(2007-08-31) [AAAS] With cost barriers lowered for data capture, storage, integration, and dissemination, our privacy is no longer implicitly protected. Instead, those charged with protecting information privacy must now give it explicit attention. This is the purpose of two thoughtprovoking reports released this year.
In its report, the U.S. National Research Council recommends that fair information practices be adopted by businesses in the use of personal information and that mechanisms be developed to give individuals more control over the use of their information. Perhaps the most controversial recommendations involve increased privacy regulation: the establishment of a Federal Privacy Commissioner or Privacy Commission, greater federal regulation of businesses that use personal information, and more government action to protect individual information privacy. The report from the U.K. Royal Academy of Engineering emphasizes that, because of human rights law, organizations maintaining systems that use personal information should be accountable for designing them to provide privacy. The report recommends less intrusive data use (such as preferring client authentication -- "are they valid users?" -- over identification -- "who are they?"), research on how camera surveillance can ignore law-abiding activities, developing clarity about privacy expectations, formation of trusted third-party organizations as guardians of personal data, and making data collection and use transparent to the data subject. It advocates strengthening the powers of the U.K. Information Commissioner to include substantial penalties for misuse of data. (Excerpt from article by George Duncan)
[source: Science, Vol 317, p 1178-1179]
(2007-08-16) [ENISA] Myspace, Twitter, Facebook -- Social Networking is the web success story of the new century. The statistics are mind-bending -- Myspace claimed its 100 Millionth user in August 2006. But a recent ENISA workshop put the question - "how safe are social networks?"
According to the experts, there is a lot to be concerned about; from specialised social networking worms spreading through Myspace profiles to identity theft, extortion, spear-phishing and even recruitment of terrorists -- social networking has it all. But the biggest threat is to personal privacy. "Thousands of young people are revealing the most intimate details of their personal lives for everyone to see," says Alain Esterle, Head of ENISA's Technical Department. "Social Networking sites create a sense of being among friends -- but often a potential employer might be interested in the fact that you were arrested or which drugs you took yesterday. Added to this, new technologies like online face recognition and Internet archives make it very difficult to hide or remove such information once it is posted online."
[source: Press Release]
(2007-08-22) [Help Net Security] If I keep my documents on Google Docs, my mail on Yahoo Mail, my bookmarks on del.icio.us, and my address book on .Mac, is there any point in talking about the privacy of my data any more? Should I just accept that using web-hosted applications means that privacy doesn't exist?
Many new applications do a great job of making it easy and free for you to post your information online. In a lot of cases, your data is combined with other people's data, to pull helpful or interesting relationships out of aggregate data ("People who bought this book also bought...."). Your photos on your hard drive are not as useful as your photos on Flickr, where others can comment on them, find them via tags, share them, and make them into photo-related products. (Excerpt from news story by Marc Hedlund and Brad Greenlee)
[source: News]
(2007-08-31) [CNet] In the cozy Facebook social network, it's easy to have a sense of privacy among friends and business acquaintances. But sites like Rapleaf will quickly jar you awake: Everything you say or do on a social network could be fair game to sell to marketers.
Rapleaf, based in San Francisco, is building a business on that premise. The privately held start-up, whose investors include Facebook-backer and PayPal co-founder Peter Thiel, runs two consumer Web sites: Rapleaf.com, a people search engine that lets you retrieve the name, age and social-network affiliations of anyone, as long as you have his or her e-mail address; and Upscoop.com, a similar site to discover, en masse, which social networks to which the people in your contact list belong. To use Upscoop, you must first give the site the username and password of your e-mail account at Gmail, Hotmail, Yahoo or AOL. (Excerpt from news story by Stefanie Olsen)
[source: News.com]
(2007-08-30) [CNet] Second Life creator, Linden Lab, is tightening security in its virtual world by introducing an identity verification (IDV) system for its residents.
The IDV system is designed to stop people under the age of 18 accessing restricted areas which contain adult or inappropriate material. The system uses an ID verification technology called Integrity, developed by verification and data services company Aristotle. Robin Harper, vice president of marketing and community development at Linden Lab, said this is an "important and necessary step in the development of Second Life". (Excerpt from news story by Tim Ferguson)
[source: silicon.com]
(2007-08-30) [PinsentMasons] The Information Commissioner's Office (ICO) published new guidance yesterday that explains its view of what counts as personal data under the Data Protection Act (DPA). Information that is not personal data today may become personal data as technology advances, it says.
A landmark ruling in 2003 challenged long-held assumptions about what constituted personal data. Michael Durant's case against the Financial Services Authority resulted in the courts defining personal data very narrowly, so that data became personal only in certain circumstances.
[source: Out-law.com]
(2007-08-29) [EFF] The Electronic Frontier Foundation (EFF) has obtained documents through the Freedom of Information Act (FOIA) that reveal the inner workings of the FBI's Digital Collection System Network (DCSNet), a software suite that allows the Bureau to conduct surveillance on a wide variety of digital devices.
As Ryan Singel writes in his extensive report for Wired News: "Many of the details of the system and its full capabilities were redacted from the documents acquired by the Electronic Frontier Foundation, but they show that DCSNet includes at least three collection components, each running on Windows-based computers. ..." (Excerpt from news story by Marcia Hofmann)
[source: News]
(2007-08-29) [CNet] Congressional Democrats don't plan to waste much time in revisiting a temporary expansion of federal eavesdropping law that has met with hostility in privacy and civil liberties circles.
The U.S. House of Representatives Judiciary Committee on Wednesday afternoon said it plans to hold a hearing on September 5--that is, the day after politicians return from their August recess--to begin exploring, well, changes to the changes to the 1978 Foreign Intelligence Surveillance Act, better known as FISA. According to committee Chairman John Conyers (D-Mich.), the move is in part a response to misgivings by House Speaker Nancy Pelosi. She has said the last-minute changes approved by Congress earlier this month in response to Bush administration pressure are "unacceptable" and warrant near-immediate "corrective action." (Excerpt from news story by Anne Broache)
[source: News.com]
(2007-08-29) [ComputerWorld] Retail point-of-sale (POS) systems pose a clear but often overlooked danger to consumer credit card data, a security researcher warned this week.
In a white paper released by Neal Krawetz, founder of Hacker Factor Solutions, described several relatively easily exploited vulnerabilities in POS technologies. "The vulnerabilities disclosed in this document denote a set of fundamental flaws in the point-of-sale process," Krawetz said. "Even if a solution were available today, it would take years to be fully deployed." (Excerpt from news story by Jaikumar Vijayan)
[source: Security]
(2007-08-29) [EDRI] RAND Europe invite contributions to an online survey from all Internet users with knowledge of self-regulatory institutions. This research institute is conducting fieldwork for the European Commission to evaluate options for and effectiveness of self-regulation in the Information Society.
The findings and recommendations will be validated by means of a key stakeholder workshop and reported in a form suitable for wide dissemination and discussion. The final date for completion of the online survey is 31 October 2007.
[source: EDRI-gram, Number 5.16]
(2007-08-29) [EDRI] On 2 August 2007, the Electoral Commission, independent body set up by the UK Parliament, recommended in its evaluation on the pilot schemes used in May 2007 elections to end electronic voting trials until the establishment of a strategy by the UK Government to modernise the electoral system and make it more secure.
The Electoral Commissions considers that there would be not much further to learn from any more electronic voting trials, as lessons have been gathered during the trials that took place during the last seven years when the Ministry of Justice commissioned thirteen local authorities in England to run pilot schemes. The Commission believes that it is time the government drafted a clear plan to change the way to run these elections.
[source: EDRI-gram, Number 5.16]
(2007-08-29) [EDRI] A Foreign Intelligence Surveillance Act proposed by the US Administration was passed by the US Congress on 4 August 2007 allowing US intelligence services to intercept electronic communications between US, but also non-US citizens, if the communication passes across US-based networks, without needing a court order.
A written question was addressed to the European Commission and the Council by MEP Sophie In't Veld and Graham Watson from ALDE (Liberal group in the European Parliament) raising concerns on the US act which they consider as a violation of the privacy and civil rights of EU citizens. The questions refer to the level of protection of the EU citizens' personal data that the European Commission can provide as well as to the relation between EU-US extradition agreements and the new US act, wondering whether the information obtained by means of such interceptions can lead to automatic extraditions without judicial substantiation. Ms. Sophie In't Veld is also concerned about the unilateralism of the act that was passed without consulting the European partners.
[source: EDRI-gram, Number 5.16]
(2007-08-29) [EDRI] Recent cases in the German Local Court of Offenburg have confirmed the reluctance of the German public prosecutors in determining the identities of P2P users that have allegedly breached the copyright law.
The German online publication Heise has revealed that in a recent case in the Offenburg court, the judge decided to reject the music industry claims to order the ISPs to reveal the subscribers that were suspected of having infringed the copyright through peer-to-peer applications. The court considered the measure as "disproportionate"and the plantiffs did not show how the alleged offenders had been involved in actions that had created a "criminally relevant damage".
[source: EDRI-gram, Number 5.16]
(2007-08-29) [forskning.no] 18 minutter og 10 sekunder tok det stipendiat André N. Klingsheim å finne personnummeret til journalist Lars Holger Ursin. Bevæpnet med et lite program han har skrevet selv, trenger han bare å vite navnet og fødselsdagen din for å finne personnummeret ditt, og derfra skape store problemer for deg.
Programmet til Klingsheim bruker omadresseringstjenesten til Posten for å sjekke om et personnummer er gyldig. Der trenger du nemlig bare navn og fødselsdato. Programmet genererer alle mulige personnumre, og tester dem systematisk -- på ett nummer vil Posten ikke gi feilmelding -- og da har du personnummeret. (Excerpt from news story by Lars Holger Ursin)
[source: forskning.no]
(2007-08-28) [Access Info] The world's first treaty to guarantee the right of access to information, currently being drafted by the Council of Europe, risks falling below prevailing European standards according to civil society groups from across Europe. The treaty, which will become the "European Convention on Access to Official Documents", is being drafted by a Group of Specialists, chosen by 15 of the 47 governments that are members of the Council of Europe. The Group of Specialists is mandated to finish its work by the end of 2007, but has just one more drafting session scheduled for 9-12 October in Strasbourg.
The future European Treaty on Access to Official Documents establishes a right to request "official documents", which are broadly defined as all information held by public authorities, in any form. On the positive side, the future Convention will establish that the right to "official documents" can be exercised by all persons with no need to demonstrate a particular interest in the information requested, and at no charge for filing requests and viewing documents.
[source: Web news]
(2007-08-28) [ITpro] Etter den kraftige økningen i trafikk i forrige periode, har trafikken denne perioden mer enn halvert i forhold. VNC er fortsatt den mest utsatte tjenesten. Nedgangen i antall søk mot VNC og MS SQL fra forrige periode til denne er derimot veldig stor. Norge er nok en gang oppe blant topp 10 avsenderland. I månedens fokus tar vi for oss identitetstyveri.
Trusselvurdering er en rapport skrevet av Linda Olsen, analytiker fra Secode, som presenterer trusselbildet som organisasjoner utsettes for fra Internett. Guide: IT-drift & Nettverk: Trusler og trender. Av: Linda W. Olsen
[source: itpro]
(2007-08-28) [ComputerWorld] A working group set up by the Internet Corporation for Assigned Names and Numbers (ICANN) to thrash out differences over proposed privacy changes to the WHOIS database stopped work last week with little real agreement on how or even whether to implement the reforms.
The group's failure to come up with a proposal that could have been accepted by ICANN continues a long-standing stalemate on efforts to reform the way WHOIS data is handled. The group's findings were summarized in a final outcomes document released Aug. 20. "The WHOIS debate has gone on for years, and [ICANN] needs to call an end to it for now," said Tim Ruiz , vice president of corporate development and policy at The Go Daddy Group Inc., a Scottsdale, Ariz.-based domain name services provider. "It's been clear for some time that unanimity, or even consensus, on any changes is not possible." (Excerpt from news story by Jaikumar Vijayan)
[source: Networking & Internet]
(2007-08-28) [ComputerWorld] Yahoo Inc. has asked a federal court to dismiss a lawsuit filed against it by the Washington-based World Organization for Human Rights USA.
That lawsuit, filed in April, accuses Yahoo's Hong Kong subsidiary, Yahoo Hong Kong Ltd., of allegedly providing information to Chinese authorities that led to the persecution, torture and imprisonment of four Chinese dissidents. According to that lawsuit, YHKL handed over information that led to the imprisonment of dissidents, including writer Wang Xiaoning, on charges of incitement to subvert state power. Wang was sentenced to 10 years in prison in September 2003, due in part to writings distributed over the Internet. Yahoo gave his e-mail account information and IP address to the Chinese government, according to the court documents. (Excerpt from news story by Linda Rosencrance)
[source: Security]
(2007-08-28) [ComputerWorld] A working group set up by the Internet Corporation for Assigned Names and Numbers (ICANN) to thrash out differences over proposed privacy changes to the WHOIS database stopped work last week with little real agreement on how or even whether to implement the reforms.
The group's failure to come up with a proposal that could have been accepted by ICANN continues a long-standing stalemate on efforts to reform the way WHOIS data is handled. The group's findings were summarized in a final outcomes document released Aug. 20. (Download PDF.) "The WHOIS debate has gone on for years, and [ICANN] needs to call an end to it for now," said Tim Ruiz , vice president of corporate development and policy at The Go Daddy Group Inc., a Scottsdale, Ariz.-based domain name services provider. "It's been clear for some time that unanimity, or even consensus, on any changes is not possible." (Excerpt from news story by Jaikumar Vijayan)
[source: Mobile & Wireless / Security / ...]
(2007-08-27) [Datatilsynet] Kva er ei "personopplysning" og kva fell utanfor? Artikkel 29-gruppa har no kome med retningslinjer for tolking av omgrepet.
Artikkel 29-gruppa er ei offisiell, rådgivande EU-gruppe med ansvar for å sjå til at personverndirektivet blir etterlevt. Under gruppa sitt siste møte før sommaren blei det vedteke ei fråsegn som gjeld forståinga av omgrepet personopplysning. Fråsegna er omsett til dansk. Dokumentet trekkjer opp linjer for kva som blir omfatta av omgrepet "personopplysning". Gruppa deler omgrepet opp, og gir konkrete eksempel bygde på dei nasjonale tilsyna si saksbehandling.
[source: Nyhet]
(2007-08-24) [Datatilsynet] En fersk undersøkelse blant svenske ungdommer i alderen 14 til 18 år viser høy nettaktivitet, og få sperrer mot å oppgi navn, publisere bilder og videoer av seg selv på nett. Verken IT-kunnskap eller tidligere negative erfaringer ser ut til å bety noe.
Forskningsforetaket Kairos Future har, på oppdrag fra Datainspektionen, spurt 500 ungdommer om internettbruk og tanker rundt personvern og overvåking. Undersøkelsen trekker opp et bilde av ungdommene som aktive nettbrukere og produsenter av innhold på nett. De er i liten grad forsiktige med å oppgi sitt eget navn, og publiserer gjerne bilder og videofilmer av seg selv.
[source: Nyhet]
(2007-08-24) [Datatilsynet] Den nye avtalen mellom USA og EU om overføring av flypassasjerdata gir betydelig svekket personvern, sier Artikkel 29-gruppen, et offisielt rådgivende personvernorgan i EU.
Etter terrorangrepene mot USA i 2001 har USAs myndigheter krevd en rekke opplysninger om flypassasjerer som kommer inn i amerikansk luftrom. Kravet om personopplysninger omfatter blant annet passasjerenes navn, kontaktopplysninger, reiserute, reisefølge og eventuell diett. Nå er en ny avtale om overføring av passasjerdata undertegnet av EU og USA.
[source: Nyhet]
(2007-08-24) [PinsentMasons] OPINION: The Data Protection Act is not strong enough to protect privacy in today's surveillance society. Dr Chris Pounder proposes 10 universal standards to buttress the Act and create balance whenever there is interference in private and family life.
It is without doubt that the perpetrators of the failed terrorist attacks in July were traced by using personal data stored on surveillance systems -- most notably from data stored on CCTV, Automated Number Plate Recognition systems and from communications data stored by the telephone companies. This success will only deepen the resolve of all Western governments to retain these kinds of personal data for longer periods, and it is my view that the vast majority of individuals have no problem with this. We all want to help the authorities capture terrorists. However, mass retention of personal data combined with wide-ranging legal powers has its dangers. This mix will inevitably facilitate function creep beyond the "find the terrorist" purpose because a valid reason can always be found for processing personal data for different purposes. Since mass surveillance systems costs millions of pounds, such reasons will also arise from the need to obtain value for money. (Excerpt from opinion piece by Chris Pounder)
[source: Out-law.com]
(2007-08-22) [PinsentMasons] The woman at the centre of a battle with social services over the future of her unborn baby will not be able to claim an exemption from the UK's Data Protection Act, a legal expert has warned.
Vanessa Brookes of Calderdale, Halifax was recently told by a social worker that the local authority would apply for an interim court order to take her baby from her and place it with foster parents on birth. Worried about the outcome of the meeting, Brookes tape recorded it. The recording was published on video sharing website YouTube. Local authority Calderdale Council has objected to that publication and has said that it will take legal action to have it taken down because, it says, it breaches the Data Protection Act (DPA).
[source: Out-law.com]
(2007-08-21) [PinsentMasons] A legal expert has called the figures "unreliable" and also claims it is "unrealistic" to blame the Act for all compliance costs in this area.
The Conservative Party's red tape review is titled 'Freeing Britain to Compete: Equipping the UK for Globalisation.' It is published as an official submission to the Shadow Cabinet by the party's Economic Competiveness Policy Group, which is chaired by John Redwood MP.
[source: Out-law.com]
(2007-08-15) [Popsci.com] How to protect your RFID-equipped credit cards and identification documents from snoopers.
Watch the the vodcast (length 03:54).
[source: Popsci.com]
(2007-08-13) [Datatilsynet] Datatilsynet har de siste dagene mottatt mange henvendelser fra bekymrede mennesker som har fått brev fra Tele 2. I brevet opplyses at personopplysninger om dem urettmessig er hentet ut via virksomhetens hjemmeside.
- Vi forstår at mange er bekymret. At uvedkommende sitter med dine nøkkelopplysninger skaper i beste fall et ubehag. Mange stiller spørsmål med hvordan dette kunne skje, sier avdelingsdirektør Leif T. Aanensen i Datatilsynet. Datatilsynet har fått flere spørsmål fra personer som stusser på at de har fått sine opplysninger innhøstet, til tross for at de ikke er kunder hos Tele2. Det som har skjedd er at noen har utnyttet svakheter i flere datasystemer, blant annet hos Tele2, til å hente opplysninger som opprinnelig stammer fra Folkeregisteret. Datasystemene har gitt fra seg informasjon når de har fått oppgitt et fødselsnummer.
[source: Nyhet]
(2007-08-01) [Scientific American] In this episode Carnegie Mellon University computer scientist Latanya Sweeney talks about the changes in privacy due to data collection and approaches to protect privacy in the future, with Scientific American contributor Chip Walter.
Plus we'll test your knowledge of some recent science in the news. Websites mentioned in this episode include privacy.cs.cmu.edu; www.chipwalter.com . Listen to the podcast (length 24:02).
[source: Podcasts]
(2007-08-24) [EPIC] At least 20,000 police surveillance cameras are being installed along streets here in southern China and will soon be guided by sophisticated computer software from an American-financed company to recognize automatically the faces of police suspects and detect unusual activity.
Starting this month in a port neighborhood and then spreading across Shenzhen, a city of 12.4 million people, residency cards fitted with powerful computer chips programmed by the same company will be issued to most citizens. Data on the chip will include not just the citizen's name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord's phone number.
[source: EPIC Alert, Volume 14.17]
(2007-08-24) [EPIC] The Director of National Intelligence, Michael McConnell, authorized the sharing of spy satellite information with non-intelligence state, local and federal agencies.
The Department of Homeland Security, via its new National Applications Office, will be coordinating access to the information. It is expected that these entities will have access not just to imagery, but also to the intelligence agencies' analysis and production capabilities. These spy systems provide real time capabilities, have more detail, and detect more information than commercially available satellite imagery.
[source: EPIC Alert, Volume 14.17]
(2007-08-24) [EPIC] In a speech to the National Conference of State Legislatures earlier this month, DHS Secretary Michael Chertoff told states that citizens in states that do not implement REAL ID will have to use passports for federal purposes, such as entering courthouses or flying domestically.
Passports currently cost $97 each, and the State Department admitted in July that there is a significant backlog in processing passports because of, among other things, "inept planning, underfunded preparations, and popular misunderstanding of poorly crafted government advertising."ù In May, EPIC and 24 experts in privacy and technology submitted comments on DHS's draft implementation regulations for the REAL ID Act warning the federal agency not to go forward with the proposal.
[source: EPIC Alert, Volume 14.17]
(2007-08-24) [EPIC] Research undertaken by The Public Ballot, a voter privacy organization, and reported on by CNET.com revealed that Ohio voter privacy is threatened by the Election Systems and Software's voting machines. The method of affixing a time stamp to each voter-verified paper audit record is cited as the source of the voter privacy problem. The state of Ohio, along with retaining these records, also retains the poll registration logs, which note the time each voter enters the voting process. Both types of information are treated as public information and are available upon request.
Federal and state courts and legislatures have historically taken measures to protect the right of voters to vote their conscience without fear of retaliation. United States law requires that "All votes for Representatives in Congress must be by written or printed ballot, or voting machine, the use of which has been duly authorized by the State law; and all votes received or recorded contrary to this section shall be of no effect." The statute defines "ballot" in election provisions to mean a "method which will insure, so far as possible, secrecy and integrity of popular vote," and interprets the Congressional requirement that elections be conducted by written or printed ballots or by machine to include the notion that ballots must be secret.
[source: EPIC Alert, Volume 14.17]
(2007-08-24) [EPIC] In an on the record discussion with the El Paso Times, Director of National Intelligence Michael McConnell revealed past and current surveillance activities and border security.
For the first time, an administration official confirmed that private sector companies illegally assisted with the President's domestic spying program. Several telecommunication companies are being sued for this, and McConnell says these lawsuits will bankrupt them. McConnell argued that these companies should have immunity for any past violations of privacy laws, not just the going forward immunity that the new Foreign Intelligence Surveillance Act (FISA) provides.
[source: EPIC Alert, Volume 14.17]
(2007-08-22) [CDT] CDT, the Electronic Frontier Foundation and Sun Microsystems this week urged the Federal Communications Commission (FCC) to be cautious in considering an "automatic" location requirement for VoIP providers for use during e911 emergency calls.
In comments filed today with the FCC, the groups noted that while the e911 system is a vital part of our public safety net, VoIP services are unable to provide "automatic" location information (without user input), and a requirement that they do so would harm innovation and competition. The comments also cautioned that some proposed solutions to address the VoIP location requirement would destroy users' privacy.
[source: News]
(2007-08-22) [Help Net Security] If I keep my documents on Google Docs, my mail on Yahoo Mail, my bookmarks on del.icio.us, and my address book on .Mac, is there any point in talking about the privacy of my data any more? Should I just accept that using web-hosted applications means that privacy doesn't exist?
Many new applications do a great job of making it easy and free for you to post your information online. In a lot of cases, your data is combined with other people's data, to pull helpful or interesting relationships out of aggregate data ("People who bought this book also bought...."). Your photos on your hard drive are not as useful as your photos on Flickr, where others can comment on them, find them via tags, share them, and make them into photo-related products. (Excerpt from news story by Marc Hedlund and Brad Greenlee)
[source: News]
(2007-08-21) [1105 Media, Inc] The Defense Department announced today that it would close an intelligence reporting database that had come under legal fire as a means of storing information about peaceful domestic critics of Bush administration policies.
The Threat and Local Observation Notice (Talon) database had become a lightning rod for criticism of military intelligence agencies' monitoring of antiwar protestors. The decision to shut it down resonated with parallel litigation and debate about the legality of federal monitoring of international telecommunications. Technological changes in international telecommunications that have arisen since the disclosure of Vietnam War-era domestic spying prompted new civil-liberties protections figure in current privacy debates. The Pentagon said it would close Talon as of Sept. 17 and "maintain a record copy of the collected data in accordance with intelligence oversight requirements," said a department press statement issued today. (Excerpt from news story by Wilson P. Dizard III)
[source: Government Computer News]
(2007-08-20) [InfoWorld] Privacy advocates will protest the default authentication built into everything using a computer chip. But the benefits promised by corporations and the government ("We can help you locate your children if they are kidnapped") will make consumers beg for the intrusion. Privacy advocates who don't wish to be "chipped" will use their own version of the Internet and take their chances in a Wild West-style environment much like the one we suffer today.
Meanwhile, in the safe confines of an Internet transformed by pervasive authentication, malicious hackers will have a hard time escaping capture. The increased protections provided by more secure identity and authentication mechanisms will make malicious hacking too arduous to be profitable anymore. In exchange for compromising on privacy, the online experience will finally be a safe one. (Excerpt from news story by Roger A. Grimes)
[source: News]
(2007-08-20) [Wired] A controversial Homeland Security data mining system called ADVISE that dreamed of searching through trillions of records culled from government, public and private databases analyzed personal information without the required privacy oversight, may cost more than commercially available alternatives and has been suspended until a privacy review has been completed, according to an internal audit.
The Analysis, Dissemination, Visualization, Insight, and Semantic Enhancement program, one of twelve DHS data mining efforts, hit the trifecta of civil libertarians concerns about data mining programs -- invasiveness, secrecy and ineffectiveness, according to a recent DHS Inspector General report. DHS hoped the data sifting tool would help analysts "detect, deter, and mitigate threats to our homeland and disseminate timely information to its homeland security partners and the American public." The idea was to build a generic toolset that could find hidden relationships in massive amounts of data and provide the tool to groups working with data sets as divergent as intelligence and newspaper reports to WMD sensor data. Started in 2003, the program has gotten $42 million in funding through 2007. (Excerpt from news story by Ryan Singel)
[source: Blogs]
(2007-08-17) [CNet] For years, a handful of civilian agencies have used limited images from the nation's constellation of spy satellites to track hurricane damage, monitor climate change and create topographical maps.
But a new plan to allow emergency response, border control and, eventually, law enforcement agencies greater access to sophisticated satellites and other sensors that monitor American territory has drawn sharp criticism from civil liberties advocates who say the government is overstepping the use of military technology for domestic surveillance. (Excerpt from news story by Eric Schmitt)
[source: News.com]
(2007-08-16) [Cable News Network.] Americans may need passports to board domestic flights or to picnic in a national park next year if they live in one of the states defying the federal Real ID Act.
Homeland Security Secretary Michael Chertoff says there are no plans for a federal database of drivers' information. The act, signed in 2005 as part of an emergency military spending and tsunami relief bill, aims to weave driver's licenses and state ID cards into a sort of national identification system by May 2008. The law sets baseline criteria for how driver's licenses will be issued and what information they must contain. The Department of Homeland Security insists Real ID is an essential weapon in the war on terror, but privacy and civil liberties watchdogs are calling the initiative an overly intrusive measure that smacks of Big Brother. More than half the nation's state legislatures have passed or proposed legislation denouncing the plan, and some have penned bills expressly forbidding compliance. (Excerpt from news story by Eliott C. McLaughlin)
[source: CNN Technology]
(2007-08-16) [The Washington Post] The Bush administration has approved a plan to expand domestic access to some of the most powerful tools of 21st-century spycraft, giving law enforcement officials and others the ability to view data obtained from satellite and aircraft sensors that can see through cloud cover and even penetrate buildings and underground bunkers.
A program approved by the Office of the Director of National Intelligence and the Department of Homeland Security will allow broader domestic use of secret overhead imagery beginning as early as this fall, with the expectation that state and local law enforcement officials will eventually be able to tap into technology once largely restricted to foreign surveillance. (Excerpt from news story by Joby Warrick)
[source: washingtonpost.com]
(2007-08-14) [Hearst Communications Inc.] The 178 video cameras that keep watch on San Francisco public housing developments have never helped police officers arrest a homicide suspect even though about a quarter of the city's homicides occur on or near public housing property, city officials say.
Nobody monitors the cameras, and the videos are seen only if police specifically request it from San Francisco Housing Authority officials. The cameras have occasionally managed to miss crimes happening in front of them because they were trained in another direction, and footage is particularly grainy at night when most crime occurs, according to police and city officials. (Excerpt from news story by Heather Knight)
[source: SFGate.com]
(2007-08-08) [CDT] A report published today by CDT tracks the efforts of the leading Internet search companies as they begin to aggressively compete with one another to offer stronger privacy protections. In a string of recent announcements, the companies announced steps they were taking to delete old user data, strip the personally identifiable information out of stored search records, and, in one case, give users the option to have all of their search records deleted.
CDT's Search Privacy Practices report details and compares the revamped privacy policies of the five largest search providers and offers recommendations for both the industry and lawmakers for how to strengthen privacy protections further.
[source: News]
(2007-08-01) [Davis Wright Tremaine LLP] In our wired world of texting, email and the Internet, businesses continually communicate with potential and existing customers online. The majority of websites, regardless of content and functionality, post a link to an online agreement, typically referred to as the website "Terms of Use," "Legal Terms," "Acceptable Use Policy," (or something similar). This agreement usually provides that, "We may amend this Agreement at any time by posting the amended terms on this Site."
Can a business amend an existing contract with a customer (whether entered into online or by other means) by merely posting the agreement at its website? A recent decision of the Ninth Circuit, Douglas v. US District Court ex rel Talk America, Inc.,1 considered whether a telecommunications service provider (Talk America, which acquired AOL's long-distance business) could unilaterally modify an existing service contract by merely posting the new agreement on its website. Unfortunately, the opinion does not indicate how the customer entered into the original agreement (by phone, for example) or whether he agreed that its terms could be amended by posting the revised agreement online (let's assume he didn't). What is clear is that Talk America made significant changes to the agreement, including additional service charges and a mandatory arbitration clause, and then posted the revised contract at its website without further notification to Douglas. (Excerpt from blog post by Charlene A. Brownlee)
[source: Privacy and Security Law Blog]
(2007-08-16) [ENISA] Myspace, Twitter, Facebook -- Social Networking is the web success story of the new century. The statistics are mind-bending -- Myspace claimed its 100 Millionth user in August 2006. But a recent ENISA workshop put the question - "how safe are social networks?"
According to the experts, there is a lot to be concerned about; from specialised social networking worms spreading through Myspace profiles to identity theft, extortion, spear-phishing and even recruitment of terrorists -- social networking has it all. But the biggest threat is to personal privacy. See: Report: ENISA Workshops eID and eAuthentication and papers and presentations from the workshop.
[source: Press Release]
(2007-08-15) [PinsentMasons] The Press Complaints Commission (PCC) has issued its first ever ruling on video content published online by a newspaper. It said that the Hamilton Advertiser breached school pupils' rights to privacy with a video of an unruly classroom.
The newspaper published the unedited video on its website, which the PCC ruled invaded the right to privacy of the pupils who were identifiable from the film. The PCC's remit was extended just this year to include editorial audio-visual content published by newspapers, and this is the first use of those powers.
[source: Out-law.com]
(2007-08-13) [Telecoms.com] ISPs keen to emulate the phenomenal success of MySpace, Facebook and YouTube may want to think again, says Rob Gallagher. Social networking looks set to reopen a can of worms they had sealed long ago. At stake is the question of responsibility for content. Before the turn of the century, politicians, lobby groups and media conducted a long and heated debate on whether ISPs were liable for third-party illegal or defamatory content held on their servers.
In 2000, the European Commission decided that ISPs were "mere conduits" - carriers of information somewhat like the postal service - rather than publishers. Across Europe, governments settled instead for self-regulation whereby ISPs agree to take down illegal content held on their servers when notified by law-enforcement bodies or sanctioned industry groups, such as the UK's Internet Watch Foundation.
[source: Telecoms.com]
(2007-08-13) [CNet] Price wars are public blessings. Ask anyone who has comparison shopped between Advanced Micro Devices and Intel microprocessors or bought a cheap Harry Potter novel thanks to fierce bookseller price battles.
In the last few months, the search engine business has experienced its own version of cutthroat competition: a privacy policy war, with Google, Ask.com and Microsoft vying to outdo one another in protecting their users' personal information. (Excerpt from news story by Declan McCullagh and Elinor Mills)
[source: News.com]
(2007-08-13) [ComputerWorld] A proposed revamp of the Department of Homeland Security air passenger screening program offers improved privacy protections, but one privacy advocate says the agency still has a ways to go.
DHS on Thursday announced initial plans for an overhaul of its Secure Flight program, with the agency no longer no longer assigning risk scores to passengers or using predictive behavior technology, DHS Secretary Michael Chertoff said at a press conference. But the Transportation Security Administration, part of DHS, will have direct control of checking domestic passenger lists against terrorist watch lists, instead of the airlines, Chertoff said. (Excerpt from news story by Grant Gross)
[source: Security]
(2007-08-12) [New York Times] At least 20,000 police surveillance cameras are being installed along streets here in southern China and will soon be guided by sophisticated computer software from an American-financed company to recognize automatically the faces of police suspects and detect unusual activity.
Starting this month in a port neighborhood and then spreading across Shenzhen, a city of 12.4 million people, residency cards fitted with powerful computer chips programmed by the same company will be issued to most citizens. Data on the chip will include not just the citizen's name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord's phone number. Even personal reproductive history will be included, for enforcement of China's controversial "one child" policy. Plans are being studied to add credit histories, subway travel payments and small purchases charged to the card. (Excerpt from news story by Keith Bradsher)
[source: World Business]
(2007-08-10) [CNet] Britain launched on Thursday the selection process to choose companies to run its multibillion-dollar national identity card program, the world's most ambitious biometric project.
Prime Minister Gordon Brown's government described the move as "another milestone" toward the controversial compulsory program, which is expected to cost more than $10 billion over the next decade. Ministers say the cards carrying fingerprint, iris and face-recognition technology, are vital to fight terrorism, serious organized crime and illegal immigration.
[source: News.com]
(2007-08-10) [CNet] The U.S. Department of Homeland Security has taken a preliminary step in overhauling plans for an air traveler-screening program that has alarmed privacy advocates in the past.
Under a new proposal for a controversial program known as Secure Flight, the Transportation Security Administration would assume the duty of checking passengers against terrorist watch list databases, which is currently done by U.S. air carriers. In a nod to earlier privacy concerns, it proposes scaling back the amount of data that airlines would be obligated to submit about their passengers. (Excerpt from news story by Anne Broache)
[source: News.com]
(2007-08-10) [EPIC] EPIC filed comments to the Federal Communications Commission on proposed rules for Enhanced 911 location information. Wireless telephone providers are required to meet certain standards for location accuracy.
The FCC requested comments on location accuracy standards as well as extending the rules to VOIP services. EPIC reminded the FCC that current privacy rules do not adequately protect location information. EPIC proposed that location privacy rules should improve with location accuracy, and that there should be consistent privacy rules for VOIP and other services.
[source: EPIC Alert, Volume 14.16]
(2007-08-10) [EPIC] In comments to the departments of State and Homeland Security, EPIC recommended against the use of "long-range" RFID technology (which transmits personal data to remote tracking devices) in the proposed "PASS card" for travel between the United States, Canada, Mexico, and the Caribbean.
EPIC explained that the tracking technology would jeopardize the privacy and security of US travelers, and urged the agencies to delay the implementation of the passport card requirement until solutions can be found for the extraordinary delays, problems, costs and privacy risks. Earlier this year, Homeland Security abandoned a similar proposal for US-VISIT travel documents, following criticisms from EPIC and the Government Accountability Office.
[source: EPIC Alert, Volume 14.16]
(2007-08-10) [EPIC] The Department of Homeland Security announced revisions to two passenger profiling programs this week: the Automated Targeting System and Secure Flight. However, privacy and security threats remain in both programs. DHS also announced a final rule on the Advance Passenger Information System.
The Advance Passenger Information System final rule "enables DHS to collect manifest information for international flights departing from or arriving in the United States prior to boarding," DHS said. The rule requires air carriers to transmit manifests 30 minutes before departure or "provide manifest information on passengers as each passenger checks in for the flight, up to the time when aircraft doors are secured." For vessels departing from foreign ports to the United States, the rule does not change current requirements to transmit passenger and crew arrival manifest data between 24 to 96 hours prior to arrival, "but requires vessel carriers to transmit [Advance Passenger Information System] data 60 minutes prior to departure from the United States."
[source: EPIC Alert, Volume 14.16]
(2007-08-10) [EPIC] Last week, the President signed the Implementing Recommendations of the 9/11 Commission Act of 2007. The law is a compromise between a Senate bill (S. 4) passed in March and a House bill (H.R. 1) passed in January. Both houses of Congress passed the harmonized version in July.
The law implements certain recommendations of the 9/11 Commission, including improving privacy and civil liberties protections in agencies that perform law enforcement or anti-terrorism functions. The bill also provides for establishing regional law enforcement "fusion centers" for information sharing.
[source: EPIC Alert, Volume 14.16]
(2007-08-10) [ComputerWorld] If he weren't so ethical, Markus Jakobsson could be a world-class online fraudster. In a way, he already is. Jakobsson, a cybersecurity researcher and professor at Indiana University in Bloomington, spends much of his time perpetrating online attacks of unsuspecting Web surfers -- without actually harming them, of course -- to see what types of ruses people will fall for and to predict potential new techniques phishers might pursue.
The university that gave the world Alfred Kinsey, the famous sex researcher, is more than willing to tolerate experiments that might improve computer security, even if it annoys a few unwitting participants. "They think everything that is not immoral or illegal is fine," Jakobsson joked Wednesday at the Usenix Security Symposium in Boston, while delivering a talk on the human factor in online fraud such as phishing, click fraud and crimeware. Victims of online attacks often give up personal information, such as bank account details, or have their computers controlled remotely by hackers. (Excerpt from news story by Jon Brodkin)
[source: Security]
(2007-08-09) [Wonderland] Will avatars in Second Life end up having more rights than their human creators?
Erik Bethke's LiveJournal has a recent post stating that he's offering a $5000 bounty to those who can help him draft the legal form of an avatar rights document for GoPets. Among the clauses he intends the service to sign up to: Due process (including player-run tribunals), Habeas corpus, Free expression, ...
[source: Blogs]
(2007-08-09) [ComputerWorld] Search-engine providers have begun to compete with each other on privacy protections, but the U.S. still needs to adopt a national privacy law, says a report from the Center for Democracy and Technology (CDT).
The CDT, a civil liberties advocacy group, praised many search-engine providers for recent changes to their privacy policies, with some policies setting limits on data retention. But CDT remains concerned that, in many cases, search-engine users have little control over their data and that most major search engines retain query data indefinitely, officials of the group said Wednesday. (Excerpt from news story by Grant Gross)
[source: Security]
(2007-08-08) [CNet] Recent privacy policy makeovers by the five major Internet search companies show competition benefits users but a "comprehensive" federal privacy law is still needed, says a Washington advocacy group in a new report.
An analysis released Wednesday by the Center for Democracy and Technology concluded it's good news for consumers that Google, Microsoft, Yahoo, Ask.com and AOL pledged in recent months to amend how they handle user search data. That includes a person's queries, cookie identification number and Internet Protocol address. (Excerpt from news story by Anne Broache)
[source: News.com]
(2007-08-08) [MIT Technology Review] Now, researchers at Intel have developed software that could help make handhelds more considerate. The software is able to detect and record conversations, but crucially, it does so in a privacy-sensitive manner so that the actual spoken words can't be retrieved.
"Our goal is to be able to collect data about interactions and conversations that happen spontaneously ... and have a balance between privacy and the information we can get from recorded data," says Tanzeem Choudhury, a researcher at Intel Labs Seattle. (Excerpt from news story by Kate Greene)
[source: News]
(2007-08-08) [Datatilsynet] Etter terrorangrepene mot USA i 2001 har USAs myndigheter krevd en rekke opplysninger om flypassasjerer som kom inn i amerikansk luftrom. Nå er en ny avtale om overføring av passasjerdata undertegnet av EU og USA.
Kravet om personopplysninger omfatter blant annet passasjerenes navn, kontaktopplysninger, reiserute, reisefølge og eventuell diett. Avtaleteksten finner man her (pdf). Artikkel 29-gruppen, som har et spesielt ansvar for å overvåke etterlevelsen av personverndirektivet, arbeider nå med en fellesuttalelse om avtalen. Tidligere i år kom artikkel 29-gruppen med konkrete råd om hvordan det må informeres ved overføring avpassasjerdata.
[source: Nyhet]
(2007-08-08) [Datatilsynet] Økningen i antallet overvåkningskameraer er markant i hele landet. På en konferanse i begynnelsen av september diskuteres hvilke drivkrefter som styrer denne utviklingen. Frist for påmelding til konferansen er 17. august.
Konferansen "Kameraovervåking i det norske samfunn" arrangeres av bransjeforeningene Integra og NELFO, i samarbeid med Datatilsynet, i Oslo 5. september 2007. På konferansen får deltakerne et innblikk i ulike utfordringer og muligheter vi står ovenfor i et samfunn med stadig flere overvåkningskameraer. Hva er den samfunnsmessige gevinsten av økt kameraovervåkning? Fungerer gjeldende kontrollsystemer? Tas det tilstrekkelig hensyn til personvernet? Hvilke ulemper er forbundet med den økende overvåkningen, og er vi egentlig villige til å betale prisen?
[source: Nyhet]
(2007-08-07) [SecurityFocus] A series of legal events means that companies that have no business reason to retain documents or records may be compelled to create and retain such records just so they can become available for discovery.
Companies routinely create, maintain and store electronic records. Some records are consciously created -- like memoranda, letters, spreadsheets, and even e-mails and chat or instant message communications. Other records are created inadvertently, like meta data, log records, IP history records and the like. Some information is useful to the company, and it wants to retain it, and other information is of little use, merely takes up space, creates potential liability, and represents an unwarranted threat for attack or violation of privacy. The problem for most companies in developing or maintaining a document retention/destruction policy is identifying the documents and records it wants to keep and effectively purging the ones it doesn't want. Some recent legal events have made the problem of document retention and destruction even more complicated. (Excerpt from news story by Mark Rasch)
[source: Columns]
(2007-08-07) [Aftenposten] EU og Tyskland har sagt nei til platebransjens krav om å få utlevert identiteten til aktive fildelere.
IP-adressen er et nummer som identifiserer nettverket og datamaskiner på internett. Det kan brukes til å identifisere brukere på nettet, blant annet fildelere. Nummeret er unikt for hver eneste PC som er koblet til nettet. Den internasjonale platebransjen ønsker å sette en stopper for fildelerne, som de mener påførerden store inntektstap. I flere land har rettighetshavere bedt nettselskapene om å oppgi identiteten til eierne av IP-adresser som de mener tilhører fildelere. Dette har nettselskapene så langt kjempet imot. Nå har en tysk domstol i Offenburg sagt nei til platebransjen, skriver IT-avisen. Dommeren slo fast at tyske rettighetshavere ikke kan forlange å få persondata utlevert fra nettleverandørene. Det er det bare politiet som kan be om, og det bare i straffesaker, ikke i sivilsaker.
[source: Forbruker.no]
(2007-08-07) [Datatilsynet] Sørg for at det ikke er din virksomhet som lekker informasjon kriminelle kan benytte! Om opplysningene kommer i feil hender kan de misbrukes, blant annet til identitetstyveri.
De fleste virksomheter behandler personopplysninger om mennesker som er tilknyttet virksomheten på en eller annen måte. Det kan være som ansatte, kunder, klienter eller pasienter. Årsaken til at det behandles personopplysninger er at virksomheten har et formål med behandlingen. Et eksempel på formål kan være å administrere og betale ut lønn til de ansatte, mens et annet formål kan være å ha oversikt over kundene til virksomheten, samt administrasjon av kjøp og salg.
[source: Nyhet]
(2007-08-07) [ComputerWorld] The U.K. Electoral Commission has called for a halt to electronic voting unless major changes are made to the way the voting systems are implemented and secured.
The watchdog agency has issued a series of reports on pilot projects commissioned by the Ministry of Justice that allowed internet and telephone voting in some areas of England in last May's local elections. A second set of reports examined electronic counting pilots (Excerpt from news story by Tash Shifrin)
[source: Security]
(2007-08-06) [Ziff Davis Publishing Holdings Inc.] Privacy is getting harder to protect, with technologies such as E911-enabled cell phones, GPS, WiFi, black-box recorders in autos and surveillance in the name of public safety making it fairly simple to identify individuals. Here's what CIOs can do about it.
We all leave a trail of data items as we move through the world, and we always have. Technology has simply made it easier and cheaper to record and analyze these traces. Today, for about half the world, there is no real privacy. The key questions, therefore, become: Who owns our personally identifying information? Who assures its accuracy and relevance? Who can access and use it? What are its permitted uses? Too many of the answers depend on where you live and how the laws there constrain or allow data use. This leaves businesses and technology managers facing some complex issues even beyond the ethical debate on how the information can be used. (Excerpt from news story by John Parkinson)
[source: CIO Insight]
(2007-08-06) [CNet] Just before leaving town for a month's vacation, a divided U.S. Congress acceded to President George Bush's requests for expanded Internet and telephone surveillance powers.
Over strong objections from civil liberties groups and many Democrats, legislators voted over the weekend to temporarily rewrite a 1978 wiretapping law that the Bush administration claimed was hindering antiterrorism investigations. To help explain what the Protect America Act of 2007 means, CNET News.com has prepared the following Frequently Asked Questions, or FAQ list. (Excerpt from news story by Declan McCullagh and Anne Broache)
[source: News.com]
(2007-08-06) [CNet] President Bush signed into law on Sunday legislation that broadly expanded the government's authority to eavesdrop on the international telephone calls and e-mail messages of American citizens without warrants.
Congressional aides and others familiar with the details of the law said that its impact went far beyond the small fixes that administration officials had said were needed to gather information about foreign terrorists. They said seemingly subtle changes in legislative language would sharply alter the legal limits on the government's ability to monitor millions of phone calls and e-mail messages going in and out of the United States. They also said that the new law for the first time provided a legal framework for much of the surveillance without warrants that was being conducted in secret by the National Security Agency and outside the Foreign Intelligence Surveillance Act, the 1978 law that is supposed to regulate the way the government can listen to the private communications of American citizens. (Excerpt from news story by James Risen)
[source: News.com]
(2007-08-06) [ComputerWorld] Australia's federal government is set to introduce data disclosure laws there as early as 2008.
The push is part of a review of the Privacy Act being undertaken by the Australian Law Reform Commission (ALRC), which began early this year. A discussion paper, recommending the introduction of these laws which would force organizations to notify customers of security breaches, will be released next month. The final report is scheduled to be delivered to the federal attorney general, Philip Ruddock, in March 2008. (Excerpt from news story by Sandra Rossi)
[source: Security]
(2007-08-03) [CNet] Google has made its Web History tool available in the United Kingdom. The tool, launched in the United States in April, enables users to find Web sites they have visited, as well as edit or delete items from their Web history. It is an opt-in service. It raises privacy issues.
"Personalized search does raise privacy issues," Fleischer wrote earlier this year in the Financial Times. "In order for it to work, search engines must have access to your Web search history. And there are some people who may not want to share that information because they believe it is too personal. For them, the improved results that personalized search brings are not matched by the 'cost' of revealing their Web history." Fleischer argued that Google can handle this privacy issue by asking users if they want to opt in to the service when they open an account. (Excerpt from news story by Tom Espiner)
[source: News.com]
(2007-08-01) [EDRI] Prague Deputy Mayor announced that following the presure of EDRI-member Iuridicum Remedium and the interpellation of the member of city parliament Petra Kolinska (Green Party) the city authorities decided that RFID chips in newly issued city cards will no longer contain personal data.
This move is a reaction to the press conference Iuridicum Remedium held on 12 June2007. At the press conference cryptologist Tomás Rosa demonstrated that first and last name as well as date of birth of the owners of the newly issued city card can be easily read by any unauthorised person from a distance of a dozen centimeters even when carried in the purse or pocket. The NGO requested city authorities to stop the project of city card immediately or at least delete personal information from the chips.
[source: EDRI-gram, Number 5.15]
(2007-08-01) [EDRI] Google has recently announced a new change in its privacy policies by reducing its cookies lifetime to just two years, but experts warn this is more a PR move than a substantial one. However, other search engines started the discussions on their privacy issues.
A new post in the Google blog announced on 16 July 2007 that, following consultations with privacy experts and user feedback, the major search engine will significantly shorten the lifetime of its cookies, as a major change from the initial policy that kept the cookies as long as possible in the future, until the year 2038. Peter Fleischer, Global Privacy Counsel from Google confirmed that they "will start issuing our users cookies that will be set to auto-expire after 2 years, while auto-renewing the cookies of active users during this time period. In other words, users who do not return to Google will have their cookies auto-expire after 2 years." He also explained that this is part of the plan "to continue innovating in the area of privacy to protect our users."
[source: EDRI-gram, Number 5.15]
(2007-08-01) [EDRI] The EDPS (European Data Protection Supervisor), Peter Hustinx, issued on 25 July 2007 an opinion on the European Commission communication regarding the improved implementation of the EC Data protection directive (95/46), considering that the Directive should not be amended and asking for its full implementation before applying any changes.
The EDPS' opinion is that specific actions are needed in the short term to ensure the full implementation of the Directive pending the Reform Treaty that will make the Charter of Fundamental Rights legally binding, "thus offering the citizens better data protection".
[source: EDRI-gram, Number 5.15]
(2007-08-01) [EDRI] The transposition into the UK law of most part of the EU Data Retention Directive (2006/24/EC) was approved on 24 July 2007 by the House of Lords and signed the next day by the Home Secretary.
The approval followed after a period of public consultation proposed by a paper published by the Home Office in March 2007. As a result of the public consultation, the law applies only to telecom companies that will have to preserve phone call logs for one year, but does not apply to Internet traffic data such as emails, web surfing or VoIP phone calls.
[source: EDRI-gram, Number 5.15]
(2007-08-01) [EDRI] On the 18 July 2007, the Czech government approved, with signficant reservations, the new PNR agreement prepared by the European Commission with the US Department for Homeland Security (DHS).
During the short period of consultations among the Czech authorities and politicians on the new agreement, the Czech Data Protection Authority stated that the current proposal deteriorated the level of protection of personal data. The Czech Data Protection Authority however did not clearly oppose the new agreement.
[source: EDRI-gram, Number 5.15]
(2007-08-01) [EDRI] In her opinion on case C-275/06 (Productores de Música de España Promusicae vs. Telefónica de España SAU) the advisor to the European Court of Justice (EJC), Advocate General Juliane Kokott, considered that, according with the EU law, the ISPs are not obliged to reveal personal data in civil litigation cases.
In this case, the Spanish music Association Promusicae asked the ISP Telefonica to hand over the names and addresses of the subscribers that allegedly distributed copyrighted songs via the p2p software Kazaa. Telefonica refused, considering that it could do that only in a criminal investigation or in matters of public security and national defence. A Spanish Court of Madrid asked the ECJ for the interpretation of the EU law on this matter.
[source: EDRI-gram, Number 5.15]
(2007-08-01) [EDRI] The RFID Expert Group created by the European Commission in order to assist in drafting the future RFID strategy had several meetings until now. European Digital Rights Initiative (EDRI) submitted two papers to this group on RFID Privacy and Security in order to stress that the reliable protection of privacy and personal data is a key issue for the acceptance of this technology.
The first paper on RFID Privacy issues was EDRI's contribution to the RFID Expert Group Meeting on 10 July 2007 and focused on the data protection and privacy issues of RFID applications, but also suggested a classification scheme for RFID applications based on data protection and user control.
[source: EDRI-gram, Number 5.15]
(2007-08-20) "6th International Workshop on Privacy Aspects of Data Mining" will take place on October 28, 2007 (Omaha, Nebraska, US).
See calendar entry.
(2007-08-20) "Symposium On Usable Privacy and Security" will take place on July 18 -- 20, 2007 (Pittsburgh, PA, US).
See calendar entry.