The US authorities demand that everybody entering their country have a passport and identity documents compliant with their security standards, but when it comes to their own passports, they have a much lower security standard than they demand of other countries.
The blank passports travel to Europe where a microchip is inserted in the back cover and then onto Thailand where they are fitted with a radio antenna. The Netherlands company that makes the covers for the passport said in October that China stole the technology for the microchips, the Times said.
The Government Printing Office’s decision to export the work has proved lucrative, allowing the agency to book more than $100 million in recent profits by charging the State Department more money for blank passports than it actually costs to make them, according to interviews with federal officials and documents obtained by The Times.
I previously wrote about Bill C-27 and how it will make it an offence in Canada to recklessly make available or sell personal information knowing it will be used to commit fraud.
Google, and others, offer tools such as on-line word processing but your data is housed by that entity, usually in the USA, and is thus subject to the US Patriot Act, and other laws that allow government surveillance of your data.
In my view, using these Web-based collaborative tools amounts to Reckless Personal Information Handling.
Web-based Collaborative Tools
The Globe and Mail recently published an interesting article about this:
Patriot Act haunts Google service
by SIMON AVERY, Globe and Mail March 24, 2008
Some other organizations are banning Google’s innovative tools outright to avoid the prospect of U.S. spooks combing through their data. Security experts say many firms are only just starting to realize the risks they assume by embracing Web-based collaborative tools hosted by a U.S. company, a problem even more acute in Canada where federal privacy rules are at odds with U.S. security measures.
Nigel Stanley, at Bloor Research article entitled Ounce Labs weighs into rogue code about the dangers of outsourcing software development. The most interesting part of the article follows:
Industrial espionage, or good old fashioned spying, is as alive and well today as it has ever been. In fact, a lot of time and effort from the security agencies is tied up in dealing with this issue, and contacts have assured me it is worse now than it has ever been as developing countries try to steal a march (maybe even literally) against the developed world. Spying between developed nations is also a problem, with some larger European countries having a dreadful reputation for trying to obtain industrial secrets from so called allies. Software development is an obvious target…
The downside of this approach is that decision makers get seduced by green lights whilst their developers look for even more creative ways of inserting malicious code. No sensible person will ever declare that a product such as Ounce 5 will guarantee that your code is 100% secure…
EASY TO PLANT CAMERAS IN HOTEL ROOMS
THE recent sex DVD scandal involving former Malaysian Health Minister Datuk Seri Dr Chua Soi Lek shows how easy it is to rig a spy camera and film someone without their knowledge.
Experts tell The New Paper on Sunday that it takes anyone just 30 minutes to rig a spy cam.
It takes the professionally trained even less time…
A few weeks ago I wrote about a botched background investigation of a former FBI and CIA Intelligence Analyst who entered into a sham marriage to gain citizenship. It turns out that she had ties to Hezbollah.
Now a US Marine Captain has plead guilty of helping the potential Hezbollah operative gain citizenship in the same way she herself did. Read Hezbollah: Signs of a Sophisticated Intelligence Apparatus to see how an incompetent background investigation can have far-reaching implications.
the cases demonstrate that the FBI, CIA and Marine Corps all failed to detect this web of sham marriages when they conducted background investigations on the women in question, especially since the marriages were within the seven-year investigative window required for Prouty’s FBI clearance and Spinelli’s enlistment in the Marine Corps. A full field background investigation should have been able to determine the nature of the sham marriages, given that the women never lived with their purported husbands.”
China’s intelligence service gained access to a secret National Security Agency listening post in Hawaii through a Chinese-language translation service, according to U.S. intelligence officials.
According to officials who spoke on the condition of anonymity, China’s Ministry of State Security, the main civilian spy service, carried out the operations by setting up a Chinese translation service in Hawaii that represented itself as a U.S.-origin company.
Rapid7 announced that an attacker with a directional antenna and a laptop can eavesdrop on wireless keyboards manufactured by Microsoft, Logitech, and other vendors, capturing every keystroke from a distance of over 30 feet away. This leaves corporate networks open to illicit intrusion and data theft that will probably look like a data breach originating from within the company.
For a look at the hacker will get, go to this interesting presentation.
Would this be Reckless Personal Information Handling if this vulnerability was exploited at your company?
