I read an article in the paper today about how GM and Ford are putting black boxes in their vehicles to monitor what is going on with the car. This information can be used like an aircrafts black box which would provide investigators with details of the plane immediately prior to an accident. Now it seems to me that if the car black box would only keep 5-15 minutes of data and then would rewrite over itself every cycle and not report back to the mother ship then this is fine from my libertarian perspective. The problem is that the car companies will want to track all information about the car, as Fox News reports:
Black boxes, or "EDRs" have been fitted into every General Motors car in its 2004 line and is in a number of Ford models about 15 percent of all vehicles on the road today, according to road safety experts.
EDRs are certainly not new. Information gathered on black boxes typically everything from speed, brake pressure, seat belt use and air bag deployment...
I do believe car dealers have the right to sell cars with black boxes but with the responsibility to tell customers that the vehicle they are about to purchase contains this technology and also inform them of what information is being collected. The customer should demand to know what is being done with that information, who is compiling it, what they plan on doing with it, and finally if it is aggregated or if individual information is going to be tracked to them.
Currently only California has a law requiring car dealers to notify buyers when their cars are outfitted with an EDRHowever, I don't believe the government should use this data to ticket speeders, monitor the activities of citizens or anything strictly prohibited by the constitution. I have no issues with the National Transportation Safety Board utilizing this information after an accident to help ascertain culpability. If the black box is used in a similar manner to the way it is used in the airline industry then we are good.
Airport Security Improvements
Last week, I was at a data center and noticed that they had a mantrap, much like a transporter in Star Trek, where the first door must close before the second door will open. This was operated by a magnetic card and a hand print. It got us discussing the idea of using the hand print as a way of increasing the effectiveness of airport security. The problem as we saw was the government would most likely screw this up as well and I am sure that it would be misused.
I could see the Homeland Security Department building a database that ultimately tracks every individual's movement, which would become big brothewatchingng us, rather than building a simple database of 10,000 or so folks on the suspected terrorist watch list. The latter solution would be simpler to implement and probably more effective at keeping bad guys off the planes. But government is too complex to go for a simple solution that would not offend folks like me.
Putting privacy into practice reports that Homeland Security is already considering using biometrics as a method of idenfication.
Beware of Social Engineering:United States Federal Laws Regarding Privacy and Personal Data and Applications to Biometrics – demonstrates how, under the current US legal system and state of the law at the federal level, use of biometrics as a system to verify identity in virtually any situation is consistent with the law. The report also illustrates how, under certain circumstances, using biometrics to identify individuals through the use of databases is acceptable without sacrificing the objective of maintaining and protecting personal privacy.
Saw this article on one of my alerts about Social Engineering, very interesting and very scary
Claire Sellick approached a woman in London's tony theater district with a clipboard and a chance to win tickets to an upcoming show. All the woman had to do was answer a three-minute survey on locals' theater-going habits. Or so she thought.Uh Duh!!! Don't you think that working for a bank would stop this woman from giving her personal information to a random stranger on the street, who has provided no identification of who they work for, what they are doing with the data or anything?
The first question was easy. "What's your name?" Next came questions about her attitude towards the theater, with more personal inquiries interjected now and then. For instance, the survey company needed the woman's date of birth (to prove she was legally able to win the seats) and her mother's maiden name (for later verification) and her address, of course, to mail the tickets if she won the drawing. What about a phone number? Her pet's name? The name of the first school she attended?
At some point, the woman began connecting the dots. "I work for a bank and this information could be used to open a bank account."
The article goes on and questions if Americans would be so gullible as the Brits (I suspect so, since we will often give up almost any personal information if promised something of value for free. The results are shocking.
Consider the following findings from the theater experiment:
- 100% provided their names upon request
- 94% provided pet's names (common passwords) and their mother's maiden name (common second form of authentication) when told actors frequently use both to create stage names.
- 98% gave their address in order to receive a winning voucher.
- 96% divulged the name of their first school. Combined with mother's maiden name, the two are key pieces of information used by banks for verification.
- 92% provided their date of birth and the same number supplied their home phone number.
The moral of the story is be careful with who you provide your personal information to, you never know what they are going to be using it for. Better to protect yourself, then expose your information and become a victim of fraud
Other Random Privacy Thoughts:
Illinois seems to be on the right path protecting citizens privacy.
Here is why Illinois is passing this law from the Chicago Sun Times
No comments:
Post a Comment