Found via Slashdot.

Internet Evolution has an interview with Esther Dyson, an expert on information technology and a former chairman of the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit that coordinates the distribution of Internet domain names. She also was one of the first volunteers for the Personal Genome Project and published her genetic data on the Internet.

There are a couple interesting exchanges concerning anonymity and privacy, which are distinct concepts. First, Dyson notes her distaste for anonymity.

Internet Evolution: You’ve had a front-row seat for the commercialization, regulation, and funding of the Internet. What’s been the biggest surprise for you about how the Internet has evolved? And what’s been your biggest disappointment?

Esther Dyson: Well, surprise and disappointment are the same… There are two big things: First, I was a much bigger fan of anonymity then than I am now. I thought it was cool. And it is, but it turns out anonymity really encourages bad behavior. I’m not in favor of the government tracking everybody and so forth, [but] at least persistent pseudonyms and communities and stuff like that makes everything a nicer place.

It’s like a lot of things. I’m pro choice, but I think abortion is an unfortunate thing. I think the same thing about anonymity: Everybody should have the right to it, but it’s not something one wants to encourage. And that’s not weasel words, that’s the reality of it. Read more »

Caroline Kennedy is seeking the US Senate seat that will be vacated by Sen. Hillary Clinton, who has been nominated for Secretary of State by President-Elect Obama. This site is non-partisan, and I am mentioning this not for partisan reasons but because Ms. Kennedy is an ardent supporter of privacy rights. She has co-written two books on civil liberties with Ellen Alderman. The first was “In Our Defense,” concerning the Bill of Rights. The second was 1995′s “The Right to Privacy.” This book was a thoughtful and passionate discussion of the individual right to privacy and the encroachments upon this right. It remains relevant today, and I suggest you check out a copy from your local library.

A columnist at Computerworld discusses the privacy problems connected with surreptitious tracking of drivers by car dealerships.

There was a story on ABC’s Good Morning America on Friday about some car dealers in Oregon installing hidden GPS tracking devices in vehicles sold to individuals with poor or downright bad credit. The rationale apparently is that the devices would help the dealers quickly track down and repossess their vehicles in the event that a customer defaulted on payments. According to the report, the devices are often installed in an undisclosed location in the vehicle because the dealers don’t want customers disabling or tampering with them. [...]

The issue, though, is about disclosure. It’s one thing to install the devices and then inform customers about it, but an entirely different thing if that is done without any notice. One of the car dealers who appeared on the show said that he always informed buyers about the tracking devices and that they didn’t appear to mind when he told them the reason why the devices were there. But what about the others, who aren’t informing their customers about the tracking devices? [...]

Current GPS tracking systems allow for a remarkable degree of surveillance. Many are Internet-enabled and allow anybody to log onto the Web and in an instant see a vehicle’s current location or where it might have been in the past and when.

Security expert Bruce Schneier has a good column in the Wall Street Journal about the importance of audit trails (keeping track of who accesses what information and when) for both privacy and security.

As the first digital president, Barack Obama is learning the hard way how difficult it can be to maintain privacy in the information age. Earlier this year, his passport file was snooped by contract workers in the State Department. In October, someone at Immigration and Customs Enforcement leaked information about his aunt’s immigration status. And in November, Verizon employees peeked at his cellphone records.

What these three incidents illustrate is not that computerized databases are vulnerable to hacking – we already knew that, and anyway the perpetrators all had legitimate access to the systems they used – but how important audit is as a security measure. [...]

Most security against crime comes from audit. Of course we use locks and alarms, but we don’t wear bulletproof vests. The police provide for our safety by investigating crimes after the fact and prosecuting the guilty: that’s audit.

Audit helps ensure that people don’t abuse positions of trust. The cash register, for example, is basically an audit system. Cashiers have to handle the store’s money. To ensure they don’t skim from the till, the cash register keeps an audit trail of every transaction. The store owner can look at the register totals at the end of the day and make sure the amount of money in the register is the amount that should be there.

Read the whole column.

The Privacy Commissioner of Canada and the Information and Privacy Commissioners of Alberta and British Columbia have released new guidance urging retailers not to limit the collection of driver’s license data. In the press release accompanying the guide, the commissioners revealed that all three have received many complaints about retailers requesting driver’s licence information.

The commissioners noted that licenses are increasingly being used to prove identity, though that is not the purpose of driver’s licenses.

Over time, the driver’s licence has come to be used by many retailers as a reliable document to verify identity.  Many organizations and individuals in fact treat the driver’s licence as a universal identity card by asking to see it and by recording information from it when individuals make purchases, return items or rent equipment.  

The purpose, however, of a provincial driver’s licence is to demonstrate that a person is authorized to operate a motor vehicle – it is not a universal identity card.   Read more »

Ars Technica reports on a case in Pennsylvania concerning medical privacy. After reading posts about patients on an OB/GYN’s employee’s MySpace page, a patient has filed a complaint with the Pennsylvania Department of Health and Human Services alleging violations of the Health Insurance Portability and Accountability Act (HIPAA).

None of the posts named the women they discussed, but one of the patients who spoke anonymously with reporters said that she had recognized both herself and a friend as the targets of one item. Under HIPAA’s privacy rules—except under specific authorized circumstances—health care providers may not share medical information when “there is a reasonable basis to believe the information can be used to identify the individual.” The statute provides for civil penalties of $100 per violation in cases of “willful neglect,” and a person who “knowingly” discloses private health information can face criminal sanctions of up to $50,000 in fines or a year in prison.

I have previously written about how data from social networking sites are being used against employees, job applicants, applicants to colleges and graduate schools, and in criminal trials.