Showing posts with label Identity. Show all posts
Showing posts with label Identity. Show all posts

Tuesday, June 5, 2007

Biometrics and DNA-enabled passports

About 10 years ago, a large brown envelope arrived in my mailbox from my old alma mater. It contained a request for me to participate in a long-term research study that the university was undertaking on the effects of drinking water from Lake Ontario, which I had been drinking for most of my life. The large brown envelope also contained a much tinier brown envelope into which I was to deposit the clippings of all ten of my toenails. Once I got past the "ew…gross" factor, I began to ponder the implications of sending away little pieces of my DNA that were to go on file for a decades-long study. Despite the assurances from this well-respected university that my toenail clippings would be kept secure and not used for any other purpose, I opted not to participate, as I just did not feel comfortable with the prospect.

Fast-forward a decade and it appears that our governments will eventually be forcing us to provide DNA samples, if we ever want to travel outside the country, that is. According to a CanWest News report:

Canadians will inevitably have to carry travel documents with their DNA,
biometrics or other biological identifiers in order to ensure secure border
travel to the United States, according to a new white paper to be revealed to
government officials in Ottawa Monday.

Although some technology, such as DNA-enabled passports or driver's
licences, may be a long way off, terror threats and other looming risks mean
governments must begin to seriously consider how they will introduce those
measures in the future, [said Michael Hawes, executive director of the
Foundation for Educational Exchange between Canada and the United States of
America.]

The white paper will outline the implications of the U.S.’s Western Hemisphere Travel Initiative, which earlier this year required Canadians flying into the U.S. to carry a passport and which will require all Canadians driving or walking across the border to have a passport by 2008.

A few toenail clippings in a university researcher’s file cabinet are a minor concern compared to a DNA profile being available in electronic format to my own government, let alone a foreign government. While the purpose is to guarantee that I am who I say I am when traveling in and out of my country, what would happen if the electronic representation of my DNA were stolen? Just ask someone who shares a similar name to someone on the U.S. "no-fly" list how easy it is to prove who they are: how much more difficult and dangerous will it be if your DNA profile is stolen or altered?

It raises the question of ownership of the data and informed consent to citizens about how it will be used. Citizens should have assurances that their DNA profile will not be collected or saved by foreign governments and that the information will not be made available to other government agencies or third parties. Genetic information from DNA and other biometric information can be dangerous not only if it is used to assume someone’s identity, but also if it reveals health or social information that could be used in a negative way against the owner.

The use of biometrics and DNA seems inevitable in an increasingly security-obsessed world. As citizens we need to pay very close attention to these initiatives and the laws in place to protect our identity.
AddThis Social Bookmark Button

Posted by Sharon E. Herbert at Tuesday, June 05, 2007 1 comments

Labels: , , , , , , , , , , ,

Sunday, April 29, 2007

2K Bloggers: Anonymous Blogging

As a follow-up to my previous post, I highly recommend Elaine’s excellent post over at 2K Bloggers:

The EFF (Electronic Frontier Foundation) suggests these six things you should do to be anonymous: Use a Pseudonym and Don’t Give Away Any Identifying Details, Use Anonymizing Technologies, Use Ping Servers, Limit Your Audience, Don’t Be Googleable, Register Your Domain Name Anonymously. But there’s more you can do, too... Read the rest of Elaine's post here.

Some great tips for those who are concerned about the potential risks of blogging on sensitive topics.
AddThis Social Bookmark Button

Posted by Sharon E. Herbert at Sunday, April 29, 2007 2 comments

Labels: , , ,

Thursday, April 26, 2007

Google Search Blocks Canadian's Entry into U.S.

An alarming report from Tuesday’s Globe and Mail:

Nearly 40 years ago, a young psychotherapist embraced two-thirds of LSD guru Timothy Leary's advice to the Sixties generation to "turn on, tune in and drop out." Curious how LSD and other hallucinogens might be used in treating patients, Andrew Feldmar turned on and tuned in himself. But he never dropped out. And, no fan of the late Dr. Leary, Mr. Feldmar took his last hit of acid in 1974.

Thirty-two years, however, turned out to be but an instant in the long, unrelenting U.S. war on drugs. Last summer, in an incident that has just come to light, Mr. Feldmar, now 66, was banned from entering the United States because of his long-ago use of LSD. Because Mr. Feldmar had never been charged with possession of the once-popular illegal drug, privacy advocates are even more alarmed by the way U.S. border guards at the busy Peace Arch crossing near Vancouver found out about it.

The guards simply looked up Mr. Feldmar on the Internet and discovered his own article about using LSD, written for the scholarly, peer-reviewed journal Janus Head.

Eugene Oscapella, an Ottawa lawyer involved in privacy issues for 20 years, said the incident sends a frightening message to Internet users, particularly those who bare their souls online. "Don't ever put anything about any illegal activity on the Internet," Mr. Oscapella warned yesterday. "It leaves a digital footprint for all to see, and it's there forever. "We've gone beyond Orwellian measures. The state can now do things with a flick of the switch that used to be incredibly labour intensive."

In an earlier posting, I discussed the many risks that bloggers take in exposing personal information on the Internet with respect to employment and personal relationships. What’s most shocking about this incident is that Mr. Feldmar has never been convicted of a criminal offence and has crossed the border into the United States numerous times without issue. More disturbing than the power that border guards seem to wield is the fact that Mr. Feldmar felt compelled out of fear to sign a confession:

Mr. Feldmar was held at the border for five hours, before being allowed to return to Canada after signing an admission that he had once violated the U.S. Controlled Substance Act. He said he signed out of fear that he might be kept in custody even longer if he refused.

Willie Hicks, public affairs officer for the border crossing, said yesterday that Mr. Feldmar admitted violating U.S. drug laws "in a sworn statement. "I don't make the laws. That's the policy, and we enforce the laws at the border. It is up to the discretion of our officers who gets to go across."

A major blow to free speech and another reason to think twice before putting any of your personal information on the Internet.
AddThis Social Bookmark Button

Posted by Sharon E. Herbert at Thursday, April 26, 2007 4 comments

Labels: , , , , , ,

Wednesday, April 25, 2007

The 7 Laws of Identity: User control in system design

As the level of fraudulent activity online grows, consumer confidence in e-commerce is increasingly threatened. In response, Kim Cameron, Chief Identity Architect at Microsoft developed the 7 Laws of Identity, in cooperation with a number of leading experts from around the world. At the recent Privacy and Security Conference in Victoria, British Columbia, Ann Cavoukian, Information and Privacy Commissioner of Ontario, presented a white paper proposing privacy-embedded laws of identity, based on Cameron’s 7 Laws.

The proposal would create an identity layer in software and web services. Programmers are urged to embed privacy capabilities based on the following seven laws:

Law #1 – User Control and Consent
The user must have control over how much information to provide and under what circumstances.

Law #2 – Minimal Disclosure for a Constrained Use
The user must only provide the least amount of information for a specific purpose.

Law #3 – Justifiable Parties
The disclosure of personally-identifiable information is limited to only those parties that have reason to require it in order to fulfill a specific purpose.

Law #4 – Directed Identity
Web sites and other technology should be unidirectional and shouldn’t be able to access your personal information without your prior consent.

Law #5 – Pluralism of Operators and Technologies
Systems should ensure that users can decide how much personal information to provide, depending upon the context. A “one size fits all” solution is not desirable where your personal information is concerned.

Law #6 – Human Integration
The ways in which users interact with systems must be done in a way that ensures users can more easily detect fraudulent websites and messages.

Law #7 – Consistent Experience Across Contexts
Systems are designed with standards and conventions that are easily recognizable to users, while allowing the user to exercise control between contexts.

More and more of our personal information is accessible than ever before and most of is controlled by others, in both the private and the public sectors. As more of our routine tasks and commerce take place on the Internet, the 7 Laws of Identity are a means for users to take back control of their personal information.
AddThis Social Bookmark Button

Posted by Sharon E. Herbert at Wednesday, April 25, 2007 1 comments

Labels: , , , ,

Friday, April 20, 2007

12 Tips to Prevent Identity Theft

Identity theft is becoming an increasing problem, with over 160,000 cases reported in the U.S. in 2002 and over 7,000 that year in Canada. So much of our personal information is available in the cards we carry in our wallets, credit card receipts, bank statements and utility bills that it is easy to be careless and place our finances, personal property, credit history and reputation at risk.


Here are some tips from Safe Canada to protect yourself from identity theft:

  1. Sign all credit cards when you receive them and never lend them to anyone.

  2. Cancel and destroy credit cards you do not use and keep a list of the ones you use regularly.

  3. Carry only the identification information and credit cards that you actually need. Do not carry your social insurance card (Canada) or social security card (United States); leave it in a secure place. This applies also to your passport unless you need it for traveling out of country.

  4. Pay attention to your billing cycles and follow up with your creditors and utility companies if your bills do not arrive on time.

  5. Carefully check each of your monthly credit card statements. Immediately report lost or
    stolen credit cards and any discrepancies in your monthly statements to the issuing credit card company.

  6. Shred or destroy paperwork you no longer need, such as bank machine receipts, receipts from electronic and credit card purchases, utility bills, and any document that contains personal and/or financial information. Shred or destroy pre-approved credit card
    applications you do not want before putting them in the trash.

  7. Secure personal information in your home or office so that it is not readily accessible to others, who may have access to the premises.

  8. Do not give personal information out over the phone, through the mail, or over the
    Internet unless you are the one who initiated the contact and know the person or
    organization with whom you are dealing. Before you share such information,
    ensure that the organization is legitimate by checking its website to see if it
    has posted any fraud or scam alert when its name has been used improperly, or by
    calling its customer service number listed on your account statement or in the
    phone book.

  9. Password-protect your credit card, bank, and phone accounts, but do not keep a written record of your PIN number, social insurance or social security number, or computer passwords where an identity thief can easily find them. Do not carry such information in your purse or wallet.

  10. Order a copy of your credit report from the major credit reporting agencies at least once every year. Check with the credit bureaus to see whether there is a charge for this service. Make sure your credit report is accurate and includes only those activities that you have authorized.

I would also suggest that you never allow sales staff to put your receipt in the bag; it’s too easy to forget it, toss the bag and your credit card information along with it.

Also, never leave your signed credit card receipt on the table in a restaurant when you leave; always ensure that you hand it directly to your server before leaving the restaurant. Ideally, you should accompany the server when he or she swipes your credit card to ensure they are not “double-swiping”. Embarrassing, yes, as it implies you don’t trust the server, but most good restaurants should appreciate their customers’ concerns.

Identity theft can be a nightmare for the consumer. Start following these tips today to protect your identity.

For more information:

In Canada: Safe Canada

In the U.S.: Federal Trade Commission

In the U.K.: Home Office

AddThis Social Bookmark Button

Posted by Sharon E. Herbert at Friday, April 20, 2007 2 comments

Labels: , , ,

Subscribe to: Posts (Atom)