February 15, 2001- Various Topics

In this issue:

  1. Clintons Last Act
  2. Web Bugs
  3. E-mail Wiretap
  4. Big Brother Invades Jamaica
  5. This Month's Promotion

1.Clinton Pardons Money Launderer

WASHINGTON - A wealthy businessman convicted of crimes in the 1980s was under investigation for possible tax evasion and money laundering even as he received a pardon from then-President Clinton last month, a federal law enforcement source said Tuesday. Herbal remedy marketer Almon Glenn Braswell, 57, was one of 140 people Clinton pardoned hours before leaving office Jan. 20. The pardon covered Braswell's 1983 conviction for fraud and other crimes, restoring his civil rights. But as the pardon was being granted, federal prosecutors were investigating Braswell in connection with possible felonies involving offshore corporations and accounts, said the law enforcement source in Los Angeles, who spoke only on condition of anonymity. The pardon raised concerns among some law enforcement officials because it grants a full pardon without specifying the crimes.

For the full story go to:

http://www.nandotimes.com/nation/story/0,1038,500307102-500492730-503443430-0,00.html

Editors Note

In the USA, it's not what you know but who you know that counts.

2. Don't Let The Web Bugs Bite

Editors Note:

This is why Privacy World advocates turning off cookies on your browser.

1. What exactly is a Web Bug?

A Web bug is a graphic on a Web page or in an Email message that is designed to monitor who is reading the Web page or Email message. Web bugs are often invisible because they are typically only 1-by-1 pixel in size. They are represented as HTML IMG tags. For example, here are two Web bugs recently found on Quicken's home page (www.quicken.com): The two Web bugs were placed on the home page by Quicken to provide "hit" information about visitors to DoubleClick and MatchLogic (AKA, preferences.com), two Internet advertising companies.

2. Why are Web Bugs invisible on a page?

To hide the fact that monitoring is taking place.

3. Are all invisible GIF images Web bugs?

No. Invisible GIF files are also used for alignment purposes on Web pages. A Web bug will typically be loaded from a different Web server than the rest of the page, so they are easy to distinguish from alignment GIF files.

4. What information is sent to a server when a Web bug is viewed?

The IP address of the computer that fetched the Web bug The URL of the page that the Web bug is located The URL of the Web bug image The time the Web bug was viewed The type of browser that fetched the Web bug image A previously set cookie value

5. Where can I find Web bugs being used?

Quicken - FedEx - Metamucil - Oil of Olay - StatMarket

6. How can I see a Web bug on a page?

A Web bug can be found by viewing the HTML source code of a Web page and searching for IMG tags. A Web bug will typically have its HEIGHT and WIDTH parameters in the IMG tag set to 1. Also for the tag to be a bug, the image should be loaded from a different server then the rest of the Web page.

7. What kinds of uses does a Web bug have in an Email message?

A Web bug can be used to find out if a particular Email message has been read by someone and if so, when the message was read. A Web bug can provide the IP address of the recipient if the recipient is attempting to remain anonymous. Within an organization, A Web bug can give an idea how often a message is being forwarded and read.

8. What do Web bugs in Email messages look like?

Email Web bugs are represented as 1-by-1 pixel IMG tags just like Web bugs for Web pages. However, because the sender of the message already knows your Email address, they also include the Email address in the Web bug URL. The Email address can be in plain text or encrypted.

9. Is there any method of removing Web bugs from HTML pages?

Not really. The technical problem is that there is no method of distinguishing Web bugs from spacer GIFs which are used on Web pages for alignment purposes. Your best defense against Web bugs is to turn off cookies. Instructions for turning off cookies can be found at

http://www.junkbusters.com/ht/en/cookies.html

10. Is the use of Web bugs ethical?

Web bugs are controversial. Because they allow people to be monitored when they don't expect it, these surveillance devices can be very upsetting. For example, many people would be troubled to learn that an outsider is tracking them when they read Email.

11. Can newsgroup messages be bugged also?

Yes. A Web bug can be used to log people who are reading messages in particular newsgroup. Such bugs might be used for example by investigators to track illegal activity such as trading in child pornography and copyrighted MP3 music files. Web bugs might also be used to monitor people in extreme political groups.

12. Can Yahoo profiles be bugged?

Yes. For a demonstration of a bugged Yahoo profile, see:

http://profiles.yahoo.com/webbug2000

For more information on this topic, see
http://www.privacyfoundation.org/advisories/advemailwiretap.html

3. Beware The E-mail Wiretap

Editors Note:

This is why Privacy World advocates disabling Java on you web browser.

Associated Press WASHINGTON (February 5, 2001) - Many of the most popular e-mail programs are subject to a form of online spying via embedded scripts that can send your comments to unintended recipients, a privacy group said Monday. This newfound method - called an e-mail wiretap - works when someone receives a note with the hidden scripts and forwards the message to others.

As the e-mail moves from one person to another, their messages are secretly sent to the original sender. E-mail wiretaps could be used to note off-color remarks from governmental officials, by a spamming company to gather e-mail addresses, or by a boss to find out what you're saying about him.


"You really would never know that this is occurring, unless you could view the source code and know what it meant," said Stephen Keating, executive director of the Privacy Foundation. The foundation, associated with the University of Denver, and its chief technology officer Richard Smith, found out about the situation from computer engineer Carl Voth, who discovered it in 1998. Smith said e-mail wiretaps may become even more common than viruses.

"People like to snoop," he said. Smith suggested that someone may use the wiretap method to change e-mails, too. The ability exists, he said, for an e-mail sender to change its contents each time it's forwarded, causing havoc for each new sender who finds new words put in his mouth.

APPLICATION #1

- Eavesdropping Person A believes that if he sends a particular message to person B, that B will modify or add to the content and then forward this edited message to person C without the knowledge of A. With the aid of this exploit, person A can learn what was sent to C without the knowledge of either B or C.

APPLICATION #2

- Spammer's Mailing List Common on the Internet today are email virus hoaxes and chain letters that naive users forward indiscriminately. An unrelated fact is that "spammers" scan newsgroups and other sources to collect email addresses for their mailing lists. Spammers are fought to some degree by using fake email addresses in newsgroup postings. With this exploit, a spammer can craft an email hoax or chain letter that can be used to harvest "known good" email addresses. The exploit script is easily modified to efficiently extract the email addresses which commonly appear in the forwarding information inserted above the original content by the mail client. The unfortunate extent to which such emails are forwarded is likely to net the spammer a large list. Aside from the rare typo, the list of email addresses will all be confirmed good rather than fake. It also gives access to addresses of people that do not generally frequent the scannable newsgroups. For more information on this subject, and a method of fixing your e-mail program to avoid this problem, visit

http://www.privacyfoundation.org/advisories/advEmailWiretap.html

4. Big Brother Alive And Well In Jamaica

Editors Note:

I especially like the part where you can not get a passport without conforming to the new system.

JAMAICA BIOMETRIC BASED NATIONAL REGISTRATION SYSTEM

Jamaica is embarking on a major biometric identification registration program that will affect all of it's 2.5 million residents. The fingerprint based system will be installed in 91 regional registration centers with an average of 3 workstations at each center. An additional 50 verification only workstations will used dial up or leased line access at specific locations.

This ambitious system is expected to accommodate 6,000 registrations per day or about 1.5 million registrations per year. It is expected that an average registration will take about 20 minutes. Each PC based registration workstation will include a document scanner, signature digitizer, fingerprint reader, 2D bar code reader, report printer and a color digital camera for portrait collection. An additional 20 mobile registration workstations will help expedite the roll out.

I recently corresponded extensively with Peter Wright, IT Consultant for the Jamaica Ministry of Health who provided the body of facts that help describe this ambitious project.

The National Registration System (NRS) will eventually provide some level of connectivity with the following government agencies:
  • National Housing Trust (NHT)
  • Electoral Office of Jamaica (EOJ)
  • National Health Insurance Plan (NHIP)
  • Tax Collectorates/ Inland Revenue
  • National Insurance Scheme (NIS)
  • Immigration/Police Computer Center
  • Registrar Generals Department (RGD)
  • Drivers License System

ID Card:

A multipurpose ID card will be issued to each registrant. This will be the cornerstone of the National Identification System. It will serve as a general purpose identification card,voter ID card, drivers license, NIS card, Tax registration card, and National Health Care card, thus eliminating the need for citizens to carry multiple cards.

Government officials note that the card will eventually be a prerequisite for transacting any business with a government organization in Jamaica. The registrations will take place at all hospitals from birth as well as at most of the voter fixed registration centers throughout Jamaica. The ID card will contain the registrants photo, signature and essential printed data on the face of the card along with 2D PDF417 bar codes. A magnetic stripe on the rear of the card will contain the fingerprint template along with other important identifying data. A central multipurpose ID card production center will utilize two existing DataCard 9,000 printers that will provide 24-48 hour turn around production of the registration cards. A daily courier service will provide speedy delivery of registration cards to the 91 enrolment centers in this island nation. Each card would possess in its physical structure, several microscopic security features to minimize fraud and duplication. In addition, the card would be constructed from special materials to maintain it's composition under harsh conditions. Data encoded on the card mag stripe would be available for swiping at all points of registration and points of service to increase the accuracy of data entry as well as decreasing data entry time.

Officials have not determined as yet whether or not they will also use smart card technology to hold additional information on the card. When the enrolled individual picks up the card, a fingerprint check will be done to verify the cardholders identity as the actual individual who applied.

Why a National ID System?

Government representatives feel that far better statistics will be kept on the population of the country as the continuous registration process would provide much of the information needed in a national census. They report that the continuous registration process and the use of biometrics will prevent criminals from having duplicate identities in Jamaica. Officials feel that the national registration process will have a major positive impact on the fight against crime in Jamaica.

The new system also promises to facilitate major improvements in the tax collection system by virtue of all agencies in government having the same information on individuals throughout. This is no small feat in itself. Jamaica will be blazing a new trail here that will have long term customer service ramifications for all of its citizens.

All future transactions with government will require the National Identification Card/Number. The number to be used will be the already existing Tax Registration Number (TRN). The ID card would also be necessary for the application and renewal of passports. It is expected that the card will have a renewal period of 10 years.

5. This Month's Promotion

Does the above article shock you? Do you realize that the same controls and privacy violations have been in effect in the United States for years now. They just have different names for the different types of ID. Instead of the National ID number in Jamaica, the USA has the Social Security Number. Do you want out? Do you want a lifestyle change that is private and free? Wouldn't it be nice to make your choices in life based on your wants and needs rather than the tax implications? We have access to a consultant that can advise and guide you toward just such a lifestyle. Our offer this month to newsletter subscribers only, is a 25% discount off of the initial consultation fee with our consultant. Normally $1,000 for an in depth initial consultation, we will offer this to you for $750. This fee is applied toward any product or services you and the consultant decide to get. Please send an e-mail with the subject "Consultation" and we will give you the parameters and requirements to take advantage of this excellent offer.

NOTE:

Products offered and special discounts mentioned in the archived newsletters may not still be in effect. If you have any questions, please feel free to e-mail us at privacy@privacyworld.com .