I have long said that data rape is the second leading cause of identity theft problems. Most companies have no legitimate need to store your credit card numbers at all after the transaction is completed which may be why Minnesota is now banning the practice of storing credit card information. The only problem here is that they put an arbitrary date on it instead of having it be "after the transaction is complete". This is a problem for some retailers that may not be able to process the transactions in 2 days or less, but it's still a pretty good start.

Besides being annoying and costing you money, errors at RFID toll booths can get you into all kinds of interesting spots. One girl was refused a job for having 30 outstanding tickets for going through the pass in her jeep without paying. The problem is, she's never owned or driven a jeep.

Is anyone surprised by this?

Refusing to cancel someone's account is a very bad thing (and probably illegal). However, cancelling your account can be a fight that you're not prepared to handle.

In case you didn't know this already, companies are structured to put enormous pressure their representatives to keep you from cancelling at all costs.

If you are a typical call center worker - unskilled, uneducated, living paycheck to paycheck off a generally low-pay and no-benefit job, being constantly driven by management to retain customers - what do you do when your numbers are low for the month: cancel Suzy Q.'s account and risk being fired, or sweep it under the table and be able to pay for your kids' school clothes? After all, if you call back tomorrow to see if the account's really cancelled, chances are this customer will reach a different CSR. Chances are, this call isn't one of the three or four calls a month that is actually monitored by someone. Chances are indeed very good that there will be absolutely no consequence to not canceling this customer's account, but there will definitely be a consequence if the account is actually cancelled.
You canceling your ISP's internet service or your magazine subscription is a very small matter to you. But it is a critical matter of employment to the CSR. Under such pressures, created by greedy companies, who can be surprised that "mistakes" are made.

The real villains here are the companies who aren't gusty enough to tell their call center people to do things illegally and immorally, but structure their centers in such a way to make it as likely as possible.

California did an audit on three of the major e-voting products and found them all to be seriously lacking.

To keep a long story short, my view on this is simply: how does a company release products this bad for something this important and not expect it to blow up in their face? Every state that has used these machines should sue Diabold etc.

This is really bad. Attempting to rob a store, I understand, but attempting Copyright Infringement? What if you plan to use someone's copyrighted work in a demonstration thinking that's covered under fair use and order some posters, but the shop reports you for "attempted copyright infringement" and has you thrown in jail.

Maybe it doesn't really work this way and someone who's read the bill in detail can add more data, but it seems to me that it would be too easy to qualify as an "attempted copyright infringer".

In case you haven't been paying attention, kids are just as likely to be ID theft victims as adults, even more so. Because they don't have any regular financial activity and no one would ever think to get a credit report for their kids (since they shouldn't have one), the theft can go on for much longer without detection.

Someone suggested that Google could save a lot of energy around the world if they used black as their background color (because white is the most intense color that a monitor can produce where black is the absense of light). So some company created Blackle (which is powered by Google though not RUN by Google).

Their "about" page says that they're all about saving electricity and being green, but I'm wondering if they don't modify the ads that you see thus making their focus about a completely different kind of green…

Here's a great summary of both deep packet inspection and net neutrality and why they're important. The short of it is that if a company can inspect your internet packets, they can figure out what you're doing. This lets them charge more for certain types of traffic than others.

The companies will be able to use their vast resources of technical and number crunching experts to find the best way to nickel and dime you while keeping you from getting just angry enough to do anything about it. If you can't imagine what this would be like, think of how Internet service is charged on cell phones now (per minute, or by over-all download) or remember what it was like before AOL changed the landscape by going to unlimited access for a single monthly fee (which was a major reason many people started to use the Internet).

History shows that people don't like having to worry about how they use a service and what the charges will be. Who has the time? What if every cable channel was unlocked and you get charged by how long you stay on any station, but you don't know what the fees are (sure they're in an agreement or pricelist somewhere, but you don't memorize these things). That's pretty much what the Internet will be like if Net Neutrality doesn't pass.

It's interesting how knowing the basic purpose behind the ad can help you prevent any manipulative attempts they make. It's a lot like watching a horror movie with the sound off. You completely destroy the maker's ability to control your response.

Be sure to check the link for the commentary and sample ads, but here's the abbreviated version:

1. The "Demo" - The only purpose of this ad is to show you how a product is used.
2. The "Demonstrate the problem" - Shows you a problem or need and the solution (their product of course).
3. The "Problem Analogy" - An exagerated demonstration of the problem. Example: someone who has turned into a giant nose (alergies) who then becomes normal after taking medication.
4. The "Comparison" - Explaining why their product is better than a competitor's.
5. The "Exemplary Story" - Tells a story about a situation where you'd need their product. Think Onstar (who I hate for this reason)
6. The "Benefit Causes Story" - Because of a product feature, a funny or interesting story happens. Usually, the event happens and the product benefit is the punchline. Example: street is crowded, riot police show up, national guard comes in, but it's just because everyone is checking out the new Lexus parked there.
7. The "Testimonial" - A "friend" or demonstrator says why they use/recommend this product.
8. The "Ongoing Character/Celebrity" - Think Mr. Clean, The Kool Aid Man, and the author's favorite (one of mine too), the Geico Cavemen
9. The "Benefit Analogy" - Like the problem analogy, but the exaggerated picture or situation is related to the benefit this time. Example, mosquito repellant demonstrated by laser guided turrets protecting your lawn area by shooting down incoming insects.
10. The "Associated User Imagry" - Show people that you want to be like with your product. Sports sponsors generally fit this profile. "Be like Mike, just do it! Nike."
11. The "Unique Personality Property" - Demonstrates something unique about THIS particular product that makes it stand out from competitors. Now this one makes perfect sense. Entire marketing campaigns have been launched on a single feature that makes something stand out.
12. The "Parody or Borrowed Format" - Making fun of another ad, situation, TV or Movie.

I would add one to the list though:

1. The "Doesn't mean anything" - There's no point to this commercial other than to be comical and make you have positive feelings about the brand. Think, Taco Bell Chihuahua.

(H/T to The Consumerist for the link)

I was glad to see this Ars Technica article about how casual gaming is a huge thing especially in the arena of casual MMOs. This is what I've been saying all along with my City of Heroes webpage.

Almost six years after 9/11, it is inexcusable that — in an environment where TSA misses more than 90% of weapons, RON [aircraft left unattended and unlocked at night] aircraft are not secured, and ground employees are not screened — fewer than 2% of our airliners have a team of armed pilots aboard, fewer than 5% have air marshals, and the flight attendants have no mandatory tactical or behavioral assessment training. $24 billion dollars later, we are not materially safer, except in the areas of intelligence that prevent an attack from getting to an airport. Once at the airport, there is little reason to believe the attack won’t succeed.

Well said. Be sure to read the full thing which has a stinging review of the TSA's failed efforts to make airlines more secure. Keep in mind that this guy is the president of the Airline Pilots Security Alliance and he knows what he's talking about.

(H/T to Schneier for the link)

Some supermarkets now have fingerprint readers in lieu of credit card payments. You have to supply your fingerprint and attach your credit card to it, but then you can pay just by touching your finger to the reader.

There are many problems with this:

1) In theory, they're promising only to take the "data points" not the fingerprint, but if they use the same data points as other companies, then the data points are the same as your fingerprint. If every company uses different data points, as data from each breach is combined, it create a better and better picture of your actual fingerprint.
2) Unlike a credit card that can be re-issued or changed, fingerprints can't.
3) You don't leave impressions of your credit card everywhere you touch like you do with your finger. Fingerprints can be used for tracking and accountability that you shouldn't have to be responsible for unless you're a criminal.
4) There was nothing wrong with the system that was there before. Swiping a credit card is actually easier and faster than putting your finger on a reader and entering a PIN.
5) The more people that use the system, the more problems they will have with false matches (where your finger and someone elses are too close to distinguish. Granted that the PIN solves this problem to a degree, but these companies will have to add more and more data points to the algorithm to make the system work. The more data points they use, the closer to storing your actual fingerprint.

This is bad, bad news. I wonder when the first "fingerprint data breach" will happen.

For those who were wondering, there were almost 30,000 sex offenders on MySpace who were computer literate enough to use the service, but dumb enough to use their real names. How many are still there using fake names I wonder.

A virtual credit card is a short term working credit card that has restrictions such as payout amounts, time of use, or merchants who are allowed to debit it. Using these, if the company you're buying from data-rapes you for your card number, it won't matter because the number they have is worthless after the set period of time or number of transactions etc.

(H/T to Lifehacker.com for the link)

Here's a warning to you all: companies hide tracking information in your media and if you don't know about it and do something about it, you may get some pretty nasty results. Now, in this case, it's a good thing because there's no justification for leaking Harry Potter BEFORE it's public release. That just hurts the writer and others involved.

But if this wasn't immoral activity but protected free speech, be warned that you could get nailed in very subtle and sophisticated ways if you don't pay attention to product tracking.

For example: tracking dots in printers.

Ever send an e-mail and then have second thoughts? What about wanting to make sure that the e-mail you send doesn't get shared beyond your original recipient. Using the same technique that spammers do to bypass filters and verify e-mail accounts, BitString uses images for the content of messages.

Since the reader has to load the image (which is stored on the BitString server) to view the message, if the sender wants to take it back, all they have to do is ask BitString to delete the image. As long as the image is destroyed before the reciever opens the e-mail, they can be assured that it's never been read.

Also, since BitString can track how many accesses are made for the image and what IP is requesting it, you can lock it to one individual either by specifying that after the first read of the image, it will be deleted. That will prevent forwarding of the message to your recipients friends.

That's pretty cool.

Verichip is the first major company to try to make a market out of implanting people with a hard to remove tracking device. They tout it as a "security" device in that it can be used for proximity detection in sensitive areas and can be used to link to medical information in an emergency where the patient can't speak for themselves (for a yearly fee of course).

Considering that the chips actaully weaken security, are hard to remove, and basically destroy all privacy you might have had, I find it hard to understand why people would consider this.

Anyway, there's a good summary of the Verichip company here.

A common story. With a common worthless response:

SAIC spokespeople said that several employees were placed on leave after the incident was disclosed, and that it contracted data security company Kroll Inc. to provide free identity theft protection for all affected individuals for one year.

Aww. How nice. Now it looks like they're doing something.

While I usually throw out anything Comcast sends with the bill, this time I noticed an arbitration notice that says that you only have a little bit of time to opt out before you become bound to an arbitration agreement. What does that mean? It means that you're giving up your right to sue them for incompetence (which is a pretty big deal considering how incompetent they can be).

If you continue to use comcast service without opting out, you will automatically be bound by the new arbitration agreement. Fortunately, you can opt out very quickly by going to their website:

https://www.comcast.com/arbitrationoptout/default.ashx

This kind of agreement is completely one sided and circumvents the courts and our rights. Fortunately, Public Citizen is working on a bill to remove mandatory binding arbitration for good.

There's too many points to summarize without copying the content directly, but here's a small post with a lot of links to information about a girl who moved to dismiss a RIAA lawsuit and seems to have won.