Tor: An anonymous Internet communication system

Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. ItUsing Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and more. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.

Your traffic is safer when you use Tor, because communications are bounced around a distributed network of servers, called onion routers. Instead of taking a direct route from source to destination, data packets on the Tor network take a random pathway through several servers that cover your tracks so no observer at any single point can tell where the data came from or where it's going. This makes it hard for recipients, observers, and even the onion routers themselves to figure out who and where you are. Tor's technology aims to provide Internet users with protection against "traffic analysis," a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security.

You can see how it works in Electronic Frontier Foundation's web.

And you can download it.

Privacy: How much regulation is too much?

By Shawna McAlearney, News Editor 28 Apr 2005 | SearchSecurity.com

We had a chance to self-regulate, but now it's the government's turn, Marcus Ranum told a panel of security and privacy experts yesterday at the Security & Technology Online (SATO) e-conference. The group discussed the future of security and privacy regulations and the possibility of further government intervention in industry practices. But it offered no solutions.

"We're in a really difficult spot," said Ranum, CSO of Columbia-Md.-based Tenable Security. "Industry should have been doing more all along, but because it didn't the government is going to have to step in."

Panelists also included Barbara Lawler, chief privacy officer for Hewlett-Packard Co. in Palo Alto, Calif.; Dan Burton, vice president of government relations at Entrust Inc. in Addison, Texas; Ken Williams, vice president of IT governance at Computer Associates Inc. in Islandia, N.Y.; and Mary Ann Davidson, CSO for Oracle Corp. in Redwood Shores, Calif.

Full article in Search Security

La Belgique a créé un fichier recensant tous les prêts en cours

Article publié dans Le Monde 27/04/2005

La Belgique a joué un rôle pionnier en Europe en adoptant, en mai 2001, le principe d'un "fichier positif" , censé être un outil déterminant dans la lutte contre le surendettement. Enregistrant tous les contrats de crédit en cours, géré par la Banque nationale de Belgique (BNB, l'équivalent de la Banque de France), la Centrale des crédits aux particuliers doit obligatoirement être consultée par les établissements avant l'octroi d'un crédit.


La Commission de la vie privée a rendu un avis favorable à la création de ce fichier central, estimant, contrairement à certains de ses homologues, dont la Commission nationale de l'informatique et des libertés (CNIL) française, qu'un tel outil comportait plus d'avantages que de désagréments.

L'article compete est disponible dans la web de Le Monde

Controversia por ley que invade privacidad en Argentina

Noticia publicada en El Nuevo Herald:

BUENOS AIRES - Una polémica ley que habilita al Estado a interceptar comunicaciones de redes públicas o privadas de telecomunicaciones para combatir el delito despertó el rechazo generalizado en Argentina por considerar que viola la privacidad de los usuarios.

Por la norma, que entrará en vigencia a partir del 31 de julio, la Secretaría de Inteligencia podrá acceder a "toda transmisión, emisión o recepción de signos, señales, escritos, imágenes, sonidos por hilo, cable eléctrico, atmósfera, radio electricidad, medios ópticos y/o medios electromagnéticos o de cualquier naturaleza".

Ordena, además, que los prestadores de internet y las compañías de telefonía móvil deberán almacenar durante diez años toda información sobre sus clientes: sitios web que visitan, mails, contenidos de los chats, a quienes llaman y de quiénes reciben llamadas, por ejemplo, ante la posibilidad de que puedan ser requeridos por la justicia.

La ley, sancionada en 2003 por el Congreso y recientemente reglamentada por el presidente Néstor Kirchner, tiene por objetivo "combatir el delito y servir al esquema de seguridad colectivo de la Nación" y menciona como ejemplo los casos de secuestros extorsivos y narcotráfico.

La iniciativa despertó variadas críticas, desde su "inconstitucionalidad" hasta por los costos económicos que implica aplicar la tecnología necesaria para hacer un monitoreo masivo de todas las telecomunicaciones en el país. Incluso, se presentaron numerosas demandas ante la justicia para evitar su aplicación.

"No encuentro fundamentación para una norma tan absolutamente abusiva (...) Se viola lo que es la zona de reserva de intimidad de las personas", dijo el lunes el reconocido constitucionalista Daniel Sabsay.

"Es anticonstitucional porque establece que todos los ciudadanos estamos bajo sospecha", expresó el diputado opositor Mauricio Bossa.

En tanto que el gobierno por ahora evita referirse en público a la ley.

"No voy a responder sobre ese tema", dijo el ministro de Justicia, Horacio Rosatti, al ser consultado el lunes.

El órgano del Estado encargado de ejecutar las intercepciones será la dirección de observaciones judiciales, dependiente de la Secretaría de Inteligencia del Estado (SIDE).

Baker & McKenzie's Privacy Web

Baker & McKenzie is a firm law with a fantastic Privacy/Data Protection law resources:

What's New on the Privacy Law Site

Legislation, Regulations and Policies -- By Country (42 countries)

Legislation, Regulations and Policies -- By U.S. State

Articles and Other Resources

And the Global Privacy Group Capabilities Document


And for others IT&law resources:
E-Commerce,Complex Information Technology Licensing, Media & Entertainment, and Telecommunications.

Experts Debate Utility, Safety of E-Passports

Posted by Andrew Brandt in PCWorld.


When privacy and security advocates met a government representative responsible for U.S. passports at the Computers, Freedom, and Privacy conference last week in Seattle, the mood was contentious. (If you want to hear for yourself, I've included audio clips from three panelists lower down in this blog.)

(New passports would contain flexible computer chips, which can be read at a distance, in an update planned by the government agencies responsible for passports. In addition, foreign visitors to the United States may be required to apply for a visa if their passport doesn't contain a digital photo and other data.)

What follows are summaries and mp3 audio recordings of the presentations given by some of the panelists.

Full article in PCWORLD

Elaine Newton: privacy & anonymity

The Center for Internet and Society and the Stanford Law and Technology Association present Privacy by Design (integrating privacy and/or anonymity into the design of technology) with Elaine Newton CIS Fellow


Monday April 18, 2005
12:30 - 1:30 p.m.
Room 271
Free and Open to all!
Lunch Served

Elaine Newton is a doctoral student in advanced candidacy in Engineering and Public Policy at Carnegie Mellon University.


She is working in privacy and anonymity :

"Preserving Privacy by De-Identifying Face Images," with co-authors Latanya Sweeney and Bradley Malin.

"Protecting Public Anonymity" (with Granger Morgan)


Video Surveillance, Face Recognition, and Privacy

New japanese data protection law

There is a new japanese data protection law, effective from April 1, 2005. So there ia a webcast at Mofo, that you can see previos log in.

Another law firm White & Case has made the ANNUAL GLOBAL PRIVACY SYMPOSIUM (April 12, 2005) and they upload slides from the Symmpsium: Japan -New Personal Information Protection Law: Challenges and Clarity, Biometrics, EU Data Protection: Plans for 2005 by Rosa Barceló.


And this new:

DATA SECURITY BREACHES NO LONGER "DIRTY SECRET" SAYS WHITE & CASE LAWYER

April 12, 2005 ... Today's announcement of a massive theft of personal data from the LexisNexis computer systems, and numerous similar recent announcements, may suggest that computer security breaches are on the rise. But in reality, it is simply that new data privacy laws in California have begun forcing companies to disclose and respond to breaches that previously would have not been made public, says a noted privacy lawyer with White & Case. (full article on White & Case web)

APEC and Privacy

APEC (Asia-Pacific Economic Cooperation)is the premier forum for facilitating economic growth, cooperation, trade and investment in the Asia-Pacific region.

APEC is the only inter governmental grouping in the world operating on the basis of non-binding commitments, open dialogue and equal respect for the views of all participants. Unlike the WTO or other multilateral trade bodies, APEC has no treaty obligations required of its participants. Decisions made within APEC are reached by consensus and commitments are undertaken on a voluntary basis.

One of APEC's working groups is The Electronic Commerce Steering Group (ECSG) that promotes the development and use of electronic commerce by creating legal, regulatory and policy environments in the APEC region that are predictable, transparent and consistent. There is a subgroup that works on privacy issues.

Data Privacy Subgroup I 23-24 Feb 2005, Seoul, Korea

Symposium On Data Privacy Implementation Mechanisms: Developing The APEC Privacy Framework I 23-24 Feb 2004, Santiago, Chile

Data Privacy Workshop 13 Feb 2003, Chiang Rai, Thailand


Electronic Commerce Steering Group Forum on Privacy 22 Feb 2002, Mexico City, Mexico

Consumers’ Online Privacy Concerns

Today I have seen this report "Consumers’ Online Privacy Concerns" by Milagros Rivera, Hichang Cho and Sun Sun Lim. They are professeurs at the National University of Singapore.

Another report “Consumers’ Concerns about Online Privacy: Attitudes and Behaviors,” (Hichang Cho and Sun Sun Lim, Milagros Rivera). 26th International Conference on Privacy and Personal Data Protection, September 2004, Wroclaw, Poland .

There is more presentations and papers in Milagros Rivera's web about Regulatory efficiency, ICT comparative policy, online privacy, e-government and cyber crime. Her research interest centers in the Asia Pacific Region.

About e-government there is a report by Accenture "eGovernment Leadership: High Performance, Maximum Value
Fifth Annual Accenture eGovernment Study Reveals Governments at a Crossroads "

no place to hide

No Place To Hide is a multimedia investigation by news organizations, such as Center for Investigative Reporting, working together across print and broadcast platforms, to make a greater impact than any one organization could alone.


No place to hide is a book by Robert O'Harrow, Jr. There is the final chapter of No Place to Hide, by Robert O'Harrow, Jr., published by Free Press, a division of Simon & Schuster.

In this book you can see how companys like Acxiom, Seisint, ChoicePoint, HNC Software, TransCore, Searchspace, and Verint work with technology and privacy.

A firm called SAMSys Technologies, meanwhile, uses the tags to create an all-purpose surveillance tool for amusement parks called the SafeTzone System. Everybody at the park would get a SafeTzone Locator, a watch-size tracker. Parents could use it to find their kids on an electronic map, buy goodies for them without pulling out their wallets, and cut down on waiting times for rides. They bill it as a combination of gee-whiz and surveillance, in one tiny package. "The SafeTzone System is making the entertainment park experience more enjoyable and less frustrating for families and groups."

"No place to hide" by R.O'Harrow

Should every agency have a chief privacy officer?

Should every agency have a chief privacy officer?

By David Perera Published on Federal Computer Week

An Information Age argument about how agencies should best organize themselves to protect citizens' privacy rights has collided with the jurisdictional divides between power centers in Washington, D.C.

Specifically, a 4-month-old law requiring agencies to appoint chief privacy officers, which passed last year as part of Congress' omnibus spending bill, has provoked resistance from the Office of Management and Budget and Congress.

Full article FCW

Verichip

A revolution in the making: VeriChip is a miniaturized, implantable radio frequency identification (RFID) device for use in a variety of identification and information applications. About the size of a grain of rice, each VeriChip contains a unique verification number, which can be used to access a subscriber-supplied database providing personal related information.

Once implanted just under the skin, via a quick, simple and painless outpatient procedure (much like getting a shot), the VeriChip can be scanned when necessary with a proprietary VeriChip scanner. A small amount of radio frequency energy passes from the scanner energizing the dormant VeriChip, which then emits a radio frequency signal transmitting the individual’s unique personal verification (VeriChip ID)
number. The VeriChip Subscriber Number then provides instant access to the Global VeriChip Subscriber (GVS) Registry – through secure, password-protected web access to
subscriber-supplied information. This data is maintained by state-of-the-art GVS
Registry operations centers in Riverside, California and Owings, Maryland.

Microsoft to plug ID controls into Windows

Microsoft will build software for managing identities into Windows in order to beef up security by giving users more control over their personal information, the world's largest software maker said on Tuesday.

The ID technology, called "info-cards," will give users more control over their own personal information in order to shop and access services online, said Michael Stephenson, a director in Microsoft's Windows Server division.

Microsoft is currently working on a new Internet Explorer Web browser and version of Windows, code-named Longhorn, but Stephenson declined to say whether info-cards would be built into the current Windows XP version or into Longhorn.

(read full article published on ZDNet News)

Future of privacy

Demos is an independent think tank committed to radical thinking on the long-term problems facing the UK and other advanced industrial societies.
It aims to develop ideas – both theoretical and practical – to help shape the politics of the twenty first century, and to improve the breadth and quality of
political debate.
Demos publishes books and a regular journal and undertakes substantial empirical and policy oriented research projects. Demos is a registered charity.

In all its work Demos brings together people from a wide range of backgrounds in business, academia, government, the voluntary sector and the media to share and cross-fertilise ideas and experiences.

At demos you can download a e-book "The future of privacy"

At the close of the century, huge flows of personal data are the life-blood of the new economy – with serious implications for privacy. This book analyses the forces – technological, economic, political and cultural – shaping the future of privacy. Includes a detailed set of policy recommendations on data protection, the media and public education. Perri 6 is a writer, lecturer and Demos Associate