Something something invasion of Normandy, oh this isn’t for me

Payroll company faxes 121 pages of confidential stuff to wrong person

Wrong number faxes are a huge risk. It’s obviously possible to typo an email address, but since so many of them are names or words the sender is doing a visual checksum as the email is written and sent. Punching in a string of numbers is different, and with so very many faxes out there the chance of getting a friendly “okay!” from the wrong number is pretty good.

When I was at the hospital we paid a lot of attention to this because we were frequently faxing medical records to physicians. We had a rule that we would fax nothing to any insurance company, only to the attending physician or a specialist for whom we had written permission from the attending to share records. People always wanted us to fax stuff RIGHT NOW! but it was very important that we refuse.

One day I got an incoming fax that made no sense. The clerk had just dumped it on my desk. It was from one of the big accounting firms, and was about 20 pages of detailed financial information. It had nothing to do with the hospital. On close inspection this was a detailed financial analysis for one of the parties in an impending merger of two large companies.

I called the guy and told him I had it, and that it was okay, I worked at a hospital and I was going to shred it. He nearly cried. “Good thing I didn’t call the recipient, eh?” I said jovially.

Faxes are dumb.

Today, Homeland Security salutes the heroes of Livejournal!

Gathering Data
We have recently re-implemented HitBox, a site-wide data-gathering service that will help us dig deeper into how users and visitors use LiveJournal. The data we collect will help us prioritize our improvements to the site, among other things. A few folks were very concerned about privacy with the Hitbox service, and thanks to their feedback we were able to make some changes to how we’ll use the service. Most sites on the web do keep track of which pages you visit, and we’re trying to be even more respectful of your privacy. You won’t actually see a change to your experience using LJ.

from today’s LJ news post.

Just remember folks. DHS, just like Tom, is always your friend!

computers are hard and the government spies on me from the air vent

flata points out that some people lost their heads because the all-knowing government spy agency, the NSA, put cookies on people’s computers.

A “privacy advocate” named Daniel Brandt is upset about this, and has previously been upset about the CIA using persistent cookies on their public website.

I feel sorry for the web monkey who put those in for whatever boring typical reason people use persistent cookies, because that person is in big trouble. I also think that a “no persistent cookies” policy for websites of this kind is a fine idea, almost entirely because it reduces this kind of pointless paranoia. But let’s get real, here. You can turn off cookies, and anyone who’s serious about privacy does. There’s no way the NSA is using persistent cookies to track individual website visitors; that’s inane.

Danny boy, the NSA has shit you don’t even know about, probably archiving the entire Internet way better than Alexa and analyzing it and putting it in databases and crunching it up to find Al-Qaeda and screw the Chinese. They don’t need “cookies”, okay? Oh, and by the way, you keep mispelling “rendez-vous” in your emails to your mistress, the one in Dayton. Get that shit straight, okay?

This was almost as “good” as the podjacking idiot.

LJ, blog searches, datamining

Google’s new blog search is pretty nifty if you either like searching through people’s weblogs or are an egotist who likes to kiboze. I’m both. Since I’ve always been a shameless self-promoter and I ping all available services, index myself in search engines etc. this is just peachy.

The way LJ did it was to provide a large-scale XML data feed of Livejournal and Typepad blogs. The feed is explicitly intended for use by larger organizations who want to resyndicate or index this huge quantity of data. It’s not usable by end users; it’s an institutional service.

This is great if you’re Google, or AOL, or an MIT grad student doing a thesis on weblogging. However, if you’re an LJ user who checked the “please do not let search engines index me” button, it may be an unwelcome surprise. People who assumed a level of public presence that included friends and internet acquaintances, but not every coworker or family member who Googled them, have now discovered that the verb “to Google” now includes a well-indexed stream of all their public entries since March.

I had a frustrating conversation about this with mendel yesterday (sorry I got ruffled there, Rich) in which I think we were both right about different things. He quite rightly pointed out that public LJ entries were subject to data mining and indexing in a number of ways already, and that the check box for blocking robots did not imply privacy to someone who understands the current state of of the Internet. Certainly my personal expectation is that anything I post, even with the lock on it, could conceivably end up as the lead story on CNN, and I proceed with that risk in mind.

And of course many of the complaints received by Six Apart about this will be from people who are misinformed about technology or the law in various countries or any number of complicated issues. I actually have no idea what U.S. law would say about what a customer can reasonably expect in this situation, and since the technologies involved about about fifteen minutes old, it may be unknown anyway.

My concern was different. Providing a massive datastream only useful to large-scale operations is qualitatively different than allowing spidering, even. Marketers, credit agencies, insurance companies, and government agencies now have an optimized tool for data mining a huge chunk of weblogs. The amount of effort required to monitor and index all of LJ and Typepad just deflated tremendously.

I am reminded, for example, of FedEx providing a stream of their tracking information to the U.S. Department of Homeland Security, or of the supermarket loyalty card information being informally turned over to the government right after 9/11/01. A recent event I posted about in which auto repair records from dealers were aggregated and sold to Carfax comes to mind. I have been told by people in the email appliance business that spammers derive a good chunk of income these days by selling verified email addresses with names attached to insurers and credit reporting agencies as additional identifying information for their records (“appends”).

In short, Database Nation (Amazon link). To my mind these changes are inevitable, irresistible, and both exciting and frightening for different reasons.

But I also think that Six Apart failed their customers, at least in the customer satisfaction/PR department, by not providing a pre-launch opt-out or removing customers who checked that box from their institutional feed.

PrivacyWatch: Data heisted from car dealers is sold

From Automotive Digest, a charming story. ADP Dealers Services (a division of the payroll giant) was caught surreptitiously taking data from auto dealers and selling it to Carfax, the automotive data company. The rest of their summary of an Automotive News story not available to nonsubscribers is below. I’m glad that they are aware of the sensitivities.

1. ADP Dealers Services admits taking data from dealers; sold it w/o their knowledge
2. Says repair and maintenance records taken after hours, then sold to Carfax
3. ADP says it’s stopped pulling data due to dealer complaints
4. Won’t say how many dealers involved in action from Dec through March
5. Experts say dealers need to have lawyers review all contracts w/ vendors
6. Some dealer groups want states to require dealer consent before vendors pull data

Significant Points
1. At issue is who owns data on dealer computers
2. But automakers and vendors often have access
3. Dealers worry about identity theft, privacy lawsuits
4. ADP furnished Carfax w/ VIN data, not protected by federal privacy laws
5. ADP competitor, Reynolds & Reynolds, sells data to Power Information Network
6. But contract promises to get dealer’s permission

“And they’re taking our information and selling it to other organizations. Every dime of that money (paid to ADP) needs to be returned to the dealers.” — David Farris, owner, Farris Motors

“While the goal of the program was in the best interest of dealers and consumers, a better job should have been done thinking through potential dealer concerns and communicating to dealers the rationale and advantages of the program.” — Kevin Henahan, senior VP marketing, ADP

“Privacy is a huge area of concern. We are aware of the sensitivities.” — Mark Feighery, spokesman, Reynolds & Reynolds

Web Source