AU – Biometric Secrets of Australian SmartCard

After ruling out including any other biometric identifier apart from a digital photograph stored on the chip of its proposed government services smartcard, it turns out the Australian Government will also include a biometric signature –stored on the chip and a central database. Plans for the digital signature were revealed in the controversial KPMG business case for the smartcard, a heavily edited version of which was released last week by Human Services Minister Joe Hockey. The KPMG report says the biometric signature – which stores a individual’s unique signature characteristics in a digital code – will be stored on the Secure Common Registration System alongside the cardholder’s digital photograph. The biometric signature will give the government a second identity layer to enable replacement of lost cards. [Source]

CA – Ontario Privacy Law Extended to Universities and Colleges

Effective June 10, the Ontario Freedom of Information and Protection of Privacy Act (FIPPA) kicks in –for the first time legislation will broadly guide how information is protected or made available on request by post-secondary educational institutions in Ontario. [Source] [Source] [Source]

CA – Wiretap Bill to be Revived, Telcos to Increase Access

The Conservative government will revive plans to require telecommunications companies to build in increased access for Internet and telephone wiretaps, with a bill that probably will be tabled in the fall. [Source]

CA – Lessons from Canada: Snooping Works

The arrests of 17 Canadian terror suspects after months of surveillance has led to a discussion in the U.S. about homegrown terrorists and the methods required to detect them before they strike. Some security experts are pointing to Canada’s tactics and advocating expanded domestic intelligence and eavesdropping in the U.S., which inevitably leads to disagreements about how far the government should go when it comes to monitoring [Source] [Kent Roach: Canadian Anti-Terror Law on Trial] [Top court to investigate deportation process] [Supreme Court to ponder security certificates]

CA – IAPP Unveils Certification for Canadian Privacy Professionals

The International Association of Privacy Professionals (IAPP) has announced it will offer its first international privacy credential, the Certified Information Privacy Professional/Canada (CIPP/C). The CIPP/C seeks to advance the privacy profession throughout Canada and to establish standards of knowledge in Canadian privacy. The IAPP developed the CIPP/C program with an advisory board of privacy leaders from corporate Canada, including: Deloitte & Touche; IBM Canada; Telus; TD Bank; Microsoft; and RBC Financial Group. [Source] [Source]

US – Energy Department Reveals Data Breach to Congress

A hacker broke into the National Nuclear Security Administration’s (NNSA) computer system in September, compromising 1,500 personnel records. The breach came to light just before a House Energy and Commerce Oversight and Investigations Subcommittee was holding a hearing on the Energy Department’s computer security in the wake of recent government agency breaches. The NNSA apparently did not report the breach to Energy Secretary Samuel Bodman. [Source]

EU – German Constitutional Court Declares Preventive Data Screening Illegal

On May 22, 2006, the German Constitutional Court declared illegal under the German Constitution the preventive screening of data across multiple private and public databases in order to find potential terrorists. The decision does not completely prohibit preventive data screening, but restricts its use to the investigation of specific criminal cases and to crime prevention if there is a serious and concrete danger either to the lives or liberties of individuals or to the existence of the Federal Republic of Germany or any of the federal states. [Source]

US – Agency Informs Workers About Data Theft

US Energy Department officials began contacting 1,502 individuals by phone this week to inform them that their Social Security numbers and other information may have been compromised when a hacker gained entry to a department computer system eight months ago. The security breach occurred in a computer system at a service center in Albuquerque, NM. [Source]

CA – Canadian Financial Institutions Among Global Leaders in Security

According to a report issued this week by Deloitte, Canadian financial institutions are facing an uphill battle when it comes to protecting consumers from security threats, but they’re still doing it more successfully than most of the rest of the world. But 78% admit to at least one breach in the past year [Source] [Source] [Source]

UK – Information Commissioners Overrules DWP on ID Report

The Information Commissioner’s Office has ordered the Department for Work and Pensions (DWP) to publish a report on the risks and benefits of identity cards. The department, which drew up the report on how the cards will fight identity fraud, had refused a request by the Liberal Democrats to release the report because it said it was not in the public interest. [Source]

US – Pataki Proposes Privacy Limits on Sporting Licenses

Personal information on sportsmen’s licenses would not be available to the public under legislation proposed by Gov. George Pataki. The legislation would protect the privacy of people whose personal information is attached to the 625,000 hunting, 975,000 fishing and 10,000 trapping licenses issued each year by the state Department of Environmental Conservation. [Source]

AU – Australian DNA Laws Close the Crime Net

The Australian government is proposing to expand the state’s DNA laws. Under the proposed changes, which were approved by the Labor Party caucus, DNA samples taken by police will no longer have to be destroyed, giving the state the toughest laws - and biggest DNA data base – outside Britain. The Government says the expanded database and plans to test a wider range of offenders will assist police even further in the war on crime. In a direct swipe at civil libertarian complaints, Premier Mike Rann says: “No one who is innocent has anything to fear from having their DNA records on the police data base. “It is a very important move for the women of this state because nowhere has it (DNA testing) been more successful than in the area of rape.” [Source]

UK – Researchers Say Public Wants Compulsory Cancer Registry

Most British people support compulsory central registration of the identities of cancer patients, according to the results of a survey published in April. Transfers of identifiable medical records to the National Cancer Registry are at present made without consent. They are only lawful under a ministerial directive issued under the 2001 Health and Social Care Act, overriding the confidentiality provisions of the 1998 Data Protection Act (DPA). The authors of the report claim their results contradict the NHS’s code of practice on confidentiality, which states that it cannot be assumed that patients are happy for information about them to be used for purposes other than their direct care. [Source]

US – New Rule Allows Lab Tests Without Informed Consent During Public Health Crisis

The Food and Drug Administration has issued a new rule that would allow health care workers to run tests on blood and other samples taken from patients who are ill because of bird flu, bioterrorism or any other life-threatening public health emergency. Privacy advocates fear the rule will be misused and deem it unnecessary. [Source]

AU – Australia Regulators Pushing Rx Surveillance & Linked Data

Australia’s drug regulators have called for a revamp of pharmaceutical surveillance to reduce deaths and disease caused by faulty drug use. Australia holds the information in separated health record systems which, when linked, could have given early warning of the links between the arthritis drug Vioxx and heart disease, implicated in an estimated 300 deaths in Australia. Professor Sansom, the chairman of the Pharmaceutical Benefits Advisory Committee, said Australia had perhaps the most comprehensive data sets of any health records in the world. [Source]

CA – Newfoundland & Labrador to Automate Pill Prescriptions

Newfoundland and Labrador is about to create a province-wide drug information system that will connect pharmacists, physicians and patients while providing a stepping-stone towards an electronic health record. The Pharmacy Network is expected to link physicians directly with their patients’ drug information to cut back on human errors. Plus: No more “double doctoring.” [Source]

JP – Japan’s KDDI Says Data on 4 Million Customers Leaked

KDDI Corp. Japan’s second-largest telecoms operator, said this week that personal information on nearly 4 million customers of its Internet service had been leaked. KDDI said information on 3,996,789 subscribers to its Dion Internet access service as of Dec. 18, 2003 was leaked to a 3^rd-party including email addresses, phone numbers, gender and birthdates. No credit or bank account data were leaked, it said. [Source]

US – VA Recalls All Laptops

Employees of the Department of Veterans Affairs (VA) will be required to return their laptops to update all security and virus software. VA Secretary James Nicholson said every VA facility will close during the week of June 26 to allow management to review information security protocols and reinforce privacy requirements. He also called for criminal penalties against any VA employees who do not protect personal information. A task force will review who presently has access to sensitive information and whether that access is warranted. [Source] [Veterans Affairs: Leadership Needed to Address Information Security Weaknesses and Privacy Issues. GAO-06-866T, June 14] [Highlights] [Lawmaker Blasts VA Handling of Data Theft] [VA Data Theft Could Happen Again, GAO Says]

US – IRS Laptop Lost With Data on 291 People

An I.R.S. employee lost an agency laptop early last month that contained sensitive personal information on 291 workers and job applicants, a spokesman said yesterday. The employee checked the laptop as luggage aboard a commercial flight while traveling to a job fair and never saw it again. The computer contained unencrypted names, birth dates, Social Security numbers and fingerprints of the employees and applicants. Slightly more than 100 of the people affected were IRS employees, he said. [Source]

US – Minnesota: 3 Laptops Stolen From State Auditor’s Office

Three laptop computers containing private information about 2,400 public employees and citizens who use government programs were reported stolen last week from the offices of Minnesota Auditor Patricia Anderson. It was the second computer theft from Anderson’s office in two months. [Source]

US – FTC Campaigns Against Identity Theft

The FTC launched a national campaign against identity theft, focusing on promoting three things:

Deterrence: Taking steps to reduce your risk of ID theft.
Detection: Monitoring your personal information.
Defense: Acting quickly when you suspect identity theft.

At the center of the campaign is the Web site, www.consumer.gov/idtheft/ddd. The site provides brochures, presentation slides, training materials and a video on dealing with the identity theft problem.

All of the information at the site is also available in Spanish. [Source]

US – Court Rules on Web Surveillance; Wiretap Laws Don’t Apply to VoIP Services

A federal appeals court issued an electronic surveillance ruling last week that makes it easier to tap into Internet phone calls and broadband transmissions. The court ruled 2-1 in favor of the FCC, which says equipment using the new technologies must be able to accommodate police wiretaps under the 1994 Communications Assistance for Law Enforcement Act, known as CALEA. Specifically, the court upheld the government’s authority to force high-speed Internet service providers to give law enforcement authorities access for surveillance purposes. The Court rejected a petition aimed at overturning a decision by regulators requiring facilities-based broadband providers and those that offer Internet telephone service to comply with U.S. wiretap laws. [Source] [Wiretapping Internet phone calls raises technical, security issues, report finds] [ITAA VoIP report] [Internet Leaders Caution Against Broad Surveillance for VoIP Calls] [VoIP wiretapping could lead to more problems. Keeping spooks happy could cost a bundle] [VOIP Scam Highlights Growing Security Issue ] [Source] [Court rules FCC can extend reach to Web-based calls] [Appeals Court Sides With White House on Wiretaps] [Source]

WW – Microsoft Reports Finding “Bots” on 60% of Computers

Microsoft said that it found and removed malicious programs – called “bots” – from six out of 10 Windows computers checked during a recent 15-month period. The disclosure is the strongest proof yet that bots are contaminating wide swaths of the Internet. [Source]

WW – Spyware Threats Skyrocket for Enterprises

A study released this week shows spyware is the fastest-growing threat to enterprises, increasing more rapidly than Trojans, viruses and other risks. And experts believe spyware will stick around. “It’s not a safe world out there anymore,” says The Yankee Group. “Spyware is a durable trend and it’s here to stay.” The study spearheaded by Aladdin’s Content Security Response Team shows a 213% jump in spyware threats, climbing from 1,083 in 2004 to 3,389 in 2005. The number of malicious threats deemed Trojans grew 142%, and the industry saw a 56% jump in viruses and other threats. [Source]

EU – EU to Propose New Air Passenger Info Deal with US

The European Commission plans to propose a replacement deal this week for an agreement which obliges EU countries to provide the U.S. with advance information on air passengers headed to U.S. airports. The proposed agreement to supply the names, addresses, payment details and telephone numbers of passengers will replace one struck down by the European Court of Justice last month. The proposal is expected to be introduced within a different legal framework but contain the same essential details, despite objections from some EU lawmakers who have argued that the agreement breaches privacy rights. [Source]

US – Judge Defers Ruling in Domestic Eavesdropping Suit

A federal judge has deferred making an immediate decision on a request that the Bush administration’s domestic eavesdropping program be halted as a violation of law. The ACLU, which filed the lawsuit in January, asked US District Judge Anna Diggs Taylor to stop the White House from intercepting international phone calls and e-mails without a warrant in its fight against terrorism, saying it violates Americans’ free speech and privacy rights. The government responded that the program is key to helping protect US security. [Source]

US – California RFID Privacy Legislation

For the past 18 months, a California senator has sought to ban the use of RFID in government-issued identification cards. However, the senator has opted for an incremental approach by pushing two bills that would ban the use of RFID in driver’s licenses and school identification cards. The bills are before the Assembly Judiciary Committee this week. A spokeswoman with the Information Technology Association of America, an industry group, said the outright ban of RFID technology is “shortsighted and not wise public policy.” [Source] [Source] [Source] [Source]

US – A Nudge But No Push Towards RFID From the FDA

While praising the benefits of radio-frequency identification (RFID), the US Food and Drug Administration (FDA) has refrained from demanding its implementation in new measures it unveiled to combat counterfeit drugs, asking instead for a “pedigree” throughout the distribution system. [Source]

US – AMA to Mull Ethics of Human-Locator RFID Chip

Should doctors be allowed to implant a tiny computer chip under your skin so you can be tracked around the hospital? Although the tiny device might arguably improve safety, would it also violate privacy? Those are among the questions about RFID that two committees of the American Medical Association have been assigned to answer following action at its annual House of Delegates meeting in Chicago. The delegates told their Council on Ethics & Judicial Affairs to determine if placing the chips in patients constitutes any ethical problems, and they also asked the Council on Science and Public Health to determine the medical and scientific advantages and/or disadvantages of implanting the chips in humans. [Source]

US – Report Says Money Lost to Cybercrime Down

For the fourth straight year, the financial losses incurred by businesses due to incidents such as computer break-ins have fallen, according to the 2006 annual survey by the Computer Security Institute and the FBI. The 615 US CSI members who responded to this year’s survey reported fewer security incidents. Viruses, laptop theft and insider abuse of Net access are still the most reported threats, but all

have decreased compared with last year. [Source]

US – 2/3 of IT Workers Ignore Removable Media Risk, Use Non-Encrypted Devices

Two-thirds of IT professionals use non-encrypted removable media at work in spite of being aware of the associated dangers. The survey, conducted by mobile security company Pointsec, revealed that 56% of employees downloaded corporate information on to their memory sticks, up from 31% last year. While 65% of those surveyed were aware of the potential danger that removable media presents, 66% admitted to neglecting a revision of their current security policies (with regard to removable devices). Only 21% secured them with passwords and encryption, and just 12% of organizations banned them completely from the workplace. [Source][Source]

US – Survey Finds Companies Vulnerable to Network, Host, & Storage Security Breaches

Only 22% of companies have implemented a storage security solution, while nearly 67% believe their companies were either somewhat or extremely vulnerable to data security breaches. These are the findings of a recent survey conducted by Datalink, an independent information storage architecture firm. The results mirrored fears in recent headlines of customers worried about lost data tapes, missing laptops and hackers stealing customer data. Additionally, the survey results illustrated the anxiety many companies have about potential data loss and its negative consequences of customer dissatisfaction or even customer loss. In turn, these data protection concerns have many companies feeling pressure to fortify their data. [Source] [Survey Reveals Security Doubts]

AU – “Quacking Like a Duck” New Card Same as Australia Card

THE proposed Australian services access card is essentially identical to the Australia Card proposal for a national identity card overwhelmingly rejected 20 years ago, according to a privacy study to be released today. “The Howard Government is adamant that the access card is not a national ID card,” says Professor Graham Greenleaf, who has compared the two proposals in his report, Quacking Like a Duck. “Well, we all believed the Australia Card was a national identity scheme, and this one is the same in every significant aspect. In terms of privacy dangers many aspects are considerably worse. [Source] [The $1billion house of cards]

US – ACLU Sues Pentagon Over Anti-War Group Monitoring

The American Civil Liberties Union sued the U.S. Defense Department this week to demand information it says the government has collected on groups opposed to the war in Iraq. The group says the Pentagon has been monitoring anti-war groups and individuals and has compiled lists on people it sees as potential threats but who the ACLU says are exercising their free-speech rights. The suit was the ACLU’s first attempt to force the Pentagon to disclose domestic surveillance and followed similar suits by the organization against the FBI and the Justice Department. [Source]

US – Pentagon Sets its Sights on Social Networking Websites

New Scientist has discovered that Pentagon’s National Security Agency, which specializes in eavesdropping and code-breaking, is funding research into the mass harvesting of the information that people post about themselves on social networks. And it could harness advances in internet technology - specifically the forthcoming “semantic web” championed by the web standards organization W3C - to combine data from social networking websites with details such as banking, retail and property records, allowing the NSA to build extensive, all-embracing personal profiles of individuals. [Source] [Government Increasingly Turning to Data Mining]

CA – Hamilton Police Board Head Pushing Expanded CCTV

The head of the Hamilton Police Services Board says downtown surveillance cameras are so successful he’d like to extend their gaze to other areas. Bernie Morelli said any expansion of the two-year-old pilot program will only come if supported by affected communities. [Source]

US – Rhode Island Police Seek Open Access To Internet, Phone Records

The Rhode Island General Assembly is considering legislation that could give police access to Internet and phone records and credit card and bank information without a warrant or other court review, civil libertarians said. The state police said legislation would help track down the increasing instances of Internet-based crime, including fraud and child exploitation. But critics say the bills would give Rhode island police the right to obtain the same information that some of the nation’s major communication companies have been accused of giving to the National Security Agency illegally. [Source] [Source] [R.I. lawmakers delay vote on bill expanding police powers] [Coverage]

US – Court Ruling Threatens Civil Liberties, Technology Innovation

A federal appeals court this week ruled 2-1 that telephone regulators and the FBI can control the design of Internet services in order to make government wiretapping easier. The decision, which is damaging both to civil liberties and technology innovation, came in a case in which CDT joined with a coalition of universities, libraries, public interest groups and Internet companies to oppose an August 2005 ruling by the Federal Communications Commission. In that ruling, the FCC extended to the Internet the 1994 Communications Assistance for Law Enforcement Act (CALEA), a law Congress intended to apply only to the telephone network. June 09, 2006 [Source] [CALEA ruling could open can of worms for VOIP]

US – GAO: TSA Still Hasn’t Fixed Secure Flight

The TSA has failed to implement any of the improvements the lead federal watchdog agency recommended for TSA’s Secure Flight passenger screening program, according to a new GAO report. TSA has not developed complete systems requirements for Secure Flight or conducted essential systems testing recommended in a March 2005 report. TSA also has not made important decisions to improve the system’s effectiveness, such as what passenger data it would require from air carriers or the name-matching technologies it would use. TSA also has not created a program management plan and implementation schedule for Secure Flight, or shown how it will protect passenger privacy. [Source]

US – DHS Committee Hears Feedback on RFID Report

The Department of Homeland Security’s Data Privacy and Integrity Advisory Committee gathered feedback on its subcommittee’s RFID report that advises the Department of Homeland Security against the use of RFID technology in identity documents. Written comments from citizens and privacy advocates opposed or concerned about the use of RFID technology in government-issued identity cards were made public during the meeting. RFID supporters attended the meeting, taking the position that security measures, including data encryption, could address concerns about using RFID in identity documents. [Source] [AIM Global Response]

US – DHS: Does Traveling Without Identification Fly?

Jim Harper, Director of Information Policy Studies at the Cato Institute, accepted a challenge from a colleague to test whether he could fly without showing identification. The dare was issued Wednesday during the Homeland Security’s Privacy Advisory Committee meeting in San Francisco. This story, written by the reporter who accompanied Harper to the airport for the experiment, details his journey after he is unable to present identification at the airport. [Source]

US – US Approves NSA Snooping

Senate Committee Approves Bill to Authorize NSA Snooping - In a grave threat to civil liberties, the Senate Judiciary Committee today approved legislation that would gut the historic Foreign Intelligence Surveillance Act, allowing the President to carry out wiretaps and other forms of electronic surveillance inside the United States without a court order. The bill -- sponsored by Chairman Arlen Specter (R-Pa.), but radically altered by his Republican colleagues -- would make judicial review for electronic surveillance optional. June 08, 2006 [CDT Analysis of Specter Proposal, May 15, 2006] [Specter Offers Compromise on NSA Surveillance] [Cheney Responds to Eavesdropping Rules] [Cheney Defends Passing Senator in Defense of Eavesdropping] [Coverage] [Government Defends Domestic Spying in Court]

US – House Plan to Introduce Legislation Requiring Consumer “Black Box” Notification

U.S. Reps. Michael Capuano and Mary Bono are planning to file legislation that would require automakers to inform customers when cars contain Event Data Recorders as well as how to turn them off. Privacy advocates have questioned who could access the information the devices collect and how that data could be used to impact insurance rates, investigations or lawsuits. The National Highway Safety Administration is expected to issue rules that will standardize what information the boxes should store. [Source] [Bill would limit consumers’ credit rights]

US – New Pennsylvania Law Requires Firms to Notify Customers of Data Breaches

On June 22, Pennsylvania’s Breach of Personal Information Notification Act takes effect, requiring companies to notify state residents if their sensitive personal data has been lost or stolen, exposing them to the risk of identity theft. The goal is to give Pennsylvanians an early warning so they can monitor their financial records for suspicious transactions and take steps to limit the damage. [Source]

US – Workplace Privacy: A Balancing Act

Privacy rules require a balance between a worker’s reasonable expectation of privacy and an employer’s need to maintain a safe, secure, and productive workplace, said two experts who recently led a BLR audio conference. Mary L Topliff, who founded the Law Offices of Mary L. Topliff in 1997, and Michael Wilbur, a partner with Cook & Roos LLP, discussed the various workplace privacy issues and laws. [Source] [Report]

US – No State, Federal Laws to Protect Workers’ Social Security Numbers, Other Data

In the wake of multiple incidents that involve the exposure of employee or retiree information placed on mobile devices, this story explores the lack of laws to prevent such breaches. Marc Rotenberg, Executive Director of the Electronic Privacy Information Center, said while federal laws strictly protect health or banking data, the same is not true for the handling of other types of employees’ data, such as Social Security numbers. [Source]

--------