Could Iris Scanners Replace Our Wallets?: Via Kashmir Hill - The Not-So Private Parts - Forbes.

Austin Carr at Fast Company sprinkled references to The Minority Report throughout his article on iris scanners in Leon and ominously ended his piece  with, “Goodbye 2010. Hello 1984,” tapping neatly into fears of Big Brother and an omniscient “other” monitoring all that we do. Perhaps it’s a little too neat. Is it possible that iris scans could actually provide us with more privacy in our day-to-day lives?

I had an interesting conversation with Global Rainmakers Inc’s COO Jeff Carter about this contrarian take on a world in which we’re identified and tracked by iris scans…

Fear of living in a surveillance society increasingly seems laughable given the way that we live today. We obsessively update profiles on social networking sites and résumés on LinkedIn. We carry GPS devices in the forms of smartphones around with us, and voluntarily broadcast our movements and locations on Foursquare and, more recently, Facebook Places. We let shopping loyalty programs track what we buy. More and more, it seems that convenience trumps privacy concerns in the choices that we make. [ Read more ... ]

Advertisers get hands stuck inside HTML5 database cookie jar: Via ArsTechnica.

It's because of this behavior that some of our readers drew our attention to something called RLDGUID, a Safari database that has been popping up more and more on iOS devices. What is it, who put it there, and what purpose does it serve? The company behind this database, Ringleader Digital, is basically using some of the modern HTML5 capabilities of mobile browsers to perform the same tasks as a traditional cookie, but out of sight of most users. We decided to dig in and see what RLDGUID is all about, and what we found was sometimes confusing. More importantly, however, it highlights why users should be made more aware of what their browsers are storing about them.  [ Read more ... ]

Exposed student data leaves prying eyes wide open: Via City College News at Minneapolis Community and Technical College.

Names, work-study information and student IDs left open for all

An online MCTC directory left sensitive student data and internal documents accessible to the prying eyes of anyone with an Internet connection since at least the summer of 2006, according to an investigation by City College News.

Besides annual accounts-receivable reports and salary rosters, a database spanning the last several years of work-study records contained the names of students, their student ID numbers, the amount which they were awarded and the amount which they had earned, sorted by department. [ Read more ... ]

Would you pay for a cooler, less creepy Facebook?: Via The Register(UK).

Big Chill founder launches a members' social network

Sick of creepy, unaccountable social networks that are little more than hoarders and traders of personal information? Pete Lawrence, founder of the Big Chill Festival is too, and will today unveil his plans a member-supported service.

Now you might expect a new "crowdfunding" initiative to get the usual short and brutal Reg treatment - but this one deserves to be taken seriously.

'We're a democratic member-owned co-op, bitch'
Firstly, because it's backed by Pete Lawrence, whose reputation as one of the most principled (and nicest) music entrepreneurs potentially brings a core audience. And secondly, because the time is right - with frustration at Facebook and the faceless data hoarders now quite palpable. Someone has to try something different - and a subscription model with voting rights means members actually care about the service. [ Read more ... ]

UAE Man-in-the-Middle Attack Against SSL: Via Schneier on Security.

Interesting:

Who are these certificate authorities? At the beginning of Web history, there were only a handful of companies, like Verisign, Equifax, and Thawte, that made near-monopoly profits from being the only providers trusted by Internet Explorer or Netscape Navigator. But over time, browsers have trusted more and more organizations to verify Web sites. Safari and Firefox now trust more than 60 separate certificate authorities by default. Microsoft's software trusts more than 100 private and government institutions.

Disturbingly, some of these trusted certificate authorities have decided to delegate their powers to yet more organizations, which aren't tracked or audited by browser companies. [ Read more ... ]

Bookmark/Search this post with:

• Twitter
• Digg
• StumbleUpon
• Technorati
• del.icio.us
• Facebook
• Furl
• LinkedIn
• Yahoo

Immigrants on Trains Near Northern Border Detained - NYTimes.com: Via NYTimes.com .

ROCHESTER — The Lake Shore Limited runs between Chicago and New York City without crossing the Canadian border. But when it stops at Amtrak stations in western New York State, armed Border Patrol agents routinely board the train, question passengers about their citizenship and take away noncitizens who cannot produce satisfactory immigration papers.

“Are you a U.S. citizen?” agents asked one recent morning, moving through a Rochester-bound train full of dozing passengers at a station outside Buffalo. “What country were you born in?”

When the answer came back, “the U.S.,” they moved on. But Ruth Fernandez, 60, a naturalized citizen born in Ecuador, was asked for identification. And though she was only traveling home to New York City from her sister’s in Ohio, she had made sure to carry her American passport. On earlier trips, she said, agents had photographed her, and taken away a nervous Hispanic man.

He was one of hundreds of passengers taken to detention each year from domestic trains and buses along the nation’s northern border. The little-publicized transportation checks are the result of the Border Patrol’s growth since 9/11, fueled by Congressional antiterrorism spending and an expanding definition of border jurisdiction. In the Rochester area, where the border is miles away in the middle of Lake Ontario, the patrol arrested 2,788 passengers from October 2005 through last September. [ Read more ... ]

Is New York the Next "Papers Please" State?: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Arizonans are not the only ones who should fear living in a "show me your papers" society.

As reported in Monday's New York Times, here in the great state of New York, armed Border Patrol agents routinely board Amtrak trains and Greyhound buses to question passengers about their citizenship and detain those who are not carrying proper proof of their lawful status.

Nina Bernstein reported that Customs and Border Protection (CBP) officers board trains in western New York and ask passengers "Are you a U.S. citizen?" and "What country are you from?" And in case you were wondering, no, these trains do not cross the New York-Canadian border. They are used for domestic travel.

Take, for example, Ruth Fernandez, a 60-year-old U.S. citizen born in Ecuador. She was travelling on Amtrak from Ohio to New York City. On past trips she was photographed by Border Patrol agents, so this time she carried ID, and showed it to Border Patrol agents when asked about her citizenship.

Ruth was not arrested, but others have been. According to an analysis of government data, CBP arrested 2,788 bus and train passengers from October 2005 through September 2010. It's unknown how many of these individuals were U.S. citizens who just happened not to carry identification with them and could not prove their lawful status. [ Read more ... ]

Reading, Writing, and RFID Chips: A Scary Back-to-School Future in California: Via EFF.org Updates.

Scary news from California's Contra Costa County — school officials there have reportedly decided to track some preschoolers with RFID chips, thanks to a federal grant supplying the funding.

According to a story from the Associated Press, the students will wear a jersey at school that has the RFID tag attached. The tag will track the children's movements and collect other data, like if the child has eaten or not. According to a Contra Costa County official, this is a cost-savings move, as teachers used to have to manually keep track of a child's attendance and meal schedule.

But of course, an RFID chip allows for far more than that minimal record-keeping. [ Read more ... ]

Colbert's Word: Control-Self-Delete: Via EFF.org Updates.

Just a few weeks after his interview with EFF Legal Director Cindy Cohn, American hero Stephen Colbert has returned to the subject of digital rights. And he's come up with a great solution to the problem of privacy and online social networks: Control-Self-Delete. [ Read more ... ]

Tighter Medical Privacy Rules Sought: Via NYT > Privacy.

he Obama administration is rewriting new rules on medical privacy after an outpouring of criticism from consumer groups and members of Congress who say the rules do not adequately protect the rights of patients.

Democratic lawmakers and a few Republicans have denounced the rules, saying they fall short of offering patients the fullest protections possible. Hospitals and insurance companies, seeking to maintain greater control over patient notification, generally support the rules. The White House finds itself caught in the middle.

The rules specify when doctors, hospitals and insurers must tell patients about the improper use or disclosure of information in their medical records. Such breaches appear to have become more frequent, with the growing use of health information technology, social media and the Internet.

Kathleen Sebelius, the secretary of health and human services, issued temporary rules, with the force of law, in August last year. After analyzing comments from the public, she developed final rules and submitted them to the White House Office of Management and Budget for approval in May.

At the urging of the White House, Ms. Sebelius recently withdrew the rules to allow for further consideration. [ Read more ... ]

Germany to roll out ID cards with embedded RFID: Via International Business Times.

The production of the RFID chips, an integral element of the new generation of German identity cards, has started after the government gave a 10 year contract to the chipmaker NXP in the Netherlands. Citizens will receive the mandatory new ID cards from the first of November.

The new ID card will contain all personal data on the security chip that can be accessed over a wireless connection.

The new card allows German authorities to identify people with speed and accuracy, the government said. These authorities include the police, customs and tax authorities and of course the local registration and passport granting authorities.

German companies like Infineon and the Dutch NXP, which operates a large scale development and manufacturing base in Hamburg, Germany are global leaders in making RFID security chips. The new electronic ID card, which will gradually replace the old mandatory German ID cards, is one of the largest scale roll-outs of RFID cards with extended official and identification functionality. [ Read more ... ]

EFF to Verizon: Etisalat Certificate Authority Threatens Web Security: Via EFF.org Updates.

EFF will soon be launching the SSL Observatory project, an effort to monitor and secure the cryptographic infrastructure of the World Wide Web. There is much work to be done, and we will need the help of many parties to make the HTTPS-encrypted web genuinely trustworthy. To see why, you can read the following letter, which we are sending to Verizon today:

(there is also a story in the New York Times) [ Read more ... ]

Private eyes are watching you (surf the Web): Via The Christian Science Monitor / CSMonitor.com .

Commercial tracking software often secretly records where users go on the Internet. If businesses don't set their own clear, simple privacy standards, government may need to step in with a 'do not track' option.

One area undergoing massive change is personal privacy. Fluid exchanges of information mean that more knowledge about people’s lives can be shared than they realize or desire. Facebook and Google are two Web giants that have recently faced criticism for playing fast and loose with information about their users.

A significant number of apps – small software applications that users download onto their iPhones or other smart phones – have been shown to be surreptitiously collecting information on their users, such as the person’s location or their list of contacts.

Meanwhile, the United Arab Emirates and Saudi Arabia say they will curtail the use of BlackBerry phones for the opposite reason – their texts and e-mails are encrypted and difficult to intercept and decipher. The UAE claims this privacy feature is a threat to its national security. [ Read more ... ]

Facebook bug could give spammers names, photos: Via PC World.

Facebook is scrambling to fix a bug in its website that could be misused by spammers to harvest user names and photographs.

It turns out that if someone enters the e-mail address of a Facebook user along with the wrong password, Facebook returns a special "Please re-enter your password" page, which includes the Facebook photo and full name of the person associated with the address.

The feature helps people understand if they've mistyped their e-mail address at login, but it could be misused by spammers to get information on Facebook's 500 million users. [ Read more ... ]

Publisher, Former Partners Agree to Destroy Personal Information About Gay Customers: Via EFF.org Updates.

Last month, we wrote about a New Jersey case in which the former publisher of a magazine and dating website for gay youth had declared bankruptcy. He and his former business partners were fighting over ownership of various business assets of XY Magazine and XY.com, including extensive personal information about more than a million customers. XY's privacy policies, however, had promised customers that their personal information would never be given to anybody.

The Federal Trade Commission warned (pdf) that any transfer or further use of the data would not only violate the privacy promises that XY had made to consumers, but would also likely be unlawful under the Federal Trade Commission Act, which prohibits unfair and deceptive acts and practices. The Commission suggested that the data be destroyed, which we agreed would be the best course of action.

We're happy to report that this potential privacy fiasco has ended well for XY's customers. The parties reached an agreement (pdf) under which the publisher is required to destroy all personally identifiable information about XY's customers. [ Read more ... ]

Alleged Carder ‘BadB’ Busted in France — Watch His Cartoon: Via Threat Level.

An alleged old-timer in the international carding community and one of the top sellers of stolen bank card data has been arrested in France, and faces extradition to the United States on an indictment unsealed Wednesday in Washington, D.C.

Vladislav Anatolievich Horohorin, 27, aka BadB, holds dual-citizenship in Ukraine and Israel and was one of the earliest members of CarderPlanet, a first of its kind Russian-language carding forum that was launched around 2002 by a group of East Europeans. CarderPlanet was shuttered in 2004, and BadB had more recently been selling his stolen goods at carder.su and on his own websites, dumps.name and badb.biz, where he promoted his product in lighthearted Flash cartoons like the one above.

Authorities say the network created by Horohorin and other CarderPlanet veterans is linked to “nearly every major intrusion of financial information reported to the international law enforcement community.” [ Read more ... ]

Do Not Track: Not as Simple as it Sounds: Via Freedom to Tinker.

Over the past few weeks, regulators have rekindled their interest in an online Do Not Track proposal in hopes of better protecting consumer privacy. FTC Chairman Jon Leibowitz told a Senate Commerce subcommittee last month that Do Not Track is “one promising area” for regulatory action and that the Commission plans to issue a report in the fall about “whether this is one viable way to proceed.” Senator Mark Pryor (D-AR), who sits on the subcommittee, is also reportedly drafting a new privacy bill that includes some version of this idea, of empowering consumers with blanket opt-out powers over online tracking.

Details are sparse at this point about how a Do Not Track mechanism might actually be implemented. There are a variety of possible technical and regulatory approaches to the problem, each with its own difficulties and limitations, which I’ll discuss in this post.

An Adaptation of “Do Not Call” [ Read more ... ]

‘John Doe’ Who Fought FBI Spying Freed From Gag Order After 6 Years: Via Threat Level.

The owner of an internet service provider who mounted a high-profile court challenge to a secret FBI records demand has finally been partially released from a 6-year-old gag order that forced him to keep his role in the case a secret from even his closest friends and family. He can now identify himself and discuss the case, although he still can’t reveal what information the FBI sought.

Nicholas Merrill, 37, was president of New York-based Calyx Internet Access when he received a so-called “national security letter” from the FBI in February 2004 demanding records of one of his customers and filed a lawsuit to challenge it. His company was a combination ISP and security consultancy business that was launched in the mid-90s and had about 200 customers, Merrill said, many of them advertising agencies and non-profit groups.

Despite the fact that the FBI later dropped its demand for the records, Merrill was prohibited from telling his fiancée, friends or family members that he had received the letter or that he was embroiled in a lawsuit challenging its legitimacy. He occasionally showed up for court hearings about the case, but sat silently in the audience with other court observers. In 2007, he was prevented from publicly accepting an award for his courage from the American Civil Liberties Union, because he was not allowed to identify himself as the plaintiff in the case.

U.S. District Judge Victor Marrero in New York finally released Merrill partially from the gag order (.pdf) on July 30, which Merrill revealed publicly only on Monday. [ Read more ... ]

New Comments by Google's CEO Eric Schmidt Trigger Privacy Concerns: Via Lauren Weinstein's Blog.

Greetings. I have enormous respect for Google's CEO Eric Schmidt. Among his various positive attributes is his ability and willingness to openly speak his mind on controversial topics.

Occasionally though, Eric's remarks (which of course do not unilaterally represent Google official corporate policy) stray into regions where they can possibly be misinterpreted in the absence of full context, leading some observers to characterize them in such cases as perhaps being a bit "shot from the hip" -- and triggering some consternation among the public (and, I would suspect, sometimes within Google itself as well).

During a CNBC interview late last year, when Eric suggested that, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place" -- there were loud condemnations from many quarters. But at the time I pointed out that in full context it was clear that he was referring to criminal and other obviously inadvisable acts. (If you're 12 years old, posting photos of your boozing party on Facebook is probably a really bad idea.) [ Read more ... ]

Check-In On Foursquare Without Taking Your Phone Out Of Your Pocket: Via .

Heavy Foursquare users, you have a new app to get immediately. Future Checkin is an app that allows you to check-in to your favorite Foursquare venues automatically when you’re near them. You don’t have to do a thing besides simply have your phone on you and this app will check you in while running in the background with iOS 4.

Developer Tim Sears says he was actually inspired to make this app by our posts about iOS 4 background location and check-in fatigue. Check-in fatigue in particular is a growing problem. [ Read more ... ]

Why Do-Not-Track Isn't The Same As Do-Not-Call: Via MediaPost Publications .

Federal Trade Commission Chairman Jon Leibowitz surprised many industry watchers yesterday when he told the Senate that the commission might recommend a do-not-track mechanism for behavioral targeting.

He elaborated that the system could take the form of a browser plug-in, and that either the FTC or a private group could oversee it; beyond that, further details will have to wait until the FTC issues a report later this year about online privacy.

Even without all of the particulars, the concept of a do-not-track list seems likely to alarm many online ad companies, if for no other reason than because of telemarketers' experience with the do-not-call registry. That list, which has proven hugely popular with consumers, now has 200 million phone numbers. [ Read more ... ]

A DNA Search Method Raises Privacy Questions: Via NYT > Privacy.

IT’S the latest criminal investigation technique, and it gives new meaning to that old saw “the ties that bind.”

Recently, forensic scientists in California used a genetic analysis procedure called “familial searching” or “kinship searching” to help the police identify a suspect in the “Grim Sleeper” serial murder case — and they did so by using a DNA sample collected for another purpose from the suspect’s own son. The Los Angeles police later arrested the father, Lonnie David Franklin Jr., who has since been charged with 10 counts of murder.

Forensic scientists routinely use a standard search method to try to identify a suspect who has left bits of DNA at a crime scene. They use a computer analysis to compare DNA from the scene to DNA profiles of known convicted offenders stored in a state database. When the profiles match exactly, genetic analysts call it a “cold hit.” [ Read more ... ]

Tim O'Reilly Says You Should Give Up Some Privacy to Help Save the World: Via ReadWriteWeb.

Tim O'Reilly was recently at the US Department of Health and Human Services (HHS), talking about the kinds of things that could be done "if we could use medicare data like Google uses clickstream data." The response was a very cautious one. [ Read more ... ]

Court Mixed on Constitutionality of Taking DNA From Arrestees: Via Threat Level.

SAN FRANCISCO — A federal appeals court provided no clear indication Tuesday whether it would uphold a voter-approved measure requiring California authorities to take a DNA sample from every adult arrested on felony accusations.

A three-judge panel of the 9th U.S. Circuit Court of Appeals heard arguments for about an hour, in a civil rights lawsuit filed by the American Civil Liberties Union aimed at striking down the law. The ACLU argued that DNA sampling of arrestees was an unconstitutional search and privacy breach. A lower court had refused to stop the program that has resulted in California securing a DNA database of 1.5 million people.

At least 21 states have regulations requiring suspects to give a DNA sample upon an arrest. President Barack Obama supports taking DNA when a suspect is arrested. [ Read more ... ]