WHY azor purchase ARE COSTS DIFFERENT FOR BRAND-NAME DRUGS VS. GENERIC DRUGS?Brand-name drugs order cialis no prescription required can be expensive because of the research needed to test cialis bangkok their safety and effectiveness. Individuals taking an antibiotic should not generic toradol take other medicines or herbal remedies without speaking with a tetracycline pills doctor first. Insurance may cover VR therapy in a therapist's buy cheap augmentin online office if the therapist is on the insurer's approved list. buy estrace vaginal cream online Research into its effectiveness is still ongoing and may continue viagra side effects to show promise in its use in both the general cheap griseofulvin population and specific groups living with different conditions. To receive cheapest dexamethasone a diagnosis of nocturnal hypertension, a person may need to gel alternative wear an ambulatory blood pressure monitor. If a person is order mirapex in us already receiving treatment with biologics, a doctor may change the buy generic synthroid type of biologics. Once a person corrects any deficiencies, such lipitor no prescription as by taking iron or zinc supplements, they may stop experiencing.

World of Warcraft (WoW) is a huge online fantasy war game, with more than ten million accounts. Here is a nice holiday-weekend “bits” story: a man with an arrest warrant out on him in Indiana for two years on drug charges has been arrested in Ottawa, Canada. The crucial information as to his whereabouts was provided by Blizzard Entertainment, the game company that runs WoW. As Matt Robertson, the investigator in the county sheriff’s department, tells the Kokomo (IN) Perspective,

“You hear stories about you can’t get someone through the Internet. Guess what? You can. I just did. Here you are, playing World of Warcraft, and you never know who you’re playing with.”

Robertson seems to have take a lot of small steps to put the story together. A childhood friend of the suspect said he had moved to Canada — good to know, of course, but making many of the standard law enforcement protocols useless. Somewhere along the line a tip came in that he was a WoW fan, so the investigator sent a subpoena for the suspect’s records — a transnational subpoena with no legal force at all.

“They don’t have to respond to us, and I was under the assumption that they wouldn’t,” said Roberson. “It had been three or four months since I had sent the subpoena. I just put it in the back of my mind and went on to do other things. Then I finally got a response from them. They sent me a package of information. They were very cooperative. It was nice that they were that willing to provide information.”

That information included the suspect’s IP address, in particular. From the IP address Robertson got the latitude and longitude (here is one site that will do that for you) and then used Google Earth to home in on the neighborhood. He couldn’t quite get to the street address that way, but close enough that Canadian authorities did the rest.

So just remember that. In a multiuser game you can think of yourself as living out of time, out of space, and out of your own skin, but you aren’t. Someone knows a great deal about you, and might even be willing to answer a polite request to reveal it.

Which may be what we actually want. Or is it?

In the New York Times, travelers and privacy experts present their views on whether the millimeter-wave scanners I discussed yesterday are an unacceptable invasion of privacy. Quoting a Utah Republican who sponsored a bill (which passed the House but not yet the Senate) banning the use of the devices except as secondary screening technology, the story says

“I’m on an airplane every three or four days; I want that plane to be as safe and secure as possible,” Mr. Chaffetz said. However, he added, “I don’t think anybody needs to see my 8-year-old naked in order to secure that airplane.”

Which is to say what, that no terrorist would put a bomb on an eight-year-old? I wonder if there is a name for this rhetorical device, where one transforms a general proposition into a personal insult.

EPIC, which had previously filed suit for more information about these devices, seems to me to have it right.

Marc Rotenberg, head of the Electronic Privacy Information Center, said his group had not objected to the use of the devices, as long as they were designed not to store and record images.

Keep the screens in a separate room (as is done). Disable the recording capability (as is done). Make sure the operator doesn’t have a cell phone camera if you wish (though it is hard to imagine much titillation coming from these images, compared to what is readily available). But yes, check the passengers the way you check their luggage, and the wheel bearings for that matter. And yes, that is a role for government, or government-controlled entities. I don’t think we want a free market here, allowing airlines to trade off security for ticket price and allowing consumers to decide for themselves how much risk they are willing to accept.

Bruce Schneier is a very astute security expert, but I am not sure I follow his logic here:

Bruce Schneier, a security expert who has been critical of the technology, said the latest incident had not changed his mind.

“If there are a hundred tactics and I protect against two of them, I’m not making you safer,” he said. “If we use full-body scanning, they’re going to do something else.”

The millions of dollars being spent on new equipment, he said, would be better invested in investigation and intelligence work to detect bombers before they get to any airport.

The last part is surely true. Figuring out the line determining when someone goes on a no-fly list is tricky business. You don’t want any father with a grudge against his son to be able to ground the son by making a call to the Embassy. But it sounds like there were enough other dots to connect in this case to have set off appropriate alerts. I take Schneier’s point to be that the security perimeter at the airport is not the only place, nor even the best place, to keep terrorists off the plane, and the threat model that puts all the energy at stopping them there will be ineffective in practice. That sounds right, but isn’t really an argument against the use of the millimeter-wave technology.

The recent attempt by a Nigerian man to blow up a plane flying into Detroit has brought the subject of millimeter wave scans back into public discussion. These scans use very short-wave radio signals to peek through people’s clothing and see what they may have underneath. Some privacy advocates resist the use of these devices, because they show genitalia, as well as revealing breast implants and so on.

Maybe I am missing something, but I can’t get excited about the fact that a security screener might get a glimpse of an X-ray like image of my private parts in the course of verifying that I wasn’t hiding some explosives there (as the alleged terrorist apparently was). It may not be useful or effective to screen everyone–maybe you’d do some obvious profiling (bought the ticket with cash, etc.) to reduce the workload on the screeners and keep them sharper. But if the image isn’t stored, I don’t see any privacy problem in principle here. In enlightened societies at least, we have mostly gotten past prudery in medical care–not many hospital patients would today insist on having their bedpans emptied only by same-sex attendants. If you want to use the technology of air travel, you need to accept the technology of security (provided, once again, that it really is security-enhancing and not just in place to create a phony sense of security).

By the way, the TSA hasn’t yet fixed the huge security hole, pointed out by Chris Soghoian several years ago, that they check the boarding pass against your ID at the security perimeter and the boarding pass against the electronic ticket record at the gate, but never verify that the ticket matches your ID, unless you check a bag. If you are not checking luggage, the two boarding passes could be different.

Privacy bonus: Canada’s Daily Post has an article about privacy loss, which quotes Blown to Bits and ends with a Christmas-spirit thought that sprung into my head when I was interviewed last week:

Harry Lewis, a professor of computer science at Harvard and co-author of Blown to Bits, said the book was written to get people thinking about how much of their personal information they surrender every day. He worries that the less privacy we enjoy, the more it will discourage social advances.

“The loss of privacy is a socially conforming force,” he said in an interview. “So many social experiments over the course of human history — religious innovations, political dissent — started among small groups of mutually trusted friends who gradually gained acceptance for their beliefs and their behaviours.”

If Jesus’s early followers had a Facebook group, he joked, “they would have been stamped out very quickly.”

Google makes available to you the profile it uses for deciding what ads to send your way, when a blog or other web site partners with Google to get advertising. Take a look to see what Google thinks might interest you. You can disable subjects individually or opt out of the whole program (in which case you will still see advertisements, just ones that may be less “appropriate” to your interests).

It’s a little creepy, but also funny. I wonder how Google decided I might be interested in retirement financial planning, or libraries and museums?

Google has released a dashboard tool that makes it easy for you to review all the settings and preferences you’ve provided for the various Google products you use (Docs, YouTube, Gmail, etc.). The short video here shows you how to access it. (Basically, pull down the Settings menu in the top right of the Google home page, select Google Account Settings, and then select Dashboard and log in a second time.) It’s a bit sobering to see what you’ve told Google about yourself, and what documents of yours Google has, all in one place.

Of course, Google actually knows a lot more about you, or may, than what you’ve said in response to the various invitations it has given you to fill in forms. The Dashboard doesn’t reveal what Google may have concluded about you by retaining and analyzing your searches, for example. You can observe a lot by watching, as the great Yogi Berra said and Google knows better than anyone. The Dashboard gives you no information or control about the privacy threat from inferred data rather than explicit question answering.

For more, see the ComputerWorld article.

A year ago we blogged about the guidelines issued by Department of Homeland Security Director Michael Chertoff about laptop searches at the border. As I wrote at the time,

The Department of Homeland Security may take your laptop at the U.S. border and remove it to an off-site location for as long as it wants. Doesn’t matter if you are a U.S. citizen. There it may examine its contents and have any text it contains translated.

WITHOUT HAVING ANY REASON TO THINK YOU HAVE DONE ANYTHING WRONG.

I was far from the only person perturbed by this policy. It was rational in its way — they can search your suitcase, so why not your laptop? — and yet it was disturbing. Only in recent years have people routinely walked around with their entire life histories in readable format. Why should the government not be required to show probable cause before reading your love letters and personal photos from a decade ago? And then there was the fact that laptops of doctors and lawyers have lots of information about other people on them. Aren’t they entitled to some protection from the curiosity of border guards?

Now Janet Napolitano has issued new guidelines that tighten things up a bit. Here is the CNN story; here is the DHS press release, and here are the rules themselves (pdf, 10 pages).

In essence, DHS has put limits on how long the laptops can be held (5 days) and has guaranteed the person whose laptop is being inspected the right to be in the room at the time agents are inspecting the laptop (though not necessarily the privilege of watching what they are doing).  But left in place is the basic right of DHS to look at any laptop it wishes without having to provide any reason for doing so.

The release says only a tiny fraction of laptops have been inspected while the earlier policy was in place, which is nice, but no guarantee that an individual agent may not adopt a different standard.

Whole disk encryption, which is increasingly standard for business laptops, should be standard for private citizens taking their laptops on international trips. The policy document addresses this possibility too:

Officers may sometimes have technical difficulties in conducting the search of electronic devices such that technical assistance is needed to continue the border search. Also, in some cases Offtcers may encounter information in electronic devices that requires technical assistance to determine the meaning of such information, such as, for example, information that is in a foreign language andlor encrypted (including information that is password protected or otherwise not readily reviewable). In such situations, Officers may transmit electronic devices or copies of information contained therein to seek technical assistance from other federal agencies. Officers may seek such assistance with or without individualized suspicion.

So make your encryption key long enough so it can’t be cracked in five days. (My understanding of US court precedents is that the government can’t compel you to disclose your encryption key — though it may be able to obtain a warrant to search your home and your leather appointment book for the place you wrote it down.)

Altogether this new policy seems to me to leave too much to the discretion of the border officials. I recognize that we’d love to catch terrorists carrying blueprints of their targets, but I suspect that some of those searches are for bad pictures. If the number of laptops they want to search is so small, it should not be a big problem for them to get judicial approval before searching them.

Harvard Magazine has a general-interest story about the erosion of privacy, featuring various Harvard colleagues and myself. It was fun to work with Jonathan Shaw, who wrote the article, but the most interesting part of working with the Magazine was the set-up for the photo shoot!

In New York, some clown started a blog called “Skanks in NYC” for the sole purpose of heaping verbal abuse on, well, whatever people he thought deserved that appellation. The blog was hosted by Blogger.com, a Google service. The site apparently was active for only a day, during which the clown posted five items, one of them referring to a model named Liskula Cohen as a “ho” and a few other things.

Ms Cohen wanted to know who was speaking ill of her, and asked Blogger to disclose that information so she could pursue a defamation suit. I pick up the story from CNN:

On Monday, New York Supreme Court Judge Joan Madden ruled that Google must hand over to Cohen any identifying information it possesses about the blog’s creator. ‚Ķ¬†”The protection of the right to communicate anonymously must be balanced against the need to assure that those persons who choose to abuse the opportunities presented by this medium can be made to answer for such transgressions,” the judge said ‚Ķ.

And Blogger did, under the court order, turn over to Cohen the IP and email addresses of the blogger. A Google attorney said the company was sensitive to both privacy and to cyberbullying, but a court order trumps any concerns of the company.

Now it turns out that the blogger clown is one Rosemary Port, a Fashion Institution of Technology student who, according to the Daily News, had been involved in some sort of personal quarrel with Cohen. Cohen has decided not to pursue the defamation suit. Port, however, says she will sue Google for $15 million for invasion of her privacy.

“Before her suit, there were probably two hits on my Web site: One from me looking at it, and one from her looking at it,” Port said. “That was before it became a spectacle. I feel my right to privacy has been violated.”

That’s an odd transition — she put it up on the Web where anybody in the world could see it. But only a couple of people did, so she claims a privacy invasion when so much attention got focused on it. Still, she didn’t think she was going to be unmasked. Port’s lawyer makes a knee-jerk appeal to the pseudonymously published Federalist Papers, which lobbied for adoption of the U.S. Constitution.

I doubt Port has a case. Google’s Privacy Policy states, “Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances: ‚Ķ¬†We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request ‚Ķ.” Sounds like that covers it. Anyone who’s signed up for a Gmail account agreed to that. (Actually, just doing a Google search causes you to agree to these terms implicitly, but that’s another matter.)

Bloggers (and blog commenters) beware. You can use anonymity tools, such as Tor, if you are really worried about being discovered, but if you do something unlawful behind the veil of an anonymous blog, your cover may be blown.

(It’s a separate question whether calling someone a “ho” or a “skank” actually constitutes defamation. I have no opinion on that one.)

Evgeny Morozov has a scary report at the NPR web site that should serve as a reminder of how hard it now is to keep our various personae separate when our social life is conducted online. I’ll quote, rather than paraphrase, what happened to an Iranian-American woman.

On passing through the immigration control at the airport in Tehran, she was asked by the officers if she has a Facebook account. When she said “no”, the officers pulled up a laptop and searched for her name on Facebook. They found her account and noted down the names of her Facebook friends.

Scary and creepy. But why, exactly? It’s not like the information was rummaged out of her personal papers or extracted by torture. Anyone who uses Facebook much knows that the list of your friends is usually public information. Hundreds of millions of people could have gotten the same information without the woman even being aware that it was happening. This poor woman probably felt that her Iranian identity was separate from her American identity. And the Iranian authorities, who surely have been frustrated by the Internet’s connecting capabilities, have figured out that there is another side to that coin.

Think about it. There is absolutely no reason to think that ANY government would not do the same thing. Nobody needs a search warrant to find out who your “friends” are — they just need your name. Any police officer or boarder guard anywhere in the world could do the same thing. So could any employer or prospective employer, college admissions officer, etc.

Unless, that is, you change Facebook’s default privacy settings. Go to Settings, and select Privacy Settings. On the page that comes up, look under Search Result Content. Uncheck “My Friend List.” There may be a few other boxes you’ll want to uncheck too. Don’t forget to click Save Changes.

The City of Bozeman, Montana is demanding that those applying for jobs supply passwords for their accounts with social networking sites such as Facebook and Myspace, apparently so the City can check out what kind of acquaintances they have. What about the guarantee in the Montana constitution, which states, “the right of individual privacy is essential to the well-being of a free society and shall not be infringed without the showing of a compelling state interest”? Well, says the City’s attorney, that has to be balanced against the need “to make sure the people that we hire have the highest moral character and are a good fit for the City.” Montana is a funny state, not as individualistic as the mythology of Western America might make you think. Nor are Facebook and Myspace as private as their terminology may lead users to expect. Still, I’m guessing the city won’t keep this practice up long — for one thing, “good fit” tests are easily abused, and for another, these sites typically have a term of service such as (to quote Facebook’s) “You will not share your password, let anyone else access your account, or do anything else that might jeopardize the security of your account.”