Friday, February 18, 2005

What You Don't Know About Your Privacy Can Bite You in the Ass

OK, back up on the privacy soapbox again.

While it's true that I tend to be a somewhat paranoid person when it comes to privacy, especially data privacy, it's equally true that there are real risks out there. The scariest part is often that one has no idea from which dark corner the hydra ill spring. Here are a couple of examples.

Today on Schneier on Security we face the Dread Loyalty Card in all its' fury:
A Tukwila, Washington firefighter, Philip Scott Lyons found out the hard way that supermarket loyalty cards come with a huge price. Lyons was arrested last August and charged with attempted arson. Police alleged at the time that Lyons tried to set fire to his own house while his wife and children were inside. According to the KOMO-TV and the Seattle Times, a major piece of evidence used against Lyons in his arrest was the record of his supermarket purchases that he made with his Safeway Club Card. Police investigators had discovered that his Club Card was used to buy fire starters of the same type used in the arson attempt.
He was eventually cleared when the real arsonist 'fessed up, but I bet not many folks realized that their shopping history can and will be used against them in a court of law (cue Law & Order "chung-CHUNG" sound)

Next, we have a piece from Regina Lynn in Wired News about the perils of doing anything personal - especially anything of a less-than-pure-as-the -driven-snow nature at the office. This includes email (even the web-based kind, i.e., yahoo!, gmail et al.), IM-ing and, god forbid, sending or viewing photos. What can sysadmins see?
Potentially, everybody. Your network administrator has a copy of every e-mail you've sent and received over the company network. Instant messaging is not the answer -- IT can view anything on your computer while it's on the network, including your chat logs and the window you have open on your screen. A web-mail message can't be intercepted, but that doesn't mean it can't be read while you're composing or reading it...

...Nothing goes unlogged, either. They know what port you used and what protocol, what websites you visited and how much time you spent there. Jerry says three full-time staffers doing nothing but reviewing log files still couldn't keep up with everything the logs track, but when the city gets subpoenaed, the data is there. (emphasis added, dp)
I think nowadays most people realize that very little they do at work enjoys any kind of privacy protection. Still, I doubt most folks take the whole thing very seriously. They should. Besides, the cashier is always willing to swipe her loyalty card when you "forget" yours.

Not that it should be this way at all.


Post a Comment

<< Home