Better take a look at this -- just to be aware of who is watching you.

Forest

To: "ScanThisNews Recipients List" <scan@efga.org>

Subject: [FP] Watch out for privacy invasion of EPIC proportions!

======================================================================

SCAN THIS NEWS

1.19.2000

Watch out for privacy invasion of EPIC proportions!

The following article on "privacy" is very favorable towards the stand taken by the Electronic Privacy Information Center (EPIC); which is that we should grant government authority over our information so that government can protect it for us.

Be forewarned, "protecting privacy" means very different things to different people. Be very careful which groups and measures you support when it comes to "protecting your privacy."

No example could be clearer than that of the falsely named Driver's Privacy Protection Act (DPPA) which does nothing less than grant government (i.e., Big Brother) authority over private information about you held by the state DMVs. Both EPIC and the Free Congress Foundation supported this very anti-privacy measure, the DPPA. The DPPA authorizes many of the information-collection and dissemination measures described below to be carried out under the protection of federal law.

And yet, in this article that outlines and decries invasive data-collection activities, the same organization that promoted the law which allows it to happen "lawfully," EPIC, is credited with being among the groups leading the battle to "protect privacy."

Read what David Sobel, General Counsel for EPIC, has to say regarding the question of who should have ultimate authority over our private information:

"We think there is a role for the government to play in establishing some basic guidelines and ground rules...". This is exactly why EPIC promoted the DPPA. And now, the federal government has total control over, and unlimited access to, our private motor vehicle records. This is not the kind of privacy protection we are battling for. This is what we are battling against.

The "promo-piece" below says that, "Public interest groups like the Electronic Privacy Information Center argu[e] that government regulations are a more effective means of safeguarding privacy...".

Make no mistake, the Fight the Fingerprint & ScanThisNews efforts believe that GOVERNMENT is the very entity that needs regulating when it comes to accessing our private information. Government is the entity that our information needs to be protected from. Conversely, the measures that EPIC is promoting grant GOVERNMENT authority over, and access to, our private information (as exemplified by their support of the DPPA). Be careful what you support.

Scott

-----Original Message-----

From: believer@telepath.com [mailto:believer@telepath.com]

Sent: Thursday, February 17, 2000

To: ignition-point@mailbox.by.net

Subject: REQUIRED READING: Surveillance

Importance: High

--------------------------------------

NOTE TO LISTEES: Every word of this need to be read, understood and carefully digested. There are some solutions suggested in the course of this series of articles. Ultimately, protection of your person, your family, your personal information, and your privacy is a matter of Individual Responsibility. Make it a point to know what is going on, and what options you have. God bless! -- Michele

Total strangers are watching every move you make. They know what you had for dinner last night, which brand of underwear you prefer, and how much you lost at the craps table on your last trip to Vegas. They've got your fingerprints on file, right alongside your Social Security number, your date of birth, your mother's maiden name, and your last three addresses. They can rattle off your mortgage balance and tell you how much you owe on every credit card in your wallet. If you write an e-mail at the office, they can read it, and they can scroll through a list of every Web site you visited today when you were supposed to be working.

Outraged? It won't do any good to call 911, because it's all perfectly legal. Oh, and here's the kicker: You gave away all that information yourself, freely and willingly, and you can't get it back.

How Progress Killed Privacy

Online profiling lets e-businesses in on your private life.

Isn't technology wonderful? When you visit your favorite online shopping site, you can buy a new book or CD with a single click. Your pager and cell phone let you stay in touch with the rest of the world from just about anywhere. Your e-mail in-box is filled with suggestions for new goods and services that appeal directly to your interests. All that technology gives you instant access to the world. Unfortunately, it also gives the world instant access to information about you-and it takes almost superhuman efforts to keep nosy strangers from poking around in your personal affairs. Today e-commerce and the practice of gathering data about customers, or profiling, spark vociferous debates about personal privacy. If you're in the business of selling over the Web, your motives are almost certainly well-meaning-by knowing more about your customers' likes and dislikes, you save them time and present them with buying opportunities that they might not otherwise know about. Amazon.com is the pioneering leader in developing personalized online shopping techniques that depend on a rich flow of information from customers. By analyzing prior purchases, for example, the site generates customized lists of recommended books, CDs, and videos each time a customer returns. And Amazon.com's One-Click shopping feature boosts sales dramatically by letting shoppers skip the checkout line and use a saved address and credit card number instead.

Make It The Law

"The incentives just aren't there for the industry to provide meaningful privacy rights to consumers. We think there is a role for the government to play in establishing some basic guidelines and ground rules so users aren't dependent on the various privacy policies of every Web site they go to. There should be basic rules that apply from one site to the next so users know what their rights are."

-David Sobel, General Counsel, Electronic Privacy Information Center The brick-and-mortar world uses similar profiling techniques to build databases filled with personal information. More than 25,000 food stores in the United States, such as Safeway and Piggly Wiggly, tempt shoppers with cards that track their purchases in exchange for discounts or free goodies. But because the club membership form contains personal information about each shopper, it's ludicrously easy to build a detailed dossier based on your purchases. If you bought a home pregnancy-testing kit last year, and this year you buy a case of disposable diapers every week, the grocer can make some logical assumptions about you.

As long as only one company is keeping track of your activities, these databases may seem harmless. But the growth of the Internet has dramatically increased the amount of information in circulation, and market- driven companies are now sharing databases. With the help of online advertising agencies and data-mining software, online retailers can track every click you make and match it with external databases, putting together remarkably comprehensive profiles about you and your habits.

Giving It All Away

Data Creep

Surprise--you only have yourself to blame.

How does your personal information escape from your custody into the outside world? Eavesdropping and outright theft get the most publicity, but they're hardly the norm. Unless you're a Mafia don, you're unlikely to be the target of a government wiretap, and you're more likely to have your pocket picked than to have your credit card number stolen by an online criminal. Most of the time, you give away private information on your own. In some cases, you give away information voluntarily. When you supply your name, address, and credit card number at an e-commerce Web site, for example, you can expect that they will end up in a database. Beware of any information provider that demands detailed personal information, such as your date of birth, marital status, or annual income. If you enter personal details into an online profile at Yahoo or America Online, you typically have to take special steps to keep that information out of the hands of third parties.

Online and offline, you may also be led to give away important information under false pretenses. When you register a new software package or fill out a product warranty card for that new toaster oven, you may be asked to fill out a lengthy survey, including information about your income, your hobbies, and your favorite magazines. Those details aren't required, but trusting souls who fill them in are unwittingly feeding databases. Sometimes you don't even have to fill anything out to give information away unknowingly. For example every time you connect to a Web page, the Web server at the other end makes a note of your IP address, the browser you're using, and the Web page you came from. If you let your browser store cookies, you also send any personal information you entered on previous visits to that site.

And then there are the thousands of official databases maintained by government agencies-official records of births and deaths, marriages, divorces, property sales, business licenses, legal proceedings, driving records, among other things. To the horror of privacy advocates, many of those databases are going online, too, often with only half-hearted security precautions.

Today's technology makes it all too easy to mix and match your private details.

As recently as five years ago, putting all those pieces of data together was too cumbersome and expensive a task for anyone but large credit- reporting agencies and pricey private detectives. Today it's incredibly easy for even the smallest business to convince you to give up small bits of information, then gather them together to form a complete picture of you. Among privacy advocates, the process is called data creep. Not surprisingly, Internet advertising agencies are the most effective when it comes to recording your movements in cyberspace, usually without your knowledge. Here's how the process works.

You visit a Web site that contains a banner ad from a major Internet ad agency. Without your knowledge, your browser connects to the ad agency's server, which plants a cookie on your computer containing a 32-digit ID code. Each time you visit a new Web site that contains ads from that agency, the cookie sends your unique ID code back to the agency's server and records your movements, helping to build a detailed trail of which Web pages you visit. At some point, you click on a banner ad for an online sweepstakes; when filling out the entry form, you supply your e-mail address.

Congratulations! You've just supplied the missing link that helps that ad agency assemble your entire dossier into one neat package. Without any personal details, the agency can still use your ID to determine which banner ads it displays-always choosing ads to which you're most likely to respond. Once it's got your e-mail address, though, the agency can cross-reference your name, address, and other personal details from other databases. If the ad agency can convince you to supply any more details in your sweepstakes entries, it can add you to highly targeted junk-mail lists and even sell your profile to third parties.

It's Your Right

"We'd like to see privacy policies posted on Web sites, and companies would have to conform to a standard. Then give people a direct civil right of action for any invasions of privacy that can be documented-and give them the right to correct the files. It's a more expanded right than they now have with credit bureaus and paper files under the old law. Give them notice, give them correction, and give them a civil right of action. These are all private initiatives, but the infrastructure is created by the government, so if it sees a really outrageous abuse, and it's used for bad ends, then the government would have its own actionable remedies."

-Ralph Nader, Founder of Consumer Project on Technology The Enforcers Internet merchants hope self-policing will be the answer.

E-merchants want to know as much as possible about you. As an individual, you want to preserve as much of your privacy as possible. In a world increasingly driven by e-commerce, can anything reconcile those two competing interests?

TRUSTe (www.truste.org ) a nonprofit consortium formed by the Electronic Frontier Foundation and sponsored by e-commerce heavyweights including AOL, AdForce, and Microsoft, thinks industry self-regulation is the answer. Public interest groups like the Electronic Privacy Information Center (www.epic.org) scoff at that idea, arguing that government regulations are a more effective means of safeguarding privacy online. Analyst Paul Hagen of Forrester Research cautions that 90 percent of Web sites don't comply with the most basic privacy protection principles and notes that TRUSTe and other industry-backed programs have barely made a dent in the online marketplace.

If you own a business, you owe it to yourself to build intelligent policies that help you understand your employees and customers without invading their privacy. As an individual, it's up to you to identify threats to your privacy and deal with them appropriately. In the following pages, we've identified the four most important privacy issues and what you can do about them today.

Do It Themselves

"I'm a strong proponent of self-regulation. I want to see the industry lead the way because I think it has the ability and the motivation to do so. Satisfied customers at a commercial site equals profits. I would like to see the industry lead the way because it would do so for the right reasons. The government tends to do it for altruistic reasons-and we all know how a lot of those things wind up. We end up making mistakes, and I would hate to see us make any unnecessary regulation by putting up some enormous, costly, and restrictive burden on this developing commercial enterprise."

-Orson Swindle, FTC Commissioner

We Know Who You Are

Think the Net is anonymous? The same information sources that creditors use are available to anyone with a computer and a credit card. With just a few minutes and a few dollars, online snoops can track your real-world activities, right down to your current location.

Employment History

Employment locator services are available at a low cost from companies like Infoseekers.com, requiring only a Social Security number and address to start.Employment locator services are available at a low cost from companies like Infoseekers.com, requiring only a Social Security number and address to start.

Personal Information

For $10 or less, snoops can buy your identifying data from online brokers like 1800ussearch.com and Informus Corp. (www.informus.com). In many cases, this info is all anyone needs to access your banking records. Levi Strauss & Co. now collects your thumbprint and Social Security number when you use its new Original Spin service to buy custom jeans at its stores.

Internet Surfing Habits

Your Internet habits reveal a lot about who you are, and your movements are easier to track than you think. If you have a DSL connection, you're especially vulnerable because your connection is always on. This not only lets hackers know where to find your files but also makes it easy for them to pose as you when they go about their nefarious business. By e-mailing you a cookie embedded in an HTML message, snoops can follow your movements around the Web, while anyone can look up postings you've made to Usenet through sites like Deja.com.

Family History

Well-meaning genealogy Web sites like FamilyTreeMaker.com are a rich source of information for Internet ne'er-do-wells. If they don't already know enough to get at your financial records, what they gather here should do the trick. At many banks, your mother's maiden name is an all-access pass. Once a snoop knows your children's names, it doesn't take much to find out where they go to school. Many schools now host Web sites, posting students' names and grade levels within easy reach of interlopers.

Commute Data

Snoops can track you even on the go. If they know where you live and where you work, it's not hard to figure out your daily commute schedule. With the information available from the most basic people searches, your financial records reveal your daily habits, such as where you stop for gas and at what times.

Business Information

Once a hacker has access to your e-mail, it's easy to intercept your messages through a Web-based mail service like Hotmail, which offers POP mail retrieval. Messages are left for you on the POP server, so you'll never be the wiser. Meanwhile, the thief can track sensitive material like delivery notifications.

Are You Safe?

It doesn't just happen to the poor guy you read about in the newspaper. Thanks to the Internet, sales profiling, privacy breaches, and identity theft can happen to you. Protect yourself by knowing who's watching and following these insider strategies.

Your Boss Is Watching

Your private e-mail and phone conversations are company business. At the office, employers have the right to listen in on or look at every form of communication short of mental telepathy - including e-mail, voice mail, and saved files. The boss might as well be standing over your shoulder, tut-tutting at every personal e-mail you send.

Of course if you're the boss, you have a responsibility to monitor employees' activities. Productivity stays higher if the people you hired are actually working, not spending their days checking stock prices and placing bets at online casinos. You need to monitor Web use and e-mail too. If you don't, you risk being sued for creating a hostile workplace environment if even one employee complains about an offensive e-mail message or a lewd image displayed on a coworker's monitor. Think your company doesn't track what you do at your computer? Think again. Today 45 percent of all companies and 17 percent of Fortune 1000 companies use monitoring software of one sort or another, and IDC predicts that number will jump to 80 percent by 2001. AT&T's automated systems scan 1 million employee messages per day. Government agencies like the Federal Communications Commission are following the lead of private companies, installing software that logs every visit to any Web site by any employee. Thanks to pervasive networking and the low cost of data storage, snooping tools are becoming more powerful and more commonplace. A program called WinWhatWhere Investigator, for example, lets employers record every keystroke you enter on your PC-its user list includes Delta Air Lines, Exxon, and the U.S. State Department. Elron Software's CommandView includes a module called Message Inspector, which filters, stores, and blocks e-mail at your network server.

Game Over

Send the wrong e-mail; lose your job.

For an employee, the consequences of inappropriate electronic behavior can be swift and sudden: Shortly before Christmas, 23 workers at a New York Times administrative center in Norfolk, Virginia, found out how hazardous inappropriate e-mail can be to your career. They got pink slips, and a slew of other employees were reprimanded. The company wouldn't elaborate on the offenses, but quoted its policy, which prohibits using the corporate e-mail system to "create, forward, or display any offensive or disruptive messages, including photographs, graphics, and audio materials." Last October, 40 Xerox employees from around the country were summarily dismissed for spending as much as eight hours a day browsing X-rated and e-shopping Web sites during work hours.

At Pacific Bell in California, a manager was fired for viewing pornographic Web sites at work.

An AT&T employee received a formal reprimand for using the company e-mail system to send love notes to his wife, also an AT&T employee. In 1998 at Salomon Smith Barney, a routine check of corporate e-mail turned up pornographic material; after an investigation, the company fired two executives.

Know the Score

Is your company Big Brother?

How about your company -does it have a monitoring policy? According to an American Management Association survey, 84 percent of American businesses that snoop on e-mail tell their workers they're checking-unfortunately, that means you've got a 1 in 6 chance of being blindsided if you're caught misusing e-mail. The odds go up if you work for a business that processes sensitive legal and financial information, such as a bank or a brokerage. For legal reasons, many such businesses automatically scan all incoming and outgoing mail for keywords that could indicate unauthorized transmission of sensitive information.

Even if your company doesn't track Web usage, your computer may give you away. When you surf the Web, various cache and history files store a record of Web sites you've visited. It takes constant vigilance and a nearly heroic effort to remove all traces of Web activity from your computer. Getting rid of e-mail evidence is even more difficult. Don't assume that periodically deleting your messages makes you safe; most large organizations maintain archives of all corporate files, including those on e-mail servers. Two infamous defendants-Oliver North and Bill Gates-can attest to the power of resurrected e-mail.

Survival Strategies

Protect your privacy with these insider tips.

If you're an employer, there are several things you should do. First, develop a formal acceptable usage policy and make sure every employee knows about it. Tell employees that their computer use may be monitored at any time, and provide clear guidelines for what constitutes acceptable use of company e-mail servers and the Web.

Use monitoring software as an early warning system to identify potential problems. Scan management reports regularly; if you see wide-scale problems, restate the company policy immediately. Provide at least one warning to employees who misuse resources, and give them a chance to correct their behavior. You should also install blocking software to prevent employees from accessing sites you consider inappropriate. A $2,000 software package can prevent a $2 million sexual harassment lawsuit. As an employee, here's how you can protect yourself. Reserve corporate e-mail addresses for business correspondence. Avoid using your company e-mail address to send personal messages. If you have a personal account with an ISP, use that address for all personal mail. Encourage all your personal correspondents to use your private address for nonbusiness-related messages.

Also report spam as soon as you get it. If you receive unsolicited commercial e-mail, especially messages that contain graphic sexual content, forward them to your mail administrator immediately and request that they block the sender. Never forward jokes, cartoons, chain letters, or other e-mail debris from your company account. E-mail administrators take a dim view of bandwidth-clogging attachments, which often proliferate around holidays. Likewise, even a hint of sexual innuendo in a joke can trigger a harassment lawsuit. Hit the Delete key instead of the Forward button. Finally, keep a close watch on your Web browsing habits. If your employer lets you surf the Web for personal business, make sure you use the privilege sparingly. Assume that every page you load will be saved on a corporate server.

Big Brother Inc.

Track telephone calls (numbers and time spent)

39%

Store and review employee e-mail messages

27%

Store and review computer files

21%

Log computer time and keystrokes entered

15%

Record and review telephone conversations

11%

Store and review voice-mail messages

06%

Source: American Management Association

Your Browser is Selling You Out

Surfing the Web from the privacy of your home or office isn't so private. You may feel completely anonymous when you sit in front of your PC surfing the Web, but with every click you risk leaving tracks that clearly identify you to total strangers. Even if you're scrupulous about safeguarding your name and e-mail address, a single slip can give away details to a company whose name you don't recognize. And seemingly innocuous software programs can surreptitiously connect to the Internet and transmit personal data without your knowledge. Alarmed? You should be.

Surprisingly, the most insidious threats to personal privacy come from sources that were until recently considered mostly harmless. In and of themselves, browser cookies can't do much. They can't collect personal information unless you enter it, and each cookie's data is hardwired to a single site.

With the rise of Internet ad agencies, however, cookies have become far more dangerous. By placing ads from a single server on a variety of pages, these agencies can create detailed profiles of Internet use from a single computer. If the agency can convince you to enter your name and e-mail address, it can begin to connect the dots into a surprisingly complete picture. The Internet ad giants have an insatiable appetite for data;

DoubleClick, for instance, recently spent $1.7 billion to acquire market research firm Abacus Direct and its treasure trove of 88 million personalized records of consumer activity. Don't recognize the name? If you've ever used the Alta Vista search engine or read the Wall Street Journal online, you're in Double Click's database.

The Ad Game

And you thought banner ads were merely annoying.

And what if you run a Web site that includes online advertising or e-commerce capabilities? If you let an Internet ad agency place ads on your Web server, be sure you understand fully how its information collection policies sync with yours. You owe it to your customers to collect only information you truly need to run your business. We strongly recommend that you publish a detailed privacy policy that clearly states what type of information you collect, why you need it, and what you do with it.

TRUSTe offers a clever fill-in-the-blanks wizard you can use to write a decent first draft of a privacy policy. Of course, the results are pure vanilla, as befits an organization whose primary purpose is to defuse calls for government regulation of the Internet. For a much more detailed look at the subject, read "Surfer Beware III: Privacy Policies Without Privacy Protection" (www.epic.org/reports/surfer-beware3.html). This report by the Electronic Privacy Information Center (EPIC) is a no-punches-pulled review of how the 100 top e-tailers handle personal data. For consumers it offers an excellent primer on how to decipher the legalese in a typical privacy statement; for businesses it provides detailed instructions on how to create a meaningful privacy policy.

The results of EPIC's study are depressing: All 100 sites collect personal information, such as names, addresses (snail mail and e-mail), and phone numbers, and 86 sites use cookies. Only 21 of the top 100 sites appeared to limit the uses of personal information to that required for the transaction, and more than one-third include profile-based advertising without any warning to customers.

Internet ad agencies rationalize profiling by explaining that it lets them personalize the browsing experience. They claim that by knowing your preferences, they can serve up banner ads that are more likely to appeal to you than randomly selected ads. Maybe so, but most Internet analysts see a more logical explanation: Click-through rates on banner ads are shockingly low; the best way for ad agencies to make money fast is to mine their data and deliver targeted lists of prospective buyers to their clients. Of course, cookies aren't the only way to siphon data from your computer to a far-off server. With the explosion in popularity of always-on Internet connections, it's trivially easy for software developers to write Internet connection code into their releases. That's the time-honored principle behind Trojan horse programs like Back Orifice-if a company can convince you to install the program in the first place, it has free rein to snoop through your data and transmit at will.

So what happens when the Trojan horse comes in the form of trusted software? Just last year three popular programs were discovered to be making surreptitious Net transmissions. Real Networks' RealJukebox transmitted statistics about music files to the mothership. Comet Cursors, a browser add-in that transforms the ordinary mouse pointer into a custom image at partner sites, sent serial numbers (stored in a cookie, naturally) back to a central server to track its product's usage. And a silly holiday-themed computer game called Elf Bowling wasn't infected with a virus, as persistent Web rumors insisted; it did, however, open an Inter net connection capable of transmitting data.

In all three cases, the impact on consumers was minimal. The real damage to the companies was measured in PR terms, as each one had to apologize to its users and somehow convince skeptical observers that its failure to disclose the hidden communications channel was an innocent oversight. Sooner or later-probably sooner-an unscrupulous developer will use this capability to really steal data. Don't let it be yours.

Be Prepared

How to stay anonymous on the Internet.

Online advertisers will do nearly anything to seduce you into revealing personal details about yourself. Guard your name, e-mail address, and other details and never give them away without good reason. Set up a throwaway mail account at a free Web service and use it, plus an assumed name, whenever you're required to fill out a survey to gain access to a Web site. And don't install new software unless you're certain it's safe. For extra protection, monitor your cookie collection and weed out any whose purpose you don't clearly understand (Netscape Navigator users can search for a file called Cookies.txt; Microsoft Internet Explorer users can look in the Temporary Internet Files folder for text files that begin with the word Cookie.) Follow the instructions in "How to Disappear" on page 92 to stop the top Internet ad agencies from collecting personal information about you.

For the strongest protection, use commercial blocking software to hide your identity when browsing the Web. Go to www.anonymizer.com to surf from an anonymous server. For more elaborate protection, download Freedom 1.0 from Zero-Knowledge (www.freedom.net). This compact program lets you create multiple identities, or pseudonyms, and then route your Internet traffic through a series of servers that keep your true identity completely secret.

How To Disappear

Keep off the Internet radar with these opt-out services.

A handful of Internet advertising agencies are responsible for virtually all the banner ads you see on the Web. Through sweepstakes, surveys, and other come-ons, they try to entice you to provide personal information; most let you stop the data collection by "opting out." Here's a list of links that let you do just that.

Flycast

www.flycast.com.

Features privacy policy and opt-out instructions.

24/7 Media

www.247media.com.

You'll find privacy policy and opt-out instructions. Ironically, you must send an e-mail with personal information to have it removed from the database.

MatchLogic

www.matchlogic.com.

For detailed opt-out instructions go to www.delivere.preferences.com/OptOut.

Engage Technologies

www.engage.com.

Just click on its opt-out link.

NetGravity

www.netgravity.com.

A division of DoubleClick; see DoubleClick for opt-out instructions.

AdForce

www.adforce.com.

Claims not to store personal information; privacy policy does not include opt-out instructions.

Real Media

www.real.com.

No published privacy policy or opt-out instructions; claims its Privacy Proxy software prevents collection of personal data.

DoubleClick

www.doubleclick.net.

Includes details for removing the cookie-based tag that identifies your computer.

The Feds Are Following You

Government agencies, banks, and corporations have the goods on you. Unless you live in a cabin in Wyoming and spend your day tapping out manifestos on a manual typewriter, sooner or later you have to surrender details about your life. When you apply for a driver's license or a passport, you have to provide your full name, address, date of birth, and birth place. Banks and mortgage companies want an intimate accounting of your finances before they'll lend you money. Hospitals store uncensored information about your physical and mental health. The motor vehicle department keeps track of every traffic and parking ticket you receive. If negative or unflattering information ends up in your file and somehow falls into the wrong hands, the consequences can range from embarrassment to devastation. You can suffer financial damage, lose your job or medical insurance, or suddenly find yourself unable to rent or buy a home. With all that data floating about, it's ridiculously easy for anyone to unearth confidential information about you. If you're a legitimate business, you can go to any of the three leading consumer credit agencies and pull up a financial report on any existing or potential customer. If that's not enough, check the yellow pages and the Web, where shady investigative firms are ready, willing, and able to dig up dirt on anyone for as little as $25. If you can supply a Social Security number, you can get credit histories, driving records, employment information, addresses, phone numbers, and virtually anything contained in a public record, such as legal judgments, arrest records, marriage licenses and divorce decrees, and details about property ownership.

Putting It All Together

A personal fact here and another one there can add up to big business. A handful of aggressive marketing companies have turned that mother lode of raw facts and figures into solid gold, using so-called data-mining software to combine data from public and private databases into incredibly detailed-and highly profitable-lists. KnowledgeBase Marketing, a division of ad giant Young & Rubicam, claims to have an enormous database containing detailed profiles of more than 200 million individual Americans, including the date of birth on 72 percent of those people and income information drawn from five sources.

Some types of information are harder to get than others. Your medical records, for example, are protected by new federal regulations that were issued by the U.S. Department of Health and Human Services last fall. Unfortunately, the regulations contain broad loopholes that give government health agencies unrestricted access to that information if they can rationalize that it is necessary for "public health, research, or law enforcement purposes," among other reasons. And the close relationships between HMOs and insurance companies practically guarantee that personal information will flow from your doctor's office into a central database, where its confidentiality is hardly guaranteed.

And get ready for the next wave of information to start appearing in databases: biometric identification (unique physical traits such as fingerprints or the iris patterns of your eyes). The FBI's Integrated Automated Fingerprint Identification System went online in mid-1999 with the technical capacity to search through a database containing 40 million full sets of fingerprints. An increasing number of banks and financial institutions now collect thumbprints from noncustomers. Bank United in Texas is the first American financial institution to install automated teller machines that use iris recognition to identify customers. On the horizon is some really scary stuff such as mandatory DNA collection. The federal government and all 50 states now catalog DNA from convicted felons, and the FBI's Combined DNA Index System is growing rapidly. It's simple to store a DNA record of a newborn child-but don't rush to enter your kids' records in that database. Unlike fingerprints, DNA information can be used for much more than identification. It can predict some genetic diseases, and some researchers believe it can also identify predispositions toward alcoholism and other behaviors. Are you sure you want that information added to your profile?

Keep It Close

How to protect your identity on the Web.

To protect yourself, there are some basic things you can do. First and foremost, give out your Social Security number only when absolutely required. Banks and government agencies that deal with taxes and benefits have a right to this information. Private firms, on the other hand, will usually substitute an alternate ID number if you insist. And under federal law, you cannot be compelled to give up your Social Security number to get a driver's license.

Meanwhile, if you're a business owner, don't use Social Security numbers as identification codes unless you're required to do so. Train your employees to keep sensitive information, including personnel files, under lock and key at all times.

Another good habit? Use a paper shredder at home and at the office. Scraps of paper are solid gold for "dumpster divers" who look for credit card details, birth dates, Social Security numbers, and other bits of information they can use to run up charges on your account or steal your identity. Also try to avoid using toll-free numbers for sensitive calls. Calling a toll-free number (one with an 800, 888, or 877, prefix) makes your number available to the party at the other end of the line, even if you have Caller ID blocking switched on.

Check your credit report every year. Order reports from the three leading credit agencies: Experian (formerly TRW), Trans Union, and Equifax. If you own a business, be sure to check its Trans Union and Dun & Bradstreet profiles to be certain that mistakes haven't crept in. Immediately contest any erroneous information you find and insist that it be corrected.

Willing To Give It Away

A survey commissioned by the nonprofit research group Privacy and American Business found that the vast majority of Inter net users will trade their personal information for personal benefits-as long as the Web site discloses its privacy policy. The study divided Net users into three groups. Which one do you belong to?

Privacy Pragmatists

Want to see clear privacy policies before disclosing personal information.

75%

Unconcerned

Don't really care about privacy policies.

13%

Privacy Fundamentalists

Believe giving any personal information violates privacy boundaries.

11%

Source: Privacy and American Business

Public Places Have Eyes

High-tech snooping is about more than the Internet.

It's not your imagination: you are being watched. Thanks to advanced technology, video cameras and microphones are cheap, small, powerful, and ubiquitous. Any spy shop can sell you high-powered bugging devices that can be concealed anywhere-inside a stuffed animal, for example, if you want to see how the babysitter really treats your kids. An increasing number of privately owned video cameras are aimed at public spaces too. Four employees at KEZI-TV in Eugene, Oregon, were fired for aiming the station's Sky-Cam (mounted atop a downtown bank building) into rooms at the nearby Hilton.

Virtually every American city uses some form of video surveillance, and New York, predictably, is at the top of the list. In December 1998, the New York Civil Liberties Union counted 2,397 cameras focused on public places in Manhattan. One of the most popular uses of video technology is to monitor traffic on freeways, with live images available on the Internet in Seattle, San Francisco, and Phoenix, to name just a few examples.

Home Invasion

Even under cover you may be out in the open.

Think you're safe from surveillance when you get off the road and hole up in your home or office? Not so fast. A federal appeals court has ruled that police in California can obtain a warrant to aim thermal imaging systems at private homes in hopes of sniffing out drug labs and clandestine indoor marijuana-growing operations. Of course, the technology is advancing quickly. Existing systems can identify which rooms in a home or office contain people; within a few years, authorities will essentially be able to see through walls and tell what people in those rooms are doing. And from the "Is nothing sacred?" file comes this news flash, which sounds like an urban legend but is absolutely, positively true. Scientists in the advanced R&D labs at Matsushita Electric Industrial in Tokyo have developed a slew of gadgets for the company's "digital home of the future." The refrigerator can order milk when you're running low, and all gas appliances report their monthly usage to the utility company automatically, without requiring a visit from the meter reader. But the capper is a Health Monitoring Toilet System, which measures the user's weight, body fat, and uric sugar levels and can send the results to an Internet service for health and diet advice.

Get over your assumption that you have a private life. If you're in a public place, you're almost certain to be under surveillance most of the time. Smile for the camera.

[END]

----------------------------------------------------------------------

Social security is the bane of individual liberty. - SAM

======================================================================

Don't believe anything you read on the Net unless:

1) you can confirm it with another source, and/or

2) it is consistent with what you already know to be true.

======================================================================

Reply to: <scan@networkusa.org>

======================================================================

This is a copy of ScanThisNews, sent to contributors. For information on contributing, please visit our contributions web page:

http://www.networkusa.org/fingerprint/page1b/fp-contributions.html

To subscribe to the free ScanInReview abreviated newsletter, send a message to <mailto:majordomo@efga.org> and type "subscribe scan" in the BODY. Or, to be removed type "unsubscribe scan" in the message.

For additional instructions see http://www.efga.org/about/maillist.html

----------------------------------------------------------------------

"Scan This News" is Sponsored by S.C.A.N.

Host of the "FIGHT THE FINGERPRINT!" web page:

http://www.networkusa.org/fingerprint.shtml

======================================================================

Go back to the Privacy List

Go to the uhuh Opening Title Page

 

---

  ** uhuh **

The President said he is reducing taxes.

uhuh.

Congress says they are balancing the budget.

uhuh. Sez who?

Web Home Page: www.uhuh.com

---

  Back to the top of this page

This web page can NOT be altered or sold, but may be copied intact for reasonable distribution in keeping with the philosophy of uhuh and GR Force, who can assume no liabilities. Please make you own decisions.

The term U-Mail, uhuh and this web page are Copyright 1996 by Forest Glen Durland.

snoops.htm. Revised  2-19-00. uhuh and GR Force are non-profit.  

---