Subscribe: ghosts in the machine
Added By: Feedage Forager Feedage Grade B rated
Language: English
data  facebook  information  internet  people  personal  privacy commissioner  privacy  public  security  surveillance  users 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: ghosts in the machine

ghosts in the machine

exploring digital identity, privacy and knowledge management

Updated: 2015-03-30T15:20:13.806-07:00


Lessons from the Identity Trail


(image) "One uploaded photo, credit card number or status update at a time, we are relinquishing our privacy and anonymity." That's according to the results of a study on how society's use of information communication technologies impacts privacy and anonymity. University of Ottawa professor Ian Kerr and nearly two dozen researchers from across the globe spent four years examining the issue, ultimately determining that our anonymity and right to privacy is in jeopardy.

The results of their research have been published in a book, On the Identity Trail: Anonymity, Privacy and Identity in a Networked Society, which is available for free download online. Kerr also provides an overview in this CBC podcast, which aired on April 17, 2009.

Among the findings:

The researchers reported that governments are choosing laws that require people to identify themselves and are lowering judicial thresholds defining when identity information must be disclosed to law enforcement officials. That is allowing the wider use of new technologies capable of making people identifiable, including smartcards, security cameras, GPS, tracking cookies and DNA sequencing.

Consequently, governments and corporations are able to do things like:

  • Embrace technologies such as radio frequency identification tags that can be used to track people and merchandise to analyze behaviour.
  • Boost video surveillance in public places.
  • Pressure companies such as internet service providers to collect and maintain records of identification information about their customers.
While Canada, the U.K., the Netherlands and Italy all have national laws protecting privacy – that is, laws that allow citizens to control access to their personal data – such legal protection does not exist for anonymity.

Ontario's Privacy Commissioner on RFID & EDLs: Podcast


This week's CBC "Search Engine" podcast explores the use of RFID technology in Canadian driver's licenses. Ontario Privacy Commissioner Ann Cavoukian shares her privacy concerns about enhanced drivers' licenses (EDLs) and discusses ways citizens who choose to use EDLs could protect their personal information from RFID skimmers when the cards are not in use. She emphasizes that use of EDLs is voluntary and expects on-off switch technology for the IDs to be ready in 2010.

Enhanced driver's licenses have been developed as a passport alternative for use when crossing the U.S. border. They are already in use in Manitoba and are set to launch in Ontario this June.

Project Eyeborg: "Bionic" Journalist Rob Spence


(image) Rob Spence, a Canadian filmmaker who lost an eye in an accident as a teenager, plans to have a mini camera installed in his prosthetic eye to make documentaries and raise awareness about surveillance in society.

For Project Eyeborg, Spence will have a camera, a battery and a wireless transmitter mounted on a tiny circuit board in his prosthetic eye, but no part of the camera would be connected to his nerves or his brain.

"In Toronto there are 12,000 cameras. But the strange thing I discovered was that people don't care about the surveillance cameras, they were more concerned about me and my secret camera eye because they feel that is a worse invasion of their privacy."

Spence, whose last film "Let's All Hate Toronto" explored the Canada-wide trend of hating that city, has no plans to make reality programming. The focus of his latest film is surveillance and the eye project has become central to the film.

The filmmaker has been working with a team of engineers to build a prototype in time for this week's 2009 “Digital News Affairs (DNA) conference.

Vancouver Olympics security raises privacy concerns


(image) While the Vancouver 2010 Olympics have come under criticism for rapidly inflating costs, federal privacy commissioner Jennifer Stoddart is sounding the alarm about security plans for the winter event.

“Experience has shown that Olympic Games and other mega-events can leave a troubling legacy – large-scale, security surveillance systems installed for mega-events often remain long after the event is over,” she says. What happened following the Athens Games of 2004 is a case in point. Closed-circuit cameras installed for the Games were left in place afterwards to help law enforcement monitor citizens, notably during public demonstrations.

British Columbia’s privacy commissioner, David Loukadelis said last year that he had been assured by the RCMP the images from those cameras will be available only to key people. While using extraordinary measures to keep diplomats and athletes safe is reasonable for a special event he is concerned that once the Games are over, those cameras might remain and become a unreasonable infringement on everyday privacy rights.

Just as in Athens, following the Olympics in Sydney, many closed-circuit TV cameras were left in place after the Games.

Both Stoddart and Loukadelis have discussed security and privacy issues for the Games and will collaborate in monitoring security measures and privacy protections, in order to ensure that privacy rights are fully respected during the Games and after.

PEW Internet Study: Online Generation Gap Narrowing


(image) The PEW Internet and American Life project released a report this week on Generations Online in 2009. The study shows that while over half of the adult internet population is between 18 and 44 years old, larger percentages of older generations are online now than in the past, and they are doing more activities online, according to surveys taken from 2006-2008.

Contrary to the image of Generation Y (born between 1977-1990) as the "Net Generation," internet users in their 20s do not dominate every aspect of online life.

Among the key findings:

  • Generation X (born 1965-1976), is the most likely group to bank, shop, and look for health information online.
  • Boomers (born 1946 - 1964) are just as likely as Generation Y to make travel reservations online.
  • Silent Generation internet users (born 1937-1945) are competitive when it comes to email (although teens might point out that this is proof that email is for old people).

The most dramatic increase in internet use can be seen in the 70-75 year-old age group. While just over one-fourth (26%) of 70-75 year olds were online in 2005, 45% of that age group is currently online.

Photo by: max_thinks_sees

Data Privacy Day 2009: Raising awareness


(image) January 28th marks the 2nd annual international data privacy day in Canada, the U.S. and 27 European countries. The purpose of the event is to "raise awareness and generate discussion about data privacy practices and rights." It also serves the important purpose of furthering international collaboration and cooperation around privacy issues.

This year's data privacy day comes on the heels of what may have been the largest breach ever reported, with the personal information of nearly 100 million exposed at a U.S.-based credit card processing firm. Hackers breached the computer network at Heartland Payment Systems Inc., exposing customers' credit card numbers, card expiration dates and some internal bank codes - all information that could be used to forge a credit card. The company handles 100 million card transactions for 250,000 businesses nationwide each month.

The scale of the breach is “shocking,” says Jennifer Stoddart, Privacy Commissioner of Canada.

“After what we saw at TJX, that you could have such a major data breach, I'm asking myself what is happening and what is not getting through to organizations?” she says. “You should always take the steps to make sure there is suitable protection.”

As this most recent breach demonstrates, there is still much work to be done to raise awareness about data privacy.

CCTV is not the best way to combat crime


British Columbia’s provincial government is planning to spend one million dollars on a pilot CCTV project to help combat crime in Vancouver, Kelowna and Surrey. According to the province’s Solicitor General, John van Dongen:Technologies such as CCTV can greatly assist the police and the prosecution in bringing offenders to justice. We believe CCTV can be an important tool in catching criminals and improving public safety. If we look at the results of CCTV use in the U.K., van Dongen is vastly over-stating its effectiveness. The U.K. began experimenting with CCTV in the 1970’s and its use has grown to more than 4 million cameras across the UK, or at least one for every 14 people. In 2002, it was estimated that the average London resident was captured on camera about 300 times per day. Since the mid-1990’s billions of pounds have been spent on CCTV technology in the UK. Yet, despite all this, a recent report from New Scotland Yard indicated that only about 3% of crimes were solved by the use of CCTV. Furthermore, a report by the Home Office in 2002, which reviewed 18 other studies on the effectiveness of CCTV, found just a 4% overall reduction in crime when CCTV cameras were used. Given these results, the evidence tells us that the return on investment with CCTV is far too low to warrant the expense. One study indicates that there would have been a greater reduction in crime if those billions of pounds had been spent on more cops walking the beat. Jonathan Klick, a law professor at Florida State University, and Alexander Tabarrok of George Mason University, studied the increased police presence in key areas of Washington D.C. during high terror alert days and found a 15 percent reduction in crime. The added and less quantifiable cost of CCTV is the loss of privacy to citizens and the negative impact on civil liberties. B.C.’s Solicitor General said he intended to work with the province’s Information and Privacy Commissioner “to establish clear rules for the collection, management and protection of information from the cameras.” However, Privacy Commissioner David Loukidelis said he learned about the program a mere fifteen minutes before the news conference announcing the CCTV pilot project. BC residents and politicians who are concerned about crime and public safety should advocate for more police officers, community policing programs and proven crime prevention measures (such as improved lighting) instead of throwing away millions in tax dollars in the creation of a surveillance society.Related posts:Smile, You're on Candid CameraCops Want Covert Cameras in Public PlacesHomeland Security's Chertoff: more surveillance, less privacy [...]

PIPEDA: Guidelines for Covert Video Surveillance


  • A manager at a railway company uses the zoom lens on cameras, installed for the purpose of monitoring train movements, to watch two employees leaving company property during regular working hours without permission.
  • An employee with a history of work-related injuries over a period of several years refuses to cooperate with his employer’s efforts to accommodate him or to provide current information to support his disability claim. His employer hires a private investigation firm to conduct covert video surveillance to observe the employee for a period of two weeks to determine if he indeed had the physical limitations he was claiming.
  • A transportation company hires a private investigation firm to conduct surveillance on an employee suspected of violating the company’s Conflict of Interest Policy by having a romantic relationship with a colleague. While the employee under investigation was the target of the surveillance, images were also covertly captured of the colleague and alleged romantic partner.

Which of the above scenarios are in violation of PIPEDA (Personal Information Protection and Electronic Documents Act)? *

The Privacy Commissioner of Canada has prepared a draft guidance document that sets out good practice rules for private sector organizations that are either contemplating or using covert video surveillance.

The guidelines also include the test used by the Office of the Privacy Commissioner to determine whether an organization may properly rely on covert video surveillance:

1. The collection of personal information must only be for purposes that a reasonable person would consider appropriate in the circumstances.

2. There should be substantial evidence to support the suspicion that:

  • the relationship of trust between the organization and an individual has been broken;
  • there has been a breach of an agreement; or,
  • a law has been contravened.

3. Covert surveillance is a last resort and should only be contemplated if all other less privacy-invasive means of collecting personal information have been exhausted.

4. The collection of personal information must be limited to the stated purposes to the greatest extent possible.

Feedback on the draft guidance will be received until November 14, 2008. The Privacy Commissioner is particularly interested in comments from those directly affected by covert video surveillance, including unions representing employees of federally regulated organizations as well as consumer associations.

*Only the scenario in the first bullet was found to be in violation of PIPEDA.

Private eye Steve Rambam: Privacy is dead


Private investigator Steve Rambam has worked on a number of high-profile cases in his 25 year career, including tracking down Nazi war criminals in Canada. In a recent interview with Computerworld, Rambam discusses PallTech, his investigative database service with more than 25 billion records on U.S. citizens and businesses.

PallTech claims to have “ pretty much every American's name, address, date of birth, Social Security number, telephone number, personal relationships, businesses, motor vehicles, driver's licenses, bankruptcies, liens, judgments -- I could go on and on”

If the fact that PallTech has amassed this much specific information on almost every American isn’t troubling enough, there are two other disturbing issues raised in the interview. The first is the apparent lack of security or oversight of the sensitive data. When asked who has access to the data and how it is safeguarded, Rambam replies:

This is a database that's restricted to law enforcement, private investigators, security directors of companies and people who have a genuine need. … The most restrictive rule is my own personal ethics. In 20 years, we haven't had a single lawsuit or complaint.

The second troubling issue is how the data is being contributed:

The other thing is the mind-boggling level of self-contributed data. The average person now willingly puts on the Internet personal information about himself that 20 years ago people would hire an investigator to try and get. It's extraordinary. If you know how to use the Internet, 75% of an investigation can be conducted sitting in your pajamas.

Rambam feels that people have no reason to fear that PallTech will abuse their personal information, as they are “more accountable” than the US government: “You can sue us; you can subpoena us. You can hold us to task if we do something improper. Not so the U.S. government.”

Rambam is a proponent of public access to information, in order to prevent government abuse. In an earlier post, I mentioned David Brin’s book The Transparent Society , which discusses the illusion of privacy and advocates making most information available to everyone to ensure greater transparency and accountability.

Will information remain private and "secret", or are we on a path to making it open and public?

October is Public Library Month in British Columbia


According to B.C. Library Association executive director Alane Wilson, more than 98 per cent of British Columbians live in an area that is served by a public library, and this year's theme for Library Month -"Your Library, Your World" - reflects the many ways in which libraries contribute to the fabric of B.C.'s education, culture and community.

While the following video focuses on Seattle Public Library, the message about the library's role in society is true on both sides of the border:


“Radical Pragmatism” : Privacy by design


(image) Privacy protection must be built into new technologies right from inception, according to Ontario’s Privacy Commissioner, Ann Cavoukian.

In a paper she delivered yesterday at the University of Waterloo, entitled “Privacy and Radical Pragmatism: Change the Paradigm “, Cavoukian argues that enhancing surveillance and security in society does not need to be at the expense of privacy. Instead, Cavoukian advocates that "privacy-enhancing technologies" can be used to counter privacy-invading tools such as biometrics, RFID (radio-frequency identification tags) and video surveillance:

By adopting a positive-sum paradigm and applying a privacy-enhancing technology to an otherwise surveillance technology, you can develop, what I am now calling, a “Transformative Technology” – transformative because you can in effect, transform the privacy-invasive features of a given technology into privacy-protective ones. Among other things, transformative technologies can literally transform technologies normally associated with surveillance into ones that are no longer exclusively privacy-invasive in nature.

In an interview with IT World, David Fewer from CIPPIC says that a lot of work still needs to be done to get the private sector on-board:

Privacy enhancing technologies are often viewed as a cost by major corporations. It will likely be the role of statutes such as PIPEDA (Personal Information Protection and Electronic Documents Act) and other … privacy laws to push companies toward investing in these privacy-enhancing technologies.

“As of now, industries will only be forced to do it when faced with an obligation to do so by regulators or when they make some kind of mistake in the marketplace and are forced to implement these technologies by some kind of legal action,” Fewer said.”

Image by Kevin Dooley

Tasteless Twittering: Newspaper tweets details of child’s funeral


The decision by the Rocky Mountain News to broadcast continuous, live updates to Twitter of the details of the funeral of a three-year old boy has caused a storm of controversy among ethicists, journalists and bloggers. Twitter, for the uninitiated, is a social networking service that uses instant messaging to allow users to share information about what they are doing at any given moment. Updates, known as “tweets” are displayed on the sender’s page and automatically sent to subscribers. Most Twitter users share the mundane details of everyday life, answering the question “What are you doing now?” Lisa Reichelt, on her disambiguity blog, refers to this as “ambient intimacy”: Ambient intimacy is about being able to keep in touch with people with a level of regularity and intimacy that you wouldn’t usually have access to, because time and space conspire to make it impossible. … There are a lot of us, though, who find great value in this ongoing noise. It helps us get to know people who would otherwise be just acquaintances. It makes us feel closer to people we care for but in whose lives we’re not able to participate as closely as we’d like. One benefit of twittering is that updates can be made frequently, facilitating uses such as marketing, micro-blogging, networking and breaking news. You can track Barack Obama on the campaign trail, follow TechCrunch’s blog updates, stay up-to-date with NASA’s Phoenix Mars Lander or catch breaking news from the CBC. Twitter has also been used to share the blow-by-blow account of a couple’s argument or even to offer a proposal of marriage. Given the broad spectrum of information that can be shared via Twitter, what then, is the etiquette? What is appropriate twittering and what is taboo? In the case of the funeral for three year-old car crash victim Marten Kudlis, many believe the good taste envelope was pushed to the limit. Reporter Berny Morsen’s play-by-play of the toddler’s funeral seemed voyeuristic and lacking in the reverence one would expect from newspaper coverage of such an event. While shocking, it is simply a more extreme example of how the use of technologies such as Twitter is blurring the line between what is public and what should be private.20th century etiquette expert Emily Post noted that: “People who talk too easily are apt to talk too much, and at times imprudently”. The need to feed Twitter followers with a steady stream of updates, coupled with the immediacy of the technology, encourages users to post before thinking. Margaret Mason, contributor for The Morning News, perhaps says it best: “What’s rude in life is rude on Twitter.”[...]

Google Responds to Privacy Concerns with Chrome


(image) Google plans to anonymize the IP addresses and cookies that track users when they enter search terms or URLs into Google’s new browser, Chrome.

Privacy advocates have been concerned about the potential of the browser to allow Google even more ability to track users’ online habits and develop extensive user profiles.

Electronic Frontier Foundation technologist Peter Eckersley says: “We're worried that Chrome will be another giant conveyer belt moving private information about our use of the Web into Google's data vaults. Google already knows far too much about what everybody is thinking at any given moment."

Google also plans to anonymize user IP addresses nine months after they have been collected.

Regulators and policymakers have been scrutinizing Google’s privacy practices for the past year, and this seems to be yet another example of the company’s lack of attention to privacy and failure to fully disclose how data will be used.

Image by Randy Zhang

Privacy Mode Planned for IE8


(image) Internet Explorer 8, due for release later this year, will incorporate a private browsing feature. According to CNET, Microsoft registered two trademarks in July which point to privacy functionality in the browser - ClearTracks and Inprivate:

The Cleartracks trademark involves "computer programs for deleting search history after accessing Web sites," according to the Microsoft filing. And the Inprivate trademark involves "computer programs for disabling the history and file caching features of a Web browser; and computer software for notifying a user of a Web browser when others are tracking Web use and for controlling the information others can access about such use."

Mac's Safari already has a private browsing mode while Firefox's PrivateBrowsing is
in development. With all three, private browsing is envisioned as a temporary mode, that users will need to switch on at times when they do not want to leave behind a search trail.

Photo by: Sunside

Canada's Privacy Commissioner on Social Networking


This video, from the Office of the Privacy Commissioner of Canada, Jennifer Stoddart, wants users of social networks to pause and ask themselves the following questions before posting personal information online:

  • What judgments or conclusions might others form with my information?
  • Are there some details about my life I would like to keep personal?
  • Who might view or purchase this information about me?
  • Will this information reflect well on me a year from now? Five years?
  • Would I want my best friend to know this?
  • Would I want my boss to know this?
  • Would I want my mom to know this?


For more information, visit the website of the Office of the Privacy Commissioner of Canada.

Tracking Transience: Hasan Elahi's Life is an Open Book


(image) In 2002, Hasan Elahi was detained at the Detroit airport when his name had mistakenly been added to the FBI’s terrorist watch list. An art professor at Rutgers University, it took six months of interrogation and nine lie detector tests before Elahi’s name was cleared.

In order to ensure that he wouldn’t be detained again, Elahi, a frequent traveller, began to routinely contact the FBI to advise them of his travel plans. He then decided to create Tracking Transience, a website where he uses time-stamped digital photos to track his own whereabouts. In addition to providing his location throughout the day by posting aerial photographs from Google Earth, he has uploaded his cell phone logs and even his bank statements to the site.

Why? Elahi’s intent is to explore the meaning of identity in an era of surveillance. While Tracking Transience robs him of his personal privacy, it also provides him with a running alibi, should he ever be falsely accused again. For his next project, he plans to post his own genome.

While Elahi’s website may seem radical, the reality is that many people are providing just as much personal information on the Internet in only slightly less overt ways. Whether twittering the details of your every waking moment, posting home videos onto MySpace, updating your Facebook status, paying your credit card online or making a purchase on E-Bay, all of these details could potentially be mined to form a clear picture of your identity.

Instead of looking over his shoulder and worrying that Big Brother is watching him, Elahi has placed himself under constant surveillance.

Photo by mikey_k on Flickr. Creative Commons Attribution-Noncommercial 2.0 Generic

January 28th is Data Privacy Day


The IAPP (International Association of Privacy Professionals) has declared January 28, 2008 "Data Privacy Day", in an effort to encourage privacy professionals to give presentations at schools, colleges and universities next week on the importance of privacy.

To assist privacy professionals in their goal, the IAPP is providing some free materials, including a slideshow and handouts on teens and social networking: worthwhile reading for many parents too!

If you're a privacy professional, educator or just concerened about privacy awareness, you may want to consider using these for your own presentation or as a springboard for discussion.

Fair Copyright for Canada


Michael Geist is spearheading a movement on Facebook to raise awareness about the Canadian government's plans to introduce new copyright legislation that is expected to cave in to U.S. government and lobbyist demands:
The new Canadian legislation will likely mirror the U.S. Digital Millennium Copyright Act with strong anti-circumvention legislation that goes far beyond what is needed to comply with the World Intellectual Property Organization's Internet treaties. Moreover, it will not address the issues that concern millions of Canadians. For example, the Conservatives' promise to eliminate the private copying levy will likely be abandoned. There will be no flexible fair dealing. No parody exception. No time shifting exception. No device shifting exception. No expanded backup provision. Nothing that focuses on the issues of the ordinary Canadian.

Instead, the government will choose locks over learning, property over privacy, enforcement over education, (law)suits over security, lobbyists over librarians, and U.S. policy over a "Canadian-made" solution.

The Facebook group has grown to nearly 40,000 members and is garnering lots of media attention in Canada.

Geist, Canada Research Chair of Internet and E-commerce Law at the University of Ottawa, talks more about what's at stake with this proposed legislation in this CBC interview:


Facebook ordered to get tougher on privacy for children


In response to a spate of issues involving sexual predators using MySpace, Facebook began promoting itself as a safe online environment for children. To test their claims, investigators from the New York Attorney General’s office posed as teenagers and within a matter of days after posting their profiles on Facebook, had received numerous sexually suggestive messages from adults. Their complaints, registered using Facebook’s online form, went unanswered for weeks.As a result of their investigation, New York state prosecutors accused Facebook of false advertising and the New York Times reports that yesterday, Facebook was ordered to immediately post stronger warnings about the risks to children using the site and to provide a quicker response to thousands of complaints daily about inappropriate sexual messages.The changes are part of a settlement with the New York attorney general, Andrew M. Cuomo, whose office last month announced that it had been investigating whether the Web site misled users by promoting itself as a place where minors were safe from sexual predators.Mr. Cuomo said the settlement would serve as a “new model” under which law enforcement and Internet companies could work together to protect children and recognize that they share responsibility to police illegal activity online.By using consumer-protection laws to tackle the thorny problem of Internet safety, Mr. Cuomo appears to be building on the tactics of his predecessor, Gov. Eliot Spitzer, who used state laws to prosecute fraud on Wall Street.“Any site where you are attracting young people, you must assume you are simultaneously attracting those who would prey on young people,” Mr. Cuomo said in an interview. “Whether you are a shoe company or you’re an Internet company, consumer protection laws apply.”Chris Kelly, Facebook’s chief privacy officer, stood beside Mr. Cuomo to announce the deal and called the settlement part of the company’s effort to grow while maintaining users’ sense of safety and community. “We actually think we’ll end up attracting more people” because of the new measures, he said.The settlement also requires Facebook to hire an independent company to track its responses to complaints and to report twice a year to Facebook and the attorney general.In an earlier post, I expressed concern about Facebook’s default “wide-open” privacy settings and their announcement that profiles would be made available to third parties and eventually over the Internet using an automatic opt-in model. I complained to Facebook about this practice and my particular concern about the risks to minors. While their response was timely, coming within a few days of my original complaint, it completely skirted my concerns about using a negative opt-out, as well as the issue of putting children at risk:We appreciate your feedback and will take it into consideration moving forward. Please keep in mind that a public search listing is simply a basic search result that allows people to know that you have a Facebook profile even if they do not yet use the site. Your public search listing will only be available if you allow “Everyone” to search for you on Facebook and have the “Allow anyone to see my public search listing” checkbox toggled on. You can adjust these settings from the Search section of the Privacy page.Also note that people who do not yet use Facebook will not be able to interact with you or view your full information without registering with the site. Your public search listing will not affect any of your normal Search privacy[...]

Librarians: best knowledge managers for our new world


From the b.eye Business Information Network, Dr. Ramon C. Barquin has an informative article about the role that modern librarians can play in the brave new information world.

If there is one profession that has traditionally been underutilized in terms of the contribution they can make to business intelligence and knowledge management, it is the librarians.

...Finding anything and making sense out of it as we move from intelligence to knowledge will be very challenging. ...I would take every major portal where navigation is a problem and give a group of librarians the job of improving it.

...That is where librarians can make a big difference. Give them the right tools, and they will become the best knowledge managers for our new world.

Read the rest here.

Homeland Security's Chertoff: more surveillance, less privacy


(image) Americans are increasingly more willing to trade privacy for security, according to a recent Washington Post poll, and comments by Michael Chertoff, U.S. Secretary of Homeland Security at the International Data Protection and Privacy Commissioner's conference in Montreal earlier this week reflect this outlook.

Michael Geist reported on the BBC news site about Chertoff’s presentation at this year’s global privacy conference, where the theme was “Terra Incognita”, the latin term for unknown lands:

In a room full of privacy advocates, Chertoff came not with a peace offering, but rather a confrontational challenge.

He unapologetically made the case for greater surveillance in which governments collect an ever-increasing amount of data about their citizens in the name of security.

For example, in support of his security agenda, he noted that US forces in Iraq once gathered a single fingerprint from a steering wheel of a vehicle that was used in a bombing attack and matched it to one obtained years earlier at a US border crossing.

He added that there was a similar instance in England, where one fingerprint in a London home linked to a bombing was matched to a fingerprint gathered at a US airport (the identified person was actually innocent of wrongdoing, however).

Chertoff explained that in the autumn the US intends to expand its fingerprinting collection program by requiring all non-Canadians entering his country to provide prints of all ten fingers (it currently requires two fingerprints).

In the process, his vision of a broad surveillance society - supported by massive databases of biometric data collected from hundreds of millions of people - presented a chilling future. Rather than terra incognita, Chertoff seemed to say there is a known reality about our future course and there is little that the privacy community can do about it.

David Brin’s book The Transparent Society discusses the illusion of privacy and advocates making most information available to everyone to ensure greater transparency and accountability. Security does seem to be prevailing over privacy, and, ironically, greater openness is regarded as the means to safeguard personal liberties. It’s a frightening prospect in many ways, but perhaps a more palatable option than the current move to consolidate information into the hands of government, corporations, the military or police.

Chertoff's observations are provocative and may lead our privacy commissioners to shift the debate from "privacy versus security" to focus more on issues of accountability and oversight.

2020: The future of surveillance


(image) Imagine a world where …

- every single one of your activities outside your home was monitored on closed-circuit cameras

- your computer’s ip address was fixed, allowing anyone to track your activity and making your computer a hot property for thieves wanting to hide their identity

- all monetary currency has disappeared and your electronic transactions are all tracked, unless you pay extra to "scrub" your transaction

- you will be required by law to wear an identity transponder at all times so that you can be readily identified

- your insurance company is able to monitor the groceries you buy and what you consume in a restaurant in order to charge higher rates to subscribers who eat junk foods

These are just some of the predictions forecast in DM News by Robert Gellman, a Washington-based privacy and information policy consultant and former chief counsel to the U.S. House subcommittee on information, justice, transportation and agriculture.

2020 is just 13 years away – how close are we to living in the world that Gellman predicts?

Photo by: Gavin Stewart, Creative Commons Attribution 2.0

Facebook uses negative opt-out to make profiles public


Facebook users received notifications this week that the company is planning to make user profiles available to non-users and eventually make them searchable on the Internet, as reported today by the BBC:The function will initially allow anyone who is not registered with the site to search for a specific person. More controversially, in a month's time, the feature will also allow people to track down Facebook members via search engines such as Google.The firm said that the information being revealed is minimal.… The public search listing will show the thumbnail picture of a Facebook member from their profile page as well as links allowing people to interact with them. But, in order to add someone as a friend or send them a message, the person will have to be registered with Facebook.Users who want to restrict what information is available to the public oropt out of the feature altogether can change their privacy settings. They have amonth to do so.Facebook originated as a “closed” space, targeting university and college students whose e-mail addresses had to originate from their academic institution’s domain. Last year, Facebook opened its service to anyone, but part of the appeal to users is the ability to restrict access to your profile within the Facebook environment.Now, Facebook is pulling down the walls of their environment and allowing anyone, anywhere to see its users’ profiles – unless users choose to opt out. The negative opt-out technique means that if users do not respond, Facebook will assume they have granted permission for their profiles to be made public.Roger’s Cable in Canada tried the negative option technique in the mid-90’s, delivering a package of new speciality services with automatic increased costs to customers’ bills. Customers were outraged, the company backed away from their plan and by 1999, Canadian parliament outlawed the practice.The negative opt-out is at best unfair and at worst a huge violation of trust:It presumes that everyone will read the opt-out notification within the month – there are purportedly 39 million Facebook accounts, a large percentage of which have likely become inactive or are used infrequently, so those users’ information will probably go public without their knowledge or consent.It takes advantage of a low response rate. Studies have shown that only about 15% of users will respond to a negative opt-out. Facebook stands to make a greater profit using this method than requiring users to opt in.It takes advantage of the relationship developed between service provider and customer. Facebook is presuming that it can use its customers’ information in whichever way it deems fit, with a minimum of input from users.It puts users – including minors – at risk by exposing their profile information to the wider world. Many Facebook users are not well-informed about the myriad of privacy settings required to lock down one’s profile. Many users leave their entire profile, including date of birth, workplace, residential neighbourhood and status (e.g. “I’m vacationing in Aruba all week!”) open to entire networks of thousands of members to view. While users’ entire profiles will not be available to search on the Web - not yet, anyway – it opens the door for greater abuse.In using the negative opt-out technique, Facebook is violating the trust and the privacy of millions of loyal users. If users and regulators allow Facebook to proceed with this tactic - w[...]

Lessons from the massive privacy breach at


Last week’s massive security breach affecting is a reminder of what is at stake as we all come to rely on web-based services for everything from shopping to dating to job searching. For those unfamiliar with the service, is an international job search site, where employers can post job ads and employees can post their resumes and apply for positions. According to CRN Business:The stolen data, which was found on a remote server and shut down by this week, included users' names, addresses, phone numbers and e-mail addresses. Symantec security researchers first reported the incident last week, although it's still not clear when the breach first occurred.The data was collected by the Trojan Infostealer.Monstres, which likely used stolen login credentials of legitimate employment recruiters to gain access to the site's resume database, according to a posting by Symantec researcher Amado Hidalgo on Symantec's Web site. The unsuspecting job seekers whose information was stolen then became the victims of various phishing e-mail scams attempting to empty their bank accounts.Last week’s reports indicated that a staggering 1.3 million individuals’ data had been stolen, but’s CEO Sal Iannuzzi is now saying that the breach is likely even larger:To be safe, he said, all users should assume that their contact information has been taken.While Monster is assuring users that it is working to improve security on their site and contacting users about ways they can ensure their privacy, this is too little too late given that millions of users’ confidential data, including names, residential addresses, e-mail addresses, home telephone numbers, cell phone numbers and employment history have been stolen by individuals who have not been identified or arrested for purposes yet unknown. It is not yet known if any financial transaction data has been stolen.Ianuzzi offers little comfort to Monster’s customers:"I want to be clear and I want to be frank: There is no guaranteed fix," Iannuzzi said. "I wish I could say . . . there will be absolutely no way that the Monster site can be compromised. I cannot ever make that promise, and no Internet company can." (emphasis is mine).This is a sobering reality check to all of us who share information and make transactions on the Web – that there are no iron-clad guarantees for the security of your data, financial or otherwise. It is up to individuals to stop and think before providing any personally identifiable information to access a service or conduct a transaction over the Internet.Some ways you can reduce your risk:1. When signing up for a Web service – anything from Facebook to Ticketmaster alerts to a blogging utility – how much personally identifiable information are you required to provide? How important is the service to you when weighed against the risk of your personal data being stolen or unlawfully accessed? 2. Could you access this service in another way? For example, is it possible to apply for a job by e-mailing the employer directly, rather than uploading all of your application data to a Web service? 3. When you are making an on-line purchase, be sure the vendor is providing a secure means of making the transaction – look for the https:// prefix in the URL (e.g. https:// You should see a lock box on your screen if the site is secure.4. Make sure you run anti-virus software regularl[...]

This is Privacy Awareness Week


Privacy Awareness Week is a promotional campaign first initiated by Privacy Victoria (Australia) in 2001. This year, for the first time, Privacy Awareness Week has gone international.

The week is an opportunity for organizations and agencies covered by privacy legislation to promote privacy awareness to their staff, customers, and to the wider community. The theme for Privacy Awareness Week 2007 is ‘Privacy is your business'.

Do you know your rights and obligations with respect to privacy? Organizations, governments, and government agencies in many countries are bound by a variety of privacy laws. As consumers, each of us is responsible to understand what our rights and responsibilities are under those laws.

Learn more about your rights!

In Australia: Privacy Victoria