Quote:

---

http://www.gcn.com/24_7/tech-report/35391-1.html
Cyber Eye: National ID standards could create “ID theft kit” 04/04/05
By William Jackson,
GCN Staff

I wrote last month that the State Department was making a mistake by leaving personal data stored on electronic passports unprotected. Congress is contemplating a similar mistake in its national standards for state ID cards.

Title II of the Real ID Act of 2005 (HR 418, passed by the House in February and now pending in the Senate) establishes minimum requirements for driver’s licenses and state-issued ID cards. The usual personal data, including name, address, identification number and digital photo, must be put in a machine-readable format. What is missing are any requirements for encryption or other security on the data, or any restrictions on who could access it or how it could be used.

The bill also would require any state that wanted to receive federal grants to pay for the program (and what state doesn’t want federal money?) to make databases of this information available to all other states. Again, there are no requirements for security or restrictions on how the data could be used.

Richard Hunter, research director and Executive Program fellow of Gartner Inc. of Stamford, Conn., said the new card would amount to an “ID theft kit.”

“In 2005 it is a bad idea to demand data from a person without stipulating how that data can be used,” Hunter said. “That is just not acceptable.”

The data is not that different from what already is included on most driver’s licenses. But cards today usually have this data only in printed form, with maybe some supplemental information on a magnetic strip. Making all of the data, including a digital photo, machine-readable means all of the data will be available to anyone with a reader.

Digital data is different from printed information. Printed information can be verified with a glance. Reading digital data provides the reader with a copy of the data.

Handing a bank teller or a bartender a driver’s license to verify your identity or age is minimally invasive. But if someone swipes the card to verify it, all of your personal data could be captured. It now is out of your control or the control of the state that issued the card.

The difference between looking and machine reading is not trivial. You might become uneasy if you saw the bartender copying your personal information from your driver’s license by hand—and that would not be an efficient way to gather data. But a quick swipe of customers’ cards could rapidly build a database with real value. Enough value to tempt a company to collect the data and sell it. To anybody who wants it. For any reason at all.

That scenario would be completely legitimate under the Real ID Act, which doesn’t begin to address the potential for theft and abuse of this data. Recent high-profile cases of the loss, theft and fraudulent acquisition of personal information that has been legitimately collected underscore the risks of this type of business.

Maybe the Bank of America, ChoicePoint and LexisNexis incidents only show that the genie already is out of the bottle. But I prefer a more optimistic view. I don’t think it is too late to protect personal information, and an essential place to do this is our driver’s licenses. If Congress is ready to make these licenses a de facto national ID, it must at a minimum en- crypt the data, define who can use it and take steps to ensure that the data is not misused.


© 1996-2005 Post-Newsweek Media, Inc.

---

Quote:

---

http://www.nytimes.com/2005/04/18/technology/ 18blog.html?th&emc=th

April 18, 2005
When the Blogger Blogs, Can the Employer Intervene?
By TOM ZELLER Jr.

There are about 10 million blogs out there, give or take, including one belonging to Niall Kennedy, an employee at Technorati, a small San Francisco-based company that, yes, tracks blogs.

Like many employees at many companies, Mr. Kennedy has opinions, even when he is not working. One evening last month, he channeled one of those off-duty opinions into a satiric bit of artwork - an appropriation of a "loose lips sink ships" World War II-era propaganda poster altered to provide a harsh comment on the growing fears among corporations over the blogging activities of their employees. He then posted it on his personal Web log.

But in a paradoxical turn, Mr. Kennedy's employer, having received some complaints about the artwork, stepped in and asked him to reconsider the posting and Mr. Kennedy complied, taking the image down.

"The past day has been a huge wake-up call," Mr. Kennedy wrote soon afterward. "I see now that the voice of a company is not limited to top-level executives, vice presidents and public relations officers."

As the practice of blogging has spread, employees like Mr. Kennedy are coming to the realization that corporations, which spend millions of dollars protecting their brands, are under no particular obligation to tolerate threats, real or perceived, from the activities of people who become identified with those brands, even if it is on their personal Web sites.

They are also learning that the law offers no special protections for blogging - certainly no more than for any other off-duty activity.

As Annalee Newitz, a policy analyst with the Electronic Frontier Foundation, a digital rights advocacy group in Washington, put it, "What we found is there really is quite a bit of diversity in how employers are responding to blogging."

A rising tide of employees have recently been reprimanded or let go for running afoul of their employers' taste or temperament on personal blogs, including a flight attendant for Delta Air Lines who learned the hard way that the carrier frowns on cheeky photos while in uniform and a Google employee who mused on the company's financial condition and was fired.

Some interpreted these actions as meaning that even in their living rooms, even in their private basement computer caves, employees are required to be at least a little bit worried about losing their jobs if they write or post the wrong thing on their personal Web logs.

"I would have expected that some of the louder, more strident voices on the Internet would have risen up in a frenzy over this," said Stowe Boyd, the president of Corante, a daily online news digest on the technology sector. "But that didn't happen."

In Mr. Boyd's opinion, everything about what Mr. Kennedy did was protected speech. The use of trademarks was fair use in a satirical work, Mr. Boyd said, and it seemed unlikely that the company would be somehow liable for the off-duty actions of an employee, as Technorati executives argued. It was, in Mr. Boyd's eyes, an indication that corporate interests were eclipsing individual rights.

"I don't know what else to say," he declared. "I'm astonished."

But Ms. Newitz and others have cautioned that employees must be careful not to confuse freedom of speech with a freedom from consequences that might follow from what they say. Indeed, the vast majority of states are considered "at will" states - meaning that employees can quit, and employers can fire them, at will - without evident reason (barring statutory exceptions like race or religion, where discrimination would have to be proved).

"There really are no laws that protect you," Ms. Newitz said.

Martin H. Malin, a professor of law and director of the Institute for Law and the Workplace at the Chicago-Kent College of Law, said there were only a few exceptions.

"It depends on what the blog is," he said, "what the content is, and whether there's any contractual protection for the employee."

Those who work for the United States Postal Service, for instance, or a local sanitation department may have some special blogging privileges. That is because, depending on the circumstances, the online speech of public employees can be considered "of public concern," and enjoys a measure of protection, Professor Malin explained.

Employees protected under some union contracts may also be shielded from summary dismissal for off-duty activities, at least without some sort of arbitration. "Lifestyle law" trends of the late 1980's and early 90's - sometimes driven by tobacco and alcohol lobbies - created state laws that protected employees from being fired for engaging in legal, off-duty activities, though no one is likely to be fired simply for blogging, but rather for violating some policy or practice in a blog.

And bloggers who are neither supervisors nor managers and who can demonstrate that they are communicating with other workers about "wages, hours or working conditions" may warrant some protection under the National Labor Relations Act, Professor Malin said - even in nonunion enterprises.

None of this, of course, answers the question of where the status of employee ends and that of private citizen begins.

Some companies, like Sun Microsystems, have wrapped both arms around blogging. Sun provides space for employees to blog (blogs.sun.com), and while their darker impulses are presumably kept at bay by the arrangement, there are hundreds of freewheeling and largely unmonitored diaries supported by the company.

Microsoft, too, has benefited from the organic growth of online journaling by celebrity geeks now in its employ, like Robert Scoble, whose frank and uncensored musings about the company have developed a loyal following and given Microsoft some street credibility.

But other companies are seeing a need for formalized blogging policies.

Mark Jen, who was fired from Google in January after just two weeks, having made some ill-advised comments about the company on his blog (Google would not comment on Mr. Jen's dismissal, but confirmed that he no longer works for it), is now busy helping to draft a blogging policy for his new employer, Plaxo, an electronic address book updating service in Mountain View, Calif.

"It was a very quick education for me at Google," Mr. Jen said. "I learned very quickly the complexities of a corporate environment."

With Plaxo's blessing, Mr. Jen is soliciting public comment on the new blogging policy at blog.plaxoed.com.

Most of the points are the kinds of common-sense items that employees would do well to remember, particularly if they plan on identifying themselves as employees in their blogs, or discussing office matters online: don't post material that is obscene, defamatory, profane or libelous, and make sure that you indicate that the opinions expressed are your own.

The policy also encourages employee bloggers to use their real names, rather than attempting anonymity or writing under a pseudonym.

Bad idea, according to the Electronic Frontier Foundation.

Two weeks ago, the group published a tutorial on "how to blog safely," which included tips on avoiding getting fired. Chief among its recommendations: Blog anonymously.

"Basically, we just want to caution people about how easy it is to find them online," Ms. Newitz said, "and that they are not just talking to their friends on their blogs. They're talking to everyone."

But does that means that Mr. Kennedy, a short-timer, a product manager and by no means an executive at Technorati, carries the burden of representing the company into his personal blog?

Technorati's vice president for engineering, Adam Hertz, responded: "It would be antithetical to our corporate values to force Niall to do anything in his blog. It's his blog."

Yet with the spread of the Internet and of blogging, Mr. Hertz said, it would be foolish for companies to not spend some time discussing the art of public communications with their employees, and even train and prepare lower-level staff for these kinds of public relations situations.

That said, Mr. Hertz stressed that the company had no interest in formalizing any complicated policies regarding an employee's activities outside the office.

"I had a high school teacher," he recalled, "who used to say 'I have only two rules: Don't roller-skate in the hallway and don't be a damn fool.' We really value a company where people can think for themselves." (as long they they have double-plus good thoughts)

Copyright 2005 The New York Times Company

---

Quote:

---

Originally posted by SignyM:
Ah Geezer- ever the defender of the police, corporations, state, and military!

---

Quote:

---

Not really

---

Quote:

---

Originally posted by sgtgump:
That's why I like Firefly so much. It kind of gives me hope.

---

Quote:

---

Your employer can fire you for what you say at home, online, on your own computer on your own time - even if you don't say anything about the company. While the constitution may guarantee freedom of speech, it is only freedom from the government. Corporate interests can and do rule what you say and do in your 'private' life.

---

Quote:

---

To start, mandatory electronic drivers' licenses are now a fact of law.

---