A judge in California ruled that the use of a keystroke logger, which is a device or program that records what you type on your keyboard, does not violate federal wiretap laws.

This case involved an employer installing a physical device between his secretary’s computer and keyboard that monitored and recorded what she typed.

Privacy advocates have argued that since keystroke logging facilitates covertly monitoring and recording information and conversations, cases should be prosecuted using the same laws that protect the public from telephone wiretaps. However, the wiretap laws offer very specific protection. In this case the best the prosecution could offer was that the computer being monitored was used to compose emails. Email can be protected under the wiretap laws but only as they travel over data networks. After they are stored, snooping is not protected under wiretap laws.

More information on this story can be found at SecurityFocus.com and more on keystroke loggers can be found at Wikipedia.org

On October 5, 2004, I posted a blog entry about California Governor Arnold Schwarzenegger vetoing three privacy bills, including two bills that would have restricted the outsourcing of medial and financial data services. In that blog entry, I argued Governor Schwarzenegger’s decision is wrong.

Recently, a new report by the Information Security Forum shows that outsourcing and offshoring data processing and other business functions carries significant risk, particularly with regard to regulatory compliance. The report acknowledges that outsourcing is “here to stay,” and urges careful planning and management of outsource partners to minimize associated risks. Unfortunately, the full version of the report is available to ISF members only.

There was language inserted into an omnibus spending bill that would have allowed two committee chairmen to view the tax returns of any American. The language was caught and is being revised before being sent to President Bush for his approval. What is concerning here, as Republican Senator John McCain points out, is that when budgets and bills are pushed through at the end of a session, noone has a chance to read them and virtually anything can be contained in the bill.

Obviously this is a serious invasion of privacy, but it makes one ponder how much legislation there may be in these hundreds of thousands of pages of leglislation that either explicitly or implicitly violates the privacy and rights of U.S. citizens.

More information can be found on this ongoing news story at this article on CNN.com.

The Associated Press reports (see CNN) that test trials of “Secure Flight” may include European passengers who have flown on U.S. airlines. The European data privacy commission is interested in determining whether Secure Flight may in fact violate European privacy laws. Despite the fact that the TSA obligated U.S. Airlines to participate in Secure Flight, the liability and remediation for violating these laws stands with the airlines.

Multinationals must naturally comply with the laws of different nations, however, satisfying the obligation of one nation may cause a conflict with an obligation of another nation. This scenario further demonstrates the importance of standards-based compliance testing that crosses the boundaries of traditional approaches to software.

The Privacy Place researchers have participated in a Transnational Digital Government project, which focuses on developing a prototype system for remote border control. Recently, I read an article that says new security technologies, which call for fingerprinting, photographing and running checks on suspicious visitors, are being tested at U.S. border crossings. Digital fingerscans and photos are matched with databases to determine if visitors might be wanted for immigration problems and crimes or are on lists barring them from entering the country because of suspected terrorist ties. The information will be stored indefinitely in a national database, but Homeland Security officials promised its use would be restricted to ensure privacy. By the end of 2005, the United States Visitor and Immigrant Status Indicator Technology program, or US-VISIT, is scheduled to be used at all 165 land border crossings.

The current issue of Mental Floss (http://www.mentalfloss.com/) has an interesting story about the origin of Social Security numbers and what the different parts of the number mean.

According to Mental Floss, the first three digits are assigned based on the zip code where you applied for the number, the second two digits are group numbers and are not assigned sequentially but rather according to a rather complicated sequencing scheme which goes something like, a) odd numbers between 01 and 01 b) even numbers from 10 to 98 c) even numbers from 02 through 08, and d) odd numbers from 11 through 99. The last for digits are simple sequence numbers

The Mental Floss article has an interesting story about accidental misuses of the social security numbers in the early days of the system . . .

Read the rest of this entry »

Apparently, there is a new x-ray machine to be used in airports in England that can see through peoples’ clothes. The machine produces an anatomically correct and detailed image in black and white. Civil liberties groups have labeled the machines as unjustified and intrusive. However, 98 percent of people who participated in the prelimary random “test run” gave positive feedback.

When I began reading this article, I was appalled at the idea of having to stand in front of an x-ray machine that will render me all but naked to some given individual. However, when I read further, it seems they address many privacy concerns. A spokesperson said that the machine images are not stored, it would be operated by a same sex operator, and that the operator would never see the actual individual. This anonymity is a bit more reassuring, but I still see the possibility of privacy invasions. The question is: Is this mild form of embarassment worth the protection the machines could provide?

Read more about this article, “Airport X-ray sees through clothes.”

Dozens of voters from Florida had to speak their ballot choice aloud to the poll people. They feel like they lost their right to a secret ballot as everyone in the line could hear their choice and this violated their privacy. By 2006, all counties in the state are required to provide voting machines accessible to to the blind.

Source

I believe that every one got emails from West African or Nigerian, claiming there is large amount of money for you to pick up, almost for free. The ABC reports that a Sydney man has been sentenced to more than five years in jail for defrauding millions of dollars in an international email scam. See full story here.

We all have probably experienced using e-mail programs which provide auto-complete features. So if I were sending an email to Bob Smith and wasn’t paying enough attention there is a high possibility that I could send that email to Joe Smith. This is a problem since we not only reveal the other person’s email-address but now we can associate them to where they work as well. There are of course many ways we can prevent such problems from occuring. Some of them are mentioned in the article below.
E-mail poses privacy problems