This should be required reading for anyone using Facebook. I recommend that everyone take some time to read though this very informative guide.
On December 1, 2010, the Federal Trade Commission issued a major report discussing consumer privacy online. In the report, the FTC advocated the use of a "Do Not Track" mechanism governing the collection of information about consumer’s Internet activity. Specifically, the FTC suggested the use of a "persistent setting, similar to a cookie, on the consumer’s browser signaling the consumer’s choices about being tracked and receiving targeted ads."
In the wake of that report, Microsoft announced a new feature to be included in version 9 of Internet Explorer. Although still in development, IE9 will include a opt-in mechanism (“Tracking Protection”) to identify and block many forms of undesired tracking as well as a “Tracking Protection Lists” will enable consumers to control what third-party site content can track them when they’re online.
For an example of how this is supposed to work, check out the following video:
HealthLeaders Media reports that California Department of Public Health (CDPH) officials have fined Lucile Salter Packard Children's Hospital at Stanford University $250,000--the maximum amount allowed under state law--for failing to report a breach of 532 patient medical records due to the theft of a hospital computer. The records included such information as names, dates of birth, procedures and Social Security numbers. The hospital, which is appealing the decision, has stated that when it was determined the computer could not be recovered, the incident was reported to the CDPH, federal authorities and families of potentially affected patients. Under California's failure-to-notify penalties, which are unique in the U.S., state health officials have issued more than $1.8 million in fines against 143 hospitals for failing to report a variety of incidents including breaches of medical records, the report states.
Germany has announced a new national ID program that will be mandatory for all citizens. The ID cards will be embedded with a special radio frequency identification security chip, or "RFID." These chips allow for short distance transmission of data over radio waves. One of the unique features of RFID is the lack of a power source within the chip itself. For example, many newer cars have a RFID chip implanted in the plastic casing of key used to start the car. (I am not referring to the remote door control which is usually battery powered.)
When the key is turned, the car sends a specially tuned radio wave toward the key. The radio waves generate enough power to activate the chip inside the key and transmit a authentication code back to the car, allowing it to start. Since RFID does not require an external power source, it is perfect for use in these types of applications. You might have an RFID chip in your wallet right now without even realizing it.
The use of RFID chips for identification cards is not unique. In the United States, passports issued after 2006 contain an RFID tag which contains the name, nationality, gender, date of birth, and place of birth of the passport holder. However, the cards proposed to be used in Germany will be exponentially more complex. Supposedly, the cards will not only be used by the government for identification purposes but will also facilitate online shopping and downloading music.
The potential applications are limitless, but so are the potential vulnerabilities. Although RFID's have become more secure overtime, it continues to have a number of weaknesses which can be exploited. It will be interesting to see how Germany addressed those concerns when the new cards are rolled out November 1st.
The Thursday August 5, 2010 edition of the Los Angeles Daily Journal featured my article entitled “Cell Phone Users Catch a Break,” in the Perspective column. It discusses the U.S. Copyright Office's recent announcement regarding its decision to exempt wireless telephone handsets from the anti-circumvention provision under the Digital Millennium Copyright Act. The article is posted below with permission of Daily Journal Corp. (2010).