CNET también está disponible en español.

Ir a español

Don't show this again


Digitized signatures raise fears

A new tracking system being used by UPS that collects actual signatures online may be the latest threat to privacy.

Lauren Weinstein imagines a day when a business could grab copies of thousands of real people's signatures and sell them along with other vital personal information.

Weinstein, president of Vortex Technology and moderator for The Privacy Forum, is concerned that a technology recently put into use by the United Parcel Service could lead to just such a scenario.

UPS has a new advertising campaign touting its ability to put electronic copies of handwritten signatures online: Customers who send packages can log on to a dial-up service and use the shipping number to view the signature of the person who signed to receive the package.

Weinstein isn't worried about what UPS is going to do with the signatures; he's concerned about other people who might use the UPS system to harvest the signatures for themselves.

The UPS technology is the latest example of a growing concern over how online access to personal information can unintentionally invade the privacy of individuals or be used for fraud. Many Netizens have been shocked to learn how readily available their Social Security numbers or other private information is through online databases that can charge very little for the information.

Weinstein, for one, is worried that the availability of a person's actual signature will make for a do-it-yourself fraud kit.

"Personal information has become a valuable commodity," said David Sobel, an attorney with Electronic Privacy Information Center. "There has always been a very large industry devoted to compiling and selling information about people. If you now layer on top of that what can conceivably go on on the Internet you're talking about the possibility of compiling much more detailed information."

In this case, UPS has thought of some safeguards: Only the person who sent the package can view it, and the company provides no mechanism to allow the viewer to capture the signature or print out the screen, spokeswoman Pat Steffan said.

Moreover, she said, UPS has spent $4 billion to build a "system that's bullet proof. It is a commitment made to our customers to protect their information."

And Steffan said emphatically that UPS will not sell signatures. "UPS will not, is not, and has no plans to sell signatures," she said. "We have built the confidence of over 1 million customers. We cannot break that confidence, and no one else can get into our database to get that information."

Weinstein doesn't question UPS's sincerity. But he says that even a very mediocre hacker could use the UPS software to capture signatures with a few technical tricks or a little creative programming.

"I think the problem comes up with what's done with the information," Weinstein said. "This isn't to say UPS is taking a database and creating it and selling it in mass," Weinstein said. But he added, they have provided a mechanism for others to do that very easily.

Weinstein foresees a scenario where someone could go out and use a shipping business to capture digitized signatures en masse. And other shipping companies may not be as trustworthy as UPS.

Right now government agencies legally are prohibited from disseminating much of your personal information. But there are no laws preventing businesses from buying and selling whatever information they can collect on their own and they do so with great regularity.

Weinstein advises people concerned about their signatures, to use fake signatures. But, he added, that won't address the larger problem.

"At this stage in the game the legal system is so far behind that once you give out any personal information on yourself, it becomes free game. It becomes a commodity," Weinstein said.

"The underlying issue is we need a legal structure where people have control of their private information."