Privacy Review

Main | October 2004 »

September 23, 2004

Passenger Prescreening

Epic.org reports on the new passenger prescreening program.
The Transportation Security Administration has released a Privacy Act notice (pdf) and privacy impact assessment (pdf) for the test phase of Secure Flight, the passenger prescreening initiative under development to replace CAPPS II. The notice shows that Secure Flight, like CAPPS II, will be a secretive program that may collect personal information irrelevant and unnecessary for aviation security. Furthermore, passengers will be deprived of judicially enforceable rights to access and correct personal information. The Transportation Security Administration has also issued a proposed order (pdf) that will require airlines to turn over passenger records from June 2004 to test Secure Flight.

Posted by Irene at 12:55 PM

September 20, 2004

Privacy Guidelines

The following is a set of Guidelines as found in 'The Privacy Journal' that can help you protect your privacy. Be wise and awake about your privacy...

• Be discreet when filling out application forms, whether on-line or in paper form. Often, you can provide general instead of specific information and still complete the transaction (for example, responding “over 18” or “younger than 65” when asked for age). Try to determine what information on an application or warranty form is for marketing purposes and not necessary for completing the transaction. When you are asked to sign authorizations to disclose your personal information, date the form or add an expiration date and cross out language that makes the authorization too broad or general. Revoke the authorization in writing if you reconsider later.
  
• Protect the confidentiality of your Social Security number. Just say no. Social Security numbers are really not necessary when applying for credit or insurance. There are legal limits when government agencies ask for Social Security numbers (explained in the chapter on Numbers). Any request for your number when the transaction has tax consequences – like getting a job or opening a bank account or buying a house – is legitimate. In other cases, ask for a random number you select or, if you must, try providing only the last four digits.
  
• Attach conditions to sensitive information that you feel you have to provide. Ask that it not be further disclosed outside the organization or that it be destroyed after a certain period. Ask to inspect it in the future. This creates a binding contract with the organization. If it refuses to accept your conditions, that tells you about its information practices.
  
• Never provide sensitive information over the telephone or Internet to someone you don’t know – including your Social Security number, home address or phone number, bank-account or insurance-policy numbers, bank balance, mother’s maiden name, or medical information. If you want, call back the company and keep a record of its phone number.
  
• Phrase your demand so that it elicits a positive response, not a negative one. Don’t say, “I refuse. . . .” Say, “Because I’m concerned about my privacy, I chose to keep that information to myself. . . .” Assume that most clerks, as individuals, will identify with your concerns, and you will discover that many of them do. Be persistent. Be prepared to try three or four times before the organization caves in.

• Ask to inspect and correct files about yourself where federal law permits this – credit reports, consumer investigations, school records, federal-agency files, cable TV providers, and criminal records. A dozen states provide these rights for insurance files and 15 states have these rights for personal information stored by state agencies. Almost half the states and a federal regulation require this for medical records
  
• Ask the post office not to disclose your new address to commercial mailers when you file a change-of-address form. Better still, make your change of address temporary not permanent. A temporary forwarding instruction is good for one year, and the Postal Service does not forward temporary change-of-address information to commercial list users and direct marketers.
  
• Ask to inspect your own medical file and to add information to it if necessary. About 20 states and a federal regulation give you this right and most professional medical organizations endorse this right.
  
• Organize your telephone service for your own convenience. Have your telephone number listed without an address in the directory. This will provide much of the same protection that you seek from an unlisted number – and for no charge – because marketers are not interested in collecting phone numbers without addresses. This will keep you out of the address and telephone directories on the World Wide Web. For a nominal monthly fee, phone companies will provide you a second phone number that will ring with a distinctive sound. You can make this your “public number” that you provide to businesses and government agencies. Reserve your original telephone number for friends and relatives, and then you will know when they are calling. In addition, ask the major mailers to delete you from their telephone and mailing lists.
  
• Remember that cellular, mobile, and cordless phones are not secure. Neither is electronic mail; regard it as you would a postcard. Remember that a recipient of your e-mail can pass it on to the whole world, inadvertently or intentionally. You have to respond to e-mail carefully to avoid sending responses to persons you did not intend to receive it. Do not ever use telephones and computers at work for sensitive or embarrassing communications. Federal law permits employers to monitor.
  
• Demand that a telemarketing company that calls you add your name to a do-not-call list. By federal law, it must abide by that list. The same law prohibits recorded advertisements and fax advertisements into your home unless you consent. If you want to try to reduce telephone-sales calls and direct mail, ask the Mail Preference Service or the Telephone Preference Service of the Direct Marketing Association to remove you from all lists used by its member companies. Remember that this will not cover all telemarketers or all mailers and will not be as effective as listing your telephone number without your address in the telephone directory. Many states have government-run do-not-call lists as well.
  
• Learn all you can about new technologies that affect your privacy – automated telephone devices, the Internet, genetic tests, electronic mail, bar codes, automated collection of highway tolls, skin implants for identification, two-way cable television, face recognition, digital driver’s licenses, airport-screening devices, and biometric identification devices like hand scans and eye scans. Know how they work – what they can do and can’t do.
  
• Protect against theft of identity. This crime is the impersonation of you by a stranger to get identity documents or use your credit accounts. The main vehicle for it is the circulation of your Social Security number or carelessness with it by organizations. Keep your SSN out of general circulation as much as you can. Keep it off your driver’s license and your personal checks.
  
• Think of Noah’s Ark. To protect your privacy, think in twos. Rip in half any documents with vital personal information on them, including Social Security numbers, bank account information, or credit-card numbers. Deposit them in separate side-by-side trash containers. Empty each trash can at alternating times, so that these sensitive documents can not be reconstructed after you dispose of them. Or use a paper shredder. Use two phone numbers at home. Use a personal mailing address and a “public” mailing address, which can be a post office box, a commercial mail-receiving firm, an office address, or a landlord’s address. This second address will not disclose your physical whereabouts, or that of your children. Have two Internet service providers and electronic mail providers, one for sensitive uses and the other for “public” uses. Have two credit cards, one for customary use and one for on-line use. If something goes wrong on-line, you can promptly cancel that credit card with no inconvenience. Use a second, out-of-town doctor to disguise certain sensitive treatments, if necessary.
  
• Zealously protect the identities and addresses of your children. Avoid having them enumerated until they reach an age when they are seeking employment. This will keep them out of dangerous databanks and locator services. Take advantage of tax credits and deductions without providing SSNs for your children, if you can; otherwise be willing to do without the tax benefits. Keep them off mailing lists by using an adult’s name on magazine lists and direct-mail purchases. Don’t provide their names on any applications that parents submit. Do not permit them to provide family information – or information about their physical whereabouts or real names – on the Internet.
  
• Resist surveillance in the community. Make it clear to law enforcement and businesses what you think of the presence of camera surveillance everywhere. Demand that they prove that it is effective. Point out its cumulative effect on the culture and the community.
  
• Take time to devise in your mind a strategy for dealing with the press if you should be suddenly thrust into a newsworthy situation. Select in your mind a trusted friend you would call upon, to advise you, to be a liaison between you and news reporters, and to assure that you disclose to the public exactly what you want to and keep private exactly what you want to.
  
• Shop ahead. When you seek insurance, a mortgage, retail credit, a bank account, or other important transaction, be prepared to dicker. Provide the least amount of personal information possible to get the transaction. Be prepared to be asked for more. Provide a little more, if you wish, and be prepared to be asked again to provide more information. Shop around for a transaction you really don’t need, simply to practice your technique of negotiating for the least amount of privacy sacrifice. Most important, be fully prepared to do without the transaction or to shop elsewhere if you believe that you are being asked for too much personal information. If you are dealing with a dominant business or a monopoly, be prepared to complain to the state agency that regulates the business. It may have guidelines that help you or it may be willing to intervene on your behalf.
  
• Shop Around. The new century has brought a few new products and services that actually enhance your privacy – e-mail forwarding services that protect your anonymity, encryption software, innovative telephone-answering machines, shredders, mail receivers. Seek them out.
  
• It is going to cost you. In the information age, privacy comes with a cost. You can expect to pay slightly more for some of the duplicative services you need, and you may pay a premium for dealing with an organization that respects your personal information. You may have to do without some of the enticing discounts that require you to agree to be bombarded by commercial messages in the future. The rewards for paying these additional costs are immense. They bring an increased sense of control and dignity to your life. In addition, you will find that you can accomplish a whole lot more or have more leisure time after you take precautions to ration the interruptions and intrusions into your life. One of the richest men in America, Paul Mellon, once said, “The idea of power never appealed to me. What has appealed to me is privacy. To me, privacy is the most valuable asset that money can buy.”
  
• Choose your battles. Not every collection of personal information or every intrusion is worth expending your energy. Decide which information is most sensitive to you and which moments in your life are most important to protect. However, you should err on the side of protectiveness, because you cannot anticipate which information about you will become crucial in the future. Remember that nearly all of the personal information that businesses and government agencies collect concerns how we spend our money. Work hard to limit it to that.

  Posted by Irene at 01:03 PM

  September 14, 2004

  Users against TCPA

  A very interesting website that brings awareness on a very important security and personal privacy matter is the the site againsttcpa.com. TCPA meaning (Trusted Computers Platform Alliance).

  This plans that every computer will have a TPM (Trusted Platform Module), also known as Fritz-Chip, built-in. At later development stages, these functions will be directly included into CPUs, graphiccards, harddisks, soundcards, bios and so on. This will secure that the computer is in a TCPA-conform state and that he checks that it's always in this state. This means: On the first level comes the hardware, on the second comes TCPA and then comes the user. The complete communication works with a 2048 bit strong encryption, so it's also secure enough to make it impossible to decrypt this in realtime for a longer time. This secures that the TCPA can prevent any unwanted software and hardware. The long term result will be that it will be impossible to use hardware and software that's not approved by the TCPA. Presumably there will be high costs to get this certification and that these would be too much for little and mid-range companies. Therefore open-source and freeware would be condemned to die, because without such a certification the software will simply not work. In the long term only the big companies would survive and could control the market as they would like.

  Read all the information on the website and think for yourself.
  

  Posted by Irene at 02:51 PM

  September 13, 2004

  Articles Welcome!

  We welcome articles on online (and offline) privacy issues! The present publication aims to offer an uncensored location for being able to 'have your say' in these matters freely, with no hold-backs.

  All articles will retain copyright of the author and can be published anonymously if desired.

  Posted by Irene at 07:57 AM

  September 08, 2004

  60% Rise in Secrecy

  Openthegoverment.org reports (pdf) on the fact that the goverment has increased by 60% 'secrecy' spending to $6.5 Billion.

  In the report you will find things like:
  

  
  
  • With 14 million new documents stamped secret in 2003, the government created 60% more secrets in 2003 than in 2001 – the biggest jump in secrecy for at least a decade.

  • The U.S. government last year alone spent $6.5 billion securing its classified information. That’s more than any annual cost in at least a decade.

  • Every document classified cost the government $459 to secure that document plus its accumulated secrets. That's the cheapest a secret has cost since 1996. The bad news: As shown above, overall costs of keeping secrets are rising each year and the federal government creates even more new secrets.

  • For every $1 the federal government spent in 2003 releasing old secrets, it spent an extraordinary $120 maintaining the secrets already on the books. In contrast, from 1997 to 2001, the government spent less than $20 per year keeping secrets for every dollar spent declassifying them. In this case, secrecy comes at the direct expense of openness.

  • The U.S. releases old secrets more slowly. The number of pages declassified in 2003 dropped to nearly one-fifth (43,093,233) the number declassified in 1997.

  Posted by Irene at 03:38 PM

  September 07, 2004

  Welcome

  Welcome to Privacy Review! We aim to bring to our readers news, views opinions, solutions, ideas and discussions on online and offline privacy as it develops in todays changing world.

  Privacy is noy laughing matter. It is in the core of our democracy (ies) and is not something that should be sacrificed easily, for short or long term results.

  George Orwell described in '1984' a society in which there was no real essence of privacy. This type of society has played a rather role-model role for a fascist totallitarian establishment that we all hope we will not meet in our lives.

  20 years after the Orwellian political fantasy we are faced with decisions on sacrificing parts of our privacy for reasons which vary from the fight against terrorism, to the lack of comprehension about the essence of privacy and freedom, or even to the pure selling of our privacy for some petty cash.

  It's time to think about privacy a bit more than we think about it at the moment. It's time to rethink the way we face ourselves and others around us.

  Posted by Irene at 06:08 PM