Wednesday, August 09, 2006

Expectations of Privacy and Search Engines

A while back, the Bush administration issued subpoenas to major search engines like Google. Search engines collect a lot of information about us. They log our searches, often our IP address, and track sites we visit via cookies.

In November, Search Engine Watch wrote about a man who was convicted of killing his wife partly because law enforcement authorities discovered that he used Google to search for “neck,” “snap,” and “hold.” A less disturbing thread from WebmasterWorld reported that a woman clicked on her ex-boyfriends AdSense links so often that his account was suspended.

For more on privacy and search engines, see the Slate article by Timothy Wu.

Related to this topic...I heard a story about this on NPR today on the way home. I believe on NPR's Digital Culture...however I was unable to locate the story again as I missed what search engine doesn't track your IP address when you search. I found other references online to DogPile and Ice Rocket...but these didn't sound like the name of the engine in the story.

Did anybody catch it?

Monday, August 07, 2006

VA loses sensitive data again...

Oops. Okay, maybe the first time was forgivable. Understandable even...but the second time? third?

"The disclosure comes after a string of recent data breaches at the VA, including the May 3 theft of 26.5 million veterans' personal data from a VA employee's home in suburban Maryland. The laptop and external drive containing that information has since been recovered, and two teens were arrested Saturday as part of what appeared to be a routine burglary.

In recent weeks, the VA has also acknowledged losing sensitive data for more than 16,000 veterans in at least two other cases in Minneapolis, Minnesota, and Indianapolis, Indiana." [Source: CNN]

These people served our country. Can't their privacy and credit be protected at a minimum?

RFID e-passports

Back from a slight posting hiatus (library construction, planning to move half way across the country, etc), I’ve been hearing a story that I think is worth exploring. There’s been quite the buzz in news and blogs that the US Department will begin issuing passports embedded with RFID tags in October.

There has been confusion mixed with equal parts controversy regarding whether the e-passports will have RFID tags or something called an ISO 14443 chip. RFID systems pretty much consist of RFID chips (also sometimes called tag or smart card) and a reader. RFID tags can be passive or active. Passive tags are powered by the readers, while active cards have their own power.

RFID are commonly used for tracking supply chains (such as WalMart). RFID has seem some adoption by libraries, although this has certainly been tempered due to cost of implementing the system. The e-passports will have a type of RFID tag that is passive and uses the ISO 14443 chip. This chip can be encrypted, but it doesn't have to be. The State Department does not plan to encrypt the chips used in the passports.

Public outcry is largely centered around the fear that these e-passports will be able to be read from a great distance. Some say 10 or 30 feet – although this distance could certainly be open to debate. Stoking the fire, Luke Grunwald – a German security expert – demonstrated how personal information from an e-passport could be copied and transferred.

In response to concerns, The State Department will:
"...include an anti-skimming material in the front cover and spine of the electronic passport that will mitigate the threat of skimming from distances beyond the ten centimeters prescribed by the ISO 14443 technology, as long as the passport book is closed or nearly closed." [Source]
Could the data stolen off an e-passport could identify American citizens in other countries? Could it lead to identity theft? This whole issue is certainly worth hashing out before October rolls around.