Friday, October 5, 2012

NIST grantmaking evades privacy, steering accountability for online ID initiative

WASHINGTON - Government and business interests amid an NIST steering committee nearly uprooted public interest group representations the week NSTIC grants were awarded to contractors to retrofit government issue ID for smartphones and other privacy troubled devices.

According to reports, pilot programs would use national identity articles, like passports, and US drivers licenses online and in smartphones. Grants were awarded to companies like AAMVA, Microsoft, ATT and Daon. The Daon project would port an electronic version of passports, using biometrics, for use on smartphones to cross international borders around the world. While Privacy and Civil Liberty councils remained intact after the struggle, it became apparent privacy and most public interest considerations were marginalised.

 “The IDESG [had] nothing to do with the appropriations. That comes 100% from the NSTIC NPO. I, nor anybody else involved in the IDESG had any say in who got money. We haven’t seen anything other than what’s online. They’re government grants, and they report exclusively to the NSTIC NPO,” said Aaron Titus, Privacy Management Council on NSTIC’s Identity Ecosystem Steering Group [IDESG].

While privacy interests remained intact, the steering group appeared to be uninformed and ineffectual towards grant initiatives to port national identity articles online and onto mobile devices.

“NIST failing to inform a public interest steering committee of plans to fund and implement pilots using bonafide identity articles live online is a complete breakdown in an accountability process considering privacy impacts. This steering committee was almost eviscerated come time to award grants to a national ID program online. This is a heavy indicator that NSTIC is going to run counter to the public interest of privacy and civil liberty and should not be ignored,” says Sheila Dean, spokesperson for the 5-11 Campaign, a national identity watchdog group.

Titus was later asked about grantmaking for privacy and public awareness campaigning of the NSTIC initiative. He cited privacy standards tend to be an “ivory tower” as businesses and governments fail to measure up.

“Because [NSTIC] is voluntary, nobody would implement it. Instead, they’d all run away and do their own thing,” said Titus who indicated a “waste of time” on the part of the government to better inform the public of the program and its impacts to privacy for its intent.

The NSTIC program is a voluntary White House online initiative for online technology users and the private sector modeled closely to FICAM, a standardized identity credentialling program using Smart Cards and biometric credentials for access to federal facilities. It is administered by NIST, DHS and The US Department of Commerce.


RFID consortium to bring blood product tracking technology to market

PORTLAND, OR – The Transfusion Medicine RFID Consortium, which seeks to improve safety and reduce costs in the blood supply chain through use of radio-frequency identification technology, announced Friday that Beaverton, Ore.-based S3Edge has been tapped to commercialize a new RFID and barcode-based blood product tracking technology.

Designed and built under a private, academic and public initiative funded by the National Institutes of Health (NIH), the Blood Product Tracking suite consists of mobile, desktop and server software applications that offer greater visibility to the physical movement of blood products, while improving the efficiency of blood center operations, officials say. The RFID consortium includes BloodCenter of Wisconsin, Carter Bloodcare, Mississippi Blood Services, the University of Iowa Hospitals and Clinics, Mississippi Baptist Health System, University of Wisconsin Madison – RFID Laboratory, Lenexa, Kan.-based Mediware Corp, Brookfield, Wis.-based SysLogic and S3Edge.


Thursday, October 4, 2012

UK National 'virtual ID card' scheme set for launch (Is there anything that could possibly go wrong?)

BTC - Here's a great example of NSTIC global ID initiative for nationalizing the Internet.  This is a virtual mirror of what has been paid for to NIST's NPO breakout pilot awardees in the United States.

c/o UK Independent 

The Government will announce details this month of a controversial national identity scheme which will allow people to use their mobile phones and social media profiles as official identification documents for accessing public services.

People wishing to apply for services ranging from tax credits to fishing licences and passports will be asked to choose from a list of familiar online log-ins, including those they already use on social media sites, banks, and large retailers such as supermarkets, to prove their identity. Once they have logged in correctly by computer or mobile phone, the site will send a message to the government agency authenticating that user’s identity.

The Cabinet Office is understood to have held discussions with the Post Office, high street banks, mobile phone companies and technology giants ranging from Facebook and Microsoft to Google, PayPal and BT.

::::MORE HERE::::

Wednesday, October 3, 2012

ON NOTICE: Medical consent forms include device tracking, reports to FDA

BTC -  The great thing about the Internet is that one can publish pertinent information with little to no analysis and others may draw conclusions, make assessments and determine the meaning of events on their own.  Use of personal judgement and critical thinking skills are encouraged by readers finding content of interest on this blog.

Today on a routine visit to a dermatology office I was asked to sign a boilerplate Consent for Treatment  form.


One important item of note on this boilerplate was an opt-out item in the consent for treatment:

"The following information has been explained to me to the degree that I wish to have it discussed:...
*Possible recognized alternative methods of treatment, including non-treatment;" 

The most relevant information to make this a blogworthy item is the item number 3.

3.  Federal Regulations ( 21 CFR Part 821) require manufacturers to track certain medical devices, and assist the U.S. Food & Drug Administration (FDA) with notification to individuals in the event that a certain medical device presents serious health risks.  I authorize and agree to the release of my contact information to the manufacturer:___________________________________________ for the this tracking purpose only.  I understand that the manufacturer may notify me, if necessary, of important safety information about my medical device, and may release my information to the FDA if ordered to do so.  I understand that this consent is valid for the life of the medical device. 

I had no need of this clause at the time of my personal treatment and did not consent to medical device tracking. Since there is no device for the FDA to track inside my person for medical treatment or any other purpose, I signed the form. It was non-applicable.

This is a live medical consent form being signed by hundreds of people every day seeking treatment for any number of ailments. It cites Federal Regulatory requirements for tracking medical devices. It did pique my curiosities about subcutaneous device implants during my visit to this Dermatology office. RFID tags have been approved for internal and subcutaneous use, and in this regulatory case, medical tracking of human beings and animals by the FDA. 

As this regulation exists live on this form, I see concerns about this may have been massaged away prematurely by advocates who might believe overt threat of internal RFID tracking is "over". Fights were won to ensure medical device tracking was not baked into US national healthcare laws passed in 2010. It was a victory indeed.

However, the public often forgets or misses information about how Administrative fiat in federal agencies is a strong second option for those lobbying for widely administered rules or regulations in public and private sectors. A strong bureaucratic incentive is what lobbys may lead with to create a regulation they could not get passed by way of US Congress. A good example of this would be the Executive branch using Executive Orders to compell public agencies to administer regulations, or even policy, executing items exactly as they would a law.

A consent form like this serves as a flag or a marker to those of us who know governments and corporations live by rules and consequently die, or suffer consequence, of breaking those rules.  The rule will apply today to those who have pacemakers, diabetics with unique conditions, epileptics and other critical health problems solved by the graces of modern technology.  Unfortunately, we also live in a society today which rewards surveillance and data mining contractors handsomely for watching the public in predatory ways counter to human rights, the US Constitution, State Constitutions and the natural will of the public.

I am far more concerned about manufacturers monitoring patients or given a de-facto surveillance license by the FDA for non-health purposes, because they can. Consent forms like this give them the power to do so.  Regulatory compliance holds threat of litigation against device manufacturers for NOT monitoring patients.

Meanwhile, patients maintain hold of the ultimate power: consent. Unless, of course, they sign that away.

Thankfully, there is a way to opt out.  Medical implants are voluntary. They may seem involuntary for those who may need them to survive.  However, most moderately healthy people have no medical need for an RFID implant.  They would never give consent to an arbitrary medical manufacturer to track them.


Subcutaneous RFID adoption is still a novelty item for screwball hackers resistent to living in the woods without being wired in.  By rule of thumb, the .03% of 1% of RFID implant volunteers aren't going to lobby government to do what they do on their own, even by Andy Greenberg's standards.  It's okay to tell the RFID Toys author, who proseletyzes RFID chip adoption, "Go ahead.  It's still America. Do what you want.  It's your body."

Voluntary internalized RFID is not going to catch on with parents or responsible parties in the 1st, 2nd, 3rd or any world unless there is a nefarious and ubiquitous economic or government mandate. They won't be volunteering up for it. Even if Texas and Florida education systems may compulsively encourage dressing kids with an RFID tag. Parents generally don't want Institutions to have more power to watch their children than they do.  They will challenge this or put their kids in another education system.

The rule of consent is the way the public Beats The Chip.