Privacy News Highlights
28 July – 10 August 2007
Contents:
UK – ID Biometric Cards Will
Give ‘False’ Data
WW – Microsoft Patent: Biometric
Recognition Used To Personalise Ads
CA – Canadian Privacy Commissioner
Releases Privacy Breach Guidelines
CA – Poll: Canadians Open to
National ID Card
US – Online Shoppers’ Worries
Increase Over ID Theft
CA – Infoway Peers Into the Future of
EHRs: Report
US – Seagate First Hard Drive Maker
to Win NIST Certification for Encrypting Hard Drive
UK – Information Commissioner
Revises Data Protection Guidance
WW – ISTPA Releases Study
Identifying Global Requirements for Operational Privacy
AU – Australian PM to Spend Millions
“Cleaning Up the Net”
US – Report: Credit Card Companies
Need to Upgrade ID Theft Detection Tools
US – Court Orders FEMA to Release
Personal Information
UK – UK Police Want DNA from
Speeding Drivers and Litterbugs on Database
CA – Alberta: Stolen Health Computer
stored 20,000 names - OIPC Investigating
UK – 54,000 Cardholders’ Financial
Records At Risk
US – Potential Breach Leaves City
Harvest Donors Vulnerable
US – Washington Driver’s Licenses to
Carry EPC Gen 2 RFID Inlays
WW – OECD Launches Online Public
Consultation for Upcoming Ministerial
US – NYPD Surveillance Files Ordered
Released
WW – Report Says Competition is Good
for Search Privacy
CA – CIPPIC Voices Opposition to
Google - Doubleclick Merger
WW – Mining MySpace: Social Network
Snooping As a Science
WW – Online Leaks Anger Job Seekers
AU – Privacy Review, Bill, Supports
Data Disclosure Laws In Australia
US – FTC to Conduct Hearings on
Targeted Advertising
US – FTC Seeking Comments on Use of
SSNs
US – Arizona Supreme Court Rules
Against Post-Arrest Car Search
EU – More Security Flaws Revealed in
RFID-enabled Biometric E-Passport System
US – Inspector Gen. Finds Lax
Computer Security By IRS Employees
US – Pennsylvania High School to
Require Clear Backpacks for Students
AU – Australia - ANZ in Chip Card
Agreement
US – Administration Seeks Broad Authority
to Intercept Calls, E-Mail
UK – CCTV Operators Must Not Record
Conversations, Says Privacy Watchdog
US – US Court: Parents Can Record
Kids’ Calls
US – Poll Finds Majority of
Americans Support Surveillance Cameras.
UK – Telecoms to Retain Traffic Data
For A Year
US – Revised Proposal for Air-Travel
Screening Addresses Privacy Concerns
US – DHS Cuts Time It Will Save
Passenger Data
US – GAO Report: Security of New
Passports and Visas Needs to Be Improved
US – GAO: DHS Falling Behind In
Public Notifications Of Programs’ Privacy Risks
US – U.S. Congress Approves Wiretap
Measure
US – Bill Expands Government’s
Eavesdropping Authority
US – New Maine Law Grants Adoptees
Access to Birth Records
US – Massachusetts Identity Theft Bill
Signed Into Law
US – If You’re A Man - Virginia
Wants You to Register After Sex
US – Survey: Monitoring Employee
E-mail Common
US – USPS Sued For Misuse of
Employee Data
US – New York Cabbie Promise Strike
in September Over GPS
The government’s ID card system will give thousands of
“false matches” when more than six million people are registered on its
database, an academic has claimed. Biometric data holding a person’s unique
physiological characteristics will be stored on a microchip in the cards. But
Professor John Daugman, said using fingerprints as a key biometric measure will
cause major problems. The Identity and Passport Service has denied Professor
Daugman’s claims. Professor Daugman, of the University of Cambridge, Computer
Laboratory, said using a biometric scan of the iris - the coloured part of the
eye controlling the amount of light that gets through to the retina - would
give better accuracy than a fingerprint. [Source]
See also: [Two
Fingerprints a Minute for UKVisa] [1.2
billion funding to strengthen UK’s eBorders]
Microsoft has filed for a Minority Report-style
biometric recognition advertising patent. The new Microsoft system, described
in a recent patent application, would be able to determine the identity of
someone watching a display and deliver personalised ads to that person.
Identification could come from biometric sensors, cameras, or more traditional
login methods. A computer would then evaluate information that has been tracked
about the person and the content and present a personally relevant
advertisement. The information being tracked could be very extensive, including
but not limited to personal interests and hobbies, sex, age, location,
profession, subscriptions, group membership, ethnicity, marital status, height,
status in the family (i.e., parent or child), the viewer’s address book,
calendar, e-mail inbox, notes, purchasing history, and advertising preferences.
[Source]
New guidelines have been drawn up to help businesses
take the right steps after a privacy breach, including notifying people after
their personal and financial information has been stolen, lost or mistakenly
disclosed, says the privacy commissioner of Canada, Jennifer Stoddart. The
guidelines outline some of the key steps in responding to a breach, such as
containing it, evaluating the risks associated with it, notifying the people
affected and preventing future breaches. The guidelines call on businesses to
notify people that their personal information has been compromised in cases
where the breach “raises a risk of harm.” Organizations are also encouraged to
inform the appropriate privacy commissioner in their province that there has
been a breach. The federal office is currently investigating two high-profile
privacy breach cases involving large amounts of personal information. Stoddart
said the new guidelines are voluntary and that there’s still a need for federal
legislation to compel businesses to notify people when their personal
information has been breached. Earlier this year, Stoddart urged the federal
government to amend PIPEDA to make such notification mandatory for businesses.
[Source]
[Release]
[Guidelines]
[Checklist]
Many adults in Canada would have no problem with the
introduction of a national identification card which would include a person’s
photograph and fingerprint, according to a poll by Angus Reid Strategies. 72%
of respondents agree with the idea, while 23% disagree. [Source]
[Angus
Reid Poll]
This DMNews story details two recent surveys that
indicate that consumers’ fears about identity theft are escalating, causing
them to change their buying behavior. The first study, conducted by
data-loss-prevention services provider, Vontu, and the Ponemon Institute, found
that 36% of respondents would not use their credit/debit cards with an unfamiliar
Web merchant. The survey also found that 62% of respondents have received
notification that their data has been lost. Of those, 84% indicated increased
concern resulting from security breaches. The second survey by the infoUSA’s
Opinion Research Corp.’s monthly “Ouch Point” series found that 54% said that
ID theft and fraud top their biggest financial concerns. [Source]
The progress in electronic health delivery during the
past few years puts Canada in a promising position, says a vision paper
prepared by Canada Health Infoway on the future delivery of medical services.
The paper outlines what sufficient funding and government co-operation could
accomplish by 2015 by employing information technology to enable more effective
use of health care facilities, especially during a time when an aging
population is bound to stress the system’s capacity. There remain obstacles to
overcome, the paper asserts. Among them is “the lack of a truly compelling
story for politicians, physicians and the public about the urgent and crucial
need to build the health infostructure. [Source]
[Report]
Seagate Technology has announced that the National
Institute of Standards and Technology (NIST), the U.S. federal agency focused
on promoting product innovation by establishing technical standards for government
and business, has certified the Advanced Encryption Standard (AES) encryption
chip built into Seagate’s Momentus(R) 5400 FDE.2 disc drive, the world’s first
laptop hard drive with native encryption to protect against unauthorized access
to information stored on lost or stolen laptop computers. With the
certification, Seagate becomes the first hard drive maker to offer a disc drive
with built-in encryption approved by NIST. AES, an encryption standard
developed by the U.S. government and used widely worldwide, has an expected
useful life of more than 50 years. [Source]
The UK Information Commissioner’s Office (ICO) has
published revised guidance designed to help individuals understand how their
personal information may be used by organisations, and to explain their rights
under the Data Protection Act. [Source]
[ICO
Guide] See also: [Britain
‘Sleepwalking Into Surveillance Society’ As Personal Data Is Passed Around]
The International Security, Trust and Privacy Alliance
(ISTPA), a global alliance of technology providers, research institutions and
companies, has announced that it has released a study useful to privacy
practitioners responsible for developing operational requirements for implementing
privacy in their business processes and IT systems. The study, called ISTPA
Analysis of Privacy Principles: Making Privacy Operational, will also help IT
professionals understand the central operational privacy components in major
privacy laws and regulations. The study assesses 12 international data
protection laws and directives, such as the European Union Directive 95/46/EC,
the U.S. Privacy Act, and the California “Security Breach Law,” SB-1386. The
study provides a structured comparison of common components and offers valuable
insights to those responsible for implementing privacy management systems and
privacy compliance. The study will be used by ISTPA to revise and update its
Privacy Framework, originally published in 2002. [Source]
[ISTPA
Study]
Australian Prime Minister John Howard is going to
spend $189 million on “cleaning up the Internet” for Australian families,
blocking pornography, upgrading the search for chat-room sex predators, and
cutting off terror sites. As part of the plan, communications and Australian
Federal Police resources will be boosted immediately to expand checks on
Internet chat rooms to detect child predators, and privacy laws masking sex
offenders on the net will be altered. [Source]
See also: [UK House
Of Lords Reports Says More Action Needed On E-Crime]
Javelin Strategy & Research, a financial services
research firm, has rated credit cards in the areas of fraud prevention,
detection and resolution. The study of products from 25 of the largest credit
card issuers found deficiencies in protecting customers from fraud. The study
found that 56% of the card issuers require the entire Social Security number to
identify customers, which the report said was a “risky practice that
unnecessarily increases the customer’s exposure to identity fraud.” The report
does indicate some strides in security practices - chief among them the
now-widespread reliance on multifactor log-in procedures, according to this
Computerworld article. [Source]
Thousands of disaster applicants to the U.S. Federal
Emergency Management Agency have been affected by a court ruling on the release
of personal information. A federal court directed FEMA to release the addresses
of disaster-damaged dwellings to certain media organizations for 95,840
applicants for federal disaster assistance in California and 156,236 North
Carolina applicants. [Source]
UK Police are seeking powers to take DNA samples from
suspects on the streets and for non-imprisonable offences such as speeding and
dropping litter. The demand for a huge expansion of powers to take DNA comes as
a government watchdog announced the first public inquiry into the national DNA
database. [Source]
See also: [DNA
database threatens rights – Irish HR watchdog]
Police and the office of the Alberta information and
privacy commissioner are investigating a theft of four Capital Health computers
- one containing 20,000 patient names, health card numbers, addresses and
reason for admittance to hospital. [Source]
[Source]
An error by a staff member left vulnerable millions of
financial records held by the Newcastle City Council, enabling hackers to
download 54,000 credit and debit cardholders’ information. According to the
council, the card numbers were encrypted but the names, addresses and customer
card reference numbers were not. Authorities continue to investigate to
determine whether the information was intentionally stolen, although they say
there has not yet been any evidence of identity theft. Security specialists
brought in to test the council’s computer systems were able to trace a download
of the information to an address in the Middle East. [Source]
See also:
A New York City charity dedicated to feeding the
hungry recently warned donors that their credit card information may have been
improperly accessed. City Harvest notified people who had made donations prior
to April 25 that they should contact their credit card companies immediately.
Details of how the security breakdown occurred have not been released, but
according to this NY1 News story, the Manhattan district attorney’s office is
investigating the incident. [Source]
Washington State’s Department of Licensing has decided
to deploy a technology trial of an RFID-enabled driver’s license on a voluntary
basis next year. The agency says it will work with Digimarc, provider of
personal identification systems for government and commercial applications, to
implement the pilot. In addition to having an RFID inlay, the license (which
will be called an Identicard) will also possess a digital watermark and other
authenticators, and will give Washingtonians an alternative to carrying U.S.
passports at land border crossings between Canada and Washington. According to
Washington’s Department of Licensing, no personally identifiable data will be
encoded to the inlay in each card -just a unique ID correlated with the driver’s
personal information on a secure database, accessible by border patrol agents.
Zenk says the specifics of the program -such as whether Identicard holders will
be able to proceed through the border crossings without stopping, or if they
will be interviewed by border patrol have not yet been established by U.S.
Customs and Border Patrol. [Source]
The OECD has launched an online public consultation
process to receive input on the proposed themes and issues of the upcoming OECD
Ministerial to be held in Seoul, Korea on June 17-18, 2008. The theme of the
Ministerial is the “Future of the Internet Economy.” The questionnaire seeks
comments on four policy areas. First, how can the Internet be used to improve
future economic performance and social welfare? Second, in order to benefit
from technology convergence, what overarching principles are needed for the
transition to the next generation of high speed networks, what guidance will
help consumers navigate the transition, and what policies should be in place
for evolving RFID and sensor networks? Third, how can the OECD encourage
creativity in areas such as e-science, enable innovation and encourage growth
and employment, and enable maximum access to public sector information and
content and its re-use by the private sector? Lastly, the OECD requests
comments on the kinds of policies that are needed to ensure the security of
critical information infrastructure and combat malicious software, to address
digital identity management, to ensure multi-stakeholder, cross-border
co-operation for privacy, security and consumer protection, to empower
consumers online, and to ensure fair mobile commerce transactions and combat
online identity theft. The public consultation will be open until Friday, September
14, 2007. [OECD Online
Public Consultation Page] [Public Voice OECD
Ministerial page]
The city must release hundreds of pages of documents
related to police surveillance of protesters prior to the 2004 Republican
National Convention, but they will be allowed to black out some information, a
judge ruled this week. The city had sought to keep secret field intelligence
reports prepared by undercover police officers, but a U.S. Magistrate called
for the city to turn over those and other documents to lawyers
representing hundreds of protesters challenging their
arrests, stating that “Information is not privileged simply because it was
obtained as a result of an undercover investigation,” he wrote. “Information is
privileged only when its disclosure would interfere with legitimate law
enforcement interests.” More than 1,800 people were arrested at the four-day
convention at Madison Square Garden, where President Bush accepted his party’s
nomination for a second term in office. [Source]
[Source]
An analysis released yesterday by the Center for
Democracy and Technology has found that recent privacy policy makeovers by the
five major Internet search companies show competition benefits users, but a “comprehensive”
federal privacy law is still needed. The group also argued self-regulation
could only go so far, in part because such a tactic will not do much to stop “bad
actors” with no interest in being privacy-protective. [Source] [CDT Search Privacy
Report, August 08, 2007] [Press
Release] See also: [Google
explains privacy policy on YouTube] [Video
clip]
The Canadian Internet Policy & Public Interest
Clinic at the University of Ottawa has asked the Competition Commissioner to
review the Google-DoubleClick deal. CIPPIC alleges that the merger would
prevent or at least significantly lessen competition in the market for online
targeted advertising because of Google’s dominance in keyword search and
DoubleClick’s lead in the display ad serving and behavioral targeting ad
business. [Source]
[Complaint]
In a presentation at the Black Hat conference in Las
Vegas last week, Stephen Patton explained how a piece of free software he’d
created can automatically comb social networking sites, collecting and
aggregating data based on keywords or other information like contact
information, friends, and personal history. For Black Hat’s audience of
hackers, the tactics for pulling sensitive data were almost disappointingly
easy. “This isn’t cracking,” Patton said. “All this information is publicly
available, and we’re not even bypassing any authorizations on these sites.”
Patton has trained police investigators in using these wholesale data-netting
methods to extract evidence for criminal investigations. He said his tools can
be used to track a wide variety of traits and behaviors, like identifying
sexual predators or tracking underage drinking. Facebook is particularly
difficult to search for personal information, he said, but sites like MySpace,
Friendster and Bebo, on the other hand, were especially easy to mine for
private data. [Source]
See also: [MySpace
sex offenders find refuge in Canadian privacy laws: expert]
Resumes for job applications are believed to be the
biggest source of Internet privacy invasions. A survey of 300 people by
1010job.com, a city-based online human resources agent, revealed that 75% of
the respondents complained that personal information from their resumes had
landed in the hands of unauthorized companies. Insurance companies lead the
list of the most unwanted recipients of this information, followed by real
estate agents and investment companies. [Source]
See also: [Consumer
Affairs: Online Job Postings: be careful when listing contact info]
Australia’s federal government is set to introduce data
disclosure laws there as early as 2008. The push is part of a review of the
Privacy Act being undertaken by the Australian Law Reform Commission (ALRC),
which began early this year. A discussion paper, recommending the introduction
of these laws which would force organizations to notify customers of security
breaches, will be released next month. When parliament resumes next week, a
senator will present a private bill obliging businesses and government agencies
to inform affected individuals about data exposures. The proposed amendment to
the Privacy Act would bring Australia into line with tough US data-breach
rules, and the European Commission’s Directive on Data Protection, expected to
be passed shortly. [Source]
[Source]
[Microsoft’s
CPO critical of Australian disclosure law emphasis]
The U.S. Federal Trade Commission will host a two-day
forum on targeted advertising in November, following a series of complaints by
privacy groups. The FTC town hall meeting is intended as a way for the agency
to learn more about current practices in targeted advertising, said Jessica
Rich, assistant director for the FTC’s division of privacy and identity
protection. [Source]
[FTC Town Hall Meeting
Announcement,] See also: [CDT
Letter to FTC Commissioner Rosch]
This week, the Federal Trade Commission (FTC) began
soliciting comments from businesses, law enforcement, consumer reporting
agencies, academics and consumer advocates on private-sector use of Social
Security Numbers (SSNs). The initiative is being led by the FTC’s Identity
Theft Task Force, which earlier this spring issued a report titled “Combating
Identity Theft: A Strategic Plan” that questioned the need for businesses to
use customers’ SSNs as identifiers. [Source]
A sharply divided Arizona
Supreme Court has ruled that it violates Fourth Amendment rights for police to
search an arrested person’s vehicle without a warrant when the scene is secure
and the arrestee is handcuffed, seated in a patrol car and under supervision of
an officer. The issue has implications for both personal privacy and police
officers’ safety, and the state high court’s 3-2 ruling represents a dramatic
departure in how such everyday circumstances involving traffic stops and other
common situations have been handled by law enforcement. [Source]
A German security researcher who demonstrated last year that he could clone the computer chip in an electronic passport has revealed additional vulnerabilities in the design of the new documents and the inspection systems used to read them. Lukas Grunwald, an RFID expert who has served as an e-passport consultant to the German parliament, says the security flaws allow someone to seize and clone the fingerprint image stored on the biometric e-passport, and to create a specially coded chip that attacks e-passport readers that attempt to scan it. [Source] [e-Passports get hacked in new security threat] See also: [Homeland Security chief vows to move forward with ID law]
According to a study by the U.S. Treasury Inspector
General for Tax Administration, IRS employees ignored security rules and turned
over sensitive computer information to a caller posing as a technical support
person. Sixty-one of the 102 people who got the test calls, including managers
and a contractor, complied with a request that the employee provide his or her
user name and temporarily change his or her password to one the caller
suggested. [Source]
Wissahickon, PA High School parents and students
received a letter signed by Principal William Hayes last week informing them of
a new rule: only clear backpacks can be worn throughout the school day. The
policy, which will be implemented the first day of the 2007-08 school year, caused
an influx of phone calls, e-mails, IMs and text message exchanges throughout
the student body. A “Hell No I’m Not Wearing a See-Through Backpack” group
formed on the social networking Web site, Facebook, with 325 members as of
Tuesday. Students are calling it an invasion of personal privacy and a step
back to improving safety at WHS. Hayes said during a phone interview July 20
the rule is “not a foolproof step but an additional measure to help in the
detection of inappropriate things kids may bring to school.” [Source]
The Australian federal Government has signed an
agreement with ANZ that will see some of the bank’s customers trial secure
access to online government services. The agreement between ANZ and the
Department of Industry, Tourism and Resources, allows ANZ business customers
trial access to government services using a chip card carrying an IdenTrust
digital certificate. Uses for the card could include access to applications for
government grants, licence applications, customs reporting and access to
government tender information. Trials are scheduled to begin later in the year,
with ANZ planning to offer access to more customers if the trials prove
successful. [Source]
In a far-reaching new proposal to Congress, the
Administration is asking for authority to intercept, without a court order, any
international telephone call or e-mail made by any American citizen. The
proposed legislation would not require that the targeted communication involve
terrorism or other dangerous conduct. The proposal would amend the Foreign
Intelligence Surveillance Act to allow the National Security Agency to
force communications carriers to turn over without a court order any international
communications into and out of the United States for indefinite storage and
data-mining.. [Administration
Letter]
Closed circuit television (CCTV) must not be used to
record conversations, the Information Commissioner’s Office (ICO) has warned.
The Commissioner has proposed a new Code of Practice on the use of CCTV. The
ICO has launched a consultation on changes to its existing code of practice for
using CCTV, published in 2000. [Source]
[ICO
consultation documents] [The
existing Code of Practice] See also: [CCTV
runs risk of data protection breach]
The Iowa Supreme Court has ruled that parents can
wiretap their children’s telephone conversations. The court said conversations
a man recorded between his daughter and the teacher he suspected of sexually
abusing her will be admissible in court, stating that guardians may record
their minor children’s telephone conversations if it is necessary for the child’s
welfare. The 16-page unanimous ruling reverses a decision ruling that recorded
conversations of a former teacher and his 13-year-old student were not
admissible in the teacher’s sexual abuse trial. The district court must now
again determine the admissibility of the recordings. [Source]
According to an ABC News poll, 71% of Americans are in
favor of increasing the use of surveillance cameras in public places to fight
crime. Several major U.S. cities, including New York, Chicago and Baltimore
currently have plans in the works to expand the number of surveillance cameras
in use. According to this UPI article, critics who oppose the use of
surveillance cameras say they are an invasion of privacy and “could be used to
keep track of innocent people.” [Source]
See also: [California The Police
Department is creating a Privacy Council to advise officers on its use of
surveillance cameras]
UK telecoms providers will have to retain data about
telephone calls for one year, under legislation passed
by parliament on 25 July. In a statutory instrument coming into force on 1
October this year, the home secretary, Jacqui Smith, enacted last year’s
European data retention directive, which told member states to retain traffic
and location data on telephone calls to assist in tackling crime. It said
countries should set the retention period from six months to two years.
Implementing the directive for internet communications may be very difficult,
according to responses to the Home Office’s consultation, published
last month. The UK ISP Association was quoted in the consultation as saying
that, “the draft regulations as they stand would not enable implementation of
the directive”. This means that from October, details of VOIP telephone calls
will not need to be retained for a year, although those made through fixed and
mobile telephone systems will. [Source]
[UK Legislation]
[Background]
The US government this week proposed a new version of
its program to screen airline passengers, stripped of the data mining that
aroused privacy concerns and led Congress to block earlier versions. The new
version of the Secure Flight program is open for public comment and will be
tested this fall before it can be implemented fully in 2008. The third version
of the program, once known as CAPPS II, drew positive reviews from privacy
advocates and members of Congress who had objected to more elaborate earlier
versions. Congress enacted legislation blocking earlier plans to collect
private commercial data -- such as credit card records or travel histories --
about all domestic air travelers in an effort to predict who might be a terrorist.
The new plan would require passengers to give their full names when they make
their reservations -- either in person, by phone or online. They also are to be
asked if they are willing to provide their date of birth and sex to reduce the
chance of false-positive matches with names on the watch lists. “Finally, this
appears to have a coherent, narrow and rational focus,” said James Dempsey of
the Center for Democracy and Technology, a privacy advocacy group. “This is a
vast improvement over what we’ve seen before.” [Source]
[Source]
In response to more than 600 public comments, the
Homeland Security Department has announced it will shorten the amount of time
it will retain data and made other changes to its Automated Targeting System
(ATS). Under ATS, information on cargo destined to arrive in the United States,
and on incoming U.S. and foreign travelers, is assessed against several
terrorist threat databases to determine whether additional security checks are
needed. Formerly, the incoming passenger personal information in the system was
to be held for 40 years, but now that time has been reduced to 15 years, DHS
said. In addition to the shorter retention period, DHS also is requesting an
exemption for certain records in the system and also states that it will not
collect information about passenger race, ethnicity, religion or sexual
orientation. If such information is provided by an airline, it will be filtered
out by DHS. [Source]
Travel documents are often used fraudulently in
attempts to enter the United States. The integrity of U.S. passports and visas
depends on the combination of well-designed security features and solid
issuance and inspection processes. GAO was asked to examine (1) the features of
U.S. passports and visas and how information on the features is shared; (2) the
integrity of the issuance process for these documents; and (3) how these
documents are inspected at U.S. ports of entry. We reviewed documents such as
studies, alerts, and training materials. We met with officials from the
Departments of State, Homeland Security, and Commerce’s National Institute of
Standards and Technology, and U.S. Government Printing Office, and with
officials at seven passport offices, nine U.S. ports of entry, two U.S.
consulates in Mexico, and two Border Crossing Card production facilities. [Source]
See also: [GAO
Report: Information Security: Despite Reported Progress, Federal Agencies Need
to Address Persistent Weaknesses] and [Information Security:
Homeland Security Needs to Immediately Address Significant Weaknesses in
Systems Supporting the US-VISIT Program.]
During recent testimony before the House Judiciary
Committee’s Commercial and Administrative Law Subcommittee, Linda Koontz, the
Director of Information Management issues for the Government Accountability
Office (GAO), said that the DHS Privacy Office is falling behind in efforts to
inform the public about new and existing databases of personal information as
well as the completion of privacy impact assessments on federal programs.
Koontz told the panel that tardy reporting has hindered the Privacy Office’s “credibility
and authority,” according to coverage in Washington Technology. [Source]
The Democratic-controlled House on Saturday night
approved legislation President Bush’s intelligence advisers wrote to enhance
their ability to intercept the electronic communications of foreigners without
a court order. The Senate had passed the legislation Friday night after House
Democrats failed to win enough votes to pass a narrower revision of a statute
known as the Foreign Intelligence Surveillance Act. [Washington Post] See also:[CNET
FAQ: How far does the new wiretap law go?] [Lawmakers
face political fallout after passing spy bill]
President Bush signed legislation Sunday into law that
gives the government expanded authority to conduct warrantless eavesdropping on
Americans’ international telephone calls and emails. This New York Times story
indicates that the law changed the legal definition of “electronic
surveillance,” which gives the government the ability to eavesdrop on those
conversations without obtaining a warrant - provided that the target is “reasonably
believed” to be overseas. A White House spokesman said the law’s objective is
to give the government better flexibility in efforts to investigate foreign
suspects overseas, not to listen in on Americans calling abroad. The new law
transfers the oversight from a special intelligence court to the attorney
general and the director of national intelligence, which now will have the
authority to sign off on international eavesdropping. The law is set to expire
in six months. [NY
Times] [Same
Agencies to Run, Oversee Surveillance Program]
A month after LD 1084 was signed into Maine law, the
bill’s proponents and opponents are working to inform Mainers about its
implications for adopted children, birth parents and adoptive parents. The
bill, signed by Gov. John Baldacci on June 25, will allow adoptees at least 18
years of age to access their original birth certificate. Through that document,
they can learn the identity of their birth parents. Birth parents will be
allowed to fill out forms that spell out medical history and indicate their
preference about being contacted by the adoptee. The bill - which will not go
into effect until Jan. 1, 2009 - makes Maine the eighth state in the nation to
allow adoptees access to their original birth certificates without the need to
petition probate court. Until then, the state and all parties involved in
adoptions will be preparing for the change. [Source]
Massachusetts Governor Deval Patrick signed a bill
this week that requires companies to immediately notify consumers when their
private information has been breached. The law also lets residents place a “security
freeze” on their consumer credit reports, at a cost of up to $5 per request,
and establishes rules for the disposal of old records that contain personal
information such as Social Security numbers. Under those rules, state officials
would be required to delete the first few digits of Social Security numbers
when handling personal information if federal authorities don’t require the
full number. [Source]
[Governor’s
podcast]
If you’re an unmarried man and you’ve had sex in
Virginia, the commonwealth wants to know about it. The General Assembly
established the Virginia Putative Father Registry in the 2006 session, and it
went into effect July 1. The law asks any unmarried man who could be a father
to voluntarily fill out a one-page registration form and submit it to the
Virginia Department of Social Services. “The purpose of the registry is to
protect the rights of a man who wants to be notified if a child he may have
fathered is placed for adoption, or if parental rights are about to be
terminated,” said Anthony Conyers Jr., state social services commissioner. [Source]
[Source]
A recent survey finds that some U.S. companies employ
workers to personally monitor employee e-mail and that more than one-quarter of
surveyed companies have terminated employees for e-mail policy violations. The
impact of e-mail misuse on companies is significant, according to the survey.
More than one-quarter (26%) reported that business was affected by the exposure
of sensitive or embarrassing information in the last year. [Source]
A mechanic for mail-processing equipment at the US
Postal Service, filed a complaint in the US Western District Court of
Washington alleging that the USPS sold his private data and the data of other
workers to credit card companies and others without consent. The lawsuit filing
says: “The Postal Service is subject to the privacy protection requirements of
the Privacy Act. Despite this, the USPS allows private businesses, as part of
its Strategic Business Initiatives plan, to access and utilize for profit its
employee master file, containing personal, private employee information,
including the complete home addresses of all career and non-career, full- and
part-time employees.” [Source]
New York taxi drivers have promised to strike sometime
in September if GPS technology is installed in 13,000 cabs as planned. The New
York Taxi Workers Alliance, representing about 8,400 drivers, has
likened the GPS systems to privacy-invading ankle
bracelets worn by homebound prisoners. Drivers are worried their bosses will
track their whereabouts even when they are off-duty, according to statements by
six drivers and Alliance Executive Director Bhairavi Desai. The alliance plans
to announce a strike date in mid-August. [Source]
--------