The New York Times (registration required) has a very interesting article on why there have been so many more high-profile breaches of privacy in the US than in Europe.
The clever title, "Europe Zips Lips; US Sells ZIPs" does give away the author's main argument: In Europe, citizens have strong laws protecting the privacy of their data. In contrast, in the US, different types of data are protected in different ways, state laws vary widely, and there is no federal agency with a clear mission to protect citizen privacy.
Business Week has an in-depth article on new surveillance technologies that are being deployed in all walks of life -- health care, anti-terrorism, inventory control, and more.
Has Big Brother truly arrived? What are the consequences?
The article includes a disturbing story about the vigilante mob reaction that took place after a South Korean woman failed to clean up after her dog when it relieved itself on the subway. A fellow passanger snapped a picture with a camara phone, and the image was suddenly in wild circulation.
Not to excuse her behavior, but national humiliation seems like an excessive response to not cleaning up after your dog. A fine or X hours of community service, ideally cleaning up after other people's dogs, seems more appropriate.
According to EPIC, these kinds of companies sell not only addresses and telephone numbers, but cell phone numbers & records, including locations where cell calls were placed, and the real identities of people using sites like Match.com and FriendFinder.com.
Creepy! Having the police be able to subpoena cell phone location information or records from a subscription site as part of a specific investigation is one thing -- but this is just scary. But "here's $50, tell me if my employee/boss/wife/neighbor is listed on Match.com?" That seems really invasive to me.
Wired.com has put together a handy FAQ on ID Theft; what is it, how it works, and what you can do about it. It doesn't answer every question you may have, but provides a good introduction to the topic and suggests a number of real-world ideas you can do to help keep yourself safe. Topics include:
• How do thieves get information to use my credit card or steal my identity?
• How will I know if my identity has been stolen?
• If someone charges my card will I have to pay for the items they buy?
• What should I do if my wallet or purse is lost or stolen?
• What can I do to prevent myself from becoming a victim?
Based on recent findings by Secunia Research, we may be susceptible to yet another scheme to get our personal info.
Through a vulnerability affecting every mainstream browser on PCs and Macs, malicious Web sites are able to spoof dialog boxes—even while you’re surfing a trusted Web site such as your bank. The problem? Javascript dialog boxes don’t display or include their origin. So even the savviest among us might be tricked into opening a malicious link or providing sensitive info such as passwords.
Is your browser vulnerable? Secunia offers a simple test here. Or read more about it from PC World.
Are you confused by the seemingly random, but always frighteningly large, numbers of "potential victims" listed in the recent news reports about security breaches related to credit card companies?
Privacy Advocate Evan Hendricks and Law Professor Susan Crawford discussed these identity theft issues and addressed that confusion on the NewsHour with Jim Lehrer on Monday.
Federal Trade Commission offers free credit reports
One way to ensure that you haven't been victimized by identity theft is to regularly check your credit report for unauthorized accounts.
The Federal Trade Commission is now making it possible for consumers to get a free credit report every year from each of the three major credit reporting agencies.
The program is being rolled out in stages for residents of the following states:
Dec. 1, 2004: Alaska, Arizona, California, Colorado, Hawaii, Idaho, Montana, Nevada, New Mexico, Oregon, Utah, Washington, Wyoming. March 1, 2005: Illinois, Indiana, Iowa, Kansas, Michigan, Minnesota, Missouri, Nebraska, North Dakota, Ohio, South Dakota, Wisconsin. June 1, 2005: Alabama, Arkansas, Florida, Georgia, Kentucky, Louisiana, Mississippi, Oklahoma, South Carolina, Tennessee, Texas. Sept. 1, 2005: Connecticut, Delaware, Maine, Maryland, Massachusetts, New Hampshire, New Jersey, New York, North Carolina, Pennsylvania, Rhode Island, Vermont, Virginia, West Virginia, Washington, DC.
But even if a phisher has a "full," the real work has yet to begin. The goal of most phishers is to use the information they glean to withdraw money from your bank account. Western Union is one way. Another is making a fake ATM card using a blank credit card and a special magnetic stripe reader/writer, which is easy to purchase online.
According to News.com, the US Department of Justice is considering a new data retention requirement for ISPs. The DOJ is reportedly considering a requirement that all ISPs retain records such as logs of e-mail, web traffic, chatroom activity -- and although the article doesn't say so, presumably download activity that passes through the ISP's bandwidth -- for at least two months.
That would be a massive change for most ISPs. I don't know the details of how EarthLink's handles these kinds of data right now, but our Civil Subpoena Policy says that they aren't routinely kept. In order to store that much data for that long, any ISP would need dozens, maybe hundreds, of computers devoted to that purpose.
According to the article:
At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation.
Google Lets You Search Your Search History from Anywhere
A new beta product, My Search History, will allow registered gmail and google users to check their search history from any computer, so long as they are logged into their google account.
It's an interesting idea -- if you regularly look for the same or related items, it might be nice to go back and find the same results you found on Tuesday.
But it is a little creepy, like the eerily-appropriate text ads that appear next to open mail messages in gmail.
I'm not sure I want my web searches following me around. Even the innocuous ones. And in MY JOB, you can bet I'm never going to log in to google and track my work searches. You DON'T want to know what kind of searches a Parental Controls product manager sometimes has to do. But I promise you, I don't want it to follow me home or to expose the gory details to my family.
Les Seagraves, Executive Editor EarthLink's Chief Privacy Officer, Les Seagraves, serves as Executive Editor of the Protection Blog. Les is a general counsel with EarthLink's legal department, where he leads the legal battle against spam and fraud. He's a frequent speaker for trade groups, conferences, continuing legal education and college classrooms. A true technology lawyer, Les has testified in congress and consulted with federal and state legislators on privacy, spam and other areas of technology law.
Mike Strutton As the Director of Product Management for EarthLink's Software Products, Mike has been engaged with many of EarthLink's protection products, aka The Blockers, as well as TotalAccess for Windows and Mac. Mike has been with EarthLink for over 10 years and has over 12 years of internet experience. Mike is an avid fan of the Apple Macintosh, but don't let that fool you, while he totes his Powerbook everywhere, he surrounds himself with 3 Dells in his office and 3 more at home.
Stephen Currie EarthLink's Director of Product Management for Communication Products is Stephen Currie, who oversees the EarthLink mail client, including the development and implementation of email tools like EarthLink spamBlocker. Stephen has also represented EarthLink at industry coalitions aimed at eradicating spam and other Internet abuse, and his expert opinion on spam has been featured in national media coverage.
Scott Mecredy A Senior Product Manager for Protection Software at EarthLink, Scott Mecredy has been developing consumer software for over 7 years. An industry thought leader (place pointer finger on chin and look longingly into space), he helped create ScamBlocker, the first comprehensive Phisher protection product available in the market. Scott's a Rock Star (in his own mind), and lives for one thing: a successful software launch.
Liza Barry-Kessler EarthLink's Senior Product Manager for Parental Controls. Although new to EarthLink, Liza is ancient in "internet years" having been online since 1987. She began her career in Parental Controls as a First Amendment lawyer at the Center for Democracy & Technology (www.cdt.org), where she was part of the team that launched the industry-wide internet-safety and privacy initiative, GetNetWise, in 1999.
Liza is also a nationally recognized expert on web filtering and internet privacy issues, both in the home and in school and library environments, and is co-author of the book "Privacy in the 21st Century: Issues for Public, School, and Academic Libraries," forthcoming from Libraries Unlimited publishers in June 2005.
