There are identity thieves, stalkers and people generally trying to take advantage of you.

At least that was one of the things that I took away from a privacy conference last week in Seattle, where the word “creepy” slipped into the conversation as a description of everything from location-based services to more cutting edge Internet businesses.

But advocates argued that the cure for creepy was to make services relevant and useful — not spammy and invasive. In other words, consumers are willing to share their information — age, gender, location — if there’s a benefit to them.

I moderated a panel titled “Building Trust in the Sharing Economy,” which addressed identity issues as people become more comfortable using the Internet to find babysitters, rent out their apartments or lend their car to strangers.

In those cases, honest people typically don’t mind sharing information about themselves in order to be considered a trustworthy consumer or provider. It’s a red flag if they don’t.

Sonny Singh, the VP of sales and business development at Jumio, said it’s not creepy when you show your driver’s license to Hertz when you’re renting a car or to a hotel when you’re checking in. That’s why it shouldn’t be viewed as strange when you use sharing services like Airbnb or RelayRides.

But he said, instead, “they are assuming from your Facebook profile that you are who you say you are.”

Jumio is developing technology that allows users to verify their identity by entering their credit card and driver’s license information using a webcam or camera phone.

Participants in the panel (from left to right in the picture) are: Tricia Duryee, AllThingsD; Drummond Reed, founder, Connect.me; Sam Rosen, co-founder, Scaffold; Xin Chung, CEO and founder, Trustcloud; and Singh.

Here’s a video of the whole discussion, but you can skip to around the 26-minute mark to hear the whole discussion on “creepy.”

Dunn first joined HP’s board in 1998 and took over the chairmanship in 2005, succeeding ousted CEO Carly Fiorina. Dunn sought to rein in a board with a reputation for leaks to reporters.

In early 2005, following a front-page story in The Wall Street Journal about discussions held at a special HP off-site strategy meeting that included details known only to directors, she sought to get to the bottom of the leaks and discover who among HP’s directors was talking to reporters.

In 2005 Dunn hired private investigators, and some of them used a method called pretexting, in which someone impersonates the owner of a cellphone in order to get access to billing records. Not only were HP directors targeted by the effort, but also journalists for The Wall Street Journal, BusinessWeek Magazine and CNet News who covered HP. The technique proved illegal, though she later testified to Congress that she had believed the investigators had used only legal methods to get the information.

Dunn’s role in the scandal led to felony criminal charges pressed by California’s then attorney general, Bill Lockyer, for wire fraud, unauthorized use of computer data, identity theft and conspiracy. She was one of four charged. Offered a chance to plead guilty to misdemeanor, she opted instead to fight the charges and was determined to clear her name, despite the fact that she was about to undergo chemotherapy treatment. A judge finally threw out the charges in 2007.

The controversy and criminal charges led her to resign her seat as HP chairman on Sept. 26, 2006, and she was replaced by Hurd, who served in that role until his resignation last year.

Update: HP just sent the following statement:

Pattie Dunn worked tirelessly for the good of HP. We are saddened by the news of her passing, and our thoughts go out to her family on their loss.

Dunn’s written testimony to a House Committee on the scandal is below, via Scribd.

09282006 Testimony Dunn

And with that story — entirely plausible but in this case a lie — a customer-service representative turned over customer account numbers and other details with a readiness that makes banks and other companies cringe.

Mr. Patten, a 35-year-old cybersecurity expert who was with the U.S. Air Force before he started working for a consulting firm in Kansas City, Mo., didn’t actually use or sell the data, which he gathered in running a test for the investment firm of its security arrangements. But the ease with which the employee was persuaded to divulge the information points to a troubling trend, security experts and law enforcement officials say.

Read the rest of this post on the original site »

Talk of an “Internet kill-switch” to be used in the event of cyberwarfare has reemerged in light of recent events in Egypt, and coincides with a new federal initiative intended to improve security for individual Internet users.

According to Mr. Schmidt, securing the information superhighway involves too many factors to be lumped into a single bucket. Resolving online criminality like identity theft should be treated differently than protecting the electric grid from sabotage by foreign powers or online espionage, but war-like rhetoric may threaten the U.S.’s ability to deal with any of these issues effectively, he warned.

Read the rest of this post on the original site

Ryan Calo, senior research fellow at the Center for Internet and Society at Stanford University Law School, has been trying to answer that question. This summer, he released a draft of a paper titled the Boundaries of Privacy Harm that is set to be published in the Indiana Law Journal next year.

Calo spoke with Digits about privacy harm and how it applies in the digital world. His condensed comments are below.

Why do we need to define privacy harm?

If you look at regulations of abortion or sodomy or contraception, the Supreme Court looked at these as privacy issues. But a lot of people would say you can’t regulate sex between two people of the same gender, not because it happens in private but because it’s an equality issue. … In order to surface these values, we need to draw a line and say that not everything is privacy.

Read the rest of this post on the original site

The number of identity-theft victims in the U.S. jumped 12 percent to 11.1 million in 2009, according to research company Javelin Strategy & Research. Fraud cases reported to the Internet Crime Complaint Center, which is partly run by the Federal Bureau of Investigation, climbed 23 percent to 336,655 last year.

Information that people inadvertently make public on sites like Facebook plays a role. So too do the sort of technical exploits demonstrated by the group that recently exposed a flaw in AT&T Inc.’s (T) website.

But in many cases, finding social-security and credit-card numbers or medical records on the Internet doesn’t require computer expertise. Instead, such information is accessible to anyone who knows where to look.

Read the rest of this post on the original site

The Metropolitan Police said its Central e-Crime Unit worked with U.K. domain-name registry Nominet to shut down the Web addresses of the sites, and to keep them from being re-registered.

Read the rest of this post on the original site

As far as I know, no one can steal my identity. Even if my bank account number, my credit card number and all my passwords are stolen, I am fairly confident that I will still be me and the thief will be a different person.

Yes, the criminal will be masquerading as me. But anyone who knows me–my husband, my children, my colleagues, my doorman, my employer–will not be fooled. If “I” was actually stolen, I believe that would be called a kidnapping.

The entities that would be fooled by a masquerader are ones that don’t really know me: my bank, my credit card company, places where I do online or offline shopping. Maybe they should have done a better job figuring out who I was before parting with my money or their goods.

Read the rest of this post on the original site

Then, he did something unusual for a local cop: He pulled out his iPhone and checked for any unencrypted wireless access points nearby. The iPhone check, says Mr. Feffer, helped avoid the predicament that befell two other law-enforcement agencies that raided the wrong house on successive days, because the real suspect in a child pornography case had been using an innocent person’s unprotected wireless Internet connection. Mr. Feffer didn’t find any wireless loopholes that could be exploited.

Read the rest of this post on the original site

The Federal Trade Commission has issued a consumer alert noting that only one Web site, Cars.gov, is the official destination for the Car Allowance Rebate System. Other sites, particularly ones that ask for personal information, should be avoided since they might be a front for identity-theft efforts.

“You do not need a voucher and you are not required to sign up or enroll in this program,” says the National Highway Traffic and Safety Administration, which operates the rebate program, in a frequently asked questions page.

Read the rest of this post on the original site

In the new version of Microsoft Office, I cannot find a “favorites” capability in the Open dialog box. In my older version, when I began to open a document, I had a box on the left called “Favorites” that I could invoke to find common file locations. Did they really kill this very useful feature?

No, but they changed the way you make it visible in Office 2007. You can get back your “Favorites” category by right-clicking the bar at the left-hand side of the Open dialog. From the menu that appears, click on “Add Favorites,” and your Favorites category should appear in the left-hand bar, and stay there.

If I have McAfee security software, do I need an antispyware program as well?

Everyone running a Windows computer, even a virtual Windows computer on a Mac, should have antispyware software. In some ways, spyware is a worse security problem than viruses, and can lead to identity theft.

McAfee has made many types and versions of security software over the years. Some, especially recent versions of the company’s comprehensive products, include antispyware protection. Check your version to make sure it includes this capability. If it doesn’t, you will either need to upgrade to a more comprehensive suite, or obtain a separate anti-spyware product.

When my friend put a Spike Jones CD of mine into his Mac to import it using iTunes, the CD was misidentified with an embarrassing title. What would cause such a thing to happen? Does iTunes go out to the Web looking for album names, instead of going by what’s on a disk?

Yes. Music programs like iTunes, and all its major competitors, can’t identify a disk directly. So they rely on online databases to identify CDs. Each CD contains a hidden code that the database providers quickly match up with their huge catalogs of CDs to provide the album title, artist, date, track list and other information. But, sometimes, especially when the CD is relatively obscure, the databases are wrong and yield erroneous information. When that happens, you have to type in the information by hand.

You can find Mossberg’s Mailbox, and my other columns, online free of charge at the new All Things Digital Web site, http://walt.allthingsd.com.