THE LIFEBOAT STRATEGY. Mark Nestmann
how to trick fingerprint identification systems with gelatin facsimiles.98
DNA profiling. Every human being shares about 99.9% of the same genetic make-up. The remaining 0.1% is what makes each of us unique. The ability to identify patterns within DNA that are unique to each individual (except identical twins) has revolutionized forensic investigation. It has been used to convict murderers, clear those wrongly accused of murder, to identify the victims of war, and settle paternity disputes, among many other applications.99
Governments worldwide are now seeking to establish national DNA databanks in which DNA samples from various segments of the population will be stored.
Most U.S. states collect the DNA of anyone convicted of (and in some cases arrested for) a crime. Failure to submit a DNA sample is a felony in some states. Any person arrested in connection with any federal crime, or immigration violation, must also provide a DNA sample.100
All these DNA samples become part of the FBI’s National DNA Index System, originally set up to track sex offenders. These samples are automatically matched against DNA left at crime scenes to try to identify criminal suspects.101 This national DNA databank, which already contains nearly 7 million profiles, is projected to add about 1.3 million annually from federal arrestees and illegal immigrants alone. 102
In 2008, President George W. Bush signed legislation that authorizes the federal government to oversee the creation of state initiatives to screen the DNA of all babies born in the United States. The official purpose of the law is for genetic research, but critics describe it as the first step towards a national DNA databank.103
But the real question is: for what other purposes will these samples be used? Under the “surveillance creep” principle, your baby’s DNA will eventually become part of the National DNA Index System. When that happens, U.S. law will, in essence, treat babies the same as sex offenders.
Will erosion of the legal concept of “innocent until proven guilty” be reversed on the questionable assertion that the presence of DNA at a crime makes all defenses irrelevant? Will insurance carriers eventually gain access to our DNA “fingerprints?” And most chilling of all, will future totalitarian governments use them to impose their twisted vision of genetic perfection, forcing “non-perfect” humans to undergo genetic “repair” or even euthanasia?
In the meantime, researchers have discovered that DNA identification occasionally leads to inaccurate and occasionally tragic results. In 2004, prosecutors in New Jersey announced they had solved a 36-year-old murder based on DNA evidence. But, two years later, they discovered that their suspect was innocent. The DNA testing lab had mistakenly contaminated evidence from the murder scene with the suspect’s DNA. What’s more, as the sensitivity of DNA analysis improves, the odds of accidental contamination greatly increase.104
Face recognition. CCTV camera networks can be enhanced to recognize faces. This technology permits your face to be compared against a photographic database. As part of the Real ID initiative, many states have digitized driver’s license photos, making it possible for face recognition software to sift through millions of photos in search of a match. The FBI now uses face recognition software to scan state driver’s license records to track down fugitives. Privacy advocates say the practice puts every driver’s license holder in the United States into a virtual police lineup, but you have zero “expectation of privacy” in such searches.105 (We’ll explore the legal concept of expectation of privacy in Chapter 2.)
It’s easy to fool today’s face recognition software with changes in hairstyle or facial hair, aging, weight gain or loss, or simple disguises. The error rate is up to 50% if photographs are taken without proper lighting or even if the subject is smiling.106 This is why you’re no longer permitted to smile for passport or driver’s license photos. Still, face recognition technology is rapidly improving.107
In 2008, the FBI proposed a global network, through which U.S. law enforcement and intelligence agencies would have direct access to biometric information of all types – fingerprints, DNA samples, etc. – held in foreign databases. The proposal would expand the five-nation UK-USA intelligence sharing agreement (see Chapter 2) between the United States, the United Kingdom, Canada, Australia, and New Zealand, into regular law enforcement.108
Your PC Is Spying on You
Your personal computer and the software you run on it create huge quantities of data about your PC activities, both on – and off – the Internet. If someone could secretly stand behind you and monitor everything you’ve done on your PC, what would they discover about you that you would prefer to keep private?
• The swap or page file Windows creates writes data in memory to disk. Data you entered months or years ago can in many cases be retrieved long after you think it’s gone.
• When you hit “delete,” file(s) aren’t actually removed. The index to that data is merely changed to indicate that the space it occupies on your hard disk is available for future use.
• Formatting a disk doesn’t remove the data that was stored on it. Using the right software, the data on a formatted a disk can be recovered.
All versions of the Windows operating system are vulnerable to this type of surveillance. Other operating systems using a graphical interface (e.g., Macintosh OS) are also vulnerable. Windows and other operating systems that support multitasking also create huge temporary files in their normal operation. These temporary files are often anything but “temporary” and represent a significant threat to privacy and security.109
No version of Windows is designed to securely delete data by default. Most PC users value speed and reliability over security. By default, modern operating systems preserve data rather than discard it. This makes finding and securely deleting sensitive data a significant technical challenge. All commercial software sold to securely delete telltale data from your PC has significant shortcomings.110
When you connect to the Internet, the problem multiplies. Each log in can be traced via the “Internet Protocol Address” (IP Address) your Internet Service Provider (ISP) assigns your PC. If you use an “always on” Internet connection, your IP address usually stays the same. That makes you an even more attractive target. Anyone who can retrieve your IP Address can probably figure out who you are, unless you’ve taken advance precautions. 111
Many laptop PCs and cell phones come with wireless networking capability. This makes it possible to log into the Internet at “hot spots” in airports and other locations. However, hot spots are magnets for identity thieves and hackers, because the connections often aren’t encrypted, giving other users the ability to monitor the wireless signals coming and going from your laptop. Similar threats face home or office users of wireless networks.112
Other threats lurk in your e-mail and on the World Wide Web. Many types of “malicious mobile code” are spread via e-mail or booby-trapped Web pages. Vulnerabilities in Windows, for instance, allow viruses and other “malware” to spread to computers over the Internet.113
Two other rapidly growing threats are “botnet” and “phishing” attacks. Hackers can secretly make your PC part of a botnet through an infected Web page or e-mail attachment. The botnet silently takes control of your PC. Once your PC is compromised in this manner, organized crime syndicates use it for illicit purposes, while insulating those responsible from being detected.114 In a phishing attack, you receive an e-mail purported to come from a financial institution or other trusted source. The message tries to trick you into logging onto a phony Web site impersonating a legitimate Web site and disclosing personal data such as your name, address, and SSN. The Web site operators then use this information to steal your identity.115
But the biggest threat to Internet privacy and security is the explosion in technology facilitating interaction.