(2007-02-05) [CIPPIC] The Federal Court released its decision today in the case of Philippa Lawson v. Accusearch Inc.
Mr. Justice Harrington found that, contrary to the Privacy Commissioner's interpretation, PIPEDA gives the Commissioner jurisdiction to investigate complaints relating to the transborder flow of personal information, including those where the respondent is located outside Canada. The Court ordered the Privacy Commissioner to investigate CIPPIC's complaint.
[source: News]
(2007-02-27) [IT Law in Ireland] The Telegraph reports that the English government proposes to use data retention to enforce the ban on mobile phones while driving: Motorists face having their mobile phone records checked after a routine accident, under proposals unveiled by the Government yesterday...
In the review the Department for Transport paper says: "We will look at ways to make it easier for the police to be able to follow the process of investigating whether mobile phone use was a contributory factor in an accident and thus prosecute more offenders."
[source: Blog]
(2007-02-05) [The Orange County Register] Technology makes average lives an open book, warts and all. Got a secret? Chances are, it's out there somewhere in the Internet ether. And sooner or later, it's probably going to turn up on the computer screen of someone you never dreamed would see it.
In the age of the Internet, we have all but surrendered the privilege of privacy. The good news? If you feel a burning need to check out someone's driving record, job status or just about anything else, you can do it online. The bad news? People can find out just about anything about you. (Excerpt from news story by Cynthia Hubert)
[source: ocregister]
(2007-02-27) [CNet] Security researchers have canceled a talk on the flaws of RFID-equipped building access badges after receiving legal threats from a major manufacturer.
Researchers from security services firm IOActive planned to demonstrate that the commonly used identification cards can easily be duplicated, posing a serious risk to those who rely on such systems for security. The talk, slated for Wednesday at the Black Hat DC Briefings & Training event in Arlington, Va., was canceled Tuesday after IOActive said it received legal threats from HID Global, a major seller of access control systems. (Excerpt from news story by Joris Evers)
[source: News.com]
(2007-02-28) [EDRI] Peter Hustinx, the European Data Protection Supervisor (EDPS) considers that the changes on the legal basis of Europe's police (Europol) proposed by the European Parliament meant to increase its powers have to be accompanied by proper data protection rules.
The European Parliament has proposed changes that would increase Europol powers in order to fight radical Islamic terrorism, considered as the highest threat to the security in Europe.
[source: EDRI-gram, Number 5.4]
(2007-02-28) [EDRI] One of the main priorities of the current German presidency, the inclusion of the Prüm's Treaty into the EU legal framework, is likely to be achieved before its end in 30 June 2007. During its last meeting on 15 February the EU JHA Council agreed on incorporating into EU legislation most of the Treaty provisions falling into the third pillar.
This decision will create the largest pan-European network of police database, including DNA profiles, fingerprints and other personal and non personal data. Originally signed in May 2005 by seven EU countries (Austria, Belgium, France, Germany, Luxembourg, The Netherlands and Spain), later joined by nine others member States (Bulgaria, Finland, Greece, Italy, Portugal, Romania, Slovakia, Slovenia, and Sweden have announced their intention to adhere), the Treaty has been designed under the lead of French-German cooperation in view of "combating terrorism, cross-border crime, and illegal immigration". The Treaty has been ratified up to now by Austria, Germany, Luxembourg, Spain, while the French Senate adopted on 21 February a draft ratification law.
[source: EDRI-gram, Number 5.4]
(2007-02-28) [APN Holdings NZ Limited] You might think that you're entitled to a certain amount of privacy at work, but this isn't always the case. Some employers have gone as far as putting secret cameras in employee changing areas and gotten away with it.
Katrine Evans, assistant privacy commissioner, says privacy is governed by several principles and no methods of surveillance is completely banned. "Sometimes it's necessary to be covert and privacy doesn't prevent you automatically from being covert," says Evans. (Excerpt from news story by David Maida)
[source: nzherald.co.nz]
(2007-02-28) [USA TODAY.com] Oh, for the good old days when all we worried about was Big Brother government watching us. Too late: Now we have Little Brother to contend with, too -- and he has a camera phone.
Little Brother could be a fed-up straphanger on a subway, a sneaky student in class, maybe a ticked-off guy in the audience. Or a vengeful ex-lover or jealous friends looking to embarrass an American Idol contestant. (Excerpt from news story by Maria Puente)
[source: News]
(2007-02-28) [The Register] Seek compensation if someone breaches your privacy, the Information Commissioner's Office (ICO) urged today.
The ICO issued a guidance note to point people in the right direction if they want recompense for a slight under the Data Protection Act. (Excerpt from news story by Mark Ballard)
[source: News]
(2007-02-28) [The Washington Post] The Department of Homeland Security is testing a data-mining program that would attempt to spot terrorists by combing vast amounts of information about average Americans, such as flight and hotel reservations. Similar to a Pentagon program killed by Congress in 2003 over concerns about civil liberties, the new program could take effect as soon as next year.
But researchers testing the system are likely to already have violated privacy laws by reviewing real information, instead of fake data, according to a source familiar with a congressional investigation into the $42.5 million program. (Excerpt from news story by Ellen Nakashima and Alec Klein)
[source: washingtonpost.com]
(2007-02-28) [The Daily Herald Co] How much is too much when it comes to online access to certain public records, ones that reveal sensitive personal data like your Social Security number or your mother's maiden name?
Snohomish County Auditor Carolyn Diepenbrock has come up with her answer. Some think she's gone too far by blocking online access to 61 types of documents. Others, including a local genealogy group, don't think it's a big deal.
[source: HeraldNet]
(2007-02-28) [Herald and Weekly Times] Human Services Minister Ian Campbell has left open the possibility of tightening laws protecting the privacy of people using the Federal Government's new access card.
The proposed card will replace the Medicare card and be compulsory for any Australian who wants to access up to 16 other government health and welfare services. (Excerpt from news story by Kate Corbett and David Crawshaw)
[source: Herald Sun]
(2007-02-27) [The Sydney Morning Herald] The hyper-connected internet is exposing our private lives - and all their embarrassing details - to the world at large.
Turns out it's true what they say about sports car drivers. A seller on online auction site eBay recently put his red 1986 Ferrari Testarossa on the block. Trouble is, eBay keeps a record of previous purchases. And at the top of this man's list was a message congratulating him on his brand new $89.99 Titan Enlarger Penis Pump. (Excerpt from news story by Nick Miller)
[source: smh.com.au]
(2007-02-27) [TechTarget] Companies planning to deploy radio frequency identification technology (RFID) must demand that privacy and security issues are addressed in the design and procurement phases of the implementation, according to Toby Stevens, a leading privacy and identity expert.
Privacy should not be a "value-add feature," said Stevens, director of the UK-based Enterprise Privacy Group, an association of public agencies and corporations working to understand and develop solutions to privacy and identity-related issues. In an interview with SearchSecurity.com, Stevens talked about whether the European Commission would mandate policy controls for RFID privacy and whether government legislation could stall widespread use of the technology. Stevens said the opinions given are his own and do not necessarily reflect those of his group's member organizations. (Excerpt from news story by Robert Westervelt)
[source: SearchSecurity.com]
(2007-02-27) [EFF] The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice, demanding records about secret new court orders that supposedly authorize the government's highly controversial electronic surveillance program that intercepts and analyzes millions of Americans' communications.
When press reports forced the White House to acknowledge the program in December of 2005, the administration claimed that the massive program could be conducted without warrants or judicial authorization of any kind. However, in January of this year, Attorney General Alberto Gonzales announced that the Foreign Intelligence Surveillance Court (FISC) had authorized collection of some communications and that the surveillance program would now operate under its approval. EFF's suit comes after the Department of Justice failed to respond to a Freedom of Information Act (FOIA) request for records concerning the purported changes in the program.
[source: News]
(2007-02-27) [Heise Zeitschriften Verlag] EU Justice Commissioner Franco Frattini has assured Germany's Federal Minister of the Interior Wolfgang Schäuble (Christian Democratic Union; CDU) of his "full support" for the plans of the federal government to engage in so-called online searches of private PCs.
"Data protection issues" would "of course" need to be taken into account, the Italian national told the northern German daily Schweriner Volkszeitung. "But we must not forget: the security of people in Europe is the issue here. This is why we need to prevent terrorists from using the Internet for their purposes," he added. (Excerpt from news story by Robert W. Smith)
[source: HeiseOnline]
(2007-02-26) [1105 Media, Inc] The Transportation Security Administration's recent attempt to fix problems with its "no-fly" list may have put at risk of theft the Social Security numbers and other personal information provided by travelers, according to Rep. Henry Waxman, D-Calif., chairman of the House Committee on Oversight and Government Reform.
Many people have been detained at airports erroneously because they have names similar or identical to the names of suspected terrorists on the TSA's no-fly list. To correct the problems, TSA on Feb. 13 launched a new "Travel Verification Identity Program" Web site, linked to the TSA's Web site. (Excerpt from news story by Alice Lipowicz)
[source: WashingtonTechnology]
(2007-02-23) [CNet] As more details emerge about the recently disclosed security breach at TJX Companies, lawmakers in Massachusetts are considering new laws that would put the onus for paying for such breaches on retailers and merchants, rather than banks and credit unions, the Wall Street Journal reported Thursday.
In Massachusetts, Attorney General Martha Coakley is hoping to force significant changes to the manner in which companies are allowed to collect, store, and protect sensitive consumer data. (Excerpt from news story by Matt Hines)
[source: News.com]
(2007-02-26) [Wired] Some European countries are proposing outlawing the use of fake information to open e-mail accounts or set up Web sites, a move intended to help terror investigations but which could face resistance on a privacy-conscious continent.
The German and Dutch governments have taken the lead on the proposals, crafting legislation that would make it illegal to provide false information to Internet service providers and require phone companies to save detailed records on customer usage. (Excerpt from news story by Matt Moore)
[source: News]
(2007-02-26) [Wired] A House Appropriations subcommittee and congressional investigators are renewing criticism of the US-VISIT program, a Department of Homeland Security initiative to collect and share biometric-fingerprint and facial data from all foreign visitors to the United States.
The GAO, the investigative arm of Congress, released a report (.pdf) this month revealing that, even as development costs settle, US-VISIT's overall price tag is spiraling up "without any accompanying explanation of the reasons," the report said. (Excerpt from news story by Luke O'Brien)
[source: News]
(2007-02-25) [Wired] The next time you walk by a shop window, take a glance at your reflection. How much do you swing your arms? Is the weight of your bag causing you to hunch over? Do you still have a bit of that 1970s disco strut left?
Look around - You might not be the only one watching. The never-blinking surveillance cameras, rapidly becoming a part of daily life in public and even private places, may be sizing you up as well. And they may soon get a lot smarter. (Excerpt from news story by Stephen Manning)
[source: News]
(2007-02-25) [Reed Business Information Ltd] A law that would protect people in the US from being denied jobs or insurance because of their genetic make-up looks set to be passed after 12 years of debate.
The Genetic Information Nondiscrimination Act (GINA), introduced into Congress on 16 January, is sweeping through committees in the House of Representatives and is tipped to appear before the Senate and the full House within weeks. If passed, GINA will become the first federal law to prevent employers from collecting genetic information on their employees. It would also outlaw genetic discrimination, preventing insurers from denying coverage or charging higher premiums based on a person's predisposition to disease.
[source: NewScientist.com]
(2007-02-24) [The Mercury News] Phil Zimmermann has been an advocate of using technology to protect privacy for many years. He created Pretty Good Privacy, an email encryption program, as a tool to protect human rights.
He figured that encryption was a way for people in totalitarian countries to escape government spying. He released it for free in 1991, but the U.S. government accused him of violating export control laws, which at the time restricted the use of strong encryption because it could help criminals evade law enforcement. After the government dropped its case in 1996, Zimmermann founded PGP Inc. Network Appliance bought that company in 1997. In August, 2002, PGP was acquired by PGP Corp., where Zimmermann still works as an advisor and consultant. I spoke with him at the recent RSA conference in San Francisco. (Excerpt from news story by Dean Takahashi)
[source: Tech Talk Blog]
(2007-02-23) [United Business Media] A December 2006 survey by Harris Interactive(R) shows that most U.S. mobile phone users worry about privacy when it comes to next-generation telecommunications technologies. Known collectively as location-based services (LBS) and presence technology, these services, some of which are already on the market, can tell other contacts where a person is physically located, what communication devices they are using, and how to reach them at any given moment.
About one in four mobile phone owners would like to be able to find out the availability of their contacts (available, busy on a call, unavailable), with 27 percent of them rating this a very appealing option. Eighteen percent would be very interested in the ability to determine the current location of persons on their contact list and 14 percent would like to be able to find out where their contacts had been recently. When asked how they feel about other people having this information about them, the majority of those surveyed say such services are an invasion of privacy.
[source: PR Newswire]
(2007-02-23) [Questex Media Group, Inc] The German and Dutch governments have issued proposals that would make the use of false or fake information illegal in opening a Web-based email account and require phone companies to save detailed records, including when customers make calls, where and to whom, an Associated Press report said.
The Associated Press report said the measures, none of which have yet become law, would not outlaw having false or misleading names on email or other Internet addresses, only providing false information to ISPs.
[source: America's Network]
(2007-02-23) [The Sydney Morning Herald.] The cloak of online anonymity could be lifted in parts of Europe as some governments seek to make it easier to identify people who use fake names to set up e-mail accounts and Web sites.
The German and Dutch governments have taken the lead, writing proposals that would make the use of false or fake information illegal in opening a Web-based e-mail account and require phone companies to save detailed records, including when customers make calls, where and to whom.
[source: Smh.com.au]
(2007-02-23) [Network World, Inc] Whitfield Diffie has been credited with making privacy possible in the digital age. As a co-inventor of public key cryptography, he is one of the most respected contributors to the field of computer security and is in constant demand as a speaker.
In his day job as Sun Microsystems Inc.'s Chief Security Officer, he works out of a corner office in the Sun Labs. He's just down the hall from where scientists are working on Java-based sensors and Sun's next-generation Proximity Communication processors, which seek to do away with wire connections. Though he describes his job as a "marketing" position, Diffie doesn't sound anything like a corporate pitch man. He met with IDG News Service at his Menlo Park, California, office recently to share his thoughts on Microsoft, security, and privacy. Following is an edited transcript of that conversation. (Excerpt from news story by Robert McMillan)
[source: NetworkWorld]
(2007-02-23) [1105 Media, Inc] he Homeland Security Department is not doing enough to protect personal identifying information within its computer systems, according to a new report from DHS Inspector General Richard L. Skinner.
Personal identifying information is any information that can be used to identify a person. It includes, for example, full name, telephone number, e-mail address, credit card numbers and date of birth. While the department has performed draft assessments of privacy impacts and risks to most of its 699 systems, the final validations and approvals by the DHS Privacy Office are not yet complete, the report said. (Excerpt from news story by Alice Lipowicz)
[source: GCN]
(2007-02-23) [EPIC] The Privacy and Human Rights report provides an overview of key privacy topics and reviews the state of privacy in over 70 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy and Human Rights 2005 is the most comprehensive report on privacy and data protection ever published.
Editors of Privacy and Human Rights are interested in expanding their list of contributors. They are specifically interested in news and information from academics, experts and government officials from around the world regarding recent laws, initiatives, threats to privacy, NGO activities and other significant developments. Contributions can be submitted, using the template below, to Allison Knight at knight@epic.org.
[source: EPIC Alert, February 23, 2007]
(2007-02-23) [EPIC] The Ponemon Institute has released its 2007 Privacy Trust Study of the United States Government, to understand the level of confidence Americans have in government agencies that routinely collect and use the public's personal information.
The overall trend suggested a decline in public trust since the think tank first studied the issue in 2004. Interestingly, survey showed diminishing public trust for the National Security Agency and particularly the Department of Veterans Affairs. The National Security Agency's domestic surveillance program, which operated without any legal authority, contributed to a significant loss of support for the agency, and the Department of Veterans of Affairs, an agency that many Americans would otherwise support, recently lost the records of almost 27 million military personnel.
[source: EPIC Alert, February 23, 2007]
(2007-02-23) [EPIC] Several European countries are looking at different ways of implementing data retention following a recent EU directive. Internet providers, wired and wireless carriers will have to maintain location and traffic data for up to two years. Retained data will be used for investigating terrorism and organized crime, rather than a more far-reaching proposal of "preventing" crime.
Different countries have until August of 2007 to sort out how to locally implement the directive. A German proposal would prohibit pseudonymous Internet usage. A Dutch proposal would mandate retaining the exact location of a cell phone user during their call. Meanwhile the United Kingdom is proposing to follow a voluntary system where the government funds the costs of data retention by participating telecommunications carriers and ISPs.
[source: EPIC Alert, February 23, 2007]
(2007-02-23) [EPIC] In comments to the Department of Homeland Security, EPIC urged the agency to fully apply Privacy Act requirements of notice, access, and correction to the new traveler redress program and its underlying system of watch lists. EPIC explained that full application of the Privacy Act requirements to government record systems is the only way to ensure that data is accurate and complete, which is especially important in the context of watch lists, where mistakes and misidentifications are costly.
The Traveler Redress Inquiry Program is described as "a central gateway to address watch list misidentification issues, situations where individuals believe they have faced screening problems at immigration points of entry, or have been unfairly or incorrectly delayed, denied boarding or identified for additional screening at our nation's transportation hubs." However, because the program provides a central system for submitting, directing and tracking, but not for resolving complaints, it fails to address the significant problems in current traveler redress procedures, EPIC said.
[source: EPIC Alert, February 23, 2007]
(2007-02-23) [EPIC] At a public hearing of the Maryland Senate's Judicial Proceedings Committee concerning a bill calling for repeal of the federal REAL ID Act, EPIC testified about the privacy and security risks of the national ID scheme. The REAL ID Act mandates federal requirements for state driver's licenses and requires state DMVs to verify identification documents, such as birth certificates.
Melissa Ngo, Director of EPIC's Identification and Surveillance Project, explained that the privacy and security risks of REAL ID remain unresolved. The federal legislation would create a national database with the personal data of 245 million license and state ID cardholders, yet there is no plan for adequate privacy and security safeguards, EPIC said. EPIC said another significant security risk, besides that of attacks by unauthorized users, is that of authorized users misusing or abusing their power. For example, in a case in Maryland just last year, three people - including a Maryland Motor Vehicle Administration official - were indicted on charges of "conspiring to sell unlawfully produced MVA-issued Maryland identification cards."
[source: EPIC Alert, February 23, 2007]
(2007-02-21) [Broadband Media Corporation] The specter of Terrorists on a Plane has engulfed the aviation industry, with European scientists planning to unveil seatback cameras and microphones for airplanes.
A joint project involving British and German scientists from the Onboard Threat Detection System marries audio and video technology to present an always-on picture of passengers. The system is designed to have advanced software that will examine passengers' behavior for signs of foul intent, such as constantly looking around or thoroughly rubbing their palms together. (Excerpt from news story by Dave White)
[source: mobile magazine]
(2007-02-21) [Vocus PRW Holdings, LLC.] Privacy and information management research firm the Ponemon Institute released its 2007 Privacy Trust Study of the United States Government. The report ranks from most- to least-trusted 74 federal agencies known to collect information on individuals.
In its third year, the Privacy Trust Study of the United States Government seeks to determine and track public perceptions related to the ability of public institutions to safeguard citizen's privacy and personal information. Data generated from the study is evaluated and ranked using the Ponemon Institute's Privacy Trust index and assigned a privacy trust score.
[source: PRweb]
(2007-02-20) [CNet] European governments are preparing legislation to require companies to keep detailed data about people's Internet and phone use that goes beyond what the countries will be required to do under a European Union directive.
In Germany, a proposal from the Ministry of Justice would essentially prohibit using false information to create an e-mail account, making the standard Internet practice of creating accounts with pseudonyms illegal. A draft law in the Netherlands would likewise go further than the European Union requires, in this case by requiring phone companies to save records of a caller's precise location during an entire mobile phone conversation. European Union countries have until 2009 to put the Data Retention Directive into law, so the proposals seen now are early interpretations. But some people involved in the issue are concerned about a shift in policy in Europe, which has long been a defender of individuals' privacy rights. (Excerpt from news story by Victoria Shannon)
[source: News.com]
(2007-02-20) [ComputerWorld] After the data breach about a year ago that exposed the personal information of some congressmen, I was sure that there would soon be a federal bill enhancing privacy protections. But that was not to be.
In early February, Senators Patrick Leahy (D-Vt.), chairman of the Senate Judiciary Committee, and Bernie Sanders (I-Vt.) introduced the "Personal Data Privacy and Security Act Of 2007" (PDF format). From the press release and a quick read of the proposed legislation, it looks quite good. Even in a more detailed reading the bill has some good stuff in it, but in the end the bill does more to protect the people who are sloppy with your data than have any real teeth to prevent the sloppiness in the first place. (Excerpt from opinion piece by Scott Bradner)
[source: Security]
(2007-02-20) [Fairfax New Zealand Limited] Mistakes by British law enforcement agencies in intercepting phone calls reached an "unacceptably high" level as pressure intensified around the time of the 2005 London bombings, a watchdog said on Monday.
"The number of errors is unacceptably high," said Swinton Thomas, a former judge who recently completed his term as a government-appointed watchdog into how wiretaps are carried out.
[source: Stuff]
(2007-02-19) [The Register] Multiple reports of data losses in the US, publicised because of information security disclosure laws, have given the impression that the problem of confidential customer data leaks due to lost laptops and hacker attacks was much worse in the US than in Europe. But a survey of 500 IT managers by net security firm Symantec shows that fears of IT security breaches are running twice as high among IT pros in the EMEA region as among their US counterparts.
(Excerpt from news story by John Leyden)
[source: News]
(2007-02-19) [PinkNews] Cambridge University Professor Ross Anderson revealed how during the 1990s the NHS secretly created a national register of everyone being treated for HIV.
People with HIV will have details of their names, treatments and status placed on a central national register if government plans for a new medical database go ahead. Sensitive personal information could be handed over without the consent of patients or doctors, a top computer scientist has warned. (Excerpt from news story by Torsten Højer)
[source: News]
(2007-02-19) [Seattle Times] Tiny radio transmitters in credit cards, on clothing tags and even inside animals expedite sales, guide products through the supply chain and help lost pets get home.
But privacy advocates worry the same technology could be used to spy on consumers. To pre-empt such high-tech surveillance, state Rep. Jeff Morris, D-Mount Vernon, wants to make sure no one can use such technology to track people through the merchandise they buy, or to tap into their personal information. (Excerpt from news story by Elliott Wilson)
[source: News]
(2007-02-26) "Privacy Compliance Conference" will take place on May 30 -- 31, 2007 (Toronto, Canada).
See calendar entry.
(2007-02-26) "The Policy Challenges of Electronic Privacy" will take place on March 28, 2007 (Brussels, Belgium.).
See calendar entry.
(2007-02-26) "5th Conference on Privacy and Public Access to Court Records" will take place on March 22 -- 23, 2007 (Williamsburg, Virginia, US).
See calendar entry.
(2007-02-26) "Privacy Coalition Meeting" will take place on February 23, 2007 (Washington DC, US).
See calendar entry.
(2007-02-26) "SECURECOMM 2007 -- Third International Conference on Security and Privacy for Communication Networks" will take place on September 17 -- 21, 2007 (Nice, France).
See calendar entry.
(2007-02-16) [Hindustan Times] The virtual strip search is not happening. Air travellers need not fear the 'bare-all' X-ray body scanner at the Indira Gandhi International Airport anymore.
The Central Industrial Security Force (CISF), which is in charge of airport security, has decided not to use the backscatter X-ray machine -- that produces almost-naked images of passengers to reveal hidden weapons or explosives -- due to ethical and technical reasons. (Excerpt from news story by Sidhartha Roy)
[source: News]
(2007-02-16) [The Register] The Bank of England told HM Treasury about the secret US surveillance of international banking transactions as long as five years ago.
The US's eager pursuit of terrorist financiers, begun within weeks of the 11 September attacks, involved a trawl through the world's financial transactions through subpoenas on the firm that handles them for private banking clients - the Society for Worldwide Interbank Financial Communication (Swift). (Excerpt from news story by Mark Ballard)
[source: News]
(2007-02-15) [Jupitermedia Corporation] Led by Rep. Lamar Smith of Texas, eight Republican U.S. House members have filed legislation that would give Attorney General Alberto Gonzales broad powers to require Internet service providers (ISPs) to retain customer data.
Privacy groups were quick to respond to the legislation, arguing that the language isn't clear enough. Under the Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act of 2007 (SAFETY Act), the attorney general would be required to issue ISP data retention requirements, powers Gonzales has sought since last year as part of the Department of Justice's (DoJ) campaign against online child pornography. (Excerpt from news story by Roy Mark)
[source: Internet News]
(2007-02-15) [The Register] The European Parliament is demanding a say on the computerized front of the US anti-terror war and pressing for a global agreement on inter-government data sharing.
The Parliament has adopted a resolution that conceded governments should do what they could to prevent terrorists attacking their people, yet stressed that anti-terrorist bloodhounds should be put on a leash. (Excerpt from news story by Mark Ballard)
[source: News]
(2007-02-15) [Times Internet Limited.] If you are a regular user of online booking sites of airlines or Indian Railways and think that your credit card or personal information is secure, its time for a serious rethink. Many e-booking websites don't secure all web pages which contain your personal information like credit card number or passport number.
What it simply means is that a hacker spying on the website will have no problem in obtaining whatever data you fill in. The data will be presented to him in clear-text rather than in an encrypted version, which is the accepted norm. For instance, till few weeks ago, the Jet-Airways privileges (JP) site for frequent fliers operated on HTTP (Hyper Text Transfer Protocol) rather than HTTPs. An additional (encryption) layer is added when HTTPs is used as the URL (Uniform Resource Locator) scheme. Secure websites, which are used for payments and any sensitive transactions, have an additional 's' after HTTP. HTTPs has a different port 443 compared to HTTP whose port is 80. (A port is a number used to map a particular process running on a computer.) (Excerpt from news story by Harsimran Singh)
[source: News]
(2007-02-15) [VNU Business Publications Ltd] When Information Commissioner Richard Thomas first coined the expression 'sleepwalking into a surveillance society' in an interview in 2004, he probably did not realise he was creating a catchphrase.
The quote has become a byword for the wide belief that technology inevitably means a dangerous loss of privacy. The privacy debate is a looming crisis, which will have to be publicly tackled soon. Today, there is little rational debate on the subject -- only opposing, black-or-white opinions. (Excerpt from opinion by Bryan Glick)
[source: WhatPC]
(2007-02-15) [Davis Wright Tremaine LLP] The FCC is reportedly close to issuing a decision that would modify current rules governing the use, disclosure of, and access to certain information related to telephone subscriber calling records. Current rules require telecommunications carriers to treat this information, known in the industry as customer proprietary network information (CPNI), as confidential and to limit its use and disclosure.
CPNI is broadly defined to include information that relates to the quantity, technical configuration, type, destination, location and amount of use of a telecommunications service. Generally speaking this includes call detail records, call volumes, customer account information, billing information, technical information, service destination, and the service plans to which a customer subscribes. Following several high-profile pretexting cases in 2005 which lead to the release of telephone subscriber records the FCC initiated a proceeding to revisit the scope and effectiveness of its current CPNI rules. (Excerpt from post by K.C. Halm)
[source: Privacy and Security Law Blog]
(2007-02-14) [Huntsville Forester] With identity theft fresh on people's minds these days, a warning currently being circulated on the Internet about magnetic hotel key cards is causing some concern.
The warning states that a magnetic key card contains personal information such as the customer's name, partial home address, hotel room number, check-in and out dates and the customer's credit card number and expiration date. This not true. (Excerpt from news story by Gillian Brunette)
[source: News]
(2007-02-14) [International Herald Tribune] European governments are preparing legislation to force companies to keep detailed data about people's Internet and phone use that goes beyond what the countries will be required to do under a European Union directive.
In Germany, a proposal from the Ministry of Justice would essentially prohibit using fake information to create an e-mail account, making the standard Internet practice of creating pseudonymous accounts illegal. (Excerpt from news story by Victoria Shannon)
[source: News]
(2007-02-14) [The Australian] The smartcard prompted a brawl in the Coalition partyroom last week, with NSW Liberal backbencher Bronwyn Bishop claiming it failed "the Nazi test" as it would have assisted the regime in targeting the Jews.
It will ultimately replace the Medicare card, holding personal information and providing access to up to 16 other government health and welfare services. Yesterday, the ALP caucus agreed a significant rewrite of the proposed laws was required, endorsing a shadow cabinet decision to vote down the legislation if the amendments failed (Excerpt from news story by Samantha Maiden)
[source: News]
(2007-02-14) [Technovelgy LLC] The world's smallest and thinnest RFID tags were introduced yesterday by Hitachi. Tiny miracles of miniaturization, these RFID chips (Radio Frequency IDentification chips) measure just 0.05 x 0.05 millimeters.
The previous record-holder, the Hitachi mu-chip, is just 0.4 x 0.4 millimeters. Take a look at the size of the mu-chip RFID tag on a human fingertip. The new RFID chips have a 128-bit ROM for storing a unique 38 digit number, like their predecessor. Hitachi used semiconductor miniaturization technology and electron beams to write data on the chip substrates to achieve the new, smaller size.
[source: Technovelgy.com]
(2007-02-14) [ComputerWorld] The Better Business Bureau is warning of a spoofing scam that uses its name and a phony e-mail that urges recipients to click a hyperlink that could download a computer virus.
The BBB system, which has 129 branches, said a company from Kennesaw, Ga., had its computer system hacked Monday night and that the company's computers were generating thousands of counterfeit messages to businesses and consumers, purporting to be a complaint filed with the BBB against the recipient. The incident was first reported to the BBB branch that serves the Columbus, Ga., area by one of its members, according to the alert. The spoofed e-mails were sent to thousands of businesses in the U.S. and Canada. (Excerpt from news story by Linda Rosencrance)
[source: Security]
(2007-02-14) [EDRI] A recent report made public by the Bulgarian National Audit Office about the activity of the Commission for Personal Data Protection (CPDP) in Bulgaria in the period 1 January 2003 - 31 December 2005 shows that CPDP has failed in achieving its main purpose - to protect the citizen's personal data.
Parts of the National Audit Office report have been translated by Bulgarian NGO Access to Information Programme and published on Statewatch. According to the report, the CDPD has spent approx. 1.35 million Euro for its activities, but has completed only 17 investigations at citizens' complaints. The Commission has failed in creating the mandatory registry of personal data processors and hasn't imposed any sanction so far.
[source: EDRI-gram, Number 5.3]
(2007-02-14) [EDRI] The European Parliament intends to strengthen its opposition to the US demands related to the transfer of European air passenger data (PNR).
Following the debate that took place on 31 January 2007 in the European Parliament, the vote on the position that EU should have concerning the new PNR agreement to be signed with USA on 31 July 2007 was delayed.
[source: EDRI-gram, Number 5.3]
(2007-02-14) [EDRI] The German Federal Supreme Court (BGH) in Karlsruhe ruled, on 5 February, that, according to the German Code of Criminal Procedure (StPO), online police snooping was illegal.
As the court argued, StPO had no provisions to allow the authorities to perform online snooping, the code allowing only overt searches.
[source: EDRI-gram, Number 5.3]
(2007-02-14) [BBC] Balancing the needs of the police to investigate crimes online with the privacy of individual web users has become controversial as governments seek to extend their snooping rights in cyberspace.
Already European ISPs and phone companies are in the process of implementing an EU directive which forces them to retain a variety of communication data for up to two years. (Excerpt from news story by Jane Wakefield)
[source: News]
(2007-02-13) [ACLU] The American Civil Liberties Union today condemned a bill introduced by Representative Lamar Smith (R-TX), that seeks to eliminate online privacy by requiring Internet Service Providers (ISPs) to maintain detailed records on each of their subscribers' online activities.
The bill would give Attorney General Alberto Gonzales broad discretion to determine what records ISPs must keep and for how long. In addition, it would require "sexually explicit" websites to post warning labels or face criminal sanctions.
[source: News]
(2007-02-13) [Center for Democracy and Technology] A senior Congressman has introduced legislation that would require Internet Service Providers to retain records on all their subscribers. H.R. 837, introduced by Rep. Lamar Smith (R-TX), would grant the Attorney General broad authority to require ISPs to collect and retain unspecified information identifying their subscribers and their Internet activity.
The measure would also require websites to label sexually explicit content and would impose liability on any ISP that engaged in any conduct that facilitated access to child pornography.
[source: News]
(2007-02-13) [MSNBC.com] The explosion of social networking sites such as MySpace.com and Second Life, along with free video sharing sites like YouTube.com, is making it increasingly difficult to protect children surfing the Internet, says Stephen Balkam, who founded a voluntary Web site rating system seven years ago.
To deal with this new Web terrain, Balkam relaunched his group Tuesday as the Family Online Safety Institute with a broader mission of improving online child safety and protecting free speech through public policy, education and events.
[source: News]
(2007-02-12) [CNet] Putting RFID chips into people's arms is, it turns out, not a booming business.
VeriChip, which has created a system for putting RFID chips into humans for medical-record tracking, held an initial public offering on Friday, and the company's stock has been struggling ever since. The stock is currently trading at around $6.15. The company released 3.1 million shares in the IPO for $6.50 a share. Part of the problem is likely the lackluster sales for the company's most famous product. (Excerpt from news story by Michael Kanellos)
[source: News.com]
(2007-02-12) [IDG] New web ads respond to your activities--and this has privacy advocates worried.
Online ads are not only booming--and scrolling, spinning, shaking, shouting and singing--they are also watching you even as you are viewing them, capturing your click patterns to create more detailed profiles than traditional browser cookies do. (For more on other ways marketers are using to control the web, check out Bloggers for sale). (Excerpt from news story by Dan Tynan)
[source: PC World]
(2007-02-12) [Jupitermedia Corporation] Google's YouTube and a company called Live Digital will offer no refuge to users who uploaded pirated copies of Fox Television's "24" and "The Simpsons" onto their video platforms.
In an e-mail to internetnews.com, a 20th Century Fox Television spokesperson said that Google and Live Digital complied with subpoenas issued by the U.S. District Court in Northern California and disclosed to Fox the identities of two individuals who illegally uploaded entire episodes of "24" prior to its broadcast and DVD release. (Excerpt from news story by Nicholas Carlson)
[source: Internet News]
(2007-02-12) [1105 Media, Inc.] Like many initiatives the federal government passes down to states, the Real ID Act comes with plenty of baggage. Privacy concerns, insufficient funding and a lack of strong security measures may derail the 2008 deadline for states to comply with the law unless pending regulations from the Homeland Security Department satisfy the 110th Congress.
The act requires states to overhaul how they issue driver's licenses and to build a network to store and share information verifying the identity of hundreds of millions of driver's license recipients. Anyone who wants to enter a federal building or board an airplane would have to have a new driver’s license that meets Real ID standards. (Excerpt from news story by Ethan Butterfield)
[source: WashingtonTechnology]
(2007-02-12) [Newsquest Media Group] Schools in Sussex have been told they should get permission from parents before taking finger prints from pupils.
Privacy watchdog the Information Commissioner has told headteachers using new biometric technology that both parents and children should be fully informed what they are doing before taking data from pupils. (Excerpt from news story by Miles Godfrey)
[source: The Argus]
(2007-02-12) [Mondaq] The Boxing Day tsunami in 2004 gave rise to a raft of privacy-related practical problems concerning the disclosure of personal information about individuals caught up in the tragedy. Existing Privacy Act provisions restricted the ability of government agencies and companies to provide the large-scale, timely response necessary for dealing with mass casualties and missing persons.
The Privacy Legislation Amendment (Emergencies and Disasters) Bill (the Bill) aims to deal with disaster and emergency situations like the tsunami and the Bali bombing.... (Excerpt from article by Charles Alexander)
[source: News]
(2007-02-12) [New York Times] At least [seven] US states have or are working on enormous databases of driver's license photographs. Coupled with increasingly accurate facial-recognition technology, the databases may become a radical innovation in law enforcement.
Other biometric databases are more useful for now. But DNA and fingerprint information, for instance, are not routinely collected from the general public. Most adults, on the other hand, have a driver's license with a picture on it, meaning that the relevant databases for facial-recognition analysis already exist. And while the current technology requires good-quality photographs, the day may not be far off when images from ordinary surveillance cameras will routinely help solve crimes. Critics say the databases may therefore also represent a profound threat to privacy. (Excerpt from news story by Adam Liptak)
[source: New York Times]
(2007-02-12) [1105 Media, Inc] The Homeland Security Department is abandoning the idea of using radio frequency identification tags to track foreign visitors leaving the country because the technology was not proven successful in testing, according to DHS secretary Michael Chertoff.
In Feb. 9 testimony to the House Homeland Security Committee, Chertoff confirmed that RFID testing performed as part of the U.S. Visitor and Immigration Status Indicator Technology (U.S. Visit) program at several land border crossing points was not effective. (Excerpt from news story by Alice Lipowicz)
[source: GCN]
(2007-02-12) [ComputerWorld] With 133 million consumers worldwide, PayPal is arguably one of the most recognizable Internet brands -- and one of the most frequently phished as well. With that in mind, PayPal's chief information security officer, Michael Barrett, talked about the problem and his company's multipronged strategy for handling it.
Excerpts from the interview ... (Extract from news story by Jaikumar Vijayan)
[source: Security]
(2007-02-11) [Politiken] Sikkerheden for persondata kan øges, mener data-sikkerhedsekspert. Tusinder af mennesker har eller kan få adgang til dybt personlige oplysninger om danskerne.
Danmark var teknisk set langt fremme, da vi etablerede det centrale personregister, CPR, og brugte det til at binde en lang række offentlige registre sammen. Dengang satte teknikken grænser for, hvordan tingene kunne kobles sammen og hvordan oplysningerne om hver enkelt borger kunne graves frem. (af Søren Astrup)
[source: Politiken.dk]
(2007-02-09) [The Chronicle of Higher Education] A professor stands his ground for Internet anonymity.
They closed my office door behind them, sat down, took out notepads and pens, and asked if I had a few minutes to speak with them about Tor. Basically, Tor is a way to surf the Internet anonymously. Someone looking up potentially sensitive information might prefer to use it -- like a person who is worried about potential exposure to a sexually transmitted disease and shares a computer with roommates. Abuse survivors might not want anyone else knowing they have visited Web sites for support groups related to rape or incest. Journalists in repressive regimes with state-controlled media use Tor to reach foreign online news sites, chat rooms, blogs, and related venues for information. (Excerpt from news story by Paul Cesarini)
[source: News]
(2007-02-08) [Skype] "It is quite normal to look at indicators that uniquely identify the platform." Not when you're using a supposedly secure VoIP program -- e.g., Skype -- it's not.
"The function calls to do this are public and are available to any software running on your computer. Of course, in line with our Privacy Agreement, Skype does not retrieve any of this data. It is only used by the EasyBits software to ensure that plug-in use complies with the appropriate license token or key."
[source: Blogs]
(2007-02-07) [EFF] In Washington, D.C., last Tuesday, EFF proudly supported the reintroduction of Rep. Rush Holt's (D-NJ) Voter Confidence and Increased Accessibility Act of 2007 (HR 811). EFF released the following statement in conjunction with Holt's press conference:
"Paperless direct recording electronic ("DRE") voting machines have failed the American public. Instead of fixing the profound shortcomings in technology and procedures exposed during elections over the past decade, these unauditable, closed voting systems have introduced an unacceptable level of risk and doubt into voting -- a process that must be unassailable.
[source: News]
(2007-02-06) [Politech] Well, it took a few years, but it finally happened. A data retention bill was introduced today, courtesy of the those freedom-loving House Republicans and their "law and order agenda."
But it's actually a Democrat (Rep. Diana DeGette) who's the most enthusiastic proponent of this scheme, so you can bet that whatever happens will be bipartisan in the end.
[source: News]
(2007-02-02) [Statewatch] The EU's Article 29 Working Party on data protection has published: Opinion 1/2007 on Green Paper on Detection Technologies in response to the Commission's Green Paper on: Detection technologies in the work of law enforcement, customs and other security authorities.
The Working Party is particularly concerned about: "the equation that is seemingly made in the document between "terrorism" and "other forms of crime"" The terms terrorism should be "defined very clearly" and "the two concepts should be kept separate". The Working Party is also concerned about a proposal in the Commission's Green Paper: "Would it be possible to create European or regional centres for data and text mining which several Member States and their authorities could use for data and text mining?"
[source: News]
(2007-02-02) [Business Intelligence Lowdown] How much would you sell your private data to a company for? Would you take $100 to let someone see every site you have visited over the past year, how about $1,000?
Today, many major companies spend millions collecting a variety data on individuals such as; what charities you donate to, your political beliefs, your shopping habits, your educational data and your contact information. Unfortunately, you never get to decide how much your privacy is worth to you, because these companies aren't asking your permission.
[source: Blog]
(2007-02-18) "The EU RFID Forum 2007" will take place on March 13 -- 14, 2007 (Brussels, Belgium).
See calendar entry.
(2007-02-11) [Hearst Communications Inc.] Opinion: Civil libertarians would have us believe that the war on terrorism has introduced a vast new national security state that is sweeping suspects off the street without charge, listening in on every phone call and throwing citizens before military courts. The only problem is that the targets of their criticism lived in the last centuries.
These broad infringements of constitutional liberties in wartime took place under Presidents Abraham Lincoln, Woodrow Wilson and Franklin Roosevelt. While our government has limited some liberties in today's war, these restrictions have been much more modest, have struck a better balance between security and liberty and rest far more easily within the Constitution. (Excerpt from opinion piece by John Yoo)
[source: SFGate.com]
(2007-02-11) [Nelson Minar] Did you know that for years Google has been keeping a record of every search you do? And did you know they're now associating your search history with your Google login for other services like Gmail, Calendar, and the like? Surprise! It's Search History. And now it's being used to personalize your search results.
I don't like Google aggregating this data about me. It is possible to opt out. You can turn off search history recording in the settings page. You can also edit your history, including removing it entirely.
[source: Blog]
(2007-02-10) [The Courier-Journal] Paris Hilton and privacy don't seem to go together. But the scandalous heiress recently sued someone for attempting to sell her belongings online.
Paris' property was in storage, and she allegedly wasn't paying the rent for the space, so her stuff was sold at auction for a couple thousand dollars to a wealthy family named the Hanisses. They then sold the lot for $10 million to a man named Bardia Persa. He launched a Web site, parisexposed.com (since shut down), hawking her love poems, medical records, pics, videos and more. We talked to David Porter, an expert in legal privacy issues and a shareholder with Buchanan, Ingersoll & Rooney's Litigation Section, about the issues surrounding this crazy case. (Excerpt from story by Tamara Ikenberg)
[source: courier-journal.com]
(2007-02-09) [Computer World] ITEK kræver bedre beskyttelse af personlige oplysninger. Derfor skal politikerne være mere påpasselige, når der lovgives.
Organisationen opfordrede allerede for et par måneder siden de danske politikere til at være mere påpasselige når de lovgiver om overvågning. Danskernes personlige oplysninger er nemlig alt for dårligt beskyttet, siger it-sikkerhedskonsulent Henning Mortensen fra brancheforeningen ITEK under Dansk Industri til dr.dk. (Utfrag från artikel af Rune Pedersen) (Även: artikel på version 2 og Dagens Industri).
[source: ComputerWorld.dk]
(2007-02-09) [The Des Moines Register] Does the personal information that ends up on some government documents - papers that could then be released to the public or fall into the hands of identity thieves - leave Iowans vulnerable?
State Ombudsman Bill Angrick asked lawmakers Thursday to create a privacy commission to investigate that question. The commission would review whether government agencies need to collect certain pieces of private information such as Social Security numbers, whether they make documents public without blacking out sensitive information, and whether they're properly disposing of unneeded documents. (Excerpt from news story by Jennifer Jacobs)
[source: DesMoinesRegister.com]
(2007-02-09) [ConsumerAffairs.Com Inc.] The financial services industry, hoping to befuddle the new Congress, has been busily laying down a smokescreen claiming that identity theft is on the wane.
But the Federal Trade Commission's latest compilation of consumer complaints and a survey by the National Crime Prevention Council should do much to clear the air. (Excerpt from news story by Martin H. Bosworth)
[source: ConsumerAffairs.Com]
(2007-02-09) [The Washington Post] Last year, we started to see cases of voice phishing or "vishing" attacks. That's when bad guys send e-mails urging people to call an automated 1-800 number that prompts callers to enter their credit card data. Now scammers are targeting mobile phone users by luring would-be victims with short text messages - can "tishing" be far behind?
News of this latest twist on phishing comes from Paul and Robin Laudanski, the husband and wife founders of the anti-phishing and security group CastleCops. Robin received a questionable text message on her Verizon mobile phone. It alerted her that she had exceeded her cell-phone plan's allotted number of text messages, and urged her to call a 1-800 number to purchase additional minutes.
[source: washingtonpost.com]
(2007-02-09) [EPIC] Members of EU Parliament have become increasingly vocal in their disapproval of what many view as disregard for EU data protection laws in international data transfers.
In a January 31, 2007 joint debate of the European Parliament, speakers criticized the Commission and the Council for the institutions' handling of two EU-US data protection issues: the transfer of financial data by SWIFT banking consortium to US authorities, and the transfer of passenger name records by European airlines to the US Department of Homeland Security.
[source: EPIC Alert, Volume 14.03]
(2007-02-09) [EPIC] The FCC is expected to issue a rule to protect telephone record privacy from pretexters. Legislation passed by Congress last year made pretexting a crime but did nothing to improve security standards for telephone companies that often release customer information to those engaging in fraud.
Expected changes include requirements that telephone companies: use passwords before giving out telephone records; only mail the records to home addresses; and call back at the registered service number to verify requests for disclosure.
[source: EPIC Alert, Volume 14.03]
(2007-02-09) [EPIC] Last week, the Maine House and Senate registered nearly unanimous opposition to the federal REAL ID Act, which mandates federal requirements for state driver's licenses. Another dozen states are reviewing legislation against REAL ID, including Arizona, Georgia, Hawaii, Massachusetts, Missouri, New Hampshire, New Mexico, Oklahoma, Utah and Wyoming.
The resolution passed in Maine stated that, "Maine State Legislature refuses to implement the REAL ID Act and thereby protest the treatment by Congress and the President of the states as agents of the federal government." The resolution also asks Congress to repeal the law. Sen. Daniel Akaka (D-HI) and Sen. John Sununu (R-NH) introduced legislation, the Identification Security Enhancement Act, on December 8, 2006, to repeal REAL ID and replace it with language that includes strong security and privacy protections. Sen. Sununu expects to introduce similar legislation in this Congressional session.
[source: EPIC Alert, Volume 14.03]
(2007-02-09) [EPIC] On February 6, Senators Leahy and Specter introduced the Personal Data Privacy and Security Act of 2007 (S. 495). The bipartisan bill, which is substantially similar to one introduced in 2005, requires government and commercial entities to ensure that the personal data they collect is protected by adequate security.
The bill aims to prevent and mitigate identity theft, ensure privacy, provide notice of security breaches, and enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.
[source: EPIC Alert, Volume 14.03]
(2007-02-08) [CNet] In October 2004, all but one member of the U.S. House of Representatives voted for a bill that was supposed to curtail the threat of malicious PC-disrupting spyware.
But the Senate ignored it. So the House once again approved spyware regulations in May 2005, which yielded precisely the same lack of a result. Hoping that the third time proves the charm, House leaders on Thursday introduced a bill that would once again try to impose 31 pages of regulations on the software industry in an effort to define what types of activities are permissible and which ones aren't. (Excerpt from news story by Declan McCullagh and Anne Broache)
[source: News.com]
(2007-02-08) [United Business Media] The potential benefits of electronic medical records (EMRs) sounds appealing to most people, but when the issue of privacy is raised, many people become concerned about the potential for privacy abuses in EMR systems. However, most have read or heard nothing about EMRs, so public opinion is waiting to be formed.
These are some of the findings of three different surveys, each of which contained some relevant questions on EMRs, which were conducted by Harris Interactive(R) in 2006 and 2005. Two of these surveys were conducted with Dr. Alan F. Westin, Professor of Public Law & Government Emeritus at Columbia University and one of the world's leading authorities on privacy issues in health care and other business and government settings.
[source: PR Newswire]
(2007-02-08) [1105 Media Inc..] Federal agencies need to do a better job of informing the public about measures taken to protect their sensitive and private information, current and former government officials say.
A lack of information can lead to trouble, said several experts, speaking at the CTO Forum held by the Government Electronics and Information Technology Association. (Excerpt from news story by Wade-Hahn Chan)
[source: fcw.com]
(2007-02-07) [CNet] Identity theft fraud accounted for slightly more than a third of all complaints reported to the Federal Trade Commission last year.
Identity theft complaints, which include credit card fraud, bank fraud, as well as phone and utilities fraud, accounted for 36 percent of the total 674,354 complaints submitted to the FTC and its external data contributors last year, according to a report released Wednesday by the FTC. The results come at a time when ID theft is a major concern among consumers and Congress. (Excerpt from news story by Dawn Kawamoto)
[source: News.com]
(2007-02-06) [ComputerWorld] U.K. businesses are failing to remove sensitive data from old PCs. The contents of such systems remain available to whoever buys them secondhand, according to a survey released Tuesday by Pointsec Mobile Technologies.
A large proportion of such PCs are shipped to Third World countries, where the information can be used in ID theft scams. In the survey of 329 companies, more than half employ more than 2,000 staffers. Fewer than half of the respondents use professional disposal companies to destroy their old computers.
[source: Security]
(2007-02-06) [Center for Democracy and Technology] Senators Patrick Leahy (D-Vt.) and Arlen Specter (R-Pa.) today introduced legislation to protect consumers when their personal privacy is compromised by data breaches. First introduced in 2005, the Personal Data Privacy and Security Act is one of the stronger data-breach proposals that have been proposed in Congress.
CDT is particularly supportive of a provision in the measure that strengthens oversight of the government's use of commercial databases to collect information about citizens. CDT supports federal data breach legislation so long as it improves on existing protections and does not undermine the strong protections already established by the states.
[source: News]
(2007-02-05) [Center for Democracy and Technology] A CDT analysis finds that privacy guidelines issued by the Bush Administration for the Information Sharing Environment are inadequate. The ISE is a potentially revolutionary system for exchanging personally identifiable information that was mandated by the intelligence reform act of 2004.
Adoption of detailed guidelines to protect privacy was supposed to be a pre-condition for its development. Moving forward with the ISE without adequate guidelines jeopardizes privacy, due process and First Amendment rights.
[source: News]
(2007-02-05) [InfoWorld] Users of online banking sites tend to bypass critical clues that the integrity of those sites may have been compromised, according to the working draft of a study released on Sunday by researchers at Harvard University and the Massachusetts Institute of Technology.
The study, which will be formally released in May at the IEEE Symposium on Security and Privacy in Oakland, California, underscores how new technologies and warnings can't completely protect Internet users from scams such as phishing. It also throws doubt on the effectiveness of site-authentication images, which have been implemented by financial institutions such as Bank of America, Vanguard Group, and ING Bank. The images, selected by the customers, are shown when a bank customer logs in from a different computer than is normally used. (Excerpt from news story by Jeremy Kirk)
[source: News]
(2007-02-05) [donga.com] Three major domestic telecom companies were found to have illegally operated cell phone tracking services.
The Ministry of Information and Communication submitted a report on the current state of mobile operators?tracking services to Grand National Party lawmaker Kim Tae-hwan on the Science, Technology, Information and Communication Committee in the National Assembly. The findings showed that mobile carriers violated a law to notify the person being located by the system.
[source: donga.com]
(2007-02-05) [1105 Media, Inc] The Homeland Security Department's plans for sharing biometric information internationally -- designed to counter the threat of terrorism -- face resistance from domestic privacy advocates and European governments that follow stricter privacy laws that protect personal data.
Senior DHS officials speaking at a recent conference on biometrics and privacy policy outlined the ethical imperative for technical standards that would foster unrestricted biometric data sharing. (Excerpt from news story by Wilson P. Dizard III)
[source: GCN]
(2007-02-04) [Real Cities Network] Federal regulators working on rules to secure the calling records and other private information of telephone customers are running into resistance from phone companies and law enforcement agencies.
The rules, an effort by the Federal Communications Commission to combat "pretexting," are circulating among the commissioners for comment and may be voted on this month. (Excerpt from news story by John Dunbar)
[source: SanLuisObispo.com]
(2007-02-02) [PinsentMasons] The European Parliament has voted to make every EU member state take a common approach to cross-border privacy and defamation cases. The move follows a campaign by UK Liberal Democrat MEP Diana Wallis.
An EU Regulation immediately becomes law in all member states, and the Parliament has just amended a Regulation known as 'Rome II' that decides what happens when the laws of two countries contradict each other and no contract is in place to decide the outcome.
[source: Out-law.com]
(2007-02-02) [MIT Technology Review] New open-source software by IBM could let people minimize their digital footprints, potentially curbing online fraud.
Think about the last time you bought a DVD, booked a flight, rented a car, or signed up for a service or newsletter on the Internet. At some point, you had to fill out a form that asked for a lot of personal information. While it's a hassle unto itself, filling out forms can lead to a bigger problem: each time you give out your information, you provide an opportunity for your information to be picked off by identity thieves. (Excerpt from news sory by Kate Greene)
[source: News]
(2007-02-02) [Wired] Javelin Strategy and Research, an independent research group, this week released a new report -- funded by Visa, Wells Fargo and Checkfree -- that found that in 2006, 8.4 million Americans were hit by identity fraud, a full half a million fewer than in 2005. The study, based on a phone survey of 5,000 American adults, found the total amount lost to identity theft fell 12%, from $55.7 billion to $49.3 billion.
The study was widely reported in the media yesterday -- AP, Reuters, and UPI. But Chris Hoofnagle, an expert in data privacy laws who is also an attorney at the Berkeley Center for Law and Technology, says the study is dead wrong, both in its methodology and its conclusions.
[source: Commentary]
(2007-02-01) [WorldNow] Iowa State Ombudsman Bill Angrick wants lawmakers to create a privacy commission to investigate identity theft from government sources.
He says a commission is necessary to review whether government agencies need private information, whether they make documents public without blacking out sensitive information and if they properly get rid of unneeded documents. Angrick told the Legislature yesterday that he's worried that documents that require personal information could be scanned and posted on an agency Web sites, making them vulnerable to hackers.
[source: WQAD]
(2007-02-12) "Consumer Authentication: How Do You Know It Is Really Me?" will take place on March 16, 2007 (Washington, DC, US).
See calendar entry.
(2007-02-12) "Internet Privacy Symposium: Research Findings from the OPC Contributions Program" will take place on February 23, 2007 (Ottawa, Ontario).
See calendar entry.
(2007-02-12) "A Practical Approach to Global Privacy Complianc" will take place on February 13, 2007 (Toronto, Canada).
See calendar entry.
(2007-02-12) "Biometrics Institute New Zealand Conference" will take place on March 16, 2007 (TE PAPA Wellington, NZ).
See calendar entry.
(2007-02-12) "Winter 2007 Biometrics Summit" will take place on February 26 -- March 1, 2007 (Miami, Florida, US).
See calendar entry.
(2007-02-04) [Boston Globe] With a scan of your index finger, some supermarkets memorize what kind of toilet paper or cereals you buy. They share that information with suppliers who offer coupons so you'll purchase more of their products next time.
Other merchants collect your driver's license number when you make a return. They share that information with a company that keeps track of your returns. If you have too many, the store may suspect you're making fraudulent exchanges and ban you from bringing back merchandise. (Excerpt from news story by Jenn Abelson)
[source: boston.com]
(2007-02-02) [MIT Technology Review] As more services migrate online, and as tactics of identity thieves become more sophisticated, people will need better ways to manage their information, says Nataraj Nagaratnam, chief architect of identity management for IBM Tivoli.
Nagaratnam and other IBM researchers have developed open-source software that they think can help. Called Identity Mixer (Idemix), the digital identity management software lets people make online transactions--from filling out forms to purchasing plane tickets--without disclosing personal information. The software lets a person use artificial identity information, in the form of digital "tokens," to make online transactions. Using these encrypted tokens, which are issued by trusted sources such as the Department of Motor Vehicles (DMV) or a bank, a person can effectively be anonymous to Web services such as Amazon.com or Expedia, never giving out his or her information. (Excerpt from news story by Kate Greene)
[source: News]
(2007-02-02) [PinsentMasons] The European Parliament has voted to make every EU member state take a common approach to cross-border privacy and defamation cases. The move follows a campaign by UK Liberal Democrat MEP Diana Wallis.
An EU Regulation immediately becomes law in all member states, and the Parliament has just amended a Regulation known as 'Rome II' that decides what happens when the laws of two countries contradict each other and no contract is in place to decide the outcome.
[source: Out-law.com]
(2007-02-02) [Transcontinental Media Inc.] A review of Canada's privacy law has resumed amid calls for more power for the Privacy Comissioner and mandatory security breach notification by Canadian enterprises.
The Standing Committee on Access to Information, Privacy, and Ethics - chaired by Tom Wappel, MP for Scarborough Southwest - began the five-year statutory review last November. It has met eight times, hearing testimony from a wide variety of stakeholders. Some of the potential changes are being met with resistance from factions who approve of the current act's self-regulation model. (Excerpt from news story by Briony Smith)
[source: itbusiness.ca]
(2007-02-01) [Privacy Rights Clearinghouse] An analysis of incidents in 2006.
A total of 327 incidents were reported.
[source: News]
(2007-02-01) [GAO] In April 2004, President Bush called for the Department of Health and Human Services (HHS) to develop and implement a strategic plan to guide the nationwide implementation of health IT. The plan is to recommend methods to ensure the privacy of electronic health information. GAO was asked to summarize its report that is being released today.
The report describes the steps HHS is taking to ensure privacy protection as part of its national health IT strategy and identifies challenges associated with protecting electronic health information exchanged within a nationwide health information network.
[source: Reports]
(2007-02-01) [ComputerWorld] Identity fraud in the U.S. fell by $6.4 billion, or 12%, last year, with the most damaging kind -- fraudulent new account openings -- dropping the most, according to a survey released today.
But the good news was balanced by results showing that young adults, despite their tech-savviness, are at greater risk for ID fraud, and that a fraud-detection "digital divide" separating the wealthy and the poor was also emerging, according to Javelin Strategy & Research. (Excerpt from news story by Eric Lai)
[source: Security]
(2007-02-01) [ComputerWorld] Kaspersky Lab Thursday will acknowledge that cybercriminals have the upper hand and cooperative international policing is needed to protect honest users.
"We don't have the solutions," says Natalya Kaspersky, CEO of the company. "We thought it was possible to do antivirus and that was adequate protection. That time is gone." Solving the problem is beyond the capabilities of security vendors alone, she says, and coordinated efforts among countries are needed. Kaspersky Lab is expected to share these assertions during a press conference in New York City Thursday. (Excerpt from news story by Tim Greene)
[source: Security]
(2007-02-01) [The Heartland Institute] When the U.S. Department of Homeland Security put into effect its Automated Targeting System (ATS) in December, it added to a growing list of programs that use information about ordinary Americans to seek after terrorists. An outgrowth of systems used to track cargo, ATS now assigns a "risk score" to Americans crossing the border, using data about them from a wide variety of databases.
ATS appears to use data mining to single out people as suspected terrorists or criminals. If data mining worked to catch terrorists, a program like ATS would deserve widespread endorsement. Unfortunately, data mining does not have this capability. (Excerpt from report by Jim Harper)
[source: IT&T News]