Entries Tagged "privacy"
Page 121 of 145
Airline Passenger Profiling for Profit
I have previously written and spoken about the privacy threats that come from the confluence of government and corporate interests. It’s not the deliberate police-state privacy invasions from governments that worry me, but the normal-business privacy invasions by corporations—and how corporate privacy invasions pave the way for government privacy invasions and vice versa.
The U.S. government’s airline passenger profiling system was called Secure Flight, and I’ve written about it extensively. At one point, the system was going to perform automatic background checks on all passengers based on both government and commercial databases—credit card databases, phone records, whatever—and assign everyone a “risk score” based on the data. Those with a higher risk score would be searched more thoroughly than those with a lower risk score. It’s a complete waste of time, and a huge invasion of privacy, and the last time I paid attention it had been scrapped.
But the very same system that is useless at picking terrorists out of passenger lists is probably very good at identifying consumers. So what the government rightly decided not to do, the start-up corporation Jetera is doing instead:
Jetera would start with an airline’s information on individual passengers on board a given flight, drawing the name, address, credit card number and loyalty club status from reservations data. Through a process, for which it seeks a patent, the company would match the passenger’s identification data with the mountains of information about him or her available at one of the mammoth credit bureaus, which maintain separately managed marketing as well as credit information. Jetera would tap into the marketing side, showing consumer demographics, purchases, interests, attitudes and the like.
Jetera’s data manipulation would shape the entertainment made available to each passenger during a flight. The passenger who subscribes to a do-it-yourself magazine might be offered a video on woodworking. Catalog purchase records would boost some offerings and downplay others. Sports fans, known through their subscriptions, credit card ticket-buying or booster club memberships, would get “The Natural” instead of “Pretty Woman.”
The article is dated August 21, 2006 and is subscriber-only. Most of it talks about the revenue potential of the model, the funding the company received, and the talks it has had with anonymous airlines. No airline has signed up for the service yet, which would not only include in-flight personalization but pre- and post-flight mailings and other personalized services. Privacy is dealt with at the end of the article:
Jetera sees two legal issues regarding privacy and resolves both in its favor. Nothing Jetera intends to do would violate federal law or airline privacy policies as expressed on their websites. In terms of customer perceptions, Jetera doesn’t intend to abuse anyone’s privacy and will have an “opt-out” opportunity at the point where passengers make inflight entertainment choices.
If an airline wants an opt-out feature at some other point in the process, Jetera will work to provide one, McChesney says. Privacy and customer service will be an issue for each airline, and Jetera will adapt specifically to each.
The U.S. government already collects data from the phone company, from hotels and rental-car companies, and from airlines. How long before it piggy backs onto this system?
The other side to this is in the news, too: commercial databases using government data:
Records once held only in paper form by law enforcement agencies, courts and corrections departments are now routinely digitized and sold in bulk to the private sector. Some commercial databases now contain more than 100 million criminal records. They are updated only fitfully, and expunged records now often turn up in criminal background checks ordered by employers and landlords.
The Death of Ephemeral Conversation
The political firestorm over former U.S. Rep. Mark Foley’s salacious instant messages hides another issue, one about privacy. We are rapidly turning into a society where our intimate conversations can be saved and made public later. This represents an enormous loss of freedom and liberty, and the only way to solve the problem is through legislation.
Everyday conversation used to be ephemeral. Whether face-to-face or by phone, we could be reasonably sure that what we said disappeared as soon as we said it. Of course, organized crime bosses worried about phone taps and room bugs, but that was the exception. Privacy was the default assumption.
This has changed. We now type our casual conversations. We chat in e-mail, with instant messages on our computer and SMS messages on our cellphones, and in comments on social networking Web sites like Friendster, LiveJournal, and MySpace. These conversations—with friends, lovers, colleagues, fellow employees—are not ephemeral; they leave their own electronic trails.
We know this intellectually, but we haven’t truly internalized it. We type on, engrossed in conversation, forgetting that we’re being recorded.
Foley’s instant messages were saved by the young men he talked to, but they could have also been saved by the instant messaging service. There are tools that allow both businesses and government agencies to monitor and log IM conversations. E-mail can be saved by your ISP or by the IT department in your corporation. Gmail, for example, saves everything, even if you delete it.
And these conversations can come back to haunt people—in criminal prosecutions, divorce proceedings or simply as embarrassing disclosures. During the 1998 Microsoft anti-trust trial, the prosecution pored over masses of e-mail, looking for a smoking gun. Of course they found things; everyone says things in conversation that, taken out of context, can prove anything.
The moral is clear: If you type it and send it, prepare to explain it in public later.
And voice is no longer a refuge. Face-to-face conversations are still safe, but we know that the National Security Agency is monitoring everyone’s international phone calls. (They said nothing about SMS messages, but one can assume they were monitoring those too.) Routine recording of phone conversations is still rare—certainly the NSA has the capability—but will become more common as telephone calls continue migrating to the IP network.
If you find this disturbing, you should. Fewer conversations are ephemeral, and we’re losing control over the data. We trust our ISPs, employers and cellphone companies with our privacy, but again and again they’ve proven they can’t be trusted. Identity thieves routinely gain access to these repositories of our information. Paris Hilton and other celebrities have been the victims of hackers breaking into their cellphone providers’ networks. Google reads our Gmail and inserts context-dependent ads.
Even worse, normal constitutional protections don’t apply to much of this. The police need a court-issued warrant to search our papers or eavesdrop on our communications, but can simply issue a subpoena—or ask nicely or threateningly—for data of ours that is held by a third party, including stored copies of our communications.
The Justice Department wants to make this problem even worse, by forcing ISPs and others to save our communications—just in case we’re someday the target of an investigation. This is not only bad privacy and security, it’s a blow to our liberty as well. A world without ephemeral conversation is a world without freedom.
We can’t turn back technology; electronic communications are here to stay. But as technology makes our conversations less ephemeral, we need laws to step in and safeguard our privacy. We need a comprehensive data privacy law, protecting our data and communications regardless of where it is stored or how it is processed. We need laws forcing companies to keep it private and to delete it as soon as it is no longer needed.
And we need to remember, whenever we type and send, we’re being watched.
Foley is an anomaly. Most of us do not send instant messages in order to solicit sex with minors. Law enforcement might have a legitimate need to access Foley’s IMs, e-mails and cellphone calling logs, but that’s why there are warrants supported by probable cause—they help ensure that investigations are properly focused on suspected pedophiles, terrorists and other criminals. We saw this in the recent UK terrorist arrests; focused investigations on suspected terrorists foiled the plot, not broad surveillance of everyone without probable cause.
Without legal privacy protections, the world becomes one giant airport security area, where the slightest joke—or comment made years before—lands you in hot water. The world becomes one giant market-research study, where we are all life-long subjects. The world becomes a police state, where we all are assumed to be Foleys and terrorists in the eyes of the government.
This essay originally appeared on Forbes.com.
Swiss Police to Use Trojans for VoIP Tapping
At least they’re thinking about it:
Swiss authorities are investigating the possibility of tapping VoIP calls, which could involve commandeering ISPs to install Trojan code on target computers.
VoIP calls through software services such as Skype are encrypted as they are passed over the public Internet, in order to safeguard the privacy of the callers.
This presents a problem for anyone wanting to listen in, as they are faced with trying to decrypt the packets by brute force—not easy during a three-minute phone call. What’s more, many VoIP services are not based in Switzerland, so the authorities don’t have the jurisdiction to force them to hand over the decryption keys or offer access to calls made through these services.
The only alternative is to find a means of listening in at a point before the data is encrypted.
[…]
In order to install the application on the target computer, the Swiss authorities
envisage two strategies: either have law enforcement surreptitiously install it locally, or have the telco or ISP which provides Internet access to that computer install it remotely.The application, essentially a piece of Trojan code, is also able to turn on the microphone on the target PC and monitor not just VoIP conversations, but also any other ambient audio.
RFID Tagging People at Airports
How’s this for a dumb idea? Tagging passengers at airports. That’s all passengers.
EDITED TO ADD (10/13): Ross Anderson said this to me in e-mail: “The real reason for wanting to tag airline passengers is that when people check bags but don’t turn up for the flight in time, the bags have to be unloaded, causing expensive delays.” Interesting analysis.
Fukuyama on Secrecy
From the New York Times:
All new threats entail huge uncertainties. Then, as now, there was a pronounced tendency to assume the worst, and for the government to claim enormous discretion in protecting the American public. The Bush administration has consistently argued that it needs to be protected from Congressional oversight and media scrutiny. An example is the National Security Agency’s warrantless surveillance of telephone traffic into and out of the United States. Rather than going to Congress and trying to negotiate changes to the law that regulates such activities, the administration simply grabbed that authority for itself, saying, in effect, “Trust us: if you knew what we know about the threat, you’d be perfectly happy to have us do what we’re doing.” In other areas, like the holding of prisoners in Guantanamo and interrogation methods used there and in the Middle East, one can only quote Moynihan on an earlier era: “As fears of Communist conspiracies and German subversion mounted, it was the U.S. government’s conduct that approached the illegal.”
Even if we do not at this juncture know the full scope of the threat we face from jihadist terrorism, it is certainly large enough to justify many changes in the way we conduct our lives, both at home and abroad. But the American government does have a track record in dealing with similar problems in the past, one suggesting that all American institutions—Congress, the courts, the news media—need to do their jobs in scrutinizing official behavior, and not take the easy way out of deferring to the executive. Past experience also suggests that the government would do far better to make public what it knows, as well as the limits of that knowledge, if we are to arrive at a balanced view of the challenges we face today.
Google's Code Search Feature
You can use it to find usernames and passwords, confidential code, buffer overflows, and all sorts of other things. (Another news story here.)
EDITED TO ADD (10/10): More info.
Schneier Lecture "The Future of Privacy"
Last Wednesday I gave a lecture on “The Future of Privacy” at the University of Southern California. The audio is online.
Dying with your Passwords
Interesting story on the risks of dying without telling anyone your computer passwords.
Faulty Data and the Arar Case
Maher Arar is a Syrian-born Canadian citizen. On September 26, 2002, he tried to fly from Switzerland to Toronto. Changing planes in New York, he was detained by the U.S. authorities, and eventually shipped to Syria where he was tortured. He’s 100% innocent. (Background here.)
The Canadian government has completed its “Commission of Inquiry into the Actions of Canadian Officials in Relation to Maher Arar,” the results of which are public. From their press release:
On Maher Arar, the Commissioner comes to one important conclusion: “I am able to say categorically that there is no evidence to indicate that Mr. Arar has committed any offence or that his activities constitute a threat to the security of Canada.”
Certainly something that everyone who supports the U.S.’s right to detain and torture people without having to demonstrate their guilt should think about. But what’s more interesting to readers of this blog is the role that inaccurate data played in the deportation and ultimately torture of an innocent man.
Privacy International summarizes the report. These are among their bullet points:
- The RCMP provided the U.S. with an entire database of information relating to a terrorism investigation (three CDs of information), in a way that did not comply with RCMP policies that require screening for relevance, reliability, and personal information. In fact, this action was without precedent.
- The RCMP provided the U.S. with inaccurate information about Arar that portrayed him in an infairly negative fashion and overstated his importance to a RCMP investigation. They included some “erroneous notes.”
- While he was detained in the U.S., the RCMP provided information regarding him to the U.S. Federal Bureau of Investigation (FBI), “some of which portrayed him in an inaccurate and unfair way.” The RCMP provided inaccurate information to the U.S. authorities that tended to link Arar to other terrorist suspects; and told the U.S. authorities that Arar had previously refused to be interviewed, which was also incorrect; and the RCMP also said that soon after refusing the interview he suddenly left Canada for Tunisia. “The statement about the refusal to be interviewed had the potential to arouse suspicion, especially among law enforcement officers, that Mr. Arar had something to hide.” The RCMP’s information to the U.S. authorities also placed Arar in the vicinity of Washington DC on September 11, 2001 when he was instead in California.
Judicial oversight is a security mechanism. It prevents the police from incarcerating the wrong person. The point of habeas corpus is that the police need to present their evidence in front of a neutral third party, and not indefinitely detain or torture people just because they believe they’re guilty. We are all less secure if we water down these security measures.
Sidebar photo of Bruce Schneier by Joe MacInnis.