"There's a reason you don't wear your Social Security number across your T-shirt," Albrecht says, "and beaming out your new, national RFID number in a 30-foot radius would be far worse."

There are no federal laws against the surreptitious skimming of Americans' RFID numbers, so it won't be long before people seek to profit from this, says Bruce Schneier, an author and chief security officer at BT, the British telecommunications operator.

Data brokers that compile computer dossiers on millions of individuals from public records, credit applications and other sources "will certainly maintain databases of RFID numbers and associated people," he says. "They'd do a disservice to their stockholders if they didn't."

Or put simply, everyone knows that this is scary beyond reason and we need to do something now BEFORE it's a problem.

Here is some more information from the source article:

In its October 2005 Federal Register notice, the State Department reassured Americans that the e-passport's chip — the ISO 14443 tag — would emit radio waves only within a 4-inch radius, making it tougher to hack.

Technologists in Israel and England, however, soon found otherwise. In May 2006, at the University of Tel Aviv, researchers cobbled together $110 worth of parts from hobbyists kits and directly skimmed an encrypted tag from several feet away. At the University of Cambridge, a student showed that a transmission between an e-passport and a legitimate reader could be intercepted from 160 feet.

The article also mentions a video that shows the results of his experiment. I was able to find it HERE.

I understand that using a word like rape to describe companies that take data from people against their will is a bit coarse, but it's exactly how I feel. I found out this weekend that a friend of mine had his and his wife's fingerprints taken from them by Seaworld before they were allowed to go into the park.

Though you might say "He could have just left", he had already bought a two-day pass for him and his family and invested a significant amount of time and money in the trip. Besides, no one should have to be treated like a criminal just because a theme park is concerned about a few dishonest people who are sharing passes. They could just as easily print their photos on every person's pass which would be even more efficient without the privacy issue.

I can't stand the trends that some of these places are setting and I hope they don't get away with it. If we're lucky, the ACLU or state of California are already looking into this issue.

Here is an excellent short essay on how to fix airport security and restore a bit of our dignity and rights at the airports:

Fixing Airport Security

Also be aware that the TSA is making significant strides backwards when it comes to whole body imaging. Where they used to be looking at technology that wasn't as privacy invasive, they've now started making a major push for what some are calling a digital strip search. The most important issue here is that the scanners are being planned as a replacement for metal detectors which means you'd have no choice but to bare all for the TSA.

Bring on the tinfoil underwear…

This is so wrong, I barely know what to say. I sure hope this trend doesn't start to catch on, because a lot of people would give up the information when they're pressured instead of doing the right thing and refusing.

"Please list any and all, current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc." the form reads. But Bozeman isn't simply interested in finding out where to look for potentially embarrassing personal details; the city wants full disclosure, since the form demands username and password information for each.

This is way worse than all those sickening social networking sites asking for your e-mail address password.

Update

Here is the contact information for the relevant people in the city if you want to ask them why they thought this would be a good idea.

And just in case someone were to change the form, here's a copy of the original found on their website:

This is for real... they actually expect you to give up your account details!

In today's afternoon session, a privacy commissioner from Canada gave a talk about the importance of "Privacy by Design" which refers to the concept of building privacy technologies into systems and devices during the design phase. Only then can things like surveillance cameras be implemented safely because they have been rendered incapable of collecting data or details that would be privacy invasive.

Her concept is similar to the concept of building security into devices during design instead of later after they've been fully created and it's a very good point.

The panel this morning consists of members of the FTC, Google, and Microsoft and the subject is profiling people online.

There are so many questions I want to ask such as why Google stores data for so long (which they've avoided answering before) and why the FTC doesn't promote credit freezes (which they've avoided answering before).

In the meantime, there's talk about the different types of data collection each group does and the standard rigamarole about customizing and targeting advertisements as if that's helpful to the end user. Granted having ads that are more appropriate are more useful than less, but I see that as the same as having a neighbor down the street that you hardly know bring you a box of your favorite beef jerky. It's nice, but damned creepy when someone knows that much about you when you don't know who they are, what their intentions are, and how much else they know about you.

I stood up to lecture the panel on the fact that personalized ads aren't necessary for small sites to exist if they use the product recommendation method versus random ad policy like me, opt-out is an unfair business practice since it requires that people become very knowledgeable about ads and how to stop them which is near impossible for regular people, and opt-in is not only necessary, it's easy.

I doubt the information I shared will have any positive effect on the industry, but it was still worth a try.

This week, I'm attending the 2009 CFP conference at the George Washington University in DC. So far, I found out that there's still far too few people that understand privacy when it comes to social networking sites.

Even more interesting was the information about Cross site scripting and worse and just how easy attacks like that (and others) are to use. If I were to put a certain code on this page and you still had Facebook or your bank open in another window, just by viewing this page I could manipulate your accounts.

It's really interesting stuff, but the lesson for the day is to never stay logged into services when browsing around in other windows or tabs.

It's so very obvious that health record systems should not be accessible online and any such system should have rock-solid security or not be put together at all… obvious to everyone except Virginia that is. What is it with that state? First the public records online and now health records? Are they TRYING to destroy the lives of everyone that lives there?

In a country that's been getting some pretty bad press for the Orwellian tactics they've put in place over the years, this is a nice change. It seems that people still understand that innocent people who've committed no crimes shouldn't be tracked in government databases. Hopefully the US will follow their example.

Here's another example of how someone's Facebook profile was used against them (First example here).

"If you are alleging that, as a result of an accident, you have not been able to enjoy life the same way and there is a photo taken after the accident showing you skiing or exercising … that could be relevant," the civil litigation and intellectual property lawyer said in an interview yesterday.

Well duh. If there are cases where people's personal diaries have been subpoenaed, I guarantee you an online record like Facebook is fair game.

I swear, sometimes I think Google is suffering from a serious Jeckel and Hyde complex. In the previous post I was lamenting Google's very lame privacy policies, but then this comes along.

Google apparently has a new service that lets you broadcast to your friends where you are at any time (at which point Google will plot them on a map for you). The downsides to this technology is of course that people could theoretically monitor you or get the records to use against you.

But Google is promising that the information in their Latitude service is ephemeral and will disappear after use.

What Loopt — and now Google — are asserting is this: when you tell your friends where you are, you are using a public conveyance to communicate privately. And, just as it would if it wanted to record your phone call or read your e-mail, the government needs to get a wiretap order. That's even tougher to get than a search warrant.

They've always been good about not giving up their search records without a fight, but it would be nice if they didn't store them so long in the first place.

I only just learned about Google Voice and the staggeringly awesome features it offers for free. Though I'm not a huge fan of all the gimmicks companies attach to cell phones and phone services, this one has me interested.

The only problem is that with Google's historically abysmal privacy policies, will it be safe to use? Time will tell.

Whether or not the officer in question really did use excessive force, the main point here is that the things you write about online can come back to haunt you in the most unexpected ways.

Officer Ettienne said he is now being careful to mask his identity on the Web and that he has curbed his tongue because of the acquittal. “I feel it’s partially my fault,?? he said. “It paints a picture of a person who could be overly aggressive. You put that together, it’s reasonable doubt in anybody’s mind.??

Even your "private" Facebook or Myspace account isn't so private under the force of a subpeona.

Not every service out there is as hard to get rid of as AOL, but many are close. Here's a great guide to canceling your account at many major websites such as classmates.com, facebook.com, etc.

The practice of scoping out current and potential employees online has become pervasive enough that many people (myself included) have recommended that people be far more selective about what they post online.

Well, at least one person is calling out the real issue here: that employers are looking in the first place. Her advice is for everyone to tell their employers to "butt out".

we job seekers and defenders of civil liberties should tell employers to stop snooping and stop judging our behavior outside of work. What we do, say and believe in our personal lives in most cases has no bearing on our ability to do a job, barring criminal behavior, of course.

And I agree with this. We should all stand up for the fact that many of the things we express online have little bearing on our ability to do a job, though I think we need to be realistic and still control the information we post to the best of our ability.

This was done sometime last year, but I just found it on Pop-sci.com today. It's an experiment by one of their writers to see if they could live anonymously for a week. It's an interesting read and contains some good data like this:

Data-broker Web sites sell lists of information you never thought would be for sale—records of 750,000 people who signed up for medical alert services, for example, or a list of 11,418 people, mostly men over the age of 55, who bought a particular herbal sexual-potency product in September or October. Private investigators buy phone records from pizza-delivery places, and a few years ago, data aggregator LexisNexis advertised that it, too, used pizza-delivery records to get hard-to-find phone numbers. If you want to invalidate some of the information on the lists, you could move, but you’d have to carry your own boxes—moving companies sell lists of new addresses to marketers.

And…

These companies are only minimally regulated, in part because the government itself is one of their largest clients. Contracting data-collection projects to outside companies allows the government to purchase data that would be illegal for it to collect itself.

And…

Starting in 2009, OnStar will be able to remotely deactivate a car’s accelerator, forcing it to drive at a top speed of five miles an hour—which is great if your car is stolen but not so good if someone were to hack into OnStar’s computers. Plus, systems like these include a two-way microphone and speakers that the company can activate remotely, which means they can be used for eavesdropping.

The neat thing about the article is how much they got right (most of it) and some extra information that even I didn't know (like rental car companies using secretly installed GPS to monitor if you speed or go out of your area).

I can't believe it. After the issue with Reunion.com, I would have thought there'd be LESS sites asking for your e-mail password to "find your friends from you contact list", not more!

Today I found out that both Myspace AND Linkedin ask for your e-mail address passwords. Never NEVER give away your e-mail password to anyone for ANY reason, no matter how nicely they ask.

LinkedIn asking for e-mail passwords

I found this on Schneier's blog and it's a very interesting read from one of the people who's responsible for taking advantage of people with adware.

One of the funniest parts was this:

I should probably first speak about how adware works. Most adware targets Internet Explorer (IE) users because obviously they're the biggest share of the market. In addition, they tend to be the less-savvy chunk of the market. If you're using IE, then either you don't care or you don't know about all the vulnerabilities that IE has.

Are you using Firefox yet?

This comes from a long string of stories about how bad privacy is getting in the UK. As bad as it's become in the US, apparently our friends out there have it much worse.

(H/T to Slashdot for the link)

One of the web-comics I've recently discovered has been doing a series of comics about the state of America in the last few days and he's right on. Check them out for a good laugh (or cry).

Uncle Sam and Liberty – Hmm. Similar concept to this one

Tough Times

Uncle Sam's Addiction. – This one is brilliant on so many levels.

Star Wars Sam

America Sleeps

The Devil and execs