American Airlines wants to know everything about you

Another BoingBoing post, but much more serious than conceptual art: if Cory Doctorow’s experience is typical, then it seems American Airlines now expects passengers to provide the names and addresses of everybody they intend to stay with in the USA.

They claimed that this was due to a TSA [Transport Security Administration] regulation, but refused to state which regulation required them to gather this information, nor what they would do with it once they’d gathered it.

… I asked for the name or number of the regulation, its text, and the details of the data-retention and privacy practices in place at AA UK. The security officer wasn’t able to answer my questions, and she went to get her supervisor.

After several minutes, her supervisor appeared and said, after introducing himself, “Sir, this is for your own protection.”

Site spit and polish

I’ve made a few tweaks to the weblog design – nothing too serious, but I’ve gone for slightly different fonts to make the text more readable. I’ve tested it in Safari and Firefox and everything seems okay, but if users of other browsers spot any problems could you let me know please? Thanks.

A message for Tom Dennis

Tom, I’ve tried again and again to mail the replies to your questions but the mails are still bouncing – your ISP’s convinced that there’s no space in your mailbox for incoming messages. Can you get in touch with an alternative email address, please?

Happy Happy Joy Joy

From the Eels mailing list:

Long time no see. Sorry about that. But it will all make sense to you now. The EELS have been missing all this time for a reason: they’ve been working on the new album, and it’s a doozy! A 33 track DOUBLE album!

BLINKING LIGHTS AND OTHER REVELATIONS will be released worldwide April 26. Please mark your calendars and stay tuned to EELStheband.com for news and updates.

As always, thanks for caring!

Yesssssssssssssss!

New comments

Rightio, that’s me added the Haloscan commenting and trackback system to the blog. It should be self-explanatory; unfortunately it does mean that while existing comments are still on the various blog entries, they won’t show up as “Comments [3]” or whatever. Sorry.

One of the main advantages of Haloscan is that you can leave your name without having to sign up for a Blogger account or similar, and you can include a link to your web site as well. Needless to say, blatant comment spam will be deleted…

No comments

I’ve discovered a problem with the commenting system on this weblog: the email notifications of new comments keep getting eaten by my army of anti-spam ninjas. As a result, I’m going to install a new comments system as soon as I get the chance. In the meantime, please don’t go in a huff if I don’t reply to comments – it’s entirely possible that I didn’t know about ’em.

Beware the evil twins of wireless!

There’s a rather strange report on The BBC News web site about “evil twins”, wireless hotspots that are evil, but that pretend not to be evil. Apparently:

“Users need to be wary of using their wi-fi enabled laptops or other portable devices in order to conduct financial transactions or anything that is of a sensitive or personal nature,” said Professor Brian Collins, head of information systems at Cranfield University.

It strikes me as a non-story – anyone remember the panic over “bluejacking” that would enable villains to eat your mobile phone using space power, or some such guff? – but it does raise a salient point: people forget that the whole point of wireless networking is that there aren’t any wires and it travels through walls. That means traffic can be intercepted, and if you connect to a network without any security on it whatsoever before doing something private, such as online banking, then you’re a bloody idiot.

I wrote about laptop and wireless security for Laptop Magazine a few months back. Here’s a quick extract:

If you’re using Wi-Fi wireless networking, it’s possible for others to listen in… some simple precautions can prevent this. Don’t give out sensitive information on sites that aren’t secure (secure sites have addresses beginning with “https” instead of “http”), ensure you’re connecting to the correct network and not someone else’s computer, and make sure your wireless network’s security features are enabled.

In another issue of the same magazine, I pointed out that you need to take precautions at home, too.

In the US, many home users are unwittingly sharing their broadband connections – and possibly their secret files – with complete strangers, once again because they haven’t taken any security precautions. Running even a simple home Wi-Fi network without switching on the security features is like leaving your door unlocked when you go on holiday.

The BBC article does make one important point, though: by default, new wireless kit doesn’t tend to have its security systems enabled, so if you don’t switch it on then your wireless kit is wide open. Here’s a very quick example: in my flat I’m in range of two wireless networks other than my own. One of them has the network name “Belkin54g”, which indicates that it’s Belkin kit and that the user has stuck with the default settings – which means even the simplest security measures are switched off. Can I connect to that network? Of course I can.

However, it’s important to keep wi-fi security, hackers and other heavily hyped nasties in perspective. If you’re out and about, the biggest single danger to your data is that you’ll lose or smash your laptop, or that someone will nick it. Back to that Laptop Magazine article:

[laptops are] vulnerable to all kinds of dangers. Just ask the boss of technology firm Qualcomm: in 2000, Irwin Jacobs delivered a presentation to a group of journalists and then chatted to his guests. Although he was only a few feet from his machine, someone stole his laptop.

According to research firm Gartner, one in ten laptops is stolen every year. The UK government lost more than 1,300 laptops in 2001 alone, and a recent MORI survey on behalf of Microsoft suggests that over the next 12 months, UK firms will lose 67,000 laptops to thieves. However, theft isn’t the only problem: Gartner also reports that 15% of laptops will suffer hardware failures, and MORI suggests that 100,000 laptops belonging to UK firms will suffer serious damage in the next twelve months.

Theft or hardware failure is even worse when the machine contains valuable data, as heart specialist Dr Abdul Karim Duke discovered in January when his laptop was stolen. The machine contained a research project on children’s heart conditions, which represented years of work – and the doctor didn’t have a backup copy. The doctor isn’t alone: Microsoft’s MORI poll found that 27% of UK small businesses don’t backup key data. As John Coulthard, head of small business for Microsoft UK explains: “The MORI study revealed that half the respondents believed their laptop was susceptible to theft, yet more than a third did not make copies of confidential files.”

As if the threat of theft or failure wasn’t bad enough, there are other worries too. Viruses and Trojan horse programs can cause chaos on your computer, while the press is full of stories about hackers attacking businesses. Oh, and did we mention industrial espionage, human error and toddlers filling your keyboard with jam?

Don’t underestimate the power of stupidity, either.

When you’re choosing passwords, try to avoid anything that can be guessed: pets’ names, the names of relatives, maiden names, car registration numbers, commonly used phrases or the word “password”. And never, ever let anyone know what password you’ve chosen. If that sounds like common sense, it isn’t that common: in April, InfoSecurity Europe 2003 found that 90 per cent of office workers gave out their passwords at Waterloo Station in exchange for a promotional pen. The most common password was “password” (12 per cent) while 16% of people used their own name, 11% used their favourite football team and 8% used their date of birth.

One man refused to give out his password, saying: ““I am the CEO, I will not give you my password – it could compromise my company’s information.” He then admitted that the password was his daughter’s name. The researcher asked, what’s your daughter’s name? “Tasmin,” he answered.

Of course, it’s much easier to nick a laptop than it is to try to guess passwords and hack into a system.

Laptop theft is big business: in the Thames Valley Police area alone, 1,229 laptops were stolen in 2000 and 1,570 in 2001. Many of those machines were the result of opportunist theft, where computers were stolen from pubs or parked cars; for example, some of the MOD’s missing laptops that hit the headlines were left in the back of taxis or stolen while the owner bought a train ticket. Because laptops are so easy to steal – and so easy to sell – it’s essential to be vigilant, especially in public places.

If someone breaks into your car and nicks your notebook, you could be in for a shock: many insurance policies have strict cover limits, so for example your car insurance may only cover you for theft of items up to £200. It’s worth checking your policy carefully to make sure that your laptop will be covered if someone breaks into your car and steals it.

If your laptop was stolen because it was clearly visible from outside the car, the policy may not pay out. Most insurers have a get-out clause that requires you to take “reasonable precautions… to safeguard the lost or damaged property.” Given that most thefts from cars are the result of a broken window or popped door lock, if you must leave your laptop in the car then lock it securely in the boot – even when you’re driving. If your laptop is sitting on the car seat, it’s easy for someone to grab it while you’re stopped in traffic.