Tag Archive for 'Privacy'

Power User 115 - The Page File

Published
by
Richard McEachin
on July 28, 2008
in Power User Tips, Privacy, Security and The Investigator's Computer
. Comments

With Windows XP, to clear the page file on shutdown go to Control Panel->Administrative Tools-> Local Security Policy->Local Policies->Security Options->Shutdown: Clear Virtual Memory Pagefile … enable it. It is wise to enable this setting on every computer you use.

We tell people to travel with a “clean” laptop.  However, Windows creates a lot of  temporary files. The most damaging can be the Page file. Everything that went into virtual memory is there in a file on the hard drive. Of course you should also use a good file erasure programme before shutting off the laptop.

Power User 114 - File Wipers

Published
by
Richard McEachin
on July 23, 2008
in Power User Tips, Privacy, Security and The Investigator's Computer
. Comments

Even computer ‘wipers’ leave a mark

Evidence Eliminator and similar software can kill out files and perform other tasks. But their use can raise red flags in a legal dispute.

But the wiper programs don’t ensure a clean getaway. They leave behind a kind of digital calling card.

“Not only do these programs leave a trace that they were used, they each have a distinctive fingerprint,” Kessler said. “Evidence Eliminator leaves one that’s different from Window Washer, and so on.”

I recommend the use of file erasure tools, especially when crossing international borders with computers. If you use such a programme regularly you have plausible deniability if you’re accused of erasing data to keep it from the police or the courts. If you always use it, then its “fingerprint” will always be there. If the install date matches the computer’s purchase date, then they can’t say you did this to eliminate the evidence the courts or police were seeking. Also, get a receipt for the wiper programme to show when it was purchased for the same reason.

File erasure programmes are part of prudent security practices and should not be viewed as something suspicious.

Secret Laser Printer ID Codes

Published
by
Richard McEachin
on July 18, 2008
in Forgery, Privacy, Private Investigator, Report Writing and Security
. Comments

This is not a new issue. A 2004 PC World article described the technology. In February, 2008, I wrote about the EU concerns that these secret printer ID codes may break EU Privacy laws. The EFF has a list of the printers that print these secret codes used by the US government to match a document to the laser printer that produced it.

Another article about this appeared in USA Today a few days ago.

Printer dots raise privacy concerns

The dots, invisible to the naked eye, can be seen using a blue LED light and are used by authorities such as the Secret Service to investigate counterfeit bills made with laser printers…

Privacy advocates worry that the little-known technology could ensnare political dissidents, whistle-blowers or anyone who prints materials that authorities want to track.

The dots are produced only on laser devices and not ink-jet printers, which are most commonly used at home…

As an investigator, this might present an opportunity if the dot pattern is consistent enough to be matched to a particular printer or printer type without being able to decode the dots. If this were the case, then you might not need the ability to decode the dots in some instances. For example, at a company with many different types of laser printers. The process of elimination might indicate which printer(s) could have created a document.

Incompetence and Non-compliance to the Rescue

Published
by
Richard McEachin
on July 10, 2008
in Competitive Intelligence, Privacy and Private Investigator
. Comments

An interesting  study that found that 87% of data breaches are the result of incompetence and carelessness.

Another study shows that a large disconnect between the executives tasked with protecting customer data and marketing departments, which use the data for advertising purposes or share it with third parties.

a third of marketing execs said they don’t place any limits on the data they share with third parties, such as e-mail marketing agencies or online advertisers. By contrast, 75% of privacy officers believe that their companies limit the sharing of customer data.

These findings are a good reminder that asking questions will yield useful data that they shouldn’t divulge. It’s all in how you ask the question.

Tracking Internet Users - Phorm

Published
by
Richard McEachin
on April 16, 2008
in Privacy
. Comments

Fears over advert system privacy

Online advert system Phorm could make the net less secure and breaches human rights, the service’s creators have been told.

BT, Virgin and Carphone Warehouse have signed up to trial Phorm.

Phorm works by connecting a users’ web surfing habits to a series of advertising channels in order to target adverts.

Keywords in websites visited by a user are scanned and connected to advertising categories, and then matched to particular adverts.

Tracking Internet Users

Published
by
Richard McEachin
on April 15, 2008
in Privacy
. Comments

Experian to Track Internet Users

James Ashton writes on The Times Online:

Experian, the credit checking company, is braving mounting concerns over internet privacy with plans to launch a service that will track broad-band users’ activity so they can be targeted with advertising.

Through Hitwise, the web-site company it acquired for £120m a year ago, Experian has held talks with internet service providers to sell its monitoring technology.

Observers expect it to compete in part with Phorm, an AIM-listed company that has stirred controversy after being recruited by BT, TalkTalk and Virgin Media to track their 10m customers’ behaviour so they can be sent advertising messages on the websites they are looking at.

However, the key difference is that Hitwise, which describes itself as an “online competitive intelligence service” would play little part in dispatching the advertising to web pages itself, something that Phorm does through its Open Internet Exchange.

Google & Reckless Personal Information Handling

Published
by
Richard McEachin
on April 8, 2008
in Canada, Espionage, Privacy, Private Investigator and Security
. Comments

I previously wrote about Bill C-27 and how it will make it an offence in Canada to recklessly make available or sell personal information knowing it will be used to commit fraud.

Google, and others, offer tools such as on-line word processing but your data is housed by that entity, usually in the USA, and is thus subject to the US Patriot Act, and other laws that allow government surveillance of your data.

In my view, using these Web-based collaborative tools amounts to Reckless Personal Information Handling.

Web-based Collaborative Tools

The Globe and Mail recently published an interesting article about this:

Patriot Act haunts Google service

by SIMON AVERY, Globe and Mail March 24, 2008

Some other organizations are banning Google’s innovative tools outright to avoid the prospect of U.S. spooks combing through their data. Security experts say many firms are only just starting to realize the risks they assume by embracing Web-based collaborative tools hosted by a U.S. company, a problem even more acute in Canada where federal privacy rules are at odds with U.S. security measures.

Travelling with Electronic Devices

Published
by
Richard McEachin
on March 19, 2008
in Canada, Industrial Espionage, Intellectual Property Rights, Intelligence Services, Privacy, Private Investigator, Security and The Investigator's Computer
. Comments

When I travel for work, I undertake what some people consider extreme measures to protect proprietary client data from theft by officials at international borders. These officials do not need warrants to seize or examine anything in your possession when crossing a border and that makes border officials excellent spies. This issue arose recently regarding the actions of the US border officials:

In Canada, one law firm has instructed its lawyers to travel to the United States with “blank laptops” whose hard drives contain no data. “We just access our information through the Internet,” said Lou Brzezinski, a partner at Blaney McMurtry, a major Toronto law firm. That approach also holds risks, but “those are hacking risks as opposed to search risks,” he said.

Creating a “blank laptop” entails more than just hitting the delete key or even using a utility to overwrite existing data. The hacking risk is also greater than most people realize, especially with wireless connections. Even with secure end-to-end encryption, traffic analysis can yield very useful intelligence.

WikiLeaks

Published
by
Richard McEachin
on March 5, 2008
in Dirty Tricks, Methods and Privacy
. Comments

I just found this:

WikiLeaks.org is developing an uncensorable version of WikiPedia for untraceable mass document leaking and analysis.”

I’m not sure how I might use this site, but it does have some very interesting instructions on how to submit material anonymously.

Surveillance Society

Published
by
Richard McEachin
on January 1, 2008
in Privacy, Security and Surveillance
. Comments

The January 2008 issue of Popular Mechanics magazine has an excellent article titled Surveillance Society: New High-Tech Cameras Are Watching You. This article outlines some of the new video surveillance technologies and how they are used.

Problems with AskEraser

Published
by
Richard McEachin
on December 21, 2007
in Privacy and Search Engines
. Comments

In a letter to Ask.com, EPIC and several other privacy organizations have asked CEO Jim Lazone to change AskEraser, a new search tool that the company says “will offer its searchers unmatched control over their privacy.” After a study of the search product, EPIC found that Ask Eraser (1) requires an opt-out cookie, (2) creates a quasi-unique identifier, and (3) will be disabled without notice. All three attributes create substantial privacy risks for Internet users.

Apart from the cookie issues the following is quite disturbing when you read the ask.com news release describing AskEraser and the following in the EPIC letter:

Ask inserts the exact time that the user enables AskEraser and stores it in the cookie, which makes identifying the computer easier. The letter recommends using a session cookie that expires once the search result is returned.

Ask’s Frequently Asked Questions for the feature notes that there may be circumstances when Ask is required to comply with a court order and if asked to, it will retain the consumer’s search data even if AskEraser appears to be turned on. Ask does not notify searchers when the feature has been disabled and misleads them into believing their searches aren’t being tracked when they actually are, the EPIC letter said.

Anonymous Searching

Published
by
Richard McEachin
on December 20, 2007
in Privacy and Search Engines
. Comments

Ask.com Puts a Bet on Privacy

OAKLAND, Calif., Dec. 10 —Will privacy sell? Ask.com is betting it will. The fourth-largest search engine company will begin a service today called AskEraser,which allows users to make their searches more private. Ask.com and other major search engines like Google, Yahoo and Microsoft typically keep track of search terms typed by users and link them to a computer’s Internet address, and sometimes to the user. However, when AskEraser is turned on, Ask.com discards all that information, the company said.”

Reckless Vulnerability?

Published
by
Richard McEachin
on December 14, 2007
in Canada, Espionage, Identity Theft, Legislation, Privacy and Security
. Comments

Rapid7 announced that an attacker with a directional antenna and a laptop can eavesdrop on wireless keyboards manufactured by Microsoft, Logitech, and other vendors, capturing every keystroke from a distance of over 30 feet away. This leaves corporate networks open to illicit intrusion and data theft that will probably look like a data breach originating from within the company.

For a look at the hacker will get, go to this interesting presentation.

Would this be Reckless Personal Information Handling if this vulnerability was exploited at your company?

Ten Private Investigators Indicted

Published
by
Richard McEachin
on December 7, 2007
in Canada, Dirty Tricks, Ethics, Privacy and Private Investigator
. Comment

Ten private investigators were indicted on December 5, 2007,in Seattle, WA, by the U.S. Attorney’s office.

The alleged defendants collected information via pretext from the I.R.S., Social Security Administration, various State Unemployment Insurance Departments, private financial institutions, banks, pharmacies and hospitals. The alleged defendants fraudulently posed as the individuals about who information was sought.

If this is true, they broke Rule #1.

Washington State requires a Private Investigator to be licensed. However, it seems that BNT Investigations and the three named individuals in Washington state might not have state-issued Private Investigator’s licences. I don’t know the licence status of the others.

This type of behaviour is not new. In Canada, this issue was, in part, dealt with during the Royal Commission of Inquiry into the Confidentiality of Health Records in Ontario, Canada, by Mr. Justice Horace Krever.

The Royal Commission heard from over 500 witnesses, including private investigation firms, insurance companies, hospitals, and others. During 1976 and 1977, the Royal Commission found evidence of hundreds of successful efforts to acquire health information from Ontario hospitals and doctors under pretext.

The Insurance Bureau of Canada admitted to the Royal Commission that its members had gathered medical information through “various sources” without the authorization of the patients.

Several investigation companies went out of business due to the Royal Commission exposing their activities.

Where there are clients willing to pay for this improper and unprofessional behaviour, there will be providers of such services.



							
 

		
 

	
		
		

			

				
Privacy & Stupidity


				

					Published 
by 
Richard McEachin
 
on November 8, 2007
 
in Canada, Courts, Legislation and Privacy
.
					Comments
					
									
 
			
 

			

				
The CRA vs. Canadian men

by Karen Selick, National Post Published: Wednesday, November 07, 2007


A wonderful article about the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Privacy Act and the infinite stupidity of the bureaucrats enforcing acts written by inept people who do not understand or care about the consequences of the laws they create.


							
 

		
 

		
		
	


			
	

			
« Older Entries