(Image used under: Creative Commons 2.0 [SRC])

Carnegie Mellon University has released a report that privacy policies are too long and too complicated and regulation might be necessary to force companies to stop screwing around with people.

(Image used under: Fair Use doctrine)

When this guy tried to sign up for Comcast cable without providing his Social Security Number, they harassed him saying that they were required to ask for it under the Patriot Act.

Deal with this by first finding out what they're going to do with it and how they're going to protect it. I would most likely use the '0' trick or just make sure your credit reports are frozen and they wouldn't be able to run credit on you even if they tried.

Want to be battle? Because this is how you become cattle.

(Image used under: Creative Commons 2.0 [SRC])

The optional license will include a picture and radio frequency identification tag that can be scanned to verify a person's identity. The tag will not contain any personal information - only an assigned number, authorities said.

How reassuring. So they won't be able to take my data from it, but they'll be able to clone it and frame me or just use the unique ID to track me remotely. But they're going to be passing out sleeves that prevent it from being read remotely without your authorization. So if you don't find it bulky and actually use it, you'll be partially protected until it's time to pull it out to be read or if someone gets a few seconds alone with your wallet to pull it out and clone it.

(Image is in the Public Domain)

It isn't bad enough that Countrywide was engaging in questionable loan practices , but now they've lost the data on millions of customers as well.

And, as usual, the completely worthless response:

The company nevertheless promised to provide two years of free credit monitoring to affected individuals through the ConsumerInfo.com division of the Experian credit bureau.

*Sigh*

Digital Pickpocketing

(Image used under: Creative Commons 2.0 [SRC])

There's a small device that when plugged into many cellphone brands (and the list is growing) that can copy all data on the phone. In other words, if someone wanted to know every bit of data you have on your phone, they could ask to "borrow it for second", plug this thing in when you weren't looking and hand it back.

While designed for law enforcement, this device is available to the public for only ~$200

The rule: if your phone contains sensitive data, do not leave it unattended. If you loan it to someone to use because they tell you theirs is not working, make sure you actually see them using the phone and there is nothing connected to it.

(Image used under: Creative Commons 2.0 [SRC])

Katherine Albrecht has written has written an article for Scientific American that everyone should read. For those who don't already know her, she's the leader of CASPIAN and one of the world's foremost experts on RFID privacy issues.

Here is a mini summary of some of the major points:

• Companies intend to replace barcodes with RFID
• Unlike barcodes which identify a product type (i.e. a can of soda), RFID will identify an INDIVIDUAL product (i.e. can of coke #48377625376)
• RFID tags can be read secretly from long distances (30 or more feet).
• RFID tags in licenses have minimal security (and even passports that have more security have been hacked already many times)
• IBM filed a patent that was granted in 2006 for a system of scanners at “shopping malls, airports, train stations, bus stations, elevators, trains, airplanes, restrooms, sports arenas, libraries, theaters, [and] mu­­se­­ums ? to track the movements of people by their RFID tags
• Alton Towers (an English amusement park) issues RFID wristbands to visitors and tracks their movements through the park. While they use it to create a keepsake "where you went" map for their customers, they prove that the system works in practice

Read the terms, don't like what you see.

(Image used under: Creative Commons 2.0 [SRC])

As I suspected, a product from a company like Google shouldn't be trusted without scrutiny. They've developed a new open-source Internet browser to compete with Firefox and Internet Explorer, but if you read carefully, you might notice this:

You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

11.2 You agree that this license includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.

So anything you submit through the Google browser can be stored and used for either promotion purposes or for selling to 3rd parties. In other words, Google browser is nothing more than the most sophisticated data-brokering device yet created (or spyware in other words).

Google may have the best search engine around, but their privacy policies are and have always been complete crap.

2008 Sept, 04 Update

Well that was fast. Google has updated it's EULA to remove any reference to them holding rights to what you own. It looks like they just cut-and-pasted their EULA from Google docs (which still has that problem). Now it reads like this:

11.1 You retain copyright and any other rights that you already hold in Content that you submit, post or display on or through the Services.

Surprisingly forward thinking.

(Image is in the Public Domain)

Bruce Schneier explains how easy it is to get past security and fly on a plane even if you're on the supposed "no fly list"

Buy a ticket in some innocent person's name. At home, before your flight, check in online and print out your boarding pass. Then, save that web page as a PDF and use Adobe Acrobat to change the name on the boarding pass to your own. Print it again. At the airport, use the fake boarding pass and your valid ID to get through security. At the gate, use the real boarding pass in the fake name to board your flight.

His article on why the no-fly-list and photo ID checks are useless against terrorists here.

What should we do about privacy problems? Attack the person who found the problem!

(Image source is unknown)

When Betty Ostergren, otherwise known as the "Virginia Watchdog" and on of my personal heroes, started posting social security numbers and other private data about state senators, she turned a few heads.

She got the information from the state's own public records websites where the senators were quick to pull some strings to get their information off the sites, but Betty refused to pull it off hers until they fixed the system that left all the other less-connected people vulnerable.

Their response was to draft a law for her specifically (what an honor!) that would make it illegal to disseminate any public records that contained Social Security numbers. Facing tens of thousands of dollars in fines, she was fortunately rescued by the Virginia ACLU who filed a lawsuit on her behalf.

And the good news is that the right decision was reached and the state of Virginia was told to eat crow. The saddest and sickest part of the whole situation is that they violently attacked the person who publicized what they were doing wrong while they made no effort to fix the wrong she exposed.

Hey there. Wanna donut!?

(Image source is unknown)

The Wall Street Journal says that Dunkin' Donuts is experimenting with video screens that use facial recognition technology to figure out your age and gender. The screens then display ads targeted specifically to you.

The last thing we need is computers trying to figure out who and what we are so they can target ads to us.