CASPIAN NEWSLETTER, 2/18/05 Another Win for Privacy!
=====================================================================
Consumer privacy and RFID newsletter
Edited by Sunni Maravillosa and Katherine Albrecht
NEWS:
1- Another win: No spychips for California school kids!
2- Massive Data Breach at ChoicePoint
3- Casual Male improves customer service without RFID
4- Businesses implementing RFID could face legal battles
5- Share your fingerprint with the retail world
6- Spychips hidden in British university IDs
7- Berkeley: Haven for Birkenstocks, books, and ... RFID?
8- Automatic identification rogue's gallery
9- K-Mart's demise hurts retail diversity
10- World Cup in Germany to feature privacy invasions
11- Tesco talks up "belief" in RFID
CASPIAN ACTIVISTS UPDATE
1- CASPIAN in the news
2- CASPIAN members sound off
3- Tools you can use
=====================================================================
ANOTHER WIN: NO SPYCHIPS FOR CALIFORNIA SCHOOL KIDS!
=====================================================================
Hooray! Your calls and letters added to the heat in Sutter, California,
where the Brittan Elementary school principal and superintendent had
mandated that students be tracked with RFID tags worn around their
necks. Now those kids are spychip-free, thanks to the efforts of
freedom-loving citizens, committed civil libertarians, and brave kids
and parents who just said, "No!"
For the last two weeks, national attention has focused on a small town,
Big-Brother school, and its ill-conceived plan to track kids through
spychipped security badges. Bad publicity, parent protests, the
involvement of civil liberties organizations, threatened lawsuits, and a
torrent of negative phone calls and email finally caused InCom, the
company behind the technology, to call the whole thing off.
Thanks for your help in killing this awful program!
Resources:
Read the letter sent to the board of trustees by ACLU, EPIC, and EFF:
http://www.eff.org/Privacy/Surveillance/RFID/schools/ACLU_EFF_EPIC_letter.pdf
Over 80 stories listed in Google news today:
http://news.google.com/news?hl=en&ned=us&q=sutter+rfid&btnG=Search+News
=====================================================================
MASSIVE DATA BREACH AT CHOICEPOINT
=====================================================================
Breaking news from the Washington Post:
"One of the nation's biggest information services has begun warning more
than 100,000 people across the country they may be targets of fraud,
following disclosures the company inadvertently sold personal and
financial records to fraud artists apparently involved in a massive
identity theft scheme.
ChoicePoint Inc. electronically delivered thousands of reports
containing names, addresses, Social Security numbers, financial
information and other details to people in the Los Angeles area posing
as officials in legitimate debt collection, insurance and check-cashing
businesses.
At least 700 victims have had their mailing addresses changed,
apparently by people connected to the scheme, authorities said. Identity
thieves often change the addresses of victims in order to gain control
of credit card offers and other mail. No one knows the extent of the
fraud or the financial impact, authorities said...
Critics said retailers, credit issuers, information services and other
companies have not done enough to protect the extraordinary caches of
personal data collected over the past decade...."
The Washington Post, 2/17/05
Reprinted at BizReport
http://www.bizreport.com/news/8688/
=====================================================================
CASUAL MALE IMPROVES CUSTOMER SERVICE WITHOUT RFID
=====================================================================
Thumbs up to Casual Male for overhauling its supply chain and improving
customer service the right way. The clothing retailer recently updated
its inventory management system and now guarantees delivery of an item
within five days if it isn't available in the store -- or the item is
free.
The best part of the story is that Casual Male accomplished its supply
chain overhaul without applying a single RFID tag to its clothing or
shipping containers. We hope their success encourages other retailers to
implement similar solutions to their inventory issues.
Source: RFID Insights, 2/7/05
http://www.rfidinsights.com/showArticle.jhtml?articleId=59301319
=====================================================================
BUSINESSES IMPLEMENTING RFID COULD FACE LEGAL BATTLES
=====================================================================
Businesses adopting RFID have more to worry about than consumer
backlash, say legal experts. They could find themselves engaged in
expensive court battles if they violate laws governing individual
privacy rights.
At present, it is unclear exactly where RFID chips and readers fall
under existing national, state and jurisdictional laws. For example, is
RFID a type of "electronic communication" covered by the U.S. federal
Wiretap Act? This is just one of the many complex legal questions that
may soon plague the industry as companies inch the technology closer and
closer to consumers.
Until these issues are resolved, lawyers caution adopters to tread
carefully. As Toronto attorney Javad Heydary points out in a recent
column, "Any organization contemplating the use of RFID should start by
ensuring that it is aware of its privacy obligations under different
laws before it starts accumulating data that can come back to haunt it
later."
Sources:
RFID Journal, 2/14/05
http://www.rfidjournal.com/article/articleview/1401/1/128
E Commerce Times, 2/3/05
http://www.ecommercetimes.com/story/40203.html
=====================================================================
SHARE YOUR FINGERPRINT WITH THE RETAIL WORLD
=====================================================================
Lowes Foods, a regional grocery chain, has announced that it's
test-marketing a biometric payment system in its North Carolina stores.
The company's news release states, "There is no cost for customers to
enroll or use the program," as if giving an ID, fingerprint scans,
checking account information, and "loyalty card and age information"
isn't a cost to individuals who value privacy. The report also casually
drops in a mention that once a person is enrolled, his or her data are
shared with all retailers in the BioPay system.
Source: Progressive Grocer, 2/8/05
http://www.progressivegrocer.com/progressivegrocer/headlines/article_display.jsp?vnu_content_id=1000790393
Voice your concerns to Lowes:
lfscustomercare@lowesfoods.com
Phone 336-659-0180; or 800-311-2117 (note that calling 800 numbers
reveals your identity to the company)
Fax 336-768-4702
=====================================================================
SPYCHIPS HIDDEN IN BRITISH UNIVERSITY ID'S
=====================================================================
Oops! Someone forgot to tell students at the UK's University of Warwick
about the RFID spychips in their university ID cards. The cards, which
also serve as library cards, are reportedly beaming out identity
information about students without their knowledge or consent as they
pass reader devices at the library and other campus locations.
Because it's shockingly easy to hide an RFID tag in a plastic card,
people need to remain vigilant even in countries like Great Britain
where there are strict privacy laws. The EU's 2002 "E-Privacy Directive"
outlaws the processing of "location data" (RFID data included) without
"the consent of the individual." We'd love to see the lawsuits that
arise out of this one!
Source:
Warwick Boar, 1/25/05
http://www.warwickboar.co.uk/boar/news/library_id_cards/
=====================================================================
BERKELEY: HAVEN FOR BIRKENSTOCKS, BOOKS, AND . . . RFID?
=====================================================================
In California, the Berkeley Public Library system plans to lay off more
than a dozen workers, while dropping a cool $650,000 to place RFID chips
in over half a million books. Berkeley residents and library employees
have a hard time understanding how RFID will "increase patron privacy,"
since the company doing the chipping is none other than the notorious
Checkpoint Systems, the company recently caught hiding RFID tags in
Calvin Klein and other clothing labels, then trying to cover it up after
the fact.
In response to growing concerns about the use of RFID, The American
Library Association (ALA) has published a resolution on RFID chip usage
and patron privacy. While we're glad the ALA plans to monitor "the
potential misuse of RFID technology to collect information on library
users' reading habits and other activities without their consent or
knowledge," we have a better idea: libraries should steer clear of this
dangerous technology in the first place.
Sources:
Berkeley Daily Planet, 2/15/05
http://www.berkeleydaily.org/text/article.cfm?issue=02-15-05&storyID=20728
Alameda Times-Star, 2/8/05
http://www.insidebayarea.com/ci_2558852
ALA web site
http://www.ala.org/Template.cfm?Section=ifresolutions&Template=/ContentManagement/ContentDisplay.cfm&ContentID=85331
=====================================================================
AUTOMATIC IDENTIFICATION ROGUE'S GALLERY
=====================================================================
ID World, an annual gathering of "the ID revolution community," boasts a
page on its website featuring "visionaries and pioneers in the field of
automatic identification." We thought you'd like to see who's behind
much of the technology that is so profoundly changing our world.
Source: ID World
http://www.idworldonline.com/modules.php?op=modload&name=News&file=article&sid=128
=====================================================================
K-MART'S DEMISE HURTS RETAIL DIVERSITY
=====================================================================
We are sorry to see privacy-friendly K-Mart go. Sears has announced its
plans for K-Mart stores after their merger: they'll be re-branded "Sears
Essentials," and will feature some of Sears' more popular lines while
keeping the K-Mart focus on daily necessities. Unlike K-Mart, Sears
won't let you get past the checkout these days without pestering you to
give your phone number or register your purchases in a club. We wish the
outcome of this merger were more K-Mart and less Sears.
Recent mega-corporate mergers, including the P&G/Gillette and
Verizon/MCI deals, spell bad news for consumers who value privacy. As
retail diversity dwindles, leaving us all with fewer and fewer shopping
options, it becomes even more important to speak out about what matters
to you. If you want to keep your local no-cards, no-chips stores and
products, you need to reward them -- both in words and with your
shopping dollars.
Source: Seattle Times, 2/9/05
http://seattletimes.nwsource.com/html/businesstechnology/2002174710_sears09.html
=====================================================================
WORLD CUP IN GERMANY TO FEATURE PRIVACY INVASIONS
=====================================================================
>From our German friends FoeBuD comes word of disturbing plans by German
authorities to turn the 2006 World Cup into a mega-surveillance
snoopfest. Application forms for tickets to the football (Americans,
read "soccer") world championship require fans to give up an amazing
amount of sensitive information, including passport number, nationality,
financial information, and birth date. Information is also required for
all others receiving tickets, even if they're not the purchasers.
"Sifting out notorious trouble makers" is the excuse for this
astonishing information grab.
Those fans "lucky" enough to get tickets will be in for another privacy
shocker: They will have "personalized" RFID-chipped tickets that enable
authorities and others to track their movements during the event.
The use of RFID chips to monitor sporting events isn't limited to
Germany. The SuperFest held in Florida in conjunction with this year's
Super Bowl relied on RFID-chipped wrist bands for age verification and
cashless payment.
Sources:
FoeBuD/StopRFID
http://stoprfid.foebud.org/en/news/news22.html
The Register, 2/8/05
http://www.theregister.co.uk/2005/02/08/world_cup_2006_big_brother_charges/
Jacksonville Business Journal, 1/26/05
http://jacksonville.bizjournals.com/jacksonville/stories/2005/01/24/daily26.html?jst=b_ln_hl
=====================================================================
TESCO TALKS UP "BELIEF" IN RFID
=====================================================================
What does a company do when faced with a consumer backlash over an
unpopular technology that gives marginal results? Apparently, if they've
invested millions and staked their careers on it, they talk it up so
they're not left holding the bag.
With news of the Tesco boycott hitting the first page of the company's
Google results, Tesco exec Colin Cobain has apparently decided it's time
to call on his industry cronies to "believe" in RFID. In a recent
interview, he said the toughest part of pushing RFID is "getting people
to believe. Because until they believe this is going to be the future,
they are not going to do the right thing."
Deploying dangerous technology that puts your customers at risk is not
the right to do, Mr. Cobain. Shame on you.
Sources:
North Jersey.com, 2/8/05
http://www.northjersey.com/page.php?qstr=eXJpcnk3ZjczN2Y3dnFlZUVFeXkyOSZmZ2JlbDdmN3ZxZWVFRXl5NjY0ODY1NyZ5cmlyeTdmNzE3Zjd2cWVlRUV5eTI=
Tech World, 2/7/05
http://www.techworld.com/mobility/features/index.cfm?featureid=1178
=====================================================================
CASPIAN ACTIVITIES
=====================================================================
Katherine Albrecht, CASPIAN founder, was a featured keynote speaker at
the 6th annual Security & Privacy Conference in Victoria, BC, Canada
last week. Katherine's address, delivered to a crowd of over 800 privacy
and security professionals, has brought many new members and newsletter
subscribers to CASPIAN. A warm welcome to all!
http://www.rebootcanada.com/privacy2005/
=====================================================================
CASPIAN MEMBERS SOUND OFF
=====================================================================
"I was on your website a few minutes ago, and had just joined your group
of protestors when I received an email [with an invitation to
participate in a printer survey that would automatically download
printer usage data through the Internet] Now Canon can collect data from
my printer? I love my Canon products, but the company needs to stay out
of my computer." - Barbara, Florida
-----
"Katherine Albrecht's presentation in Victoria BC on RFID chips and
their threat to our privacy was a chilling eye-opener for me. I have
already begun to spread the word within my own sphere of influence. I
believe our only hope is that many others will do the same. Hearty kudos
to CASPIAN for leading this fight." - Tony, Victoria, BC, Canada
-----
"I never, unless forced by emergency, shop at a 'club-card' store. Who
do they think they are fooling? We consumers are not stupid, you know!"
- Anonymous
-----
"Glad to see a site like this out there. The American public needs to be
more aware of what's going on." - Anonymous, Maine
-----
"I only shop at Publix, where no card is required, therefore there is no
discriminatory pricing. .... I am extremely concerned that data on my
purchases is tracked anyway, however, through my debit card. Visa is now
my Big Brother?" - Anonymous, Florida
-----
"I am disgusted at Tesco's breach of my personal privacy rights. As a
protest against Tesco's actions and apparent total disregard for the
personal privacy rights of its customers, I will be cancelling my Tesco
Clubcard Plus account and will no longer shop at Tesco." - Anonymous
=====================================================================
TOOLS YOU CAN USE
=====================================================================
Need evidence that data collection is out of control? Next time someone
says, "Oh, come on, nobody cares that much about your life," pull out a
copy of the new book by Washington Post journalist Robert O'Harrow,
titled "No Place to Hide: Behind the Scenes of Our Emerging Surveillance
Society."
This groundbreaking book provides incontrovertible evidence that
corporations really ARE spying on you, with a degree of intensity that
will leave you speechless --- and mad. Even we learned a thing or two.
How to get the book?
Support your local, independent bookseller, and preserve your privacy,
too, by buying the book with cash at a bookstore near your home. Click
here to find a store near you:
http://www.booksense.com/product/info.jsp?isbn=0743254805
Or, you can buy the book online, in PDF format:
http://usa1.ebooks.com/ebooks/book_display.asp?IID=219163
O'Harrow's book was featured in a recent Peter Jennings television
special:
http://abcnews.go.com/Technology/Primetime/story?id=429308&page=1
as well as a Fresh Air interview on NPR:
http://www.npr.org/templates/story/story.php?storyId=4482727
-----
Robert Smith's Privacy Journal web site is an excellent resource for a
wide variety of privacy information. It's easy to read and offers
realistic and practical advice. From the site you can also subscribe to
Privacy Journal and order Smith's books. Drop by and benefit from
Smith's expertise.
http://www.privacyjournal.net/
-----
Bruce Schneier's web site is a good place to go for security-related
information. His books and essays are available, and his "Schneier on
Security" web log is regularly updated with news, ideas, and other sound
information, and you can subscribe to his Crypto-Gram email newsletter.
An impressive resource.
http://www.schneier.com/
-----
NOTE: CASPIAN makes no money from the sale of any of these materials,
and is not paid to mention them.
=====================================================================
CASPIAN: Consumers Against Supermarket Privacy Invasion and Numbering
Opposing supermarket "loyalty" cards and other retail surveillance
schemes since 1999.
http://www.spychips.com/
http://www.nocards.org/
You're welcome to duplicate and distribute this message to others who
may find it of interest.