When Personal Space is Nothing but Trouble
posted by:Jeremy Hessing-Lewis // 11:52 AM // July 17, 2006 // General | Surveillance and social sorting
Microsoft has withdrawn a free program that would have allowed users to create password protected folders. Private Window 1.0 would have allowed users to create privivate areas within user accounts that could protect sensitive data.
Unfortunately, the tool was set to cause chaos for IT departments accross the land. Companies don't like not being able to access parts of their own network. Moreover, the tool would have taken password recovery help to epic levels. The uproar caused Microsoft to retract the software within two days.
Although its too bad that the tool will no longer be available to individuals, it serves as an excellent example of Microsoft trying to balance corporate enterprise economics with personal data security.
Read more on CNET here.
| Comments (0) |The Original Privacy Position
posted by:David Matheson // 11:50 PM // July 12, 2006 // Core Concepts: language and labels | Digital Democracy: law, policy and politics | Surveillance and social sorting
Thomas Nagel has pointed out that there is an analogy to be drawn between (what I’ll call) the problem of liberalism and the problem of privacy. The problem of liberalism concerns “how to join together individuals with conflicting interests and a plurality of values, under a common system of law that serves their collective interests equitably without destroying their autonomy.” (Nagel 1998, 4-5) The problem of privacy is that of “defining conventions of reticence and privacy that allow people to interact peacefully in public without exposing themselves in ways that would be emotionally traumatic or would inhibit the free operation of personal feeling, fantasy, imagination, and thought.” (Nagel 1998, 5)
One well-known attempt to deal with the problem of liberalism comes from John Rawls (1971). He asked us to imagine individuals in what he called the Original Position. Inhabitants of the Original Position are behind a “veil of ignorance” that cuts them off from any significant knowledge of their position in society: they don’t know whether they are rich or poor, powerful or disadvantaged, members of a social majority or minority, etc. Under such conditions of ignorance, they are faced with the task of determining the basic structures and rules whereby society is to be ordered. Whatever structures and rules they would agree upon, Rawls claimed, are the basic principles of justice (as fairness).
So what would the inhabitants of the Original Position agree upon? Rawls pointed to two fundamental principles. First, the liberty principle:
Liberty. Each individual is to have a maximal amount of basic liberty (including such things as the freedom to vote, the freedom to be considered for public office, freedom of speech, freedom of conscience, freedom of assembly, and freedom from arbitrary arrest and seizure) consistent with a similar liberty for everyone else.
Second, the difference principle:
Difference. Socio-economic inequalities are to be such that they bring the greatest benefit to least advantaged members of society.
By thus using the decision procedure that consists of thinking about what inhabitants of the Original Position would agree upon, Rawls suggested, we can get clear about the basic principles of justice. These principles provide the general framework for understanding “how to join together individuals with conflicting interests and a plurality of values, under a common system of law that serves their collective interests equitably without destroying their autonomy.” Hence the use of the Original Position gives us one way of dealing with the problem of liberalism.
I wonder if there isn’t an analogous solution to the analogous problem, i.e. to the problem of privacy. Perhaps we can make use of a privacy version of the Original Position; call it the “Original Privacy Position.” Thus, as before, imagine a group of individuals behind a metaphorical veil of ignorance. Now, however, the veil only precludes them from knowing anything significant about their privacy position in society. Inhabitants of the Original Privacy Position, in other words, don’t know such things as whether their privacy is generally at serious risk, whether they attach a great deal of value to their privacy, whether they are in a position to make a lot of money through the diminishment of others’ privacy (or whether others are in such a position with respect to them), etc. And behind this veil of privacy ignorance they are given the task of deciding upon the basic norms of “reticence and privacy,” to use Nagel’s phrase, or norms of the “contextual integrity” of personal information, to use Helen Nissenbaum (1998, 2002)’ s equally apt one. The idea would be that whatever basic norms inhabitants of the Original Privacy Position would agree upon, those are the basic privacy norms that any just society should respect.
Maybe they would agree upon norms quite analogous to Rawls’s two general principles of justice. First, there would be the privacy norm:
Privacy. Each member of society is to have a maximal amount of basic privacy consistent with a similar privacy for everyone else.
Then there would be something like the difference of privacy means norm:
Difference of privacy means. Inequalities with respect to individuals’ means of controlling their privacy (e.g. inequalities concerning access to technologies designed to protect their privacy, or to diminish that of others) are to be such that they bring the greatest benefit to the least privacy privileged members of society (i.e. to those members of society who are the least advantaged with respect to controlling their privacy).
Although I haven’t yet chatted with him about this, it seems to me that this Rawlsian approach to the problem of privacy might serve as a basis for justifying Steve Mann’s program of equiveillance. After all, a good case can be made that many of the surveillance structures in our actual society violate one of both of the just mentioned privacy norms. (Compare Lucas Introna (2000)’s claim that workplace surveillance practices sit ill at ease with the Rawlsian approach to justice as fairness.)
Consider, for example, the surveillance structures built into digital rights management technologies. Those structures certainly yield inequalities when it comes to individuals’ means of controlling their privacy. And they arguably bring no (let alone the greatest) benefit to the least privacy privileged members of society. Steve’s insistence that we aim for equiveillance through sousveillance could perhaps be cast as the point that sousveillance is needed to bring us back to an appropriate respect for such privacy norms as Privacy and Difference of privacy means.
References
Introna, Lucas. (2000). “Workplace Surveillance, Privacy, and Distributive Justice.” Computers and Society 33: 33-9
Nagel, Thomas. (1998). “Concealment and Exposure.” Philosophy & Public Affairs 27: 3-30
Nissenbaum, Helen. (2004). “Privacy as Contextual Integrity.” Washington Law Review 79: 119-58
Nissenbaum, Helen. (1998). “Protecting Privacy in an Information Age: The Problem of Privacy in Public.” Law and Philosophy 17: 559-96
Rawls, John. (1971). A Theory of Justice. Cambridge, MA: Harvard University Press.
Surveillance Goes Mainstream
posted by:Jeremy Hessing-Lewis // 02:02 PM // June 14, 2006 // Commentary &/or random thoughts | General | Surveillance and social sorting | Walking On the Identity Trail
While researching how the major telcos are bundling their products, I was somewhat surprised to see that Telus has now added retail sales of consumer surveillance products to its online store. There are at least three immediate observations to be made about this development.
1. Web-based video surveillance is now mainstream. While similar products have been available for years, Linksys (a division of Cisco Systems) is a major market player with a variety of high-volume retail distributors. Telus is also prominently marketing these products through the main products page of their online store.
2. Web-based video surveillance is easy to use. Unlike the James Bond surveillance of years past, the Linksys models are ready to run out of the box. According to the product description, the Wireless G Video Camera contains its own web-server and does not require a computer. Just provide power and a nearby wireless network connection and the camera will stream live video (with sound) straight to any web-browser. For mobile monitoring, the camera can notify a cell-phone, pager, or e-mail address whenever the motion sensor is triggered. When operating in "Security Mode," the camera can be configured to send short video clips to up to 3 e-mail addresses.3. Web-based video surveillance is cheap. Telus offers two models. The cheaper version retails for $99.95 and contains all the basic functionality. For $274.95, the deluxe version includes a motion sensor and microphone.
Such products will likely have significant privacy implications. Their ease-of-use and low-cost will allow a much broader market of users than have previous versions. It is foreseeable that many of these users will devise illicit uses beyond the "home monitoring" described by Telus. As these products continue to shrink in size and wireless capabilities improve, the threat is only likely to increase.
We are left with the recurring question: Does the democratization of surveillance equipment present a threat?
One might argue, as has Steve Mann with the concept of sousveillance, that providing such tools to citizens counterbalances the powers of otherwise one-sided surveillance. I consider this to be somewhat of a "right to bear arms" argument and am forced to wonder whether such a state is at all desirable. Are many weapons preferable to a single weapon?
In contrast, one might also see Telus' foray into video surveillance as part of the surveillance "arms race" that will inevitably be a race to the bottom (the always enjoyable skeptic's position).
Alas, I fear this moral debate will only be resolved by the great oracle of our time... the market.
| Comments (1) |A Dignity Worry about Automated Identity Management
posted by:David Matheson // 12:05 PM // May 28, 2006 // Core Concepts: language and labels | Digital Identity Management | Surveillance and social sorting
Consider an extreme proponent of the ancient Greek practical philosophy known as Cynicism. I’ll call him Diogenes, without implying anything about how closely he resembles the historical Cynic of the same name (who, you might recall, once suggested to a fawning Alexander the Great that the greatest honor the king could bestow on him was that of moving a little to the side so that he could continue to soak up the sun’s rays). Our fictitious Diogenes takes the Cynical doctrine of following the lead of nature, and of flouting any inhibitive social conventions, to a shocking level. In a way that might remind a dog-owner of her lovable companion (“Cynic,” after all, comes from kunikos in Greek, meaning “like a dog,” cf. Piering 2006), Diogenes makes no attempt to hide whatever inclinations and desires he happens to find coming his way naturally, and is quite happy to satisfy them whenever and wherever he can. Bodily functions that we would normally consider to be deeply private he carries out in full view of whoever happens to be in his presence. He says whatever comes to mind, regardless of who it might happen to offend or of how it might make him appear to others. Simply put, Diogenes lets it all hang out, always. And he’s convinced that doing so is the true road to happiness.
We might say that Diogenes believes that shame-avoidance -- at least as we commonly think of shame -- stands in the way of human happiness. Or we might say that he presents a formidable challenge to our convictions about the negative value of shame. But it seems to me that, whatever we say on those matters, Diogenes can at least properly be said to be living a shameful life. Even if he couldn’t care less about avoiding shame, and regardless of whether he thinks it’s something to be quite pleased about, Diogenes is in the business of performing one shameful act after another.
It’s interesting to note that this intuitive (to me, at any rate) verdict about Diogenes’s behavior -- it’s shameful -- sits ill at ease with philosophical accounts of shame that render it essentially a matter of sensitivity to the disapproval of others. Consider, for example, the view that an individual’s behavior is an occasion for shame just in case she feels bad about engaging in it when she considers that others disapprove. In this view, Diogenes is not living a life of shame. He knows that others disapprove of his startling behavior, but he doesn’t feel bad in the light of this knowledge, for he thinks that sensitivity to the disapproval is inimical to the prime directive of happiness.
Recently, New York University philosopher J. David Velleman (2001) has presented an alternative account of shame that is more accommodating to the intuitive verdict about Diogenes. According to this account, shame is at its core about failures of selective self-presentation: to say that an individual’s behavior is an occasion for shame, in other words, is to say that she has failed to take adequate care -- failed to manifest appropriate concern -- when it comes to selectively revealing (or, on the flip side, concealing) different aspects of herself in different contexts. Despite the fancy name, the concern for selective self-presentation is a pretty familiar feature of our lives. Indeed, according to some, it’s “among the most important attributes of our humanity.” (Nagel 1998: 4) It’s manifested in everything from such mundane activities as the wearing of clothes in public, retiring to designated rooms for intimate engagements, and taking care not to say everything we think to be true of individuals in their presence, to more elaborate attempts to respect what another NYU philosopher, Helen Nissenbaum (1998) has called “norms of contextual integrity” of personal information, whether in online environments or elsewhere.
If we accept this alternative account of shame, with its focus on failures of selective self-presentation, I think we’re in a good position to explain why Diogenes is living a life of shame. Diogenes can’t be said to be taking adequate care when it comes to selectively revealing different aspects of himself in different contexts, because he really takes no care at all. His starling behavior, given that lack of care, amounts to a radical failure of selective self-presentation, and is thus an occasion for shame.
Of course, occasions for shame need not be as radical as what’s involved in Diogenes’s case. He manifests a general, pervasive, and ongoing lack of concern for selective self-presentation. In more realistic cases, failures of selective self-presentation are considerably more acute, stemming from particular bits of behavior that manifest a temporary lack of care for selective self-presentation against the background of a more general care for it. To illustrate, consider the individual who make an ill-considered, out of character remark that exposes his feelings about another individual to a much larger audience than he intends. His remark can be said to be an occasion for shame because, despite the fact that he generally makes an active effort to reveal such attitudes only to a limited circle of close friends -- thus manifesting a general, ongoing concern for selective self-presentation -- this particular remark has undermined the general effort and thus manifests a temporary carelessness about self-presentation, one that amounts to a relatively small-scale instance of shame.
Notice that the avoidance of shame seems to be centrally tied to human dignity: an individual’s behavior can hardly be dignified if it is an occasion for shame, and dignified behavior seems to preclude shameful behavior. If we accept it, then, the failure of selective self-presentation account of shame would seem to translate into an important insight about human dignity, viz. that manifesting an adequate concern for selective self-presentation, through the active avoidance of failures of selective self-presentation, is a central condition on our dignity.
It seems to me that this insight about human dignity may well ground a worry about certain kinds of identity management technologies that are becoming increasingly prevalent on the contemporary scene. What I have in mind are those technologies that tend to automate the management of users’ identities to a very high degree, by significantly diminishing the users’ active participation in processes of their own identification. Consider, for example, implanted RFID microchips. One of the primary benefits of these technologies is identification convenience: if you’ve got the chip in your arm, the process of being identified in various ways is easier for you than processes involving old-fashioned counterparts. You don’t have to bother with finding the right card, producing the right documentation, providing the right answers to relevant questions, and so on. You just walk on through, and let the chip do your identifying for you. Brin (2004) makes the point in connection with biometric identification systems: “When your car recognizes your face, and all the stores can verify your fingerprints, what need will you have for keys or a credit card?”
Perhaps, however, the convenience of these technologies comes at too high a price on the dignity scale -- at least for those of us who, unlike our fictitious Diogenes, care about human dignity in the relevant sense. For it seems to me that there’s a case to be made that the more we subscribe to automated identity management technologies, the less likely we are to maintain a robust concern for selective self-presentation, because we are more likely to leave the presentation of aspects of ourselves up to the technologies and the systems of which they are a part. And if the insight about human dignity mentioned above is on the right track, this carries as a consequence an increased likelihood of diminishing our dignity as humans.
Diogenes in effect gives up on selective self-presentation by leaving his self-presentation to the hand of nature. Perhaps we should be careful about giving up on our selective self-presentation by leaving our self-presentation to the hand of technology. Our dignity may well be what hangs in the balance.
References
Brin, David. (2004). “Three Cheers for the Surveillance Society!” Salon, http://dir.salon.com/story/tech/feature/2004/08/04/mortal_gods/index_np.html. Retrieved 26 May 2006
Nagel, Thomas. (1998). “Concealment and Exposure.” Philosophy & Public Affairs 27: 3-30
Nissenbaum, Helen. (1998). “Protecting Privacy in an Information Age: The Problem of Privacy in Public.” Law & Philosophy 17: 559-96
Piering, Julie. (2006). “Cynics.” The Internet Encyclopedia of Philosophy, http://www.iep.utm.edu/c/cynics.htm. Retrieved 25 May 2006
Velleman, J. David. (2001). “The Genesis of Shame.” Philosophy & Public Affairs 30: 27-52
Watch what you type, or THEY will
posted by:Jeremy Hessing-Lewis // 10:22 AM // May 17, 2006 // Surveillance and social sorting | TechLife
Next time you type your password or send a lover an adjective-dense email, you may want to consider the intermediaries. If you're lucky enough to have a boss who doesn't care about your keystrokes, that doesn't mean even more surrepticious intermediaries don't have similar intentions. A new study suggests that spyware keystroke logging is on the rise. Just because you can't see your password, **********, doesn't mean nobody else can.
CNET: Study: Keystroke spying on the rise
CNET: Spying at work on the rise, survey says
Anti-Spyware Coalition: Public Workshop Part II
posted by:Jeremy Hessing-Lewis // 02:24 PM // May 16, 2006 // Commentary &/or random thoughts | Digital Activism and Advocacy | Surveillance and social sorting
Everyone should be happy to know that Microsoft and the Department of Homeland Security are looking-out for your personal privacy. They represent the so-called "international public-private cooperation" that is hard at work keeping your computer free from all kinds of scary threats.
Joe Jarzombek, the Director for Software Assurance in the Policy and Strategic Initiatives Branch of the National Cyber Security Division (phew), spoke of the DHS' efforts (see National Cybersecurity Division) to contain risks presented by a non-standard, outsourced supply chain. That's right, the threat isn't local, its from one of the "stans" or "anias." They've established a common directory of malware in order to standardize spyware definitions. They are also kindly offering a software assurance program so that the DHS can have a look at your code and make sure its alright.
Spyware is a serious threat to your privacy, but Microsoft and Homeland Security are doing their best to ensure that your personal information doesn't get into the wrong hands. Trust them.
While the FCC is pushing for their The Safe Web Act, it seems that the DHS is sitting pretty. Big business is openly sharing information with them and, in turn, they are sheltering big business from the public's prying eyes through "critical information protections". The key phrase that was left unspoken by all parties was "mandatory backdoors".
(By Ambrese and Jeremy HL)
| Comments (2) |Anti-Spyware Coalition Public Workshop
posted by:Jeremy Hessing-Lewis // 10:41 AM // // Commentary &/or random thoughts | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | Surveillance and social sorting | Walking On the Identity Trail
Jeremy HL and Ambrese reporting from the Anti-Spyware Coalition Public Workshop: Developing International Solutions for Global Spyware Problems. The Workshop has brought together an interesting mix of consumer advocates, anti-spyware vendors, regulatory agencies, and public interest groups.
Ari Schwartz, of the Center for Democracy and Technology, presented a survey of some of the harms of spyware including:
1. Identity Theft
2. Corporate Espionage
3. Domestic Violence
4. Extortion
5. Unfair and Deceptive Trade Practices
6. General Privacy Invasions
Although the connection may not be immediately obvious, the relationship between domestic violence and spyware is particularly interesting. Both Anne Mau, of lokk.dk, as well as Cindy Southworth, of the National Network to End Domestic Violence, spoke of how women in abusive relationships can be put under surveillance by their own computers. The monitoring becomes an additional method of asserting complete control. One example marketed as "lovespy" was deployed as a harmless greeting card that would then install key tracking software. This is especially dangerous when women are trying to find social support information or are organizing themselves to leave the relationship.
Ambrese investigated the support services related to spyware and domestic violence only to find that they remain totally inadequate. One support worker offered the helpful advice: "Don't use the Internet." CIPPIC will be hosting Cindy Southwark this week as she trains social service workers to deal with these issues.
Stay Tuned.
| Comments (0) |Wearable Sensors to Improve Soldier Post-Action Reports
posted by:Alex Cameron // 03:28 PM // May 15, 2006 // Surveillance and social sorting
Wearable Sensors to Improve Soldier Post-Action Reports
Future combat gear may feature wearable sensors, including cameras and audio pick-ups, to enhance the soldier's "situational awareness" and after-action reports as a result of the ASSIST project. ... A soldier’s after-action mission report can sometimes leave out vital observations and experiences that could be valuable in planning future operations. The Defense Advanced Research Projects Agency (DARPA) is exploring the use of soldier-worn sensors and recorders to augment a soldier’s recall and reporting capability. The National Institute of Standards and Technology (NIST) is acting as an independent evaluator for the “Advanced Soldier Sensor Information System and Technology” (ASSIST) project. NIST researchers are designing tests to measure the technical capability of such information gathering devices.
For those who remember my question at the team meeting, I thought this article was pretty interesting.
First, this picture of the soldier shows that Steve Mann is far ahead of the US military in terms of technology! I mean, the other soldiers must make fun of this guy with the camera on his helmet.
Second, and more on point with my question, I think the person collecting the info here is very interesting. Recall that part of my question was whether Steve had accounted for the possibility that the information gathered by the sousveiller would be more likely to be used against them than for them. As many people in this field know, privacy-invasive or rights diminishing measures are often tested first on soldiers and prisoners. Perhaps it is a coincidence that it is a soldier here but maybe it's evidence that there's something to my question. And recall that in the 'real world', it's not just an issue of the evidence being used against someone who shoplifts, it's a more general use of the information 'against' or to profile the individual that was part of my question.
Maybe some might consider this example as an example of surveillance of employees (because the military owns the tapes). However, if everyone's sousveillance tapes were accessible to others (through discovery in litigation) or other ways, then really what is the difference between sousveillance and surveillance.
Full story here
http://www.nist.gov/public_affairs/techbeat/current.htm#wearable
Search engine privacy
posted by:Marty // 01:45 PM // January 20, 2006 // Surveillance and social sorting
Concerned about the Justice Department trying to find out what you're searching on-line? Wired has posted an FAQ on search engine privacy, which contains a few helpful hints. Jump to it here.
| Comments (0) |On E-Government Authentication and Privacy
posted by:Stefan Brands // 01:40 PM // November 01, 2005 // Computers, Freedom & Privacy Conference (CFP) | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | ID TRAIL MIX | Surveillance and social sorting | TechLife
Governments around the world are working to implement digital identity and access management infrastructures for access to government services by citizens and businesses. E-government has the potential of bringing major cost, convenience, and security benefits to citizens, businesses, and government alike. There are major architecture challenges, however, which cannot be solved by simply adopting modern enterprise architectures for identity management. Namely, these architectures involve a central server that houses the capability to electronically trace, profile, impersonate, and falsely deny access to any user. In the context of an e-government infrastructure, the privacy and security implications for citizens of such a panoptical identity architecture would be unprecedented.
By way of example, consider the implications of adopting the Liberty Alliance ID-FF architecture (the leading industry effort for so-called "federated" identity management) for e-government. The ID-FF describes a mechanism by which a group of service providers and one or more identity providers form circles of trust. Within a circle of trust, users can federate their identities at multiple service providers with a central identity provider. Users can also engage in single sign-on to access all federated local identities without needing to authenticate individually with each service provider. Liberty Alliance ID-FF leaves the creation of user account information at the service provider level, and in addition each service provider only knows each user under a unique “alias” (also referred to by ID-FF as “pseudonyms”). However, the user aliases in Liberty Alliance ID-FF are not pseudonyms at all: they are centrally generated and doled out by the identity provider, which acts in the security interests of the service providers.
While the Liberty Alliance ID-FF architecture may be fine for the corporate management of the identities of employees who access their corporate resources, it would have scary implications when adopted for government-to-citizen identity management. The identity provider and the service providers would house the power to electronic monitor all citizens in real time across government services. Furthermore, insiders (including hackers and viruses) would have the power to commit undetectable massive identity theft with a single press of a central button. Carving out independent “circles of trust” is not a solution: the only way to break out of the individual circle-of trust “silos” that would result would be to merge them into a “super” circle by reconciling all user identifiers at the level of the identity providers. This would only exacerbate the ID-FF privacy and security problems.
More generally, replacing local non-electronic identifiers by universal electronic identifiers has the effect of removing the natural segmentation of traditional activity domains; as a consequence, the damage that identity thieves can do is no longer confined to narrow domains, nor are identity thieves impaired any longer by the inherent slowdowns of a non-electronic identity infrastructure. At the same time, when the same universal electronic identifiers are relied on by a plurality of autonomous service providers in different domains, the security and privacy threats for the service providers no longer come only from wiretappers and other traditional outsiders: a rogue system administrator, a hacker, a virus, or an identity thief with insider status can cause massive damage to service providers, can electronically monitor the identities and visiting times of all clients of service providers, and can impersonate and falsely deny access to the clients of service providers.
On the legal side, the compatibility of modern enterprise identity architectures with data protection legislation and program statutes is highly questionable. Also, the adoption of enterprise identity architectures in the context of e-government would directly interfere with Article 8 rights under the European Convention on Human Rights. Specifically, any interference with privacy rights under Article 8 must do so to the minimum degree necessary. Enterprise identity architectures violate this requirement: far less intrusive means exist for achieving the objectives of e-government.
Specifically, over the course of the past two decades, the cryptographic research community has developed an array of privacy-preserving technologies that can be used as building blocks for e-government in a manner that simultaneously meets the security needs of government and the legitimate privacy and security needs of individuals and service providers. Relevant privacy-preserving technologies include digital credentials, secret sharing, private information retrieval, and privacy-preserving data mining.
By properly using privacy-preserving technologies, individuals can be represented in their interactions with service providers by local electronic identifiers. Service providers can electronically link their legacy account data on individuals to these local electronic identifiers, which by themselves are untraceable and unlinkable. As a result, any pre-existing segmentation of activity domains is fully preserved. At the same time, verifier-trusted authorities can securely embed into all of an individual’s local identifiers a unique “master identifier” (such as a random number). These embedded identifiers remain unconditionally hidden when individuals identify themselves on the basis of their local electronic identifiers, but their hidden presence can be leveraged by service providers for all kinds of security and data sharing purposes without introducing privacy problems. The privacy guarantees do not require users to rely on third parties - the power to link and trace the activities of a user across his or her activity domains resides solely in the hands of that user.
In the context of e-government, security and privacy are not opposites but mutually reinforcing, assuming proper privacy-preserving technologies are deployed. In order to move forward with e-government, it is important for government to adopt technological alternatives that hold the promise of multi-party security while preserving privacy.
For more information, interested readers are referred to my personal blog at www.idcorner.org.
| Comments (0) |Ottawa to give police more power to snoop
posted by:Jennifer Manning // 10:21 AM // August 19, 2005 // Surveillance and social sorting
The Globe and Mail
Ottawa — The federal government will introduce legislation this fall that would give police and national security agencies new powers to eavesdrop on cellphone calls and monitor the Internet activities of Canadians, Justice Minister Irwin Cotler said yesterday.
The bill would allow police to demand that Internet service providers hand over a wide range of information on the surfing habits of individuals, including on-line pseudonyms and whether someone possesses a mischief-making computer virus, according to a draft outline of the bill provided to the Privacy Commissioner of Canada.
After a speech to a police association in Ottawa, Mr. Cotler confirmed that his government will soon bring "lawful access" legislation to cabinet for final approval before it is introduced in the House of Commons.
The minister said the law is needed to replace outdated surveillance laws that were written before the arrival of cellphones and e-mail.
"We will put law-enforcement people on the same level playing field as criminals and terrorists in the matter of using technology and accessing technology," he said.
"At the same time we will protect the civil libertarian concerns that are involved such as privacy and information surveillance,"the minister said.
Police groups say they are not asking for any new powers but rather the ability to continue their regular investigative activities in the digital age.
Clayton Pecknold of the Canadian Association of Chiefs of Police said police are working with laws originally written in 1974, a time when wiretapping involved climbing telephone poles.
"The laws were written for a wired world as opposed to the wireless world," he said. "We are not asking that we be given any powers without a court order."
But critics who have been involved in private consultations with the government are expressing concern that the proposed law goes too far and could ultimately be used to nab Canadians as they engage in relatively minor offences such as downloading music, movies and computer software without paying for them.
The law would force Internet service providers to retain records on the Internet use of its clients in such a way that it can be easily retrieved by police, doing away with the need in many cases to seize an individual's computer as part of an investigation.
In her submission to the government earlier this year, Privacy Commissioner Jennifer Stoddart concluded that Ottawa and the police have not provided enough justification to warrant such a law.
"We remain skeptical about the need for these potentially intrusive and far-reaching measures," she wrote. Ms. Stoddart noted the law could give police access to global-positioning-system data from cellphones combined with electronic banking data that could allow the government to track an individual's every move.
"The digits we punch into a modern telephone do not just connect us to another party, they can also reveal our financial transactions, PIN numbers and passwords, or even health information." Michael Geist, a University of Ottawa law professor who took part in the consultations, said the proposed law goes "well, well beyond" updating references to analog technology. "For individual Canadians, this is an issue that should attract enormous interest because it fundamentally reshapes the Internet in Canada, creating significant new surveillance powers," he said.
Alex Swan, a spokesman for Public Safety Minister Anne McLellan, who will be introducing the bill, said the new law will not add any new offences to the current list in the Criminal Code that can be used to justify a wiretap.
While that list of more than 100 crimes does include a host of sections dealing with terrorism and organized crime, it also includes theft, mischief and keeping a gaming or betting house.
Mr. Swan said judicial oversight will prevent police from using the new surveillance law for minor offences, as will the cost involved in using such surveillance methods.
NYC wants to track diabetics
posted by:Marty // 11:49 AM // August 14, 2005 // Surveillance and social sorting
New York City recently proposed a new plan to track diabetic New Yorkers. The plan would call for area medical labs to report the results of a diabetes test that can indicate the effectiveness of a person's care. The program would flag patients whose care is lapsing and send notes to their doctors. It is then up to the doctor to follow through and contact the patient.
This article from the Associated Press, via the Seattle Times, provides us with soundbytes from two sides of this issue....
In this corner, we have the City of New York:
There will be some people who will say, 'What business of the government is it to know that my diabetes is not in control?' " said Dr. Thomas Frieden, the city's health commissioner.
The answer, he said, is that diabetes costs an estimated $5 billion a year to treat in New York and was the fourth leading cause of death in the city in 2003, killing 1,891 people.
By pinpointing problem patients, then intervening in their care, Frieden said the city can improve thousands of lives. "I don't think we can afford not to do anything," he said.
And in this corner, we have those with privacy interests in mind:
This isn't smallpox," said James Pyles, an attorney who represents health-care groups concerned with medical privacy. "The state, or the city in this case, does not have a compelling interest in the health of an individual that overrides that individual's right to privacy."
And in this third corner, we have the medical community:
Dr. Nathaniel Clark, vice president for clinical affairs of the American Diabetes Association, said the surveillance system could be a great tool for doctors who find it difficult to track patients over long periods. Currently, he said, people who aren't aggressive about their care can easily fall through the cracks. Some switch health-care providers, and many people living in poor neighborhoods where diabetes is common don't have a regular doctor.
Given the recent trend of security breaches, can such a database really be trusted? Does the end-goal truly justify such a program? Was this proposal drawn up based on a business case or on actual healthcare goals? Should government tracking be limited only to infectious diseases, or just to other major health epidemics? Or should all tracking be ruled out? Given that this program is not seeking healthcare data in the aggregate, but to target individual people, does the stepping on one’s privacy balance against the personal health handholding/looking out for you by the government?
What, I believe, is most compelling here is the issue of consent. Initially, at least, all patients will be flagged for the system. Only afterwards will they be able to opt-out. Think of the above questions, again, in light of a opt-out mechanism, do any of your opinions change? Is this a case of Government Knows Best?
http://seattletimes.nwsource.com/html/health/2002402162_diabetes26.html
Big Brother Wants to Be Diet Cop
posted by:Todd Mandel // 06:48 PM // July 29, 2005 // Surveillance and social sorting
Wired News reports that New York city offiicals have proposed to monitor people with Diabetes and by "intervening ever so slightly in their care", improve their level of care and general health. Privacy advocates have responded with criticisms that, unlike contagious diseases, Diabates only affects the individual and is an intrusive entry into people's personal lives. Read the full article at:
http://www.wired.com/news/medtech/0,1286,68301,00.html
| Comments (0) | | TrackBackLawful access or needless distress? How service providers feel about new high-tech surveillance proposals
posted by:Jennifer Manning // 05:07 PM // // Surveillance and social sorting
By: Mari-Len De Guzman
IT World Canada (22 Jul 2005)
In the so-called "lawful access" controversy in Canada there are almost as many sides as there are stakeholders.
The debate appears to pit law enforcement agencies here against privacy groups. Service providers – wireless, wireline and Internet – are caught somewhere in the middle, trying to juggle their twin responsibilities: ensuring subscriber privacy, while helping law enforcement catch crooks or terrorists.
Theoretically, "lawful access" refers to the legal intercept of communications, as well as search and seizure of information by Canadian law enforcement agencies. Under current criminal statutes, these seizures have to be authorized by law, usually a judicial order.
This, however, may not always be the case if the new "lawful access" proposals go through.
For instance, police, CSIS agents, and Competition Bureau agents would be empowered to obtain subscriber data – name, address, e-mail address, IP address – from telecommunications service providers (TSPs) upon mere request, without any judicial authorization or requirement for reasonable grounds to suspect wrongdoing.
In addition, TSPs would be subject to a "gag order" regarding such requests – namely, no disclosure of the content of the request, the information provided, or any other information regarding the provision of subscriber information to the police.
And it's more than ethical dilemmas that carriers have to contend with. There's the question of what compliance would cost them – in terms of money, technology and resources.
Counting the cost:
For instance, one proposal currently under review requires service providers to build into their networks communications intercept capabilities.
The question, of course, is who will foot the bill for doing that. For carriers and service providers, that's a vital issue. But until the proposed legislation provides more clarity in terms of the technology requirement, TSPs are not able to quantify the capital cost of lawful access compliance.
One thing may be certain though, according to David Elder, chair of the lawful access committee of the Canadian Association of Internet Providers (CAIP). Smaller Internet service providers (ISP) will be given "special considerations" when it comes to the carriers' financial obligations.
Click here for the article, and to see Jason Young on the cover.
Death and Identity
posted by:Shannon Ramdin // 05:07 PM // // Surveillance and social sorting
Following up on Ian's "Mainstreaming Verichip" post, there was recently an article in BBC news about using RFIDs to identify the dead. Verichip advocates argue that RFIDs could have helped identify victims of the Tsunami or London bombing.
Should privacy and identity be sacrificed for the sake of convenience?
| Comments (0) | | TrackBackFrisking the Machine
posted by:Jennifer Manning // 04:50 PM // // Surveillance and social sorting
From: Globe and Mail, by Jack Kapica
Microsoft is making new demands.
The software behemoth started a program on Monday that requires users of its Windows operating system to prove their copies are legitimate. If not, Microsoft will not let them get add-ons to Windows XP.
The program, called Windows Genuine Advantage, will frisk your machine to see if it's running an authentic version of Windows. If it detects a counterfeit copy, it will offer two options — users can fill out a piracy report, provide proof of purchase and send in the counterfeit CDs to get a free copy of Windows Home Edition or Windows Professional; or those who just submit a piracy report — telling when, where and from whom they got the software and send in the counterfeit copy — will get either version of Windows at half price.
In the spirit of further generosity, Microsoft will allow users of unauthorized Windows programs to install security-related updates, which are used to plug software flaws exploited by viruses and hackers.
Privacy advocates are looking at the situation closely, but aren't likely to find much beyond theoretical concerns. Microsoft has been collecting information like this for some time, starting with Service Pack 2 for Office 2000, when the company's then-new authentication system not only recorded your Office serial number, but also took a look at the hardware in your machine.
This time, the company seems to have broadened its list of things to look for, scanning your machine not only for product keys, software authorization codes and operating-system version, but also for details on the flow of data between the operating system and other hardware, such as printers.
This latest wrinkle has been tested as an option for the past 10 months on some 40 million users, Microsoft says, and it was such a success that the company has decided to drop the "option" part.
Microsoft has assured users that no personal data is being collected for the validation process, and information will remain completely anonymous. All that will happen is the user of the software in question will be denied upgrades.
This all sounds reasonable, even though the company is broadening its definition of what information it wants from PC users while much of the Western world is passing legislation designed to increase privacy protection in an increasingly digital world.
There are, however, legitimate concerns with Microsoft's actions, such as how the company will extract our consent to divulge the information (most complaints about privacy involve the issue of "valid consent," I'm told by Philippa Lawson, executive director of the Canadian Internet Policy and Public Interest Clinic). There are also concerns about how long Microsoft will keep the information, and whether the company might decide to use that information in the future for purposes not outlined (or even foreseen) in the current agreement.
But I will assume for the moment that Microsoft's intentions are beyond reproach. That leaves me with other concerns.
First, this validation process is being done in the name of stopping software piracy, which is a very real concern in the digital age, especially with the level of mass piracy in the Asia-Pacific region, Eastern Europe, the Middle East and other places. But I have long suspected that the Business Software Alliance, an industry group against software theft, has greatly inflated the dollar value of corporate losses. The BSA — and the Canadian Alliance Against Software Theft, its counterpart here — has issued press releases for some years estimating colossal economic losses to piracy; all appear to operate on the assumption that every piece of pirated software represents a lost sale, and things like lost salaries of software salespeople are folded into the calculation, plumping up the outrage.
Yet much of what constitutes piracy in the more civilized corners of the world is largely the result of the atmosphere that computer users breathe. Software is constantly being upgraded and fixed, security holes are patched and new versions reissued so frequently that every piece of software ultimately behaves as though it's an unfinished version of what's to come next.
It has become an act of courage and expense to upgrade our software — especially operating systems — and wary buyers have come to see themselves as beta testers, always waiting for a finished version. So they approach buying software differently from, say, the way they buy TV sets, which do not need weekly visits to the repair shop. People are naturally chary of spending large sums of money on software that will offer them an unending string of security holes to patch, and then be urged to upgrade entirely within a year or two.
If software companies want to cut piracy, their strategy should include finishing their products, and not treating their customers so cavalierly or so carelessly. That way, buyers might start to consider software as something of value that they're investing in, rather than as a half-baked "beta" product that happens to come in a box.
My other concern is that Microsoft is, after all, a member of the BSA, which includes Adobe, Apple, Autodesk, Avid, Bentley Systems, Borland, Cadence, Cisco Systems, CNC Software/Mastercam, Dell, Entrust, HP, IBM, Intel, Internet Security Systems, Macromedia, McAfee, Inc., PTC, RSA Security, SAP, SolidWorks, Sybase, Symantec, UGS Corp. and Veritas Software, which merged with Symantec earlier this year. BSA members finance anti-piracy strategies, and presumably share the information collected.
Is Microsoft sharing the information it collects using Windows Genuine Advantage with other members of the BSA? The company hasn't said, although I'd be surprised if Microsoft didn't share it with its worthy allies. At least we should know about it, and have the member companies listed in any agreement we are asked to make.
Perhaps the BSA should spend more effort earning the respect of its customers before frisking us all as though we are thieves.
MAINSTREAMING VERICHIP
posted by:Ian Kerr // 10:01 AM // // Surveillance and social sorting
those who have been following this blog will know of my concern about an uncritical mainstream adoption of human microchip implantation.
in this context, it has been interesting to watch the verichip go mainstream. but when the chief information officer at the
harvard cinical research institute and one of america's best known bioethicists downplay the privacy considerations, i start to get a bit concerned...
john halamka, an emergency physician and chief info officer, has had a verichip on his shoulder (well, close enough...) for some time now. recently, he was reported as saying: "If a chip could also serve as a GPS, reporting my location, or act as an emergency transponder, requesting rescue, I would definitely upgrade". halamka has made quite a name for himself touting the chip. this week, he published on the subject in the new england journal of medicine.
bioethicist arthur caplan also expressed an interest in the verichip as a medical device. according to caplan:
"You are more likely to die or be harmed by lack of medical information about you than by people knowing too much about your medical information," he says. "In an emergency, it's important for doctors to know what your allergies and medical problems are, who your relatives are and how to reach them, your blood type, and so on."
today caplan was reported as describing those who distrust this application of rfid technology in the following way:
"The idea of putting something in your head or in your arm frightens people and stirs up privacy worries, even if they don't make a lot of sense," he says. "Americans have an almost obsessive drive to protect their personal privacy."
Q - am i "obessed" if i want us to slow down and critically evaluate the implications of implanting devices that can be used to create unique identifiers for individuals and link them to networks of various sorts prior to any decision to adopt them in sensitive areas such as the healthcare setting?
i get it when halamka says that it is easier for emergency docs to do their jobs when they don't have to rely on patients to give them vital information. but isn't it obvious that there is more at play here? wouldn't it also be easier for subway security to do their jobs on the same basis?
what do others think?!
| Comments (2) | | TrackBackPrivacy vs. Security
posted by:Rafal Morek // 05:14 PM // July 27, 2005 // Surveillance and social sorting
Last week a CBC journalist was stopped by a security guard while on her way to buy a tea at Starbucks on the ground floor of an office building in Ottawa. She was asked to submit to a random bag search. When she refused, the guard let her carry on, but it sparked an interest on her part in increasing intrusions into personal privacy, allegedly over concerns about national security. The CBC interviewed Daphne Gilbert this morning on the incident. If you want to listen to the interview (about nine minutes), you can find it under CBC Ottawa Morning Top Story (for Wednesday). It will stay on the site until Tuesday, August 2nd. Daphne made the point that people should be concerned about security searches like this one, and that we as a society should be wary of our decreasing expectations in privacy.
| Comments (0) | | TrackBackOn the Bookshelf - Judge Posner and 9/11
posted by:Marc Rotenberg // 10:12 PM // July 19, 2005 // Surveillance and social sorting
For a person who has struggled a bit with the demands of acadamic writing, contemplating the work of Judge Richard Posner is a bit like imagining that one's notepaper doodles are going to end up in the Louvre. It isn't going to happen. He is in one world, the rest of us in another. Judge Posner can probably write faster than most people can read. And he probably writes as frequently as most people breathe.
But among all of Judge Posner's writings, one of the most provocative was surely his review of the 9-11 Commission report for the New York Times Book Review. Posner, who obviously ignores the political memos and talking points that are widely circulated in Washington in case anyone forgets what to say when there is dead air time, put forward the radical views that (1) the 9-11 terrorists outsmarted us, (2) terrorists will outsmart us in the future, and (3) the radical restructuring of the US intelligence community (which is to say, the consolidation and centralization of decisionmaking authority) may not have been the smartest move if our concern is with a nimble and determined enemy.
I haven't finished Posner's book, which elaborates on the NY Times essay, but I was thinking about it last week when I attended a briefing for the new Homeland Security Secretary Michael Chertoff at the Ronald Reagan building in downtown Washington (surrounded by the national security community and various federal contractors, I had a Hunter Thompson moment and joked with the FBI field agents seated next to me. Btw, a Blackberry 7290 appears to be standard issue for those defending the homeland from foreign threats and charges for extra minutes.)
Posner is, of course, also the father of the law of economics movement (to every social problem, there is an equation that defines risk, reward, cost and benefit, and whether to split 5's if the dealer is showing an 8. Answer: Don't do it). And to Posner, and apparantly to the new Secretary of Homeland Security, the problem of defending against terrorists comes down to ecomomic analysis. Sure, 40 people might die in a subway station, but subway cars don't fly into office buildings. So, we should be more concerned about security for airplanes than for the metro. I won't go into all the federal/state politics that may also be at issue, but needless to say, the states are on their on when it comes to future terrorist threats.
I'm not a huge fan of Posner. He sure can write a lot. And he has said some interesting things about privacy. (In a 1978 law review article, he wrote about mailing lists, Coase, and opt-in v. opt-out. In the Economic of Justice (1982), he gave us a nice instrumental argument for confidentiality. And he's written some remarkable privacy opinions as a federal appellate judge in the last few years.) But the problem with economics is that everything is up for sale. Including individual rights. Let's say we had an equation which said that we could increase public safety by 10% if we diminished personal freedom by 10%. How much freedom would you trade? What if you could gain a 10% increase in safety with only a 5% sacrifice in personal freedom? If you accept my premise that you can trade freedom for safety, I suspect there is some number where you would say "ok." But what if I suggest that your freedom helps ensure your safety? That open government, privacy protection, respect for the rights of the individual actually promotes public safety? What become of our economic analysis? I'll say more about this in a later post, but consider the lessons we might draw from the terrible tragedy in London. The most surveilled city in the world was also the site of one of the most significant terrorist attacks that ever occurred. Is surveillance the solution?
| Comments (0) | | TrackBackA Pass on Privacy?
posted by:Jennifer Manning // 11:33 PM // July 18, 2005 // Surveillance and social sorting
New York Times Magazine, July 17 2005
Christopher Caldwell
Anyone making long drives this summer will notice a new dimension to contemporary inequality: a widening gap between the users of automatic toll-paying devices and those who pay cash. The E-ZPass system, as it is called on the East Coast, seemed like idle gadgetry when it was introduced a decade ago. Drivers who acquired the passes had to nose their way across traffic to reach specially equipped tollbooths -- and slow to a crawl while the machinery worked its magic. But now the sensors are sophisticated enough for you to whiz past them. As more lanes are dedicated to E-ZPass, lines lengthen for the saps paying cash.
IDENTITY IMPRINT
The case for "implantable personal verification systems":
"Once implanted just under the skin, via a quick, simple and painless outpatient procedure (much like getting a shot), the VeriChip can be scanned when necessary with a proprietary VeriChip scanner. . . . VeriChip is there when you need it. Unlike traditional forms of identification, VeriChip can't be lost, stolen, misplaced or counterfeited."
Source: VeriChip Corporation
E-ZPass is one of many innovations that give you the option of trading a bit of privacy for a load of convenience. You can get deep discounts by ordering your books from Amazon.com or joining a supermarket ''club.'' In return, you surrender information about your purchasing habits. Some people see a bait-and-switch here. Over time, the data you are required to hand over become more and more personal, and such handovers cease to be optional. Neato data gathering is making society less free and less human. The people who issue such warnings -- whether you call them paranoids or libertarians -- are among those you see stuck in the rippling heat, 73 cars away from the ''Cash Only'' sign at the Tappan Zee Bridge.
Paying your tolls electronically raises two worries. The first is that personal information will be used illegitimately. The computer system to which you have surrendered your payment information also records data about your movements and habits. It can be hacked into. Earlier this year, as many as half a million customers had their identities ''compromised'' by cyber-break-ins at Seisint and ChoicePoint, two companies that gather consumer records.
The second worry is that personal information will be used legitimately -- that the government will expand its reach into your life without passing any law, and without even meaning you any harm. Recent debate in Britain over a proposed ''national road-charging scheme'' -- which was a national preoccupation until the London Tube bombings -- shows how this might work. Alistair Darling, the transport secretary, wants to ease traffic and substitute user fees for excise and gas taxes. Excellent goals, all. But Darling plans to achieve them by tracking, to the last meter, every journey made by every car in the country. It seems that this can readily be done by marrying global positioning systems (with which many new cars are fitted) with tollbooth scanners. The potential applications multiply: what if state policemen in the United States rigged E-ZPass machines to calculate average highway speeds between toll plazas -- something easily doable with today's machinery -- and to automatically ticket cars that exceed 65 m.p.h.?
There is a case to be made that only a citizenry of spoiled brats would fret over such things. Come on, this argument runs, anyone who owns an anti-car-theft device -- LoJack in the United States or NavTrak in Britain -- is using radio tracking to make a privileged claim on government services. If your LoJack-equipped Porsche is stolen, you can call the local police department and say, in effect, ''Go fetch.'' Stolen cars with such devices are almost always recovered. Car theft has fallen precipitously, which benefits us all.
For some time, the United States has required commercial trucks to register their mileage and routes. Last year, Germany initiated a new, more efficient G.P.S.-based truck-tracking system that seems intrusion-proof. Authorities discard the records after three months, which means they can't use them to arrest criminal truckers or dun deadbeat ones. Can such forbearance last?
In Germany, where history makes lax surveillance seem the lesser evil, yes. But not in the United States. Since the Warren Court, voters have, again and again, risen up against any libertarian trammeling of government in its fight against crime. People waver on whether to trade privacy for convenience, but they're pretty untroubled about trading privacy for security. On occasion, E-ZPass records have been used to track down criminal suspects.
When such crime-fighting aids are available, people clamor for them. In October, the F.D.A. approved, for medical use, the VeriChip, a device the size of a grain of rice. It can be implanted under a patient's skin and activated to permit emergency personnel to gain access to personal medical records. It's extremely useful when patients are unconscious, but there is a suspicion that the real application lies elsewhere. Similar devices can easily be fitted with other types of transmitters. ''Active'' implants are already being put to other uses: to trace livestock and lost pets and, in Latin America, to discourage kidnappings. Those who can put two and two together will find this VeriUnsettling. Monitoring can quickly change from convenience to need. Would you support a chip-based security system for nuclear power plant employees? If you were in the Army Special Forces, wouldn't you want a transmitter embedded in you?
In more and more walks of life, if what you want to do is not trackable, you can't do it. Most consumers have had the experience of trying to buy something negligible -- a pack of gum, say -- and being told by a cashier that it's impossible because ''the computer is down.'' It now seems quaint that after the Oklahoma City bombing in 1995, Congress argued over whether ''taggants'' should be required in explosives to make them traceable. Today everything is traceable. Altered plant DNA is embedded in textiles to identify them as American. Man-made particles with spectroscopic ''signatures'' can be used, for example, as ''security tags'' for jewels. The information collected about consumers is the most sophisticated and confusing taggant of all. It is a marvelous tool, a real timesaver and a kind of electronic bracelet that turns the entire world into a place where we are living under house arrest.
PRIME RELEASES WHITE PAPER
posted by:Ian Kerr // 11:30 AM // // Surveillance and social sorting
many of those following the work of the On the Identity Trail project will know about PRIME (Privacy and Identity Management for Europe).
the PRIME project proposes building a user-controlled system for managing identities, positioning the relevant actors and their technology platform. the platform, they hope will address "the full range of needs of the users and privacy law."
in a recently released white paper, the PRIME consortium fosters debate on the privacy issues, seeking to build a consensus regarding acceptable solutions.
i'd be curious to hear what people think of the white paper....
| Comments (1) | | TrackBackbiometrics in airline tickets touted as making 'the process quicker'
posted by:Dina Mashayekhi // 06:17 PM // July 07, 2005 // Surveillance and social sorting
nice of them to do this just to make things more convenient for us -- heck i'll give 'em my dna so i can wait in line 2 minutes less.
i just wonder -- how long will the line take to encode your ticket with fingerprint data...
Airline tests biometric tickets
BERLIN (AP) -- The German airline Lufthansa has started testing tickets encoded with passengers' thumbprint data in hopes of speeding up check-ins without compromising security.
The 14-day trial started Monday with Lufthansa employees trying out the system, spokesman Thomas Jachnow said. If all goes well, the airline wants to roll it out in 2006.
Though people will still be able to check in for flights using the "classic system," the voluntary use of biometric data would make the process quicker, Jachnow said.
Passengers would get tickets encoded with their thumbprint data, then check themselves in by placing their thumbs on a machine. Frequent fliers would have their thumbprint data encoded on their frequent flier cards instead of their tickets, Jachnow said.
The German government is also starting to make use of biometric data in travel documents and will start issuing passports embedded with facial data in November. A fingerprint will be added in March 2007.
From Canoe
| Comments (3) | | TrackBackKeystroke logging a no-no in Alberta
posted by:Jennifer Manning // 07:44 AM // // Surveillance and social sorting
Wednesday, July 6, 2005
Canadian Press
Lacombe, Alta. — A Privacy Commissioner's ruling against an Alberta library that electronically monitored an employee's computer use means employers have lost one objective way of measuring workers' performance, says the library's director.
Patricia Silver, director of the Parkland Regional Library, ordered the installation of keystroke logging software on the computer of an employee whose productivity was questioned.
When the employee discovered that he had been monitored, he lodged a complaint with Alberta's information and privacy commissioner.
In a decision released last week, Commissioner Frank Work ruled that the library collected personal information about the employee in contravention of the Freedom of Information and Protection Privacy Act.
The employee, who was not named, worked as a computer technician for six months in 2004. Ms. Silver said it was a job where productivity was hard to measure.
“We thought that using an objective check through the computer would be the most fair and objective way to do that,” she said Wednesday.
“If you have something like a cataloguing clerk, if they only catalogue one book a day, you notice. If they catalogue 100, you notice. With that kind of job, it's easy to say either ‘You're doing great work' or ‘You need to be more productive' or whatever. But that's not true of all the areas of our operation.”
Ms. Silver disputed Mr. Work's finding that the library collected personal information on the employee, saying managers never looked at any of the computer files that were logged. She said she believed the keystroke logging would be allowed under a clause in the act that permits collection of information that is necessary for an operating program or activity of a public body.
“Mr. Work felt that it was too intrusive on the employee, and certainly we accept his interpretation and would abide by it in the future,” she said.
“But beyond our case, it raises the question of how do you look at people's productivity and the quality of their work in certain occupations where it's hard to tell, given the technology nowadays?
“We are responsible for taxpayers' money in our organization and we do like to think we give good value in terms of productivity of our staff. So I think that remains a question.”
Mr. Work said the library could have used “less intrusive means” to get the information needed to manage the employee.”
He noted that other library information technology employees weren't similarly monitored.
“This lack of even-handedness further undermines the public body's explanation for the collection,” Mr. Work said.
He dismissed an argument from the employee that the collected information had not been adequately protected.
Mr. Work said he didn't have the jurisdiction to rule on whether or not the employee was dismissed as a result of his complaint. Ms. Silver confirmed the employee no longer works at the library but said his departure had nothing to do with the privacy complaint.
U.S. General Accounting Office Issues RFID Report
posted by:Marty // 04:21 PM // June 19, 2005 // Surveillance and social sorting
A little late than never...
The U.S. General Accounting Office (GAO), Congress's oversight body, issued its report on the promise and perils of RFID use by the U.S. Federal Government, in May, 2005 (see "Information Security: Radio Frequency Identification Technology in the Federal Government"). The report highlights the use, or planned use, of RFID technology by Federal agencies. Moreover, the report makes the following findings regarding privacy and security of information:
Of the 16 agencies that responded to the question on legal issues associated with RFID implementation in our survey, only one identified what it considered to be legal issues. These issues relate to protecting an individual’s right to privacy and tracking sensitive documents and evidence.
Several security and privacy issues are associated with federal and commercial use of RFID technology. The security of tags and databases raises important considerations related to the confidentiality, integrity, and availability of the data on the tags, in the databases, and in how this information is being protected. Tools and practices to address these security issues, such as compliance with the risk-based framework mandated by the Federal Information Security Management Act (FISMA) of 20023 and employing encryption and authentication technologies, can help agencies achieve a stronger security posture. Among the key privacy issues are notifying individuals of the existence or use of the technology; tracking an individual’s movements; profiling an individual’s habits, tastes, or predilections; and allowing secondary uses of information. The Privacy Act of 1974 limits federal agencies’ use and disclosure of personal information,4 and the privacy impact assessments required by the E-Government Act of 2002 provide an existing framework for agencies to follow in assessing the impact on privacy when implementing RFID technology.5 Additional measures proposed to mitigate privacy issues, such as using a deactivation mechanism on the tag, incorporating blocking technology to disrupt transmission, and implementing an opt-in/opt-out framework for consumers remain largely prospective.
Supply & Deman Chain Executive, features this article, which offers a deconstructive view of the GAO's report.
The GAO report is flawed and provides a relatively unfavorable, potentially damaging view of RFID. The report cites several security-related issues that RFID can present, such as tracking individual movements, preferences, confidential personal information, etc. The report also suggests that interest from government officials in RFID is increasing, especially as costs fall and application uses expand. To compile the report the GAO focused on responses received from a variety of government agencies — 24 in total — including, the departments of State, Energy, Homeland Security, Labor and others.
As always, there are multiple views to every story.
beginning of the end of 'anonymous' use of public transit in the GTA
posted by:Dina Mashayekhi // 08:49 AM // June 15, 2005 // Surveillance and social sorting
- see article below..
- i tried to find more information but these questions remained unanswered -- will cash fares increase thus inducing people to go with the smart card?
- where/how will personal info, travel histories be tracked/stored, who has access?
- the brief privacy notes on the mto page say that a person can still use the system without providing personal info "however some personal data will be required if riders want to make pre-authorized payments, protect their cards against loss or theft or obtain concession fares."
- a pilot project has been in place w/ the use of smart cards in some go transit corridors since 2001, haven't found much privacy related info -- atip possibility?
From the Globe and Mail:
TORONTO — The Ontario government is planning to bring in a single pass system for public transit in the Greater Toronto Area.
The unified-fare card will be good on GO Transit and seven local systems in the region.
The card, announced by Transportation Minister Harinder Takhar, will likely be available in early 2007.
Mr. Takhar says riders won't have to search for exact change, buy tickets or carry different passes to travel on the different transit systems.
Brampton, Burlington, Hamilton, Mississauga, Oakville, Toronto and York Region have all signed on to develop the integrated-fare system.
The plan is expected to be fully in place from Hamilton to Whitby by 2010.
"Creating a transit culture in this province means using the latest technology to improve transit service," Mr. Takhar said.
"The possibilities for this card are endless. In Hong Kong, for example, transit-fare cards can also be used at parking facilities, fast food outlets and vending machines."
| Comments (0) | | TrackBackif you think 'chipping' granny might be too invasive, here's your alternative
posted by:Dina Mashayekhi // 10:55 AM // June 14, 2005 // Surveillance and social sorting
The new geopositioning phone-bracelet detects any departure from a security zone surrounding the residence
The Canadian company Medical Intelligence has developed a bracelet for Alzheimer's patients that can message key people via a GSM network when a patient wanders out of a "secure zone" as monitored via A-GPS. The rate of Alzheimer's patients that "wander" or "stray" is almost 60%, with a high death rate when they are not found quickly. The innovation introduced today is a definitive solution to the problems that families, caregivers and police authorities must deal with.
Columba, the new geopositioning phone-bracelet, required three years of research and development. Louis Massicotte, founding president of Medical Intelligence, had the idea of creating the bracelet after the repeated wanderings of his own mother, who suffers from Alzheimer's.
To prevent any disappearance, the Columba bracelet automatically detects any departure from a security zone surrounding the residence or nursing home. The "zone" is pre-determined by the patient's family or caregiver. The Columba then alerts a medical assistance centre that promptly contacts the family or caregiver to coordinate assistance efforts.
If required, the medical assistance centre, which operates 24-7, can accurately geoposition the bracelet wearer and establish audio communication using Columba's "handsfree" feature.
The Columba has a GPS-Assisted positioning system, a GSM/GPRS transmitter/receiver with a SIM card for voice and data, and an intelligent alert detection system.
The very first implementation of the system will take place this summer in Paris at the Medidep Brune nursing home, and use the Orange phone network.
Nearly 800,000 people suffer from Alzheimer's in France, three-quarters of whom are in a home-care situation. Alzheimer's affects close to 10% of the population over the age of 65.
"To successfully keep Alzheimer's patients in the home, we must do our utmost to guarantee their safety", says Dr. Stephane Bergeron, President and CEO of Medical Intelligence. "In order to responsibly secure the patient's environment, without restricting or isolating him or her, we must be alerted at the very beginning of an instance of wandering or running away. The Columba bracelet ensures such security and enables,, when required, the geopositioning of the wearer. You can even speak with him because the phone-bracelet is connected to the Orange network and includes a "handsfree" phone feature."
"Orange has supported the development of this product for the last two years, and we are pleased to see that our mobile phone network can make an effective contribution to patients' security and well-being. We are proud to contribute to the introduction of an innovative mobile service that responds to a major public health problem. The Columba phone-bracelet provides its wearer with a "lifeline", giving him more freedom and more security," stated Jean-Noel Tronc, Director of Strategy at Orange.
The Columba phone-bracelet is expected to be available in drugstores before the end of 2005.
Found at http://www.pcscanada.com/newsstory_details.asp?id=1470&type=
Read the Press Release
| Comments (0) | | TrackBackconsumer profiling gets in your head
posted by:Dina Mashayekhi // 06:54 PM // June 13, 2005 // Surveillance and social sorting
Marketers try high-tech tool to push brain's 'buy button'
Marketers are trying to use brain scans to convince consumers to buy their product, although scientists say the approach may not be ready to be applied.
Peering into someone's brain seems like it may have its benefits for marketers, who aim to find out whether consumers will like a product.
"If you knew exactly how they were hearing your messages, clearly you can choose the best way of making that message to them," said Barry Welford, president of Strategic Marketing Montreal.
Brain scan technology, such as functional MRIs, shows which parts of the brain are activated by impulses. Some marketers theorize that since the scans suggest positive or negative reactions, the technology can help them to fine-tune their message.
"Right now, media tools are pretty much limited in terms of how to reach people," said Fred Auchterlonie, vice-president of PHD Media Canada, one of the first companies to use the technique in Canada. "Really what we're trying to get at is how to influence them. But the technique is not cheap."
A single experiment with at least 12 subjects could cost as much as $7,500.
Continued at CBC News
| Comments (0) | | TrackBackGoogle's memory stirs privacy concerns
posted by:Jennifer Manning // 10:50 PM // June 06, 2005 // Surveillance and social sorting
When Google's 19 million daily users look up a long-lost classmate, send email or bounce around the web more quickly with its new Web Accelerator, records of that activity don't go away.
In an era of increased government surveillance, privacy watchdogs worry that Google's vast archive of internet activity could prove a tempting target for abuse.
Like many other online businesses, Google tracks how its search engine and other services are used, and who uses them. Unlike many other businesses, Google holds onto that information for years.
Some privacy experts who otherwise give Google high marks say the company's records could become a handy data bank for government investigators who rely on business records to circumvent Watergate-era laws that limit their own ability to track US residents.
At a time when libraries delete lending records as soon as a book is returned, Google should purge its records after a certain point to protect users, they say.
"What if someone comes up to them and says, 'We want to know whenever this key word comes up?' All the capability is there and it becomes a one-stop shopping centre for all these kinds of things," said Lauren Weinstein, an engineer who co-founded People for Internet Responsibility, a forum for online issues.
Click here for the rest of the article.
| Comments (0) | | TrackBackPharming and other security woes hector VoIP
posted by:Jennifer Manning // 10:17 PM // // Surveillance and social sorting
From: CNET.com
There are few clearer signs that an