acmqueue is now an app!

Download from iTunes or Google Play, or view within your browser.

ACM professional members can sign in with their ACM web account to read acmqueue for free.

Non-members can subscribe to acmqueue for $19.99 per year.

More information here

Privacy and Rights

  Download PDF version of this article

ACM DL Site Error

We are sorry ...

... an error has occurred and the site administrator has been notified.
It is possible that this was a temporary problem and is already corrected so please try to refresh this page.

We apologize for this inconvenience.

If the problem persists please contact us:

The ACM Digital Library is published by the Association for Computing Machinery. Copyright � 2010 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us


Originally published in Queue vol. 7, no. 8
see this item in the ACM Digital Library

For more articles and columns like this, check out the latest issue of acmqueue magazine



Olivia Angiuli, Joe Blitzstein, Jim Waldo - How to De-identify Your Data
Balancing statistical accuracy and subject privacy in large social-science data sets

Jim Waldo, Alan Ramos, Weina Scott, William Scott, Doug Lloyd, Katherine O'Leary - A Threat Analysis of RFID Passports
Do RFID passports make us vulnerable to identity theft?

Katie Shilton - Four Billion Little Brothers?
Participatory sensing technologies could improve our lives and our communities, but at what cost to our privacy?

David Sohn - Understanding DRM
The explosive growth of the Internet and digital media has created both tremendous opportunities and new threats for content creators. Advances in digital technology offer new ways of marketing, disseminating, interacting with, and monetizing creative works, giving rise to expanding markets that did not exist just a few years ago. At the same time, however, the technologies have created major challenges for copyright holders seeking to control the distribution of their works and protect against piracy.


Tony Pelliccio | Sat, 12 Sep 2009 17:16:12 UTC

Excellent analysis of the wiretapping framework and how the envelope has been expanded over time to included TCP/IP packets, etc.

As to the CDR, VoIP users pretty much have all their CDR data available to them via a web interface. I know that's the case with my Vonage account, and my MagicJack does the same. It's saved my bacon a couple of times when I needed to lookup a number of someone who called. But I know that law enforcement has full access to it. It's all innocuous anyhow but I object to the open peeping going on.

Peter Baker | Sat, 12 Sep 2009 18:10:20 UTC

There is a third vector - security is moving up the stack. First there were separate wires, then segregation meant separate networks, then network protocols - all of them have eventually turned into pooled resources. Meaningful security now resides at application level, and this is where a new generation of privacy assaults is building: social websites (where the application level becomes a pool).

The "cloud" concept is asking end users and businesses to trust providers that have, at best, marginal legal containment in the country of origin and even less so abroad, with the best example Google who has pioneered mass intrusion of privacy (allegedly non-evil, of course). Have a look at their Terms of Service, clause 11 - they have even afforded themselves the ability to take your information elsewhere..

Couple with that an interesting deficiency in Data Protection laws: if a business collects data from a user, purpose has to be specified and maintained. If a business collects data about a user from ANOTHER user, considerably less controls apply - and who is going to check compliance in the countries with notification duty? What happens to facial recognition name tags in their web albums? Do they really stay in the account or will they be used to find other occurrences in the vast Google haystack?

Now extrapolate: add an ECHELON and a Carnivore, sorry, DCS-3000 feed to Google and friends (Facebook?) and hey, presto, another NSA. Legally so. Voluntarily so - and our kids grow up thinking this is acceptable.

There is nothing wrong with legally sanctioned surveillance - police and other security services cannot function without - provided there is cause, oversight, transparency, control and, ultimately, accountability. Otherwise it's maybe time to stop pretending to be a democracy.

Fazal Majid | Sun, 13 Sep 2009 05:30:03 UTC

There is another attack vector to consider. CALEA has a server side embedded in the digital switching networks of the phone companies, but also a client-side component used by federal law-enforcement and intelligence agencies. If poorly vetted (and in many cases vetting is in fact theoretically impossible), these systems are an attractive target for foreign governments or organized crime to introduce backdoors and covert channels into. Essentially CALEA hands the communications infrastructure on a silver platter to those who can hack the government. Past incidents have shown that the security of government systems leaves much to be desired.

Numerous allegations have been made for instance that Verint and Amdocs, two Israeli companies that provide interception equipment to US and other governments, have deliberately introduced backdoors in their systems that give Israeli intelligence wide access to domestic communications inside the US.

gone | Mon, 09 Nov 2009 16:20:15 UTC

I was attacked over wireless by Israeli individual on a dating site in 2006; he said in IM chat- I'm taking over your computer.

I unplugged the RJ-45 ethernet cable to my G5 Mac Pro. The network traffic went HIGHER than what ADSL went, and I was unplugged. I thought "this is magic" at the time...

> two Israeli companies that provide interception equipment to > US and other governments, have deliberately introduced > backdoors in their systems that give Israeli intelligence wide > access to domestic communications inside the US.

helen cohen | Tue, 09 Feb 2010 02:01:13 UTC

see what is in the major newspapers; every hour world news, visit the link:

Xpltivdletd | Tue, 04 Oct 2011 02:16:46 UTC

In the U.S.Navy, at least in the years from 1969__1989, official phones were answered: "{place} {command} {person} speaking, THIS IS A NON-SECURE LINE, (how) may I help you, sir?"

Yes, we would the standard PC Indignant Interruptive "YOU mean sir-or-MA'AM!!!" from a caller now and then, but this was the Navy--not a college campus. The sex of the Commanding Officer--not the synthetic outrage of the caller--set the default. My point is the "non-secure line" statement. It reminded the caller discussing classified info was inappropriate, and better to err on the side of caution than on the side of convenience.

I already tag my "automatic-signature" in e-mail with a similar caveat; e-mail is about as private as would be "tagging" a passing truck or railcar with your message. It might be time to add "This is a non-secure phone" to your usual word(s) when answering a phone, whether it's a wired landline or something else. It would remind the caller AND would remind "Big Sibling" we know she-or-he is watching. Best regards.

Leave this field empty

Post a Comment:

© 2015 ACM, Inc. All Rights Reserved.