CA – Liberals Allege Privacy Breach

Prime Minister Stephen Harper and his government have landed on the receiving end of ethics violation charges - accused of exceeding political contribution limits and violating privacy laws in dealing with access to information requests. Treasury Board President John Baird is looking into why the PMO seemed to know the identity of media people who had filed access to information requests of the government - when the law stipulates that those identities are supposed to be protected, partly to protect people from reprisals. Baird met with Privacy Commissioner Jennifer Stoddart last week to discuss the incident. [Source] [Source] [Privacy watchdog to probe accusations reporter’s ID improperly revealed] [Baird receives lesson in privacy law 101] [Commons to investigate violations of access to information laws]

CA – Alberta Privacy Commissioner Scolds Firm for Failing to Protect Private Data

Alberta privacy commissioner has declared that a financial services company for doctors and their families breached the Privacy Act when a laptop containing thousands of personal files was stolen from a car in a parking lot. An employee was at fault for not adequately protecting the information of the 8,000 clients affected, an investigator has ruled. [Source] [Source] [Source] SEE ALSO: [Alta P.Commish scolds University over email forwarding] [Forwarded email breached student's privacy: commissioner]

WW – Privacy Still a Concern to Consumers, Behavioural Marketers

While people want ads that are more relevant and know that they must give up more personal information to get them, they still are concerned about the concept of cookies. This was a key point of a Direct Marketing Association-sponsored panel discussion that took place during Advertising Week 2006. The 5-day event hosts the largest gathering of advertising and media decision-makers in North America. [Source]

CA – McGuinty Government Expands Online Options for Families

Premier Dalton McGuinty has unveil the Ontario government’s plan to put more services online. As of this week, people can go to www.serviceontario.ca to apply for marriage and death certificates. These new online services will soon come with a money-back guarantee. Today’s announcement builds on the government’s success with its service guarantee for online birth certificate applications. Since November 2005, the government has received about 242,000 applications. Only 80 refunds have been issued - or less than 1%. [Source] [Gerry Phillips: “New Approach to Public Service Delivery is Paying Off”]

CA – Canadians Prefer Phone, In-Person Channels for Critical Government Interactions

Canadian citizens are active users of eGovernment services, but getting them to use the Internet as their primary channel for government services is still in the future. Respondents do choose the Internet first for researching information regarding government services, but many still rely on channels such as phone, mail, or in-person contact for more personal interactions. What’s different about those citizens who prefer phone, mail, or in-person avenues? They exhibit a general wariness of using the Internet to conduct personal business and often a lower level of technology ownership. [Source]

WW – Over 90% of Email is Spam, Says Spamhaus

The founder of Spamhaus says that over 90% of the world’s email is spam – significantly higher estimate levels than those of other spam monitoring firms in the IT security industry. [Source]

WW – This Email Will Self-Destruct in 5 Seconds

A company has launched a web-based hosted message service that eliminates all traces of a message once it has been read; readers can’t even print it out or do a screen capture, according to the CEO at Void Communications. Users can reclaim the privacy that can be lost with email, which can be redistributed. The user now actually has real control over a message. “The idea is we want to make a recordless message system” for the Web and for mobile systems, said the CTO. [Source]

CA – Survey: Business Reputation Drives Canadian Security Spending

The latest 2006 Global State of Information Security (GSIS) survey, a worldwide study by CIO magazine, CSO magazine and PwC, reports that 53% of Canadian companies surveyed said their reputation was driving their information security spending – much higher than the global average of 41%. “A company’s long-term client relationships and profitability can depend on its reputation. Poor information security that loses data such as customer profiles can seriously affect a company’s brand,” said Greg Murray the PwC security and privacy leader in the GTA. “The cost of handling the public relations issues associated with losing customer identities can be devastating – comprehensive information security can prevent this.” The study found that 67% of Canadian organizations actively engage both business and IT decision-makers in addressing information security issues, compared to 52% worldwide. The 2006 GSIS survey also looked at information security and outsourcing, and found that confidence with the security of outsource vendors is not high. 43% of respondents were not at all or only somewhat confident in their outsourcers’ security and just 20% were very confident. A surprise finding was that 61% of Canadian respondents surveyed have limited or no security training for the end-users of their technology - their employees. [Source]

WW – New Browser Lets Web Surfers Hide Online

An international group of computer security experts and human rights workers has released an anonymous, fully portable web browser based on Mozilla Firefox. The Torpark browser comes pre-configured and requires no installation. It runs off a USB memory stick, and claims to leave no tracks behind on the browser or computer. Hacktivismo, the organisation behind the project, said that Torpark is a highly modified variant of Portable Firefox that uses The Onion Router (Tor) network to create an anonymous connection between the user and the websites being visited. [Source] [Source]

EU – Data Supervisor Says Privacy Advocates Are Not a Problem

The European data protection supervisor, Peter Hustinx, has challenged claims that privacy advocates are blocking governments’ attempts to pass so-called anti-terror legislation. Hustinx said that effective legislation cannot exist without data protection controls and that including such measures in new laws can only improve them by introducing safeguards to make sure that only the right individuals can access sensitive details. [Source]

EU – Online Campaign Against Data Retention Started in Germany

On 25 September, the German Working Group against Data Retention started an online campaign against the mandatory storage of all communications data. Through a special web portal, concerned citizens can send electronic open letters to all 448 parliamentarians of the ruling grand coalition and raise their concern and protest against data retention. With this campaign, the working group wants to raise pressure on the German government and make it postpone the implementation of the EU data retention directive until a decision has been made by the European Court of Justice. [Source] [Source] [Source] [Source]

US – NCSL Study: Real ID Act Will Cost States $11 bill Over Next 5 Years

The Real ID Act, which sets national standards for driver’s licenses and identification cards starting in May 2008, will cost the states at least $11 billion over the next five years, according to a new report. The study by the National Conference of State Legislatures and other groups released this week marks the first concrete estimate of the price tag of the landmark anti-terrorism act. [Source] [Source] [NCSL Report] [Former DHS Official: Real ID is not going away ]

WW – Report: Phishing Scams on the Rise

Criminals are increasingly trying to trick citizens into giving them their bank account details, according to a survey published this week that showed such phishing attempts almost doubled in the first six months. More than 157,000 unique phishing messages were sent out around the world in the first half of 2006, an increase of 81% compared with the six-month period to end-December 2005. [Source]

EU – EU Panel: No Legal Basis for U.S. To Monitor International Financial Transactions

An EU panel is preparing to issue a report this week in Brussels that is expected to say that a Bush administration program that monitors international financial transactions for signs of terrorism financing may violate EU law that restricts government access to confidential banking records. The panel has not sought an end to the program, but the EU leaders are prepared to recommend that a European auditor should be hired to suggest additional safeguards to prevent abuses when financial records are disclosed to American authorities. [Source] [Update: Europe Panel Defers Report on Bank Data Sifting]

EU – Europe’s Central Banks Caught in U.S. Spy Scandal

The European Central Bank (ECB) knew the US was conducting a secret probe of the world’s private financial records without official oversight but failed to tell privacy authorities. The central banks of the G10 countries might also be implicated in the scandal because they were told about the U.S. snooping of transactions conducted by their indigenous firms five years ago when the U.S. Treasury first started poring through the world’s financial transactions in search of terrorist financiers. The European Parliament has called on the ECB to state officially what it knew about the controversial intelligence operation in a hearing on 4 October. But the more important question could be whether the ECB - and other central banks - had broken any data protection laws by standing back while the U.S. rifled through the world’s private financial records. [Source]

CA – Canadian Democracy Undermined by Government Secrecy, Watchdog Group Says

A B.C. citizen’s coalition says Canadians’ access to information has been impeded by federal and provincial governments for too long, and is calling for changes to improve access. The Campaign for Open Government said this week it is illegal for governments to withhold that information when citizens request it. [Source]

CA – Federal Accountability Doomed if Transparency Pledges not Honoured

“There can be no accountability without transparency,” stated Anne Kothawala, president and CEO of the Canadian Newspaper Association (CAN), in a speech to an Access to Information conference on the first day of Right to Know Week. According to Ms. Kothawala, Prime Minister Harper must honour election promises to roll back government secrecy or his program to improve accountability will be meaningless. She challenged Mr. Harper to lead by example and make transparency part of the legacy of his term in office. The Conservatives were elected last January on a platform including pledges to increase transparency to discourage government waste and wrongdoing by implementing long-awaited reforms of the 23-year-old Access to Information Act. Since the election, the government has backed away from all but one of the measures promised. The Federal Accountability Act, the government’s flagship legislation, is currently before the Senate. [Source]

CA – CNA Audit Reveals Delays in Canadian Federal Access Requests

An audit by the Canadian Newspaper Association shows that, despite repeated admonishments from the federal information commissioner that unreasonable delay undermines Canada’s freedom of information laws, those who seek basic public information can still wait months for any acknowledgement of their requests. More than half the time, information is not released within the legislated timeframe, if at all. According to Alasdair Roberts, a Canadian specialist on access to information, the lack of political will to fix the problem has resulted in a shortage of resources devoted to processing requests and the absence of effective enforcement. Government agencies will not take seriously the need to release public information in a timely manner unless there is a political price to pay, and Canada needs more watchdog organizations like those in the U.S. and Britain to exert such pressure. In the Canadian Newspaper Association’s National Freedom of Information Audit, reporters across the country filed 66 formal written requests for basic public information. Of those, 53% were outright denied or no records were provided within the 30-day limit set out in the legislation. Federal information commissioner John Reid says more government agencies are automatically taking time extensions beyond the 30-day limit. A large number of those extensions, he says, are not justified. [Source] [Source] [Source] [Second National Freedom of Information Audit: Canada’s Right to Know on Shaky Ground: Newspaper Group]

WW – Privacy International Releases ‘FOI Around the World 2006 Report’

Privacy International released the Freedom of Information Around the World 2006 Global Survey of Access to Government Information Laws this week. The Survey provides a comprehensive review of FOI Laws and practices in nearly 70 countries around the world, and draws attention to the growing movement around the world to adopt FOI laws. In just the past 2 years, over a dozen countries have adopted new laws and decrees, while dozens more are considering proposals. The survey also highlights that many problems still exist such as poorly drafted laws, lax implementation and an ongoing culture of secrecy in many countries. There are also dangers in backsliding such as in Ireland where the imposition of onerous fees has significantly reduced use of the law and in the U.K. where a similar proposal is being considered. New laws promoting secrecy in the global war on terror have also undercut access. [Source] [Survey] [Map of FOI Day Activities Around the World] [Report finds worldwide explosion of FOI laws]

CA – Manitoba Expanding Access to Government Information

Manitoba Culture, Heritage and Tourism Minister Eric Robinson this week announced new steps to increase transparency and accountability in government. Robinson announced that cabinet orders-in-council will be made available on the government website before the end of the year. Currently, paper copies can be accessed at the Legislative Building. The minister also noted the government will make available through routine disclosure a summary of ministers’ individual expenses. These reports will be tabled annually in the legislative assembly in the same manner that reports on expenses of members of the assembly are made available. Said Robinson: “we will be introducing changes to the current legislation in the upcoming session to find ways that will improve access and privacy laws.” [Source]

CA – Seven Alberta Health Regions Reach Milestone with Electronic Health Records

The vision of every Albertan having an electronic health record took a leap forward with the installation of a new regional information system that covers over 90% of Alberta. Seven non-metro health regions can now exchange up-to-date patient information through the Regional Shared Health Information Program (RSHIP), which provides a single system that will add the health information of 1.2 million Albertans to the provincial system, and assist in the development of Alberta Netcare, the provincial electronic health record.” [Source]

US – U.S. Needs Harmonious IT Standards, Official Says

The U.S. needs to establish standards that work together in health information technology so medical personnel can effectively communicate, a top info technology official said. The nation must “ensure that privacy and security standards are up to date” and take steps to prevent data breaches, Robert Kolodner, interim national coordinator of health information, said during a keynote speech this week at the Health Information Technology Summit for national, regional and state healthcare decision makers. [Source]

US – Patient Privacy Central to Success of E-Health Records

The Health and Human Services Department (HHS) and its partners working on health IT initiatives have created the Confidentiality, Privacy and Security Work Group under the American Health Information Community (AHIC), a public/private advisory group. The new group will focus on privacy and security issues related to health IT initiatives. AHIC will make recommendations to HHS. [Source]

US – Action Sought Against Employees Who Pried Into Health Records

New York City’s public hospital system wants to suspend 39 employees for prying into the medical records of a 7-year-old girl whose beating death exposed flaws in the city’s system for protecting abused children, officials said. The city’s Health and Hospitals Corporation said that dozens of workers at a Brooklyn Medical Health Center opened a patient’s file in the hospital’s computer system, though they had nothing to do with the case. They ranged from doctors and nurses to technicians and clerks. [Source]

US – Privacy Rights Clearinghouse Reports 93,754,333 Private Records Lost

According to the Privacy Rights Clearinghouse, companies and institutions have lost 93,754,333 private records in the past two years. The volume of data lost is due to both theft and the careless handling of data by employees. A Forrester Research analyst said data breaches, identity theft and privacy issues are impacting e-commerce as users think twice before providing their personal information online. [Source]

WW – Security Breach News Roundup

[Client Files Stolen from Toronto Allstate Agent’s Car] [Stolen Laptop Holds Data on 50,000 GE Employees] [Computers, Storage Devices Stolen from Nagasaki Univ. Hospital Contain Patient Data on 9000] [Computers Stolen from Kenyan Revenue Authority] [U of Colorado Business School Computers Missing, 1,372 affected] [Purdue Univ. Notifying 2,500 Affected Students of Possible Data Breach] [2,093 Student Financial Aid Application Data Misplaced] [Missing USB Jump Drive Holds 4,150 Hospital Employee Data] see also [How to disable USB drive access]

US – TSA Announces Standards for Frequent Fliers ID Card

The Transportation Security Administration this week announced standards for an ID card that frequent fliers can buy to get through security lines faster at airports. The announcement comes nearly 5 years after Congress first authorized the program, 2 years after the TSA first tested it and 3 months after it was supposed to start. The standards cover information security, enrolment, verification and privacy, the TSA said. The public has 2 weeks to comment on the draft standards. [Source]

US – Survey: Banks Rated for ID Theft

Javelin Strategy & Research released its annual Banking Identity Safety Scorecard. The survey has rated Bank of America, JP Morgan Chase and Washington Mutual as the top institutions in a test of their ability to prevent, detect and resolve ID theft. The survey analyzed the performance of 24 U.S. banks. [Source]

WW – Phishers Turn to eCards

Thousands of people have reportedly fallen prey to a phishing attack that uses ecards as bait. The cards appear to come from a secret admirer. When the recipient clicks on the provided link, the computer is directed to a malicious site that attempts to download a keystroke logger; the card is then displayed. The attack exploits a flaw in Microsoft Windows that was patched in May (MS06-014). [Source]

UK – eBay Makes Changes After Discussions with UK Info. Commish

The auction site is making it easier for users to close accounts, following a complaint from Privacy International Internet auction house eBay will make changes to its site after discussions with the UK’s Information Commissioner and civil rights group Privacy International. [Source]

US – Banks Among Customers of Florida Information Broker

A pretexting case filed by the Florida A-G against a Tampa-based company initiated more inquiries about the business that allegedly made thousands of calls to companies pretending to be customers to fraudulently obtain private telephone records. The U.S. House Energy and Commerce Committee sought testimony from the company’s president, but she refused to appear before the committee. However, records provided to the committee showed that its largest customers included national banks – suggesting that the use of pretexting is not an isolated corporate practice. [Source] [U.S. Senate Pursues Deal On Pretexting Legislation] [Survey Shows Support for Boardroom Surveillance]

IN – Self-Regulatory Group Will Enforce Data Security Standards by End of 2007

NASCOMM announced this week that India’s outsourcing industry is poised to process as much as 30% of U.S. banking transactions by 2010. However, the group said that stricter data security standards are essential for the industry to reach that potential. Presently, India outsourcing centers process about 8% of U.S. bank transactions. Concerns about data security in the wake of security breaches involving outsourcing employees have prompted NASSCOM to beef up security standards. One effort involves creating a self-regulatory group comprised of outsourcing companies to enforce privacy and data security standards. [Source] [NASSCOM President: India’s Record On Security Breaches Better Than Others]

US – Privacy Rights Clearinghouse Releases New Online Internet Privacy Guide

PRC’s newly revised online guide addresses the Internet’s sweeping presence in our lives. Fact Sheet 18 now tackles everything from blogs to Nigerian letters, giving consumers the who, what, where and most importantly, privacy pointers to guide them in their cyberspace travels. Part One explores the ways in which you give information to other people on the Internet, including signing up for Internet service, using e-mail, browsing the Internet, using social networks and instant messages, maintaining personal Web sites and blogs, and using online banking services. Part Two looks at how this information can be obtained by others, including marketers, employers, government officials, law enforcement, and criminals. Part Three offers tips for protecting your privacy. Part Four provides additional resources. [Source]

US – States Cracking Down on Online Dating Services

Several states are cracking down on the online dating industry, proposing laws that would, among other things, mandate criminal background checks on people looking for love on the Internet. Critics claim the industry isn’t doing enough to police itself, and could put users at risk of meeting predators. [Source]

WW – Facebook Offers More Privacy Controls

Facebook, seeking to avoid a 2^nd revolt over privacy, is offering members more controls over their personal profile pages as it relaxes eligibility requirements to join. Users will have the ability to block others from searching for their names and control whether their pictures show up in search results. [Source]

US – Opinion: New Healthcare Number Not Necessary

Scott Schumacher, CSO and chief scientist at Initiate Systems of Chicago, takes the position that a new unique national healthcare number – much like a Social Security number for patients – is not necessary. Schumacher said technology that exists today already is improving availability and quality of patient data. He points to two projects currently under way that link healthcare records across networks while preserving patient privacy – one of them in Canda. Schumacher says that linking “patient demographic data on a national scale would be far easier than creating a new system of records based on current information that requires a unique identifier.” [Source]

NZ – New Zealand Privacy Commissioner Appoints Adviser to Check Health Privacy

New Zealand Privacy Commissioner Marie Schroff has appointed a new health-policy adviser amid rising public concern over the privacy of health information. The role is being funded by the Ministry of Health and will involve a variety of jobs related to revising and drafting policy. A survey by the commissioner’s office this year found 78% of the 750 respondents were concerned about the security of their health information and medical records. Shroff hoped the jobs performed by the new policy adviser would help improve trust in public health. [Source]

AU – Australia NSW Move to Extend Privacy Law Exemption

The New South Wales Government has proposed changes to privacy laws that will enable its agencies to share information about young people at risk of falling into a life of crime. Premier Morris Iemma this week said research undertaken by his department had found about 50% of all assaults in public places were committed by people aged under 25 years. He said privacy laws were hampering information sharing between government agencies about young offenders. A trial exempting young offenders aged between 16 and 25 from some aspects of privacy laws is underway. Mr Iemma said the government would seek to extend the trial to several other parts of the state. [Source]

US – Education Secretary Calls for National Student Database

Concerns about student privacy could fuel Congressional opposition to a plan to establish a national database of student information to provide parents and policymakers with an accountability report to assess the performance of institutions, achieved by tracking students’ performance. The commission that made the database recommendation to Education Secretary Margaret Spellings, among others, has suggested that student privacy could be ensured by using anonymous identification numbers instead of Social Security numbers. [Source]

US – Small Businesses Seek More Time to Comply With Proposed ID Theft Rule

The Small Business Administration’s (SBA) Office of Advocacy is suggesting that the FTC should give small businesses more time to comply with a new ID theft rule. The so-called “Red Flags” rule requires creditors to establish a program to address 31 “red flags” for identity theft. The SBA said small businesses – even those that face a low risk of ID theft – would have to spend 20 hours to implement the program. The SBA is recommending that businesses be given a 6-month period to comply with the rule after it takes effect. [Source]

US – AOL Subscribers Sue Over Disclosure of Searches

Three AOL subscribers who suddenly found records of their Internet searches widely distributed online are suing the company under privacy laws and are seeking an end to its retention of search-related data. The lawsuit is believed to be the first in the wake of AOL’s intentional release of some 19 million search requests made over a three-month period by more than 650,000 subscribers, including the three plaintiffs. [Source] [AOL Plans to Name Its First Chief Privacy Officer]

US – U.S. Attorney General Wants Law to Compel ISPs to Retain Customer Data

In hearings before the Senate Banking Committee this week,, U.S. Attorney General Alberto Gonzales told committee members he would support a tightening of federal requirements for Internet service providers to hand over information on their customers. Specifically, he is asking senators to extend the law to require ISPs to retain data on their customers, should that data become necessary for use in a federal investigation. [Source] [Source] [Source] [Source]

US – NIST Issues Guidance for Securing RFID Systems

NIST has announced the release of draft NIST SP 800-98, Guidance for Securing Radio Frequency Identification (RFID) Systems. SP-800-98 provides an overview of RFID technology, the associated security and privacy risks, and recommended practices that will help organizations mitigate these risks, safeguard sensitive information, and protect the privacy of individuals. Comments and suggestions are being sought by 5:00 EST (US and Canada) on October 27th, 2006. [Source] [Coverage]

US – California Governor Mulls RFID Privacy Law

California is on the brink of introducing privacy laws to safeguard personal data stored on RFID tags in government-issued documents and identification cards. The Identity Information Protection Act of 2006 was passed by state legislators last month and now needs the approval of California Gobernator Arnold Schwarzenegger by September 30 to become law. The measures are designed to safeguard against either criminal of government abuse of RFID tags by mandating the use of privacy-protecting technologies, such as encryption. The bill, authored by State Senator Joe Simitian, would also give Californians the right to decide who can access their personal information stored on RFID cards in documents such as driver’s licences, library cards and the like. “RFID technology is not in and of itself the issue,” said Simitian. “The issue is whether and under what circumstances the government should be allowed to compel its residents to carry technology that broadcasts their most personal information.” Privacy activists hope the proposed law will become a template for federal legislation. However the proposed measures are not without their critics. The Security Industry Association, which represents suppliers of biometric and access control technologies, has warned that the law might spur frivolous lawsuits against government agencies. It also expressed concerns about measures that would oblige government agencies to publicly disclose the location of sites where RFID readers are in use. Other critics describe it as unnecessary because theft of personal data from RFID cards has not been widely reported. It also warns that the law could stymie the adoption of RFID technologies. The proposed bill has drawn national attention following the federal government’s decision to embed RFID tags in new US passports. [Source] [Source] [EFF’s Identity Information Protection Act fact sheet] [RFID Industry Weighs In On California Bill]

UK – Shops Must Use RFID With Care, Says UK Information Commissioner

Shops which use RFID tags and CCTV cameras must tell shoppers every time an RFID tag is used and must tell shoppers how to remove them. The order comes in guidelines produced by the Information Commissioner’s Office (ICO). “Where personal data is collected, generated or disclosed using RFID either directly or indirectly, the Act will apply,” says the guidance. “Those collecting personal data with RFID will have to give notice of the presence of RFID tags on products and of readers, and explain the implications. They will have to tell consumers what personal information is being collected, by whom, and for what purpose. It might also be necessary to tell customers how to disable or remove tags, for example if a tag has been left on a product after purchase.” The guidance also tells retailers that whatever data is gathered must be disposed of once it has been used, and that only an amount of data proportionate to the purpose for which it was gathered can be stored. The ICO’s guidance warns of skimming, cloning and eavesdropping on tags and the transmission of data between tags and readers. “The simplest way of addressing privacy concerns about RFID is to ensure that any tags on individual items are removed or disabled at the point of purchase,” it said. [Source] [ICO RFID Guidance]

WW – Forrester Says RFID Security Falls Short for Some Apps

Companies deploying RFID for payments or other applications requiring strong security are taking risks today, the research firm reports, while users of RFID in small-scale, standalone tagging systems for supply-chain apps are less vulnerable. End users of RFID technology are getting mixed messages regarding data security. RFID vendors claim their products are secure, while media reports and researchers sing a different tune: that currently deployed passive RFID systems are prone to eavesdropping and other attacks, and that vendors have to do some important work to bolster data security. A newly published report by Forrester concludes that with respect to data security, passive RFID tags and readers as they are currently designed are only appropriate for a limited number of scenarios. [Source] [Source]

CA – Nymity Offers RFID Privacy Analysis, Advice

Nymity has published advice on key privacy considerations associated with RFID technology and a list of mitigation strategies for business to consider when deploying RFID. [Source]

UK – Dog Starts Car After Eating RFID Chip

A woman in Surrey, England couldn’t figure out why her car wouldn’t start. An Automobile Association patrolman arrived on the scene and the two realized that the woman’s dog had swallowed the car’s immobilizer chip fob. The immobilizer contains an RFID chip that must be within a certain proximity of the steering column for the key to work. According to a BBC News report, the patrolman put the dog in the front seat, turned the key, and the car started right up. [Source]

UK – British Protest Covert Trash-Monitoring Chips

Homeowners in Britain are protesting the recent installation of electronic chips in their outdoor trash cans. The chips measure the weight of trash placed in the cans and transmit that information to a central database. British officials have said the information could be used to fine residents who are not recycling enough. Thousands of homeowners have been removing the monitoring chips from their cans and sending them to city council members with angry letters. City councils are responding with threats of fines for damaging city property. [Source]

EU – Hamburg Library Moves to RFID

Starting in October, public libraries in Hamburg, Germany, will begin implementing a self-serve RFID-based system for checking 2 million books, items and other materials in and out. The system will be provided by the Danish division of U.K. company FKI Logistex. The rollout will start with the branches, then move to the central library in April 2007. FKI Logistex expects to finish it next summer. The system will become operational some time after it is fully deployed. [Source]

US – More Than 1,000 Commerce Dept. Laptops Missing Since 2001

More than 1,100 laptop computers have vanished from the Department of Commerce since 2001, including nearly 250 from the Census Bureau containing such personal information as names, incomes and Social Security numbers, federal officials said. This disclosure by the department came in response to a request by the House Committee on Government Reform, which this summer asked 17 federal departments to detail any loss of computers holding sensitive personal information. [Source] [Source] [Source] [Source] [Source]

WW – Survey: 29% of Departing Directors Admit Stealing Data

Almost a third of company directors surveyed have admitted to stealing corporate information, with memory sticks making theft easier than ever. In a survey of 1,385 business people, 29% of company directors admitting to stealing confidential corporate information when they left a company. The survey, conducted on behalf of software company Hummingbird, found that 24% of the thefts involved using memory sticks or MP3 players to move data and 18% used email. The information was revealed as part of Hummingbird’s Information Management Survey, which assesses the way in which firms are coping with increases in information sources. [Source]

WW – Massive Growth in Organized Crime Targeting Home PC Users

According to Symantec’s semi-annual Internet Threat Report, home computer users are becoming the preferred target of cyber criminals. The report noted an 81% jump in the number of phishing emails in the first half of 2006 over the previous 6 months. Among home users surveyed, just 46.3% say their anti-virus software is up-to-date. Among other findings in the report: browser flaws are on the rise and the US is the largest source of Internet attacks due to the large number of compromised computers with broadband connections. [Source] [Source] [Source] [Source] [ID Thieves Turn Sights on Smaller E-Businesses: For Online Shoppers, Security Seals No Guarantee That Hackers Aren’t Watching] [Source]

EU – Software Makers Lobby EU Against Microsoft VISTA Security

Adobe and Symantec are lobbying EU regulators for action against Microsoft’s next-generation Windows computer operating system, Vista, slated for release to corporate customers in November. Adobe has told regulators that Microsoft should be prohibited from building free competing software for reading and creating electronic documents into Vista. Symantec says Vista will undercut rival computer-security-software makers. [Source] [Symantec Says Microsoft Disclose Key VISTA Tech]

CA – Smart Cards on the Way for OC Transpo

Ottawa’s city council has approved a $15-million smart card system for OC Transpo buses and the O-Train. The system will allow riders to use the cards to purchase monthly and weekly bus passes and tickets. The transit service hopes the system will help control the problem of counterfeit bus tickets. Over the past 18 months, OC Transpo estimates it has lost $150,000 because of phoney bus tickets [Source]

AU – Australia Leakage Problem Means Cards Will Never Be Secure

A fierce and prominent opponent of the Australia’s 1987 plans to introduce a national identity card says nothing has changed technologically in the intervening years that would make a smart card today any more secure than the Australia Card proposed then. Gary Benbow says governments are turning a deaf ear to warnings the data leakage problem makes it impossible to ever completely secure any smart card. His comments came in the wake of revelations that 585 Centrelink staff had been sanctioned for privacy violations, while another 19 had been dismissed and 92 had resigned over a two-year period. Earlier in the year it was revealed that the Child Support Agency had discovered 405 breaches of privacy, including 69 cases where sensitive information had been given to former spouses. [Source]

US – House Panel Endorses Controversial Spy Bill

Republicans on a key congressional committee this week approved legislation they described as a necessary rewrite to electronic surveillance law but attacked by Democrats, civil libertarians and technology advocacy groups as flawed and unconstitutional. By a 20-to-16 vote mostly along party lines, the U.S. House of Representatives Judiciary Committee backed an amended version of the Electronic Surveillance Modernization Act of 2006, a Republican-sponsored measure introduced in July. [Source] UPDATE: House Poised to Pass Worst Version of Wilson NSA Bill -- The full House of Representatives appears poised to vote on a version of the Wilson wiretapping bill (H.R. 5825) that includes the worst elements of earlier versions of the bill approved by the House Judiciary and Intelligence Committees. CDT opposes this bill and its counterpart in the Senate, the Specter-Cheney bill. [New CDT Analysis: Wilson Bill, September 28, 2006] [Group Letter Opposing Latest Version of Wilson Bill, September 28, 2006] [House Approves Power for Warrantless Wiretaps]

US – CDT Criticizes Meaningless Wiretapping “Compromise”

CDT this week criticized a purported “compromise” on the Cheney-Specter warrantless wiretapping bill that led to three Senators announcing their support for the measure. The changes made to the bill were meaningless. The provisions in the Cheney-Specter measure that threaten to dangerously erode both privacy protections and national security remain very much intact. CDT maintains that it would be better to do nothing than to pass a measure that not only validates the administration’s illegal program of warrantless wiretapping, but also grants broad new snooping powers to future administrations. [CDT Policy Post: Wiretapping “Compromise”] [Press Release] [Congress Unlikely to Pass Wiretapping Bill]

CA – Ottawa Buses May Soon Get Cameras

Ottawa’s acting transit director says she’s “very optimistic” that a third of OC Transpo’s bus fleet could be equipped with surveillance cameras as early as winter. Helen Gault’s comment comes days after a 23-year-old man was stabbed to death on an Ottawa bus. She said the plan is to install cameras on 330 buses, including all night routes. [Source]

US – U.S. to Create ‘Virtual Fence’ for Borders

The U.S. government has moved a step closer to tightening its borders by announcing a contract for a high-tech detection system to nab people trying to enter the country illegally. The Department of Homeland Security announced this week that Boeing has been picked to install sensors along parts of the U.S.-Canada and U.S.-Mexico borders. “What we are looking to build is a 21st-century virtual fence,” Homeland Security Secretary Michael Chertoff said. [Source]

US – OMB to US Govt: Prepare Now for Data Breaches

Each agency should assemble a core management team to plan and oversee the response to any data breach that could result in identity theft, according to a Sept. 20 memo from the Office of Management and Budget. That recommendation is from a recent report of the Identity Theft Task Force. OMB distributed the report and its memo to agency leaders. The task force recommended that the management teams include high-ranking officials who bring the necessary expertise in areas such as technology, privacy, law and law enforcement, -- all of which come into play in the event of data loss. [Source]

US – FTC Has Not Paid Any Money for Security Breach Victims

Nearly eight months after the FTC trumpeted a settlement they secured with ChoicePoint over a data breach, the government has not paid any money to victims from a $5 million fund that was to be set up as part of the agreement. The FTC also has not yet implemented procedures for how the 800 fraud victims it has identified so far can apply for and receive compensation from the fund, nor has it hired anyone to administer the fund on behalf of the agency. [Source]

US – SEC Launches Data Security Rules Review

In response to security breaches in business and government, the Securities and Exchange Commission (SEC) is reviewing its data Protection rules for brokerage and advisory firms. The current regulation requires broker-dealers and investment advisers to have policies and procedures in place to protect customer records. A SEC spokesman said the data protection rules review is ongoing with “an eye toward making them more robust.” The spokesman did not indicate when the new, stronger rules would emerge. [Source]

US – E-Authentication Launches the E-Authentication Federation

The E-Authentication presidential E-Gov Initiative has launched the E-Authentication Federation, a public-private partnership that will permit individuals and organizations to access online government services using IDs issued by trusted third-parties, such as banks, credit card providers and other gov’t agencies. 17 Federal agencies have so far joined the Federation, signaling their intent to make select systems available through the use of trusted third-party log-in IDs. 14 of these have already launched E-Authentication-enabled online services. 6 other members are credential service providers that issue, manage and verify the login IDs online services can rely on to admit end users to their sites. [Source] [Membership List]

US – U.S. Passes FOIA Measure: “A Good Step for Open Government”

The Senate Judiciary Committee last week approved a bill that, among other things, requires government agencies to respond in a timelier manner to requests made under the Freedom of Information Act. Introduced by Sen. John Cornyn (R-Texas) the Open Government Act would require agencies to provide information within 20 days of receiving a FOIA request or be subject to penalties. It is unclear whether the bill will make its way to the President in the few remaining days before Congress recesses. CDT strongly supports the measure. [Open Government Act] [CDT Letter in Support of S. 394] [CDT Testimony: FOIA, May 11, 2005]

US – Legislation Introduced to Address Agency Data Breaches

Rep. Tom Davis introduced legislation this week to require federal agencies to better protect the sensitive information in their care. Davis’ legislation, which aims to strengthen a bill to improve data security at the Veterans Administration, would require all federal agencies to tell the public when they have data breaches involving sensitive information. This legislation amends the Federal Information Security Management Act, which Davis introduced and shepherded to passage in 2002. [Source]

US – Pataki Signs Three Identity Theft Bills Into Law

NY Gov. George Pataki has signed into law three bills aimed at combating the growing problem of identity theft. The Consumer Communication Records Privacy Act prohibits the sale, fraudulent transfer, or solicitation of a person’s telephone records without his consent. The second bill puts new limits on the use of Social Security numbers. A third measure strengthens existing laws to allow for the prosecution of those who intentionally disrupt or steal personal information or plant programs such as spyware on personal computers without authorization. [Source] SEE ALSO: [Arizona Law Looks to Crack Down on ID Theft] [New North Carolina law restricts SSN # use]

US – U.S. Employees Willing to Submit to Email Monitoring

In sharp contrast to workers at universities and government agencies, 100% of surveyed workers at U.S.-based corporations said it was appropriate for companies to scan their employees’ e-mail, instant messaging and other communications systems. In universities only 31% of employees feel monitoring of communications is appropriate. In government only 11% do. The study specifically asked about sensitive data such as customers’ personally identifiable information, Social Security numbers, bank account data or credit card numbers. [Source] [Roles, Rights and the Database]

--------