There will be a session about RFID chipped passports at the 2005 Computers, Freedman, and Privacy conference on Wed. April 13th in Seattle, WA.
Bruce Schneier, who has spoken frequently on this issue, and Bill Scannell, who is quoted in the article, will both be keynote speakers at the conference. Right after the panel, there will likely be a demo of RFID technology as it relates to passports.
We're likely to see many more of these types of scenarios as long as the government continues allowing (even encouraging) large-scale data gathering -- and as long as companies aren't held responsible for there mistakes.
Large databases with diverse pieces of personal information one database with inadequate protection are just too attractive a target -- 500,000 social security numbers? The amount of money identity thieves can make from the sale of those ssns, and the damage done to individuals, is staggering.
But will there be any penalty beyond a slap on the wrist for insufficient security?
To clear up a few misconceptions that I've seen from the posts:
HIPAA is now worded in such a way that it allows health care providers (and other "covered entities") to share medical information about a patient without consent for a number of reasons. The result is that information in your file may be shared with others without you ever finding out. The best place I've found for information on HIPAA is at the Health Privacy Project . Go to their page and do a search on "HIPAA" and you will find out everything you ever wanted to know about HIPAA.
HIPAA makes it easier to circulate information once gathered, but it is not itself a storage system. For a huge storage system, go check out the Medical Information Bureau (MIB) web site. They have a FAQ about what they do, what medical information they store, and who they share it with. MIB exists to prevent fraud (a good thing), but I'd sure like to know what their security is like.
Finally, for another reason to repeal HIPAA and decentralize information, read about the "Emergency Health Powers Act". Again, designed for good reasons, but could be applied in very heavy-handed ways. The Health Powers Act specifically shields companies from liability.
Slashdot Mirror
The State Dept. is ahead of you on this one. If you disable your chip, your passport will be deemed invalid.
There will be a session about RFID chipped passports at the 2005 Computers, Freedman, and Privacy conference on Wed. April 13th in Seattle, WA. Bruce Schneier, who has spoken frequently on this issue, and Bill Scannell, who is quoted in the article, will both be keynote speakers at the conference. Right after the panel, there will likely be a demo of RFID technology as it relates to passports.
Large databases with diverse pieces of personal information one database with inadequate protection are just too attractive a target -- 500,000 social security numbers? The amount of money identity thieves can make from the sale of those ssns, and the damage done to individuals, is staggering. But will there be any penalty beyond a slap on the wrist for insufficient security?
To clear up a few misconceptions that I've seen from the posts:
HIPAA is now worded in such a way that it allows health care providers (and other "covered entities") to share medical information about a patient without consent for a number of reasons. The result is that information in your file may be shared with others without you ever finding out. The best place I've found for information on HIPAA is at the Health Privacy Project . Go to their page and do a search on "HIPAA" and you will find out everything you ever wanted to know about HIPAA.
HIPAA makes it easier to circulate information once gathered, but it is not itself a storage system. For a huge storage system, go check out the Medical Information Bureau (MIB) web site. They have a FAQ about what they do, what medical information they store, and who they share it with. MIB exists to prevent fraud (a good thing), but I'd sure like to know what their security is like.
Finally, for another reason to repeal HIPAA and decentralize information, read about the "Emergency Health Powers Act". Again, designed for good reasons, but could be applied in very heavy-handed ways. The Health Powers Act specifically shields companies from liability.