understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

« March 2005 | Main | May 2005 »

California bill would ban tracking chips in IDs

posted by:Jennifer Manning // 10:50 AM // April 29, 2005 // Surveillance and social sorting

A bill that would put strict limits on California's use of such devices in all state-issued identity documents is making its way through the state's legislature and was approved this week in a 6-to-1 vote by a senate judiciary committee. It's the first bill of its kind in the nation, said its author, state Sen. Joe Simitian.

Supporters of the bill, including the American Civil Liberties Union and the Electronic Freedom Foundation, say unchecked use of the technology, known as radio frequency identification, or RFID, could trample people's privacy and aid identity thieves.

Click here for the rest of the CNET article.

Click here for a copy of the bill.

| Comments (0) | | TrackBack

Feds Rethinking RFID Passport

posted by:Jennifer Manning // 07:58 AM // April 27, 2005 // Surveillance and social sorting

Following criticism from computer security professionals and civil libertarians about the privacy risks posed by new RFID passports the government plans to begin issuing, a State Department official said his office is reconsidering a privacy solution it rejected earlier that would help protect passport holders' data.

The solution would require an RFID reader to provide a key or password before it could read data embedded on an RFID passport's chip. It would also encrypt data as it's transmitted from the chip to a reader so that no one could read the data if they intercepted it in transit.

Click here for the rest of the Wired News article.

| Comments (1) | | TrackBack


posted by:Ian Kerr // 05:00 PM // April 26, 2005 // Walking On the Identity Trail

On the Identity Trail is pleased to announce that Carole Lucock will join us in May as our new Project Manager.

Carole was Senior Legal Counsel and Chief Privacy Officer with the Canadian Medical Association, a not-for-profit corporation, where she has acted as counsel for 15 years. During her tenure with CMA, in addition to corporate legal work, Carole worked on numerous health and medical profession policy files and was very active in matters concerning health information privacy. While at CMA, Carole instituted an articling program and has worked with numerous articling students during the course of their training.

Carole obtained her LL.B from Queens University and is currently completing her LL.M, with a concentration in law and technology, at Ottawa University, researching the law and policy challenges associated with the anonymization of personal health data. She will enroll as an LL.D candidate in September. Her research interests include the intersection of privacy, anonymity and identity, and the potential distinctions between imposed versus assumed anonymity.

Prior to becoming a lawyer, Carole worked for a number of years as a high school teacher in England, where she taught science, social science and physical education.

| Comments (1) | | TrackBack

Implementing PIPEDA: A Review of Internet Privacy Statements and On-line Practices

posted by:Rajen Akalu // 08:50 AM // April 25, 2005 // ID TRAIL MIX

Earlier this year the Privacy Commissioner of Canada announced an award of $48,300, under its Contributions Program, to Rajen Akalu, Bell University Lab Manager (Law) at the Centre for Innovation Law and Policy, Faculty of Law to investigate the effectiveness of Internet privacy statements.

As part of this project, students involved in the project participated in the “Anonymity, Identity and the Prospect of Privacy” student salon held on March 3, 2005, hosted by the IT society at the University of Ottawa Law School.

The Implementing PIPEDA project, which was undertaken in collaboration with the University of Toronto Faculty of Law and Faculty of Information Studies Information Policy Research Program, conducted a review of Internet privacy notices by companies in the telecommunications, airline, banking and retail sectors and field tested a framework for assessing web-based privacy statements for compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA).

In addition to the student salon the preliminary findings of this study were presented at conference held at the University of Toronto on March 18, 2005. The conference featured Daniel Solove, an associate professor of law at the George Washington University Law School and an authority in the areas of information privacy law and cyberspace law. Professor Solove is a leading thinker in the field of Information Privacy. His latest book “The Digital Person” provides a clear insight into the challenges posed by advancements in technology and offers cogent solutions to these pressing problems.

The conference also included a panel discussion on the impact on the recent FCA ruling in the Englander v. Telus case. A spirited discussion was staged between Mathew Englander and Drew McArthur, Chief Privacy Officer at Telus.

Stephanie Perrin, a leading policy authority on PIPEDA, also spoke at the conference. Ms. Perrin provided a critical perspective on PIPEDA having been involved with the drafting of the Act. Her assessment of the effectiveness of PIPEDA is particularly timely as the Act is scheduled for review next year.

Full details of the conference as well as the conference webcast can be found at: http://pipedaproject.rcat.utoronto.ca/

| Comments (0) | | TrackBack


posted by:Marty // 09:41 PM // April 21, 2005 // Walking On the Identity Trail

The Federal Court of Appeal case of BMG Canada Inc. v. John Doe, took place yesterday and today (see Google News for coverage)

On the Identity Trail's Ian Kerr & Alex Cameron have written NYMITY, P2P & ISPS: Lessons learned from BMG Canada Inc. v. John Doe. This piece explores the reasons why a Canadian Federal Court refused to compel five Internet service providers to disclose the identities of twenty nine ISP subscribers alleged to have been engaged in P2P file-sharing. Further, they argue that there are important lessons to be learned from the decision, particularly in the area of online privacy, including the possibility that the decision may lead to powerful though unintended consequences.

Click here to download the text.

| Comments (0) | | TrackBack

What’s my opinion of you? Opinity.com

posted by:Marty // 05:54 PM // April 20, 2005 // Digital Identity Management

A new service launched today, Opinity, aims to put a new spin on reputation systems. Opinity aggregates qualitative and quantitative data from a variety of reputation sources (think Amazon, e-bay, etc) to provide meta-opinions on internet users. See the press release here.

Any person with an email address or an online ID can participate. Opinity allows individual Internet users to view aggregated data on the past behavior and performance of their peers and to rate a peer's reliability and trustworthiness. Access to this information helps people make educated decisions about the individuals with whom they interact and transact business online. Opinity's universal accountability model motivates Internet users to be professional and honest while discouraging unreliable and unethical behavior by people participating in Internet interactions and transactions.

What concerns me, in light of the cavalcade of database breaches is Opinity’s means of protecting authenticity of information (note the soft set up):

With Opinity's patent-pending Veridem(TM) Technology, the authenticity of a person's own online ID can be safely and securely verified by providing his or her specific UserID, and Password along with the website name where he or she is registered. A user can verify two IDs and provide that information as proof that both are owned by the same person. The importance of verifying user identification (ID) is that it provides a much higher degree of certainty about the reliability and accuracy of user ID information. Therefore, for example, Opinity weights reviews for and by someone with a verified ID much more heavily than reviews done without ID verification.

Actually, there is a lot more that concerns me: Who in their right mind would supply Opinity with the user name and password with the site that they are registered under. With this information, 1) Opinity can log into the account and play around, cull transaction or other information and likely credit card information, and 2) if they don’t do these things, with the information lying around in their database, someone else will.


| Comments (5) | | TrackBack

The Erosion of Privacy: Why Don't We Care?

posted by:Jacquelyn Burkell // 11:32 PM // April 19, 2005 // ID TRAIL MIX

There’s no doubt our privacy – and our anonymity – are every day being eroded. Instances are myriad in number, and only increasing. While preferred customer accounts, email monitoring, and web browser cookies are present everywhere, what is on the horizon should perhaps be of even more concern: RFIDs in our rental cars, biometrically coded passports, and implanted ID tags. And, of course, the technologically possible future presents even more extreme examples, including ‘computers that can read our brain waves’ (available instances include some monkeys and one man rendered quadriplegic in an accident: he reports that while the technology works in principle, he isn’t planning to incorporate it into his life any day soon, since the effort it takes is immense and the rewards relatively few).

So, why don’t people care? Why aren’t we, as a culture, rising up in protest against those who would constantly collect, refine, transmit, integrate, and ultimately use our personal information?

We’re too afraid: not of Big Brother, but of each other. When the twin towers fell, they raised a tsunami of interpersonal paranoia. We’re afraid of flying, of eating genetically modified foods, and of identity theft. More to the point, we’re afraid of malignant others: pedophiles who would snatch our children, terrorists who would hijack our planes, and criminals who would steal our names and reputations. And the answer to this fear? Information! Theirs, of course, not ours: those malign actors (and even those who might potentially be malignant) must be tracked, known, numbered, followed. In Canada, we’re about to release Karla Homolka, a notorious serial killer, from prison. According to a recent article in the Globe and Mail (Tuesday April 12, Timothy Appleby), Homolka will be kept “on a short leash and in plain view”, an arrangement that is “without precedent in Canada”. We are collectively convinced that this arrangement will make us safer (a poor bet at best), and collectively indifferent to any threat this approach might ultimately pose to our own privacy.
We may not be smart enough to recognize that compromising the privacy of criminals and pedophiles privacy necessarily compromises our own. But that, I think, is a naïve view. Instead, it is more likely that the tradeoff is worth it – that we have ‘nothing to hide’ (a familiar chorus), and so should not fear surveillance. In balance, the gain (of perceived safety) outweighs the loss (of privacy and anonymity).

We gain by our own loss

As decision makers, we are more comfortable with the short time horizon – rewards and punishments that are close at hand have far more bearing on our decisions than outcomes that will come to pass some time in the future. It isn’t even that we see these distant results as uncertain – just somehow vague, less pressing, in the way that distant objects on a sunny day become hazy and indistinct. In the realm of personal decision making with respect to data protection, the immediate results are positive: we gain money (in the form of preferred customer discounts), information (as in personalized recommendations for books we might like), and a measure of prestige (if only illusory: being addressed by name as you pay for your purchases has to make you feel more important!).

Most of us are not unaware of the potential, or perhaps certain but delayed, cost. Sure, the proportion of spam in my email goes up – but I just institute better filters to get rid of it. Sure, I receive more and more offers for unwanted credit cards in my ‘snail mail’, each offer targeted with respect to my personal spending habits and income – but I can just throw them away. The incremental benefits I gain far outweigh what seem to be minor inconveniences – and I’m simply unaware of the big looming cost to privacy that is on the horizon.

We’ve got nothing to hide

That brings us to the chorus of the indifferent: We have nothing to hide. It seems that we’ve constructed data privacy as something that protects the ‘bad guys’, while offering nothing to those whose lives are ‘open books’. And even those cases (identity theft comes to mind) where the ordinary citizen is seriously threatened by the loss of control of their own personal information, privacy isn’t seen as the answer. After all, catching those criminals requires that we know who they are, what they do, track their every movement…

The bottom line

Why don’t we just do something about privacy loss? Perhaps because, paradoxically, we see the erosion of privacy and anonymity as a sort of action: action that protects us, enriches us, and causes no perceptible harm. If privacy activists seriously want to change the tide of privacy erosion, we must work to make people aware of the threat of privacy erosion, the loss of control over personal information, and the limited degree to which this loss gives us the benefits we crave. It’s really more of the same – and it is important to realize that those unconcerned by privacy issues are firmly entrenched in a rational, considered, and well-supported perspective.

| Comments (4) | | TrackBack

High-tech IDs planned for U.S. government workers

posted by:Jennifer Manning // 01:38 PM // April 16, 2005 // Surveillance and social sorting

By Stephen Manning, Associated Press
As part of the Bush administration's effort to tighten security at U.S. federal facilities, millions of federal employees and contractors will later this year start receiving ID badges with chips storing information such as digital fingerprints.

The "smart card" IDs will have security features designed to keep outsiders from breaking into federal buildings or computer systems.

Click here for the rest of the article.

| Comments (1) | | TrackBack

RFID-tagged GPRS-tracked Rental Cars

posted by:Mohamed Layouni // 01:11 AM // // TechLife

Zipcar, a rental car company based in Boston, is offering its customers a series of RFID-tagged vehicles that can be tracked and controlled (e.g., disabling ignition) remotely with very high precision. What is particular about these cars is that they are constantly communicating with some central server of the company, e.g., transmitting data about the car's location or receiving information about which customer will be turning up next and when...

Now if you're wondering about the selling idea. Guess what? Zipcar is "green"!! and "green" sells pretty good these days!

More on this at http://news.bbc.co.uk/2/hi/programmes/click_online/4446271.stm

| Comments (0) | | TrackBack

CFP PATRIOT Act session

posted by:Catherine Thompson // 12:28 PM // April 15, 2005 // Computers, Freedom & Privacy Conference (CFP)

We’re just in the FISA and PATRIOT Act session. Ronald Lee spoke in part about section 215 that gives the director of the FBI wide production order powers and whether there should be a dedicated national security department in the U.S. Kevin Bankston talked about the “new normal” and how anti-terrorism has included a lot of law enforcement reforms, as well as the SAFE Act but that we need to be safer. Peter Swire right now is talking about how to do secret surveillance in an open society. He’s speaking about how we can limit the use of gag orders...

| Comments (0) | | TrackBack

How To Blog Anonymously

posted by:Alison Gardner Biggs // 04:55 PM // April 14, 2005 // TechLife

The EFF has published a useful guide on keeping your blog - where personal or political - an anonymous or private space. Whether you are trying to blog anonymously to expose corruption or other sensitive topics, or merely want to be able to control who can read your thoughts and information, this short guide will give you some good tips.

The link: How To Blog Anonymously.

| Comments (0) | | TrackBack

CFP - Second day

posted by:Veronica Pinero // 03:00 PM // // Computers, Freedom & Privacy Conference (CFP)

An amazing debate is going on! Today is the second day of the CPF conference, and the panel, which is moderated by Marcia Hofmann (EPIC), is to address the problems arising by Data Mining & Public Records.

The dynamic of this panel is that the presenters, Doug Klunder (ACLU-WA Privacy Project), Daniel Solove (George Washington University Law School), and Cindy Southworth (Safety Net: the National Safe & Strategic Technology Project at the National Network to End Domestic Violence), are to discuss audience’s solutions to two problems put to the audience before the panel started. The problems and the questions are the following:

Problem 1 – Public Records
Problem: a state is planning to put its public records online and make available over the Internet its public records. The state is working on a policy about disclosing the following information about individuals: (A) home address; (B) phone numbers; and (C) Social Security Number.

1. To what extent should each type of information be disclosed?
2. At one extreme, should each piece of information be redacted entirely from any public documents and never disclosed under any circumstances?
3. At the other extreme, should each piece of information be fully disclosed without limitation?
4. Are there any workable compromises between these two extremes?

Problem 2 – Background checks
Problem: State X currently provides for the disclosure of conviction records from a single agency, which maintains a centralized database. This database is updated to remove records when a conviction is reversed on appeal, vacated, pardoned, etc. A data broker proposes to provide a “full” background check service by creating its own database that includes every arrest and criminal proceeding which will be retained forever in the database.

Question: Should limits (and if so what limits) be placed on the agencies releasing information, on the data broker, on the entities obtaining background checks from the broker, or on some combination?

What is your own position with regard to this? I have not thought very much about the first problem, but with regard to the second, I have some concerns:

First of all, what is the purpose of a criminal conviction? Or, what is the purpose of sentencing? If we are to think about this, we will realize that among others, the purpose of sentencing is rehabilitation and reintegration. How are we going to achieve such a purpose by implementing (or allowing to implement) these sorts of intrusive practices?

Second, there is an assumption: the information provided by State X is not shared with other states; it is “static information”. What happens if this information is shared with other countries, and therefore, subjected to foreign jurisdiction (“dynamic information”)? How do we assure that all criminal information that has being modified (for instance, reversed convictions on appeal, granted pardons, etc.) is actually modified by the foreign jurisdiction that got the information?

| Comments (0) | | TrackBack


posted by:Ian Kerr // 02:00 PM // // Surveillance and social sorting

steve mann made quite a "splash" in seattle yesterday at CFP (computer, freedom and privacy) by presenting his views on what he calls "sousveillance", a set of practices which he thinks are necessary as a counter-balance to increasing state and corporate surveillance.

at the end of the first day of the conference, steve and other members of the on the identity trail project led a sousveillance tour of seattle, funded by bell canada.

as a participant on that tour, i experienced first hand the fact that those who engage in surveillance jealously guard their own anonymity, prohibiting the reverse practice of allowing citizens to photograph, record or otherwise capture images of the way they do surveillance. the watchers don't like being watched!!

although i personally disagree with many of steve's own practices and some of his arguments about achieving what he calls "equiveillence" by "shooting back", it was quite compelling to experience the attitudes of those engaged in surveillance and how much insight foucault had on the subject when he wrote discipline and punish .

if you want to read more on steve and how his views were received by david brin and others at CFP, here is an interesting article from the seattle times

| Comments (2) | | TrackBack

Wired on Sousveillance

posted by:Marty // 09:22 AM // // Digital Activism and Advocacy | Walking On the Identity Trail

Kim Zetter has published this article at Wired on the sousveillance escapades of Steve Mann while he's attending CFP in Seatlle. For those familliar with souveillance [a word-play on the French words sur (over) and sous (under). The term essentially means watching the watchers], this article provides a glimpse of what On the Identity Trail's own Steve Mann has been up to...

He has designed a wallet that requires someone to show ID in order to see his ID. The device consists of a wallet with a card reader on it. His driver's license can be seen only partially through a display. And in order for someone to see the rest of his ID, they have to swipe their own ID through the card reader to open the wallet.

He also made a briefcase that has a fingerprint scan that requires the fingerprint of someone else to open it.

| Comments (0) | | TrackBack

Some MasterCard holders exposed to data theft

posted by:Jennifer Manning // 08:46 AM // // Surveillance and social sorting

HSBC Holdings is notifying at least 180,000 people who used MasterCard credit cards to make purchases at Polo Ralph Lauren that criminals may have obtained access to their credit card information, and that they should replace their cards.

Click here for the rest of the article.

| Comments (0) |

Computer, Freedom, and Privacy Conference

posted by:Veronica Pinero // 05:51 PM // April 13, 2005 // Computers, Freedom & Privacy Conference (CFP)

Good morning! Today was the first day of the CFP Conference. The first panel, which was moderated by Anita Ramasastry and organized by Stephanie Perrin, addressed the topic of Sousveillance in the Panopticon. The first presenter, Steve Mann, opened the debate with his presentation about Equiveillance, the balance between sous/surveillance. He introduced ten hypotheses to his audience and the panel, which were to be accepted or refused by the latter (this text is available at www.anonequity.org).

The first presenter to address Steve’s hypotheses was David Brin. He noted that the concepts of freedom and privacy were not opposing notions, but notions that can work together. His presentation was followed by Latanya Sweeney’s and Ivan Szekely’s presentations, the former addressing the issue of When sousveillance becomes surveillance, and the latter about New democracies? New Panopticon? Lessons learnt from Central and Eastern Europe. The panel was closed by Simon Davis, who highlighted whether sousveillance was a way to fight surveillance, or was just the same. He noted that the concept of sousveillance was also perpetrating privacy.

Many interesting questions were put by the audience, which lead to a fascinating debate.

The second panel addressed Privacy risks of new passports technologies, and focused on United State and European legislation.

| Comments (2) | | TrackBack

CFP first day summary

posted by:Catherine Thompson // 01:49 PM // // Computers, Freedom & Privacy Conference (CFP)

Hi everyone!

Yesterday was a very busy and very amazing day!!! The Anonymity Project held an all day workshop and attendance was incredible! When we first arrived, we were surprised to find we were assigned one of the ballrooms. After all, we only had about 40 registrants. But as the day wore on, it became clear that there was great interest in our session. There were about 80 seats, all filled, as well as people sitting on the floor by the walls. We figure there were about 100 people who came to check us out!

After an introduction by Stephanie Perrin and Ian Kerr, I was the first to present. My topic was Intelligent Transportation Systems – the short paper for it is available on the anonequity.org website along with most of the other speakers’ papers. Next was Alex Cameron who talked about the similarities between the panopticon and digital rights management technologies. Although he apologized for talking about philosophy first thing in the morning, the audience was nevertheless very interested!

Ed Hasbrouck spoke about the undiagnosed post traumatic stress disorder that policy makers are suffering from. EPIC’s Marcia Hoffman spoke about the Hiibel case and various legislative initiatives that mistakenly put faith in the ability to detect terrorists by increasing identification requirements among citizens. Peter Hope-Tindall spoke about the latest biometric technology, as well as Canadian and American projects in the area. Veronica Pinero spoke about panopticism and how we should rethink the use of digital criminal records to prevent discrimination.

Ian Goldberg detailed the barriers of use for some privacy enhancing technologies and some new developments in the area of anonomized remailers, messaging, file sharing, and the WWW. Roger Dingledine spoke about TOR technology as a means to remain anonymous online. TOR basically involves servers not being able to see where data is coming or going beyond the next server it communicates with. Stefan Brands detailed the relationship between verifiers and identifiers in a multi-threat environment, ending with the promise of the next generation of identifiers.

Philippa Lawson spoke about CIPPIC’s consumer profiling research, answering the question of who is using my data and what are they doing with it? Valerie Steeves and Ian Kerr presented on virtual playgrounds and buddy bots. Val spoke about the embedding of commercialism into children at a young age through websites that invade childrens’ privacy. Ian spoke about bots that imitate intelligent human interactions. Children interact with these bots without realizing that they’re not people. Lillie Coney of EPIC spoke about racial profiling and the suspected terrorist rationale. Ian Spriel related his own experience with racial profiling one day while taking pictures by the docks in Seattle.

Stephanie Perrin spoke for a few minutes about RFIDs and European developments. Simon Davies followed with a chilling account of the national ID that will have 51 separate pieces of data. Both Stephanie and Simon talked about the lack of democratic process in both of their talks. The day ended with Steve Mann talking about sousveillance and how having to show ID is evidence of being owned.

Right now we’re listening to the opening keynote debate and we’ll have another blog installment soon!

| Comments (0) | | TrackBack


posted by:Tim Blackmore // 11:50 PM // April 12, 2005 // ID TRAIL MIX

There’s data pouring down my neck and into my ears when I enter the gym. I hear tiny pitiful moans as my dendrites commit suicide, unable to face the prospect of yet more synaptic junk input from the omnipresent banks of television sets. Should my frontal lobes remain incompletely baked, there’s a sound system at work overhead, and another one near the weight benches spraying out a different river of data, the usual porn remixes of bass beats and thrusting rhythms that appear to be a key ingredient in muscle culture.

I was born and raised in—and love—big cities: I’m used to a lot of input. Early representations of cyberspace as lightburgs (films like Tron, Hackers, Godfried Reggio’s Koyaanisqatsi) looked comprehensible to me. Cites are data, data can be organized into vast architectures of knowledge. I’m comfortable walking in cities. But convergent Von Neumann technologies have shifted the metaphors. It’s a rhizome, a chaotic lowland of information gopher holes into which I and my identity can vanish. I no longer see much separation between the grease world of human flesh and the hexadecimal web world.

I’ve been party to many other lives recently, although I don’t know any of the people themselves. Without putting gum in my ears, I’ve unavoidably heard what he did to her (she preferred the other thing); what she color bought; what he said to her after she talked to her massage therapist; and one dude’s roughage issues. I’ve become a cell attached to the phones around me. The phrase “in your face” has taken on two new meanings for me: the first became clear on seeing dozens of sprint-walking New Yorkers holding their cell phones directly in front of their faces as they yelled into the receivers (for clarity, not out of anger, I assume); the second, on seeing two friends at a restaurant, both facing each other over the same table, smiling and talking to each other, also both on cell phones with different people (I assume). Loved the crudités.

If I tear loose from the intimate cells I unintentionally limpet onto, I might focus on two, three, a couple of hundred, women with unexpected slogans emblazoned on their clothing, covering areas at which, the culture has informed us, it is impolite to stare. I’m busy looking anyway because of the words. On their best days Buñuel or Fellini wouldn’t have imagined these sights. Sexsi. Juicy. PornStar. Time to open the portable and surf: calm waves of data will soothe me. Actually, it’s a dismal blog full of what Milton described percussively as “Rocks, Caves, Lakes, Fens, Bogs, Dens.” If it were like Milton’s Hell it would be a pretty cool (so to speak) place. All the cultures of the pre-Christian era would be there, anxious to explain their worldviews to each other. Instead I’m mired in the endless quotidian annotations of people’s dig-me lives (yeah, it’s ironic this is being posted on a blog—you got me!). I know we’ve fostered a culture of celebrity, and I know we’ve told people that unless they’re represented in some form of electronic media they’re basically not worth a bag of acorns, but…can this be it? Aren’t these yet more places I was taught not to look? Drink Me. Read Me. Download Me.

This is the first part of the problem.

The second part of the problem is that I understand the fairly steep anxiety circulating on the web about the outside world.

I can’t count on my first-year students to know that when someone sends out an email warning about a fake virus, the email itself is the virus (luckily there’s the delete key, the [illusory] last refuge of human agency). And of course I can’t rely that my data set will remain solely mine. It isn’t just identity theft that gets me, it’s the stealing of fat.

When Edward Norton and Brad Pitt steal left-over fat from liposuctions in Fight Club, I feel pain that is the theft of flesh, especially when that bag gets caught on the chain link fence, gets torn, and oh man, there really is data pouring down (and it’s not phat). Buying a shredder is just the beginning of a prophylactic way of living. Wearing a unisex whole-body information condom is the next step, and toward the end of the continuum is the hardened bunker with no protruding datalines. Then, if you’re hit by an information bomb—or a series of directed pulses of electronic juice — your system can’t be fried, your game station will still work, and only those run through the informational hygiene spray may enter.

There’s a complex, shifting, back and forth staggered motion at work around us: it isn’t all the same people all at the same time. People buying software and hardware shredders are probably not the same ones wearing bumper-stickers on their bums. People laying fake bang paths (you have to be an antique like me) or data trails aren’t the same folks who wonder why a cute animation some stranger sent them has turned their computer into a telephone switchbox for the residence, or why someone just like them with the very same credit cards suddenly went on a shopping spree in Rutabaga, TX. The people screaming into their cell phones probably aren’t the ones looking for the last bar or restaurant that doesn’t have both a TV and wireless node every 10 feet.

But—they will be.

These two groups will merge sometime soon. At the point of understanding what was forfeited, it will be too late to take infocillin, not because it’s technically impossible, but because the concept of the private will have altered so radically. We’ll expect to walk through the blogs, hear the other phone calls, share other people’s lunches.

When I think about what is private, I think about a house. It could be anybody’s house, but this one is yours. It’s the place you live, alone. Each time I read Henry David Thoreau’s Walden I am smitten by his decision to clean house. He moves his stuff outside the little cabin and suddenly sees connections everywhere. His belongings “seemed glad to get out themselves,…as if unwilling to be brought in,” and even take root:
A bird sits on the next bough, life-everlasting grows under the table, and blackberry vines run round its legs; pine cones, chestnut burs, and strawberry leaves are strewn about. It looked as if this was the way these forms came to be transferred to our furniture, to tables, chairs, and bedsteads—because they once stood in their midst.
Stuffy nineteenth century furniture with its ornate, often kitsch, carvings become infused with nature. Thoreau realizes that his artifacts are so comfortable where they stand that he puts an awning over them and sits there to write and, I would wager, nap. I hope he napped there in the shade.

In the house there are small sounds, the laundry humming I do when folding and thinking, the puttering murmurs, little tsking noises about forgotten thoughts. There are surprised musical notes about something I’ve read or remembered. In that silence which is what I call privacy, there is time to wonder about what, after all, we are doing, what we are thinking, and finally, who we are. How trite this all sounds, how 20th century, how jejune, how much about understanding, not data!

There is already machinery that can read and ably translate brain impulses (we would call them thoughts), and turn them into action. Having a shredder implanted in my head makes me nervous given the noise those things make, not to mention what becomes of the staples. The slickest fattest superbyte antiviral phageware will have a dubious effect on code burned into a chip coming (subcutaneously) to a kid near you. I’m not the guy who knows someone who met a fellow who has pictures from the grassy knoll, or remembers what he saw in Area 51 before he was taken to the Bermuda triangle. I’m just a guy who likes a dry basement in my personal house. Where Voltaire urged his characters to cultivate their gardens, I would say “Find your house and spend some time there.”

Also—get a mental bucket for bailing. You’ll need it.

Dr. Tim Blackmore is an Associate Professor with the Faculty of Information & Media Studies at the University of Western Ontario. Click here to see more of his biography.

| Comments (0) | | TrackBack

Keeping an Eye on the Panopticon: Workshop on Vanishing Anonymity

posted by:Veronica Pinero // 08:54 PM // // Computers, Freedom & Privacy Conference (CFP)

Good afternoon! Many members of the research group On the Identity Trail are participating in a whole day workshop at the Computer, Freedom, and Privacy Conference that is being held in Seattle (U.S) and that was organized by Stephanie Perrin, another team member.

Val Steeves and Ian Kerr have just presented their research, Virtual playgrounds and BuddyBots: a data-minefield for tinys & tweenies. By the way, this research is already available at www.anonequity.org.

Valerie highlighted the need to address how children are being targeted as web consumers: “the net is a place in which children spend a lot of time, and it is also a place where much of their private life is collected.” She noted that children are “vulnerable population” and that current model of “informed consent” does not address this characteristic. She also pointed out how all these websites that focus on children try to manipulate them by reinforcing the discourse of “friendship between the child and the product.”

Ian presented his interaction with a NativeMind Bot, “affective computing”, in an attempt to present to his audience how to understand and model emotional experience in machine behaviour.

Many interesting questions followed their presentation. While addressing one of them, Valerie noted that, with regard to how to protect children from these intrusive techniques of data-collection, the key point is to promote child-education material to let children know how they are manipulated. She also noted that members of the research group are already doing research in this area.

| Comments (0) | | TrackBack

Keeping an Eye on the Panopticon: Workshop on Vanishing Anonymity

posted by:Veronica Pinero // 07:55 PM // // Computers, Freedom & Privacy Conference (CFP)

Just a quick message. Edward Hasbrouck, who did an excellent presentation this morning with regard to Travel ID, has just posted his paper on his own website http://hasbrouck.org/blog/archives/000556.html

| Comments (0) | | TrackBack

Aeroplan rapped over data security

posted by:Jennifer Manning // 07:44 PM // // Surveillance and social sorting

By Paul Waldie, Globe and Mail

The Office of the Privacy Commissioner has sharply criticized security at Air Canada's popular Aeroplan frequent-flyer program and told the airline to better protect members' account information.

On the whole, there was a clear lack of diligence on the part of Air Canada with respect to its handling and protection of customer personal information," Heather Black, assistant privacy commissioner, said in a recent ruling involving a Vancouver businessman whose Aeroplan account was accessed, and changed, by his former boss.

Click here for the rest of the article.

| Comments (0) |

Our Ratings, Ourselves

posted by:Jennifer Manning // 01:19 PM // // Surveillance and social sorting

Arbitron, a Maryland-based company, is recruiting several thousand volunteers in Houston who will wear a portable people meter, or PPM.

The volunteers will wear the PPM while awake. Before going to bed, the volunteers will be expected to dock the P.P.M. in a cradle so that overnight it can automatically send its data to a computer center in Maryland, where statisticians can download and review the information.

The goal is for the P.P.M. will tell Arbitron exactly what kind -- and exactly how much -- television and radio programming a person was exposed to during the day. The P.P.M. may also tell the technicians at Arbitron a host of other things too, like whether a P.P.M.-wearer heard any Web streaming, any electronic media with audible sound that someone might encounter on a typical day.

Click here for the NY Times article.

| Comments (0) | | TrackBack

LexisNexis breach may be worse than thought

posted by:Dina Mashayekhi // 10:50 AM // // Surveillance and social sorting


Tuesday, April 12, 2005 Updated at 9:54 AM EST

Associated Press

LONDON — Publisher and data broker Reed Elsevier Group PLC said Tuesday that up to 10 times as many people as originally thought may have had their profiles stolen from one of its U.S. databases.

The company reported last month that intruders may have accessed personal details of 32,000 people via a breach of its legal and business information service LexisNexis' recently acquired Seisint unit. It now says that figure is closer to 310,000 people.

The breach, discovered during internal checking procedures of customers' accounts, is being investigated by U.S. law enforcement authorities.

Information accessed included names, addresses, Social Security and driver license numbers, but not credit history, medical records or financial information, the Anglo-Dutch group said in a statement to the London Stock Exchange.

"LexisNexis is notifying all these individuals and is offering free support services, including credit bureau reports, credit monitoring for one year and fraud insurance, to monitor and protect them from possible fraud associated with identity theft," the company said.

Continued at http://www.globetechnology.com/servlet/story/RTGAM.20050412.gtlexixapr12/BNStory/Technology

| Comments (2) | | TrackBack

Foreign Intelligence Surveillance Act Court increases surveillance authorizations

posted by:Marty // 06:51 PM // April 11, 2005 // Surveillance and social sorting

The U.S. Justice Department has issued and made public its report on surveillance authorizations under FISA. How many authorizations for electronic surveillance were there in 04? 1,758 (not one denial). This is an increase from 1,727 in 2003.

These figures represent only electronic surveillance, wiretaps and physical searches that are authorized under FISA.

| Comments (0) | | TrackBack

Shearman Sues in Bid to Smoke Out Critic

posted by:Jennifer Manning // 01:46 PM // // Digital Democracy: law, policy and politics

Shearman and Sterling is filing a suit against an anonymous internet user for an "offensive" post about a firm staff manager on craigslist.org.

Click here for the article.

| Comments (0) | | TrackBack

Computers, Freedom and Privacy Conference (CFP) 2005

posted by:Marty // 09:01 PM // April 10, 2005 // Computers, Freedom & Privacy Conference (CFP)

On the Identity Trail will be extremely active at CFP this year, running KEEPING AN EYE ON THE PANOPTICON: WORKSHOP ON VANISHING ANONYMITY all day Tuesday April 12.

Blog*on*nymity will be blogging the conference. See the CFP category for on going posts.

| Comments (0) | | TrackBack

On the Identity Trail papers

posted by:Marty // 08:39 PM // // Walking On the Identity Trail

In advance of this week's Computers, Freedom & Privacy conference (cfp.org), members of the On the Identity Trail project are publishing a wide array of papers.Click here to view the papers.

| Comments (0) | | TrackBack

If I were an iPod

posted by:Marty // 09:37 AM // April 06, 2005 // Walking On the Identity Trail

On the Identity Trail's own Ian Kerr has been touring Alberta, B.C. and Saskatchewan delivering his talk dubbed "If I Were an iPod", which posits the notion that "we are moving from a network of ideas, to a network of things, to a network of people."

Follow this link to read one Univeristy of Regina audience member's oberservations of this talk.

| Comments (0) | | TrackBack

IM threats rising sharply

posted by:Jennifer Manning // 09:31 AM // // Surveillance and social sorting

A recent study released by IMlogic Threat Center found that the quantity of instant messaging (IM) threats increased 250 percent in the first quarter of 2005, compared with the same period last year.
Click here for the CNET article.

For more information about security threats on IM and some possible solutions, see Ian Golberg's ID Trail mix from Tuesday, April 5th.

| Comments (0) |

This message will self-destruct in five seconds

posted by:Ian Goldberg // 11:57 PM // April 05, 2005 // ID TRAIL MIX

The Internet is fraught with threats to your privacy and anonymity: any time you communicate online, whether it be through email, instant messaging, web browsing, filesharing, or any other means, the contents of your messages are sent through many (often dozens of) intermediate machines and networks on their way to their destination. That content can be intercepted, or stored for later perusal, either lawfully or not.

What can you do to protect yourself? Researchers in Privacy-Enhancing Technologies design applications, systems, and products you can use to help stave off the threats.

The most obvious technology to keep your Internet messages private is simply encryption: Alice can encrypt her messages to Bob so that only he can read them. But that's not enough: Bob would also like to have some assurance that it's really Alice sending him the messages, and not someone posing as Alice. For that, Alice and Bob can use authentication technologies.

Encryption and authentication have been broadly applied as a general solution for privacy protection. However, this is problematic; the issue is that different communications paradigms call for different solutions. Security mechanisms appropriate for signing contracts (public-key encryption techniques, such as digital signatures) are not appropriate for other types of communication, such as preserving the privacy of casual conversations.

Many uses of email do benefit from contract-like security: email is stored, copied, retrieved, and filed; messages may need to be readable at unknown times in the future, and still have their authenticity be verifiable. Email encryption programs like Pretty Good Privacy and GNU Privacy Guard do an effective job at this task.

On the other hand, Instant messaging (IM) is a method of online communication that feels like it should behave like a face-to-face private chat. Unlike email, instant messages seem to have an ephemeral quality to them. Alice and Bob still want their messages to be encrypted, and they want to be assured of each others' identities, but they no longer have to ensure the messages are readable in the future. Indeed, what they want is deniability: there should be no long-lasting proof that either of them said anything in particular.

These are the properties one would expect from a private face-to-face conversation, and this is what we would like to provide to users of instant messaging. But let's look at how instant messages generally travel across the Internet.

If Alice and Bob are each members of the same IM network, Alice can send Bob an IM as follows:

  • Alice sends the message over the Internet to the operator of the IM service (for example, AOL, Microsoft, or Yahoo), with instructions to send it on to Bob.
  • The operator of the IM service checks if Bob is currently logged in, and if so, sends the message over the Internet to Bob.
  • If Bob is not currently logged in to the IM service, some networks will reject Alice's message, and others will store it, delivering it to Bob the next time he does log in.

It is clear that, at the very least, the operator of the IM server has direct access to all of the instant messages. (In fact, the operators of all the networks over which the message travel also have direct access.) In March, AOL announced a change to its Terms of Service which included:

"by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy. You waive any right to inspect or approve uses of the Content or to be compensated for any such uses."

AOL claimed they never meant for these clauses to apply to personal messages sent over AIM, but the uproar over this change caused them to update their Terms of Service yet again, four days later, including the removal of the line "You waive any right to privacy." But AOL is of course free to change its Terms of Service whenever it likes, as are all the other IM network operators. It is clear that these operators are technically able to read and use your instant messages however they like; if they choose not to look at them, it is only by their good graces.

Off-the-Record Messaging (OTR) is a project I co-founded to enable private communications over IM. It is free (both as in "speech" and as in "beer"), and runs on Windows, Linux, OS X, and others. OTR provides the following properties:

No third party can listen in on Alice and Bob's conversation.
Alice and Bob are assured that they're actually talking to each other, and not an imposter.
Bob could report to Charlie (a third party), everything that Alice said to him. But he can't prove it. Charlie will have to take his word for it.
Forward secrecy:
If Bob or his computer is compromised today (through legal means, such as a subpoena, or extra-legal means, such as a stolen laptop), the conversations he had with Alice yesterday are not revealed.

OTR uses very short-lived encryption keys to protect the instant messages. After Bob receives Alice's message, the key used to protect it is thrown away, and a new one is generated for the next message. Messages are not digitally signed; rather, Message Authentication Codes are used, a technique which allows Bob to check that either Alice or himself wrote any particular message. Since he knows he himself didn't write the ones he receives from Alice, he can be assured that they did in fact come from her. But he can't prove this to Charlie: as far as Charlie knows, Bob could indeed have created all of those messages himself, in order to frame Alice.

OTR also allows third parties like Charlie to produce completely fake transcripts of messages that look every bit as valid as real ones. (In fact, a toolkit to help you do this is provided with the software.) Because of this, Alice can easily claim any given transcript of her messages has been faked, providing her with additional deniability.

It is important to use the right tool for the job at hand. Traditional public-key encryption provides privacy protections appropriate to long-lived email messages and contracts, while OTR provides protections suitable for casual conversations.
| Comments (0) | | TrackBack

VeriChip Acquires Canadian Company

posted by:Michelle Gordon // 01:35 PM // // Surveillance and social sorting

No, it does not seem like an April Fool's Joke.

On April 1, 2005, VeriChip Corporation completed its acquisition of eXI Wireless of Richmond, British Columbia. As a result of the transaction, VeriChip will now offer RFID Products for People, through a complete array of implantable and external RFID products for people in the healthcare and security environment. In addition to the VeriChip (implantable microchip), which was cleared by the FDA for its medical applications in October, 2004, VeriChip Corporation will now offer eXI’s premier RFID products: HALO, RoamAlert and Assetrac.

What will this mean for Canada? Will the Canadian government start to pay more attention to this issue now? With VeriChip projecting revenue goals of $8-10 million in 2005, does this mean a natural expansion into Canada?

See Verichip press release and eXI press release.

| Comments (0) | | TrackBack

China blocking postings about the Pope's death

posted by:Marty // 11:05 PM // April 04, 2005 // Surveillance and social sorting

Exemplifying state control of digital activity, the Chinese government is blocking internet postings regarding the death of Pope John Paul II.

While popular portals such as Sina.com and Sohu.com's on-line discussion forums were flooded with messages about the pope Saturday, no messages could be seen Monday.

An official with Sohu.com confirmed the company had censored the comments, using sophisticated technology to allow only the writer to see his or her own comments.

Click here for more.

| Comments (0) | | TrackBack

Student tracker proposed

posted by:Marty // 08:53 PM // // Surveillance and social sorting

The U.S. Federal Education Department is looking to establish a fully integrated database of students as they move through post-sencondary education. See this article for more.

The proposed database would provide individually identifiable student information, including names, Social Security numbers, number of courses taken and credits earned, degrees completed, and actual education costs.

Woah! That is quite the demand of personally indentifiable information. One would think that with tracking so much (how long until this database is hacked into?) information there must be a tremendous purpose behind the desire for collection and retention.

According to the study, federal officials and lawmakers need the database of student records to obtain more accurate measures of institutional accountability and program effectiveness. It states that the proposed database would help policy-makers calculate, for example, the net price of college education and to monitor in real time federal student aid programs, such as Pell grants, and variations in aid packaging.

Interesting rationale. To me, however, these needs do not seem pressing or substantial enough to justify or equate with what would be collected.


| Comments (0) | | TrackBack

European Commission releases biometrics study

posted by:Jennifer Manning // 12:25 PM // // Surveillance and social sorting

The European Commission recently published a study titled "Biometric Frontiers: Assessing the impact on Society".

The two main conclusions of the study were that
a) the use of biometrics can bring improved convenience for individuals, but that
b) the limitations of biometrics need to be recognized (for example, biometric systems are not 100% accurate).

Click here for a copy of the report.

| Comments (0) |

EU wants biometric passports delayed

posted by:Jennifer Manning // 12:08 PM // // Surveillance and social sorting

The European Union has called on the United States to delay the deadline for the introduction of biometric passports for visitors without visas, from October 2005 to August 2006.

If the U.S. does not agree to the delay, millions of travellers will have to obtain visas prior to entering.

Click here for the CNET article.

| Comments (0) |

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada