Perilous

“Information sharing” became the most popular and oft-used phrase after Sept. 11 to describe the need for authorities to better-swap tips about possible terrorist threats. But each time the government creates a new database and signs up law-enforcement users in droves to search it, a new privacy vulnerability exists for everyday Americans. Just ask this Minnesota woman who happened to be born attractive and had her driver’s license record searched 425 times by 104 officers at 18 different agencies. Surely this is not what the 9/11 Commission meant by improved information sharing.

Image: Stock.Xchng/D3ATHW01F6

Using a cheap handset and easily available open-source software, someone could monitor your cell phone’s location or even block it from receiving calls without you knowing about it, according to the University of Minnesota’s College of Science and Engineering.

The hacking collective Anonymous proved recently that their list of victims would not be limited to simple websites and databases. It managed to intercept and post online a 17-minute conference call between the FBI and the U.K.’s Scotland Yard in which the two agencies discussed strategies for investigating Anonymous itself.

Telecom towers track cell-phone subscribers so they “know” where to broadcast when someone dials up your phone. Law enforcement agencies can already access cell phone location information from the towers with a subpoena. 

But that broadcast is also vulnerable to others who are not police investigators or cell-phone service providers, and the Minnesota researchers proved it by monitoring a test subject within a 10-block area of Minneapolis. They used “readily available equipment and no direct help from the service provider,” states a report of their findings:

Agents from an oppressive regime may no longer require cooperation from reluctant service providers to determine if dissidents are at a protest location. Another example could be thieves testing if a user’s cell phone is absent from a specific area and therefore deduce the risk level associated with a physical break-in of the victim’s residence.   

It’s worth mentioning that hackers are not limited to groups like Anonymous. Anyone can hack for a variety of reasons, including university researchers, government employees, private investigators, burglars or any number of other people.

Image: Stock.xchng/Alfonso Diaz

Signing up for an online dating site isn’t always our proudest moment. But many of us have full-time schedules, and meeting people isn’t easy. So the lonely among us try out Zoosk, eHarmony, OkCupid, or one of the many other popular online dating sites. Unfortunately, many such sites are less-than-transparent about what’s happening to your personal data, even after you’ve shuttered the account. 

The Electronic Frontier Foundation recently examined the privacy policies and user agreements for eight dating sites and found that five of them offered up only vague explanations or none at all about what happened to your data after an account was closed. The advocacy group also concluded that most of the sites didn’t observe adequate security practices to protect your information from being intercepted when you use open networks in public places like coffee shops: 

The most pressing concern is that information about you may be exposed to future legal requests that might involve a criminal investigation, a divorce case, or even a legal tussle with an insurance company. … Last October, researcher Jonathan Mayer discovered that OkCupid was actually leaking personal data to some of its marketing partners. Information such as age, drug use, drinking frequency, ethnicity, gender, income, relationship status, religion and more was leaked to online advertiser Lotame.

When a Minnesota-area man received coupons for baby products from the Target Corporation addressed to his teenage daughter, he was outraged. My daughter is in high school, he complained to a Target store manager. Why are you sending her this stuff? Turns out she was, in fact, pregnant, but he hadn’t been told about it.

What the daughter presumably did not know was that Target collects extraordinarily detailed personal information about its customers for marketing purposes. Using its “pregnancy-prediction model” created by a statistics and economics expert named Andrew Pole, Target creepily can aim products at women during various phases of their pregnancies.

It all started when Pole was asked by the company’s marketing department in 2002: “If we wanted to figure out if a customer is pregnant, even if she didn’t want us to know, can you do that?” The company creates unique IDs for its customers and then links those IDs to all kinds of other personal data, like marital status, estimated salary and credit cards used. Read more from the New York Times story that Target executives were apparently not thrilled about:

When I offered to fly to Target’s headquarters to discuss its concerns, a spokeswoman emailed that no one would meet me. When I flew out anyway, I was told I was on a list of prohibited visitors. ‘I’ve been instructed not to give you access and to ask you to leave,’ said a very nice security guard named Alex. Using data to predict a woman’s pregnancy, Target realized soon after Pole perfected his model, could be a public-relations disaster. So the question became: how could they get their advertisements into expectant mothers’ hands without making it appear they were spying on them?

Image: Flickr/Sarah Gilbert

What if the way you type on a keyboard, how you move a mouse, the way your eyes shift, how you surf the Web and the speed with which you respond to an email could all be used for unique identification purposes? The sci-fi minds at DARPA are exploring that very question to determine if such behavior could be used to secure a computer. We’ve already told you before at Perilous about the possibility of your butt having a unique biometric identity. 

Image: Flickr/cc511

Capitalizing on one of the fastest-growing trends in law enforcement, a private California-based company has compiled a database bulging with more than 550 million license-plate records on both innocent and criminal drivers that can be searched by police.

The technology has raised alarms among civil libertarians, who say it threatens the privacy of drivers. It’s also evidence that 21st-century technology may be evolving too quickly for the courts and public opinion to keep up. The U.S. Supreme Court is only now addressing whether investigators can secretly attach a GPS monitoring device to cars without a warrant.

A ruling in that case has yet to be handed down, but a telling exchange occurred during oral arguments. Chief Justice John Roberts asked lawyers for the government if even he and other members of the court could feasibly be tracked by GPS without a warrant. Yes, came the answer. 

Meanwhile, police around the country have been affixing high-tech scanners to the exterior of their patrol cars, snapping a picture of every passing license plate and automatically comparing them to databases of outstanding warrants, stolen cars and wanted bank robbers.

But when a license plate is scanned, the driver’s geographic location is also recorded and saved, along with the date and time, each of which amounts to a record or data point. Such data collection occurs regardless of whether the driver is a wanted criminal, and the vast majority are not.The units work by sounding an in-car alert if the scanner comes across a license plate of interest to police, whereas before, patrol officers generally needed some reason to take an interest in the vehicle, like a traffic violation.

See the rest of my story published this morning here.

Image: Steve Reed, Arden Fair Mall