Tag Archives: Privacy

Nano Robots Are The New Health Plan

Like all comics, Dilbert has shown a marked decline in quality over its lifetime. Still, there are the occasional gems. Nano Robots Are The New Health Plan follows Adams’ usual method of exaggerating something to the point it becomes totally relatable but it’s perhaps not as far-fetched as you might think.

Nanotech might still be in its toddler phase but the ability of electronic devices to detect levels of chemicals in our bodies exists today. It’s not hard to imagine such sensors being scaled down to the point where we could have them inserted into us to monitor in realtime. When that happens, what will stop employers from mandating them?

Keep in mind many employers require you to have health insurance now. And those requirements often include mandatory yearly physicals. If these health monitors end up cheap enough they may be cost-effective compared to physicals. Why wouldn’t your company require you to have them? A violation of your personal liberty you say? The response to that is “you have the personal liberty to get a job somewhere else.”

Perhaps they’ll allow you to access some of the data on your phone (or watch). Then you’ll get messages like “Your stress level is elevated, stop drinking coffee” or “Blood pressure above maximum allowable level, 15 minute meditation required to continue”. Think of it as your company-sponsored personal trainer (who rats you out when you don’t follow orders).

Why the theft of OPM data is so awful

Yes, it’s another cybersecurity post. It’s becoming more of an issue for all of us and you’d better be prepared.

You’ve probably heard that the Federal Office of Personnel Management (OPM) was recently hacked and a lot of sensitive personal data was stolen. But it’s much worse than originally reported. Also stolen was a second set of data, the Standard Form 86 (SF 86).

The SF 86 “QUESTIONNAIRE FOR NATIONAL SECURITY POSITIONS,” is a 127-page form that asks (among other things), where applicants have lived; contacts with foreign citizens and travel abroad; the names and personal details of relatives; illegal drug use and mental health counseling except in limited circumstances. It is filled out by anyone who is looking for a security clearance.

It is rumored that the data was stored, for no discernible reason, on Dept. of the Interior servers. The data was not encrypted, but the OPM is claiming that it wouldn’t have mattered as the attackers possessed valid network credentials and could access the data in unencrypted format. There was no two-factor authentication in use. Needless to say Congress is having a cow.

Fingers are being pointed at China for this attack (they of course deny it). It certainly sounds like it’s state-sponsored given the data stolen and its potential for use in blackmail and espionage. If you have a clearance of any kind you’re potentially a target now that the attackers know more about you than anyone else (including possibly your spouse).

[Update 6/23/2015] Hey, remember when I said it was “much worse”. Well, it’s even worse than that. It’s possible up to 14 million records were obtained, essentially everyone who has ever worked for the federal government. All of them now in the hands of a foreign government.

RadioShack sold its customer data to pay debt

When RadioShack’s company name was auctioned off for $26.2 million, the company that bought it also got their database of customer information. The FTC is so angry they’ve written to the bankruptcy court asking that the data be protected.

If you’ve ever registered with RadioShack, online or in a store, you’d better hope the FTC gets listened to.

You need an anti-doxing strategy

If you’re active in any social media or otherwise have an opportunity to express an opinion online (sadly, particularly if you’re female), you’ll need an anti-doxing strategy.

If you’re not familiar with the term “doxing”, it refers to harassment in the real world as a result of information that can be gleaned about you online. It can range from anything from being signed up for mailing lists or printed magazine subscriptions to annoying telemarketer calls to even having the local SWAT team called to your house (this is called “Swatting”). It can range from annoying to potentially life-threatening, so it’s something to take seriously and plan for accordingly.

Using privacy as a competitive advantage

I was thinking the other day about Google and Apple. Google’s lifeblood is the information it can gather from its customers, from their web searches to movement of Android phones (to ascertain traffic congestion) and more. They’re not alone, of course, lots of companies are doing the same in order to either sell you something or enable someone else to sell you something. It’s the business model behind every “free” service. But not everyone is doing that.

Apple has a very large (and very valuable) user base that they’re not using the way Google and others are. It’s evolved over time, sure, but Apple prioritizes user privacy, treating it like a competitive advantage. They collect the minimum amount of data necessary, encrypt it when they do collect it, and delete it when it is no longer needed. Yes, an iPhone is more expensive than most Android phones, but ask yourself how much your privacy is worth to you.

Is a TrueCrypt fork in the works?

If you recall my earlier post about TrueCrypt mysteriously shutting down, news that a possible TrueCrypt fork is in the works is certainly interesting news. But complicating the issue is one of the developers claiming that a fork isn’t possible and only a complete rewrite would work. Stay tuned, I guess.

The ECJ’s troubling “right to be forgotten” ruling

On Tuesday the European Court of Justice (ECJ) ruled that Google violated a Spanish man’s right to privacy by not taking down search results pointing to an auction the man ran to pay off some debts. Note that the ECJ didn’t say that the documents that Google points to have to be taken down, just the pointers themselves, which seems odd. Also, the ruling is just the ECJ’s agreement that the case has merit. It’s up to a Spanish court to now actually enforce the deletion and fine Google should it fail to comply.

The so-called “right to be forgotten” is fairly new in EU law (it appeared in 2012) and can’t exist in the US since it’s in opposition to the First Amendment. Unfortunately, it’s rooted in concepts that don’t exactly have counterparts online. It’s one thing to restrict access to things like juvenile arrest records, since they usually exist in only one place. But the documents at the heart of the Spanish man’s case still exist on the Net and plenty of other sites link to them, with plenty more resulting from the publicity this case has generated. Will Google be barred from pointing to these sites? Right now, no one knows.