US – FBI Expanding Access to Fingerprint Database

The FBI is ready to move out of the test stage in sharing fingerprint data with other agencies. Tom Bush, assistant director at the bureau’s Criminal Justice Information Service (CJIS) office, this week the FBI is going forward on all fronts to extend access to its Integrated Automated Fingerprint Identification System (IAFIS) database to the Defence, Homeland Security and State departments. Bush said civilian agencies account for about 54% of the checks against IAFIS. He also said with the interoperability success, CJIS hopes to expand the intelligence community’s use of the databases. Bush said IAFIS was built to do about 62,000 fingerprint checks a day, but it is handling more than 115,000 a day. He said that is the main reason the FBI is upgrading IAFIS to the Next Generation Identification system. Industry submitted proposals earlier this month, and Bush said an award is expected by December. [Source] See also: [New Fingerprinting System Gets Thumbs Down: Thousand of Teachers' Fingerprints Rejected by FBI]

CA – Canadian Privacy Commissioner Launches E-Learning Tool

Retailers now have a free, do-it-yourself interactive tool to help them bring their privacy practices and policies in line with the law, the Privacy Commissioner of Canada announced this week. The new e-learning tool created by the Office of the Privacy Commissioner of Canada (OPC) provides retailers with the information to set up their business to meet their obligations under Canada’s privacy laws and provide customers with the privacy protection they’re guaranteed under PIPEDA. The online retailer training session takes about 30 minutes to complete. At the end, retailers will have: an information audit of their business; consent provisions required specifically for their business; a security plan; a sample privacy brochure for customers; and a training needs assessment. [Source] [Interactive Tool]

CA – Ponemon Institute Announces Results of 2007 Most Trusted Companies Study

Carlson Marketing Worldwide and the Ponemon Institute have announced the results of the 2007 Canada’s Most Trusted Companies for Privacy Study, an annual report that ranks public perception of companies’ privacy and data security practices. The study included both Canadian companies and global brands operating in Canada and found that the top three most trusted brands are Bell Canada, Bank of Montreal and Royal Bank of Canada. Financial services and telecommunications companies had a solid showing, capturing six of the top ten positions. Canadian brands earned seven of the top ten spots, including the top four rankings. [Source]

US – US to Outsource E-Authentication

E-government has matured to the point that federal agencies are now willing to pay a fee for e-authentication services to verify people’s identities online. That’s the conclusion reached by the federal E-Authentication Executive Steering Committee, which approved a new fee-for-service policy in June. A transition to the new business model will occur in spring 2008, officials said. The federal program office that manages e-authentication services is now part of the General Services Administration’s Federal Acquisition Service. Georgia Marsh, former acting program executive for e-authentication, described the policy change as a major milestone and turning point in the federal government’s e-authentication history. E-authentication is one of 25 e-government initiatives that the Bush administration introduced in 2002 as part of the President’s Management Agenda. [Source]

WW – IBM Introduces Data Masking Solution to Safeguard Privacy

IBM this week announced a new Data Masking Solution that helps protect critical data without disrupting customer service or product development. With these sophisticated Data Masking techniques, the solution is designed to transform data so that no sensitive information is exposed while allowing internal and external developers to perform software product design, development, testing and quality assurance. Data Masking is the process of identifying sensitive data and overlaying values that “masks” the sensitive data, but does not compromise the functional integrity of an application. Today, data masking is accomplished manually by companies’ technical subject matter experts. The task needs to be repeated as large companies have hundreds of business applications that are all tightly integrated. IBM’s Data Masking Solution can execute this masking process in a timely and cost-effective way across the enterprise. [Source] [IBM’s Data Masking Solution]

WW – Ponemon Report: Data Lingers In Off-Network Devices

Data breaches such as the one reported by Merrill Lynch earlier this month – through which the company lost some 33,000 employee records via a laptop stolen from a New Jersey office – could be avoided if companies did a better job of managing and defending information stored on devices that move off of corporate networks, according to a new report published by Ponemon Institute. Presented by its authors at the Privacy Symposium being held at Harvard University, the study – which is based on a survey completed by 735 senior IT security professionals -- finds that 73% of those corporations it interviewed experienced the loss or theft of a data-bearing machine sometime in the last 2 years. Despite that reality, and the fact that 62% of study respondents admitted that they were unsure if their off-network equipment contains unprotected sensitive or confidential information, some 39% said they do not view the management of such devices as a “critical component” to security. In a nod to the lack of tools being used by businesses to track data leakage, 30% of those individuals responding to the survey said they would never be able to detect the loss or theft of confidential data from off-network equipment when it happened. Unsurprisingly, based on the results, Ponemon found that a vast majority 70% of all data breaches result from the loss of off-network equipment, including laptops, PDAs and cell phones. [Source] [Source]

UK – Lords Report Questions Role of ISPs In Online Safety

A new report on internet safety has concluded ISPs (internet service providers) should take more responsibility for online security since end users are often lax. But the 121-page Personal Internet Security report, published this month by the UK House of Lords, stopped short of suggesting that the Office of Communications (Ofcom) - the UK communications regulator - should impose new rules on ISPs. [Source]

CA – Identity Theft: 3,353 Ontarians Fell Prey to Fraudsters Last Year

According to statistics compiled by the Canadian Anti-Fraud Call Centre, more commonly known as Phone Busters, identity theft was responsible for more than $16.2 million in losses in Canada last year. More than $7.5 million of that occurred in Ontario, with 3,353 reported victims. [Source] See also: [Your data’s less safe today than two years ago: Crooks are outpacing prevention efforts; ID theft is up 50% since 2003] See also: [Anatomy of a data breach from the inside out]

US – Lawsuit Filed on Behalf of 8.5M Consumers in Data Breach Case Suit

Check verification company Certegy and its parent company, Fidelity National Information Services Inc., face a class action lawsuit in connection with the theft of 8.5 million consumer records. The company announced last month that a former senior database administrator accessed and then sold consumers’ financial and personal information to marketing firms. The lawsuit alleges negligence, invasion of privacy and breach of implied contract. [Source] [Source] See also: [US Federal Court Slaps Data Theft Victims and Ruling]

WW – e-Exclusion and Bot Rights: Legal Aspects of the Robots Exclusion Standard

Public sector use of the robot exclusion standard raises interesting questions about transparency, availability of public sector information and the principle of public access to information. This paper explores both actual examples of how public sector agencies in Sweden use the standard and an analysis of the legal problems related to use of the standard. [Source]

US – Alaska to Permit E-Prescriptions

Electronic drug prescriptions can be delivered to pharmacists in all 50 states for the first time this week as Alaska became the final state to join the technological bandwagon. In the past year, Georgia, South Carolina and West Virginia have all joined the national network, and the change in Alaska regulations means doctors’ hieroglyphic handwriting and prescription pads could soon be a thing of the past. [Source]

US – Identity Attack Spreads; 1.6M Records Stolen From Monster.Com

The 46,000 people reportedly infected by ads on job sites may be only a fraction of the victims of an ambitious, multistage attack that has stolen data belonging to several hundred thousand people who posted resumes on Monster.com, a researcher said last weekend. According to Symantec Corp., a new Trojan horse has stolen more than 1.6 million records belonging to several hundred thousand people from Monster Worldwide Inc.’s job search service. That data is then used to target the Monster.com users with credible phishing mail that plants more malware on their machines. The personal information filched from Monster.com includes names, e-mail addresses, home address, phone numbers and resume identification numbers. “Such a large database of highly personal information is a spammer’s dream,” said a Symantec Researcher. [Source] [Source] [Monster Waited Five Days to Disclose Data Theft] See also: [Resumes: A Favorite Phishing Hole for Spammers]

US – Retirees’ Personal Info Compromised

Personal information about hundreds of thousands of retirees’ may have been compromised after two security breaches involving pension funds in California and New York. In the New York case, a laptop computer containing financial information on as many as 280,000 retired New York City workers disappeared from a restaurant. In California, a pension fund brochure that was mailed to 445,000 retired state workers last week revealed all or part of each person’s Social Security number on the envelope. [Source] [California State Pension Fund Admits Breach of Retiree Data]

CA – New Ontario Drivers Licences to Include Citizenship Information as Option

Ontarians will have the option to add citizenship information to their driver’s licences when the province introduces its new cards, Transportation Minister Donna Cansfield said this week. The province is slated to unveil new licences at the end of 2007 that it hopes will be able to double as pass cards at the New York and Michigan borders. British Columbia received approval for a similar enhanced driver’s licence pilot project in March. The active working group will be meeting again in the next couple of weeks to discuss any further requirements. [Source]

US – Vermont to Participate In Hybrid ID Program

The state of Vermont has forged an agreement with the Homeland Security Department to launch a hybrid identification card that combines a driver’s license with a border-crossing card. Following the lead of Washington State, Vermont intends to become the second border state to produce an enhanced driver’s license that potentially will serve as an acceptable document for crossing U.S. borders under the Western Hemisphere Travel Initiative. [Source]

UK – UK Students Warned to Protect Personal Information

The UK Information Commissioner’s Office (ICO) is urging new and returning university students to protect their personal information as the new academic year approaches. It said students are more likely to be invited to sign up for new services and societies within the first few days and weeks of the academic year. The warning comes as a recent survey conducted by the ICO revealed that young people appear to protect their personal information less well than any other age group. The survey of 1,223 UK adults aged over 16 and conducted by market research firm Tickbox found that more than half (5%) use the same passwords for more than one account. And one in five failed to properly destroy bank statements or receipts before throwing them in the bin. The ICO is directing concerned students to a free online guide designed to help them protect and manage their personal information. The ICO Personal Information Toolkit includes advice and tips on how to access the personal information organisations hold, how to correct inaccurate information and how to reduce unwanted marketing calls and texts. [Source]

WW – Intellectual Property Holders Press for Access to WHOIS Data

The seven-year-old battle over access to WHOIS data -- the names, street addresses, e-mail addresses and phone numbers of those who have registered Internet domains -- remains a stalemate this week, leaving reforms undone. The conflict pits individuals and groups that favor privacy protections against organizations and law enforcement agencies that favor data access to police intellectual property and to curtail cybercrime. In a blog post on the Internet Governance Project’s (IGP) Web site, Milton Mueller, Professor and Director of the Telecommunications Network Management Program at the Syracuse University School of Information Studies and a partner in the IGP, details the Final Outcomes Report of the WHOIS Working Group, published on Tuesday, and inability of the various stakeholders to reach any kind of consensus. [Source] [Background]

WW – Avatars Will Soon Outnumber Humans

Gartner research indicates that in four years’ time 80% of internet users will have avatars - virtual replicas of themselves - working or playing online. Given the pace of internet adoption, and the fact that people often have more than one avatar, there will soon be more avatars than humans, at least in the industrialised world. How, if at all, this will change society is fascinating to predict. [Source]

CA – Law Enforcers Plan Canadian Cyber-Crime Centre

The Canadian Association of Police Boards’ initiative to establish a global centre for cyber crime in Canada got a boost this week with a $100,000 pledge from Public Safety Minister Stockwell Day. The CyberPol Global Centre for Securing Cyberspace is envisioned to become a centralized collaboration centre for Canadian and international law enforcement agencies in a bid to combat all forms of cyber crime, according to Ian Wilms, president of the Canadian Association of Police Boards (CAPB). The federal government’s contribution will help fund a national study the CAPB will conduct on the impact of cyber crime on all sectors of Canadian society. The study will involve both businesses and consumers to get a sense of the extent of computer-related crimes in Canada, including child exploitation, financial fraud, identity theft and intellectual property offences. The cyber crime impact study will be conducted over the next four months, after which the CAPB will release a national report “so Canadians can become aware,” Wilms said. At the same time, the CAPB will commence work on a feasibility study that will bring together various law enforcement agencies, including the RCMP and municipal police forces, technology experts, as well as security partners from the U.S. and other countries to determine what the best model for the CyberPol Centre would be, he said. [Source]

WW – Facebook to Introduce Advertising Based on Personal Info

Social-networking Web site Facebook Inc. is quietly working on a new advertising system that would let marketers target users with ads based on the massive amounts of information people reveal on the site about themselves. Eventually, it hopes to refine the system to allow it to predict what products and services users might be interested in even before they have specifically mentioned an area. [Source] See also: [YouTube To Start Selling Ads In Videos]

US – Auditors-General Pressure Social Media to Add Parental Controls

The attorneys general of all 50 states have joined forces to pressure MySpace, Facebook Inc. and other Internet social-networking sites to put in place greater parental controls and age-verification tools so minors can’t access the sites so easily. Led by Richard Blumenthal and Roy Cooper, the attorneys general of Connecticut and North Carolina, respectively, the group is working together to pressure the social-networking sites for changes and push for new laws. [Source]

WW – Google Now Zaps Faces, License Plates On Map Street View

Now anyone can alert the company and have an image of license plate or a recognizable face removed, not just the owner of the face or car. Google has gotten a lot of flack from privacy advocates for photographing faces and license plate numbers and displaying them on the Street View in Google Maps. Originally, the company said only people who identified themselves could ask the company to remove their image. But Google has quietly changed that policy, partly in response to criticism, and now anyone can alert the company and have an image of a license plate or a recognizable face removed, not just the owner of the face or car, says Marissa Mayer, vice president of search products and user experience at Google. [Source]

US – E-Voting Yields Not-So-Secret Ballots

Ohio’s method of conducting elections with electronic voting machines appears to have created a true privacy nightmare for state residents, as the method reveals who voted for which candidates. Two Ohio activists have discovered that e-voting machines made by Election Systems and Software and used across the country produce time-stamped paper trails that permit the reconstruction of an election’s results, including allowing voter names to be matched to their actual votes. [Source]

WW – Hackers Clone RFID Passports

High-tech passports touted as “advances in national security” can be spied on with remote-control technology and their radio signals cloned. A conference of computer hackers were shown the techniques last Sunday. Radio frequency identification technology (RFID) - used in cash cards and passports and also in security passes by members of Indian Parliament - could be copied, blocked or imitated, said Melanie Rieback, a privacy researcher at Vrije University in Netherlands. Rieback demonstrated a device she and her colleagues at Vrije built to hijack the RFID signals that manufacturers have touted as “unreadable by anything other than proprietary scanners”. “I spend most of my time making RFID industry’s life miserable,” a doctoral researcher said. “I am not anti-RFID. It has the potential to make people’s lives easier, but it needs to be used responsibly.” Rieback and her university compatriots are expected to have a portable version of their device - RFID Guardian - ready in six months but “have no plans to immediately mass-produce them.” “Hackers” present in the conference room cheered when Rieback announced that the schematics and the computer codes for the device would be made public. [Source]

UK – Pupils Face Tracking Bugs in School Blazers

A UK school uniform maker said yesterday it was “seriously considering” adding tracking devices to its clothes after a survey found many parents would be interested in knowing where their offspring were. Trutex would not say whether it was studying a spy in the waistband or a bug in the blazer but admitted teenagers were less keen than younger children on the “big brother” idea. The Lancashire company, which sells 1m blouses, 1.1m shirts, 250,000 pairs of trousers, 200,000 blazers, 60,000 skirts and 110,000 pieces of knitwear each year, commissioned an online survey for 809 parents and 444 children aged between nine and 16. It said 44% of the adults were worried about the safety of pre-teen children and 59% would be interested in satellite tracking systems being incorporated in schoolwear. While nearly four in 10 pupils aged 12 and under were prepared to go along with the idea, teenagers were more wary of “spying”. [Source] See also: [Domestic Satellite-Surveillance Plan Draws Scrutiny]

WW – Mobile Workers Take Too Many Security Risks: Survey

A global study into mobile workers’ attitudes to IT security suggests there is still much work to be done in raising awareness of security threats and best practices while working on the move. The survey, carried out by market researcher InsightExpress, found almost three quarters (73%) of mobile users claimed that they were not always mindful of security issues. Although many said they are aware “sometimes” of the risks and threats, 28% admitted that they “hardly ever” consider security risks and proper behaviour. More worryingly, some of the 700 mobile users surveyed for the study commissioned by Cisco and the National Cyber Security Alliance (NCSA) even admitted that they “never” consider safe best practices and didn’t know they needed to be aware of security risks. [Source]

US – Giuliani: “Tamper-Proof” Biometric Card for All Foreigners

Every foreigner in America, including British visitors, would be required to carry an ID card bearing photograph and fingerprints under plans drawn up by Rudolph Giuliani, the frontrunner for the Republican presidential nomination. Giuliani is hoping to cement his status as the Republican favourite by promising to enforce immigration and border controls, drawing on expertise in combating crime from his time as mayor of New York. He announced last week that all foreigners, including holiday-makers, would be obliged to carry a “tamper-proof” biometric card, which could be issued at ports of entry. “If you don’t have that card, you get thrown out of the country,” Giuliani said. He intends to call it a Safe card (for secure authorized foreign entry). [Source]

US – California Police Camera Surveillance Increasing: ACLU Report

Backed by millions in Homeland Security dollars, California law enforcement authorities are quickly expanding video surveillance camera spying in public rights of way, a move the American Civil Liberties Union says is stripping away privacy rights while failing to dent the intended purpose: crime. The ACLU report says at least 37 agencies and cities, big and small, have some form of a video surveillance program or are planning one directed at combating crime. And as more cities look to install their own monitoring devices, there’s little empirical evidence that the cameras are deterring crime or helping solve cases. Instead, the surveillance “gives the government a vast quantity of information on private citizens that would otherwise be unavailable, allowing it to monitor people engaging in wholly innocent and constitutionally protected behavior,” according to the report, released Monday. [Source] [ACLU Report]

US – Role of Telecom Firms in Wiretaps Confirmed

The Bush administration has confirmed for the first time that American telecommunications companies played a crucial role in the National Security Agency’s domestic eavesdropping program after asserting for more than a year that any role played by them was a “state secret.” The acknowledgment was in an unusual interview that Mike McConnell, the director of national intelligence, gave last week to The El Paso Times in which he disclosed details on classified intelligence issues that the administration has long insisted would harm national security if discussed publicly. [Source] [Secret Court Asks for White House View on Inquiry] [Spy chief reveals details of operations]

US – FCC Must Protect Innovation, Privacy in e911 Rulemaking

CDT, the Electronic Frontier Foundation and Sun Microsystems this week urged the Federal Communications Commission (FCC) to be cautious in considering an “automatic” location requirement for VoIP providers for use during e911 emergency calls. In comments filed today with the FCC, the groups noted that while the e911 system is a vital part of our public safety net, VoIP services are unable to provide “automatic” location information (without user input), and a requirement that they do so would harm innovation and competition. The comments also cautioned that some proposed solutions to address the VoIP location requirement would destroy users’ privacy. August 22, 2007 [CDT e911 Comments]

US – DHS Data Mining Program Suspended After Evading Privacy Review, Audit Finds

A controversial Homeland Security data mining system called ADVISE that dreamed of searching through trillions of records culled from government, public and private databases analyzed personal information without the required privacy oversight, may cost more than commercially available alternatives and has been suspended until a privacy review has been completed, according to an internal audit. The Analysis, Dissemination, Visualization, Insight, and Semantic Enhancement program, one of twelve DHS data mining efforts, hit the trifecta of civil libertarians concerns about data mining programs - invasiveness, secrecy and ineffectiveness, according to a recent DHS Inspector General report. [Source] [DHS Inspector General report]

US – DOD Pulls Plug on TALON Database

The Defense Department announced today that it would close an intelligence reporting database that had come under legal fire as a means of storing information about peaceful domestic critics of Bush administration policies. The Threat and Local Observation Notice (Talon) database had become a lightning rod for criticism of military intelligence agencies’ monitoring of antiwar protestors. The decision to shut it down resonated with parallel litigation and debate about the legality of federal monitoring of international telecommunications. Technological changes in international telecommunications that have arisen since the disclosure of Vietnam War-era domestic spying prompted new civil-liberties protections figure in current privacy debates. The Pentagon said it would close Talon as of Sept. 17 and “maintain a record copy of the collected data in accordance with intelligence oversight requirements,” said a department press statement issued today. The ACLU, which had sued DOD to gain access to Talon records under the Freedom of Information Act, praised the decision to shut down the system. [Source] See also: [Secret Spy Court To Consider ACLU Request For Bush Spying Orders] [Is Bush Administration Redefining New Spy Law?]

WW – Airport Security Screening is Worst of All Possible Worlds: Economist

The security system now in place at most of America’s big international airports is the worst of all possible worlds-neither respectful of people’s privacy and rights, nor particularly effective in terms of security, according to an article in The Economist. Privacy problems remain, however. Passengers still won’t be able to find out why they have been targeted for extensive searches or kept off flights. And they still won’t be able to correct mistakes on watch lists. Before Secure Flight is resurrected, lawmakers need to insist that greater transparency is built into the system, and that one-in-ten false positives is wholly unacceptable. [Source]

CA – Canadian Court Protects Worker’s Casual Drug Use

Two competing cases on the controversial practice of workplace drug testing show a growing schism in the courts on the validity of such actions, making it harder for employers to figure out when their practices are outside the bounds of the law. Both cases deal with employees who were terminated after testing positive for marijuana use during pre-employment screening. Neither employee claimed to be drug dependent, which can be considered a disability under some provincial human-rights legislation. The cases also considered Entrop v. Imperial Oil, the leading Canadian drug-testing ruling, which came down hard on employers who test employees and prospective employees, even in safety-sensitive positions. [Source]

US – Survey Says: Half of Employers Restrict Facebook

Half of businesses are restricting employees’ access to social-networking site Facebook, due to concerns about productivity and security. According to research by security company Sophos, 43 percent of workers polled said their employer blocks Facebook access completely. Security experts warn that details such as employment history and mobile phone numbers have been found on the site and could be used for identity theft or to launch corporate phishing attacks. [Source]

US – NYC Taxi Drivers Set Strike Date to Protest GPS Systems

A group of 10,000 New York taxi drivers has vowed to strike for two days, Sept. 5 and 6, primarily to protest GPS systems being installed in their cabs. The New York Taxi Workers Alliance, which has 10,000 cab drivers as members, has been threatening a strike for several weeks, and set the strike dates today in a New York press conference. Executive Director Bhairavi Desai called the strike “a fight for dignity” because of concerns the GPS systems could be used to locate drivers and invade their privacy, especially when they are off-duty. [Source]

--------