Friday, May 05, 2006
wow..
Suit accuses Google of profiting from child porn
Jeffrey Toback, a representative in New York's Nassau County Legislature, charged in a complaint filed Thursday that Google has been taking in billions of dollars by allowing child pornography and "other obscene content" operators to advertise their sites through sponsored links, which are tailored to a user's search terms and automatically accompany search results. The suit was filed in the New York Supreme Court.
Among other allegations, the complaint evoked the politically volatile topic of the search engine's dealings in China.
"Defendant is willing to accede to the demands of the Chinese autocrats to block the search term 'democracy,'" the complaint states, "but when it comes to the protection and well-being of our nation's innocent children, Defendant refuses to spend a dime's worth of resources to block child pornography from reaching children."
A Google representative said Friday that the company prohibits child pornography in its products and removes all such content whenever the company finds or is made aware of it. "We also report it to the appropriate law enforcement officials and fully cooperate with the law enforcement community to combat child pornography," spokesman Steve Langdon said in an e-mail.
Langdon pointed to the content policy for Google's AdWords sponsored links service, which broadly prohibits "promotion of child pornography or other non-consensual material." Langdon also noted that Google offers a filtering tool called SafeSearch that aims to block offensive content in search results.
The availability of such tools could mean that the suit may not go far. Section 230 of the federal Communications Decency Act protects providers and users of an "interactive computer service" from liability if it can be shown that they took good-faith measures to restrict access to obscene material. It also provides that "no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider."
The suit, which claims Google acted negligently and intentionally inflicted emotional distress on the public, requests monetary damages to be determined at trial. It also accuses Google of violating federal statutes relating to child pornography and calls for the court to order that Google cease "advertising, promoting, or distributing" child pornography through its site or otherwise providing any links to such content.
The suit was filed by the White Plains, N.Y.-based firm of Meiselman, Denlea, Packman, Carton & Eberz. Other recent lawsuits filed by the firm have sought at least $10 million for alleged sex discrimination against Atlantic City, N.J., casino cocktail waitresses and $600 million from the maker of an ephedra-based dietary supplement claimed to cause the death of a Baltimore Orioles pitcher.
Toback, the politician backing the action, describes himself in his biography on Nassau County's Web site as a "quality of life guy" who has focused on legislation promoting open space and recreational areas. He has also co-sponsored a law designed to protect teenagers from tanning beds and has planned this year to pursue a ban of toy guns in the area.
The legal action against Google comes as Congress and the Bush administration have been attempting to step up their crackdown on online sexual exploitation of children. The Justice Department has proposed a mandatory labeling system for sites bearing sexually explicit content and higher penalties for Internet service providers that don't report child pornography on their networks to the appropriate authorities.
source:http://news.com.com/Suit+accuses+Google+of+profiting+from+child+porn/2100-1030_3-6069014.html
A car that could save the planet—fast
SAN FRANCISCO (Business 2.0 Magazine) - Ian Wright has a car that blows away a Ferrari 360 Spider and a Porsche Carrera GT in drag races, and whose 0-to-60 acceleration time ranks it among the fastest production autos in the world. In fact, it's second only to the French-made Bugatti Veyron, a 1,000-horsepower, 16-cylinder beast that hits 60 mph half a second faster and goes for $1.25 million.
The key difference? The Bugatti gets eight miles per gallon. Wright's car? It runs off an electric battery.
Wright, a 50-year-old entrepreneur from New Zealand, thinks his electric car, the X1, can soon be made into a small-production roadster that car fanatics and weekend warriors will happily take home for about $100,000 --a quarter ton of batteries included. He has even launched a startup, called Wrightspeed, to custom-make and sell the cars.
(For a photo gallery of what's under the X1's hood, click here.)
But Wright isn't some quixotic loner. He's part of a growing cluster of engineers, startups, and investors, most of them based in Silicon Valley, that believe they can do what major automakers have failed at for decades: Think beyond the golf cart and deliver an electric vehicle (EV) to the mass market.
Indeed, the race for the new consumer EV has already begun: Just a year ago, Wright was working for his Woodside neighbor Martin Eberhard, co-founder of Tesla Motors, a startup that has 70 employees and a major investment from PayPal founder Elon Musk, which is building a mass-market rival to the X1. Wright left, believing he had an even better idea.
Beyond that, startups are forming to equip new "plug-in" hybrids that run almost entirely on their electric motors. And around the country, a handful of other exotic EVs are showing up on the road -- including George Clooney's new ride, a $108,000 commuter coupe that's just 3 feet wide.
The more that cars become technology platforms, the more the future plays into the hands of people like Wright and Eberhard. "Automakers can't do this," Eberhard says. "If you drill into the complexity of an electric car, it's not the motor, it's the electronics and battery system, which car companies aren't good at."
Adds Musk, "The time is right for a new American car company, and the time is right for electric vehicles, because of advances in batteries and electronics. Where's the skill set for that? In the Valley, not Detroit."
Wright's garage-born heroics are, in many respects, long overdue. After all, electric cars predated the gasoline combustion engine. But they soon headed for museums, replaced by gas engines. A mid-1990s wave of all-electric cars was short-lived -- GM (Research) spent more than $1 billion to introduce a short-lived electric vehicle -- and were soon replaced by Toyota's hot-selling hybrid gas-electric Prius.
So how do you build the EV of the future on a six-figure budget when GM couldn't do it with more than $1 billion? For starters, you get all the basic parts off the shelf. By itself, all the hardware in the X1 is nothing new. The X1's real secret is how Wright engineers it all to keep the car in optimum race mode whenever you hit the accelerator.
Last November, Wright towed the X1 to a racetrack near Sacramento to see how his prototype would do against a Ferrari and a Porsche. On paper, a win seemed guaranteed. But he hadn't yet run the car full out.
In the first matchup, the X1 crushed the Ferrari in an eighth-mile sprint and then in the quarter-mile, winning by two car lengths. In the second race, against the $440,000 Porsche, the two cars were even after an eighth of a mile. But as the Porsche driver let out the clutch in a final upshift, his tires briefly lost traction. The X1, blazing along in its software-controlled performance mode, beat the Porsche by half a car length.
It never occurred to me that I would lose," says Kim Stuart, the Porsche's driver. "It was like a light switch. He hit the pedal and was gone."
So what now? Wright isn't sure himself. Only 50 or so people have driven the car, and Wright has just begun to hold his hat out for potential investors. With $8 million in funding, he says, he is convinced he can put a consumer version of the X1 into production that meets federal safety standards, has a 100-mile range, and recharges in 4.5 hours.
To bring any EV to the masses, of course, will require much improved battery technology. But a handful of startups backed by Valley VCs are claiming that big advances are just around the corner. Menlo Park-based Li-on Cells claims that its technology will double the performance of lithium-ion batteries for about half the cost.
Thus, the X1 and the Tesla could be just the things to throw the EV race into high gear. As battery prices drop and performance improves, the cars could come within reach of a wider audience. And if oil prices keep climbing, more and more consumers will demand alternatives that are punchier than a Prius.
source:http://money.cnn.com/2006/05/04/technology/business2_wrightspeed/
Microsoft sees Google's $500m, raises $500m
Microsoft Corp will spend over $1bn on R&D just in its MSN unit, for the fiscal year starting in July, chief executive Steve Ballmer told an audience of would-be advertising customers.
The money, part of the surprise spending package that recently gave Microsoft's share price its biggest single-day drop in five years, comes as the company struggles to catch up to Yahoo Inc and Google Inc in the search and online advertising market.
Ballmer and MSN chief Yusuf Mehdi introduced adCenter, Microsoft's answer to Google AdWords and Yahoo's Publisher Network, gave some hints at what features are coming up in the near future, and promised to put its money where its mouth is.
"Our R&D spend just in our online MSN area has gone from a $500 million in our fiscal year '05, to a projected $1.1 billion in our fiscal year '07," Ballmer said. "We will invest as much in this online opportunity in R&D as any of the other big players in the market."
Last year, Yahoo invested about $547m in product development and Google invested a more modest $484m in R&D, according to those companies' financial reports.
Microsoft's total investment in R&D, across all its business units, in the company's fiscal 2007, will be $6.2bn, Ballmer said. Unlike Yahoo and Google, Microsoft has obvious cross-pollination advantages due to the breadth of its product catalog.
"We have told our R&D folks that our number one priority, number one priority is software as a service," Ballmer said. adCenter is one such service.
Mehdi demonstrated the features of the service, currently restricted to search-based advertising, and previewed context-based advertising features that will compete with AdSense and YPN. He said it will differentiate itself in two key ways.
"One is again harnessing the power of audience intelligence to get better ROI for advertisers," he said, "the second is to really do a better job to give you more complete control over the two separate marketplaces, because, as you know, search and contextual work in different ways."
He said the context advertising function, in which ads are matched to the publisher-generated content rather than the user-input search query, will have a greater ability to target ads at specific user demographics. A pilot of the feature is due this summer.
Microsoft is talking up the "ecosystem" approach too. Free APIs will be available for companies to build adCenter into their own ad management campaigns.
He's talking Google's language here. With AdSense, AdWords, and the myriad extensible services and APIs Google has exposed, a big portion of the web is programmatically plugging into Google in some fashion.
And that's Microsoft's traditional stomping ground. Ballmer even mimicked his own insane "Developers! Developers! Developers!" rants, saying its now "developers, developers, developers, advertisers, advertisers, advertisers".
"This is really a platform play," he said. "We need an ecosystem, as we call it, around our Live platform, just as we needed an ecosystem around Windows... the only way we will be able to get to critical mass is by literally reaching out."
source:http://www.cbronline.com/article_news.asp?guid=3D810B1B-BBE0-482D-A81C-DBE60BAB97C4
Bird Flu Drug Mass Production Technique Discovered
source:http://science.slashdot.org/science/06/05/05/1231248.shtml
Sun to make Java more Linux-friendly
The company will announce the changes and at least one other open-source move at the JavaOne conference later this month, Sun executives said during a press teleconference on Thursday.
Laurie Tolson, a vice president in the Java platform group, said that Sun, which licenses Java to other software companies, has modified the terms to be more favourable to open-source operating systems, specifically Linux and OpenSolaris.
She said the changes affect the Java Runtime Environment (JRE), the software that needs to be loaded on PCs for them to be able to run Java applications. Typically, the JRE is downloaded separately rather than included with an operating system.
"The intention is to make it easier for distributors and developers to get their hands on the runtime with the operating system," Tolson said.
Joe Keller, a vice president of marketing for service-oriented architecture and integration platforms, referred to the change as "JRE already included."
Sun has faced calls several times to open-source Java, which advocates say would foster innovative open-source development.
The company has resisted formally open-sourcing all of the Java software, but it has dramatically changed the development process around Java and changed licenses to make it easier to see Java source code.
JavaOne 2006 may see Sun open-source portions of the Java Enterprise System, company executive Jeff Jackson said. Last year, the Santa Clara, California-based company said it will eventually offer free access to the server software suite. It is currently "looking at everything," said Jackson, who is a senior vice president for Java development and platform engineering.
Another expected announcement at the conference, scheduled to begin May 16 in San Francisco, will cover Java Platform, Enterprise Edition 5. Sun plans to deliver a software development kit for Java EE 5 at JavaOne, executives said. Java EE 5 is the latest upgrade to the Java server standard and was ratified late last month. It is designed to make programming for Java server applications easier.
The creation of the Java EE 5, done via a committee co-chaired by Sun and Oracle, reflected Sun's intention to emulate open-source development processes, company executives said.
"We've done this entire development project with the (Java developer) community in plain sight," Keller said.
One related Sun code-sharing project is GlassFish, announced at last year's edition of JavaOne. The project aims to develop a Java application server based on the Java EE 5 standard, which uses an open-source licence.
Representatives from BEA Systems, Oracle, JBoss and SAP said on Thursday their respective business software companies are in the process of building Java server software based on the new standard. Products are expected to be released over the course of this year and next.
Software based on Java EE 5 will support the Enterprise Java Beans 3.0 standard, which is meant to make it easier to access data from Java programs and write transactional systems.
Java EE 5 has also been tweaked to speed up Web development and creation of Web services. Software based on Java EE 5 will include prebuilt components for building Web applications using the AJAX Web development technique, according to Sun executives.
source:http://www.zdnet.com.au/news/software/soa/Sun_to_make_Java_more_Linux_friendly/0,2000061733,39255431,00.htm
Tech Companies Check Software Earlier for Flaws
When BlackBerry maker Research in Motion Ltd. developed software in the past, its engineers worked quickly to meet deadlines, sometimes overlooking bugs that were caught later in the process. The result: when issues cropped up after a program had been built, it took immense time and energy to trace its roots.
RIM wasn't alone. Many companies rushed to beat rivals with new software, and checking for bugs that could later be exploited by hackers was often seen as a waste of time. That has begun to change in the past few years as new laws force the disclosure of security holes and breaches, and companies increasingly interact with customers through the Web, a front door for threats. Now, many companies, including RIM, are teaching programmers to write safer code and test their security as software is built, not afterward.
While the BlackBerry had escaped serious scrutiny for security holes, Herb Little, a RIM security director, worried the company hadn't paid enough attention to the software that runs on the BlackBerry and other devices. "The idea was that we could be doing more," says Mr. Little, who is based at RIM's Waterloo, Ontario, headquarters. "We had to raise the bar."
Mr. Little soon discovered Coverity Inc., a San Francisco start-up that sells tools to automatically check for software flaws. Now Mr. Little uses Coverity every night to scan the code turned in by engineers. The tool sends Mr. Little an email listing potential red flags. He figures out which problems are real and tracks down each offending programmer, who has to fix the flaw before moving on. Mr. Little has also ramped up security training and requires programmers to double-check each others' code more regularly.
![[Finding Holes]](http://online.wsj.com/public/resources/images/MK-AG241_SECURE_20060503210825.gif)
Software vulnerabilities throughout the industry have been on the rise: in February, for example, the U.S. Computer Emergency Readiness Team, a government organization, pointed out a flaw in Apple Computer Inc.'s Safari Web browser that could allow a hacker to take control of a computer by persuading a user to view a specially crafted Web page. Overall, Symantec Corp., a Cupertino, Calif., maker of security software, found 3,758 vulnerabilities in software last year, up 42% from 2004.
In effect, software makers are now admitting that their previous development process was faulty. While banks and other companies that deal with sensitive customer data began to build security into software development in the late 1990s, Microsoft Corp. and other software makers are only now in the middle of revamping their software-writing processes. In recent years, Microsoft says it has added controls that force its programmers to write better code before they can add it to the main program they are building. Several years ago, Microsoft also bought Intrinsa Corp., which made tools that allow programmers to find and fix bugs while they write code.
Bruce Bonsall, chief information security officer at Massachusetts Mutual Life Insurance Co., likens the new approach to fixing a plumbing problem while a house is being constructed, instead of waiting until afterward. "If you wait until your house is completely built to fix the plumbing, you're going to have to rip out the walls to do it," says Mr. Bonsall.
Revamping the software-development process creates a Catch 22: being more careful can mean missing deadlines. Microsoft, for instance, said last month that it will delay the launch of its new Windows Vista operating system to spend more time testing security and other "quality" issues. That news prompted UBS AG analyst Heather Bellini to lower her sales forecast for Microsoft's 2007 fiscal year by $112 million to $50.2 billion. The stock price fell 2% the next day. Ms. Bellini has since lowered that forecast to $50 billion, for separate reasons.
At some companies, deadlines still trump secure code. But things are slowly changing, which creates an opportunity for Coverity, and a handful of other start-ups such as Fortify Software Inc., Ounce Labs Inc. and Klocwork Inc. These companies make tools that dig into software during the development process, automatically scouring lines of code for common mistakes that a hacker could exploit. In a research note last month, Gartner Group analyst Amrit Williams said software makers that perform security code reviews experience a 60% decrease in critical vulnerabilities that make it into programs.
Venture capitalists have already poured tens of million dollars into this market. Ted Schlein, a partner at Kleiner Perkins Caufield & Byers, a Menlo Park, Calif. venture-capital firm, came up with the idea for Fortify four years ago. Mr. Schlein, a former Symantec executive, saw that software makers were becoming more concerned about improving security but lacked tools that could do so quickly and automatically. Fortify, Palo Alto, Calif., has since raised $24 million in funding from Kleiner Perkins and others over the past three years. While the company initially struggled to convince customers that its tools were worthwhile, several companies including Oracle Corp. have now signed up for Fortify's tools, which cost more than $100,000.
Adobe Systems Inc. is one Fortify customer that is now altering the way it tackles security. Two years ago, Macromedia Inc., now part of Adobe, hired Adrian Ludwig, a former security consultant, to revamp its software security approach. Several security issues had been exposed at the time in the company's software, including a vulnerability that a hacker could use to sneak malicious code on to a PC through Macromedia's Flash Player.
Since then, Mr. Ludwig has adopted Fortify software and improved communication between his team of security experts and programmers who write software. A few years ago, each group worked more or less separately: The programmers coded, then the quality-assurance team checked for mistakes. Now, programmers and security types often sit side by side at a computer, sometimes lobbing pieces of code back and forth several times a day until they believe it is airtight. The result: "Issues are being found earlier," Mr. Ludwig says. But, he adds, "I'm still trying to shift that curve."
source:http://online.wsj.com/public/article/SB114670277515443282-B59kll7qXrkxOXId1uF0txp8NFs_20070504.html?mod=blogs
Q. What could a boarding pass tell an identity fraudster about you? A. Way too much
This is the story of a piece of paper no bigger than a credit card, thrown away in a dustbin on the Heathrow Express to Paddington station. It was nestling among chewing gum wrappers and baggage tags, cast off by some weary traveller, when I first laid eyes on it just over a month ago.
The traveller's name was Mark Broer. I know this because the paper - actually a flimsy piece of card - was a discarded British Airways boarding-pass stub, the small section of the pass displaying your name and seat number. The stub you probably throw away as soon as you leave your flight.
It said Broer had flown from Brussels to London on March 15 at 7.10am on BA flight 389 in seat 03C. It also told me he was a "Gold" standard passenger and gave me his frequent-flyer number. I picked up the stub, mindful of a conversation I had had with a computer security expert two months earlier, and put it in my pocket.
If the expert was right, this stub would enable me to access Broer's personal information, including his passport number, date of birth and nationality. It would provide the building blocks for stealing his identity, ruining his future travel plans - and even allow me to fake his passport.
It would also serve as the perfect tool for demonstrating the chaotic collection, storage and security of personal information gathered as a result of America's near-fanatical desire to collect data on travellers flying to the US - and raise serious questions about the sort of problems we can expect when ID cards are introduced in 2008.
To understand why the piece of paper I found on the Heathrow Express is important, it is necessary to go back not, as you might expect, to 9/11, but to 1996 and the crash of TWA Flight 800 over Long Island Sound, 12 minutes out of New York, with the loss of 230 lives. Initially, crash investigators suspected a terrorist bomb might have brought down the aircraft. This was later ruled out, but already the Clinton administration had decided it was time to devise a security system that would weed out potential terrorists before they boarded a flight. This was called Capps, the Computer Assisted Passenger Pre-screening System.
It was a prosaic, relatively unambitious idea at first. For example, in highly simplistic terms, if someone bought a one-way ticket, paid in cash and checked in no baggage, they would be flagged up as an individual who had no intention of arriving or of going home. A bomber, perhaps.
After 9/11, the ambitions for such screening grew exponentially and the newly founded Department of Homeland Security began inviting computer companies to develop intelligent systems that could "mine" data on individuals, whizzing round state, private and public databases to establish what kind of person was buying the ticket.
In 2003, one of the pioneers of the system, speaking anonymously, told me that the project, by now called Capps II, was being designed to designate travellers as green, amber or red risks. Green would be an individual with no criminal record - a US citizen, perhaps, who had a steady job and a settled home, was a frequent flyer and so on. Amber would be someone who had not provided enough information to confirm all of this and who might be stopped at US Immigration and asked to provide clearer proof of ID. Red would be someone who might be linked to an ever-growing list of suspected terrorists - or someone whose name matched such a suspect.
"If you are an American who has volunteered lots of details proving that you are who you say you are, that you have a stable home, live in a community, aren't a criminal, [Capps II] will flag you up as green and you will be automatically allowed on to your flight," the pioneer told me. "The problem is that if the system doesn't have a lot of information on you, or you have ordered a halal meal, or have a name similar to a known terrorist, or even if you are a foreigner, you'll most likely be flagged amber and held back to be asked for further details. If you are European and the US government is short of information on you - or, as is likely, has incorrect information on you - you can reckon on delay after delay unless you agree to let them delve into your private details.
"That is inconvenient enough but, as we tested the system, it became clear that information was going to be used to build a complete picture of you from lots of private databases - your credit record, your travel history, your criminal record, whether you had the remotest dubious links with anyone at your college who became a terrorist. I began to feel more and more uncomfortable about it."
Eventually, he quit the programme.
All of this was on my mind as I sat down with my computer expert, Adam Laurie, one of the founders of a company called the Bunker Secure Hosting, to examine Broer's boarding-pass stub. Laurie is known in cyber-circles as something of a white knight, a computer wizard who not only advises companies on how to make their systems secure, but also cares about civil rights and privacy. He and his brother Ben are renowned among web designers as the men who developed Apache SSL - the software that makes most of the world's web pages secure - and then gave it away for free.
We logged on to the BA website, bought a ticket in Broer's name and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information.
Using this information and surfing publicly available databases, we were able - within 15 minutes - to find out where Broer lived, who lived there with him, where he worked, which universities he had attended and even how much his house was worth when he bought it two years ago. (This was particularly easy given his unusual name, but it would have been possible even if his name had been John Smith. We now had his date of birth and passport number, so we would have known exactly which John Smith.)
Laurie was anything but smug.
"This is terrible," he said. "It just shows what happens when governments begin demanding more and more of our personal information and then entrust it to companies simply not geared up for collecting or securing it as it gets shared around more and more people. It doesn't enhance our security; it undermines it."
Just over $100m had been spent on Capps II before it was scrapped in July 2004. Campaigners in the US had objected to it on grounds of privacy, and airlines such as JetBlue and American faced boycotts when it emerged that they were involved in trials - handing over passenger information - with the Department of Homeland Security's Transportation Security Administration. Even worse, JetBlue admitted it had given the private records of 5 million passengers to a commercial company for analysis - and some of this was posted on the internet.
But the problems did not end with the demise of Capps II. Earlier that month, after 18 months of acrimonious negotiation, the EU caved in to American demands that European airlines, too, should hand over passenger information to the United States Bureau of Customs and Border Protection, BCBP, before their aircraft would be allowed to land on US soil. The BCBP wanted up to 60 pieces of information routinely gathered by booking agencies and stored as a Passenger Name Record, PNR. This included not only your flight details, name, address and so on, but also your travel itinerary, where you were staying, with whom you travelled, whether you booked a hire car in the US, whether you booked a smoking room in your hotel, even if you ordered a halal or kosher meal. And the US authorities wanted to keep it all for 50 years.
At first, the European Commission argued that surrendering such information would be in breach of European data protection law. Eventually, however, in the face of huge fines for airlines and cancelled landing slots, it agreed that 34 items from PNRs could be handed over and kept by the US for three and a half years.
Capps II was superseded by a new system called Secure Flight in August 2004. Later, in October last year, the BCBP demanded that airlines travelling to, or through, the US should forward "advance passenger information", including passport number and date of birth, before passengers would be allowed to travel. It called this the advance passenger information system, or APIS. This is the information that Laurie and I had accessed through the BA website.
"The problem here is that a commercial organisation is being given the task of collecting data on behalf of a foreign government, for which it gets no financial reward, and which offers no business benefit in return," says Laurie. "Naturally, in such a case, they will seek to minimise their costs, which they do by handing the problem off to the passengers themselves. This has the neat side-effect of also handing off liability for data errors.
"You can imagine the case where a businessman's trip gets delayed because his passport details were incorrectly entered and he was mistaken for a terrorist. Since BA didn't enter the data - frequent flyers are asked to do it themselves - they can't be held responsible and can't be sued for his lost business."
By the time I found the ticket stub and went to Laurie, he had already reported his suspicions about a potential security lapse to BA (on January 20) by email. He received no response, so followed up with a telephone call asking for the airline's security officer. He was told there wasn't one, so he explained the lapse to an employee. Nothing was done and he still has not been contacted.
Three months ago, after further objections in the US, but before our investigation, Secure Flight was suspended after costing the US taxpayer $144m. At the time, Kip Hawley, transportation security administrator, said: "While the Secure Flight regulation is being developed, this is the time to ensure that the Secure Flight security, operational and privacy foundation is solid."
The TSA said it would continue its passenger pre-screening programme in yet another guise after it had been audited and added that it had plans to introduce more security, privacy and redress for errors - confirming critics' suspicions that no such systems were yet in place. To the consternation of privacy activists in Europe, the TSA also spelled out plans for its desire for various US government departments to share information, including yours and mine.
Dr Gus Hosein, a visiting fellow specialising in privacy and terrorism at the London School of Economics, is concerned about where the whole project will go next.
"They want to extend the advance passenger information system [APIS] to include data on where passengers are going and where they are staying because of concerns over plagues," he says. "For example, if bird flu breaks out, they want to know where all the foreign travellers are. The airlines hate this. It is a security nightmare. Soon the US will demand biometric information [fingerprints, retina scans etc] and they will share that around.
"But what the BA lapse shows is that companies cannot be trusted to gather this information without it getting out to criminals who would abuse it. The potential for identity theft is huge, but the number of agencies among which it will be shared is just growing and growing."
And that is where concern comes in over the UK's proposed ID cards, which may one day be needed to travel to the US. According to the Home Office, the identity cards bill currently going through Parliament allows for up to 40 pieces of personal information to be held on the proposed ID card, with digital biometric details of all of your fingerprints, both your irises and your face, all of which can be transmitted to electronic readers. The cards will contain a microchip the size of a grain of sand linked to a tiny embedded antenna that transmits all the information when contacted by an electronic reader.
This readable system, known as Radio Frequency Identification, or RFID, has recently been installed in new British passports. The Home Office says the information can be transmitted across a distance of only a couple of centimetres because the chips have no power of their own - they simply bounce back a response to a weak signal sent from passport readers at immigration points.
However, the suspicion is that the distance over which the signal can be read relates only to the weakness of the signal sent out by the readers. What if the readers sent out much stronger signals? Potentially, then, criminals with powerful readers could suck out your information as you passed by. The Government denies that this scenario is viable, but, in January, Dutch security specialists Riscure successfully read and de-encrypted information from its country's new biometric passports from a distance of about 30ft in just two hours.
"The Home Office says British passport information is encrypted, but it's a pretty basic form of encryption," says Hosein. "Everyone expects the ID cards to be equally insecure. If the government insists they won't be cracked, read or copied, they're kidding themselves and us."
BA has now closed its security loophole after being contacted by the Guardian in March, but that particular lapse is beside the point. Because of the pressure being applied to airlines by the US, breaches will happen again elsewhere as our personal data whizzes around the globe, often without our knowledge or consent.
Meanwhile, accountability remains lamentable. Several calls to the US Transportation Security Administration were not returned.
Perhaps the last word should go to Mark Broer, the man whose boarding pass stub started off this virtual paper chase. He is aged 41 and is a successful executive with a pharmaceutical recruitment company. When I told him what we had done with his boarding pass stub, he was appalled.
"I travel regularly and, because I go to the US, I submitted my personal information and passport number - it is required if you are a frequent flyer and want to check yourself in," he says. "Experienced travellers today know that they have to give up information for ease of travel and to fight terrorism. It is an exchange of information in return for convenience. But as far as I'm concerned, having that information leaked out to people who could steal my identity wasn't part of the deal."
source:http://www.guardian.co.uk/idcards/story/0,,1766266,00.html#article_continue
Social Consequences and Effects of RFID Implants?
source:http://ask.slashdot.org/article.pl?sid=06/05/04/0030212
