Thursday, January 07, 2010

RFID Blocking Wallets For Contactless Smart Cards

RFID Blocking WalletNew passports, transit tickets and bank cards now contain radio frequency transmitters. Those worried about this can buy an RFID blocking wallet, but it is not clear how effective these are.

The National Australia Bank (NAB) and Commonwealth Bank have distributed Visa payWave cards which use contact-less Near_Field_Communication. For small payments of up to $100, the card is simply held within a few cm of the merchant's device to make a payment. No signature, PIN or keypress is required. This will be particularly useful in situations like public transport fares and the Victorian, WA and Queensland transit tickets use simialr technology.

According to reports, millions of these cards have now been issued in Austrlaia. Some may be worried about the security of the system, with the risk that private data can be read by someone passing with a reader, or that unauthorised payments could be made. The cards are designed to transmit data only a few cm, but the risk remains. There is also the possibility that a terrorist could design an Improvised Explosive Device (IED bomb) to target those carrying the cards, triggered by the signal of a particular card, type of card, or any card.

Labels: , ,

Friday, August 01, 2008

Automated Number Plate Recognition technology

Crimtrac have issued a Request for Information for Automated Number Plate Recognition technology (ANPR) so that the number plates of vehicles could be computer read in images across Australia. Apart from the technical feasibility they are looking at the cost, benefit, legislation needed and privacy issues. The privacy issues of this technology were a main topic of the "You are where you've been", seminar at UNSW 23 July 2008.
ATM ID CrimTrac ANPR 2008/4
Agency Crimtrac
Category 43230000 - Software ...
Publish Date 31-Jul-2008 ...


CrimTrac is an Executive Agency within the Commonwealth Government in the Attorney General’s Portfolio. The agency was established on 1 July 2000, with the aim to „enhance Australian law enforcement with an emphasis on information-based policing facilitated through rapid access to detailed, current and accurate police information.

CrimTrac is currently undertaking a scoping study to develop a report on the strategic national implementation of an Automated Number Plate Recognition (ANPR). The ANPR scoping study aims to fully explore the feasibility of the national deployment of ANPR technology and will canvass aspects such as cost / benefit analysis, legislative and policy frameworks, examination of current and required infrastructure, privacy issues and technical options for the implementation of a national infrastructure model. The scoping study represents an exciting opportunity for Australian law enforcement and road transport departments. This Request for Information (RFI) represents the initial engagement with ANPR technology providers to assist the project team assess industry capability and to move towards procurement steps aiming to establish a panel of providers. ...

From: Automated Number Plate Recognition technology, CrimTrac ANPR 2008/4, 31-Jul-2008

Labels: ,

Thursday, July 24, 2008

Location privacy issues

The University of NSW, UNSW School of Surveying and Spatial Information System and Cyberspace Law and Policy Centre, hosted the seminar "You are where you've been", 23rd July 2008 in Sydney. This had researchers, industry and government people discussing the privacy issues with GPS, mobile phones and tracking via IP addresses. This was an excellent introduction to tracking technologies, the privacy issues with them and the legal and other responses to the issues. Such an event would normally cost thousands of dollars and even the lunch was free! ;-)

Ironically I was late for the seminar as I couldn't find it in the new UNSW Law building, which looks like the fractalated set for the The Cabinet of Dr. Caligari. The building has slanted columns, which are a tripping hazard, and no right angles, making finding your way around difficult (but the main lecture theatre has a wonderful window view and a power point to run your laptop at each seat).

Roger Clarke was giving an introduction to the issues of privacy and location tracking as I arrived. He talked about roles and identities. I wasn't too sure that his distinction between the real and abstract was real. He defined privacy as freedom from interference and can't just be legislated for. He criticized the data protection laws and the federal privacy commissioner (the privacy commissioner of Victoria was present).

Some technologies:

* Handheld: PDAs and mobile phones. He pointed out the iPhone as a key current device. He argued that 3G phone networks allowed better tracking than computer type networks. A computer network can track a person to within a few suburbs, whereas a mobile phone can do it to a few tens of metres. Most phones are used by individuals and so allow tracking the person. He discussed how a phone can be located but left out enhanced GPS which allows tracking of a phone quickly down to mm.

* Vehicles: Automatic number plate recognition (ANPR) can be used to record car number plates and so track the car (M7 Sydney Electronic Toll Road). RIFD tags can also be used to monitor cars, such as those used on motorways (Roger described it as "Passive"). He points out that this is useful for user pays parking, roads and the like. He pointed out that all vehicle details are captured and kept indefinitely not just ones failing to pay for the time they don't pay for. Police are also implementing ANPR for traffic administration and enforcement.

* People: Roger condemned the health department's policy to electronically tag dementia patients.

Helen Versey, Victorian Privacy Commissioner on "Location Privacy : Privacy regulator's perspective": She pointed out the value as well as the problems of location technology. But then argued how privacy is one of the fundamental human rights. CrimTrac might undermine state privacy legislation with federal law. The commissioner claimed that Victoria has few cameras and ANPR is at an early stage. However, the traffic authority has an extensive network of cameras to monitor traffic. This network could be easily interfaced to an ANPR system to record all number plates detected on all cameras all the time.

One question I had was the effect that open access to government information would have for privacy. There is a Victorian Parliament inquiry into open access. On the face of it, government providing information about what it is doing is a good thing. But how do you check for private information?

Rob Nicholls "Hic et nunc: Provision of location based services to law enforcement agencies": Looked at federal legislation. He argued that the Telecommunications, Privacy and Spam Acts worked well together. Telcos fall within the privacy principles and so location services are likely to fall within this. A 2007 telco act amendment explicitly identifies location information from mobiles as private.

Rob invited questions so I asked how much of an obligation there was on the telco to ensure their system protects privacy. He said that there was a strong obligation, as directors were likely to go to jail. The example I and in mind was when Vodafone Greece's system was hacked allowing phones to be bugged.

Rob argued that "active" location services imply the customer gives consent to have their location known. The example given was to request the location of the nearest ATM. He argued that this requires the customer to provide their location. This is not strictly true. A system could provide the location to a third party who found the nearest ATM. Also only an approximate location could be given. The phone could then be sent a list of near ATMs and the system could pick the nearest. This might actually be a more useful service for the user, as they could select from the range of nearby ATMs.

Ron then moved on to location based information and law enforcement. He argued that Australia has moved away from international norms for privacy. It took me a while to work out that this was a criticism. Australian law allows law enforcement access to vaguely defined "telecommunications data", which essentially includes everything except the actual call, email or file content. The request can come from a public servant, a judge is not needed. This includes ISPs as well as telcos. Carriers are required to be able to intercept the data if a warrant is issued.

I asked if the requests which senior public servants make for metadta have to be in a particular form. Rob said this could be something like a fax with a scanned signature. So I could imagine a system where the requests are sent semi-automatically, allowing one person to issue thousands of requests a day.

Lyn Moore: Location Privacy: Telstra's Perspective: Customers must opt in to location services and can change the services they subscribe to. A WAP gateway is used to interface to service providers suing the location information. The service providers have to agree to privacy conditions for use of the location information. OMA Mobile Location Service standards are used for implementation. OMA MLP and OMA Location Privacy Checking Protocol. The telephone number is mapped to a userid. A location id is used to identify the location. Details are only stored for 20 minutes. In this way it is claimed that the service provider therefore does not know where you are. This was a refreshingly straightforward presentation (unlike usual Telstra ones).

I asked if the service provider could use a cookie to identify the subscriber and then match that with their position. The reply was that this is prohibited under the the service provider conditions.

David Vaile, Google Street View: Need to look at street view in relation to other Google services. Google have been reluctant to engage on privacy issues, apart from asserting they were trying to not be evil. Google being US based as a different view of privacy to most of the world. Local Google staff have more understanding of Australian/European issues.

Matt Duckham: Obfuscation: Location privacy protection through spatial information hiding: Discussed how the technology works and how locations can be made approximate to protect privacy while providing services.

Dan Svantesson: Geoidentification - " A serious threat to your location privacy on the Internet?": A very approximate geo-location, to country, based on IP address is used by major web providers. This is used to limit access to content for licensing reasons, target advertising or content. Even at this level there are implications for privacy. The Antipiratbyran case (Sweden 2006) suggests that court will consider IP addresses are personal information. Go-location tests suggest country level accuracy at 99.9% and at state level of 95%. But these are US figures and it might be a lot harder for other countries. A French Yahoo auction case suggested an accuracy of 70%. Anonomisers can be used to hide the IP address of users. GeoBytes are an Australian based geo-location provider.

M.G. Michael: A research note on ethics in the emerging age of Überveillance: MG was suffering from jet lag and so this was not the best presentation of the day. He showed some advertisement and news report videos about surveillance, which would have suited an industry conference more than a scholarly seminar. He emphasized the term "Uberveillance", but without explaining it . Later I found he had authored several works on Uberveillance. With this and other material in the presentation MG seems to have assumed the audience would be familiar with the work. This was a problem for me, and I suspect others in the audience from diverse backgrounds. As a result there is a risk of such a presentation appearing to be shallow MG needed spend some time on the background of his previous work, to provide context.

Otherwise there is a danger of such presentations looking like one by an impersonator I once attended at the IFIP conference dinner. The comedian had been supplied with a set of ICT buzz words and names of industry people to mention. For several minutes they were able to fool a room full of ICT experts that they were an industry expert. Since then I have been wary of any presentation with too many glib terms:
The Congress dinner, held in Parliament House in Canberra, was one of the week's highlights. The speaker, introduced as Dr. Lawrence Tibbs, Associate Director for Technology and advisor to the President and Vice-President of the U.S., gave a lively and very humorous talk. He addressed the audience as, "Ladies, gentlemen, and Australians." He stated, "You can tell an American IT expert ... but you can't tell him much." Although most of the attendees were amused, some were upset or surprised at his lack of diplomacy. After his talk, which had some thoughtful moments, he removed his hairpiece and revealed himself as Mr. Campbell McComas, a professional comedian, who fooled virtually everyone in the audience.

From: IFIP NEWSLETTER, IFIP December 1996
Usman Iqbal: Privacy-aware telematics technologies - GPS enabled insurance and social issues: Usman presented an interesting and well researched presentation about the privacy issues of insurance. The idea is that the car insurance company would charge based on how far you drove and where you drove (tried by Norwich Union with a system called PAYD). The more km traveled and the more dangerous the road, the more the insurance costs. The catch is that this requires the insurance company to be provided with location information for the car. Usman carried out research using a GPS device in a student's car and then seeing what inferences could be drawn. He then looked at if it would be possible to design a system which do not reveal location to the insurance company. The solution proposed was to have the insurance calculation carried out by a computer in the car.

The example given considered the number of km driven on different roads. Would a simpler system which just reports what suburb the car is usually parked in do just as well? Car insurance companies use the suburb already for measuring location.

This suggests an interesting possibility to take into account insurance cost when planning a trip. This could be by a trip planner (such as Google Maps) or an on-board navigation system plots a route. It might also be amusing to consider having the safety of other drivers on the road taken into account and having the car tell you to avoid dangerous drivers. Also a simpler example would be to apply this to household insurance. It would be very simple to detect when someone is home and use that to determine their home and contents insurance.

It would also be interesting to apply such a system to an individual. Their smart phone could track them and have their personal insurance adjusted accordingly.

Usman also surveyed drivers and found that sports car drivers were prepared to pay more for insurance in return for anonymity. Females were more interested in privacy.

Panel: There was an interesting discussion of EU versus USA developed privacy standards. I asked the panel if they were worried by the rise of China resulting in a downplaying of personal privacy in technical standards. The panel was skeptical of technological determinism.

One question I wanted to ask all the presenters was if privacy only applied to individual natural people. One presenter commented that an IP address might only identify what family was using a computer, not an individual and therefore is not a privacy issue. But do not families and other groups have a right to privacy? Why shouldn't non-natural people, such as a community group, have a right to privacy?

Labels: , ,

Wednesday, July 02, 2008

Location privacy issues seminar

University of NSW, Law and Policy Centre, are hosting a free seminar on location privacy issues, 23rd July 2008 in Sydney. It will have r researchers and commentators from industry , academia, government and policy think tanks discussing: Legal / Policy Issues, Technology Issues and Social Issues of technologies such as GPS.




0830 -0900



Ed Garvin




Chris Rizos

Location Based Services and issues such as Privacy


Roger Clarke

You Are Where You've Been. Location Technologies' Deep Privacy Impact


Morning Tea

Session II: Legal/Policy Issues


Helen Versey

Location Privacy : Privacy regulator's perspective

1125- 1150

Rob Nicholls & Michelle Rowland

Hic et nunc: Provision of location based services to law enforcement agencies


Mia Garlick

Australian Telecom Law, its current interpretation of location information, and the future


Group photo of speakers:




Session III: Technology Issue


Lyn Moore

Location Privacy: Telstra's Perspective


Les Fenech

Practicalities of delivering LBS and policy/privacy issues


David Vaile

Google Street View


Matt Duckham

Obfuscation: Location privacy protection through spatial information hiding


Afternoon Tea

Session IV: Social Issues: 0330-0430


Dan Svantesson

Geoidentification - " A serious threat to your location privacy on the Internet?


M.G. Michael

A research note on ethics in the emerging age of Ãœberveillance


Usman Iqbal

Privacy-aware telematics technologies - GPS enabled insurance and social issues


Panel Session


Seminar Concludes

Labels: , ,

Tuesday, July 31, 2007

Big Brother Google?


Big Brother Google?
Roger Clarke (DCS, ANU & Xamax Pty. Ltd.)

DATE: 2007-08-27
TIME: 16:00:00 - 17:00:00
LOCATION: CSIT Seminar Room, N101, ANU

Google is increasingly being perceived as the company that will follow IBM (1965-85) and Microsoft (1985-2005) in dominating the IT industry. This presentation will outline the many business lines that Google is endeavouring to build, and then focus on what has become the major part of its business - knowing a lot about people.

From 1984-95, Roger Clarke was Reader in Information Systems in ANU's then Department of Commerce. Since then he has been back in full-time consultancy through his company, Xamax Consultancy Pty Ltd. He focuses on strategic and policy aspects of eBusiness, information infrastructure and dataveillance and privacy.

He has retained his connections with academe as a Visiting Fellow in the ANU Department of Computer Science (1995-2005) and as an Adjunct Professor from April 2005. He is also a Visiting Professor in eCommerce at the University of Hong Kong (2002-), and a Visiting Professor in Cyberspace Law & Policy at UNSW (2003-). He has also undertaken Gastprofessur at the Universities of Bern (Switzerland) and Linz (Austria), and been a Gastdozent at the European Business School and the University of Koblenz (both in Germany).

Labels: , ,

Thursday, May 03, 2007

Do not call the do not call register

The Do Not Call Register has opened for registrations online. Telemarketers in Australia are required to not call numbers on the register from 31 May 2007. But the registration web site appears to have become overloaded as soon as it was made available and I have been unable to register after several attempts. The web site may not comply with Australian anti-discrimination law.

It took 22 seconds for the text of the web page to load, then another 78 seconds for the images. The registration form took 90 seconds to load. On the first attempt my registration failed with:
The requested URL /regNumber2.cfm was not found on this server.
It worked on the second attempt. The conformation email message arrived three minutes later. Spam Assassin rated the message 2.3, with tests:
BAYES_05 -0.207, HTML_40_50 0.496, HTML_MESSAGE 0.001,
This is a low Spam rating but higher than it should be.

Clicking on the requested link in the conformation message resulted in:
"The requested URL /regNumberActivate.cfm was not found on this server."
On the second attempt a blank white screen was displayed. The third attempt displayed the not found message again. The fourth attempt displayed the blank white screen again. AT that point I gave up.

Those responsible appear to have made several fundamental mistakes in launching the site. These are things I teach second year ANU web design students not to do.

The DNC home page consists of:
  1. HTML 6kbytes
  2. CSS 4kbytes dncr.css
  3. Images:
  • Commonwealth Arms 7kbytes: images/coatofarms.jpg
  • DNC logo 10kbytes: images/dncr_logo_padded_sml.jpg
  • Three ways 5kbytes: images/three_ways.jpg
  • Mouse 1kbyte: images/mouse.jpg
  • Phone 1kbyte: images/phone_icon.jpg
  • Evelope 1kbyte: images/envelope.jpg
  • Navigation bar background 2 kbytes: images/navbar_fat.jpg
Linked to the web page is a PDF media release (144 kbytes): /Media_Releases/english_applicationform.pdf

  • VALIDATE CODE: The DNC home page failed a W3C Validate test with one syntax error.
  • TEST ACCESSIBILITY: The DNC home page failed an automated accessibility test, with four level 2 (AA) errors. In addition no alternative to reading text in the security image is provided. As a result the web site fails a level 1 (A) test. The web site may breech Australian anti-discrimination law as a result.
  • ONLY SECURE SENSITIVE PAGES: All the pages on the DNC web site seems to use HTTPS secure protocol. As a result each copy of the text and images on the home page will have to be individually encrypted when sent to each user. As well as slowing down the server which has to encrypt, this may prevent the information being cached. This encryption should only be used for the pages containing sensitive data, such as the forms the user fills in.
  • MINIMIZE GRAPHICS: While the graphics used are small, there are a lot of them on the home page. The "Three ways" graphic contains text and should not be used. If the other graphics are to be used they should be highly optimized and ideally reused from a common Commonwealth server of images.
  • SMALL FORMS: The PDF form is 144kbytes for a one page document, which is excessive.
  • PRIME CACHES WITH PRE-LAUNCH PAGES: The web site appears to not have been placed online until the launch day. As a result none of the content will have been cached. Therefore there will be a large initial load on the system. The designers should have put a placeholder web site up in advance, announcing the site would be available. The images, style sheets and other material to be used would then have been cached on web servers around Australia. When the real site went live, only the changed text would need to be downloaded (which makes a small part of a web site).
  • STAGED LAUNCH: The register appears to have been launched nationwide. A staged introduction, allowing registration for smaller regions first would have allowed the bugs to have been shaken out of the system and for the caches to be loaded.

Labels: , ,

Saturday, March 24, 2007

Access Card registration process discussion paper

Sample Access CardProfessor Fels' Consumer and Privacy Taskforce has released a Discussion Paper on the Registration Process for the Australian Government Access Card. Submissions can be made until 16 April 2007:
Table of Contents

Registration ... Background ... From Draft to Final ... Introduction to the Registration Scheme ... Public Support ... An Access Card Consumer Charter ... Privacy Impact Statement ... Outline of Discussion Paper ... Informed Consent ... Mandated Data ... Proof of Identity Documentation and Standards of Identification ... Verification procedures for POI Documents ... Additional information to be recorded in the Access Card system ... Exceptions and Exemptions ... Persons under the age of 18 years ... Disability Features ... The Registration Process ... Access Card Issue Overseas ... Conclusion ... Consultations ... Appendix I - Interview Process ... Appendix II
- Business as usual for the Teens' access to Smartcard ... Criteria for people under 18 years of age for their own Access Card ...


Registration is one of the key elements of the Australian Government’s proposed health and social services Access Card scheme. It is the process by which Australians become part of the scheme by having their personal data entered on the Register (formerly known as the Secure Customer Registration Service), receive their Access Card and thereafter access the benefits which are provided by the government’s participating agencies (Medicare, Centrelink, the Departments of Human Services and Veteran’s Affairs).

The Register is established by Division 3 of the Bill. It is part of the background to discussing registration.

It should be noted that the Government has not yet made a formal decision on what the Access Card might be called. The Minister is empowered in the proposed legislation (see below) to determine the name of the card and any symbol used in relation to the card (section 27), and that name/symbol will become the protected property of the Commonwealth (section 28). The Commonwealth will also have the power to compulsorily acquire such related rights if they are currently held privately, on the payment of just compensation (section 73). For the purposes of this Paper we will simply use the term Access Card where appropriate.

From: Registration, Discussion Paper Number 3, Consumer and Privacy Taskforce, 21 March 2007

Labels: , ,

Monday, December 11, 2006

Personal Name Matching, Data Linkage and Geocoding


A Comparison of Personal Name Matching: Techniques and Practical Issues. -and also- Privacy-Preserving Data Linkage and Geocoding: Current Approaches and Research Directions

Peter Christen (DCS, ANU)

DATE: 2006-12-13
TIME: 16:00:00 - 17:00:00
LOCATION: CSIT Building, N101, ANU, Canberra

In this seminar I will present two talks I will give at the IEEE International Conference on Data Mining (ICDM) in Hong Kong, 18-22 December.

1) Finding and matching personal names is at the core of an increasing number of applications: from text and Web mining, search engines, to information extraction, deduplication and data linkage systems. Variations and errors in names make exact string matching problematic, and approximate matching techniques have to be applied. When compared to general text, however, personal names have different characteristics that need to be considered. In this talk I will discuss the characteristics of personal names and present potential sources of variations and errors. I then overview a comprehensive number of commonly used, as well as some recently developed name matching techniques. Experimental comparisons using four large name data sets indicate that there is no clear best matching technique.

2) Data linkage is the task of matching and aggregating records that relate to the same entity from one or more data sets. A related technique is geocoding, the matching of addresses to their geographic locations. As data linkage is often based on personal information (like names and addresses), privacy and confidentiality are of paramount importance. In this talk I will present an overview of current approaches to privacy-preserving data linkage, and discuss their limitations. Using real-world scenarios I will illustrate the significance of developing improved techniques for automated, large scale and distributed privacy-preserving linking and geocoding. I then discuss four core research areas that need to be addressed in order to make linking and geocoding of large confidential data collections feasible.

Dr Peter Christen is a lecturer at the Department of Computer Science at the Australian National University. He received his Diploma in computer science engineering from the ETH Zurich (Switzerland) in 1995 and his PhD in computer science from the University of Basel (Switzerland) in 1999. His research interests are data mining (especially data linkage and data pre-processing), high-performance computing, and most recently security and privacy preservation (in the context of data linkage and health informatics).

In the last four years his research has concentrated on the project "Investigation and Development of Parallel Large Scale Record Linkage Techniques", an ARC Linkage project conducted in collaboration with and partially funded by the NSW Department of Health.


Labels: , , ,

Friday, December 01, 2006

Access Card Briefing, Sydney, 13 December 2006

The Australian Government's Office of the Access Card (also known as the Government Smart card or Health Card) will hold a Consumer and Privacy Briefing on 13 December 2006:
"... three main aims.
  • Inform the IT industry about the project prior to tenders being released.
  • Provide privacy and consumer advocates with further details about the project.
  • Release an exposure draft of the access card legislation for public consultation."
Also available is the Government's response to the Consumer and Privacy Taskforce Report on "Issues and Recommendations in Relation to Architecture Questions of the Access Card".

The Government's response is a model of brevity being only 59kbytes of PDF, compared to the report's 1.83mb. The original KPMG Access Card Business Case is still available on the Office of the Access Card publications page.

There is also a web address for public information about the Access Card, in accordance with the Government web branding policy. This also has an RSS Feed.

ps: The Government has responded to criticism of the project by increasing safeguards and decreasing its scope. But assurances as to the proper running of the system are less credible after the Office of the Access Card sent out the wrong attachment with their invitation to the briefing. If they have trouble working e-mail, how will they go with a highly complex access card system? ;-)

Labels: , , , , ,