Wednesday, April 16, 2008
Whole Body Imaging Use Grows At Airports
One year after testing
whole body imaging at New York's Staten Island Ferry and weeks after a pilot program in the busy Phoenix airport, the US Transportation Security Administration is ready to start getting a closer look at consumers traveling.
For consumers who have been "patted down" or "frisked" while traveling, the new machine may seem like an alternative to an undignified position some travelers undergo because of their undergarments, medical devices or similarly benign issues. We wholeheartedly endorse national security and understand the need for stringent measures, but more than one consumer has shared with us that being frisked in the middle of a crowded public facility is unpleasant at best and often embarrassing.
Hand-held metal detectors are often used in such cases, but a nervous twitch can cause the machine to come in contact with a traveler's 's body. And while many consumers seem resigned to shuck off their shoes and travel through the airport in stockinged or (heaven help us) bare feet, removing jackets, belts and other clothing is often time-consuming at best.
"I like belts with big buckles," one consumer recently told me. "I can't wear them to the airport though because I have to take off my coat, my shoes, my belt and put my computer in a tray. I used to be able to just undo the buckle and show them the back, but now I have to take it off, and it's not worth the hassle."
Whole body imaging is supposed to replace the need for a pat-down although other measures will still be in force. Many travel and privacy advocates say a whole body image invades a consumer's privacy, but federal officials counter with a statistic that 90% of travelers subjected to the process in Phoenix preferred it to a "pat down" or similar measures.
The TSA also says that they will not maintain or store records of any captured images, but that doesn't address the point that the consumer is, well, exposed, for a time to strangers.
The image on the left is representative of what the TSA says its officers will see. With paperless bordering passes and other biometrics processes quickly being tested throughout the nation, we want to believe that this image isn't stored, but we also wanted to believe that doctors wouldn't read a celebrity's medical file and IRS employees wouldn't snoop through the taxes of the rich and famous.
Without more explanation of what safeguards are in place to protect a consumer's privacy, whole body imaging is a promising idea we can't yet support. Once we learn that images will never be associated with personally identifyig information and that no mechanism exists to save the image, we would be more willing to endorse and embrace this idea.
There clearly isn't enough time for that public reassurance, however, because the government has announced that travelers moving through Los Angeles' LAX or New York's JFK airports will soon be subjected to whole body imaging or being frisked if they set off a detector.
Apparently willing to base taxpayer dollars and consumer acceptance on a limited one airport test, the TSA has also reportedly ordered 30 more machines for use in other airports this year.
Labels: airport, privacy, TSA
Saturday, February 23, 2008
[privacy] ChoicePoint Gets A New Parent
We have been highly critical of information services company ChoicePoint (
NYSE: CPS) for years, ever since
they admitted selling private consumer data in early 2005. Identity theft was starting to ramp up as an American consumer's worst nightmare, data was sometimes being lost or stolen, but this was the first time in recent memory that a company collecting the data admitted that it sold more than 140,000 consumer records to individuals posing as businesses.
The timeline grew as gruesome as one might expect. Only one week later, ChoicePoint admitted that they
knew about their data breach as early as October 2004, but were working with law enforcement. We were critical and remain critical of the decision to suppress news from consumers about a deliberate breach of consumer information.
Congress justifiably got involved, but little came out of the federal government's queries, something we see repeated too often. This time, however, the Federal Trade Commission stepped in and chased down ChoicePoint's processes. A year later, the company announced it would pay a
$15 million fine, including $5 million for consumers, to settle the FTC's complaint that ChoicePoint did not have adequate safeguards in place.
The only time we believed the company was being harshly treated was when a coalition made up of nearly every state bellied up to the trough and
beat another $500,000 out of ChoicePoint. We said then and believe now that this was just a money and headline grab gambit and did little to help consumers.
Now an even bigger information company, Reed Elsevier (
NYSE: RUK) which owns information company Lexis-Nexis among others, has stepped in with $4 billion or so to buy ChoicePoint. The premium being paid for the information housed in Georgia-based ChoicePoint is staggering. Less than one month ago, the market value of the company (as determined by its stock price) was about $2.3 billion. While stocks have been battered and there are value buys out there, this is akin to Microsoft trying to take on Yahoo!
We can (and do) argue both sides of consolidation at Consumer Help Web. Concentrating data in a few companies allows for more stringent regulation, tighter controls and a wider spotlight. At the same time, the mess our nation's three major bureaus have created finally caused the government to legislate that consumers receive free access to each company's report every year to examine the report for errors. That is a lot of power to put in the hands of a for-profit entity.
We see the same issue with Google now. We adore Google for its groundbreaking contributions to Internet searching. At the same time, multiple consumers in multiple consumers have expressed to us their concerns that the search company is gathering a picture of consumers that is too detailed. Indeed, search queries and other information are associated with Google accounts and create a history of what was searched for by a person. That's not a marketer's fantasy, but a consumer's nightmare. Every unimaginable intensely private search query is dutifully logged by massive computer centers and tied to an individual.
That is why we are not fans of Google's proposed Health offering, why we think Microsoft's Health offering has failed to gain traction and why we are very concerned about the merger of two giants like Reed Elsevier and ChoicePoint, even if the latter has been learned a painful lesson.
Labels: ChoicePoint, data breach, Google, Microsoft, privacy, Reed Elsevier
Sunday, July 08, 2007
Consumer Email Slightly Shielded
Consumers would do well to remember the name Steven Warshak.
Based on a district court's ruling that the
government appealed in the 6th Circuit and lost, consumers should expect that their email is not available even in a criminal investigation unless the consumer has "...prior notice and an opportunity to be heard" regarding a motion.
The Court's ruling, based on emails requested from two ISPs, Nuvox and Yahoo (functioning as an ISP in this case because it stored email), essentially states that email can't be retrieved on an investigative basis such as a search warrant, but that notice must be given to the other side, as in a subpoena. This allows the consumer to retain counsel and challenge the release of the email.
It is important to note that this ruling is only precedent -- it is
not a law. It is also important to note that consumers should not expect similar protections for their
work email. Multiple decisions over the years have defined email stored in an employee's email account as the employer's property. Because of this, employers do not need permission to monitor, copy, review or use email in the workplace.
Now that the 6th Circuit has said that consumer email is protected until ordered released by a subpoena, the email has roughly the same protections as postal mail. This makes sense to us because the intent of the communication is the same, and only the medium is different.
We believe the next big challenge will occur at the intersection of a consumer accessing their personal email from a workplace computer. Such instances have previously been considered part of the employer/employee relationship. One wonders, however, if a challenge based on
Warshak might provoke change.
Labels: 6th Circuit, email, privacy, Warshak
Thursday, May 10, 2007
University of Missouri Hacked For Second Time
The University of Missouri and law enforcement are investigating a recent attack on a database by an unknown computer hacker or hackers that allowed retrieval of names and Social Security numbers of 22,396 individuals associated with the University. Those affected were employees of any campus within the UM System during calendar year 2004 who were also current or former students at the Columbia campus.
The University's Information Technology staff first noted unusual activity on a computer application last Thursday, May 3. On Friday morning, May 4, UM technicians identified a large series of errors caused by faulty queries to the application and an associated database. These errors were first assumed to be caused by a problem with a system used to track computer help desk repair calls using the same database. The attack was confirmed by UM technicians that same day. They disabled the account that was being used by two overseas IP addresses to access the database from China and Australia.
The University is alerting individuals whose information was disclosed that they should request a free initial fraud alert to be placed on their credit files by calling any one of the three national credit reporting agencies – Equifax, Experian or TransUnion.
The University has also set up a telephone hotline and a Web page to provide more information. The hotline may be called between 8 a.m. and 5 p.m., Monday through Friday. The toll-free number is 866-241-5619, and the local number in Columbia is 573-884-7222.
Labels: data breach, Missouri, privacy
