Privacy Review

Anti-Spyware market to rocket

The corporate anti-spyware market is predicted to explode over the next four years extending to more than 540m seats in 2009, a 30-fold increase from an estimated 16m seats in 2005, according to a study by analysts the Radicati Group published this week.

Security concerns - including regulatory compliance risks posed by spyware threats - and the effect of spyware on worker productivity are driving the growth in the market. Radicati's Corporate Anti-Spyware Market, 2005-2009 report also indicates that the cost of managing spyware is quickly rising as spyware programs become increasingly devious. It reckons the administrative cost of dealing with spyware-infected computers will reach about $265 per user in 2005.

(Copyright The Register)

Comment and TrackBack Spam

I apologize for removing the trackbacks of the entries in the present weblog. Spammers have been abusing this constantly lately...

Refuse to surrender your freedom

Today our most fundamental freedoms are in jeopardy. Only a bold, spirited movement of people like you who refuse to surrender your freedoms can protect our civil liberties.

On January 20th, George Bush will pledge to uphold the Constitution. Our goal is to recruit 100,000 new ACLU supporters by that day to proclaim "I REFUSE TO SURRENDER MY FREEDOM" by taking this simple pledge:

"I pledge to join with over 400,000 ACLU members and supporters to help ensure that the President, his administration, and our leaders in Congress fulfill their duty to preserve, protect, and defend our Constitution.

By reaffirming my commitment to the American values of justice and liberty for all, I am enlisting in a powerful movement to defend our freedoms against assaults on our civil liberties."

Let's make it clear to those who seek to take away our freedoms that they are on the wrong side of the law... the wrong side of core American values... and the wrong side of history. Take the pledge now and stand strong in support of freedom.

For more information please visit the American Civil Liberties Union

Happy New Year

Happy and Safe New Year to all of you!

Voting Rights vs Privacy Rights

Registering to vote in many jurisdictions threaten the privacy of rights of voters. Because voter registration information is considered part of the public record they are available to anyone. For example, by accessing the Travis County, Texas elections Web site, you can find a voter’s birth date, voting precinct and home address.

Check out Privacy.org for more information.

Creating A Privacy Policy

Again from the Privacy Journal we bring you a list of tips and hints for creating a privacy policy for your organization.

1. Organizations establishing privacy policies should incorporate the elements of the widely accepted *Code of Fair Information Practice:
* The existence of all data systems with personal information in them should be publicly disclosed, and the purpose for which information is gathered about people should be disclosed. This is the principle of openness or transparency.
* There must be a way for an individual to find out what information about him or her is in a record and how it is used.
* There must be a way for an individual to prevent information about him or her that was obtained for one purpose (which was stated when the information was gathered) from being used or made available, either within the organization or outside, for a purpose that is incompatible with the original purpose, without getting the consent of the individual. This is the principle of secondary use.
* There must be a way for an individual to correct or amend a record that contains information that is identifiable to him or her.
* The organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability, accuracy, security and timeliness of the data. In other words, the custodian of information that is disseminated has an obligation to the individual to make sure it is accurate, secure, and not misused. This obligation ought not be delegated to another entity.

2. An organization must make sure that other entities handling personal information in behalf of the first organization are bound by these same principles.

3. An organization must conduct periodic risk assessments, balancing the possibility or probability of unauthorized access or disclosure against the cost of security precautions and the expected effectiveness of the precautions. In some cases, it will be necessary to establish an audit trail so that records are kept of disclosures of personal information, both within the organization and outside.

4. Organizations must take special precautions in collecting and using personal information about children, both those 13 or younger and those 18 or younger.

5. An organization should openly disclose its policies and practices with regard to electronic surveillance of its employees' and customers' telephone calls, electronic mail, Internet usage, changing rooms, and rest rooms. It must articulate in advance the reasons for the surveillance.

6. An organization should collect only that personal information that is PROPORTIONAL to the purpose of the information. It must scrutinize each demand for information to determine that it is relevant and necessary.

7. An organization should designate an individual or office (whether full-time or part-time) to handle privacy issues by (a) acting as an ombudsman for customers or employees, (b) assessing the privacy impact of new undertakings, (c) assuring that the organization complies with all laws and trade-association standards; and (d) informing the organization of the latest technology and policies that affect the privacy of customers or employees. An organization, if it utilizes "opt-out" for customers to stay out of certain uses of their information, should make exercising "opt-out" easy, as easy as clicking a button or checking a box, without the need to write a letter or to communicate with another office.

8. An organization should conduct periodic training of its employees (and volunteers) to assure that they know (1) applicable laws on confidentiality that govern the organization, (2) the organization's policies and actual practices, (3) the rationale for protecting confidentiality and the sensitivity of personal information, (4) the ability to recognize possible breaches and to report them to the proper person. An organization may chose to certify that employees who handle personal information are properly trained.

Passenger Prescreening

Epic.org reports on the new passenger prescreening program.
The Transportation Security Administration has released a Privacy Act notice (pdf) and privacy impact assessment (pdf) for the test phase of Secure Flight, the passenger prescreening initiative under development to replace CAPPS II. The notice shows that Secure Flight, like CAPPS II, will be a secretive program that may collect personal information irrelevant and unnecessary for aviation security. Furthermore, passengers will be deprived of judicially enforceable rights to access and correct personal information. The Transportation Security Administration has also issued a proposed order (pdf) that will require airlines to turn over passenger records from June 2004 to test Secure Flight.

Privacy Guidelines

The following is a set of Guidelines as found in 'The Privacy Journal' that can help you protect your privacy. Be wise and awake about your privacy...

Be discreet when filling out application forms, whether on-line or in paper form. Often, you can provide general instead of specific information and still complete the transaction (for example, responding “over 18” or “younger than 65” when asked for age). Try to determine what information on an application or warranty form is for marketing purposes and not necessary for completing the transaction. When you are asked to sign authorizations to disclose your personal information, date the form or add an expiration date and cross out language that makes the authorization too broad or general. Revoke the authorization in writing if you reconsider later.
Protect the confidentiality of your Social Security number. Just say no. Social Security numbers are really not necessary when applying for credit or insurance. There are legal limits when government agencies ask for Social Security numbers (explained in the chapter on Numbers). Any request for your number when the transaction has tax consequences – like getting a job or opening a bank account or buying a house – is legitimate. In other cases, ask for a random number you select or, if you must, try providing only the last four digits.
Attach conditions to sensitive information that you feel you have to provide. Ask that it not be further disclosed outside the organization or that it be destroyed after a certain period. Ask to inspect it in the future. This creates a binding contract with the organization. If it refuses to accept your conditions, that tells you about its information practices.
Never provide sensitive information over the telephone or Internet to someone you don’t know – including your Social Security number, home address or phone number, bank-account or insurance-policy numbers, bank balance, mother’s maiden name, or medical information. If you want, call back the company and keep a record of its phone number.
Phrase your demand so that it elicits a positive response, not a negative one. Don’t say, “I refuse. . . .” Say, “Because I’m concerned about my privacy, I chose to keep that information to myself. . . .” Assume that most clerks, as individuals, will identify with your concerns, and you will discover that many of them do. Be persistent. Be prepared to try three or four times before the organization caves in.
Ask to inspect and correct files about yourself where federal law permits this – credit reports, consumer investigations, school records, federal-agency files, cable TV providers, and criminal records. A dozen states provide these rights for insurance files and 15 states have these rights for personal information stored by state agencies. Almost half the states and a federal regulation require this for medical records
Ask the post office not to disclose your new address to commercial mailers when you file a change-of-address form. Better still, make your change of address temporary not permanent. A temporary forwarding instruction is good for one year, and the Postal Service does not forward temporary change-of-address information to commercial list users and direct marketers.
Ask to inspect your own medical file and to add information to it if necessary. About 20 states and a federal regulation give you this right and most professional medical organizations endorse this right.
Organize your telephone service for your own convenience. Have your telephone number listed without an address in the directory. This will provide much of the same protection that you seek from an unlisted number – and for no charge – because marketers are not interested in collecting phone numbers without addresses. This will keep you out of the address and telephone directories on the World Wide Web. For a nominal monthly fee, phone companies will provide you a second phone number that will ring with a distinctive sound. You can make this your “public number” that you provide to businesses and government agencies. Reserve your original telephone number for friends and relatives, and then you will know when they are calling. In addition, ask the major mailers to delete you from their telephone and mailing lists.
Remember that cellular, mobile, and cordless phones are not secure. Neither is electronic mail; regard it as you would a postcard. Remember that a recipient of your e-mail can pass it on to the whole world, inadvertently or intentionally. You have to respond to e-mail carefully to avoid sending responses to persons you did not intend to receive it. Do not ever use telephones and computers at work for sensitive or embarrassing communications. Federal law permits employers to monitor.
Demand that a telemarketing company that calls you add your name to a do-not-call list. By federal law, it must abide by that list. The same law prohibits recorded advertisements and fax advertisements into your home unless you consent. If you want to try to reduce telephone-sales calls and direct mail, ask the Mail Preference Service or the Telephone Preference Service of the Direct Marketing Association to remove you from all lists used by its member companies. Remember that this will not cover all telemarketers or all mailers and will not be as effective as listing your telephone number without your address in the telephone directory. Many states have government-run do-not-call lists as well.
Learn all you can about new technologies that affect your privacy – automated telephone devices, the Internet, genetic tests, electronic mail, bar codes, automated collection of highway tolls, skin implants for identification, two-way cable television, face recognition, digital driver’s licenses, airport-screening devices, and biometric identification devices like hand scans and eye scans. Know how they work – what they can do and can’t do.
Protect against theft of identity. This crime is the impersonation of you by a stranger to get identity documents or use your credit accounts. The main vehicle for it is the circulation of your Social Security number or carelessness with it by organizations. Keep your SSN out of general circulation as much as you can. Keep it off your driver’s license and your personal checks.
Think of Noah’s Ark. To protect your privacy, think in twos. Rip in half any documents with vital personal information on them, including Social Security numbers, bank account information, or credit-card numbers. Deposit them in separate side-by-side trash containers. Empty each trash can at alternating times, so that these sensitive documents can not be reconstructed after you dispose of them. Or use a paper shredder. Use two phone numbers at home. Use a personal mailing address and a “public” mailing address, which can be a post office box, a commercial mail-receiving firm, an office address, or a landlord’s address. This second address will not disclose your physical whereabouts, or that of your children. Have two Internet service providers and electronic mail providers, one for sensitive uses and the other for “public” uses. Have two credit cards, one for customary use and one for on-line use. If something goes wrong on-line, you can promptly cancel that credit card with no inconvenience. Use a second, out-of-town doctor to disguise certain sensitive treatments, if necessary.
Zealously protect the identities and addresses of your children. Avoid having them enumerated until they reach an age when they are seeking employment. This will keep them out of dangerous databanks and locator services. Take advantage of tax credits and deductions without providing SSNs for your children, if you can; otherwise be willing to do without the tax benefits. Keep them off mailing lists by using an adult’s name on magazine lists and direct-mail purchases. Don’t provide their names on any applications that parents submit. Do not permit them to provide family information – or information about their physical whereabouts or real names – on the Internet.
Resist surveillance in the community. Make it clear to law enforcement and businesses what you think of the presence of camera surveillance everywhere. Demand that they prove that it is effective. Point out its cumulative effect on the culture and the community.
Take time to devise in your mind a strategy for dealing with the press if you should be suddenly thrust into a newsworthy situation. Select in your mind a trusted friend you would call upon, to advise you, to be a liaison between you and news reporters, and to assure that you disclose to the public exactly what you want to and keep private exactly what you want to.
Shop ahead. When you seek insurance, a mortgage, retail credit, a bank account, or other important transaction, be prepared to dicker. Provide the least amount of personal information possible to get the transaction. Be prepared to be asked for more. Provide a little more, if you wish, and be prepared to be asked again to provide more information. Shop around for a transaction you really don’t need, simply to practice your technique of negotiating for the least amount of privacy sacrifice. Most important, be fully prepared to do without the transaction or to shop elsewhere if you believe that you are being asked for too much personal information. If you are dealing with a dominant business or a monopoly, be prepared to complain to the state agency that regulates the business. It may have guidelines that help you or it may be willing to intervene on your behalf.
Shop Around. The new century has brought a few new products and services that actually enhance your privacy – e-mail forwarding services that protect your anonymity, encryption software, innovative telephone-answering machines, shredders, mail receivers. Seek them out.
It is going to cost you. In the information age, privacy comes with a cost. You can expect to pay slightly more for some of the duplicative services you need, and you may pay a premium for dealing with an organization that respects your personal information. You may have to do without some of the enticing discounts that require you to agree to be bombarded by commercial messages in the future. The rewards for paying these additional costs are immense. They bring an increased sense of control and dignity to your life. In addition, you will find that you can accomplish a whole lot more or have more leisure time after you take precautions to ration the interruptions and intrusions into your life. One of the richest men in America, Paul Mellon, once said, “The idea of power never appealed to me. What has appealed to me is privacy. To me, privacy is the most valuable asset that money can buy.”
Choose your battles. Not every collection of personal information or every intrusion is worth expending your energy. Decide which information is most sensitive to you and which moments in your life are most important to protect. However, you should err on the side of protectiveness, because you cannot anticipate which information about you will become crucial in the future. Remember that nearly all of the personal information that businesses and government agencies collect concerns how we spend our money. Work hard to limit it to that.

Users against TCPA

A very interesting website that brings awareness on a very important security and personal privacy matter is the the site againsttcpa.com. TCPA meaning (Trusted Computers Platform Alliance).

This plans that every computer will have a TPM (Trusted Platform Module), also known as Fritz-Chip, built-in. At later development stages, these functions will be directly included into CPUs, graphiccards, harddisks, soundcards, bios and so on. This will secure that the computer is in a TCPA-conform state and that he checks that it's always in this state. This means: On the first level comes the hardware, on the second comes TCPA and then comes the user. The complete communication works with a 2048 bit strong encryption, so it's also secure enough to make it impossible to decrypt this in realtime for a longer time. This secures that the TCPA can prevent any unwanted software and hardware. The long term result will be that it will be impossible to use hardware and software that's not approved by the TCPA. Presumably there will be high costs to get this certification and that these would be too much for little and mid-range companies. Therefore open-source and freeware would be condemned to die, because without such a certification the software will simply not work. In the long term only the big companies would survive and could control the market as they would like.

Read all the information on the website and think for yourself.

Articles Welcome!

We welcome articles on online (and offline) privacy issues! The present publication aims to offer an uncensored location for being able to 'have your say' in these matters freely, with no hold-backs.

All articles will retain copyright of the author and can be published anonymously if desired.

60% Rise in Secrecy

Openthegoverment.org reports (pdf) on the fact that the goverment has increased by 60% 'secrecy' spending to $6.5 Billion.

In the report you will find things like:

With 14 million new documents stamped secret in 2003, the government created 60% more secrets in 2003 than in 2001 – the biggest jump in secrecy for at least a decade.
The U.S. government last year alone spent $6.5 billion securing its classified information. That’s more than any annual cost in at least a decade.
Every document classified cost the government $459 to secure that document plus its accumulated secrets. That's the cheapest a secret has cost since 1996. The bad news: As shown above, overall costs of keeping secrets are rising each year and the federal government creates even more new secrets.
For every $1 the federal government spent in 2003 releasing old secrets, it spent an extraordinary $120 maintaining the secrets already on the books. In contrast, from 1997 to 2001, the government spent less than $20 per year keeping secrets for every dollar spent declassifying them. In this case, secrecy comes at the direct expense of openness.
The U.S. releases old secrets more slowly. The number of pages declassified in 2003 dropped to nearly one-fifth (43,093,233) the number declassified in 1997.

Welcome

Welcome to Privacy Review! We aim to bring to our readers news, views opinions, solutions, ideas and discussions on online and offline privacy as it develops in todays changing world.

Privacy is noy laughing matter. It is in the core of our democracy (ies) and is not something that should be sacrificed easily, for short or long term results.

George Orwell described in '1984' a society in which there was no real essence of privacy. This type of society has played a rather role-model role for a fascist totallitarian establishment that we all hope we will not meet in our lives.

20 years after the Orwellian political fantasy we are faced with decisions on sacrificing parts of our privacy for reasons which vary from the fight against terrorism, to the lack of comprehension about the essence of privacy and freedom, or even to the pure selling of our privacy for some petty cash.

It's time to think about privacy a bit more than we think about it at the moment. It's time to rethink the way we face ourselves and others around us.