Archive for the ‘privacy’ Category

Like mother, like daughter

Wednesday, March 31st, 2010

I’m back in socal cleaning out my mother’s house. It’s an endless chore and I make slow progress. What’s been interesting to me lately is discovering how some of my behaviors are inherited from my mother even though I might have never known they were her behaviors (or at least not consciously been aware of knowing). For example: saving receipts. Like every single receipt for everything, and organized by year. I’ve decided finally to start shredding old receipts — anything not from the current year — but apparently my mother didn’t own a shredder. I’ve found 20 year old receipts. In fact, lots of other 20 year old documents. And receipts and documents for all the years since then too.

I found this binder the other day full of magazine and newspaper clippings. Which is a new habit of mine — instead of keeping whole magazines, I rip out the few pages I want to keep and organize them in a binder. I guess I got that from my mom too.

It’s amazing how much of someone’s life you can piece together by her accumulated bits of paper: travel routes via gas receipts, favorite foods by restaurant receipts, personal interests by saved clippings. Some of it I save because sometimes I discover something new or because I want to remember some moment with her, but most of it I shred. Because I’m trying not to be a hoarder.

How does craigslist work?

Tuesday, May 27th, 2008

I just moved and have some household items I have to sell — things that are too small or too big for the new place. Saturday morning I took some photos and posted two ads on craigslist. Six hours later, I removed said ads and was done with the whole business.

Quite frankly I was surprised it went so fast. A woman called and left a message about my dining room table and chairs while I was out for a late lunch. I returned her call and she wanted to come over and see it. The topic of fitting it into her car came up and she told me what kind of car she had and I said ok. I was excited someone was interested because it was the first phone call I’d gotten about the ads, but then I began to contemplate how crazy it was to invite a complete stranger over to my new home.

An hour later a man called, asked for me and said he was downstairs and I started to think…What a clever scam — have the woman call and set up the appointment, but send the man to the actual address. Clever and diabolical indeed. But because I had gotten an email from a man’s address with her name on it (she had a really unique name), I assumed they were husband and wife and I looked out the window and the car she had mentioned over the phone was downstairs so I went down and let them both in.

They came up, looked over the table and chairs, agreed they both wanted them, and then as she was counting money out of her wallet, she asked, So what do you do at ___? You work there, right? And I froze for a second, then said, How do you know that? And her husband laughed and said, caller id! Damn work issued cell phone! He continued, any anonymity you thought you had is gone. It made me laugh (and also immediately wonder if I’d called anyone else back).

Then 15 minutes later another couple came over to look at the rug. Again — woman called, asked if she could she come over right now to look at it. I said ok. I got to the door and she was adorable and looked non-threatening. He had murder in his gorgeous sky blue eyes. But I let them both in anyway. She got excited about the rug, and he completely softened and became solicitous — it was actually quite sweet. She paid me; they took the rug. The end.

I don’t know the magic of craigslist and how it is that I’ve never had a bad experience on it. I’ve met people on craigslist, I’ve bought both my motorcycles off there, I found my writing group, I’ve found all of my SF apartments on there, and my pet rat, now I’ve even sold stuff, and almost every person I’ve interacted with via ads on craigslist has resulted in a pleasant experience (I had one slighly unpleasant experience with a woman trying to sell a motorcycle, but I didn’t buy her bike and it wasn’t that big of a deal). What are the odds though? And how often are there unpleasant experiences — because I find it hard to believe all these strangers come together via anonymously posted ads and end in 100% satisfaction. I think I’m just lucky all my experiences have.

Privacy in the future?

Monday, July 23rd, 2007

I cleaned up this blog several months ago (not long after my virtual stranger Googling me incident) and deleted all the personal entries that were too personal. I left anything I considered benign, and anything related to my mother, benign or not. Having had a online journal for so long, it’s still an endlessly fascinating subject to me — this need and desire to expose myself on the one hand, yet my concern for privacy on the other.

I’ve been thinking about how differently my son’s generation must view privacy. And I know I’m onto a relevant topic because a friend and expert in this field is seriously considering the implications of this as well. I had my son visiting me for four days and he was talking about myspace and about how they post party announcements there which was an interesting and updated version of the story I heard last week: mom discovers a 15+ year old flyer for a house party at her house while she and dad were away. A printed flyer. I’ll bet you kids don’t print flyers anymore.

Sites like myspace, flickr, youtube, twitter, etc, along with your cell/smart phone mean at any given moment you can broadcast your whereabouts and your whattodos, and can share intimate and assorted details about your personal life for most, if not all, the world to see. And kids do. Without qualms. So when these children become adults, do you think they’re going to be bothered by cashless transactions or FastTrak devices that can tell their friends where they are at any given moment or RFID tagged everything? I think not — these things will only make their lives simpler: gratification faster, information sharing with their pals seamless, and fridges keeping themselves full. Why wouldn’t you want this kind of technology? Who cares if the marketers (and whoever else they want to share information with) know and keep track of everything you buy, or that someone could paint a pretty accurate picture of your life based on your travel history, especially if they tie it with your financial transactions because who in that generation is going to care that every single purchase someone makes will leave some sort of electronic mark?

I feel old and paranoid just talking about it. Everytime I shred a piece of paper with personally identifying information on it, I wonder to myself, why do I bother? Why, when you can look up any one of the x domain names I own and pull up an address? Why bother when my trash can has my address on it? Why, when someone can just steal my mail — who cares about all the credit offers I’ve already shredded when the next one will be stolen before it reaches my mailbox? Just this weekend I received a pin number for a credit card I never received — I wonder where that ended up. And just try not to give your social security number away — everytime I ask someone if they really need it and can’t I provide some other method of identifying myself, there isn’t and I can’t or it’ll take me two extra days — and honestly, most of the time it’s not worth the two extra days for me so I admit it, I’ll give it up pretty easily. Nowadays, identity theft is to be expected. You are now encouraged and expected to anticipate it and to monitor your records and credit reports accordingly. I feel like I’m fighting an endless battle that few people of my generation care about, and far less, if any, of my son’s generation will care about.

What’s left to defend if everything about you is electronically recorded? Soon, you’ll want to and be able to monitor the state of your elderly and forgetful mother, your drug addicted teenager, his thieving friends, your daughter and her questionable sexual behaviour. And then the government will want to, too.

Maybe this generation doesn’t watch or read enough science fiction. Or maybe I’ve read too much.

On the run

Friday, June 15th, 2007

I love this story about a woman who literally chases down her identity thief. Karen Lodrick runs into the woman who stole her identity 6 months ago while they’re ordering the same drink at Starbucks. And the crazy bitch lives three blocks from her. San Francisco is a small, small world.

E-Gold

Tuesday, May 1st, 2007

Damn…E-Gold charged with money laundering. They’ve been investigating it for some time now, but the indictment is in with a nice doomsday quote from the FBI. I wonder what this means for the future of anonymous money, though I’m fairly certain that at some point, there will be no such thing as anonymous money. Every financial transaction will leave some sort of trace back to you.

Your data isn’t safe

Friday, March 9th, 2007

I’ve already mentioned that I’ve been thinking a lot about anonymity lately and today I was reading about a Tor hack on securityfocus.com. Doesn’t this totally defeat the purpose of Tor?! Why is it so difficult to be maintain anonymity? And why is it so easily taken away?

I was at a talk recently about the online black market. The speaker showed us some realtime irc “ads”. Criminals claim they have X number of credit cards, bank account logins, etc for sale or trade. They post a few so buyers can see they’re serious. There was lots of personal information flashing across the screen during the demo. I saw a guy with an Irvine address and thought, poor fella, I should call him. And tell him what? Oh, I was at a talk and those damn hackers had your name and address and bank info and everything.What? No, I’m not one of them. I just thought you should know.

In my early 20’s, I dated a guy that used to do this kind of crap. And he didn’t even think twice about it. No moral qualms. Spent a lot of money that wasn’t his to buy a lot of things he then traded for more illegally gained things. It bothers me when people think that it’s ok to steal from big corporations because the little guy doesn’t feel it. Well, he does — he has to at the very least deal with his credit card company or bank and waste a countless amount of time sorting out the fraud. And eventually, stealing from corporations trickles down to all of us one way or another.

Have you read about all the personal data theft that’s gone on recently? Look at the TJX data loss results. And personal data loss isn’t uncommon. A couple of years ago, I got a letter from Time Warner saying they’d lost data disks with old employees’ personal data on them. Did I want a free credit check to make up for it?

There was a recent thread on one of the mailing lists I’m on about an atm scam to steal atm card info and pins, and how easy this is to do. The security speaker I mentioned above said he doesn’t even bank online — not because online banking was inherently insecure (because online banking is not inherently insecure), but because he wanted to keep his risk exposure low. I can’t imagine giving up online banking. Convenience trumps privacy and security too often. And I’m aware, but I’m just as bad as you about this. I don’t give out information if I can get away with it, but if it’s between giving up my ss# versus driving 30 miles to go somewhere in person, I might give up the soc depending on my mood that day. If it’s giving up my soc versus paying a deposit — I’ll always pay the deposit. Give up my last name on a first date to someone who doesn’t already know it? Forget it. We’ve already talked about where googling me leads to — my utter mortification.

I had to take Mr. Number Two to be cremated recently (he died on Feb. 22nd, 2007). They wanted my birth date and I didn’t want to give it to them. What the hell do you need my birth date for? They said if they prescribe any medication for my pets. Since my rat was dead and not likely to need meds, they let me leave it blank. But I knew I’d take Number 1, the 3rd in and was wondering if they’d ask for it when I got medication for him. They didn’t. Which made me wonder why they wanted it in the first place.

I Google; you Google

Tuesday, March 6th, 2007

My blog is a funny thing to me. I’ve been working on/thinking about this anonymity post for over two weeks now for my blog and still haven’t completed it. I’ve been thinking about giving up this blog cause it’s so damn personal. And so tied to my real name. Online forum profiles are an interesting phenomena because you can know so much about someone by his/her posts, and never know his/her real name, or anything else about that person he/she doesn’t want you to know.

Someone I don’t know very well told me today that he’d googled me and found out way more about me than he would’ve guessed. Whether he meant guessed he could’ve found out, or guessed about me, I’m not really sure. This always makes me feel embarassed. Which is ironic because I put all out here for the world to see, so can I really be surprised people find it? And can I be so public and embarassed at the same time? Yes.

Don’t get me wrong, I’m totally flattered whenever anyone googles me. I, myself, google everyone. Anyone I have the teeniest, tiniest interest in. People who give interesting talks, people I meet randomly, people at work, friends, family, people I used to know, people with interesting profiles — anyone and everyone. Though I’ve been wondering lately, is that normal? I got the feeling once that someone thought it was weird, and I remember thinking it was weird that person thought it was weird. Doesn’t everyone use google in this way?

Google shirts

Wednesday, April 20th, 2005

I’ve accumulated so many Google shirts that it’s often all I wear to work — I’m a lazy dresser. This is fine at work, but sometimes I feel a little awkward outside of work. I was at the grocery store tonight after my Korean lesson. The guy behind me in line says, you work at Google, pointing to my shirt, and I said yes, and he said lucky you. This isn’t the first time someone’s said that to me and I always wonder what exactly they mean. Lucky me because Google’s an awesome place to work? Or lucky me cause you think I’ve made money on the IPO? If it’s the former, then yay! lucky me! If it’s the latter, I didn’t go full time until after the IPO. I sort of have this desire to tell people that.

I had a cashier at Long’s tell me once how lucky I was to work there; when did I start? About a year ago. Oh! Before the IPO. So lucky. What university did you graduate from? USC. It’s a question my mother would’ve asked. I wanted to tell her I started there before the IPO, but was a contractor for almost a year before I went full time. But what right does she have to that additional information about me? I guess in some way I want to comfort her — to let her know that she may think I’m luckier than her, but I’m not really. I’m a lot like her — just a working girl with bills to pay. Maybe I like my job and the company I work for more than she likes hers, but we’re really not so different at all.

RFIDs in passports

Friday, October 22nd, 2004

Good god…the State Department is planning on putting RFIDs in passports. Note to self: must get valid passport before spring…

Secure Flight, CAPPS II’s replacement, moving into test phase

Tuesday, September 28th, 2004

The TSA (Transportation Security Administration) has issued a legal order to “compel” airlines to provide passenger data to test Secure Flight, its new passenger screening system. Lots of quotes from the privacy officers at TSA, including one from Lisa Dean, ex-EFF’er. But the TSA hasn’t been all that forthcoming with details, and what about the EU Data Protection Directive? How are they going to sort that out? The Practical Nomad has better, more in-depth blog entries about Secure Flight.

Anonymous phone calls…for the stalker in all of us

Sunday, September 12th, 2004

In other news…interesting company that launched a new service to anonymize phone calls by fucking with caller id, and three days later, the owner decides to try to sell it off because of threats by hackers. Star38 launch; Star38 calls it quits.

May be a great service for debt collectors, but imagine what it can do for stalkers. Want to terrorize your neighbor annonymously? Crank call that ex? Star38, baby.

Senator (not) on the no fly list

Friday, August 20th, 2004

This is great evidence of the uselessness of these no fly lists: “One of the best-known U.S. senators” is misidentified as a suspected terrorist on the no-fly list. And this is just a current example — there are many other cases just like this.

It’s been almost 3 years and we still don’t know how people get on these lists and there isn’t a formal, systematic way to be removed from these lists or to find out how you even got on a list. Even when a passenger goes through the effort to clear his name, he finds himself back at square one the next time he flies. EPIC’s No-Fly page — with links to documents from the TSA and complaints from passengers. EPIC filed a suit against the TSA in Dec. 2002. The ACLU filed a lawsuit in April 2004. ACLU’s Why Federal Watch Lists Don’t Work page. The Practical Nomad blog (Edward Hasbrouck) has a fair bit of information on this subject, too.

CAPPS II capsized

Monday, July 19th, 2004

Wow. They’ve finally ceded to the public’s privacy concerns and are abandoning CAPPS II. CAPPS II would’ve color coded all airline passengers to indicate a traveller’s potential to be a terrorist. It would’ve created a huge database linking detailed personal information from various sources about each airline passenger. Way more information than you’d want to give away just to be able to fly an hour down south every month to visit your kid.

I love Bob Barr’s quote: “You can never be absolutely certain that a proposal like this is dead. You can shoot it, stab it, cut its head off, drive a stake through its heart, burn it, scatter the ashes — and still it might pop up somewhere else.”

EFF’s CAPPS II page.

Chatty hospital staff divulges sensitive info

Friday, June 11th, 2004

Forget HIPAA — it doesn’t cover casual water cooler conversations that give away private patient information to anyone within earshot. Social security numbers, medical test results, details of your case…all discussed amongst hospital staff indiscreetly and inappropriately in public, or overheard in phone conversations.

Consumers rate companies’ trustworthiness

Thursday, June 10th, 2004

A recent poll ranks consumers’ trust in companies. eBay ranked as the most trusted US company for privacy. Google received a positive ranking, but didn’t place in the top 20. Hotels and grocery stores are considered less trustworthy, while internet companies, banks, and health organizations were ranked most trustworthy (I wonder if in that order). Amazon, HP, IBM, EarthLink and Dell were all in the top 10, along with AmEx, Procter & Gamble, and the USPS.

The article mentions that consumers are becoming more and more concerned about protecting civil liberties. I think that’s awesome: the more people worry, the more we’re likely to take action.

Medical privacy

Tuesday, June 8th, 2004

At lunch today a couple of the guys were talking about hospital visits and how the staff log everything. Who visited when and did they bring flowers, did they hold the baby, was there any conflict or arguing? And more than one person claimed this was true. A perfunctory search on google yielded nothing to back up these personal anecdotes, but I’m going to go on the assumption that is true. Someone mentioned that a resident friend of his told him he had to write everything down because you, as a doctor, didn’t ever want to be accused of not knowing something or not remembering something that might have been critical to a patient’s welfare. Doctors get sued for malpractice all the time. They pay outrageous amounts of money for malpractice insurance. I can see why you’d want to take careful notes about everything you possibly could.

But it raises a really interesting privacy issue, too. Medical records should be “sacred secrets”, shared only with other professionals when absolutely needed. But if doctors and nurses are actually taking such copious and detailed notes — it’s not just your medical records, it’s also personal data in those files. HIPAA (Health Insurance Portability and Accountability Act), which went into effect on April 14, 2003, set national standards for maintaining the privacy of health information, but is limited to the information maintained by health care providers, health plans and health clearinghouses only if they transmit it in electronic form. And it doesn’t actually prevent medical information from being shared for marketing purposes, or sharing between doctors without explicit consent, or providing information to the public and the media (unless the patient explicitly opts out), and we don’t have the power to sue if these regulations are grossly violated. Doesn’t seem like a whole lot of privacy, does it? <HIPAA Myths, HIPAA Basics>

I was just reading an article last night about how HIPAA could hinder information flow — even if you’ve made legal provisions for someone to act in your stead if you become completely incapacitated or incompetent. If you don’t make explicit HIPAA clauses in your legal documents, the distribution of your money and tangible goods, or your requested medical wishes, might not be honored because without the medical information there is no way for your wife or child or other designated stand in to prove that you are in the condition you’ve claused in your will.

And it made me wonder how soon after a lawsuit occurred challenging these difficulties, would someone try to alter the minimal standards of medical privacy we currently have. Privacy is such a hard thing to try to maintain. If we really care about our privacy, we have to make a conscious and concerted effort to try to safeguard it. And it’s easy to give up because convenience is always the pay off for giving up some privacy. I’m just as guilty of it as anyone else.

And the threats to privacy only get worse as technology ever increasingly becomes more advanced. Cameras are everywhere. RFIDs are prevalent and soon to become much more so (big business is already touting the high returns on investment in RFID), unencrypted email, wireless networks, data mining and caching. Not to mention threats to homeland security and the rights we’ve lost with the PATRIOT Act. It just doesn’t end.

RSA security chief scientist on RFID

Wednesday, June 2nd, 2004

QA with Burt Kaliski. He makes good, rational points. He doesn’t say much that’s new in the RFID conversation, however he makes mention of something that I haven’t heard any discussion about yet — that deactivating the RFID tag also disables benefits of the tag. Currently privacy advocates believe that having the ability to disable the tag at will is a good thing. And while it may be a good thing now for privacy, I agree with Kaliski that there has to be another way to safeguard privacy and still be able to take advantage of the technology. If killing the tags is the only way to ensure my privacy, then my dreams of a smart fridge are never going to be realized.

RFID re-emerges

Saturday, May 29th, 2004

It seems like RFID news has been quiet until recently. So far there hasn’t been any talk of federal regulation of RFIDs, but now the U.S. Federal Trade Commission has scheduled a June 21st workshop to discuss RFID and the effect on consumers. Written comments about the uses of RFID will be accepted until July 9th.

I’m not a huge fan of government regulation, but think it’s a good sign that the debate about RFIDs continues to grow. Other recent news includes the RFID News “Ask the Experts” about RFID which interviews five different people from CASPIAN, HP, EPCglobal, EPIC, and Verisign. I love Katherine Albrecht’s quote (which was also posted on slashdot):

“In most cases, asking how a company exploring item-level RFID tagging can protect their customers’ privacy is like asking a fox how he can best ensure the safety of your chickens.”

Though I disagree with her that “unless they have a financial or professional stake in RFID’s success”, people aren’t going to like the technology. I think the technology is interesting and could be very useful. In the tech ubiquitous home, RFIDs would be a great addition — I think the refrigerator example exemplifies this — a computer in your refrigerator door that tells you when your milk is low and displays recipes based on the contents of your fridge. We’re quite a ways from that, and a lot of standards and policies need to be figured out in order to both safeguard privacy and allow us this convenience, but I personally would love a smart fridge.

The links off of Albrecht’s interview are a great way to introduce yourself to the reasons why we need these discussions if you aren’t already familiar with them.

On the other hand, Jack Grasso of the EPCglobal (a non-profit organization; EPC = Electronic Product Code), claims that consumers “overwhelmingly support the use of RFID for the benefits they expect to recieve from the technology”. But of course if you ask people if they want safer prescriptions or fresher produce, people are going to say yes. If they don’t understand more than that about RFID technology, they’re not fair questions to ask. And the group that did that study also just launched a joint RFID venture with Sun. They’re not unbiased. The study (which is incorporated in a pamphlet informing and encouraging businesses to better market RFID) by Capgemini (formerly Cap Gemini Ernst and Young) contains quotes like “consumer buy-in is essential given the current public debate”, “This finding indicates that many consumers have not yet formed an opinion about RFID, providing an opportunity for businesses to position RFID in a favorable light”, and “If the industry fails to educate consumers, that role will default to consumer advocacy groups”.

Cédric Laurant, of EPIC, also makes mention of the probable publicity campaign that business interests will likely undertake to make item level RFID palatable and even desirable to the average consumer. He also has a detailed list of the ways in which item level RFID tagging can be deployed in a consumer friendly manner.

Misc news items

Thursday, May 27th, 2004

Today — I’m sure you saw it — the BBC is going to license some of their audio and video media using a Creative Commons like license. Lawrence Lessig is, of course, thrilled, and rightfully so. The BBC is awesome — for doing this and taking a progressive step in copyright, for promoting and encouraging creativity by allowing us to use their media, and also for providing excellent news coverage.

In science news, I’ve been reading a fair bit on the nanobacteria controversy — are they a new life form or just interesting crystals? It’s odd to see that a group of scientists are already marketing and selling products based on the belief that there are such things as nanobacteria before the proof has been conclusively decided. I find that extremely unscientific, but they seem to be getting away with it.

On the privacy front, some Republicans want to make the provisions that were supposed to sunset at the end of 2005, a permanent fixture of the USA PATRIOT Act — basically they expanded government rights to access and tap into personal and private information in the name of national security. Donna Wentworth has written an awesome primer on these provisions at the EFF.

On the filesharing front, there’s the wonderful PIRATE Act that turns criminal copyright infringement lawsuits into civil lawsuits so that the taxpayers foot the bill for the legal costs that the recording industry currently pays, and allows the government to wiretap to verify copyright infringement claims. Copyfight article here.

And for fun, here are some of my favorite search queries to hit this site:

  • fertility tips on how to get pregnant with an introverted uterus (google)
  • Hells Angels Cisco (msn)
  • plastic surgery giveaway (msn)
  • vignette (google)
  • download video plastic surgery reality shows (msn)
  • blog heartbroken over love hurts quote (yahoo)
  • two girls touching each other (msn)
  • download gladiator pepsi commercial (yahoo)
  • pics of normal size penises (msn)
  • different of bird-eating spiders and beautiful girls pics (msn)

MSN users are really special.