Archive for Privacy
Author: Dave Lewis
May 16, 2008 at 7:55 am · Filed under Data Security, Privacy
Always one for grabbing the spotlight (inexplicably at times) Farrah Fawcett has forgiven the hospital staffer that leaked her personal info.
From Starpulse:
Farrah Fawcett has forgiven the hospital worker accused of selling her confidential medical details to the media, insisting she’s just a “pawn” in the system.
Lawanda Jackson has been indicted by a federal jury and stands accused of snooping through celebrities’ medical records while working as an administrative specialist at Los Angeles’ UCLA Medical Center from 2006 to 2007.
A Los Angeles Times newspaper investigation suggested Jackson was responsible for alerting the National Enquirer to Fawcett’s current cancer battle before the actress had time to tell her family and friends about the health crisis.
Pawn or not it still doesn’t excuse the behaviour of this staffer. Medical records are not open season.
Article Link
Author: Dave Lewis
May 16, 2008 at 7:43 am · Filed under Conventions, Privacy
As I was reducing my email inbox down to zero (miracle of miracles) I noticed that the Last Hope mailing list had an interesting gem.
From the email:
This summer, hackers from around the world will track the movements of thousands of visitors to New York City.
As part of a social experiment, attendees at a hacker conference in July will be issued badges with electronic tracking devices. Large displays will show in real-time where people go, with whom they associate, for how long and how often.
The tracking technology, known as RFID, is fast becoming an unseen part of everyday life. This July, for the very first time, the general public will be able to participate in the transparent operation of a major RFID tracking program.
Conference attendees will participate in games built around the tracking system. Players will seek ways to protect their privacy, find vulnerabilities in the tracking system, employ data mining techniques to learn more about other participants, and choose how much personal information they will disclose in order to play.
I find it a little creepy that they will be able to track my movements at the show. Then again I can tell you exactly my movements.
1) get coffee
2) see speaker
3) get coffee
4) see speaker
5) get…
You get the idea.
The first 1500 pre registered attendees will get one of these passes. I’ll be sure to upload some pics as soon as I get it in my hands. For more of this check out the Last Hope website.
Article Link
Author: Dave Lewis
May 13, 2008 at 9:14 pm · Filed under Privacy, Search
After numerous attempts by folks to get Google to remove their faces from Street View, Google is now blurring faces. A quick and easy way to obscure people’s identity. Especially helpful if you’re, say, a prominent musician leaving a German brothel.
Nah, that wouldn’t have helped him. Damn you Roxanne.
From CNET:
The technology uses a computer algorithm to scour Google’s image database for faces, then blurs them, said John Hanke, director of Google Earth and Google Maps, in an interview at the Where 2.0 conference here.
Google has begun testing the technology in Manhattan, the company announced on its LatLong blog. Ultimately, though, Hanke expects it to be used more broadly.
Dealing with privacy–both legal requirements and social norms–is hard but necessary, Hanke said.
“It’s a legitimate issue,” he said. He likened the issues some have with Street View to the ones that took place when Google introduced aerial views to Google Maps. It took time for the public, regulators, and Google to get comfortable with the feature, but, “It needs that debate. We see that and try to let it play out.”
So, is this an improvement? What do you think?
Article Link
Author: Dave Lewis
May 4, 2008 at 7:51 pm · Filed under Data Security, Privacy
Morning mail call.
I may already be a winner, check.
$10,000 from Publishers Clearing House, indeed.
Ah, tax forms…with the social security number on the label. WTF?
From Tulsa World:
Tax forms were sent out to thousands of people in Wisconsin with their Social Security numbers on the mailing labels. A vendor hired by the state of Georgia lost a computer disk with the names and Social Security numbers of 2.9 million people. A disk with similar information disappeared in Rhode Island.
While some of the biggest and most spectacular privacy breaches in recent years have happened at large corporations, state governments have also mishandled or failed to protect some of the sensitive information entrusted to them — data that identity thieves would love to get their hands on.
Yet most states don’t have statewide privacy officers in charge of safeguarding data, statewide policies on protecting sensitive material, or standing procedures for responding to breaches.
Sloooowly things improve. Yet, still not fast enough.
Article Link
Author: Dave Lewis
April 23, 2008 at 1:32 pm · Filed under Legal Aspects, Privacy
From Threat Level/Wired:
Federal agents at the border do not need any reason to search through travelers’ laptops, cell phones or digital cameras for evidence of crimes, a federal appeals court ruled Monday, extending the government’s power to look through belongings like suitcases at the border to electronics.
The unanimous three-judge decision reverses a lower court finding that digital devices were “an extension of our own memory” and thus too personal to allow the government to search them without cause. Instead, the earlier ruling said, Customs agents would need some reasonable and articulable suspicion a crime had occurred in order to search a traveler’s laptop.
On appeal, the government argued that was too high a standard, infringing upon its right to keep the country safe and enforce laws. Civil rights groups, joined by business traveler groups, weighed in, defending the lower court ruling.
The 9th U.S. Circuit Court of Appeals sided with the government, finding that the so-called border exception to the Fourth Amendment’s prohibition on unreasonable searches applied not just to suitcases and papers, but also to electronics.
Well, there are always ways to store your data elsewhere and not carry it on your laptop. This is not meant with the criminal element in mind. But, if you have business information on your system that you are afraid might be gathered in the course of a search (don’t laugh, it happens in France) then encrypt it or leave it at home. There are ways to hide your data in plain sight. Here is, one of my favs, the USB watch.
Or the James Bond-esque USB pen. No, it doesn’t shoot poison darts with this particular model.
Article Link
Author: Dave Lewis
April 22, 2008 at 7:58 am · Filed under Access Control, Education, Privacy
In the world of bad ideas we have seen a remarkable array. There was hair in a can, the car-b-q and the pocket fisherman to name a few. Sure they have camp value but, you wouldn’t rely on any of them as a matter of practice. So, why then do people hand over their passwords for chocolate? Or, as in this case, for convenience of an online service.
Maybe that’s just it.
People have so many passwords that they are falling out of their ears in a lot of cases. Passwords are frequently viewed by the average user as little more than an irritant. They’re not given the importance that people might assign to the banking PIN number. This type of thinking inevitably leads to sticky notes on computers and inane passwords such as “password”, “letmein” and “secret”.
Today (Monday) I read about a service called Clipperz on the Web Worker Daily. This is an online service that will store your passwords for you. Maybe my professional paranoia of the last decade+ as a security operator has rotted my brain but, how is this realistically a good idea?
No ill will intended to the folks at Clipperz. I’m sure they have all the right intentions and have taken proper steps to ensure security.
From Web Worker:
Obviously, security and privacy are a consideration when using such a service. I liked that no personally identifying information is required for registration, not even an email address. On the security side, Clipperz says that all data is encrypted or decrypted locally at the browser level and that even your secure passphrase is never saved or sent to the server. They make the source code available for security review and I found no indication from anyone who questioned their methods.
That isn’t the part that gets me. It’s the message that this conveys to the user. Sure, you don’t know me but, trust me.
I’ll store your password for you.
Want some chocolate?
Article Link
Author: Dave Lewis
April 6, 2008 at 9:29 am · Filed under Privacy
Um, huh? A couple in Pennsylvania is suing Google to the tune of $25K+ for “pain and suffering” after their house showed up on Google Street View. The house was purchased for $163,000 according to “The Smoking Gun“. So, this begs the question. Just how ugly is their house that it would cause that much pain and suffering?
From Boston.com:
Aaron and Christine Boring bought the home in Franklin Park, a Pittsburgh suburb, in October 2006 for a “considerable sum of money,” according to their 10-page lawsuit filed Wednesday in Allegheny County Common Pleas Court.
“A major component of their purchase decision was a desire for privacy,” the lawsuit said.
The suit targets the company over images on its website, which allows users to find street-level photos by clicking on a map. To gather the photos, Google uses vehicles with mounted digital cameras to take pictures up and down the streets of major metropolitan areas.
The Borings say the images of their home on the Google site had to be taken from their long driveway, labeled “Private Road,” and that violated their privacy.
“There’s no merit to this action,” Google spokesman Larry Yu said. “It is unfortunate litigation was chosen to address the concern because we have visible tools, such as a YouTube video, to help people learn about imagery removal and an easy-to-use process to facilitate image removal.”
Yes, but, then they couldn’t have the chance to win the lottery if they had followed the steps.
Article Link (via slashdot)
Tags: Privacy, Google Sued, Google Street View
Author: Dave Lewis
March 25, 2008 at 7:26 am · Filed under Privacy, Web Security
Due to a case of ‘whoops’ the popular social networking site, Facebook, punted on privacy Monday.
From the Associated Press:
The Associated Press verified the loophole Monday after receiving a tip from a Byron Ng, a Vancouver, Canada computer technician. Ng began looking for security weaknesses last week after Facebook unveiled more ways for 67 million members to restrict access to their personal profiles.
But the added protections weren’t enough to prevent Ng from pulling up the most recent pictures posted by Facebook members and their friends, even if the privacy settings were set to restrict the audience to a select few.
After being alerted Monday afternoon, Facebook spokeswoman Brandee Barker said the Palo Alto-based company fixed the bug within an hour.
“We take privacy very seriously and continue to make enhancements to the site,” she said.
The latest lapse serves as another reminder of the perils of sharing sensitive photos and personal information online, even when Web sites pledge to shield the information from prying eyes.
It’s good to see that Facebook fixed the problem quickly. But more importantly people have to realize that they’re always taking a chance when putting private information onto a website over which they have no control. There is no real guarantee that your information will be safe. Have a long pause before you post things on a site such as Facebook (not beating on them). Never know who could be looking.
Article Link
Author: Dave Lewis
March 24, 2008 at 7:16 am · Filed under Legal Aspects, Privacy
From the Globe and Mail:
Eighteen months ago, Lakehead University in Thunder Bay, Ont., had an outdated computer system that was crashing daily and in desperate need of an overhaul. A new installation would have cost more than $1-million and taken months to implement. Google’s service, however, took just 30 days to set up, didn’t cost the university a penny and gave nearly 8,000 students and faculty leading-edge software, said Michael Pawlowski, Lakehead’s vice-president of administration and finance.
U.S.-based Google spotlighted the university as one of the first to adopt its software model of the future, and today Mr. Pawlowski boasts the move was the right thing for Lakehead, saving it hundreds of thousands of dollars in annual operating costs. But he notes one trade-off: The faculty was told not to transmit any private data over the system, including student marks.
The U.S. Patriot Act, passed in the weeks after the September, 2001, terrorist attacks in the United States, gives authorities the means to secretly view personal data held by U.S. organizations. It is at odds with Canada’s privacy laws, which require organizations to protect private information and inform individuals when their data has been shared.
Article Link
Tags: Google, Google Privacy, Patriot Act
Author: Dave Lewis
March 21, 2008 at 8:19 pm · Filed under Privacy
Wow, just freaking wow.
From NewTeeVee:
If you have some tinfoil handy, now might be a good time to fashion a hat. At the Digital Living Room conference today, Gerard Kunkel, Comcast’s senior VP of user experience, told me the cable company is experimenting with different camera technologies built into devices so it can know who’s in your living room.
The idea being that if you turn on your cable box, it recognizes you and pulls up shows already in your profile or makes recommendations. If parents are watching TV with their children, for example, parental controls could appear to block certain content from appearing on the screen. Kunkel also said this type of monitoring is the “holy grail” because it could help serve up specifically tailored ads. Yikes.
That’s it, uncle.
If anyone needs me I’ll be in the fall out shelter drinking Tang.
Article Link
Tags: Comcast Surveillance, Comcast, Invasion Of Privacy
Next entries »
Explore
Security Bloggers Network
