Author Archive

RFID and Privacy

Thursday, October 13th, 2005

RFID is a super hot topic right now. The potential market is huge. Many chip makers, including Texas Instruments, Intel, AMD, Motorola, etc., are convinced that RFID will become the most prevalent “electronic-based intelligence” technology of the 21st century. RFID will link machines, goods and people, helping companies gauge consumer preferences. RFID has raised a lot of concerns about compromising consumer privacy. Some people even set up a website to raise the public’s awareness on this topic. There is a also new book “Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID” by Katherine Albrecht and Liz McIntyre that was recently published by Nelson Current.

IBM Announces A Privacy Policy Promising Not To Use Genetic Information In Hiring, Benefits Decisions

Tuesday, October 11th, 2005

Compared with the Chicago Bulls (see a blog entry I posted several days ago), IBM Corp., the world’s largest technology employer by revenue, is doing something right and big for the society to help protect employee privacy. IBM will soon announce a work force privacy policy that is promising not to use genetic information in hiring or in determining eligibility for its health care or benefits plans. Genetic tests are not prevalent in the marketplace, but some companies have secretly performed the tests without employees

Missouri Insurance Consumers Overwhelmingly Choose To Keep Personal Information Private

Thursday, October 6th, 2005

Missouri governor Matt Blunt, signed an insurance audit bill HB 388 on July 12, 2005 that requires the Missouri Department of Insurance to modify the consumer complaint form to include a provision in which consumers can authorize the public release of their file. The bill took effect in September 2005. Of the 377 complaints filed with the department during the first month, 334 consumers chose to not authorize the release of any information. That’s an overwhelmingly 90 percent of the insurance consumers who choose to keep personal information confidential. The new law allows consumers who file a complaint with the state about their insurance company to prevent disclosure of their personal information, including healthcare details. Prior to the new law, Missouri

Curry’s DNA fight with Bulls ‘bigger than sports world’

Wednesday, October 5th, 2005

The Chicago Bulls requested NBA player Eddy Curry to provide his DNA sample for testing his genetic makeup before signing a one-year $5M contract with the Bulls. Curry’s lawyer Alan Milstein says this is an invasion to Curry’s privacy and the implication could go beyond the sports world. “Hand that information to an employer,” he said, “and imagine the implications. If the NBA were to get away with it, what about everyone else in this country looking for a job.” Read the whole story.

Privacy Advocates Oppose Expansion Of DNA Database

Friday, September 30th, 2005

The Senate Judiciary Committee has approved a bill that would force suspects arrested or detained by federal authorities to provide samples of their DNA that would be recorded in a central database. This is a step to expand government collection of personal data, and maybe another step in expanding government intrusion. Currently, only people convicted of crimes must provide a DNA sample. Privacy advocates, including Jim Harper, director of Information Policy Studies at the Cato Institute, oppose the expansion of the FBI-run national DNA registry. Harper is a keynote speaker at the IAPP Privacy Academy 2005 Oct. 26-28 in Las Vegas.

North Carolina Consumers Gain New ID Theft Protections

Wednesday, September 28th, 2005

North Carolina Governor Mike Easley signed into law Senate Bill 1048, “The Identity Theft Protection Act of 2005” on September 21, 2005. Under this bill, businesses are prohibited from using Social Security numbers to identify customers. The measure requires businesses not to print Social Security numbers on documents, such as health insurance cards. The bill also restricts businesses from selling or displaying SSNs to a third party without an individual

Kevin Mitnick Recalls Cyber Crime And Punishment

Thursday, September 22nd, 2005

Kevin Mitnick, a notorious serial hacker and security specialist, recounts his criminal hacking exploits. Mitnick looks back at his criminal past as detractors comment on his life then and now. Mitnick is the founder of Mitnick Security Counsulting, LLC and a speaker at IAPP

Aladdin Study Uncovers Increase in Crime-Related Spyware

Monday, September 19th, 2005

Security company Aladdin’s eSafe Content Security Response Team (CSRT) found that 15 percent of spyware threats succeed in copying a user’s passwords, usernames, hashes of an administrator’s passwords, instant messaging usage, email addresses and other sensitive information. The two-month analysis of top 2,000 known spyware threats shows that there is a growing amount of spyware specifically designed for identity theft. These spyware poses tremendous threats to both personal and commercial privacy, with potentially dangerous effects for large organizations in need of protecting proprietary information. Read a full article of this story.

Author’s recommendation:
For Windows users, please download ALL of the following three antispyware tools and run them once a WEEK on your personal computer. All these three tools are free for personal use:
Spybot Search and Destroy
Microsoft Windows AntiSpyware

IBM’s Sovereign Information Integration (SII) technology: double encryption to achieve privacy-minded security

Friday, September 16th, 2005

Information sharing and integration are essential elements of today’s marketplace. Current information integration approaches are based on the assumption that all of the information in each database can be revealed to the other databases. This is a potential privacy concern in many applications, such as applications that involve medical information and national security. IBM Almaden Research Center’s Sovereign Information Integration (SII) technology allows companies to share and integrate data while complying with privacy policies and laws. The SSI technology employs an innovative double-encryption technique in which each party encrypts its own data and then sends it to the other party to encrypt again. Double-encrypted data can be compared without violating disclosure rules because nonmatching values are protected by the other party’s encryption and would be unreadable by either party. SII is the functional component of IBM’s Hippocratic Database, which ties into health care applications to let users indicate who should have access to certain patient data.

The Identity Theft Resource Center reports 102 data breaches since Jan. 1, 2005

Wednesday, September 14th, 2005

The Identity Theft Resource Center reports 102 data breaches in the U.S. since Jan. 1, 2005, potentially affecting more than 56.2 million individuals. Most of the incidents could have been prevented with safe data handling practices, for example, sending postcards with Social Security numbers on them or requiring students to place name and SSN on rosters that are passed through classrooms or placed on papers or tests. See a most updated list of 2005 Disclosures of U.S. Data Incidents (PDF). An interesting observation is that a lot of these incidents happened in universities.