Your Passport Could Make You a Target for Crime--Wirelessly
Most American travelers are only dimly aware of a radio frequency ID chip embedded in the last page of their U.S. passport. The only indication as to the RFID chip's presence is a small icon on the cover. The RFID chip permits a passport control officer to transfer the information on the passport's "data page" wirelessly to a terminal, but security researchers have expressed concern that the range from which any RFID reader can pull data from a passport is far greater.
In 2006, security firm Flexilis demonstrated the ability to read RFID data at a range of several hundred feet, using a special antenna mounted to the stock of a sniper rifle (which the researchers used for both dramatic effect and ease of aiming). Last year, Chris Paget of the security firm IOActive drove around San Francisco and, within 20 minutes, copied all of the stored data right out of two unsuspecting U.S. passport holders' pockets, using just a laptop plus off-the-shelf hardware and software costing a total of $250.
The Fix: "The privacy risks posed by RFID-enabled passports make dumpster diving for credit card slips look like child's play," says Andrew Brandt, lead threat research analyst for Webroot. "If a few hundred bucks' worth of gear is all it takes to engage in mass identity theft, or to target citizens of a specific country for crime, it doesn't seem too unreasonable to carry your travel documents wrapped up in aluminum foil."
The Social Web Never Forgets
If you have an ugly encounter with someone in person, odds are you'll both forget most of it within a week. Experience the same thing on the Internet, and it will be preserved forever. Worse, people have lost jobs, gotten sued, been arrested, or endured endless embarrassment due to things they said in e-mail or posted on Facebook.
"The Internet never forgets," says the University of Washington's Tadayoshi Kohno. "In the old days, if you wanted to make data disappear from your computer, you could take out your hard drive and take a sledgehammer to it. Today, much of our data is in the cloud. There's no single hard drive to smash any more."
The Fix: Kohno and other UW researchers have developed a technology called Vanish, which adds a "self-destruct" expiration mechanism to data shared across the Net. Vanish works by encrypting text and then distributing pieces of the encryption key across a dozen peer-to-peer networks. After a specified period of time, Vanish starts losing the keys, making the data unrecoverable. It can work with e-mail or with any text entered into a Web form, Kohno says. Though Vanish is still just a research project, curious users can download its open-source Firefox plug-in.
You Can Escape Almost Any Service Contract Without Penalties
You say you agreed to a two-year service contract to get a healthy discount on your broadband service or smartphone? You may be able to ditch your obligation without having to pay the usual early-termination fee--if your service provider has changed the terms on you in the time since you signed up.
Last December, Sprint sent a notice to its customers alerting them to a 40-cent monthly increase on all lines and a $5 increase on accounts with spending limits. That constituted a "materially adverse change of contract" per Sprint's terms; this opened a porthole for unhappy Sprint customers to jump ship without incurring early-termination fees, which can amount to $150 or more. Similar changes in administration fees allowed T-Mobile users to switch last September and Verizon users to opt out in the spring of 2008.
The Fix: If your provider changes terms, and you decide to leave as a result, contact the company within the time period specified in your contract (usually 30 to 60 days). Make it clear that you're switching because of the "materially adverse" nature of the change.