Archive for December, 2006

Oops – 100,000,000 times (for now)

December 21, 2006

A week of severe data security breaches: UCLA reported hackers gained access to a database containing personal information on 800,000 current and former applicants, students, faculty and staff. Aetna revealed a lockbox holding personal information of 130,000 health insurance customers was stolen. And Boeing reported a laptop containing personal information of 382,000 current and former employees was stolen from an employee’s car. US Privacy Rights Clearinghouse reports that the total number of personal records lost or exposed in security breaches since February 2005 now exceeds 100 million. The total maintained by the organization represents the number of records that have been compromised due to security breaches, not the number of individuals affected. Individuals may be the victims of more than one breach. However, only data breaches that result in information useful to ID thieves, such as Social Security numbers, bank account details and driver’s license numbers, count towards the 100 million mark. The reports of security breaches are a result of legislation originating in California’s Security Breach Information Act of 2003 and now adopted in about 30 additional states. Europe is still considering similar legislation. In the UK, for example, a report by Deloitte Touche Tohmatsu reveals 25 million personal records are exposed to theft and fraud annually. One of the big issues, particularly for Europe, where private lawsuits are rare and class actions uncommon, is whether individuals can actually do anything with knowledge about their data having been compromised.

RFID: A chip on your shoulder

December 17, 2006

One of privacy advocates‘ prime suspects have long been RFID systems, enabling data to be transmitted via a portable device, called a tag, to an RFID reader and processed according to the needs of a particular application. RFID, which started as a benign replacement of the barcode, allowing Wallmart to perfect its inventory control process, is increasingly appearing in privacy-compromising applications. Last week, U.S. Department of Homeland Security Secretary Michael Chertoff defended national ID cards, established by a federal law called the Real ID Act in May 2005, as vital for security and consistent with privacy rights. Among other concerns, national ID cards may carry RFID tags, despite a recent DHS advisory committee report advising against using RFID for tracking humans. More prosaic, a report by researchers at the University of Washington warns against surreptitious surveillance of joggers by their Nike+iPod Sport Kit, which consists of an RFID chip. The EU Article 29 Working Party has last year warned against the dangers of RFID in an official report. The bigger problem lurking behind RFID is that of privacy in an age of ubiquitous computing, where every object, not only cellphone but also table or spoon, is a computer. 

“International Law: Between War and Peace”

December 7, 2006

mishp.jpg The definitive hebrew textbook on public international law? With “International Law: Between War and Peace” (Ramot 2006), Orna Ben Naftali and Yuval Shany (College of Management School of Law and Hebrew University Faculty of Law, respectively) make an invaluable contribution to a field more important and relevant in Israel than, perhaps, anywhere else in the world.

Spam goes “Bam”

December 7, 2006

Bill Gates predicted spam would be a thing of the past by 2006. Well, it is making a big comeback after an off year in 2005. In the last six months, the problem has gotten measurably worse. The NYT reports worldwide spam volumes have doubled from last year and unsolicited junk mail now accounts for more than 9 of every 10 email messages sent over the Internet. The negligible costs of orchestrating an attack and significant trouble of preventing one do not help. For an overview of anti-spam legislation see David Sorkin’s Spam Laws.

The DHS presents: ATS

December 5, 2006

The US Department of Homeland Security revealed its new big data mining program: the Automated Targeting System (ATS), successor to the former Total Information Awareness (TIA), Computer Assisted Passenger Pre-screening System (CAPPS-2) and “Secure Flight” programs. For the past four years, ATS has assigned millions of international travelers, including American citizens, computer-generated scores rating the risk they pose of being terrorists or criminals. The scores are assigned to passengers entering and leaving the US after computers assess their travel records, including where they are from, how they paid for tickets, their dates of birth, motor vehicle records, past one-way travel, frequent flier account details, hotel accommodations, meal requests  and seating preference. Privacy advocates are responding with alarm.