AT THE STORE

 < Day Day Up > 

Don't Get Cashiered

The Annoyance:

At my local electronics boutique the cashier always asks me for my home zip code or phone number. Should I give it? What happens to this information?

The Fix:

These may seem like innocent questions, but this data and, really, any personal information that isn't related to payment is none of the store's business. In California it's illegal for cashiers to ask for personal information when you pay by check or credit card, but most states aren't that strict. About half the states have some laws regarding retail privacy, but most regulate whether a merchant can demand to see your credit card when you write a check, or if they can record your phone number or address when paying with plastic. The answer in most cases is usually no. (For a state-by-state guide to retail privacy laws, see the Privacy Rights Clearinghouse fact sheet at http://www.privacyrights.org/fs/fs15plus.htm).

Some businesses ask for your Zip code to help them determine where to build new stores if a large percentage of customers drive 20 miles to shop there, that area could be a good candidate for expansion. The phone number question is more insidious. A phone number is a unique identifier that can be used to create a profile of you and everything you buy from a particular store, even if you always pay in cash. This profile in turn can be used for a whole host of purposes, most of them not for your benefit (see "Your Shopping Cart, Yourself"). Fortunately this is one of those privacy traps that are easy to avoid, says Larry Ponemon, CEO of the Ponemon Institute (http://www.ponemon.org), which advises corporations on ethical ways to manage personal information.

"When the guy at the register at Radio Shack asks you for personal information like your phone number, stop and ask why they're asking for it," says Ponemon. "Do they really need to create a record of me just because I'm buying a battery? If it's not really essential for the transaction, don't give it."

Meanwhile, if you frequent an establishment that still prints your entire card number, ask them if they're aware of FACTA, and when they're planning to buy a machine that will substitute X's for all but the last four or five digits. And be sure to take any receipts you're planning to throw away and run them through a paper shredder before some lucky dumpster diver emerges with your number in hand.

TEN ESSENTIAL PRIVACY WEB SITES

These 10 sites give you a crash course in 21st century privacy issues. Most are also nonprofit volunteer organizations that could use your financial support (assuming you have any money left over after buying copies of this book for all your loved ones, of course). All are worthy of a bookmark in your browser.

Center for Democracy & Technology (http://www.cdt.org). An advocacy group for hot-button digital issues, the CDT serves up the latest news about privacy issues, as well as a quick guide to Federal legislation, including all bills that are pending, passed, or passed over.

Consumer Privacy Guide (http://www.consumerprivacyguide.org). Sponsored by Common Cause, the Center for Democracy and Technology, the Privacy Rights Clearinghouse, and others, the Guide is an eminently practical (if brief) how-to manual on protecting your privacy online and off.

Electronic Privacy Information Center(http://www.epic.org). These Washington, DC-based wonks fight for your privacy rights on Capitol Hill. EPIC's site is a great source of information; it also links to software you can use to surf the Web, send email, and chat anonymously.

Electronic Frontier Foundation (http://www.eff.org). A kind of ACLU for geeks, the Electronic Frontier Foundation has been defending consumers' cyber rights since 1990. The EFF site provides in-depth information on cases involving topics such as censorship, Federal surveillance, file swapping, and RFID tags, among others.

FirstGov for Consumers(http://www.consumer.gov). The friendly face of your Federal government on the Web, FirstGov tells you how to sign up for the FTC's Do Not Call registry, report cyberfraud to the FBI's Consumer Sentinel, or handle issues from children's privacy to Identity Theft. You can also easily look up the Web sites of hundreds of government agencies.

Health Privacy Project (http://www.healthprivacy.org). The HPP gives you the scoop on state and Federal laws that protect your medical privacy (or don't, as is more often the case). The site provides an easy-to-understand guide to the intricacies of the Health Insurance Portability and Accountability Act (HIPAA).

Junkbusters(http://www.junkbusters.com). Are you sick to death of spammers, telemarketers, junk mail, junk faxes, and the like? So was Dr. Jason Catlett, who created Junkbusters to help consumers combat these vermin. You'll find scads of practical tips, "buzz-off" letters you can send to marketers, and much more.

Privacy International (http://www.privacyinternational.org). This London-based group provides a global perspective on privacy issues. It's especially handy for travelers, offering data organized by country and updates on the use of national ID cards and biometric passports.

Privacy Journal (http://www.privacyjournal.net). Meet Robert Ellis Smith, who's been writing about the history, philosophy, and future of privacy for 30 years. His site contains excerpts from his monthly newsletter ($125 per year) as well as tips on how individuals and organizations can protect themselves.

Privacy Rights Clearinghouse (http://www.privacyrights.org). The San Diego nonprofit provides a series of detailed yet clearly written fact sheets on topics like credit bureaus, background checks, medical privacy, and much more. It's especially good at explaining privacy protection laws in the Golden State. The PRC urges consumers with privacy questions to contact them at http://www.privacyrights.org/inquiryform.html.


Your Loyalty Is Not Rewarded

The Annoyance:

I've been shopping at the same supermarket for years, using the same discount card. (So far I've saved nearly $87). Do they now have a record of everything I've purchased over that time?

The Fix:

They sure do. Supermarket "loyalty" cards are the black holes of retail privacy, sucking in everything in their path. Yet according to a November 2003 survey by ACNielsen Homescan, 81 percent of shoppers now carry one, up from 35 percent in 1997. But the cost of loyalty programs can far outstrip the 29 cents you save on a box of Ho Ho's. Every time you use that card, the store and the data mining companies that manage loyalty programs for many different stores is adding to a minutely detailed profile of you and your shopping history that can be sold to marketers, subpoenaed by attorneys, and shared with law enforcement agencies. (For real-world examples of how this data has been used and abused, see "Your Shopping Cart, Yourself.")

"Since 1990, when the first shopping cards appeared, the cash register has morphed from a quaint adding machine with a cash drawer into a powerful computer hooked to the Internet and able to transmit massive amounts of data," says Katherine Albrecht, director of Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN) at http://www.nocards.org. However, she says, there are a few practical things you can do to avoid the wholesale harvesting of your shopping history:

  • Shop at stores that don't use loyalty card programs, such as Publix Super Markets, Stater Brothers, and Trader Joe's. Mom and pop grocers, and Hispanic or Asian food stores are also a good bet, says Albrecht. Not only will the store not be profiling you, but you may end up actually saving money. Those well-advertised 'loyalty reward' discounts are usually offset by higher prices elsewhere.

  • If you can't find a store nearby without a loyalty card program, get a card and fill it out with bogus personal information (I use the name Krusty T. Clown, myself). Then always pay in cash. If you use a bogus card but pay with credit or a check, your genuine identity will replace the fake one and be tied to all previous purchases made with that card. And if they ask for your phone number, don't slip up and tell them, or they can use it to identify you.

  • When paying with cash is inconvenient or simply impossible, Albrecht suggests you carry a second loyalty card you can use when purchasing by check or credit card. This will limit the recorded history of your purchases. Mark the card "check/credit" so you know when to use it. Every six months or so toss that card and apply for a new one, to limit the amount of data in your profile.

  • If a store requires you to provide some form of ID such as your driver's license or Social Security Number when applying for a card, don't do it. (In California, it's illegal for stores to ask for this information.) Take your business somewhere else.

Inconvenient? You bet. That's why most people just go ahead and use their cards, despite runaway data harvesting. But if this data comes back to bite you, don't say we didn't warn you.

Checked your receipts lately? If you pay by credit or ATM card, many retail outlets and restaurants still print your entire card number and expiration date on the slip. That's not only a written invitation for identity thieves, it may also be in violation of the Fair and Accurate Credit Transactions Act.

Under FACTA, businesses must truncate the expiration date and all but the last five numbers, or face fines of $5,000 to $50,000 per violation. But there's a catch: depending on when the payment machine was placed in service, businesses may have up until July 2008 to comply. Your state may also have laws limiting the use of account numbers on receipts (for a guide to state truncation laws, see http://www.merchantequip.com/truncation.php).


YOUR SHOPPING CART, YOURSELF

So you go to the local super mart, use your frequent shopper card, and get a few discounts in return no big deal, right? Well, maybe not. There's a lot more going on with that card than you've probably imagined.

The Ponemon Institute's Privacy Trust Surveys gauges public attitudes towards airlines, banks, grocery stores, and pharmaceutical companies. The industry that gets the lowest marks from consumers? Grocery stores, says CEO Larry Ponemon. Small surprise. Consider how your shopping data can be used and abused:

  • Criminal investigations.In August 2004, Washington state firefighter Philip Scott Lyons was charged with attempted arson after police examined his Safeway Club Card records, which indicated he'd purchased the same type of firestarter that was used to ignite the blaze. Five months later, someone else confessed to starting the fire.

  • Civil suits.In 1995, 62-year-old tow-truck driver Robert Rivera slipped and fell in a Vons supermarket, shattered his kneecap, and sued the chain. Rivera claims Vons' attorneys threatened to use his shopping history specifically his purchases of alcohol against him in court. Vons denies this, but the case has become a poster child for the potential use of shopping records in civil suits. (The case was later dismissed for other reasons.)

  • Racial profiling. Florida-based Catalina Marketing Corp. (http://www.catalinamarketing.com) handles loyalty card programs for some 21,000 grocery stores and boasts a database of more than 100 million households. In 2003 Catalina announced that, through careful analysis of shopping data, it had identified 6.4 million Hispanic households in the U.S. (Catalina spokesperson Rachel Keener says the firm used a third party company to merge the shopping histories with shoppers' identities, and that the company has recently gotten out of the direct marketing business.) Catalina's client used the data to send mailers to 150,000 Hispanic shoppers in Southern California. Conceivably, the Feds could use the same techniques to identify every Arabic household, or every gay one, and so on. The possibilities are virtually endless and ominous.

  • Pharmaceutical profiling. Under HIPPA, your prescription drug purchases are supposed to be confidential. But if you get your prescriptions filled at your supermarket's in-store pharmacy and pay for them at the checkout stand (not at the pharmacy counter) that information could find its way into your loyalty card profile. (Pharmacies even in a grocery store are covered by HIPPA, but grocery stores per se, aren't.) Ponemon says a leading baked goods company analyzed shopping data and found a strong correlation between customers who favored a particular type of chocolate cookie and those who were taking anti-depressants. (You can imagine the marketing slogan: "If you like Zoloft, you'll love our new Double Fudge Oreos.")

  • Federal surveillance. In the weeks following the 9/11 attacks, Ponemon says at least one major supermarket chain voluntarily gave up its entire database of customers to the FBI. (Ponemon knows this because an attorney for the supermarket chain consulted with him before doing it though the store ultimately ignored his advice that they notify customers.) The supermarket handed over the data because it believed some of the 9/11 hijackers had loyalty cards at one of its stores, and thought the Feds could use this data to create a "shopping profile" of a terrorist. Under the Patriot Act, law enforcement agencies can also demand business records (such as shopping histories) regarding anyone it deems relevant to an investigation. (For more on the Patriot Act, see "...Except When the Feds Step In.")

The next time you pick up a product that costs 20 cents less for loyalty card holders, think about what that discount might cost you in the long run.


My Soft Drink Is Spying on Me!

The Annoyance:

I've read that some stores (such as Wal-Mart) are implanting tiny little radios in every product so they can track who's buying what and where it goes. Is this true? How can I stop my Twinkies from tattling on me?

The Fix:

It may be too late. In the next few years, we're likely to see more and more products with embedded Radio Frequency Identification (RFID) chips. When read by a scanner the chips emit a unique ID number, which can be matched to records in a database to, say, identify the name and price of the item at a cash register. Starting in 2005, Wal-Mart will require all of its suppliers to embed radio chips in shipping pallets, so it can track products from the manufacturer to each store's warehouse. Wal-Mart believes RFID will save the company millions of dollars by preventing theft, lost inventory, and other supply chain snafus.

But the real controversy comes when RFID chips become so cheap that they are used to identify each individual product. That RFID scanner at the cash register could not only record that you just bought a can of Coke, but that you bought can #27654 from Wal-Mart store #437. RFID scanners are expected to replace cash registers; you'll be able to walk out with that can of Coke in your purse and the store will deduct the cost from your bank account (see Figure 5-1). That also means the store would have a detailed record of all your purchases, even if you never signed up for a loyalty card. And if can #27654 turns up at a crime scene or the pied-a-terre of someone who's not your spouse, that information could prove quite interesting to law enforcement or a divorce attorney.

Mark Roberti, editor of RFID Journal (http://www.rfidjournal.com), says the potential benefits of RFID tagging far outweigh the dangers. For example, Roberti notes that millions of people already have RFID chips embedded in the plastic housing on their car keys; this helps prevent auto theft by allowing a scanner inside the car's steering column to identify and reject counterfeit keys. RFID chips encased inside tires may be used to notify car owners in case of a product recall before the tires blow out and cause you to flip your SUV. Chips placed in meat packaging can be used to find out what animal your filet mignon came from, which could prove comforting when there's another outbreak of Mad Cow disease. They can also prevent the use of counterfeit products in things like pharmaceuticals or commercial aircraft, as well as a host of other benign applications. And RFID tags can be disabled as you leave the store, if the retailer chooses to do so, which could prevent them from tracking what you do with stuff after you bring it home.

But privacy advocates like CASPIAN's Katherine Albrecht see a world in which our very possessions spy on us (what the wags at the MIT Media Lab have dubbed "things that fink"). So the same chips that identify unsafe tires can be used to monitor the movements of your car, clock your speed, and issue you a ticket. The chips that ensure your prescription medicine is the real deal may also help create a pharmaceutical profile of you useful for marketers, law enforcement, or civil attorneys. (For more scary uses of the technology, see "All RFID, All the Time.") That's why organizations such as the ACLU, the Privacy Rights Clearinghouse, and the Electronic Frontier Foundation have called for a moratorium on tagging individual products until the privacy issues can be hammered out (see http://www.privacyrights.org/ar/RFIDposition.htm).

Given the long history of companies and government agencies gathering data for one purpose (e.g., consumer safety) and using it for another (e.g., product marketing, personal profiling) consumers have reasons to worry. The best thing you can do is get informed and get active, before the chips become an inescapable part of modern life. Contact companies involved in RFID research and ask them how they plan to use the chips. (You'll find a list of more than 100 firms testing the technology at http://www.spychips.com/rfid_sponsors.html). For more information on the movement to halt RFID deployment, visit Albrecht's site at http://www.spychips.com. And if you want to hear what some of the pro-RFID crowd has to say, visit the Information Technology Association of America's RFID page at http://www.itaa.organd search for "RFID."

ALL RFID, ALL THE TIME

Radio Frequency Identification (RFID) chips may not have had much of an impact on your life yet, but just wait. This technology can be used in a seemingly infinite number of ways, many of which will cost you some privacy. For example, RFID tags can follow a product from production to destruction, as shown in Figure 5-1. Here are some of the most common and creepiest ways RFID is and will be used.

  • Packaging. Originally developed for tracking inventory, RFID chips in product packaging could eventually replace cash registers. Walk out of the store with your goods and the system automatically deducts their cost from your bank account. (And, like a loyalty card, keeps a detailed record of everything you buy.) Don't even think about shoplifting.

  • IDs. The U.S. State Department had planned to include RFID chips in new U.S. passports, until privacy advocates raised a storm of protest over the chips' lack of security. But that's just the beginning. Radio chips are already being used in security badges, student IDs, driver's licenses, transit passes virtually any type of item used to identify you. Scanners can be set to read the chips at a distance, so you won't even need to take the card out of your pocket. The phrase "Can I see some ID, please" (as well as "no, you may not") could become a thing of the past.

  • Money. The European Central Bank is working to embed radio chips in banknotes by 2005, according to Katherine Albrecht. If other banks follow suit, you can kiss "anonymous" cash transactions goodbye.

  • Cars. Automated toll payment systems use the chips to allow cars to pass through booths without stopping. Michelin is testing radio chips in tires, while a UK firm is building RFID into license plates that can be read at a distance of 300 feet. Such chips could broadcast the vehicle identification number to a roadside scanner as you zoom by at 60 mph. By strategically placing scanners at key locations, it's possible to create an instant record of everywhere you've driven, how long you stayed in each place, and even how fast you were going.

  • Appliances.Run out of Ben & Jerry's Chunky Monkey again? So-called "smart" refrigerators could scan for the container's radio chip and, when it can't find one, place an order for a pint at your local grocery. (Of course, it may also send a note to your HMO telling it you've gone off that low-fat diet your doctor prescribed). Your TV set could scan the products in your house so it knows what kind of commercials to send you. Your medicine cabinet could know what meds you're taking and how often. These and other goofy ideas are now being studied by such mainstream companies as Proctor & Gamble and Pfizer.

  • Weapons. VeriChip, a subsidiary of Applied Digital Solutions in Palm Beach, Florida, is exploring the use of RFID in so-called "smart guns," which would prevent weapons from being fired by anyone but their registered owners. Of course, that would also require the gun owner to have a radio chip implanted in his or her body (see "I've Got You Under My Skin").

  • Books. Chips are being embedded in books by libraries and book publishers. Of course, O'Reilly would never do that. (By the way, we noticed you skipped Chapter 1. You should go back and read it, it's really quite interesting.)

  • Your Body.Subcutaneous chips have already been implanted in hospital patients (to match them to their medical records), government employees (to allow access to restricted areas), and night clubbers in Barcelona (to serve as a payment system for the quasi-clothed). The possibilities are endless and terrifying. But all of these uses have been voluntary...so far.


annoyances 5-1. Want to see how RFID works? Visit HowStuffWorks.com and get the skinny.


My Identity Has Been Swiped!

The Annoyance:

Every time I go to my favorite bar, they run my driver's license through a barcode scanner to verify my age. I'm not only old enough to drink, I'm old enough to know that they must have other reasons for swiping my license.

The Fix:

Officially, bars do this to verify that you're not using a fake ID, but they may end up learning a lot more about you than your legal age. Over 40 states issue driver's licenses containing either a 2D barcode or a magnetic strip on the back, according to SWIPE (http://www.we-swipe.us), a group of performance artists (yes, performance artists) that seek to publicize how swipe cards are used for data harvesting. Barcodes can contain up to 2K worth of compressed data and, depending on where you live, may include your digital mugshot, fingerprint scans, your Social Security Number, and organ donor information. (For more on what kinds of data the DMV has crammed onto your license, see Chapter 6, "Taking License with Your License.")

Want to disable RFID chips inside consumer packaging? The Stop RFID site (http://www.stoprfid.org) has a few suggestions. First, look for the chip's antenna; in most consumer goods it's typically a thin black or gray wire at least a quarter inch long, and often hidden under a paper label or sticker. You can kill the chip by removing the antenna using a knife or scissors. You can also destroy an RFID chip by popping it in a microwave oven, though Stop RFID doesn't recommend this method the tag could spontaneously burst into flames.


And it's not just bars retailers, airports, convenience stores, hospitals, and government agencies are also installing driver's license scanners to verify identities. While it's illegal under Federal law for businesses to sell this information, only a handful of states limit what kind of information they're allowed to store or what else they can do with it. Theoretically, a bar could hold onto this information indefinitely and use it to create a profile of you and your drinking habits (which could come back to haunt you if, say, your boss or soon-to-be-ex-spouse got their hands on it). On the plus side, they could use it to mail you two-for-one margarita coupons.

In some cases having your license scanned may be unavoidable. For example, to buy booze from a state-run store in Philadelphia you must get swiped; your data is sent to the Pennsylvania Liquor Control Board database in Harrisburg. But if you go into a bar down the street, you can prove you're old enough by declining the scan and simply showing your ID. "Most bars would rather have your business than your data," says Brooke Singer, a co-founder of SWIPE. Besides just saying no, she advises consumers to ask the establishment why they're swiping cards, what kind of data they're collecting, and what they're doing with it. Because your favorite bar doesn't really need to know what's happening to your kidneys after you die.

Be Anti-Social

The Annoyance:

I just signed up for cable service, and the application form asked for my Social Security Number. Why do they need this number? What happens if I refuse?

The Fix:

Legally, you're not required to hand over your Social Security Number to get cable access, rent an apartment, obtain insurance, or do most things you need to do in your life. (Conversely, you can be legally denied a service or product if you don't fork over your SSN, as long as they're not discriminating against you based on race, disability, and so on.) Many businesses collect your SSN without even knowing why. But this can be a huge privacy risk, because your SSN is the key that can unlock all kinds of personal information about you.

There are, however, some big exceptions: transactions involving the Federal or state government such as the IRS, the Department of Motor Vehicles, or benefits programs such as Medicare almost always require you to give up your SSN. Anyone who has to report interest or income to the IRS, such as your employer or the bank that holds your mortgage, is required to collect your number.

And many private businesses will simply turn you down unless you provide it. For example, a bank can't legally demand you turn over your SSN in order to obtain a credit card, but it won't likely issue you one without it. That's because your credit report is tied directly to your SSN and the bank needs it to determine whether you're a good credit risk.

When in doubt, don't give out your number. Leave the form blank, feign memory loss, or say "I decline to state" if asked. If the business demands your number, ask them why they need it and what they plan to do with it, advises Rod Griffin, spokesperson for Experian. "If they can't give you a good reason," he says, "I'd be cautious about giving it out."

Want to find out what's hidden on that bar code on the back of your drivers license? SWIPE offers a service and downloadable program (http://turbulence.org/works/swipe/barcode.html) that can read barcodes on the licenses from 36 states. You'll need to scan the barcode using a flatbed scanner or a digital camera, then upload the image to SWIPE's site or download a small (90K) applet to decode it on your computer. The site also shows you how to request your consumer profile from the major data mining corporations like ChoicePoint and Acxiom, calculate how much your data is worth to them, and send them a bill. (Reading the mag stripe on driver's licenses is a bit more involved. For those with a strong DIY jones, check out the premiere issue of MAKE magazine (http://www.makezine.com) for advice on making your own mag stripe reader.)


If the business merely wants your SSN so it will have a unique way to identify you, ask if it will substitute another number in its place. If the business says it wants your SSN so it can run a credit check on you, see if it will run the check without the number. Griffin says Experian doesn't necessarily require an SSN, but if the agency can't clearly identify that the credit information belongs to a single person for example, if a father and son share the same name and address Experian won't return any report. In that instance, you will have to give up your SSN or go elsewhere.

For more information on which private organizations can and can't legally force you to hand over your SSN, see Chris Hibbert's excellent FAQ at the Computer Professionals for Social Responsibility site http://archive.cpsr.net/cpsr/privacy/ssn/ssn.faq.html. You'll also find information about how to protect your SSN at the Privacy Rights Clearinghouse (http://www.privacyrights.org/fs/fs10-ssn.htm) and the Social Security Administration's site (http://www.socialsecurity.gov).

I'VE GOT YOU UNDER MY SKIN

They call it "getting chipped," and so far about a thousand people have done it. Applied Digital Solutions' VeriChip is an RFID transmitter no bigger than a grain of rice that can be injected into the fatty tissue under your right arm. As it leaves the syringe, the chip is coated with a synthetic scar tissue that keeps it from floating around inside your body. The cost? A mere $150 to $200 per chip, says company CEO Scott Silverman.

Like all RFID devices, the VeriChip transmits a unique ID number that, when scanned, can be matched to records in a database. The chips can be removed, but once they're in your body, they can't be turned off.

Subcutaneous chips are being used as replacements for credit cards, to control employee access to restricted areas, and to help hospitals identify patients. Silverman says ADS is talking to Federal agencies about using VeriChips at border checkpoints, to replace military dog tags, and other applications he's not allowed to talk about.

For a low monthly fee, ADS can also maintain your medical, financial, or other data. Silverman says users will be able to control who can get access to their records, but admits there's nothing to prevent ADS from complying with a government subpoena or sharing the data with third parties. In November 2004, ADS announced a set of privacy principles that stated, among other things, the use of RFID implants should be strictly voluntary, and that people who have been "chipped" should have the right to disable the chips at any time. They also appointed a chief privacy officer to work with consumers and privacy advocates.

Silverman argues that injectable chips enhance individual privacy by thwarting identity theft and credit card fraud. "I suppose in theory the government could come and take over our business," says Silverman. "But we've done everything we can to protect the privacy of our subscribers. Every technology has privacy issues. We don't believe RFID poses any greater risk than using the Internet, databases, or cell phones."

annoyancesSource: Verichip. Used with permission.



Improving Your Rental Health

The Annoyance:

I just rented "Texas Cheerleader Massacre" and "Delilah Does Detroit" at my local video store. Now I'm afraid my employer will uncover this when he does a background check on me. Can people find out what movies I've rented?

The Fix:

Not legally. In fact, movie rentals are one of the few things in our lives that enjoy strong privacy protection. For that, you can thank Judge Robert Bork. Back in the late '80s, a reporter for the Washington City Paper published a list of 146 movies rented by the ultra-conservative Supreme Court nominee, apparently in an attempt to embarrass him. (Though not a very successful attempt. According to published accounts, the list contained only one R-rated movie The Who's Tommy.) This prompted Congress to pass the Video Privacy Protection Act of 1988, which bans video stores from disclosing what movies you've rented without your consent.

Naturally, there are a few exceptions. The records are still subject to subpoena from law enforcement and, one presumes, under the Patriot Act. The video store must delete your rental records, but only those more than one year old. For marketing purposes, the store may link your name and address with the movie genres (but not specific titles) you like and share that information with other parties unless you specifically tell them not to. It's also unclear whether the law applies to rentals of DVD and video games (it should, but no case has tested this yet). However, some state laws go further in protecting your rights. (For a good summary of the law, see EPIC's page at http://www.epic.org/privacy/vppa.)

If some halfwit video store employee shares your records anyway, you can sue the store for $2500 per offense. The ACLU did just that in 1997, when it sued the city of Oklahoma City for obtaining the names of people who rented The Tin Drum after a local judge decided the film was child pornography. The ACLU won that case, by the way.

If your identity has been stolen, or you're a victim of domestic violence who needs to hide from an abuser, you can request a new SSN from the Social Security Administration. You'll need to provide a fair amount of documentation, and you can't do it if you've filed for bankruptcy, you're trying to evade the law, or you can't prove someone else is using your number or that your life is in danger. For more information, contact the agency at (800) 772-1213 or visit http://www.ssa.gov/ssnumber.


WHO'S WATCHING YOU SHOP?

Apparently it's not enough for some manufacturers to know everything about their customers; they also want to see their smiling faces. In January 2003, Gillette started a test program in Britain's Tesco stores using RFID chips embedded in the packaging of Mach3 razors it sold. When customers removed the package from store shelves, the RFID chip triggered a camera hidden above the shelf to snap their photos. A second photo was taken at the checkout counter, and the two would be compared in order to identify shoplifters (who presumably would only have the first photo taken).

When news of the trial leaked out, privacy advocates organized a boycott of Gillette products and the company quickly put a stop to the tests. However, according to the Boycott Gillette web site (http://www.boycottgillette.com), which is run by the folks at CASPIAN, Gillette is still selling RFID-laden razor packaging in Australia, albeit sans cameras.

Gillette isn't the only consumer goods manufacturer that wants a better look at its customers. In November 2003, the Chicago Sun-Times reported that Proctor & Gamble implemented a similar scheme in a Wal-Mart store in Broken Arrow, Oklahoma. Shoppers who picked up a package of Max Factor Lipfinity lipstick were videotaped by a RFID-triggered hidden camera, whose images were beamed 750 miles away to P&G's Cincinnati headquarters. The company said the test, which ran from March to July 2003, was designed to measure whether radio chips could accurately gauge the number of products on store shelves. No word on whether the execs were also secretly gathering grooming tips.


     < Day Day Up > 


    Computer Privacy Annoyances
    Computer Privacy Annoyances
    ISBN: 596007752
    EAN: N/A
    Year: 2005
    Pages: 89

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net