This feed contains pages in the "security" category.

Riseup and Texas MEP put together a workshop on social network from a critical perspective. It was interesting to watch the tensions within the presentations. Texas MEP were full-on Facebook/My Space/etc. users. While being conscious of the risks, their position was that they are careful to only put on information that is public.

Brenna from Riseup demo's Riseup's installation of crabgrass - a social networking site designed from a collective/organizing perspective rather than an individuated perspective. She provided much of the critical analysis of the risks involved with corporate social networking sites (lack of privacy, reliability problems, etc.).

Brenna also provided Riseup's 5 horseman of the privacy apocalypse:

  1. relational surveillance: analysis of social networks via email and phone transactions (by the government) relational-surveillance

  2. data profiling: the aggregation of consumer data in order to build detailed profiles on the consumption habits of everyone. data-profiling

  3. tethered computing: devices that are controlled via a ‘tether’ by the manufacturer. On the desktop, trusted computing can be seen as a way of achieving tethered computing on an otherwise agnostic and innovative device. (by corporations and the government). tethered-computing

  4. Geo spacial surveillance: location tracking via RFID, cell phones, IP addresses (by corporations) Geo spatial-surveillance

  5. biometric surveillance: biometric scanning via CCTV face recognition, DNA databases. biometric-surveillance

That alone made the workshop worth it. I think we struggle a lot to figure out how to communicate security concerns. The organization of these concerns - specifically the way these 5 issues are abstracted from the specific applications - is really helpful.

We had some good discussion - one person mentioned how she's uncomfortable with publishing our networks on corporate run servers.

The parting words of the workshop: We're not just fighting to get our media out, but fighting to build and own the infrastructure.

Posted Fri 20 Jun 2008 11:46:22 AM EDT Tags: security

The security we use to protect May First/People Link members is not perfect, but we try pretty hard with what I would consider to be a good results.

I'm constantly amazed to see how much better capitalized industries and companies fail to take even basic steps to secure their systems.

Consider the banking industry. We've always known that the information that is on our credit cards - the same credit cards we hand over to countless people, the same information we provide over the phone and the Internet to yet more people, is all the information anyone needs to take our money. This should not come as a surprise, given our history with checks. The information on a single check is enough to compromise ourselves financially (thanks dkg for pointing out an interesting articles on the topic of identity theft via routing numbers.

The other day I read an article about a credit card breach due to information be stolen in transit between computers. My favorite quote was: "Wider use of encryption might seem an obvious answer. But in practice, encryption is unused at certain points in a data-processing chain because the computing power it requires can slow transactions." Hm. I guess it depends on where you priorities are.

This morning I had yet another experience - this one personal. I realized that I didn't have the flight number or confirmation of a flight I bought for my brother. I called the American Airlines phone number and, talking to their automated voice thingy, I gave the city and time of the departure and my brother's last name and AA confirmed his flight. I had my credit card ready so I could enter the last four digits to prove that I was the one who bought the ticket - but apparently that's not necessary. I considered calling back and saying a number of different last names to see if I could build a list of passengers.

Posted Mon 24 Mar 2008 09:19:11 AM EDT Tags: security