Because we really needed another way to be spied on...

(Image used under: Creative Commons 2.0 [SRC])

CNN posted an article about tiny transmitters embedded in some Canadian coins and planted on contractors with security clearance. From the article:

In a U.S. government warning high on the creepiness scale, the Defense Department cautioned its American contractors over what it described as a new espionage threat: Canadian coins with tiny radio frequency transmitters hidden insidee. Experts were astonished about the disclosure and the novel tracking technique...

Okaaaaay…. So, this is "creepy", and "novel"? First of all, coins can be given away very easily thus defeating the point of tracking the recipient. Second, the metal of the coin will inhibit the transmitters. Third, tracking technology already exists and is being used now. It's called rfid and it's already being put into our merchandise and even our clothes. Basically, it's much worse than coins.

It's almost like they don't even know what they're doing.

(Image is in the Public Domain)

Schneier reports that the government will begin encrypting all laptops. This is in response to case after case of stolen laptops leading to loss of personal data such as in the case with the Veterans Administration.

Considering that the typical response is to offer worthless credit monitoring services to make it look like they're doing something when they're actually not, this is a welcome change. Now if only they'll hold employees accountable for keeping the key/token/passwords in the same bag with the laptop…

Automated profiling at a distance. Very reassuring.

(Image is in the Public Domain)

The EFF (who is also the organization spearheading the lawsuits against AT&T) is now taking on the secret profiling program that has hit the news recently. From their e-newsletter:

The Automated Targeting System (ATS) creates and assigns "risk assessments" to tens of millions of citizens as they enter and leave the country. In November, DHS announced that the program would launch on December 4, but Homeland Security Secretary Michael Chertoff later admitted that the program had already been in operation for several years.

Under ATS, individuals have no way to access information about their "risk assessment" scores or to correct any false information about them. But while you cannot see your score, it will be made readily available to untold numbers of federal, state, local, and foreign agencies. The government will retain the data for 40 years.

Keeping your mail private is not as easy as it should be.

(Image used under: Creative Commons 3.0 [SRC])

In this article, they explain that the Government can use the laws the way they're written now to read any e-mail that is hosted on someone else's computer (like the servers at AOL, Google, Hotmail).

A man who was partially convicted based on his e-mails is suing saying that it's unconstitutional for them to read his e-mails without a warrant. While the case is in appeals, the arguments are that e-mail should have the same privacy protections as snail mail while the government cites several reasons why they can and should be able to read them.

Wireless data is easy to steal. Why did we put it on our passports again?

(Image is in the Public Domain)

Schneier links to an article about RFID passports being cloned in under 5 minutes. The authorities have stopped denying it's possible and have shifted to denying that it can be used for any nefarious purposes.

The UK Home Office however dismissed the ability to get hold of the information on the chip. A spokesman said: "It is hard to see why anyone would want to access the information on the chip. " Other than the photograph, which could be obtained easily by other means, they would gain no information that they did not already have - so the whole exercise would be pointless: the only information stored on the ePassport chip is the basic information you can see on the personal details page."

Well, it sure is hard to see why anyone would want to see someone's credit report, criminal history, medical information, social security card, birth certificate… Are these people for real?

Oops. Sorry about all your data gosh golly wilikers!

(Image is used under the Pixabay license)

Consumer Affairs writes:

A laptop containing the personal information of 328,000 current and former employees of Boeing was stolen in Chicago, according to the company. The laptop theft was the third to befall Boeing in the past twelve months. Boeing is contacting the affected employees by mail and has promised to set up free credit monitoring for them through the Experian credit bureau.

cNet writes:

WASHINGTON–U.S. Department of Homeland Security Secretary Michael Chertoff on Thursday defended forthcoming national ID cards as vital for security and consistent with privacy rights.

From the article:

"Do you think your privacy is better protected if someone can walk around with phony docs with your name and your Social Security number, or is your privacy better protected if you have the confidence that the identification relied upon is in fact reliable and uniquely tied to a single individual?" Chertoff asked rhetorically.

Has anyone heard of false dilemma before? This is where you are presented with two choices when there are actually many. One choice is always extremely horrible to make the other seem reasonable. An example could be, "Would you rather put RFID in your credit cards or have a horde of violent viking warriors destroy your home and burn your family?"

False Dilemma choices are sometimes used accidentally, but are often a dirty trick to force people into agreeing or looking bad. Defeating them is only a matter of recognizing them when they're used and calling them out.

Bottom line, do I have much trust that the government who brought us the RFID passport disaster and broken e-voting will get it right this time? No… no I don't.

(Image used under: Creative Commons 2.0 [SRC])

Hackers have gained access to databases at the University of California-Los Angeles (UCLA), making off with the personal information of 800,000 current and former students, employees, and faculty. The data breach is thought to be the largest of its kind at an American college or university.

I've always said it's less about the security of the system than it is the value of the data stolen. If it weren't so easy to use and abuse people's personal data, then ID Theft wouldn't be such a problem.

(Image used under: Fair Use doctrine)

In Schneier's blog today, he writes about a University of Washington study explaining how to track people using their Nike+iPod Sport Kit (which uses RFID).

This is a great demonstration for anyone who is skeptical that RFID chips can be used to track people. It's a good example because the chips have no personal identifying information, yet can still be used to track people. As long as the chips have unique IDs, those IDs can be used for surveillance.

Schneier goes on to say:

To me, the real significance of this work is how easy it was. The people who designed the Nike/iPod system put zero thought into security and privacy issues. Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies. Not on purpose, not because they're evil -- just because it's easier to ignore the externality than to worry about it.

Couldn't have said it better myself.

Schools have our kids confused with criminals

(Image is in the Public Domain)

In a recent newsletter, the Electronic Frontier Foundation writes:

Despite complaints from privacy advocates and parents, schools in states across the country are considering using fingerprint scans to track students. Kids at Sandlapper Elementary in Columbia, South Carolina, have their fingerprints scanned to pay for their breakfast and check out library books, while officials at the Hope Elementary School District in Santa Barbara, California, have just announced similar plans to use finger scans to charge students for their lunches.

People need anonymity. It is up to the individual to decide whether to disclose that they were at a particular place, associate with particular people, or are involved in particular events. That's what it means to be innocent until proven guilty.

This is really simple folks: Criminals lose their rights, law abiding citizens don't. For the necessity of investigation, people who can be reasonably suspected of being involved in wrong-doing can be looked at more closely (with a warrant), but other than that, no government body should be tracking, monitoring, or data mining information about anyone. Raising kids as sub-citizens who won't expect the same rights and privileges we enjoy today is NOT ok.