Monday, June 30, 2008

Hotels...making private information not so private.

Hotels could possibly be breaking data protection laws and illegally storing information about guests. A recent article by TimesOnline (UK) discussed the privacy risks that hotels are subjecting guests to. The hotels claim that by keeping the information they are able to improve service, even though collecting the information without the guests' knowledge or consent is against the Data Protection Act.

Information being stored includes credit card numbers, family-life information, occupation, nationalities, and even some other activities including consumption of alcohol and names of overnight visitors with the guest. Don't order an adult film or be rude to someone at the front desk, because that goes into your "permanent record." It's like middle school all over again.

Other information, which is not as sensitive, is also recorded. Employees use Internet searches to find information about the guests, ranging from the books or movies they like to a favorite sport. The file is then given out to the hotel employees, because this "systematic approach" to invasion of privacy seems to be the best method of customer service.

I can see the logic behind this method...but I also remember someone telling me "The road to hell is paved with good intentions." How does this massive invasion of privacy help out that much? I understand keeping a profile of hotel-related activities such as if a smoking room is preferred. But knowing my favorite channels and the type of alcohol I drink at the hotel bar seem to be details that do not help the hotel...and make me feel uncomfortable. The hotel employees do not need to know that much personal information. I especially do not need a manager Googling me or looking at a MySpace page to get personal information.

Thursday, June 26, 2008

The creepiness factor and your Internet privacy...

Everyday millions Internet users make purchases online. Most people do not realize the dangers lurking behind recommendations that websites make based on your purchases. In theory it seems like a great idea...I purchased the latest Stephen King book and here is a list of other books I may like based on my previous purchase. What's not to like about that? That is great customer service...or is it? A recent article published by the Wharton School of Business shows the underlying dangers of behavioral targeting.

The article starts off by turning the tables...what if you buy your favorite movie and then see recommendations for other movies you may like? That is something we all appreciate. But what if the next time you visit the site you see an ad that has nothing to do with your movie choices? Instead the advertisement is for debt consolidation or treatment for a medical problem...this is what the article describes as the "creepiness factor," the private part of your life that is somehow not private anymore.

The way the creepiness factor comes from marketing companies tracking your surfing habits and building up a profile about you based on the sites you visit, e-mails you write, etc.... The companies argue that focusing advertisements based on your needs is beneficial to you as a consumer, and that the trade-off between better advertisements and your personal privacy and Internet anonymity is worth it. I disagree...and so do most people. A recent research study, presented in the article, showed that 91% of adult Internet users would use some sort of tool to surf anonymously and avoid having their information tracked and stored.

The article continues to discuss how technology has evolved over the years, but the policy for protecting us while using the Internet has not. There is no barrier. Any law that is intended to help us has a loophole. For example, the government can't collect certain information from us without a warrant, so they buy it from a company's marketing department that collects the information legally without us knowing it.

I would like to know when my information is being stored in some database and how it will be used by the company. Protecting your privacy needs to be proactive. The use of proxy servers and other privacy tools can help hide your IP address and keep you from having your identity stolen.

Tuesday, June 24, 2008

Throw those credit cards out...unless you like not having any privacy,

A recent report by Freedom Works discussed one of the newest privacy threats we should know about. Congress has sketched a new proposal that would require all merchants' payment systems to be tracked, recorded, and reported to the federal government.

This legislation will affect any credit card transaction made. Businesses will be required to give up that information once they swipe a card. The hopes of Internet privacy or being able to surf anonymously may be nonexistent if you use Amazon, PayPal, or any other online merchant. The online vendors are also required to divulge the information and report transactions to the government.

Many questions are raised throughout this article such as:
  • What is the federal government's purpose with this kind of detailed data?
  • How will this database be secured, and who will have access?
  • Many small proprietors use their Social Security number as their tax ID. How will their privacy be protected?
  • What compliance costs will this impose on businesses?
These important questions need to be answered before the legislation continues. With the rise of ID Theft and American citizens' worries about government spying, this legislation seems to completely forgo privacy protection.

Wednesday, June 18, 2008

Airport security adds another invasion of privacy to the list.

Remember when you were younger and wanted x-ray glasses? Well now all you have to do is get a job with the Transportation Security Administration. This recent article from The Dallas Morning News (dallasnews.com) reports on the newest invasion of privacy when traveling.

The TSA is using a new scanning method which has many people baffled and shocked. The new millimeter wave whole body image device shows what's going on under a traveler's clothes. The TSA argues that this will speed up the screening process...at the expense of someone seeing a 3-D image of what is under your clothes. This will increase security measures since only metal objects are detected via a magnetometer.

Privacy advocates are saying that these images are too revealing. This is the equivalent of being strip searched. The TSA and privacy advocates do not agree on the potential uses for this. Ultimately privacy advocates are saying, "American passengers should not have to parade naked in front of security screeners in order to board the plane."

The TSA has a modesty filter on the machines so that images are not too revealing...how does this help either way? So if I am hiding something it can potentially be blurred...but if I'm not then, I still have a machine basically taking naked photos of me. The screening is completely optional...but the TSA doesn't promote that fact. A passenger can skip the screening and be patted down by security. People are being put through this screening process without even being made aware that it is happening. Is it their fault for not questioning airport security? I would say no...it is the TSA's fault for not letting passengers know what they are being subjected to.

Saturday, June 14, 2008

Traveling to the Olympics? Don't bother bringing your privacy...

A recent USA Today tech article focused on the invasion of privacy many will face when traveling to the Olympics in China this summer. The warnings, aimed mostly at federal officials and business people, are telling travellers that the Chinese government will most likely attempt to penetrate the electronic devices (cell phones, PDAs, and laptops) being brought into the country. The Chinese government intends to steal information and plant bugs to gain access to U.S. networks. Just about anyone that has political influence, a government position, or works for a large company is at risk to have their privacy completely compromised.

The Overseas Security Advisory Council states that Chinese government frequently uses these tactics to gain access to personal and official computers. China's Internet and wireless networks are run by the government, which has access to any bit of data being transferred. A laptop being searched by airport security or left in the hotel while attending the day's games are vulnerable to attack. The control that the government has over the Internet allows them to invade any one's privacy since they have to surf the web through their network.

This is a major privacy threat for anyone travelling abroad for the Olympics. Any information you have on you is subject to Chinese inspection. Further, travelers coming home. should have their systems checked before connecting their network.

So now where does it go from here? Consider travelling without any of these electronics. If you have to bring them with you, make sure no personal or official information (of a sensitive nature) is stored on them. And if none of those precautions can be taken, then make sure a good proxy server is used while in China, and have everything on the computer's drive encrypted.

Wednesday, June 11, 2008

PogoWasRight.org

PogoWasRight.org is here to bring us, "Privacy news, data breaches, and privacy-related events and resources from around the world." This is a great site to visit for news and important information regarding your privacy. PogoWasRight contributor, PrivacyNews, updates frequently with headlines that are important to all of us. You can see the most recent, updated headlines and additions right on the front page.

If you want to search for articles and postings on a specific subject you have many to choose from. The sections include: Federal Government, REAL ID, Internet & Computers, Surveillance, and Business & Privacy. Clicking one of these topics brings you to the most recent updates for that section.

The "Other Privacy Sections," area offers resources for proposed legislation. The site also offers a blog, Chronicles of Dissent, which has some great articles and links to a blog dedicated to information about medical privacy. The site also shows upcoming Privacy Events and Conventions, with links to each for more details. PrivacyNews also takes leads by e-mail, in case something slipped by, that you feel should be a headline. You can also become a member of PogoWasRight.com and post comments and submit items.

This is definitely a place to go for news and information regarding privacy. The site offers relevant and recent headlines to keep us all informed on the next big threat to privacy.

Taking Back Control of Your Privacy

InsideCRM.com recently published an article that outlines 50 tips to maintain your privacy and avoid ID theft or other cyber crimes. This list is comprehensive and includes great advice on how to keep yourself protected. Everything you do online is susceptible to scams and other privacy risks; these tips could end up being the difference between security and theft. The article does not focus primarily on Internet privacy, it also discusses the ways to stay protected when offline. The full list can be found in the article, but the following are some of the major points.
  • Internet Privacy
    • Don't save e-mail address or password settings (log-in information) for frequently used sites such as online banking.
    • Use anti-virus protection.
    • If using wireless, set up a password and secure the connection.
  • Credit and Financial
    • Check you credit report about 2-3 times per year.
    • Use a credit card for online purchases instead of a debit card.
    • Never use your Social Security Number as a pin or password.
  • General Privacy
    • Don't use your Social Security Number as an identification number (such as an employee number) or write your SS# on checks. This number needs to be secured and given to as few people as possible.
    • Understand pretexting and the danger it poses to your privacy.
  • Cell Phones and Online Phones
    • Check and understand your providers Privacy Policy and frequently stay informed on updates to the policy.
  • Other Rules to Follow
    • Keep your Social Security card in a safe and secure place. That place is not your wallet or purse either!
    • Shred documents that contain personal information such as birth dates and credit card numbers.
    • Look for "https" when making an online transaction. This is different from "http" because the "s" indicates a secured and encrypted connection so only you and the site have access to the information.
The tips and tools on the site are very helpful. As stated before, these can be the difference between having your identity stolen or maintaining your security. Many of these tips are common sense for some people, but the fact is identity theft and cyber crime are a problem. If you already know to keep your Social Security Number secured, that's great! Now take the next step and do something else on the list to protect yourself.

Sunday, June 8, 2008

Transplants and "bad people"

Should moral factors enter into medical decisions? If so, which moral factors and whose moral values should be considered? It's an interesting question which is only partially answered in the article "Transplants and bad recipients".

Privacy, morality and ethics have long been tied together in disconcerting ways. While the question is raised whether or not criminals should be allowed to receive transplants which could have saved the lives of "good" people, the article does not address the very slippery slope that the question raises. If doctors can learn about a persons and make medical decisions about what they learn, what's to stop them from deciding not to treat individuals because they don't agree with their political views, religion, sexual orientation, etc...? While it's clear that doctors need complete medical history, and understand behaviour as it effects health, doctors should not learn more than that about patients and certainly should not make judgments based on non medical factors.

This is the privacy dilemma. It can be argued on both sides that more information affects the decision process. Is more information good or bad? Here are the questions from both sides of the argument: Do you really want doctors judging you instead of just treating you? What if a transplant saved the life of a criminal instead of saving the life of a loved one? It's easy to answer the questions if they affect you. But then again if you really think about the questions, maybe it's not so easy after all. What if your loved one was the criminal?

Thursday, June 5, 2008

How would you feel about being tracked via your cell phone?

MSNBC reported yesterday that Northeastern University conducted a study in which 100,000 users outside the U.S. were tracked by their cell phones. Did I mention the users were not told about this or consented to this. It was done in secret and concluded that most people stay relatively close to their homes.

Well, I am glad they know that information. It was worth spying on 100,000 people through calls and text messages to find out that people tend to stay close to home. I can live a much happier life now that I know this. This method of collection is illegal in the United States since it was non consensual. The researchers would not comment on which people were used, which country, or the service provider. Over a six month period outgoing and inbound calls and text messages were taken and analyzed.

The authors of the study said that the numbers were anonymous because they were scrambled into a 26 figure code. This would raise almost no ethical or privacy flags if the cell phone users consented to this. Some phone companies actually market tracking abilities to parents and employers. The fact of the matter is not how the information was used, but that the information was taken. So now I am a guinea pig just because? I don't buy it at all. Just because the researchers don't have the numbers I have to assume I'm safe. I think I know better than that. Someone out there has a list of all 100,000 people and their calls.

The scientists feel that since they are using it for research purposes it is alright. The data that could be misused is being handled properly so everything is fine...no need to worry, a scientist said so. The line between public research and personal privacy has surely been crossed here.

Privacy Lost (pt 5)...Celebrities have no privacy.

And today brings a close to Privacy Lost with the fifth segment, "For celebs, price of fame is rising."

This article sheds some light on exactly how high tensions are between celebrities and paparazzi. The same methods used by government agencies to monitor citizens are basically the same used to stalk celebrities. Long-lens cameras and listening devices top the list of preferred methods to invade privacy. Being a high profile name means a celebrity is vulnerable to identity theft since so much information can be found about them. While identity theft is a major concern to anyone, celebrities find that their biggest privacy risk comes in the form of high-tech, highly aggressive media. Celebrities can't even be safe in their own homes anymore.

Although, as the article mentions, some celebrities cry wolf and say they have no privacy while airing their dirty laundry on realty TV shows and websites. It ultimately brings us back to the main point of Privacy Lost, talk and actions are miles apart when discussing privacy. We all say that we want more privacy and that we will take the steps to make it happen, but when push comes to shove....nothing.

While the article focuses on issues from 2006, everything presented throughout the five parts has lost no relevance. As time progresses so does technology and the way people use it. Privacy is something is taken for granted. We don't notice when privacy is there. It is just assumed, until someone threatens to take our privacy away.

Wednesday, June 4, 2008

Privacy Lost (pt 4)...Real ID Act--New technology, new risks.

In reviewing MSNBC's Privacy Lost, we continue with part four of the segment. This segment discusses the Real ID Act and the effect it will have when it goes into effect. At the time of the article it was scheduled to go into effect in 2008, but now has been pushed back to 2011. The article also present something I found very interesting, an interactive chart with high-tech methods for identification and some of the privacy risks associated with each.

The Real ID Act sets up a national ID system by having modern high-tech standards for driver's licenses and ID cards. The government feels this is the best way to identity people, whether it is at U.S. borders or at the DMV. In addition to the standard information found on an ID card (name, gender, address, birth date, and digital photo), physical security features will be used and will also vary by state. These will be used to prevent fraud and have the ability to be accessed by "machine-readable technology," which includes RFID chips and other such technology. With the Real ID Act, states are required to verify identities. These records must then stay on file for 10 years with open access to any other state searching for information. In a nutshell, as much information as humanly possible will be retained by your ID and anyone that is able to buy, sell, or hack the information can know way too much about you.

The article continues to discuss other ID management initiatives and the privacy risks associated with them. Some of these include high-tech passports and the Western Hemisphere Travel Initiative, which increased ID requirements when travelling from the U.S. to other countries in the region. All these measures can be used to increase the government's ability to track us. And to add more fuel to the fire, all these methods will be giving out some sort of signal...which any hacker can intercept and potentially use to gain information.

The third page of the article discusses hackers and even some security experts who have been able to work their magic, so to speak, and turn Real ID into a better method of obtaining personal information. Advocates of Real ID played this off as a "media stunt." The article finished up by discussing how technology is dynamic, not static so the issues they are trying to thwart are ones from the past.

Monday, June 2, 2008

Privacy Lost (pt 3)...U.S. vs E.U. Privacy Laws

With today's continuation of MSNBC's Privacy Lost, the focus is on the vast difference in privacy rights and laws between the United States and the European Union.

A few examples of the difference in European privacy laws vs U.S. privacy laws include:
  • Personal information can't be collected without permission, and the person has a chance to review their information to make sure it is accurate and up to date
  • Companies that process data must be registered with the government
  • Employee e-mails cannot be read by employers
  • Personal information cannot be shared across borders or companies without permission
  • Salespeople at stores can't ask for a shopper's phone number
Europeans tend to trust their government more, even though many of these limitations do not apply to them. According to the article, the Netherlands is 130 times more likely to use wiretapping than the U.S. The major different is that the E.U. places many privacy restrictions on the "evil" corporations, while the U.S. lacks trust in their government.

The article continues to point out the significance that privacy laws (well actually the lack of privacy laws in this case) played during the Holocaust when church records were used to persecute Jews. Some theories exist that date the privacy issues back even further in history. The article then continues to point out some recent examples of how the differences in privacy laws became major issues. Europeans choose to use the government, which is there to protect them, when wrongdoings occur...Americans, on the other hand, use the private sector to resolve issues.

The article displays a very useful chart to show the differences between the U.S. and E.U. in various issues including: right to privacy, government snooping, and consumer data collection. From what I see, Americans tend to view privacy as a personal matter that they have a right to defend on their own terms. In contrast, Europeans seem to see privacy as a matter of government and will use that avenue as opposed to actively pursuing ways to protect their privacy. Americans make privacy happen, while Europeans expect it to be there.

While I won't say that one trumps the other, both the U.S. and the E.U. make valid points to their cause. My reoccuring thought while reading this article was how do two vastly different systems work so well, respectively? Speaking from a U.S. point of view, while many privacy issues exist, I know I can still be protected. It is a difficult subject to approach. Ultimately, both systems are working in their respective ways.