Automated profiling at a distance. Very reassuring.

(Image is in the Public Domain)

The EFF (who is also the organization spearheading the lawsuits against AT&T) is now taking on the secret profiling program that has hit the news recently. From their e-newsletter:

The Automated Targeting System (ATS) creates and assigns "risk assessments" to tens of millions of citizens as they enter and leave the country. In November, DHS announced that the program would launch on December 4, but Homeland Security Secretary Michael Chertoff later admitted that the program had already been in operation for several years.

Under ATS, individuals have no way to access information about their "risk assessment" scores or to correct any false information about them. But while you cannot see your score, it will be made readily available to untold numbers of federal, state, local, and foreign agencies. The government will retain the data for 40 years.

Wireless data is easy to steal. Why did we put it on our passports again?

(Image is in the Public Domain)

Schneier links to an article about RFID passports being cloned in under 5 minutes. The authorities have stopped denying it's possible and have shifted to denying that it can be used for any nefarious purposes.

The UK Home Office however dismissed the ability to get hold of the information on the chip. A spokesman said: "It is hard to see why anyone would want to access the information on the chip. " Other than the photograph, which could be obtained easily by other means, they would gain no information that they did not already have - so the whole exercise would be pointless: the only information stored on the ePassport chip is the basic information you can see on the personal details page."

Well, it sure is hard to see why anyone would want to see someone's credit report, criminal history, medical information, social security card, birth certificate… Are these people for real?

Keeping your mail private is not as easy as it should be.

(Image used under: Creative Commons 3.0 [SRC])

In this article, they explain that the Government can use the laws the way they're written now to read any e-mail that is hosted on someone else's computer (like the servers at AOL, Google, Hotmail).

A man who was partially convicted based on his e-mails is suing saying that it's unconstitutional for them to read his e-mails without a warrant. While the case is in appeals, the arguments are that e-mail should have the same privacy protections as snail mail while the government cites several reasons why they can and should be able to read them.

100 years late. Better late than never?

(Image used under: Creative Commons 2.0 [SRC])

In the CAGW newsletter, they report that:

In a widely-heralded and very long-sought victory for CAGW and all taxpayers, the Treasury Department announced last May that it would stop collecting the excise tax on long distance telephone service. Known as the Spanish-American War Tax, this "temporary" tax on phone service, considered a luxury at the time, has survived for 108 years, far surpassing its raison d’etre, which lasted just four months. You can apply for a refund of the payment of that tax from 2003-2006 when you file your 2006 tax return next year.

Be sure to ask your accountant about this credit.

I never thought about it, but it's much easier to defeat TSA security than I realized.

(Image is in the Public Domain)

Bruce Schnier found an intereting article in the NY Times about a bored computer science student wrote a webpage that printed nearly identical boarding passes to those used by Northwest Airlines. Using the fake passes, people were successfully able to bypass airport security. The important part of this article, is the fact that the student did no hacking, no cracking, no breaking of any system. All he did was make passes that looked real.

No cryptographic recipe was cracked; no airline computer system was compromised. Without visiting an airport, Mr. Soghoian needed access to nothing other than a public Web site to embarrass those responsible for airport security.

As security professionals have been saying for years, these measures make life difficult for law-abiding citizens, but do little to stop the bad guys.

cNet writes:

WASHINGTON–U.S. Department of Homeland Security Secretary Michael Chertoff on Thursday defended forthcoming national ID cards as vital for security and consistent with privacy rights.

From the article:

"Do you think your privacy is better protected if someone can walk around with phony docs with your name and your Social Security number, or is your privacy better protected if you have the confidence that the identification relied upon is in fact reliable and uniquely tied to a single individual?" Chertoff asked rhetorically.

Has anyone heard of false dilemma before? This is where you are presented with two choices when there are actually many. One choice is always extremely horrible to make the other seem reasonable. An example could be, "Would you rather put RFID in your credit cards or have a horde of violent viking warriors destroy your home and burn your family?"

False Dilemma choices are sometimes used accidentally, but are often a dirty trick to force people into agreeing or looking bad. Defeating them is only a matter of recognizing them when they're used and calling them out.

Bottom line, do I have much trust that the government who brought us the RFID passport disaster and broken e-voting will get it right this time? No… no I don't.

(Image is in the Public Domain)

The National Institute of Standards and Technology (NIST) is recommending that the 2007 version of the Voluntary Voting Systems Guidelines (VVSG) decertify direct record electronic (DRE) machines.

In the article, they explain how NIST has found that the machines have no paper trail, and that a single programmer could rig an entire election. Uh…hello? This is not news, this was well know for a long time before now. Hopefully now that NIST has said it, someone in congress will pay attention.

Also, for brilliant social commentary on the issue, please see this: Diebold Accidentally Releases Results of 2008 Election Early. Tags: Diebold, Evoting

Schools have our kids confused with criminals

(Image is in the Public Domain)

In a recent newsletter, the Electronic Frontier Foundation writes:

Despite complaints from privacy advocates and parents, schools in states across the country are considering using fingerprint scans to track students. Kids at Sandlapper Elementary in Columbia, South Carolina, have their fingerprints scanned to pay for their breakfast and check out library books, while officials at the Hope Elementary School District in Santa Barbara, California, have just announced similar plans to use finger scans to charge students for their lunches.

People need anonymity. It is up to the individual to decide whether to disclose that they were at a particular place, associate with particular people, or are involved in particular events. That's what it means to be innocent until proven guilty.

This is really simple folks: Criminals lose their rights, law abiding citizens don't. For the necessity of investigation, people who can be reasonably suspected of being involved in wrong-doing can be looked at more closely (with a warrant), but other than that, no government body should be tracking, monitoring, or data mining information about anyone. Raising kids as sub-citizens who won't expect the same rights and privileges we enjoy today is NOT ok.

(Image used under: Creative Commons 2.0 [SRC])

Katherine Albrecht, the world's leading RFID privacy expert and co-author of the book Spychips - How Major Corporations and Government Plan to Track Your Every Move with RFID writes:

Former U.S. Secretary of Health and Human Services Tommy Thompson is considering a run for president in 2008…

As head of Health of Health and Human Services, Thompson oversaw the scandal-ridden FDA when it approved the VeriChip as a medical device. Shortly after leaving his cabinet post, he joined the board of the VeriChip Corporation and wasted no time in using his clout to promote the company's glass encapsulated RFID tags.

These tags are injected into human flesh to uniquely number and identify people. He also suggested implanting military personnel with the chips to replace dog tags.

Thompson has an option on more than 150,000 shares of VeriChip stock. Right now those options aren't worth much. Security flaws and public squeamishness have hurt the company's sales, resulting in losses of millions of dollars.

Even if he remains chip-free as we hope, the American people should still be wary of him.

(Image used under: Creative Commons 2.0 [SRC])

The Center For Democracy and Technology recently said in their newsletter:

The "lame duck" 109th Congress will return to Washington November 13 to take care of unfinished business before it finally ends. Among the bills President Bush has said he'd like to see passed is the NSA Domestic Spying bill. In addition, there is an effort afoot to slip into some other bill (probably a spending bill) a provision that would give the telecom companies immunity from liability for any unlawful assistance they have given to the government since 9/11.

What they're talking about is the bill that was introduced to congress backed by Bush that would not only NOT challenge the spying, but would in some forms legalize and expand the power to spy on Americans without a warrant. Fortunately, many major news outlets think that's not likely including the Baltimore Sun:

Republicans for months have known that no bill accomplishing Bush's goal could get filibuster-proof support from 60 senators. Sealing off any hope was what Democratic leader Harry Reid put on his lame-duck to-do list. The warrantless domestic surveillance bill was conspicuous in its absence.