Josh (author of SANS’ excellent Wireless Ethical Hacking class) eloquently describes his encounter and privacy concerns below:

“When I started my DX for the first time, I saw an entry “Archived Items”, which was all the books I had previously purchased. When I downloaded my copy of “ZigBee Wireless Networks and Transceivers” on the DX, I was surprised to see it open on the page where I had left off on my previous Kindle.

“I’d like to find out what Amazon’s privacy policy is about this data, and what they are retaining long-term. Do they record only the last page read for each of my books, purging this information after a period of time, or is it more nefarious?”

Josh Wright is the author of SANS 617 – Wireless Ethical Hacking.

The coupon is similar to a credit card, with a serial number and expiration date printed on the front (as well as a nifty hologram that reads “Security”). It also has a magnetic stripe. Curious, I borrowed a coupon and swiped it through my trusty mag-stripe reader. The output was as follows (name/number have been changed for privacy):

%B5897320630985200^SMITH/FRANK ^0903121000000000000000798000000?
;5897320630985200=09031210000079800000?

Much to my surprise, the applicant’s name was encoded on the coupon, in addition to the serial number and expiration date.

Consumers are clearly not aware that their names are encoded on the cards. Although National Telecommunications and Information Administration (NTIA) documents refer to “identifying serial numbers,” (NTIA 2006) there is no mention of the fact that names themselves are encoded on the cards. Since the name is not printed on the face of the card itself, there’s no way for recipients to tell it is there without special card-reader equipment.

As a result, over 24 million Americans have now unknowingly submitted their names into the tracking systems of nationwide corporate retailers such as Wal-Mart and Best Buy. “There are federal privacy laws that say what the government can do with your information, but once that information is given to private industry, it’s theirs,” commented senior security consultant Jonathan Ham.

What’s more, the NTIA itself tracks the location, date and time of each purchase. Retailers are required to “provide NTIA electronically with redemption information and payment receipts related to coupons used in the purchase of converter boxes, specifically tracking each serialized coupon by number with a corresponding [certified converter box] purchase.” (NTIA retailer site.) Each week, the NTIA publishes statistics indicating the number of cards used in each zip code.

Consumers are not explicitly informed of the coupon tracking on the TV Converter Coupon Program web site or application. Buried in the NTIA’s web site is the statement that “to keep track of the number of coupons issued, used and redeemed, as well as to minimize fraud and counterfeiting, NTIA intends to place identifying serial numbers on the coupons.” (NTIA 2006)

I went to Best Buy to get a retailer’s perspective on the TV Converter Coupon Program. Like most retailers, Best Buy likes to track their customers. With cash or check, this is difficult, but with credit cards and similar systems (such as the DTV coupons), customers can be automatically added to their database.

Rob Hooper, the helpful manager on duty, explained, “[The DTV coupon] would probably have their name, a number, and they probably have to put in their phone number for us to ring out the remainder of the transaction. As soon as that number gets rung through a Best Buy retailer or a Wal-Mart retailer or anywhere else, [NTIA can] probably break it down underneath the ID of the retailer, and then also the ID of the individual who applied for that particular card number. Not only do they have demographics, they also have geographics– where each card is used.”

In other words, the government receives detailed information about precisely where and when each card is used, and each card is explicitly linked to a name. What’s more, since the names are stored on the coupon’s magnetic stripe itself, the retailer also receives and can store personal information about the consumer. The consumer may never even be aware that his or her name has been given to the retailer.

My mother, who applied for the program by phone, was shocked to learn that her name was encoded on the card and her purchases were tracked. “The government should have made me aware of the information they would be collecting about me if I used the card,” she said. “They’re taking away my freedom. If they decide they need to collect information, they should do so with the people they are collecting the information from volunteering to give it, not being forced.”

Presumably the names encoded on the coupon’s magnetic stripe can be used to prevent fraud, but in practice this has not been occurring. Even if the name on the coupon doesn’t match the consumer, retailers still accept the coupons.

“We generally don’t check IDs against the card,” said Rob. “If someone’s out there stealing digital converter box cards and they’re just hoarding boxes of those cards, that’s not on the top priority list for Best Buy’s loss prevention.”

“We haven’t really seen too much fraud whatsoever with these coupon cards,” he added. “It would be a really interesting thing to try to steal $40 converter box cards, because you’re basically getting paid off in technology that will be antiquated.”
 
Millions of Americans using the DTV converter coupons have unknowingly had their shopping habits tracked and names given to third parties such as Best Buy and Wal-Mart. What is the value of our privacy? Is watered-down “fraud protection” really worth giving away millions of American’s names to retailers? Would my mother really want her shopping habits recorded in an obscure government database, even to save $40?

“I like to shop for a product without Big Brother watching over me,” said Mom.

“I don’t know,” she frowned. “The Internet’s down. I can’t access our product catalog.” (Gah!)

Weeks later, I walked into a U-Haul to rent a truck. The computers weren’t working properly, and the manager was having trouble completing my transaction. “What happens if the computers are down?” I asked. “Can you still rent me a truck?”

“Well, I can,” he said, “But that’s because I’ve been here for fifteen years and I remember how to use the forms. That kid over there–” he gestured toward the younger employee, “He doesn’t even know the paper forms exist.”

As communication technology advances, society has shifted from a thick client to a thin client model. Until recently, Radio Shack employees maintained product knowledge in their heads and on paper that they could physically access. U-Haul staff used paper and ink to rent out their trucks. Individual stores could operate independently of the central system, at least until supplies ran out. They each had to maintain up-to-date books and forms, and train employees.

More and more, information resides on remote systems, which distributed franchises and employees access in order to conduct transactions. On the one hand, this increases efficiency. Gone are the reams of preprinted contracts and forms to be manually filled out for each transaction. Employees have less to memorize, as information and procedures are built into software systems.

On the other hand, individual locations are increasingly vulnerable to network disruptions. Many businesses today rely upon the Internet in order access central databases and conduct normal transactions. Without connection, they’re just appendages cut off from the central body. Radio Shack may have FM transmitters, and U-Haul may have trucks, but without network access they have difficulty conducting business. Many businesses do not physically have the paper and supplies to support manual transactions, let alone the knowledge of manual procedures.

Do the benefits of the thin client model outweigh the costs? That depends on your perspective. From Radio Shack’s point of view, the vast savings from cutting employee training and paper supplies probably does outweigh occasional losses due to network outages. This is especially true if they create a more stable infrastructure than their competitors. Furthermore, in the thin client model, employees require less specialized knowledge, and are therefore more mobile (and expendible).

However, as a society our economic dependance on the Internet may be premature. The Internet was not designed for security, and as noisy worms have demonstrated, it can be brought to a standstill by small groups of people or even by accident. If a widespread network outage brought businesses to a halt, Radio Shack might not lose market share compared to other businesses, but society and the individuals within it would suffer.

The vulnerability of the thin client model was strikingly illustrated back in 2002, when Beth Israel Deaconess hospital “experienced one of the worst health-care IT disasters ever. Over four days, [the] network crashed repeatedly, forcing the hospital to revert to the paper patient-records system that it had abandoned years ago. Lab reports that doctors normally had in hand within 45 minutes took as long as five hours to process.” The emergency department was forced to close down and divert patients elsewhere.¹

The disaster also helped hospital staff understand the benefits of the thin client system. One physician commented, “When I do this on computer, it checks for allergy complications and makes sure I prescribe the correct dosage and refill period. It prints out educational materials for the patient. I remember being scared. Forcing myself to write slowly and legibly…Without that dashboard of information I’d get from the computer, I had to walk up to patients I had treated before and ask basic questions like, What allergies do you have? Even if I thought I remembered, I didn’t trust my memory.”²

Will individuals become “dumb terminals”? Or will we simply evolve different kinds of processing capabilities? During the past few decades in the computer market, we’ve oscillated from thin clients to thick clients and back again. In the early days of computing, people used dumb terminals to access a mainframe, which stored and processed the data. Later, personal computers emerged, and each individual machine ran specialized applications and hardware.³ Nowadays, with the emergence of web-based business applications such as Google Apps and other client-server business processing systems, data is increasingly stored and processed on central systems once again.

Business processes will always mirror the technologies upon which they depend. As computers and business become increasingly intertwined, the efficiencies and vulnerabilities of our economy reflect those of our information technology. Humans have limited information storage capabilities, and leveraging centralized data storage systems helps us function as a group more efficiently.

How can we leverage the efficiencies of the thin client model, while still maintaining a robust and reliable infrastructure?

 
Sherri Davidoff

For others such as myself who were not aware of it, 2257 is part of the Child Protection and Obscenity Enforcement Act of 1988, which “places stringent record-keeping requirements on the producers of actual, sexually explicit materials” and requires “producers of sexually explicit material to obtain proof of age for every model they shoot, and retain those records. Federal inspectors may at any time launch inspections of these records and prosecute any infraction.” (Wikipedia) Failure to do this is punishable with up to 5 years of jail time and fines.

Now, there is a lot of fallout from this seemingly straightforward requirement. For starters, this means that producers of pornographic material are collecting and permanently storing sensitive information about their actors and actresses, including name, social security number, maiden name, all other names they’ve ever performed under, address, etc. Many people star in pornographic films under pseudonyms for a reason– ie. they value their privacy, and pornography is a sensitive topic in our society. There are many legitimate reasons that an actor might not want their art to be associated with their real name.

Furthermore, consider the current state of information security in industry. It’s a mess. Large companies at least have full-time staff to devote to the problem of securing data, but not small businesses. The creators of pornography, especially small enterprises, are not likely to have the specialized security skills necessary to properly store this information. The best defense is probably to keep it off the network entirely, but actors have little control over how producers manage their data, and no good way to verify that it’s being carefully managed. Even if companies do store their actors’ information carefully today, how can the actors be sure that that will continue to be the case for the next ten, twenty or thirty years? In the current environment, giving sensitive personal information to a company and asking them to store it forever, with no verification of their security procedures, is pretty much equivalent to making it public. Section 2257 forces actors to choose between their work and their safety of their personal information.

In 2007, the courts “ruled that the record keeping requirements were facially invalid because they imposed an overbroad burden on legitimate, constitutionally protected speech.” (Wikipedia) However, the Department of Justice requested an en banc review of that decision, which is still unscheduled. Due to this legal limbo, the law still stands.

I’m guessing that one supposed purpose of this law is to thwart child exploitation, by ensuring that all producers verify the age of their actors and maintain records that they have done so. However, requiring them to actually store detailed identification information places their actors– free American citizens and consenting adults– at undue risk of privacy breach.

The same purpose could be accomplished with far less risk by having producers record other information, such as the actor’s age and manner in which it was verified, rather than store the actual identification data itself. I think it’s unlikely that the law actually protects children at all– if a minor wants to be in a sexually explicit film, they can always get a fake ID. If they’re being forced into it, then Section 2257 is not going to stop the producers (although I suppose it could extend their jail sentences).

Actors in sexually explicit films are free citizens and consenting adults. They should have the right to perform without being forced to give detailed identification information to companies that may or may not secure it properly. At the very least, companies which store this data should be required to provide verification that the data is being properly secured. In my opinion, as consenting adults actors should have the right to perform anonymously if they so choose. Section 2257 may have been created to “protect” minors from exploitation, but in reality it is ineffective, and places many Americans at real, immediate risk of personal data loss.
 
 

Today Blake sold his first 25 baby clownfish to Sea Creatures in Revere. I knew it was going to happen, but I was still sad to see them go. He packed them up in little plastic bags, placed them carefully in a 5-gallon bucket, and then before I was ready to say goodbye they were off.

It’s funny- I know that if we hadn’t stood there in the middle of the night rescuing them with plastic cups and carefully pouring them into the nursery tank, they never would have survived to begin with. That doesn’t change the fact that I want every one of them to end up in a good home with someone who will take care of them. I suppose it’s a little like sending kids off to college– you just have to raise them as best you can, and then cross your fingers and hope for the best.

Every two weeks, like clockwork, the mating pair lays yet another nest of 200-400 eggs. Of that, perhaps 50-100 will survive. That’s still a lot of clown fish! It’s amazing to consider that all of these creatures are so deeply dependent on the attention span of a human for their survival. And yet they seem so relaxed.

Right now, Blake has nearly 400 baby clownfish in his room. At night they clump together in schooling balls of thirty or fifty. Sometimes even in the nursery, things go wrong and baby clownfish die– perhaps during metamorphasis, or right after they’re transferred into a bigger tank. Nature is far crueler than we are, though. They’re not designed to all survive. In the wild, only one out of 100,000 or so makes it to adulthood. The eggs and post-metamorphosed clownfish are immune to anenome stings, but the larvae aren’t, so after the babies are born the host anenome gets an immediate snack. A nutritious sacrifice to the host.

Now and then Blake goes down to Quantico for a Big Dog demonstration, and I get to be the illustrious clownfish babysitter. This is a pleasant opportunity to get familiar with his intricate setup. It’s pretty amazing. In his room four tanks hum, with rows of bubbling bottles and tubes next to them. It looks a lot like a mad scientist’s laboratory. As the babysitter, my job is to feed the zooplankton to the little babies, the phytoplankton to the zooplankton, and the microalgae to the phytoplankton. The medium babies get brine shrimp, which we hatch from eggs daily in bubbling bottles. The biggest babies have already been weaned onto flake food. I grind up the flake food with a mortar and pestle (like human babies, their food has to be mashed up). Last but not least, the babies all like to be read bedtime stories, usually involving robots and outer space.

It’s eye-opening to help replicate even just a few of the infinite biological processes that make up ocean life. It reminds me how complex the earth is, and how everything in nature has a place in the cycle. Birth and death are a lot like function returns, their by-products to be used by other functions in the larger program. A thousand clock cycles is nothing.

The babies, with their large, shiny eyes, think only of the moment. I suppose focusing on the present is an important survival mechanism. Memory is, after all, just another tool in our evolutionary arsenal. An unusually good memory is probably as much of a disadvantage as an unusually bad one. Given nature’s efficiency, I imagine each organism has evolved to store the data it needs to survive: no more and no less.