privacy

House Bill Requires ISP’s To Block Fraudulent Sites

Thursday, November 5th, 2009

Here’s an article that outlines a new bill to protect us against scam artists. Washington is hard at work to protect us. Sounds good right?

This would block not only website access but emails as well. Good deal, everyone hates spam. Say good buy from all those Nigerian emails!

There are a couple details they missed on this.

Its almost entirely unenforceable.

Most fraudulent sites aren’t even hosted in the US. Alright, block the IP address. They’ll get another IP adress. It would take massive resources keep up with the changes if its even possible. Maybe the feds can outsource it to the same company that is taking care of the 18 million dollar recovery.org website? Its probably a good use of our money.

Who decides what is fraudulent?

Maybe I’m wrong here but the federal government has never had a great track record when it comes to keeping up with fraud. And of course there is never an agenda.

Last year congress discovered twitter, they know all about those interwebs. Maybe they were updating twitter when someone was advising them of the technical details of accomplishing this.

Tags: ,
Posted in privacy | No Comments »

Electronic Military Healthcare Records As The Nations Model

Friday, April 10th, 2009

Caught some news on this one today. Its both a good thing and a little scary at the same time. The Obama Administration is moving Department of Defense and Veteran Affairs health care records to electronic records. The intent behind this is to streamline the flow of information between the DOD and VA. To say that it needs streamlining is a massive understatement. As a Veteran I can tell you its the most inefficient government process I have ever encountered.

You can read one of the articles here.

The Good

The VA needs some serious help. The article above stated there is currently a 6 month backlog of returning vets applying for benefits. You would be lucky to get a 6 month turnaround on the initial handover from the DOD to the VA. That is just for the initial decision on what your rating will be or even if you get one. Only then can a Vet even apply for assistance. Once your in the VA system all bets are off. Some of these guys can’t wait 6-9 months for help. Records get lost, you have to physically present yourself at VA office to really accomplish anything. Oh and remember the little incident in 2006 when the VA lost a laptop with claims and health records?

If the major choke point is actually availability of information this will go a long way. Information flow is certainly a problem but I believe its a more systemic issue. Certainly this is the next logical step for the DOD and the VA. Its not too often these days that I applaud anything coming out of Washington. I’m glad the VA is getting some focus.

The Scary

The government wants to use this as a platform for the whole country. I just hope the DOD pulls some of their security experts out of their current jobs protecting national secrets to employ this new system. Right now the heads of these agencies are hashing out the details which is a little scary.

Its scary from a project management standpoint. What tends to happen with giant systems like this in both military and corporate life is a compilation of requirements that can get out of control and quickly. If they aren’t careful they will end up with list of mandatory features that can not be attained securely. Not to mention just making it more complicated than it really needs to be increasing the cost and build time.

My Suggestion

Get the system requirements from the people who know the procedures. You need a couple people from the DOD, and the VA to sit down with some industry leaders that know how to handle this kind of information. Amazon’s S3 service comes to mind or even some security experts from popular social networking applications. These guys get targeted allot and know how to handle security. I would also get a federal security expert in the room, CIA, FBI, any of these agencies. Let the experts lead the discussion and set the requirements.

Tags: ,
Posted in privacy | No Comments »

Your digital fingerprint does not belong to you.

Tuesday, March 24th, 2009

A few weeks back Google announced they would start using cookies to serve up targeted adds based on your browsing. This prompted The Electronic Privacy Information Center (EPIC) to file a 15 page complaint with the FTC.

Last year some US based ISP’s tried the same thing and were met with legal opposition. Using cookies to serve targeted adds from ISP’s is common in other countries.

Why is this bad?

First lets point out the obvious, Google has shaped the internet and provided amazing tools for the internet. No other company even comes close to the advancements Google has contributed.

Stop and think about the staggering amount of information that Google collects from you everyday.

  • They dominate the search engine market.
  • Their advertising network is easily the largest on the web (AdWords).
  • Gmail is probably the most widely used web based email
  • They have an incredible analytics tool that collects information on all of your visitors
  • Ever heard of Google maps? You know the one with the picture of your house from the street?
  • Storage of documents for companies and individuals on Google Docs.
  • I wrote about Google health last year
  • Payment gateways through Google Cart
  • Cached information from anything you put on your website and took down
  • Your pictures
  • The list goes on

We can add your browsing history to this list. In the last few weeks alone there has been incidents where private information went to the wrong person.

Google had to send out a notice earlier this month to users of Google Docs informing them that some of their documents might of been shared with other accounts that did not have access.

Two days ago purchasing records including names, phone numbers and credit cards were published via Google Cache from a faulty third party payment gateway. That means the information for about 22,000 people was available for all to read. Oops!

Google is not alone

Facebook rescinded its new Terms Of Service after user outrage over the issue of keeping all your information even if the account is canceled.

If you work for a large company they probably store emails for security and legal concerns.

You have no idea what what will happen with any documents you upload to a server or any post you make on a random site.

How can you make your fingerprint smaller?

In terms of Google you can not accept cookies and turn off javascript. Even for the most savvy tech individuals this can be a hassle. Many sites you visit will require cookies and javascript to function properly.

I would recommend using using Firefox for your browser. Install Add Block and the Google Opt-out Plugin. As a developer its just absurd to think that I’ll stop using all of Google’s tools available to me. However I will limit the use of them. I will no longer install Google Analytics by default on all new sites I build but only as a request from the client. I’ll also look for other solutions to replace Google. Some of the applications they provide are just essential to my job.

Think about what you’re putting up on “The Cloud”. Look for other alternatives that keep your documents in your control.

Consider the information you’re submitting on that form. A credit card or SSN should be a flag to be wary. The average user would be horrified to see how some websites handle sensitive information.

Tags:
Posted in privacy | No Comments »