Thursday, June 23, 2005

The Big Brother Wants to Keep a Log on You

From The Red Geek (18 Jun. 2005), I learn that "[t]he U.S. Department of Justice is quietly shopping around the explosive idea of requiring Internet service providers to retain records of their customers' online activities" (Declan McCullagh, "Your ISP as Net Watchdog," CNET, 16 Jun. 2005).

As you expect, the pretext is "child pornography," an always convenient bogeyman: "The current proposal appears to originate with the Justice Department's Child Exploitation and Obscenity Section, which enforces federal child pornography laws. But once mandated by law, the logs likely would be mined during terrorism, copyright infringement and even routine criminal investigations" (McCullagh, 16 Jun. 2005). With such a law in the hands of the federal government, the POTUS who wants to pull a Watergate wouldn't need to have anyone break into any building!

Besides, the more data are retained, the more likely they will be stolen.
Collectively, nearly 50 million accounts have been exposed to the possibility of identity fraud since the beginning of the year, a significant increase from last year.

. . . . . . . . . . . . . . . . . . . .

A boom in data collection has created a marketplace of valuable information stored on computers in thousands of places, many with weak security. (Jonathan Krim, "Ubiquitous Technology, Bad Practices Drive Up Data Theft," Washington Post, 22 Jun. 2005, p. D1)
If anything, the government ought to be prohibiting unnecessary data retention, since it is not possible to establish computer security that no hacker can breach.

Common sense, however, doesn't come easily to the current administration. In "the year of the data breach" (Krim, 22 Jun. 2005), it embarked upon creating a massive new database:
The Defense Department began working yesterday with a private marketing firm to create a database of high school students ages 16 to 18 and all college students to help the military identify potential recruits in a time of dwindling enlistment in some branches.

The program is provoking a furor among privacy advocates. The new database will include personal information including birth dates, Social Security numbers, e-mail addresses, grade-point averages, ethnicity and what subjects the students are studying.

The data will be managed by BeNow Inc. of Wakefield, Mass., one of many marketing firms that use computers to analyze large amounts of data to target potential customers based on their personal profiles and habits.

"The purpose of the system . . . is to provide a single central facility within the Department of Defense to compile, process and distribute files of individuals who meet age and minimum school requirements for military service," according to the official notice of the program.

. . . . . . . . . . . . . . . . . . . .

[Pentagon spokeswoman Lt. Col. Ellen] Krenke said she did not know how much the contract with BeNow was worth, or whether it was bid competitively.

Officials at BeNow did not return several messages seeking comment. The company's Web site does not have a published privacy policy, nor does it list either a chief privacy officer or security officer on its executive team. (emphasis added, Jonathan Krim, "Pentagon Creating Student Database: Recruiting Tool For Military Raises Privacy Concerns," Washington Post, 23 Jun. 2005, p. A1)
The daftly-named BeNOW, Inc. is a private company that has only 50 employees and the income of just $9 million. Its history is short, too. In 2003, it had only ten clients, "four of which were added in 2002" (Eric Schmitt/Forrester Research, "Database Marketing Vender Profile: BeNOW," 18 Apr. 2003). Its specialty in 2003 was unsophisticated services for "the catalog and retail markets":
Our evaluation also reveals several concerns about BeNOW that prospective buyers should take into consideration, including its:
  • Analytical skills gap. Unlike most of its competitors, BeNOW has not built out a deep analytical organization. . . .

  • Limited resources. BeNOW's small employee base, along with the recent growth in its client roster, should give potential buyers pause. Before signing on, prospective buyers should interview account team candidates including ongoing service staff -- not just the database build specialists. Inquire about these employees' other commitments, and negotiate the mechanics of the relationship upfront.
(Schmitt/Forrester Research, 18 Apr. 2003)
Such gaps and limits, as well as the apparent lack of a chief privacy or security officer, may not deter catalog merchants from hiring BeNOW, but they sure suggest that BeNOW may not be a company to which the federal government should entrust sensitive personal data of the youth of America.

My bet is that BeNOW will follow in the footsteps of ChoicePoint, LexisNexis, CardSystems, and other databases hacked to notoriety.


Anonymous said...

We are not yet enslaved by this group of arrogant, superiority-complexed fools because of their grand incompetence. However, it is this very saving grace of incompetence that makes me not want them to have any interaction with my data or life.

I would like to know who owns the little company that they hired, how much in donations they gave or who they are related to, because with this group, graft, corruption, unethical and nepotistic behaviors are the norm. There are days when I can't decide if I am in the Third World, Communist Russia or the U.S. of A. That's sad.

By the way, geek brethren and sisteren, Bush also wants to "privatize the Internet," which is another way of saying "take away our rights to communicate this way." If we don't start organizing against what Bush wants to do, it will happen. One ex-Air Force Colonel put it well: "How are the Iraqis with no jobs, no money and very few resources, able to resist? Because they care about what is happening to their country and they have decided that they will not let it happen."

Anonymous said...

Don't be fooled by what the Pentagon and BeNow are concocting. That database isn't to target new recruits; it's to identify & target future conscripts. The only reason to keep course and GPA data is to find the best & brightest in the subjects needed for Bush's upcoming "special skills draft."

Back in WW2 British newspapers would run crossword puzzle and cryptogram-solving contests. The "winners," after receiving a small prize, were conscripted into the intelligence service.