(Image used under: Creative Commons 2.0 [SRC])

CASPIAN warns that Verichip, the ones who have brought the human-implant RFID to the market had to publish a report of risks associated with the technology to satisfy the Securities and Exchanges Commission before they could IPO. In almost 20 pages of risks (holly clap!) they still neglected to mention that their RFID chips can be cloned… easily. So much for their claim to "tighten security in facilities like nuclear power plants".

"Potential investors should be told how a hacker can simply walk by a chipped person and clone his or her VeriChip signal, a threatdemonstrated by security researcher Jonathan Westhues months ago," says McIntyre, who is a former federal bank examiner.

And most creepily:

The VeriChip implant is a glass encapsulated RFID tag that is injected into the flesh to uniquely number and identify individuals. The tag can be read by radio waves from a few inches away. The highly controversial device is being marketed as a way to access secure areas, link to medical records, and serve as a payment instrument when associated with a credit card or pre-paid account.

So you get to be tagged like an animal with something you can't get rid of without surgury, and because your credit card information is in it, all someone has to do to steal your identity is stand near you for a few seconds. Wonderful.

Let's be clear about this: Human implantation of RFID is the most dangerous development in technology ever created. I really need to write an article about this sometime…

A depressing post on Slashdot recently indicated that forced DNA collection will become standard in criminal investigations.

The goal is to make DNA collection as routine a part of detainment as fingerprinting and photography.

Peter Neufeld, a lawyer who is a co-director of the Innocence Project, which has exonerated dozens of prison inmates using DNA evidence, said the government was overreaching by seeking to apply DNA sampling as universally as fingerprinting. "Whereas fingerprints merely identify the person who left them, " Mr. Neufeld said, "DNA profiles have the potential to reveal our physical diseases and mental disorders. It becomes intrusive when the government begins to mine our most intimate matters."

Better late than never...">

Many

(Image is in the Public Domain)

Not a bad start at all. Granted, I think we should be able to block data brokers from having our information, but we have to begin somewhere.

(article found at Slashdot.)

Tech isn't good or bad.

(Image is in the Public Domain)

I found this news on Slashdot today. Basically, a university professor used a powerful free tool that lets him browse the Internet completely anonymously (Tor). Because the utility bypasses university security, they came to him and demanded he stop using it.

From his own description of the event, I found this especially nice, condensed description of why someone would want to use Tor:

Tor can also be useful in e-commerce. For example, Amazon.com knows more about my shopping habits and tastes than my wife does. I appreciate Amazon's ability to make recommendations based on my previous purchases. But in 2000, Amazon admitted experimenting with so-called dynamic pricing, charging different people different prices for the same MP3 player; the prices were presumably based on estimates of what each user would be willing to pay, considering prior purchases. Online merchants could all do that, thanks to traffic analysis. They know who I am when I log on — unless I delete their cookies or use Tor.

Angel Customers & Demon Customers (The book that started it all)
(See online!)

With the proliferation of data about customers on an individual level due to technology such as cookies, web bugs, and RFID (ie Spychips), companies have discovered a more valuable way to manage their assets. Customer profiling.

A new customer management policy has grown popularity in the business world which assigns customers the ominous labels of Angel and Demon.

Angels

This pleasant sounding label belongs to a customer who doesn't comparison shop, buys high-margin items, always picks up "extras" (such as extended warranties and accessories), uses store credit, etc. Basically, anyone who brings the store profit.

Demons

Imagine a point system, where every purchase made was given positive or negative points based on profitability. Now imagine that any interaction you have with a company could be tallied into your profile based on how much time and resources they need to spend on you. Here are some things that might count against you:

• Submitting a rebate
• Using your extended service plan
• Making any purchase without a certain percentage of high margin accessories
• Refusal to buy add-on services (such as a free Internet trial or movies-by-mail)
• Spending an over-average amount of time making the purchase decision
• Refusing to be upsold into a higher-end model
• Complaining about the store to management, to consumer watchdogs, or government agencies

Best Buy, a major electronics retailer, is one of the early adopters of these types of systems

After compiling the results of your score, you may be offered terms of credit, pricing, or specials based on that score. For example, "Special price for our 'Platinum' grade customers only!" (where platinum is another word for "angels"). Another example might be putting better customers in a priority queue for customer service by phone. Though only Best Buy (that I know of) has looked at the angel/demon methodology, there's nothing to stop companies from using the profiles on you they already have to do the same.

Tracked and tagged. At an amusement park.

(Image used under: Creative Commons 2.0 [SRC])

If you thought it was hype and paranoia, you were wrong. Not only CAN they create a sensor network to track people with RFID, but they're doing it right now. Denmark's Lego Land puts bracelets on kids that lets them be monitored by the park's many sensors.

Says Katherine Albrecht of spychips.com:

On the safety side, we can't help wondering why parents would let children wander off by themselves armed only with only a tracking device, rather than watching them with their own eyes. If a child is so young or irresponsible that his parents want to fit him with an electronic nanny, what he probably really needs is for those parents to hold his hand and pay attention to him instead. Alienating, authoritarian technologies only contribute to an alienated, cowering populace, whether the setting is an amusement park, a school, a hospital, a birthing center, or a home.

RFID can actually be read secretly from great distances.

(Image is in the Public Domain)

Of the proponents of RFID, one of their strongest defenses was, "but RFID can only be read from a few inches away, so it can't every be a problem…."

CASPAIN's newsletter points to this article showing that one company is using RFID to let drivers change the messages on billboards over 500 feet away! For perspective, an American football field is 300 feet long.

Hijacking your Bluetooth headset to send ads is apparently ok in some countries with lax regulations

(Image used under: Creative Commons 2.0 [SRC])

Slashdot points to an article about companies who have figured out a way to send commercials to nearby bluetooth devices. So now if you're walking near a fast food spot, you get a instant message on your phone offering a lunchtime special.

According to the article, the Netherlands (where the practice is widespread) has refused to classify it as Spam giving advertisers the legal green light to start jumping unsuspecting bluetooth phone users. Coming soon to America.

Maybe someday a national id will make sense. Until then, it's best to opt out.

(Image is in the Public Domain)

As reported by Privacy.org:

The Maine House and Senate registered nearly unanimous opposition Thursday to the federal Real ID Act, which requires states to change their drivers' licenses into national IDs linked to a central database. The resolution is not binding on Congress, but says the Legislature refuses to implement the Real ID Act. It asks Congress to repeal the law.

Security theater is the term Bruce Schneier uses to describe a security measure that doesn’t actually improve security as much as it makes us feel more secure. While he disagrees with most uses, he allows that sometimes, feeling better is a good thing. For example, hospitals that put RFID bracelets on newborns that will trigger an alarm if they go through the wrong doors helps reassure new mothers when the babies are out of their sight.

Granted, this is only harmless because there’s no real security problem that is being covered up.