Alexandra Marks

Is It Impossible to Protect Your Privacy?

Individuals might treasure their personal data like Social Security and credit-card numbers, but identity thieves can buy them cheap and in bulk online.

Credit-card numbers can now go for as little as 40 cents each. A matching name, Social Security number, address, and date of birth cost just $2.00, according to security experts.

Even as the incidences of identity theft reach record highs, the government and private institutions continue to collect record amounts of personal, private data.

And despite all of the rules, regulations, and software innovations in place to ensure that information doesn't fall into the wrong hands, it does, and regularly.

In just the past month, State Department employees were disciplined for snooping through presidential candidates' passport files, and hospital workers have been charged with selling the personal information of tens of thousands of patients as well as rifling through the patient records of top stars. And in Hollywood a private detective to the stars is accused of bribing police and telephone company officials so he could scour their confidential databases.

Then there's the Internal Revenue Service. A week before tax day, its inspector general warned that the computer systems that contain the private tax returns of every taxpayer in America are vulnerable to disgruntled employees and hackers.

The problem, say security experts, is that the world's ability to collect data has far outstripped its ability to protect it.

"Lots of organizations and institutions, governmental and private both, are really good at collecting data, but don't have the practices and technologies in place to make sure [they're] well housed and secure," says Jim Harper, a security expert at the libertarian CATO Institute in Washington. "That's why people are able to dip into databases they shouldn't dip into."

So what's a privacy-conscious person to do? Cut up all credit cards and use just cash? Forgo a passport and foreign travel?

"The only real protection the public can have in this arena is to deny the government the information in the first place," says Tim Sparapani, senior legislative counsel at the American Civil Liberties Union. "Despite all of the bells and whistles, the government has proven itself to be miserably poor at controlling and limiting access to the information that it's gathered about the public."

It's not that the government doesn't try. There are reams of regulations that people with access to confidential information are sworn to follow. Agencies such as the Department of Homeland Security have their own privacy offices that spawn their own committees which study and address both the regulatory and technological ways of protecting all the information that government has in its databases.

But as history has shown, there are the genuinely malicious among us, and even the most meticulous people can err. The recent dust-up over contract employees peering into the passport files of the presidential contenders was blamed on "imprudent curiosity."

Still, two workers were fired and another was disciplined. The inspector general of the State Department is investigating the incidents. It includes a thorough "review of the internal control processes and other aspects of managing the passport data," according to a spokesman for the inspector general. That should be completed by the end of May.

In the meantime, privacy experts like Mr. Harper see a "glimmer" of hope in the incident. First, that it was discovered, since many such incidents go unnoticed, security experts say. Second, that the State Department had digital "flags" on the files of prominent people that alerted superiors when their data were accessed by an unauthorized person.

Harper says such "flags" should be on everyone's files, not just those of important people, so that the government can keep an accurate record, called an "audit log" on the files. "That's a very small, but important, protection, and … it will be recognized soon enough as standard operating procedure," he says. "If you hold personally identifiable data, then you'll have audit logs so you can have records of who accessed it and when."

Software experts are coming up with an array of such programs that could help protect the privacy of data. For instance, one allows a person to compare two different files -- say a Federal Bureau of Investigation's list of suspected criminals and a travel agent's list of its customers. The program will sort the information in each and reveal data that both files have in common. That way either side can only see the information in the other file that matches their own. That's also the only data that the person or institution comparing the information can see.

Other programs allow people to interact in cyberspace "pseudonomously," in other words, using a different name. It's similar to the way eBay and PayPal now work. But in this security-conscious world, there are drawbacks to such systems as well.

"It would be especially hard to get established in the post-9/11 environment where there's this idea that you have to have control of the financial system in order to control terrorism," says Harper.

Private security experts say the best protections in place come from companies that have a financial stake in individuals' private data, like banks and credit-card companies.

"They pay a lot of attention to protecting that information, not because of consumer privacy, but because banks don't want to lose money: that's what's driving it, the big financial incentive," says Avivah Litan, vice president of Gartner, a technology consulting firm in Stamford, Conn. "But with other information, like my passport file, what's the incentive to fix my privacy? There isn't one unless there's a consumer revolution and that doesn't look like [it's] coming."

That is one of the things prompting the ACLU to continue to fight government efforts to collect even more data on individuals, including the REAL ID Act. That requires states to issue standard driver's licenses and give the federal government access to information about those licenses. Some government security experts want to combine those state files with the databases that DHS already keeps on Americans' international travel, the State Department's passport files, the Social Security's E-Verify database, and the FBI's criminal records. They argue that those combined files could then be mined to ferret out terrorists. But many privacy experts object, saying such information remains too vulnerable to attack.

"We believe the better way to ensure security is to do actual physical security checks, like screening all the bags that go in the belly of a plane and being sure weapons don't get on," says Mr. Sparapani. "Instead we have all of these data sets that are being created and collected by the government and all of which are vulnerable to hacking and malicious attack and being stolen by identity thieves and terrorists."

Other security experts note that mining such databases can be very helpful in identifying fraud or other patterns of criminal behavior. But they, too, are wary of the privacy implications.

"There really are good reasons for analysts to look at lots of phone records and call detail if you're putting it to the right use: You're not going to find needles in a haystack without a lot of data aggregation and data mining," says Ms. Litan. "But we're always going to be behind the eight ball [on privacy], there's a ton of data on all of us out there and a lot of unauthorized abuse of it. I'm not really sure what the solution is."

Will We Have a 100-mpg Car Soon?

Drivers often joke their car "is running on fumes," when the tank gets low. Well, how about an engine that actually gets its energy from gasoline fumes?

Or, tired of looking for parking space? Well, someone has dreamed up an all-electric car so thin it can compete with motorcycles for the gaps between SUVs.

And no need to fill up on expensive gasoline anymore -- one would-be Henry Ford wants to build an engine that runs on compressed air, the stuff that fills your tires. Naturally, it's called the Air Car.

All of these ideas -- some with actual tires on the ground -- are entered for the Progressive Automotive X Prize, an international competition that will award $10 million to the first team that can build and bring to market a car that gets the equivalent of 100 miles per gallon. So far, no major auto company has said it'll compete, although some have said they are curious and might kick a few tires when no one is looking.

There will be a contest, scheduled to begin September next year, in which these ambitious prototypes will be driven about like regular cars. And since Americans like to race -- or at least go to NASCAR events -- these decidedly non-Detroit vehicles will hold a race of their own.

Last Thursday, the X Prize Foundation rolled out some of the contestants at the New York International Auto Show, an event where "concept cars" usually just mean futuristic styling, or technology that won't be ready for the public to use until colonies are established on the moon.

"We need a car that is not just a concept but can be made in mass quantities at a reasonable cost for the average American," says Jack Hidary, chairman of the Coalition Advocating for Smart Transportation and a donor to the X Prize's new effort. "Unfortunately, Detroit has not stepped up to the plate, they have fought CAFE [Corporate Average Fuel Economy] standards every step of the way."

But some automakers say the competition is passé. Volkswagen has chosen not to participate.

"In 2001, we put a European Lupo3L hypereconomy car through the now-archaic EPA testing and got 80 miles per gallon in the city and 100 on the highway," says Keith Price, the public relations manager. "So in terms of the X Prize, we wish them well but from our perspective, we've been there, done that."

The Lupo is no longer in production.

Another manufacturer, Honda, is quite pleased with the ecological virtues of its hydrogen fuel-cell car, which gets 62 miles per gallon. As he shows off the vehicle, company spokesman Todd Mittleman reveals that the seats are made of corn-based bio-fabric. "So, I guess if you are stuck in your car for a couple of days, you can eat the seats, although I wouldn't recommend it," he says.

What about the X Prize? Mr. Mittleman says he would like to be present when the winner is announced even though Honda so far hasn't indicated it would enter the contest. "The constraints and criteria are pretty tough," he says.

If the automakers won't take on the challenge, Todd Pratt and the other five partners of FuelVapor Technologies in Vancouver, British Columbia, are more than willing to try.

Their gas fume car -- conceived and built in spare hours outside full-time jobs -- has so far gotten up to 92 miles per gallon. Now, Mr. Pratt, who owns restaurants, and his cohorts (or is that carhorts?) are moving toward a combination of vapor technology and electric hybrid to get to the "magic" 100 miles per gallon.

Have they had any bites from automakers?

"No, we're very much under the radar," says Pratt, whose group has been working on their unusual-looking three-wheeled vehicle for two years. "We don't have any illusions, we want to be a small niche automaker, starting with 150 to 200 cars a year and then maybe working up to 5,000 or 10,000 cars a year while developing technology and licensing it out to others."

The 60 teams from nine countries that have entered the competition include a team from an inner city high school in Philadelphia, a group from Cornell University, and a company called "Psycho-Active" in Moore, S.C.

"The idea behind the name is about thinking, pushing the paradigm," says John Robitaille, the leader of the Moore team, which is working on an advanced rotary engine design.

But will people want to drive a Psycho-Active? "It doesn't roll off the tongue," admits Mr. Robitaille, who also has a day job in the telecom business.

The only car company that has signed on is Tesla Motors, which makes a 100 percent electric sports car that the company claims gets the equivalent of 135 miles per gallon. The base price for the 2008 model is $98,000.

The price alone may make it difficult to win not only the X Prize but also the hearts and minds of American drivers.

As he sits in a VW at the auto show, Christopher Hopson, an auto analyst at Global Insight, an economic forecasting firm in Lexington, Mass. says the X Prize could be good for the planet. But, he warns contenders to make their cars affordable. "If it's too expensive, that's a barrier," he says.

Growing Database of Tourist Fingerprints Raising Privacy Concerns

New York -- Fourteen small white boxes with green glowing screens were installed this week at customs booths around John F. Kennedy International Airport here.

Now, in addition to handing over a passport to Customs and Border Protection agents, every non-citizen visitor has to place all four fingers and thumb from each hand on the glowing screen. Within seconds, CBP has their 10 digital fingerprints on file.

This expanded effort to collect fingerprints of non-citizen visitors is part of a national test of improved biometrics technology that the Department of Homeland Security hopes will make it harder for people with forged documents or criminal pasts to enter the United States. Eventually, they hope to use this technology to ensure that foreign visitors who come leave when their visas have expired.

Estimates are that between one-quarter and one-half of immigrants in the United States arrived with a valid visa, but remained here illegally when it expired and they didn't leave. The U.S. does little if anything to track them.

The rolling out of this more extensive 10-finger digital print entry technology has raised privacy concerns about how the data will be stored and protected. DHS officials contend there are plenty of privacy protections in place. And they insist the new system will shore up current security efforts because 10-print matches are the most accurate way to identify individuals.

"We're testing it at multiple locations throughout the U.S. just to get some metrics and practice before we roll it out domestically at all of the ports of entry," says Robert Mocny, director of the DHS US-VISIT program. "By the end of December 2008 all air, land, and sea ports of entry will have the devices."

Four years ago, with the memory of 9/11 still fresh, the U.S. started collecting two digital fingerprints and a picture from each non-citizen visitor. As a result, it already has a database of 90 million fingerprints. With this 10-finger digital print technology, it believes it will add 20 million to 23 million fingerprints each year. DHS will keep them in a database for 75 years.

Other countries are also joining the biometric bandwagon. Japan last year began collecting some fingerprints when foreign visitors enter the country and the European Union is considering it. These countries are also talking about sharing these databases. That has raised alarms among privacy advocates who worry the data can be accessed or misused.

"Everyone's data is being stored and disseminated and there are definitely questions about the ability to keep this information secure, as well as whether it will be properly used," says Melissa Ngo, of the Electronic Privacy Information Center. "We also wonder why exactly there is a need to increasingly grow this database."

Customs and Border Protection officials insist that data will be securely stored and properly used. They also say keeping these databases will make it easier and more convenient for legitimate travelers by more accurately and efficiently verifying visitors' identities.

Since its inception in 2004, the current two-print system has snared 2,000 immigration violations, Mr. Mocny told reporters at the JFK event. Sixty percent were criminal violations; 40 percent were civil immigration violations. That has encouraged immigration experts, who are now hoping the system can be adapted for more efficient immigration enforcement against people who overstay their visas.

"US-VISIT has really proven its value for law enforcement purposes, now we need to extend that to compliance purposes," says Jessica Vaughan, a senior policy analyst with the Center for Immigration Studies in Washington.

Currently, there are few, if any, ways to track whether people who arrive on a legal visit leave when their visas expire. For years, overstaying a visa was a fairly easy way to enter the U.S. and stay illegally. After the 1993 World Trade Center bombing, Congress tasked the then-immigration services to track when people leave. But little if anything was done. It's only been in the last year or so that DHS has seriously begun working on the problem.

"It's extraordinarily important to have exit tracking," says Mark Krikorian, director of CIS. "But it's going to take a little bit of time, political capital and real investments in physical infrastructure at airports and land crossings."

So DHS decided it would start at the airports. It has already floated the idea of installing similar biometric machines at airport check-in counters and requiring ticket agents to collect fingerprints from foreign visitors when they leave. But the airlines have balked.

David Castelveter of the Air Transport Association, which represents the nation's major carriers, says that's because airlines now encourage people to check in online or at automated kiosks. But Mr. Castelveter says they're willing to work with DHS.

"We certainly don't have the answer yet," says US-VISIT's Mocny. "We're going to need the airlines' and the airports' cooperation and we need to hear from them and understand what their operations are."


Don't Sit on the Sidelines of History. Join Alternet All Access and Go Ad-Free. Support Honest Journalism.