Entries Tagged "privacy"

Page 118 of 144

ID Cards to Stop Bullying

No, really:

“Introducing photo ID cards will help bring an end to bullying over use of ‘cash free’ cards for school meals, will assist with access to school bus services and, ultimately, can be used to add security to school examinations,” he said.

“SSTA members report frequently that young people are bullied into handing over their cards for school meals to others, thus leaving them without their meal entitlement.

“With non-identified cards this will remain a problem. If photo ID is introduced widely, then the problem will dramatically reduce.”

He said that introducing such a system would also help prepare young people for “the realities of identity management in the 21st Century”.

I agree with this:

However, Green MSP Patrick Harvie said the suggestion was troubling.

“We should be preparing young people for the reality of defending their privacy and civil liberties against ever-more intrusive government systems,” he argued.

“We’ve heard proposals for airport-style scanners and random drug testing in schools, fingerprinting is already in place in some schools. There’s a risk of creating environments which feel more like penal institutions than places of learning.

“These ID cards will do absolutely nothing to address the causes of bullying. Instead they will teach the next generation that an ID card culture is ‘normal’, and that they should have to prove their entitlement to services.”

It’s important that schools teach the right lessons, and “we’re all living in a surveillance society, and we should just get used to it” is not the right lesson.

Posted on January 4, 2007 at 6:17 AMView Comments

DHS Privacy Office Report on MATRIX

The Privacy Office of the Department of Homeland Security has issued a report on MATRIX: The Multistate Anti-Terrorism Information Exchange. MATRIX is a now-defunct data mining and data sharing program among federal, state, and local law enforcement agencies, one of the many data-mining programs going on in government (TIA—Total Information Awareness—being the most famous, and Tangram being the newest).

The report is short, and very critical of the program’s inattention to privacy and lack of transparency. That’s probably why it was released to the public just before Christmas, burying it in the media.

Posted on January 3, 2007 at 11:58 AMView Comments

OneDOJ

Yet another massive U.S. government database—OneDOJ:

The Justice Department is building a massive database that allows state and local police officers around the country to search millions of case files from the FBI, Drug Enforcement Administration and other federal law enforcement agencies, according to Justice officials.

The system, known as “OneDOJ,” already holds approximately 1 million case records and is projected to triple in size over the next three years, Justice officials said. The files include investigative reports, criminal-history information, details of offenses, and the names, addresses and other information of criminal suspects or targets, officials said.

The database is billed by its supporters as a much-needed step toward better information-sharing with local law enforcement agencies, which have long complained about a lack of cooperation from the federal government.

But civil-liberties and privacy advocates say the scale and contents of such a database raise immediate privacy and civil rights concerns, in part because tens of thousands of local police officers could gain access to personal details about people who have not been arrested or charged with crimes.

The little-noticed program has been coming together over the past year and a half. It already is in use in pilot projects with local police in Seattle, San Diego and a handful of other areas, officials said. About 150 separate police agencies have access, officials said.

But in a memorandum sent last week to the FBI, U.S. attorneys and other senior Justice officials, Deputy Attorney General Paul J. McNulty announced that the program will be expanded immediately to 15 additional regions and that federal authorities will “accelerate . . . efforts to share information from both open and closed cases.”

Eventually, the department hopes, the database will be a central mechanism for sharing federal law enforcement information with local and state investigators, who now run checks individually, and often manually, with Justice’s five main law enforcement agencies: the FBI, the DEA, the U.S. Marshals Service, the Bureau of Prisons and the Bureau of Alcohol, Tobacco, Firearms and Explosives.

Within three years, officials said, about 750 law enforcement agencies nationwide will have access.

Computerizing this stuff is a good idea, but any new systems need privacy safeguards built-in. We need to ensure that:

  • Inaccurate data can be corrected.
  • Data is deleted when it is no longer needed, especially investigative data on people who have turned out to be innocent.
  • Protections are in place to prevent abuse of the data, both by people in their official capacity and people acting unofficially or fraudulently.

ln our rush to computerize these records, we’re ignoring these safeguards and building systems that will make us all less secure.

Posted on January 2, 2007 at 11:55 AMView Comments

Secure Flight Privacy Report

The Department of Homeland Security’s own Privacy Office released a report on privacy issues with Secure Flight, the new airline passenger matching program. It’s not good, which is why the government tried to bury it by releasing it to the public the Friday before Christmas. And that’s why I’m waiting until after New Year’s Day before posting this.

Secure Flight Report: DHS Privacy Office Report to the Public on the Transportation Security Administration’s Secure Flight Program and Privacy Recommendations“:

Summary:

The Department of Homeland Security (DHS) Privacy Office conducted a review of the Transportation Security Administration’s (TSA) collection and use of commercial data during initial testing for the Secure Flight program that occurred in the fall 2004 through spring 2005. The Privacy Office review was undertaken following notice by the TSA Privacy Officer of preliminary concerns raised by the Government Accountability Office (GAO) that, contrary to published privacy notices and public statements, TSA may have accessed and stored personally identifying data from commercial sources as part of its efforts to fashion a passenger prescreening program.

These new concerns followed much earlier public complaints that TSA collected passenger name record data from airlines to test the developmental passenger prescreening program without giving adequate notice to the public. Thus, the Privacy Office’s review of the Secure Flight commercial data testing also sought to determine whether the data collection from air carriers and commercial data brokers about U.S. persons was consistent with published privacy documents.

The Privacy Office appreciates the cooperation in this review by TSA management, staff, and contractors involved in the commercial data testing. The Privacy Office wishes to recognize that, with the best intentions, TSA undertook considerable efforts to address information privacy and security in the development of the Secure Flight Program. Notwithstanding these efforts, we are concerned that shortcomings identified in this report reflect what appear to be largely unintentional, yet significant privacy missteps that merit the careful attention and privacy leadership that TSA Administrator Kip Hawley is giving to the development of the Secure Flight program and, in support of which, the DHS Acting Chief Privacy Officer has committed to provide Privacy Office staff resources and privacy guidance.

I’ve written about Secure Flight many times. I suppose this is a good summary post. This is a post about the Secure Flight Privacy/IT Working Group, which I was a member of, and its final report. That link also includes links to my other posts on the program.

Posted on January 2, 2007 at 7:24 AMView Comments

Tracking Automobiles Through their Tires

Automobile tires are now being outfitted with RFID transmitters:

Schrader Bridgeport is the market leader in direct Tire Pressure Monitoring Systems. Direct TPMS use pressure sensors inside each tire to transmit data to a dashboard display alerting drivers to tire pressure problems.

I’ll bet anything you can track cars with them, just as you can track some joggers by their sneakers.

As I said before, the people who are designing these systems are putting “zero thought into security and privacy issues. Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies. Not on purpose, not because they’re evil—just because it’s easier to ignore the externality than to worry about it.”

Posted on December 27, 2006 at 7:44 AMView Comments

Automated Targeting System

If you’ve traveled abroad recently, you’ve been investigated. You’ve been assigned a score indicating what kind of terrorist threat you pose. That score is used by the government to determine the treatment you receive when you return to the U.S. and for other purposes as well.

Curious about your score? You can’t see it. Interested in what information was used? You can’t know that. Want to clear your name if you’ve been wrongly categorized? You can’t challenge it. Want to know what kind of rules the computer is using to judge you? That’s secret, too. So is when and how the score will be used.

U.S. customs agencies have been quietly operating this system for several years. Called Automated Targeting System, it assigns a “risk assessment” score to people entering or leaving the country, or engaging in import or export activity. This score, and the information used to derive it, can be shared with federal, state, local and even foreign governments. It can be used if you apply for a government job, grant, license, contract or other benefit. It can be shared with nongovernmental organizations and individuals in the course of an investigation. In some circumstances private contractors can get it, even those outside the country. And it will be saved for 40 years.

Little is known about this program. Its bare outlines were disclosed in the Federal Register in October. We do know that the score is partially based on details of your flight record—where you’re from, how you bought your ticket, where you’re sitting, any special meal requests—or on motor vehicle records, as well as on information from crime, watch-list and other databases.

Civil liberties groups have called the program Kafkaesque. But I have an even bigger problem with it. It’s a waste of money.

The idea of feeding a limited set of characteristics into a computer, which then somehow divines a person’s terrorist leanings, is farcical. Uncovering terrorist plots requires intelligence and investigation, not large-scale processing of everyone.

Additionally, any system like this will generate so many false alarms as to be completely unusable. In 2005 Customs & Border Protection processed 431 million people. Assuming an unrealistic model that identifies terrorists (and innocents) with 99.9% accuracy, that’s still 431,000 false alarms annually.

The number of false alarms will be much higher than that. The no-fly list is filled with inaccuracies; we’ve all read about innocent people named David Nelson who can’t fly without hours-long harassment. Airline data, too, are riddled with errors.

The odds of this program’s being implemented securely, with adequate privacy protections, are not good. Last year I participated in a government working group to assess the security and privacy of a similar program developed by the Transportation Security Administration, called Secure Flight. After five years and $100 million spent, the program still can’t achieve the simple task of matching airline passengers against terrorist watch lists.

In 2002 we learned about yet another program, called Total Information Awareness, for which the government would collect information on every American and assign him or her a terrorist risk score. Congress found the idea so abhorrent that it halted funding for the program. Two years ago, and again this year, Secure Flight was also banned by Congress until it could pass a series of tests for accuracy and privacy protection.

In fact, the Automated Targeting System is arguably illegal, as well (a point several congressmen made recently); all recent Department of Homeland Security appropriations bills specifically prohibit the department from using profiling systems against persons not on a watch list.

There is something un-American about a government program that uses secret criteria to collect dossiers on innocent people and shares that information with various agencies, all without any oversight. It’s the sort of thing you’d expect from the former Soviet Union or East Germany or China. And it doesn’t make us any safer from terrorism.

This essay, without the links, was published in Forbes. They also published a rebuttal by William Baldwin, although it doesn’t seen to rebut any of the actual points.

Here’s an odd division of labor: a corporate data consultant argues for more openness, while a journalist favors more secrecy.

It’s only odd if you don’t understand security.

Posted on December 22, 2006 at 11:38 AMView Comments

Auditory Eavesdropping

In the information age, surveillance isn’t just for the police. Marketers want to watch you, too: what you do, where you go, what you buy. Integrated Media Measurement, Inc. wants to know what you watch and what you listen to—wherever you are.

They do this by turning traditional ratings collection on its head. Instead of a Nielsen-like system, which monitors individual televisions in an effort to figure out who’s watching, IMMI measures individual people and tries to figure out what they’re watching (or listening to). They do this through specially designed cell phones that automatically eavesdrop on what’s going on in the room they’re in:

The IMMI phone randomly samples 10 seconds of room audio every 30 seconds. These samples are reduced to digital signatures, which are uploaded continuously to the IMMI servers.

IMMI also tracks all local media outlets actively broadcasting in any given designated media area (DMA). To identify media, IMMI compares the uploaded audio signatures computed by the phones with audio signatures computed on the IMMI servers monitoring TV and radio broadcasts. IMMI also maintains client-provided content files, such as commercials, promos, movies, and songs.

By matching the signatures, IMMI couples media broadcasts with the individuals who are exposed to them. The process takes just a few seconds.

Panel Members may sometimes delay watching or listening to a program by using satellite radio, DVRs, VCRs, or TiVo. IMMI captures these viewings with a “look-back” feature that recognizes when a Panel Member is exposed to a program outside of its normal broadcast hour, and then goes back in time (roughly two weeks) to identify it.

These cell phones are given away to test subjects, who get free service in exchange for giving up all their privacy.

I’m sure the company will claim not to actually eavesdrop on in-room conversations, or cell phone conversations. And just how different are these special phones, anyway? Can the software be installed on off-the-shelf phones? Can it be done without the owner’s knowledge or consent? The potential for abuse here is enormous.

Remember, the threats to privacy in the information age are not solely from government; they’re from private industry as well. And the real threat is the alliance between the two.

Posted on December 19, 2006 at 6:54 AMView Comments

CATO Report on Data Mining and Terrorism

Definitely worth reading:

Though data mining has many valuable uses, it is not well suited to the terrorist discovery problem. It would be unfortunate if data mining for terrorism discovery had currency within national security, law enforcement, and technology circles because pursuing this use of data mining would waste taxpayer dollars, needlessly infringe on privacy and civil liberties, and misdirect the valuable time and energy of the men and women in the national security community.

Posted on December 13, 2006 at 1:38 PMView Comments

Major Privacy Breach at UCLA

Hackers have gained access to a database containing personal information on 800,000 current and former UCLA students.

This is barely worth writing about: yet another database attack exposing personal information. My guess is that everyone in the U.S. has been the victim of at least one of these already. But there was a particular section of the article that caught my eye:

Jim Davis, UCLA’s associate vice chancellor for information technology, described the attack as sophisticated, saying it used a program designed to exploit a flaw in a single software application among the many hundreds used throughout the Westwood campus.

“An attacker found one small vulnerability and was able to exploit it, and then cover their tracks,” Davis said.

It worries me that the associate vice chancellor for information technology doesn’t understand that all attacks work like that.

Posted on December 13, 2006 at 6:43 AMView Comments

Tracking People by their Sneakers

Researchers at the University of Washington have demonstrated a surveillance system that automatically tracks people through the Nike+iPod Sport Kit. Basically, the kit contains a transmitter that you stick in your sneakers and a receiver you attach to your iPod. This allows you to track things like time, distance, pace, and calories burned. Pretty clever.

However, it turns out that the transmitter in your sneaker can be read up to 60 feet away. And because it broadcasts a unique ID, you can be tracked by it. In the demonstration, the researchers built a surveillance device (at a cost of about $250) and interfaced their surveillance system with Google Maps. Details are in the paper. Very scary.

This is a great demonstration for anyone who is skeptical that RFID chips can be used to track people. It’s a good example because the chips have no personal identifying information, yet can still be used to track people. As long as the chips have unique IDs, those IDs can be used for surveillance.

To me, the real significance of this work is how easy it was. The people who designed the Nike/iPod system put zero thought into security and privacy issues. Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies. Not on purpose, not because they’re evil—just because it’s easier to ignore the externality than to worry about it.

Posted on December 12, 2006 at 1:11 PMView Comments

1 116 117 118 119 120 144

Sidebar photo of Bruce Schneier by Joe MacInnis.