Asset Protection BLOG - Mark Nestmann

I pride myself on being prepared for just about anything when it comes to my laptop PC.  I've successfully my data after dropping it on a concrete floor, shorting out the keyboard, and corrupting the hard drive.

But this morning, I came close to panic.  OK, it was panic, although only for a moment.

Yesterday evening, I installed the newest version of PGP Desktop, the flagship personal encryption product from PGP (http://www.pgp.com).  (The PGP line of encryption products originated in the work of legendary programmer Phil Zimmerman, who almost went to jail in the mid-1990s for creating an encryption product the U.S. government couldn't break.)

Everything went smoothly.  After installing the program, I began what PGP calls "Whole Disk Encryption."  That means that the laptop will start up only after you enter the correct PGP "passphrase" into a dialog box. 

No problem there.  I created a passphrase that was easy for me to remember, and hopefully, hard for anyone else to guess.  Then I did something you're not supposed to do—I wrote down the passphrase on a piece of paper in case I forgot it.  My intention was to shred that piece of paper this morning, after making certain that I had memorized the passphrase.

This morning, after a mug of the overly-strong coffee I'm so fond of, I sat down at the laptop and turned it on.  As I expected, the PGP dialog box appeared and asked me for the passphrase.  I entered it, but the program told me I had entered in an incorrect passphrase.

That's when the moment of panic set in.  I typed every conceivable variation of the passphrase I could think of, at least 30 in all.  None of them unlocked my laptop. 

I knew from reading the PGP user guide that if I couldn’t recall the exact passphrase, the only choice I would have would be to reformat my entire hard drive.  S**t!!!!

And remember that piece of paper?  Apparently, the passphrase I wrote on it wasn't the one I actually used to encrypt the hard disk.  Double s**t! 

What to do?  The only alternative was to keep trying different passphrases until one opened up the disk.  Then I remembered that I had considered—and I thought rejected—a slightly shorter passphrase than the one I actually used to encrypt the hard drive.  Could I have mistakenly used that one?

I entered that combination of letters, numbers, and symbols on the keyboard and briefly held my breath.  The hard drive opened up normally, and I was back in business.

The moral of this story, of course, is do as I say, not as I do, to wit: DON'T FORGET YOUR PASSPHRASE!! 
And of course, don't panic, unless there's a very good reason. 

Copyright © by Mark Nestmann

It's bad enough that when you cross a U.S. border, you must consent to an intrusive search of your luggage.  But now, courtesy of a decision from a federal appeals court, the government also has the right to copy everything on your laptop—and use it for whatever purpose it seems fit.

I wrote about an earlier decision along these lines over a year ago.  (Click here to read the posting).   As I wrote then, the ways that this new authority can be misused are too numerous to count—whatever information you carry with you on your laptop—banking records, client data, “adult” videos, you name it—now, in effect, must be shared with the U.S. government.

But now it's even worse: the 9th Circuit Court of Appeals has ruled that customs officials don't even need "reasonable suspicion" (much less "probable cause") to "search a laptop or other personal electronic storage devices at the border."  That means in addition to your laptop, customs officials can search and copy data from your cell phone, Blackberry or any other electronic device without any evidence you've done anything wrong.

A search of a laptop is far more intrusive than a search of your luggage.  In some ways, it's even more intrusive than a body cavity search, which customs officials do require "reasonable suspicion" to conduct. 

Your body cavities may (or more likely may not) reveal any contraband.  But examining the data on your laptop may well reveal a detailed picture of your friends, your family, your professional associates, your interests, your financial status, and possibly much more.  As one attorney noted, "It really is like looking into someone's mind, rather than looking into a box or a folder or a purse."

One way to protect yourself from this type of intrusion is to encrypt all the data on your laptop, or even the hard disk itself, using a program like PGP Desktop (http://www.pgp.com). 

Unfortunately, that may not be an ideal solution, because customs officials may demand that you decrypt any encrypted files before they return your laptop.  If you refuse, they can confiscate the laptop and/or detain you until you agree to provide access to the unencrypted files.

A better solution may be to copy all the data on your laptop to a USB stick and send it via a courier service to your international destination.  Encrypt the data, of course, before you send it.  Then securely "wipe" any confidential information off your hard drive, along with the "free space," again using a program like PGP Desktop. 

If you carry your laptop through Customs, be sure to "sanitize" it.  First, encrypt and copy your data to a USB stick, then send it via courier to your destination.  Then, use a utility like Killdisk (http://www.killdisk.com) to securely wipe everything on your hard drive.  Then reinstall the operating system according to the instructions in Killdisk or whatever utility you use for this purpose.  (There are other possible “sanitation” solutions but none as good as this one.) 

If Customs asks you to inspect your laptop, let them.  The inspector won’t find anything but the operating system and standard system files.

(For more suggestions on protecting your privacy and wealth, click here.)

Copyright © 2008 by Mark Nestmann

In these halcyon post-9/11 days, we've learned apparently innocent actions can instantly convert us from "law-abiding Americans" into "terrorist suspects."

Just a few examples will suffice:

• Your reading habits make you a terrorist suspect. A senior at the University of Massachusetts came under investigation after he made an inter-library loan request for a copy of Mao Tse-Tung's paean to Communism called "The Little Red Book."
• Wearing the wrong shirt makes you a terrorist suspect.  A man trying to board a plane in New York was detained due to his T-shirt, which bore the slogan "We Will Not Be Silent" in both Arabic and English.
• Paying off your credit card bill makes you a terrorist suspect. Walter Soehnge, of Providence, R.I., found himself under suspicion of terrorist activity because he paid off a US$6,500 credit card bill.  Because this was much larger than his normal monthly payment, his bank froze his account and reported the payment to the Department of Homeland Security as a potentially "terrorist-related transaction." 

Well, we can now add another notable indicator of terrorist activity to this list: your pet, or in this particular case, your cat.

In this age of heightened awareness of terrorism, we're told we can't afford to let any possible terror activity go undetected.  One surveillance initiative is placing sensitive radiation detectors on interstate highways.  After all, you never know when Osama might be tooling down the highway with the ingredients for a "dirty bomb" in his turban.

The radiation detectors are so sensitive, in fact, that they recently uncovered an unlikely terrorist suspect: someone's pet cat.

Here's the story: a few months ago, police on Interstate 5 in the state of Washington were monitoring traffic for radiation emissions.  A vehicle whizzed by and the detector "alerted" to the presence of radiation. 

The police gave chase and pulled over the offending vehicle a few miles south of Bellingham.  A cursory search of the car revealed nothing of interest—with the exception of a "radioactive cat." 

The cat, it turned out, had recently undergone radiation therapy for cancer.  The tiny amount of residual radiation was high enough that it set off the detector. 

We're living in a very different world after the events of 9/11/01.  And the scary thing is, it's hard to predict what any of us might do create a terrorist profile for ourselves. 

In the case of the terrorist cat, the driver was released after he showed documentation of the radiation treatment.  I suspect he may have been grateful, after some reflection, that he had not recently undergone radiation treatment for say, prostate cancer. 

Copyright © 2008 by Mark Nestmann

One of the best-kept secrets in America's arsenal of financial sanctions is the U.S. Treasury Department's Terrorist Watch List.  It's maintained by the Treasury's Office of Foreign Assets Control (OFAC) to enforce economic and trade sanctions against more than a dozen countries.  (I wrote about this list here.)

One of those countries is Cuba. Under a series of executive orders and laws enacted by Congress, it's illegal for a U.S. citizen to travel to Cuba, without a "license" issued by OFAC.  It's also illegal for a U.S. company to do business with Cuba without a license, except in narrowly defined circumstance. 

However, these laws and regulations have no legal effect in other countries.  If someone, say, in Spain, wants to travel to Cuba, there's no violation of U.S. law, since the United States has no jurisdiction over Spain.

Only, it does, according to OFAC.  In October, OFAC shut down 80 Web sites owned by a British travel agent named Steve Marshall who sells vacations to Europeans.  One of the places to which Marshall offers vacations is Cuba. 

This was justified, according to OFAC, because Marshall's company "had helped Americans evade restrictions on travel to Cuba" and was "a generator of resources that the Cuban regime uses to oppress its people."

Marshall says he didn't market Cuban vacations to Americans, "because they can't travel there, anyway."  But his real mistake was using a U.S.-based domain name registrar for his Web sites.  This gave OFAC the ability to contact the registrar, eNom, and order the company to pull the plug on Marshall's Web sites.  Given the fact that failure to comply with OFAC regulations can be punished with a 30-year prison sentence, a US$5 million criminal fine, or a civil penalty of up to US$1 million, eNom quickly complied.

Fortunately, Marshall was able to re-register his Web sites with a European registrar, although he had to rename most of them with the suffix ".net" rather than ".com." 

But there's a larger issue at stake.  OFAC shut down Marshall's business without warning, without a hearing, resulting in hundreds of thousands of dollars of lost revenues.  Not exactly the "American way" we read about in civics textbooks.

However, it could have been worse.  If Marshall had established a U.S. bank account, or maintained any other asset in the United States, the U.S. bank or custodian would have been obliged to freeze it—and turn the proceeds over to OFAC. 

Are you on the OFAC terrorist watchlist?  You can find out for yourself by visiting OFAC's list of "specially designated nationals" here.

If you're on the list, though, don't count on getting off anytime soon.  That's because the only way to get off is to ask OFAC to remove you from the list.  This is an administrative determination—you have no right to a court hearing to determine if you should have been put there in the first place.

In other words, the same bureaucrat who put you on the watch list in the first place may be the one who you ask to take you off of it.  Good luck…

(For more information on emergency financial controls administered by OFAC and other government agencies, click here.)

Copyright © 2008 by Mark Nestmann

In my most recent blog entry, I described a fundamental vulnerability in several popular disk encryption technologies. 

This vulnerability, which researchers have dubbed the "Cold Boot Attack," can leave your encrypted data vulnerable to attack and exposure.  Any information remaining in your PC's memory—including your encryption keys and passphrases—may be recovered.

Fortunately, you can take several precautions to avoid having your data compromised.  They're suggested by PGP, the company that produces PGP Whole Disk Encryption, my top-rated encryption product:

• When possible, place computers in hibernation instead of sleep mode.  Hibernation mode (at least in the case of PGP) removes encryption keys from computer memory.
• Shut your PC down a few minutes before you leave your office or present it for physical inspection (e.g., at a U.S. border crossing).  This gives the memory chips in your PC time to cool off and the contents of the memory to dissipate, lessening your susceptibility to this type of attack.
• If you use PGP Whole Disk Encryption, use PGP Virtual Disk (a part of the program) to prevent this attack.  Keep your confidential files in a virtual disk.  When you unmount your virtual disk, your data is secure from the Cold Boot Attack.  Configure PGP Desktop to unmount virtual disks if the computer goes into sleep mode.
• Finally, never "cache" your encryption keys.  PGP and other popular encryption programs permit you to store your encryption keys in your PC's memory so that you don't have to type the passphrase each time you open an encrypted file. 

I should emphasize that this is a hardware issue—it has nothing to do with the strength or weakness of encryption programs.  But by practicing these encryption "good housekeeping" practices, you can insure your encrypted data remains secure.

Copyright © 2008 by Mark Nestmann

One of the best ways to protect the data on your home or office PC, and—especially—your laptop is to encrypt it.

Encryption is a mathematical process that converts your e-mail messages, your disk files, or even your entire hard drive into unreadable gibberish.  Only you—and the intended recipients of your encrypted messages—can decipher the gibberish.

Encryption programs are now available that even the super-computers used by national intelligence agencies cannot decipher messages created with them, at least not without an exhaustive effort.

Unfortunately, recent discoveries by computer security researchers have uncovered a fundamental vulnerability in several popular disk encryption technologies.  This vulnerability can leave your encrypted data vulnerable to attack and exposure.  Basically, what it involves is harvesting your encryption keys from your PC's memory chips, even if your system is turned off.

In a paper published last week, security researchers affiliated with Princeton University announced they had discovered a way to do this, and thus circumventing various disk encryption products.  The researchers say their technique works against Apple's FileVault, the BitLocker Drive Encryption feature included in some versions of Windows Vista, the open-source product TrueCrypt, and the dm-crypt subsystem built into newer versions of Linux.  In theory, the attack would also work against my #1 recommended encryption program—PGP Whole Disk Encryption. 

To succeed in what the researchers call the “Cold Boot Attack,” an attacker must have physical access to your PC or laptop while it is running or within a few minutes of shutting down.  The Princeton researchers discovered that it takes a few minutes after you shut off your PC before the data in your PC's RAM chips is actually gone.  During this period, any information remaining in RAM—including your encryption keys and passphrases—may be recovered.

Once upon a time, computer hardware manufacturers assured us that once you turned your PC off, all the data in its memory (RAM) instantly disappeared.  Only, it turns out this isn't true. 

Here's an example of how your data might be compromised.  You're on a flight from London to New York.  Just before landing, you turn off your laptop, taking care to insure that all your confidential data is encrypted.  You're extra careful, since you know that U.S. customs officials now have the authority to confiscate laptops without probable cause of any wrongdoing.  Once they've done so, they can copy the contents, and use that information for whatever purpose they see fit. 

You enter the customs queue and you're pulled aside for a secondary inspection.  The customs agent asks to see your laptop.  He inserts a USB drive into it and turns on the power.  Software on the USB drive identifies the encryption keys and reconstructs them, along with your passphrase.  Now the agent can read every encrypted file on your laptop. 

I should emphasize that this is a hardware issue—it has nothing to do with the strength or weakness of encryption programs.  But it means that an attacker could compromise all encrypted data on your PC, even if it's turned off!

Fortunately, there are several precautions you can take to avoid having your data compromised in this manner.  I'll describe them in my next blog entry.

Copyright © 2008 by Mark Nestmann

Your laptop PC may be the most dangerous item you own.

Laptops are a magnet for thieves, because they can easily be sold to pawnbrokers or others.  But it's the data on your laptop that can be truly devastating in the wrong hands.

In 2006, thieves broke into the home of a contractor for the Veterans' Administration, and stole a laptop containing identifying data on 26.5 million veterans.  The information included name, address, and Social Security numbers—more than sufficient data to carry out a massive identity theft. 

If your company has a new invention, a patent application in process, or other potentially profitable developments underway, it's perfectly understandable that your competitors might be interested in knowing about it.  And what better way to learn more than to peek at the files on your laptop?

Laptop thefts are also increasingly common.  In 2004 (the latest statistics I could find), more than 600,000 laptops were stolen worldwide. 

What's more, when you take your laptop across a U.S. border, customs officials have the right to copy all of the data on it and use it for whatever purpose they wish.  There's no warrant, no probable cause, no arrest—just "gimme." 

How can you protect yourself?  I recommend the following strategies:

* Keep confidential information on an encrypted USB stick—not on the laptop itself. When you've finished using your laptop, turn it off, then put the USB stick in a safe place—your pocket, your key ring, or even on a chain around your neck.  That way, if someone steals your laptop, your data will still be with you.  A good program that supports USB encryption is Pretty Good Privacy Whole Disk Encryption (http://www.pgp.com). 

* Encrypt your laptop's hard drive.  The PGP Whole Disk Encryption suite, along with several other program, can encrypt your entire hard drive.  If someone manages to steal your laptop, the thief won't be able to even boot up the hard disk.  Your data—along with information on your Web browsing habits and other data stored in various locations on your hard drive—is completely secure.

Encryption, though, isn't foolproof.  Last week, researchers found a major security flaw in several popular disk encryption systems that can leave encrypted data vulnerable to exposure.  Laptops are particularly vulnerable. 

More in my next blog entry…

Click here to learn hundreds more ways to protect your privacy and wealth.

Copyright © 2008 by Mark Nestmann

Through initiatives such as "Secure Flight," the U.S. government assures us that data mining makes us safe from terrorists. 

Under this initiative, you won't be able to obtain a boarding pass for a flight to, from, or within the United States unless you receive permission to travel from the Transportation Security Administration.

But the government is lying to us.  Data mining will never be effective to identify terrorists.

Here's why:

Data mining analysis defines how an individual fits into a group, and predicts that person's behavior based on characteristics of that group. 

For instance, under Secure Flight, the TSA will analyze your credit records, your travel history, your bank records, your credit card records, your telephone records, your Web surfing records, and many other types of records to determine if you pose a terrorist threat. 

If you "pass" the TSA analysis, you'll receive a boarding pass.  If you don't, you won't be able to travel by air, even within the United States.

There's only one problem, other than the giving the government carte blanche over our personal data, with zero accountability for its misuse.  Data mining for terrorists doesn't work.  And it never will.

Terrorists don't fit an easily identifiable profile.  While most terrorists are male and under 40, nearly two billion people fit this profile worldwide.  There are also an exceedingly small number of actual terrorists, and they deliberately obscure their trail to avoid detection. 

These factors make data mining to identify terrorism an expensive waste of time.  One analysis by security expert Bruce Schneier estimated that even with 99.9% accuracy, data mining for terrorists would generate one billion false alarms for every real terrorist plot it uncovers. 

For some applications, though, data mining does work.  It works best when there's a well-defined profile of whatever you're searching for, a substantial number of "events," and minimal consequences for "false positives."

An example of an effective application for data mining is credit card fraud.  All credit card companies now data mine their transaction databases, looking for patterns of spending that might indicate a stolen card. 

Since a credit card thief generally purchases a large number of expensive items shortly after the theft, it's possible to identify fraud with a high degree of accuracy.  The consequence of a false positive—mistakenly identifying a credit card as stolen—is that the legitimate owner temporarily can't use it.  But this is a problem only until the rightful owner contacts the credit card issuer to inform them of the mistake. 

The federal government surely knows these facts.  Yet, it persists in claiming that data mining will somehow help identify terrorists.  Why?   

It turns out that looking for other types of people who are not as rare as terrorists is much more plausible using data mining technologies.  For instance, lots of people don't approve of the way the government is fighting the so-called War on Terrorism.  Some of these people may subscribe to publications that criticize the War on Terrorism; make phone calls to other people who don't like it, etc.  Since all of these records are "mined" by various federal agencies, it would be easy for the government to use this information to identify opponents of this war.

In other words, while data mining is almost useless for identifying terrorists, it's an effective way for the government to engage in political intelligence gathering.  And that's how I think it's being used.

Copyright © 2007 by Mark Nestmann

Itching for revenge on your business competitor, raucous neighbors, or mother-in-law?  Just tell the FBI or other police agency your enemy is a terrorist, sit back, and savor the results.

That's what recently happened to a man in Sweden traveling to the United States  The man's father-in-law was angry with him for divorcing his daughter.  When the man had to travel on business to the United States, the father sent an e-mail message to the FBI accusing his son-in-law of having links to al-Qaeda.

Upon his arrival in Florida, authorities arrested the son-in-law.  Police handcuffed him, placed him in a detention cell, and interrogated him for 11 hours.  Police finally convinced themselves the man wasn't a threat to U.S. national security.  But even then, authorities refused to allow the man to enter the United States.  He was unceremoniously expelled and placed on a flight back to Europe.

Confronted by Swedish authorities for sending a libelous e-mail, the father-in-law admitted playing a dirty trick.  He said he didn't think, "the authorities were so stupid that they would believe anything.  But apparently they are."

If accusing your enemy of being a terrorist isn't enough, you need to think bigger.  Think money laundering.  Simply accuse your enemy of laundering money for terrorists. 

That's what happened to Naresh Goyal, the founder and chairman of Jet Airways, India's biggest private airline.  In 2005, Jet applied for a license to fly to the United States.  After a series of delays, Mr. Goyal learned that he was suspected of laundering money for al-Qaeda.  Later, he learned that local competitors were behind the claim.

After a two-year investigation, U.S. authorities approved Jet's application for U.S. landing rights.  But Goyal holds no grudge against his accusers.  “Indians are very creative,” he says. 

And that's the best way to get your revenge.  Simply be creative.  Yes, it's illegal to make false accusations against your enemy or competitor.  And, yes, it might get you into trouble.  But, that apparently hasn't stopped many people from making false accusations.

The bigger question, of course, is what happens after the FBI or other police agency completes its investigation.  I suspect that the Swedish man interrogated and denied entry into the United States is now on the government's terrorist screening database.  Mr. Goyal may be a proud member as well.

Nor is getting off the watchlist easy.  Even dead people can't get off of it.  Saddam Hussein, executed in 2006, apparently remains on the watchlist.  The watchlist also reportedly contains the names of several of the Sept. 11, 2001 hijackers killed in the attacks of that day. 

In other words, if you finger someone as a terrorist, the likely result is that wherever they travel, for years if not decades to come, they'll experience delays, detentions, and possible denial of entry rights.  Sweet revenge indeed, for their false accusers.

Copyright © 2007 by Mark Nestmann

Hasan Elahi is an art professor at Rutgers University.  Along with more than 700,000 people, he's on the U.S. government's terrorist watch list.  The Bangladeshi-born U.S. citizen has been repeatedly searched, questioned, investigated, and even given a lie detector test by the FBI. 

Once you're on the terrorist watch list, of course, it's hard to get off—very hard.  Indeed, even dying won't get you removed from it—several of the Sept. 11, 2001 suicide bombers were still on the watchlist as of late 2006.

Elahi's life began to unravel in 2002, when FBI agents began investigating him on suspicion of stockpiling explosives in a Florida storage unit. While Elahi was able to convince the FBI that he didn't possess explosives, and wasn't planning to blow anything up, every time he traveled, he faced delays, questioning, and suspicion.  He began thinking that if the feds really thought he was a terrorist, they might eventually ship him off to the notorious detention center in Guantanomo Bay, Cuba.

Elahi's solution? Document his life, 24 hours a day, on the Internet.  He takes hundreds of photos a day of himself in class, in coffee shops, at home, in art galleries, etc.  Each one of them is instantly uploaded to his Web site at http://elahi.rutgers.edu.   

This way, Elahi reasons, the government can't get it wrong.  There's no doubt whatsoever where he is or what he's doing, any time, day or night.  There's also a market phenomenon at work: no FBI agent is going to get a promotion for uncovering a terrorist plot by watching an art professor eating a Big Mac.  "It's economics," he says. "I flood the market."

It's working.  Elahi hasn't been detained at the airport since he began documenting his whereabouts online.  But just to be sure, he always calls the FBI a few days in advance every time he plans to take a trip via commercial airline.   

The lack of privacy in Elahi's personal life, he believes, is a small price to pay in exchange for being able to travel freely.  And, as he says, "it sure beats Guantanamo."

Copyright © 2007 by Mark Nestmann

Last year, I wrote here that if Uncle Sam gets its way, we’d all be on no-fly lists, unless the government gives us permission to leave—or re-enter—the United States. 

Now, the Transportation Safety Administration (TSA) has proposed a similar system for travel on commercial airlines WITHIN the United States.  Both systems will come into effect Feb. 19, 2008.

Under the TSA's ¨Advance Passenger Information System (APIS),¨ initiative, you'll need to obtain permission from the U.S. government to travel on any commercial airliner or ship that goes to or from the United States.  You won't receive your boarding pass until you are cleared by APIS.  You'll also need permission to travel through the United States (e.g., if you're changing planes at a U.S. airport on a trip between two foreign countries).  It doesn't matter if you're a U.S. citizen or permanent resident.  Everyone will need permission to enter—or leave—the United States.

Then, on Aug. 23, 2007, the TSA issued proposed regulations for its "Secure Flight" program. The TSA wants commercial airlines to submit passenger information through a single DHS portal for both the Secure Flight and APIS programs. This would result in one DHS system responsible for watch list matching for all aviation passengers.

Naturally, the entire process—for both domestic and international travel—will occur in total secrecy.  If you're denied permission to travel, you won't be able to appeal the decision to any court.  Your only recourse will through the TSA bureaucracy.  Essentially, you'll be reduced to pleading with the TSA to say something like, "pretty please, give me a boarding pass." 

What this amounts to is essentially a reprise of the infamous "internal passport" system in effect in the former Soviet Union.  In 1933, Soviet dictator Josef Stalin introduced "internal passports" that prohibited Soviet citizens from leaving their place of residence without permission.  Over time, the internal passport became the prime instrument of Soviet oppression over its citizens.

It's bad enough needing to ask Uncle Sam for permission to leave the United States, and to reenter it.  But an internal passport is a blueprint for totalitarianism.

If you don't like the idea of having to obtain permission from Uncle Sam to travel domestically, you have until Oct. 22, 2007 to submit written comments to TSA for consideration before the final rule is issued.  To do so, go to the "Federal e-Rulemaking Portal" at www.regulations.gov and follow the instructions for submitting comments. Submissions must include docket number "TSA-2007-28572."

Since Sept. 11, 2001, it's become difficult to travel without subjecting yourself to intrusive surveillance.  However, it's still possible to travel privately, and in some cases, virtually anonymously.  Click here to learn how.

Copyright © 2007 by Mark Nestmann

Remember "Minority Report?" 

This movie is set in Washington, D.C. in 2054.  The city hasn't experienced a single murder in more than six years, thanks to laws that permit police to arrest individuals predisposed to commit homicides, along with mandatory retinal implants in all citizens that make it possible to track citizens wherever they travel. 

Is the loss of privacy and the detention of individuals who haven't committed any offense worth a possible reduction in crime?  That's the question Minority Report sets out to address, and it's particularly relevant to a new initiative from the Department of Homeland Security (DHS) designed to predict which of the 400 million people who enter the US every year have "current or future hostile intentions".

Here's the plan: When you approach a border-crossing checkpoint, you will be examined by a battery of lasers, closed circuit TV cameras, eye movement tracking devices, and microphones.  The intent is to compile a database of your body itself, with the goal of predicting your future intentions. 

If this sounds a little far fetched, it is.  But the DHS has now issued a "request for information" in which it asked security companies and U.S. government labs to propose ways to implement this goal.  It hopes to deploy the technologies at all U.S. border crossings points by 2012.

The sort of Minority Report type mass screening envisioned in these initiatives is more than a mass invasion of privacy.  It's also a mass waste of time and money.  That's because only a tiny number of the 400 million people who cross U.S. borders have any hostile intentions against the United States.  Screening all 400 million is a waste of valuable resources and, based on similar data mining efforts conducted by DHS, such as the No-Fly List, is certain to result in thousands or even hundreds of thousands of individuals being unnecessarily detained or even turned away from crossing the border.

Is there a better way to accomplish this same objective?  Absolutely, and the technology is here, right now.  It's to train immigration and border patrol agent to focus on the same speech patterns, eye movements, etc., that the automated system is designed to track.  This would not only save billions of dollars and avoid unnecessarily intrusions of hundreds of millions of travelers, but could deployed in a matter of months—not years.

Since Sept. 11, 2001, it's become difficult to travel without subjecting yourself to intrusive surveillance. However, it's still possible to travel privately, and in some cases, virtually anonymously.  Click here to learn how. 

Copyright © 2007 by Mark Nestmann

Ah, progress.

Throwing coins in a toll collection basket as you drive down the expressway is so 20th century. 

But about a decade ago, as we left the 20th century behind, highway engineers dreamed up a system to allow drivers to travel on toll roads without stopping to pay tolls. 

And so were born "E-Z Pass," "Fast Lane," and similar electronic toll collection systems.  To participate, you open a prepaid account, and then receive special tags for your vehicle's windshield.  When you drive through a suitably equipped toll plaza, your account is automatically debited for the toll. 

No need to stop.  No need to fish for quarters in your pocket.  And no need to roll down the window to confront toll-booth Tammy.  No wonder E-Z Pass is popular! 

But not many people asked about the legal status of the toll records.  Prosecutors and plaintiff's lawyers quickly saw the potential of using these records in civil litigation.  For instance, they might be useful at proving that instead of staying downtown to work late at the office, like you told your spouse, you actually passed through an E-Z Pass toll plaza a stone's throw away from the Cheatin' Heart Motel.   As Jacalyn Barnett, a New York divorce lawyer, says, "E-Z Pass is an E-Z Pass to divorce court, because it's an easy way to show you took the off-ramp to adultery."

Now a few privacy advocates are shocked—yes shocked—that electronic toll records could be used this way.  I'm not sure why they're surprised, though, because in the 1970s, the Supreme Court ruled in a series of cases that you have no "expectation of privacy" with respect to your banking records, your telephone dialing records, or any other record turned over to a third party.  This status can be modified by contract or by law, but no contract or law that I know of creates an "expectation of privacy" for toll records. 

In any event, rather than be "shocked" by this invasion of privacy, there's a simple solution if you don't want your toll records turned over to anyone with the legal authority to issue a subpoena.  Stop your car, roll down the window, fish for some quarters, and throw them in the toll basket. 

Just don't miss the basket.  Toll-booth Tammy may not be any more friendly than she was a decade ago.

Click here to learn dozens more ways to protect your privacy, on and off the highway.

Copyright © by Mark Nestmann