Says eMail Isn't Private ... OKs snoopting by email providers
Yahoo, AOL and others can open your e-mail all with
the courts OK
Late last month, the First Circuit Court of Appeals in Massachusetts
upheld a lower courts ruling that stated an Internet
service provider did not break the law when it read e-mail
stored on its computer servers. The 2-to-1 decision supported
the owner of a rare book business, called Interloc, who used
an e-mail service he provided to customers to read incoming
messages sent by Internet book dealer Amazon.com in 1998.The
business owner was indicted on wiretapping charges in 2001.
The Center for Democracy and Technology, a privacy advocacy
organization based in Washington, D.C., has said the federal
courts decision undermines citizens e-mail privacy."The
decision potentially creates a loophole for law enforcement
access to e-mail," the organization stated on its Web
site, "and exposes the inadequacy of current law against
(the Internet service providers) use of the customers
e-mail for their own business purposes and without notice
Is Yahoo tracking you online?
Yahoo is now using something called "Web Beacons"
to track Yahoo Group users around the Net and see what
you are doing and where you are going - similar to cookies.
Take a look at their updated privacy
About half-way down the page, in the section "Outside
the Yahoo! Network", you'll see a little "click
here" link that will let you "opt-out" of their
new method of snooping. I strongly recommend that you do this.
Once you have clicked that link, you are opted out. Notice
the "Success" message the top the next page.
Be careful because on that page there is a "Cancel Opt-out"
button that, if clicked, will *undo* the opt-out.
Technology Sniffs Employee Offenders (Wired News,
December 13, 2002) The software watches what employees do,
and in some cases matches that usage data with employees'
personal profiles to pick out the worker who is most likely
to turn to a life of crime. . . . Some systems administrators
at large companies said they are increasingly being asked
to quietly collect digital evidence on difficult employees
-- those who are in danger of being fired, or who have just
been fired. . . . Companies are also employing snoopy software
to make sure their employees aren't stockpiling corporate
secrets. . . . Savvydata's RedAlert goes a step further, collecting,
consolidating and analyzing internal and external employee
information to determine an individual's threat to the organization.
Savvydata claims RedAlert can predict which employee is most
likely to be involved in malicious activities such as theft
of sensitive information. . . . RedAlert 2.0 includes the
company's newest security offering, Intelligent Information
Dossier plus. IID+ is an optional subscription-based component
that allows corporate IT folks to research employees' criminal
histories, credit information, financial asset details, friends
and associates. . . . That data can be combined with RedAlert's
collection of internal data -- such as what files employees
accessed, the contents of their e-mails and what company policies
they violated -- to draw what Savvydata reps describe as a
"clear picture that can be used in determining an employee's
risk to your organization." . . . "I understand why you'd
need something like this if you are the CIA, but for standard
biz use ... I just don't think I'd work at a company that
used these sorts of tools."
New Technology Sniffs Employee Offenders
(Wired News, December 13, 2002)
The software watches what employees do, and in some cases matches that usage data with employees' personal profiles to pick out the worker who is most likely to turn to a life of crime. . . . Some systems administrators at large companies said they are increasingly being asked to quietly collect digital evidence on difficult employees -- those who are in danger of being fired, or who have just been fired. . . . Companies are also employing snoopy software to make sure their employees aren't stockpiling corporate secrets. . . . Savvydata's RedAlert goes a step further, collecting, consolidating and analyzing internal and external employee information to determine an individual's threat to the organization. Savvydata claims RedAlert can predict which employee is most likely to be involved in malicious activities such as theft of sensitive information. . . . RedAlert 2.0 includes the company's newest security offering, Intelligent Information Dossier plus. IID+ is an optional subscription-based component that allows corporate IT folks to research employees' criminal histories, credit information, financial asset details, friends and associates. . . . That data can be combined with RedAlert's collection of internal data -- such as what files employees accessed, the contents of their e-mails and what company policies they violated -- to draw what Savvydata reps describe as a "clear picture that can be used in determining an employee's risk to your organization." . . . "I understand why you'd need something like this if you are the CIA, but for standard biz use ... I just don't think I'd work at a company that used these sorts of tools."
PATRIOT ACT Court Battle
EPIC (Electronic Privacy Information Center) today [September
20, 2002] joined with a coalition of civil liberties groups
to urge a secret appeals court to reject a government bid
for broadly expanded powers to conduct "national security"
surveillance on U.S. citizens. In a "friend of the court"
brief filed with the Foreign Intelligence Surveillance Court
of Review (FISCR), the groups said that expanding such powers
would jeopardize fundamental constitutional interests, "including
the First Amendment right to engage in lawful public dissent,
and the warrant, notice, and judicial review rights guaranteed
by the Fourth and Fifth Amendments."
At issue in the case is whether new Justice Department
surveillance rules seeking to use looser foreign intelligence
standards to conduct criminal investigations in the United
States are constitutional and permissible under the USA PATRIOT
Act adopted by Congress after the September 11 terrorist attacks.
The civil liberties brief urges the FISCR to uphold a decision
of the Foreign Intelligence Surveillance Court, which in May
unanimously rejected the government's bid for expanded powers.
In its decision, the intelligence court documented abuses
of "national security" warrants by both the Bush
and Clinton Administrations, including serious errors in approximately
75 applications for foreign intelligence surveillance.
At a hearing last week, members of the Senate Judiciary Committee,
which has oversight of the Justice Department, also condemned
the government's position. "We need to do our work well
and ensure that domestic surveillance is aimed at true national
security targets and does not simply serve as an excuse to
violate the Constitutional rights of our own citizens,"
said Committee Chairman Patrick J. Leahy (D-VT). "The
abuses of the past are far too fresh simply to surrender to
the executive branch unfettered discretion to determine the
scope of these changes."
After the lower court's decision was made public in late August,
the civil liberties groups notified the FISCR that they intended
to file a brief. The groups had hoped to submit their brief
before the appeals court met to review the case, but the
secret court met on September 9 and only the government was
allowed to present arguments. EPIC joined the American
Civil Liberties Union, Center for Democracy and Technology,
Center for National Security Studies, Electronic Frontier
Foundation, and the Open Society Institute in submitting today's
The civil liberties amicus brief is available at:
Background information on the Foreign Intelligence Surveillance
Act, including the current controversy, is available at:
The text of the USA PATRIOT ACT is available at:
Creeps into Your Computer
(Chris Wenham, Salon.com, May 2, 2002)
Outrage surged through users of the KaZaA file-sharing utility
when they learned, early in April, that a new breed of spyware
had been installed on their computers. KaZaA, probably the
most popular heir to Napster's throne, was already well known
for coming bundled with a wide variety of parasite programs
that serve up advertisements, track Web-surfing activity,
and otherwise cause mischief. But the newest arrival topped
anything seen before in scope or ambition. . . . A company
called Brilliant Digital had surreptitiously installed software
in computers running KaZaA. Once activated, the software
would set up a distributed computing network, allowing Brilliant
to hijack the resources of thousands of personal computers
to serve the needs of its own customers. . . . Hollings'
bill should outrage Internet users just as much as Brilliant
Digital's spyware. For while it talks a good game about protecting
"sensitive" information, the truth is that it would
place a congressional stamp of approval on precisely the kinds
of practices that purveyors of spyware are eager to engage
in. . . . the Online Personal Privacy Act. It is masquerading
as pro-consumer when in fact it is pro-business. .
. . Spyware programs use a variety of technologies. Setting
"cookies" on your hard drive identifies you to particular
Web sites, and "Web bugs" -- invisible image files
on Web pages -- in conjunction with cookies help track movement
through the Web. They make the problem of collecting data
and associating it with a unique entity easy. The next step
is getting your name, which can be done as soon as you make
an impulsive click to buy something from a site that is sharing
information with the spyware loaded on your computer. . .
. In one swoop, Hollings not only makes it possible
for businesses to accelerate into this brave new world of
automated lifestyle profiling, but also fools consumers into
a false sense of security that'll have them buying more, and
Has Shelved Its Internet 'Persona' Service - the threat of
Hailstorm has passed for now
(John Markoff, New York Times, April 11, 2002)
Microsoft has quietly shelved a consumer information service
that was once planned as the centerpiece of the company's
foray into the market for tightly linked Web services. . .
. The service, originally code-named Hailstorm and later renamed
My Services, was to be the clearest example of the company's
ambitious .Net strategy. It was intended to permit an individual
to keep an online persona independent of his or her desktop
computer, supposedly safely stored as part of a vast data
repository where there could be easy access to it from any
point on the Internet. . . . after nine months of intense
effort the company was unable to find any partner willing
to commit itself to the program . . . "They ran into
the reality that many companies don't want any company between
them and their customers," . . . Microsoft was unable
to persuade either consumer companies or software developers
that it had solved all of the privacy and security issues
raised by the prospect of keeping personal information in
a centralized repository . . . American Express officials
have told computer industry executives that they remain concerned
about being displaced by Microsoft's brand in such a partnership.
. . . the Hailstorm plan quickly became a lightning rod for
privacy advocates who saw dangers in concentrating vast amounts
of personal information in a single repository. . . . Last
fall a coalition of privacy groups complained in a letter
to the Federal Trade Commission about the potential risks
inherent in Microsoft's collecting personal information from
and about several hundred million personal computer users.
Upholds Rights of Anonymity, Privacy in Bookseller Records
(EPIC, April 11, 2002)
In a First Amendment case with national significance, the
Colorado Supreme Court ruled this week that a Denver bookstore
does not have to give sales records to police seeking information
in a drug investigation. . . . The case arose after Tattered
Cover, a Denver-based bookstore, challenged a court order
for book purchase records. The local drug task force police
sought the records after finding a Tattered Cover Book Store
envelope containing a methamphetamine lab and drug-making
"how-to" books outside a mobile home they raided
in Denver. . . .The state Supreme Court, in a 51-page opinion
overturning the district court opinion, recognized that the
First Amendment and a section of the Colorado Constitution
"protect an individual's fundamental right to purchase
books anonymously, free from governmental interference."
Customer purchase records enjoy First Amendment protection
and may only be disclosed to the police if there is a "compelling
need" that outweighs the interests of the customers.
The court concluded that, in this case, the law enforcement
need was not sufficiently compelling to outweigh the harm
threatened, in part because law enforcement officials sought
the purchase record for reasons related to the contents of
the books that the suspect may have purchased, and in part
because the police had reasonable alternative measures of
investigation at their disposal.
National ID cards being slipped in under
Pay Dirt in Scannable Driver's Licenses
(Jennifer 8. Lee, New York Times, March 21, 2002)
One by one, they hand over their driver's licenses to a doorman,
who swipes them through a sleek black machine. If a license
is valid and its holder is over 21, a red light blinks and
the patron is waved through. . . . But most of the customers
are not aware that it also pulls up the name, address, birth
date and other personal details from a data strip on the back
of the license. Even height, eye color and sometimes Social
Security number are registered. . . . "You swipe the
license, and all of a sudden someone's whole life as we know
it pops up in front of you," said Paul Barclay, the bar's
owner. "It's almost voyeuristic." . . . Now, for
any given night or hour, he can break down his clientele by
sex, age, ZIP code or other characteristics. If he wanted
to, he could find out how many blond women named Karen over
5 feet 2 inches came in over a weekend . . . Scanners that
can read the licenses are slowly proliferating across the
country. So far the machines have been most popular with bars
and convenience stores . . . The electronic trails created
by scanning driver's licenses are raising concerns among privacy
advocates. Standards and scanning, they say, are a dangerous
combination that essentially creates a de facto national identity
card or internal passport that can be registered in many databases.
Web Site Tracks Visitors With Cookies
(Brian McWilliams, Newsbytes.com, March 18, 2002)
A Web site operated by the Central Intelligence Agency is
marking visitors with a unique identification tag or "cookie"
that violates federal privacy guidelines and the agency's
a non-profit group. . . . The CIA's Electronic Reading Room
site, which provides online access to previously released
CIA documents, places a "persistent" cookie on visitors'
computers when they visit the site. . . . Designed to remain
on the visitor's computer until December 2010, the cookie
contains the user's Internet protocol address as well as a
unique identification number, Newsbytes has confirmed. . .
. The keywords you put in for searching on FOIA documents
can reveal a lot about you. The CIA can use these cookies
to reconstruct who is interested in what. Even if you browse
from several different ISPs, they can use your cookie's unique
ID to tie all your searches together," said Brandt.
Microchips Will Track Every Move
(Carl Limbacher and NewsMax.com Staff, March 14, 2002)
"In ten years nearly every consumer item will probably
bear a tiny chip that continually broadcasts its existence
to radio-frequency readers at loading docks, store shelves,
entrances, security stations and parking lots - just about
everywhere," . . . A Sam's Club under construction outside
Tulsa, Okla., is installing the system, already in use at
a Gap store in suburban Atlanta; a Prada boutique in Manhattan;
a McDonald's in Boise, Idaho; and Star City Casino in Sydney,
Australia. . . . "Privacy advocates are quaking over
the prospect that anyone with a radio-frequency reader, including
the government, could find out where a passerby had purchased
his shoes. It would be easy for Wal-Mart, say, to use its
in-store readers to figure out which competitors its customers
frequented. Even scarier, some credit-card issuers are considering
implanting radio tags in their plastic cards," Forbes
Global says. . . . Lee Tien, a lawyer with the San Francisco
watchdog group Electronic Frontier Foundation, warned "there
will be times when that information will be demanded by the
government for purposes of investigation."
On March 4, 2002, Privacy International presented the 4th
annual UK "Big Brother" awards to the government
and private sector organisations that have done the most to
invade personal privacy in Britain. . . . Four "Big Brother"
awards were presented to the individuals, organizations, and
departments which have done most to invade personal privacy.
A "lifetime menace" award was also be given. . .
. "Winston" awards were also be given to individuals
and organisations which have made an outstanding contribution
to the protection of privacy, as well as to people who have
been victims of privacy invasion.
Reports Strong Opposition to a U.S. National Identity Program
(The Gartner Group, March 12, 2002)
41 percent of U.S. citizens are opposed to the creation of
a national identification database to identify citizens and
visitors to the United States. Only 26 percent of U.S. citizens
agreed that such a database should be established. Opposition
to such a database was particularly strong in the southern,
western, and midwestern regions of the United States. . .
. "The technology is ready now. Public opinion is not,"
said Richard Hunter, GartnerG2 vice president and research
director, security. "Our survey shows that the public
supports a national ID only for very specific, limited purposes,
and people are quite suspicious of what governmental agencies
might do with it." . . . "The distrust of public
institutions as keepers of a national ID database that we
see in our study tells us that the public is worried about
the potential for abuse," Hunter says. "The government
hasn't done a good job of explaining to the public how it's
going to protect from misuse all the information it gathers
about them. If there's a plan, the public doesn't know about
who's tracking you by cell phone?
(Ben Charny, ZDNet News, February 27, 2002)
The nation's cell phone service providers will soon know exactly
where every one of their customers is, at all times, and privacy
rights groups are asking what they plan to do with the information.
. . . "There are some things you don't mind other people
knowing, but your location isn't one of them," said Gary
Laden, a privacy program director for BBBOnline, a Better
Business Bureau subsidiary. . . . Sprint is already offering
an Enhanced 911 (E911) system in Rhode Island and sells a
pair of phones that work on the system. In a year, Verizon
Wireless says nearly half of all new handsets activated will
have this capability. The FCC expects 95 percent of the cell
phones sold in the United States by 2005 will meet the FCC