Recently in Privacy Category

Senators Proposing a Mandatory Biometric National ID Card

By Kee Hinckley on March 9, 2010 8:28 AM | No Comments
At Walt Disney World biometric measurements ar...

Image via Wikipedia

What Lauren says is a good enough start, I'll simply refer you to his blog post.

Lauren Weinstein's Blog: "Your Papers, Please!" - Get Your Fingerprints Ready! Cross-Party Senate Alliance Pushing National ID Card http://j.mp/bBzApT

Greetings. According to the Wall Street Journal, U.S. Senate immigration reform advocates Chuck Schumer and Lindsey Graham are proposing a mandatory biometric (e.g. fingerprint-based) National ID Card system, and are attempting to brush away privacy concerns as trivial and irrelevant.

Related articles by Zemanta
Reblog this post [with Zemanta]

Can you trust your bulk mail provider's security?

By Kee Hinckley on February 1, 2010 5:41 PM | No Comments
Note: I heard back anonymously from a customer of iContact. Are they upset that all their customer's email addresses were stolen? Yes. But they aren't that worried about the impact, because they know that most of their customers will never realize that iContact or their company was the source of the leak. In other words, there is no incentive for bulk mail providers to improve security. An email address, particularly one associated with a particular set of services, is the means by which targeting spammers target phishing attacks. It's the key to password changes, bank accounts, and more. Why are the security standards for email any less than they are for credit cards?

Every time a web site asks me for an email address, I use a unique address that includes their domain name in it. This makes it very easy for me to track when a company either misbehaves, or their mailing list has been compromised. Of course, often the company sending me the mail is using a third-party email provider to deliver, and here's the dirty secret.

When your email provider's database gets broken into, and a spammer gets all of their customer emails? They don't necessarily tell you, the client. And they certainly don't bother telling the poor sucker whose email address was stolen.

Image representing AWeber Communications as de...

Image via CrunchBase

Case #1—AWeber
Starting December 2009, I began receiving spam to the address I use for the help-a-reporter service. I filed a report with their existing bulk mail provider, but got no response. It turned out that HARO had only recently switched to this provider, the real culprit was their previous email provider. A discussion with Adam Shankman led him to research the issue and find out (from an article on the internet!), that his previous email provider had been compromised and all of HARO's email addresses had been fed to spammers. AWeber's subscriber list had been compromised, and they had told none of their customers until they started getting complaints. 

Image representing iContact as depicted in Cru...

Image via CrunchBase

Case #2—iContact
Today I noticed three identical spam messages to three different custom email addresses. They were for the morrisonsoftdesign.com, fontgear.net and myhappyplanet.com. I went back and found that a) it had been going on for at least a few weeks and b) all three companies do, or have used icontact.com to deliver their mail (morrisonsoftdesign.com switched providers at some point). So in other words. If you have an account with morrisonsoftdesign.com, fontgear.net or myhappyplanet.com, or any other company that uses iContact, your email address has almost certainly been fed to the spammers. But don't blame the company you subscribed with, the culprit is iContact. Other iContact customers include  (according to their web site) Peach Running Co., West Race Cars, Pro Mom Couture and 58,654 other customers with 577,545 email addresses. Feel free to let them know what you think of their ineptitude.

spam.png
It's unconscionable that these companies are not notifying their own clients of data breaches, let alone the end-users who end up getting spammed. If any of them have a presence in California, it is probably also illegal.


Related articles by Zemanta

Some updates after a little more research.
A search shows that a few other people have noticed the iContact breach, but no news from the company itself.
iContact has a blog post in which they admit that people have complained, and they casually admit that "the subscriber email address is the only data affected" but they imply that it was limited to a small number of people, although the other reports make it clear that at least half a dozen customers (with thousands of addresses) were impacted.


Reblog this post [with Zemanta]

Information is the Currency of the Past Too

By Kee Hinckley on March 22, 2008 11:07 PM | No Comments
My father's words teach me not to write or share all information about my people, my family, my life. It is not wise to divulge all knowledge, for once given, it no longer is ours. We protect our lives by not giving information. It is one method of survival.
Diane Bird, Santa Domingo Pueblo
from part of a presentation in the Santa Fe Museum of ???

I came upon those words at a museum exhibit in Santa Fe shortly after visiting the Taos Pueblo. If you read the history of the Pueblo people you realize that this is a truth that they have known for hundreds of years. Long before the "information age," the Pueblo people knew that their knowledge was the key to their survival against intruders. Later in the week we visited Mesa Verde, once home to Anasazi ("ancient ones"). Our guide was Pueblo, and he happily detailed all of the anthropological theories about who the Anasazi were, how they lived, and what they used the various rooms for. But ask him for his own theories, as someone who grew up in a home very much like this one, with the same construction, the same kivas, the same ancestors, and he would shake his head, tap his brow, and say only, "Think about it. These were people like you and me. What would you do?". Information is not something to be handed out freely; then or now.

Originally published in my Buzz 'zine on commons.somewhere.com, August 23, 1998.

Wiretapping: Is it Worth the Cost?

By Shireen Hinckley on March 20, 2008 11:05 AM | No Comments
This paper was written for my 10th grade English class. We were given a choice of topics and allowed to argue either side. We researched the topics and made notes, but the final paper had to be written in class, which left no time for proof-reading or editing down. There was a problem with the file server, so I was unable to save my paper. This version was scanned in from the printed copy, and may have additional errors as a result.

Shireen Hinckley
Waddell/E Block

Wiretapping: Is it Worth the Cost?

Although the government often thinks that they know the best way to deal with threats, deciding to take the entirety of the problem into their own hands, this can often lead to more trouble than anticipated. The United States was set up by our founding fathers with checks and balances, and recently, these have been ignored for the cause to fight terrorism. As Bruce Schneier said, "Terrorism is a serious risk to our nation, but an even greater threat is the centralization of American political power in the hands of any single branch of the government. Over 200 years ago, the framers of the U.S. Constitution established an ingenious security device against tyrannical government: they divided government power among three different bodies... Since 9/11, the United States has seen an enormous power grab by the executive branch."(3) The executive branch responded to a terrorist attack by exciting the American public, and making them even more terrified by exagerrating the situation. Through manipulating this fear, the government was able to pass laws and form secret orginizations that before, would never have been sanctioned. One of these was permitting close surveillance of the American public, including wiretapping. Their excuse for this was saying that it would aid greatly in finding and capturing terrorists, and give the people more security. Uncontrolled wiretapping hurts security by providing too much unfocused information; leading to the arrest of innocent people, taking away constitutional rights, drawing resources away from focused investigations, and creating opportunities for abuse and corruption.

Too much unfocused information leads to arrests of unassociated, innocent people and through manipulating paranoia, the government takes away basic constitutional rights. Although government officials claim that wiretapping helps find terrorist workers all over the country, in reality it is messy and inefficient. As Schneier said in "Uncle Sam is Listening, the technology works similar to a vacuum cleaner, "sucking up a staggering amount of voice, fax, and data communications... from all over the world: an estimated 3 billion communications per day. These communications are then processed through... data-mining technologies, which look for simple phrases like 'assassinate the president"(9) These simple phrases will get caught up in casual emails or conversations and can put any innocent American citizen on the suspect list. This limits our rights of free speech and press. Many people do not care that the government is watching their every move, saying that they have "nothing to hide." This innocence cannot save a victim once he has arrested for terrorism, because the government throws out all normal procedure for criminals, such as a phone call or a trial. This was the case of Canadian software engineer Maher Arar, who also holds a Syrian citizenship. Arar, while switching flights in New York to return to Ottawa from Damascus, was detained in JFK airport in Brooklyn as a presumed Al Qaeda terrorist, and then sent to Syria where he was tortured for 10 months. "Arar, who denies any terror links and was never charged with a crime, charges the US government with violating the Torture Victim Protection Act and his Fifth Amendment right to due process."(7) Although Both the Canadian and Syrian governments now say Arar has nothing to do with Al Qaeda, or any other terrorist group, the US government it still adamant with its accusation, although it has presented no proof to the court. Arar was even named by the Canadian edition of Time Magazine as the "Newsmaker of the year," calling him "a symbol of how fear and injustice have permeated life in the West since 9/11 ."(7) His case is not the only one that accuses the US government of illegal workings; the Electronic Frontier Foundation filed a lawsuit against AT&T on January 31, 2006, accusing them collaborating with the National Security Agency. This program's purpose was to wiretap Americans' communications without court oversight; violating the law and the privacy of its customers. These actions were in infringing the privacy safeguards established by Congress and the U.S. Constitution. Evidence soon revealed that the surveillance began before September of 2001, giving NSA no right to claim they were searching for terrorists, as it was not a valid threat at that time. "EFF 's case includes undisputed evidence that AT&T installed a fiberoptic splitter at its facility... in San Francisco that made copies of all emails, web browsing and other internet traffic to and from AT&T customers, and provided those copies to the NSA."(6) When the government and AT&T attempted to dismiss the case on the basis of state secrets, they were rejected, the judge saying, "the compromise between liberty and security remains a difficult one. But dismissing this case at the outset would sacrifice liberty for no apparent enhancement of security." (6) The American public was violated and no amount of security is worth that destruction of privacy. The government cannot be trusted to always do right, as it is not run by supernatural beings. They too will make mistakes as with Arar. The more power the government has, the more they can misuse that power, and the bigger the mistakes can get.

Needless wiretapping and surveillance techniques cause more harm than good by drawing resources away from focused investigations and creating mistrust of the judicial system. The United States is not the only country wiretapping its people. After September 11th, other countries made similar precautions, such as Germany. Niels Sorrells explained the situation in Germany in "German Tap Lessons" saying, "German authorities cannot point to a single successful prosecution of a terror suspect identified from... blind wiretaps. The colossal volume of information produced from tens of thousands of these taps often obscures real threats, while dead ends are pursued. Authorities quite simply do not have the time to listen to and process it all. In the one case in which such surveillance was used to detect a terror plot... the authorities-thanks to old-fashioned investigative methods-already knew the identities of the... plotters. It's hardly a ringing endorsement for the kind of all-encompassing, warrantless surveillance that the United States government wants its citizens to accept. (4) Many times, rather than surveillance techniques aiding in investigations, it jeopardizes them. When certain laws are overlooked or broken, there are eventually consequences. Discoveries concerning organizations such as the NSA make many people question the true motives of other wiretapping programs that are supposedly put there to fight terrorism. "In criminal cases that can put terrorists behind bars, judges now have to worry that evidence was based on illegal wiretaps. Evidence might be excluded or convictions overturned."(8) Courts often do not know when to believe the government when it says where evidence has come from, and in numerous cases the government refuses to reveal even that, claiming it is a matter of national security, as they did in the case with Maher Arar. Judges who believe in the rule of law may feel obligated to be stricter with the government when they cannot trust its statements. This mistrust leads to lack of cooperation and less efficient trials, hindering the prosecution of terrorists rather than helping it. Not only does wiretapping hinder prosecution of terrorists, it wastes valuable investigative resources. "A January 17 story in the New York Times highlighted the huge amount of time and resources devoted to the program, apparently with minimal results. In the days after 9/11, the FBI decided to follow up on every lead... Long lists of phone numbers continued to be generated by the NSA program, however. According to a senior prosecutor: 'It affected the F.B.I. in the sense that they had to devote so many resources to tracking every single one of these leads, and, in my experience, they were all dry leads. "'(8) Even after September 11th, "the N.S.A. material continued to be viewed as unproductive, prompting agents to joke that a new bunch of tips meant more calls to Pizza Hut."(8) Although the government tries to convince the American people that their surveillance techniques are helpful to finding terrorists, the chance is one in a million. They are wasting resources and money chasing ghosts and dead ends, rarely finding any plausible suspects.

Opportunities for abuse and corruption arise when the government suddenly has the ability to retrieve boundless information on any individual. The Pentagon Papers during the Vietnam War made the government have to quickly cover its tracks by weakening the man who distributed them in the eyes of the public. Daniel Ellsberg turned himself in to the FBI, and the administration saw this as an opportunity to weaken the Democratic party. President Nixon decided the only way they could make Ellsberg and the Democratic party weaker was to leak damaging information to the press. The project was named the "plumbers" and their goal was to do surveillance on Democratic members of the government and collect information illegally that could potentially damage their reputation and prestige. On September 3, 1971, under orders from the White House, the "plumbers" burglarized the office of Daniel Ellsberg's psychiatrist, Dr. Lewis Fielding. Because of the resources the administration had at their fingertips, they were able to manipulate the power they had in order to hurt Ellsberg's reputation and claims in court. The burglary and other unlawful surveillance activities were discovered, and Ellsberg was let go on account "unprecedented' government misconduct" which had "incurably infected the prosecution of [the] case. (5) President Nixon complained; "the sonofabitching thief is made a national hero and is going to get off on mistrial. And the New York Times gets a Pulitzer Prize for stealing documents... What in the name of God have we come to? (5) With the power the American people give to the government, they can manipulate it to serve their own ends. They have the ability to incriminate any individual, never getting caught. The United States government is not the only thing that would be able to manipulate wiretapping and surveillance technologies. In fact, the very people that they were supposed to protect against are able to employ it, using it for their own means. In Greece, this is exactly what had happened; "Unknowns tapped the mobile phones of about 100 Greek politicians and offices, including the U.S. embassy in Athens and the Greek prime minister" and later evidence revealed that the criminals actually used the code that was designed into the system; "It's [the] eavesdropping code [that was] put into the system for the police. The attackers managed to bypass the authorization mechanisms of the eavesdropping system, and activate the 'lawful interception' module in the mobile network. They then redirected about 100 numbers to 14 shadow numbers they controlled."2 This code was put into place to search for these terrorists, and they managed to manipulate it to serve their own means. Installing these wiretapping devices harmed the government rather than helped it, and caused more problems than there was originally.

The administration and executive power has taken too much power and ignored the judicial checks that our founding fathers put into place two hundred years ago, and as Richard Posner said, "The government has a conflict of interest, because its paramount duty is to protect national security. If it could be trusted to hold national security and civil liberties concerns in perfect equipoise, there would be no need for judicial checks"(1). They are able to toss aside the Constitution, violating American's basic rights of free speech and press, and cannot be stopped or slowed. Should the government have uncontrolled power over wiretapping and surveillance? No. This power would detrimentally harm the American public, and cause grabs for power and control that would completely disrupt the balance of democracy, and throw the ideals of American into oblivion.

Bibliography

  1. Posner, Richard A. Not a Suicide Pact: The Constitution in a Time of National Emergency New York: Oxford UP, 2006.
  2. Schneier, Bruce. "More on Greek Wiretapping." Bruce Schneier. 1 Mar. 2006. 21 Jan. 2008 <http://www.schneier.com/blog/archives/2006/03/more_on_greek_w.html>
  3. Schneier, Bruce. "NSA and Bush's Illegal Eavesdropping." Bruce Schneier. 20 Dec. 2005. 21 Jan 2008. <http://www.schneier.com/blog/archives/2005/12/nsa_and_bushs_i.html>
  4. Sorrells, Niels C. "German Tap Lessons." Foreign Policy. Sept. 2006. 21 Jan. 2008 <http://www.foreignpolicy.com/index.php>
  5. Stone, Geoffrey R. Perilous Times Free Speech in Wartime. New York: W.W. Norton & Company, 2004.
  6. Hepting Resources." EFF Electronic Frontier Foundation Electronic Frontier Foundation. 21 Jan. 2008 <http://www.eff.org/nsa/hepting>
  7. Regan,Tom. "Canadian Sent to Syria Sues US Over Rendition Policy." The Christian Science Monitor. 11 Aug. 2005. 21 Jan. 2008 <http://www.csmonitor.com/2005/0811/dailyUpdate.html>
  8. Swire, Peter. "Legal FAQs on NSA Wiretaps." Domestic and Economy 26 Jan. 2006. Center for American Progress. 21 Jan. 2008 <http://www.americanprogress.org/issues/2006/01/b1389573.html>
  9. Schneier, Bruce. "Uncle Sam is Listening." Bruce Schneier. 20 Dec. 2005. 21 Jan. 2008 <http://www.schneier.com/essay-100.html>

When Mom or Dad Asks To Be a Facebook 'Friend'

By Kee Hinckley on March 10, 2008 2:23 PM | 2 Comments
The New York Times Washington Post has an amusing article on parents joining face book. I've been through a number of the situations that they mention there. Both of my daughters are my Facebook friends, and some of their friends have friended me as well. On the other hand, my younger daughter has refused to accept my "friend" request on MySpace. the problem with cross-generational "friending" isn't restricted to children complaining about their parents. There is also the problem of parents who would like to keep some of their activities somewhat private from their children. Until Facebook adds support for multiple separate personas, both parents and children have to be careful about what applications and other information they make available to whom.

Swiss Bank Julius Baer has dropped their suit against Wikileaks.

By Kee Hinckley on March 6, 2008 7:24 AM | No Comments

Swiss Bank Julius Baer has dropped their suit against Wikileaks. Link. See my previous coverage here and here.

Presumably they realized that a) this wasn't going to be a quick "shut them up while we go public" suit, b) it wasn't going to work anyway and c) it was making matters much, much worse.

A good rule of thumb for people who have embarrassing information about themselves posted on the internet. Feel free to try and clear it up quietly. But don't make a public fuss. No matter how bad you think the situation is, it can always get worse. And if you make it a public issue, it will get worse.

Wikileaks Judge Realizes Error

By Kee Hinckley on February 29, 2008 8:34 PM | No Comments

When I first reported on this, it had only shown up in The Guardian, but now it's all over the mainstream press, so following up seems a bit pointless, but I'll should wrap it up here anyway.

Judge Jeffrey White may not have understood the consequences of what he was doing at the time, but he was not oblivious to the press coverage nor, fortunately, the constitutional questions that were raised; you can't go around shutting down publishers just because they published information that they (possibly) shouldn't have.

"There are serious questions of prior restraint and possible violations of the First Amendment," White ruled from the bench in his San Francisco courtroom. - Reuters via New York Times.

The case had rapidly escalated, with serious questions raised about whether Wikileaks had sufficient notice, whether Baer was being fully forthcoming about the situation, and even whether the Court had jurisdiction. In addition, by the time the judge decided to hold a hearing on the matter, the big guns were out in strength, with Public Citizen, the California First Amendment Coalition, ACLU, Project on Government Oversight and the EFF all weighing in.

One thing is very clear; if Baer wanted to keep their documents secret, they seriously miscalculated. Pre-blogging days you might have been able to stifle a source and assume that the complaints (if any) would come long after you stopped caring (the company is preparing a public stock offering). Instead, they saw the entire process play out in less than ten days. And those documents they wanted out of the public eye? They've been read, seen or at least heard of by hundreds of thousands of people who had never even heard of a banking group called "Julius Baer." True or not, the company's name is now indelibly associated with Cayman Islands money laundering.

But I'm sure Wikileaks appreciates the publicity.

The Siegelman Conviction as a Lesson About a Surveillance Society

By Kee Hinckley on February 26, 2008 9:31 AM | No Comments

I really hadn't been following any of this, and I'm not big on conspiracy theories (no, not even when they involve Karl Rove (as featured on the new depleted uranium half-gallon coin)). Also, it was a bribery case, and that would seem to be relatively straightforward, right? More on that after the fold. First the highlights.

Did Ex-Alabama Governor Get A Raw Deal? CVS News

60 Minutes Reports On Bribery Conviction Of Don Siegelman In A Case Criticized by Democrats And Republicans

Is Don Siegelman in prison because he’s a criminal or because he belonged to the wrong political party in Alabama? Siegelman is the former governor of Alabama, and he was the most successful Democrat in that Republican state. But while he was governor, the U.S. Justice Department launched multiple investigations that went on year after year until, finally, a jury convicted Siegelman of bribery.

Now, many Democrats and Republicans have become suspicious of the Justice Department’s motivations. As correspondent Scott Pelley reports, 52 former state attorneys-general have asked Congress to investigate whether the prosecution of Siegelman was pursued not because of a crime but because of politics.

The article goes on to describe how the key witness says he saw the Governor meet with Richard Scrushy, and come out of the meeting with a check for the lottery foundation, and detail a promise to give the man a seat on a particular board. The Governor is now serving seven years in jail. But then things get fuzzy. People come forward and talk about how the Governor was targeted. There was no specific indication of any crime—they were just fishing for evidence with subpoenas. He was the only powerful Democrat in a Republican dominated state. An AGs going after him was the campaign manager for Siegelman's opponent, another the wife of a Karl Rove assistant. They didn't recuse themselves until pressed by the defense, well into the case.

“They started over. People started getting subpoenas that had never gotten subpoenas before, for testimony, for records. The governor's brother, his bank records started getting subpoenaed. The net was cast much wider than had ever been cast before,” Jones says.

“You know, on the other hand, what's wrong with the Department of Justice vigorously investigating a case if they think there is an indictment to be made on public corruption charges?” Pelley asks.

“Well, you still have to investigate crimes, not people. It undermines the entire system of justice because at that point anybody can be a target. Any prosecutor can look across the table and say, ‘You know what? I just don't like you,’” Jones says.

In this new investigation, prosecutors zeroed in on that vivid story told by Siegelman’s aide, Nick Bailey, who said he saw the governor with a check in his hand after meeting Richard Scrushy. Trouble was, Bailey was wrong about the check, and Siegelman’s lawyer says prosecutors knew it.

“They got a copy of the check. And the check was cut days after that meeting. There was no way possible for Siegelman to have walked out of that meeting with a check in his hand,” Jones explains.

“That would seem like a problem with the prosecution's case,” Pelley remarks.

“It was a huge problem especially when you've got a guy who's credibility was going to be the lynch pin of that case. It was a huge problem,” Jones says.

And there was another problem with the prosecutor’s star witness: Nick Bailey was a crook. Unknown to Siegelman, Bailey had been extorting money from Alabama businessmen. Facing ten years in prison, Bailey agreed to cooperate with prosecutors to get a lighter sentence.

60 Minutes went to talk to Bailey. The Justice Department wouldn’t let our cameras into the prison, but we met with him for hours.


Bailey told 60 Minutes that before the Siegelman trial, he spoke to prosecutors more than 70 times, and he admitted that during those conversations he had trouble remembering details. He told 60 Minutes the prosecutors were so frustrated, they made him write his proposed testimony over and over to get his story straight.

If Bailey’s telling the truth, his notes, by law, should have been turned over to the defense. But Siegelman’s lawyers tell 60 Minutes they never saw any such notes and never had a chance to show the jury just how much Bailey’s story had changed.

Article pointer courtesy of Dave Winer.

So, the date on the check doesn't match the story, and the story-teller admits his memory needed prodding. That doesn't sound good at all. But unless those missing notes surface, there doesn't seem to be much hope of a re-trial.

Two points to take away.

  • "Bribery," particularly in politics, is distinguishable from "campaign donation" only by intent and timing. The former is virtually impossible to determine, and the latter is easily faked. There's not a lot that can be done about that fact, and it's why politicians need to make such an effort to avoid even the appearance of impropriety. (Unfortunately, some of them get so focused on "appearance" that they forget they are supposed to avoid the "actual" impropriety as well.)
  • Anybody can be appear guilty if you monitor everything they do, particularly if the folks doing the monitoring are selective about what they disclose. This is of course especially true of politicians, but it's also true of you and me. And it's a very good response to people who are willing to give up their privacy to the Government because they have nothing to hide. The issue isn't what you've done—it's what you might appear to have done.

« Politics | Main Index | Archives | Science »

About this Archive

This page is an archive of recent entries in the Privacy category.

Politics is the previous category.

Science is the next category.

Find recent content on the main index or look in the archives to find all content.

Subscribe via Reader

 Subscribe to TechnoSocial

Subscribe via Email

Enter your email address:

Delivered by FeedBurner

Tag Cloud

About Me

I'm the CEO/CTO of Somewhere, Inc., a company building a unified social networking layer that gives people the means to track their friends across multiple social networks.

Categories

Creative Commons License
This blog is licensed under a Creative Commons License.

Search

Lijit Search

Recent Entries

Archives