 2010

The Web's New Gold Mine: Your Secrets - WSJ.com

PC's gather personal data, sell it for one tenth of a penny:

The Web's New Gold Mine: Your Secrets - WSJ.com

BlackBerry bites back at governments | Technology | guardian.co.uk

Since President Obama's high-profile blackberry use, the platform has become one of the most secure. Intrustive governments, finding it the only phone they can't routinely monitor, are threatening to ban it's use.

Can Blackberry hold the fort?

Full story:
BlackBerry bites back at governments Technology guardian.co.uk

Tuesday, May 18, 2010

Used Copiers - Your Data For Sale

Your Doctors office, employer, bank, car dealer, mortgage company and others are selling hard drives containing perfect copies of your most private information.

In fact, nearly everything ever copied, scanned or faxed in the past decade is likely for sale in various warehouses full of second hand copiers.

Privacyauthority.org's previous posting regarding the risks of copy machines was met with disbelief. The following additional piece from CBS News may bring the proper level of attention to the matter.

Watch the CBS News Story

Friday, May 7, 2010

Craigs List Ad Leads to Home Invasion

A few simple guidelines:
1. Never sell anything from your home.
2. Never reveal your home address to anyone whom you do not want to come to your house, including anyone from a cashier to a police officer.
3. Remove your home address from your ID. Nobody needs to know where your kids sleep in order to do business with you, or issue you a drivers license.
Another case of home invasion due to a published address in a classified ad, ending in tragedy. Don't be next.

Craigslist diamond ad leads to deadly home invasion, police say - CNN.com

Friday, April 30, 2010

Your Birth Date is Prime Material for ID Theft

So you think that letting the world know your birth date is not an issue? Try telling that to ID thieves around the world who depend on using your birthday as the trifecta of information to assume your identity. The trifecta includes your social security number, name and date of birth. That is all that is needed to make your life a living hell of identity destruction.

To find out just how public your date of birth is use the following website http://www.birthdatabase.com/ . Type in your name or someone you know. Many US born citizens are now listed publicly. The WHOIS database lists the registrant and administrator of the website as:
Greencove Services Ltd.
PO Box 146Road
Tortola NA VG
Phone: +507.5072021221

An offshore firm is maintaining a list of potentially millions of birth records. The next question is how did they ascertain this information? Is it legal? Many states and counties now have strict requirements against anyone except the person named on the birth certificate to obtain the information.

I would strongly suggest that everyone reading this tell their friends and family and start making online complaints about this to the Federal Trade Commission (FTC). You may make an online complaint to the following link: https://www.ftccomplaintassistant.gov/ .

With millions of people subjected to their information leaking through data breaches each year just in the US alone, don't be a victim to another method of ID thieves gaining access to your personal information. Write your Members of Congress and State Legislature to pass tough privacy laws. There is a reason the European Union and various countries do not suffer the mass amount of data breaches; they have tough laws.

Wednesday, April 21, 2010

Legal Syping Via Mobile Phone - Who's listening to your voicemail?

Private parties legally gather all caller ID data in a given region, find your name, access your voicemail, texts, conversations ad in-person meetings, all through your phone.

The Chief Information Officer of the Consular Chamber or Commerce refuses to carry a mobile phone. Heres' why:

Legal spying via the cell phone system | InSecurity Complex - CNET News

Friday, April 16, 2010

Guess Who's Coming to Dinner...

Defcon Las Vegas Hacker Conference Chooses Private Homes over Hotel Rooms « Chez Paulina
Look who's coming to the neighborhood! Shut off your wireless, they hackers are back in town soon. Many Las Vegans have grown accustomed to the antics of the annual hacker convention when the cyphers invade and want to show the weakness in every computer system they can.

Residents complain about being hacked when accessing public internet connections, or having their phones hacked via open bluetooth connections. With that in mind, some are concerned about them staying in neighborhoods full of wireless routers.

Protection can be had, however, for a price. The Consular Chamber of Commerce Consultancy offers IAPP-certified expertise to keep things running smoothly. Yes, you may be hiring some of the participants in the conference itself, but if you can't beat 'em...

How much do you trust that bouncer?

Australian nightclubs feel they are leading the way in scanning and retaining ID's, and even biometric data, of patrons.

No, it isn't a joke.

The more sophisticated will of course throw their heads back and laugh before walking down the street to a club with a clue. Giving a nightclub operator carte blanche to steal the patron's ID, or to lose it to a thieving employee with virtually no consequence, is not smart.

Privacy concerns as clubs roll out ID scanning - ABC News (Australian Broadcasting Corporation)

"Nightclub operators, and private business in general, are not qualified to hold your ID. Show it to them, but never hand it to them. Refuse, deny, walk out. If you operate such an establishment, understand the liability of allowing your employees to demand this info. One cell phone photo of an ID, and it's over for you." - Jonathan Warren

Monday, April 5, 2010

UN Preparing International Privacy Treaty

A business seeking to outsource an operation in the United States may find it does not violate privacy law by contracting with a firm in a jurisdiction completely outside the laws of the US. A german firm may find that it is breaking the law by contracting with a service provider in the US or India, when transferring personally identifiable information is necessary.

These and other situations are leading the United Nations to act further on best practices regarding international privacy, which it published in November. A United Nations Privacy Treaty could be just around the corner.

UN treaty on privacy possible - technology | Stuff.co.nz

Friday, March 26, 2010

Privacy Settings: Don't blame your tools for your work results

Articles regarding privacy evaporation, and blaming the phenomenon on social networks, makes for lots of readers. But the reality is, the social networks are seldom to blame for the embarrassing and often dangerous positions people put themselves in regarding online information sharing.

A review of privacy settings can virtually eliminate the risk of unwanted sharing. Like anything else, users need to make sure they understand the powerful tool of a Twitter or Facebook account before they begin using it. Yes, you have to read.

Linkedin, Facebook, Plaxo, Twitter, Myspace and others actually provide some of the best methods for perserving personal privacy, when they are utilized properly. In fact, many use these services instead of standard email because they mask your IP address to the public, and are capable of offering just the information you want to be presented to the public at large. They also allow you to cut off or prevent communications from any user with a simple click.

Don't Blame Facebook for the Erosion of Online Privacy - Business - The Atlantic

To review your privacy settings and your overall presentation, have a trusted friend or a personal privacy consultant go through your social networking membership page, and provide feedback. A professional can tell you what information can be gleaned from your entries, which is critical in protecting yourself online.

Monday, March 22, 2010

High-tech copy machines a gold mine for data thieves - thestar.com

Beware: You now have to verify deletion of digital files kept from paper copies, in order to protect yourself. High-tech copy machines a gold mine for data thieves - thestar.com

Friday, March 12, 2010

Many Mobile Phones Now Equipped to Detect Personal Activity, Not Just Location

The newest incarnation of the cellular phones offered by most manufacturers contain "accelerometers". These sophisticated sensors are easily co opted to determine what exactly the carrier is doing. The phone can tell if you are walking, sitting, driving, even eating.

Manufacturers of the co opting software and additional add-ons are are quick to point out the potential uses for employers.

BBC News - Mobile that allows bosses to snoop on staff developed

The obvious ramifications for privacy are tremendous. Access of the data falling into the wrong hands could bring about an entirely new level of thievery and voyeurism, especially in light of the Obama Administration's recent statement that Americans have "no reasonable expectation of privacy" as to the location history of their mobile phones.

The likelihood of acceptance, however, as a so-called "self protection" measure, or "mothering" feature is likely to allow for mass use, according to some industry leaders.

Wednesday, March 10, 2010

DMV to Scan Your Hand for Employment: Senators Schumer (D) & Graham (R)

In what some are calling a case of monumental buffoonery, the Senate is about to consider a bill which would not only create a giant new bureaucracy and a new ID card which every employed person will have to buy, it also will have you going to the DMV to have your hand scanned. No kidding.

The new ID card is supposed to have something biometric "like fingerprints" to connect the holder to the card. The card is supposed to also verify that the holder is working legally. To make matters worse, employers are expected to buy $800 hand scanners from some lucky government contractor (probably in a state where a senator supports this nonsense) so that they can become the defacto immigration patrol.

Waiting in the wings are the thousands of scammers who will simply obtain the driver's licenses under fake pretenses to begin with, thereby using the ridiculous new ID card to buoy up the scam. The DMV simply is not qualified to verify immigration status.

If the motive for this legislation were anything other than pork barrel contractor gains, it would not exist. The passport already does more than the capabilities of the new ID card. In no country but the U.S. can you work, drive, open a bank account or climb on a domestic or international flight with any ID other than a passport.

The passport is verified by the State department of the issuing country, standardized as to content and structure by international treaty, internationally recognized, issued by all countries all over the world through consulates, and already held by millions. It is the toughest ID to fake, and the easiest faked ID to catch.

Contact Senator Schumer (http://schumer.senate.gov/new_website/contact.cfm) and Senator Graham (http://lgraham.senate.gov/public/index.cfm?FuseAction=Contact.EmailSenatorGraham) and let them know that your passport is the only ID you will get for work, and all you will require of your workers.

Sign the petition to make the Passport the only US National ID, on Facebook at http://apps.facebook.com/causes/causes/424117/about

Read the full story:

Worker ID Card at Center of Immigration Plan - WSJ.com

WARNING: Copy Machines Save Everything You Copy

Before you copy that tax return, your ID, child's passport application, or legal documents, you'd better check the privacy policy of the copy machine owner.

Copy machines are not the Mimiagraph machines of old. They are computers attached to very sophisticated scanners. Whatever you copy is stored in that computer. For how long? Ask the machine's owner.

Where does your lawyer make copies? Who copied your loan application? what about that lease? Who copied your daughters's school amission forms? All of those images are easily extracted from the copier, usually with a laptop, and not always by the owner. Who has access to copiers containing your private information?

Chances are, you shouldn't risk copying anything with personal information on any copy machine which you do not own.

Copy Machines Can Store Your Private Info - wbztv.com

Tuesday, March 9, 2010

Classmates.com Sued Over Privacy Setting Change

Changing privacy options without giving users the whole picture and a real opt-out option can be risky. Classmates.com apparently hoped nobody would notice.

MediaPost Publications - High School Reunion Ruin: Classmates.com Sued Over Opt-Out Privacy Setting Change 03/09/2010

Lifelock to pay $12 Million in False ID Theft Protection Claims Settlement

"...Protection actually provided left enough holes that you could drive a truck through it" - FTC

03.09.2010 International Association of Privacy Professionals--/

In a press conference held Tuesday, March 9, Federal Trade Commission (FTC) Chairman Jon Leibowitz and Illinois Attorney General Lisa Madigan announced that LifeLock, Inc., has agreed to pay $11 million to the FTC and $1 million to a group of 35 state attorneys general to settle charges that the company’s claims of providing 100-percent protection against identity theft were false.

“While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” Leibowitz said.

In addition to the $12 million settlement, LifeLock and its co-founders Richard Todd Davis and Robert J. Maynard, Jr. are prohibited from making deceptive claims and required to better safeguard customers’ personal information.

According to the FTC’s complaint, LifeLock’s claims included protecting against identity theft “ever happening to you” and being “the first company to prevent identity theft from occurring.” The FTC, however, contended that LifeLock’s practice of placing fraud alerts on its customers’ credit reports only protected them against specific types of ID theft, but had no effect on the most common form: the misuse of existing credit card and bank accounts.

“There is nothing you can do or purchase that will provide you with a 100-percent
guarantee against identity theft,” Madigan said during Tuesday’s announcement, urging consumers to be aware of the steps they can take to protect their personal information. “Most of what they did you can do on your own, and you can do it for free.”

In addition to what the FTC described as deceptive identity theft protection claims, Leibowitz noted that LifeLock’s own data security practices did not adequately protect its customers’ information.

According to an FTC press release issued after Tuesday’s conference, LifeLock routinely collected sensitive information from its customers, including their Social Security numbers and credit card numbers, but did not encrypt the data. Additionally, the FTC alleges, “sensitive consumer information was not shared only on a ‘need to know’ basis…the company’s data system was vulnerable and could have been exploited by those seeking access to customer information.”

The FTC has confirmed it will use the $11 million it receives from the settlements to provide refunds to consumers. For more information, visit www.ftc.gov/lifelock.

Jennifer L. Saunders IAPP

Wednesday, February 24, 2010

Google Execs Convicted on Privacy Charges

International Association of Privacy Professionals (IAPP)/- 24 Feb. 2010

(Updated 1:31 p.m. ET)

In a decision that is expected to have ramifications worldwide, an Italian judge convicted three Google executives on privacy violations in Milan court today. Global Privacy Counsel Peter Fleischer and two other executives were found guilty of failing to comply with Italian privacy code in allowing a disparaging video to be posted online. A fourth defendant was acquitted.

Google described the decision as an “astonishing” attack on freedom of expression on the Internet. All three will appeal the decision.

Judge Oscar Magi ordered a six-month suspended jail sentence and fines forPeter Fleischer
Chief Counsel of Global Privacy among those convicted. Fleischer, Chief Legal Officer David Drummond and former Google Italy board member George De Los Reyes. The three were absolved of defamation charges.

Outside the Milan courthouse, public prosecutor Alfredo Robledo said the decision sends a clear signal. "A company's rights cannot prevail over a person's dignity.”

The trial stems from the posting of a video to Google Video—a YouTube predecessor—that showed teenage boys taunting a classmate with Down syndrome. Prosecutors charged that the executives did not do enough to keep the offensive video off its site.

The case opened the door for a debate about who is responsible for content posted to the Internet. EU law is cloudy concerning user-generated content.

In a statement, Peter Fleischer said the ruling sets a dangerous precedent. “If company employees like me can be held criminally liable for any video on a hosting platform…then our liability is unlimited.” He said today’s decision raises questions for the operators of many Internet platforms.

The ruling has provoked reactions from privacy and legal experts worldwide. “It is quite hard to comment on such an incredible sentence,” said Rome lawyer and privacy expert Rocco Panetta of Panetta & Associati, who described the sentence as “most interesting from a legal point of view” and one that “needs to be assessed with prudence.”

A Centre for Information Policy Leadership advisor likened the decision to prosecuting the post office for hate mail that is sent in the post. “I find it worrying that the chief privacy officer who had nothing to do with the video has been found guilty,” said Richard Thomas. “It is unrealistic to expect firms to monitor everything that goes online.” - IAPP

Saturday, February 13, 2010

Obama Administration: "No reasonable expectation of privacy" of your mobile phone locations tracking


The Obama administration has asserted its authority to maintain what it earlier referred to as Bush-era, draconian, big brother privacy invasion of American citizens.

With all of the next-generation mobile phones giving away your location to anyone interested enough to look, a new buffet of opportunities may be provided to your local criminal.


Think you have nothing to hide? As yourself if you would answer these questions if posed by some stranger in a parking lot:

1. Where do you sleep?
2. Where do your kids sleep?
3. When are you home?
4. When are your kids home without you?
5. When is nobody home?
6. Where do you work?
7. When are you at work?
8. Where do you bank?
9. When do you go to the bank?
10. Where do you go on Saturday night?
11. Where were you on X date last year?
12. What schools do your kids go to?
13. How do they get home from school?

Do these make you uncomfortable? If so, you may in fact have 'something to hide'.

The obvious point is that having 'nothing to hide' is relative. Nothing to hide from Whom?

Nothing to hide from "the Government"? Which Government? Nothing to hid from government employees? Nothing to hide from government contractors? Nothing to hide from your next door neighbor? Nothing to hide from your co-worker? Nothing to hide from you next-door neighbor's daughter's degenerate brother-in-law? Nothing to hide from your co-worker's criminal cousin visiting from Milwaukee? Nothing to hide from the home invader lurking in the parking lot of the grocery store, looking for his next victim?

Exactly how open are you with your your invitation for others to view your private information?


Apparently, according to the Obama Administration, you have "no reasonable expectation of privacy" of the tracking information produced by your mobile phone.

Feds push for tracking cell phones | Politics and Law - CNET News

As always, the federal government cites terrorism as its reason for needing the capability of tracking granny as she buys her depends, or Dad's stop at a slot machine. But so far, they've only shown use against American Citizens in garden-variety crimes as their told-you-so moments.

Many of course would argue that allowing such tracking to fall outside the realm of constitutional privacy puts Americans at risk of criminal activity and government abuse. As Obama argued in his campaign, the government has a strong and valid system for obtaining warrants for the searches they claim they need. They seem to some to be addicted to the voyeurism, however, facilitated by the practices of previous administrations.

Thursday, February 11, 2010

Religious Right Weighs In On Human Tracking Chips

The religious right is beginning to voice concern of the concept of mandatory human chipping. The practice of forceably installing tracking chips in human beings has been proposed by others on the right, as a means of tracking people who have lost their civil rights, such as certain kinds of convicted criminals.

The State of Virginia has cited religious freedoms in its decision to outlaw the practice:

House Oks Bill Banning Implanted Tracking Devices | WSLS 10

Del. Mark L. Cole (R-Fredericksburg), the bill's sponsor, said that privacy issues are the chief concern behind his attempt to criminalize the involuntary implantation of microchips. But he also said he shared concerns that the devices could someday be used as the "mark of the beast" described in the Book of Revelation in the Christian Bible.

Full story of the run-up to the vote Washington Post

Wednesday, February 10, 2010

The government has your baby's DNA - CNN.com

Hospitals have been collecting and keeping the DNA of our children for years.

The government has your baby's DNA - CNN.com

The liability to which the the Government exposes itself by this carelessness is so catastrophic, it is difficult to tally. The opportunity for government employee abuse and a new "perfect crime" level of identity theft are obvious.

And here come the class actions...

Friday, February 5, 2010

European Parliament rejects EU-US counter-terrorism deal on sharing of personal financial data

It's Official: No deal between the US and the EU on bank transfer data sharing. The US is officially out of the loop from here on, regarding SWIFT international bank transfer information.


Thursday, February 4, 2010

Secretary Clinton calls parliament chief in attempt to save bank data deal

EUobserver / Clinton calls parliament chief over bank data deal

US Secretary of State Clinton has called the EU Chief of Parliament in attempts to save the now flatlining deal to turn over bank transfer information to the US.


Wednesday, February 3, 2010


SWIFT Says No Transfers until Parliament Votes

The Society for Worldwide Interbank Financial Transactions (SWIFT) says it will not share European banking data with U.S. officials, pending further action by the European Parliament, reports Handelsblatt (in German).

On February 10, Parliament will vote whether to accept the SWIFT agreement reached between U.S. authorities and the EU Council of Ministers late last year, prior to the Lisbon Treaty going into effect. The agreement allows for the sharing of European citizens' transaction data with the U.S. Justice Department for counterterrorism efforts. Under the deal, SWIFT was to have resumed the data sharing as of February 1, but the society now says it will not engage in such transfers until Parliament has had its say.

It is widely expected that Parliament will vote against extending the agreement next week. "This shows that companies in the EU take Parliament seriously," says Henriette Tielemans, a partner in the Brussels office of Covington & Burling LLP. "It also shows that Parliament has every intent to use the powers that it received under the Lisbon Treaty."

Monday, February 1, 2010

EU Parliament to Reject US Demand for Bank Transfer Data

Recent years of what some have described as over-reaching US policy has lead to a backlash from the European Parliament.

SWIFT, the Society for Worldwide Funds Transfers, is the mechanism by which nearly all international bank transfers are sent and received, and by which funds are verified internationally. SWIFT handles some 15 million international money transfers each day.

Secret deals during the last decade moved SWIFT servers from Europe to US Soil, so that US intelligence agencies could monitor money transfer activity over the SWIFT system. This arrangement met with severe opposition when it saw the light of day in 2009, as SWIFT defied US requests and moved its servers back to Europe.


Now the European Parliament is likely to spike a deal which would allow US terrorism investigators access to European bank transfer data. Privacy advocates oppose the deal and Germany's Federal Criminal Police Office says the data profiling is ineffective in counter terrorism efforts.

Friday, January 29, 2010

US Loses Ground in Swiss Diplomatic Banking Standoff




The case follows a deal in August in which Switzerland agreed to give data to authorities in the United States on as many as 4,450 UBS accounts to settle a lawsuit in which the United States had sought information on as many as 52,000 accounts. This ruling throws doubt on whether Switzerland will be able to turn over all 4,450 accounts.

Tuesday, January 19, 2010

2 in 5 Employers Admit Eliminating Candidates Due To Facebook Profile

Creditors have already admitted to screening you on Facebook, now its employers. Half of employers now admit to screening your facebook profile as part of the hiring process.

COMPLETE STORY from CareerBuilder.co.uk

What if they have the wrong person? Search for friends by your own name, and see how many pop up. Could you be confused with them? What if one of those other people with your name decides to pretend to be your facebook profile, to improve their chances of getting a job, or even credit?

A new Facebook application can make sure your profile checks out as yours, and that nobody else's can pretend to be you. Identify.nu, a service of the Consular Chamber of Commerce has created a global platform whereby members provide passport copies to consular officers anywhere in the world, who then verify and legalize a copy of the passport for upload to identify.nu secure servers in Denmark. The member always owns and can delete the data.


Members can trade passport identification with other members, and can authorize social networking interfaces like Facebook and even Gmail to display certain criteria, such as the name, age and confirmation that a full passport copy including passport photo is on file and can be provided to other members when authorized by the identified person.

Credit Issuers Turn to Social Networks to Profile You

It's not just your score anymore. Now it's your friend list too.

CNBC: "They're able to scour the social media universe. They are constantly listening and reporting back."

-Jesse Torres, CEO of Pan American Bank in Los Angeles, regarding the new Social Network Information Aggrigators


Monday, January 11, 2010

New Hampshire Bars RFID

Leading the nation in what is sure to be a wildfire of similar legislation, NH House votes to bar the unauthorized implants of tracking chips in people and clothing, criminalizes the use of RFID for tracking consumers.


In a further sign of things to come, the State is updating its anti-skimming laws to prohibit the closing of data broadcast by RFID-enabled credit and debit cards. The affect may render RFID without value to retailers otherwise supporting its use.

Local Governments Not Qualified to Handle Personal Data

Yet another example of local government offices unqualified to handle personally identifiable information.

THINK TWICE before you turn over any personal document or information to local government, or even worse, any government contractor.


Confidential information abandoned in forgotten Houseing Authority building