British and EU visitors will be forced to have all 10 fingers scanned as they enter the country. This information will then be shared with intelligence agencies, including the FBI. Critics say the scheme will turn law-abiding citizens into terror suspects. Britons visiting the US already have their credit card and email accounts inspected by American authorities following a deal struck between the European Union and the US Department of Homeland Security last autumn. The civil rights group Liberty said: “The UK has pioneered the flawed notion that the more intrusive and unwieldy the database of innocent people - the safer the country. Civil rights campaigners have vowed to fight US plans to keep the fingerprints of British tourists on a criminal database. [Source] [Britons to be scanned for FBI database]

US – Support Strong For Government Use Of Biometric IDs: Survey

Despite some misgivings, an overwhelming number of Americans favor the use of biometric identifiers in passports, driver’s licenses and Social Security cards, according to a new survey by Truste, a non-profit online privacy certification organization. The same is true when it comes to the use of biometric IDs in credit and debit cards, although most of those who responded to the survey appear to be reluctant to share biometric data with retailers because of privacy concerns. The e-mail survey of 1,025 U.S. consumers looked at how Americans view the use of biometrics for a variety of identification purposes. [Source] [Truste Presss Release]

UK – UK Government Will Not Collect Iris Scans

The Home Office’s Strategic Action Plan for the National Identity Scheme indicates that the government will reserve the option to collect iris scans, but for now, only fingerprints will be collected from people who obtain an ID card or passport. A Home Office spokesman said that the most countries are using facial and fingerprint recognition, not iris scans, for identity documents, which is the major reason for the government’s decision to not collect iris scans. [Source]

CA – New Nova Scotia FOIPOP Review Officer Appointed

Dulcie McCallum, former Ombudsman for the Province of British Columbia, is Nova Scotia’s new Freedom of Information and Protection of Privacy Review Officer. Ms McCallum will oversee how provincial and municipal governments protect the privacy of Nova Scotians and respond to requests for access to information. [Source]

CA – Advocates Call For Data Breach Notification Law

The Canadian Internet Policy and Public Interest Clinic (CIPPIC) is gunning for the federal government, requesting that it make changes to PIPEDA that would force businesses to disclose IT security breaches to those whose information might have been leaked. PIPEDA is in the midst of its five-year review, which is being conducted by the House of Commons Standing Committee on Access to Information, Privacy, and Ethics. The University of Ottawa-based CIPPIC submitted a set of recommendations to the committee about changes to PIPEDA, which include their recommendation to make it mandatory for businesses that have suffered a security breach to report it to clients who could be negatively affected. In support of its recommendation, CIPPIC has released a white paper that summarizes the state of breach notification law in the United States and its case for bringing mandatory breach notification up north. [Source] [CIPPIC News Release] [CIPPIC White Paper]

WW – Rising Threat to Smart Phone Security: Study

A new report finds a steady rise in security attacks on vulnerable mobile phones and predicts that mobile security products will be installed on 247 million, nearly 8 percent of the total, mobile phones by 2011. Identity theft, and mobile viruses and malware, combined with state legislation and corporate governance and the increased user dependence for critical data storage and delivery to mobile phones, will ensure installation of security products, according to the Juniper Research report. [Source]

US – FTC Obtains Broader Authority to Pursue Foreign Spammers

The FTC soon will go global in its hunt for spammers, phishers and other online scammers. President Bush has signed a bill that gives the commission broader authority to pursue e-crooks in other countries. The FTC had pushed for more than three years for the new powers, which will help it shut down scammers such as the polite Nigerians who e-mail thousands of people a day with tales of woe and promises of riches to those kind enough to help. [Source]

EU – Germany’s Schaar Calls For Improvements In Telephone Surveillance

Germany’s Data Protection Officer Peter Schaar has called for a revision in the plans for new regulations of telephone surveillance. As he put it, “there has to be a clearer distinction between the ban on collecting such data and using it. The law should stipulate when the police have to stop phone tapping and when information can be gathered but not used for investigations.” Schaar also warned against allowing private firms to have access to the planned archives of telephone, cell phone, and Internet data. “Telecommunications data retention is no longer merely about combating terrorism, but also about economic interests.” Schaar also spoke out against having the Internet generally monitored by the police. “There should be no general monitoring of the Internet.” [Source]

UK – UK Firms Ignore Anti-Spam Law: Study

Almost a third of UK firms are failing to comply with privacy laws introduced in the UK three years ago to crack down on spam, a new study has revealed. A core aim of the European Privacy and Electronic Communications Directive, which came into force in the UK in December 2003, is to clamp down on the practice of sending unsolicited commercial email. Under the law, firms are no longer allowed to automatically opt in their customers to receiving emails about goods and services and instead customers should be required to actively choose to receive commercial emails. However, according to a new study from marketing specialists CDMS, 31% of the 200 UK firms studied are not complying with the opt-in rules for sending unsolicited emails to non-customers, for example money-off promotions. This is only a slight improvement on 2005, when 34% were non-compliant. [Source]

US – Majority Of Teens Stay Private Online: Study

According to a new Pew Internet & American Life Project study, just more than half of all U.S. teens use social networking sites like MySpace and Facebook. However, of those 55% of teens, age 12 to 17, who have created a personal profile online, 66% say that their information is not visible to all Internet users. [Source] [PEW Report]

US – Teens Embrace Privacy On MySpace: Study

Criminal justice professors have released the results of a study that indicates teen-agers understand the importance of not revealing their names on their MySpace profiles. The study also found that about 40% of the teens keep their profiles private. The researchers from the University of Wisconsin-Eau Claire and Florida Atlantic University randomly viewed 1,475 profiles of teenagers. [Source] [Privacy becomes concern as social online sites become fair game]

US – Stanford Researchers Tap Contextual Integrity Theory In Study Of Privacy

In an effort to pinpoint when and why the collection, storage and sharing of information irks individuals, Stanford University researchers are using contextual integrity theory to write new computer language that will shed light on why new methods of data gathering leads to protests. The theory, which recognizes that individuals do not demand complete privacy, was developed by Helen Nissenbaum of New York University. The theory relies on four classes of variable, which the researchers have been converting to language that can be used in computer programs. [Source] (The Economist)

US – Opinion: 10 Information Security Predictions For 2007

A Senior Analyst, Enterprise Strategy Group, tops his 2007 list with “more privacy legislation.” His take? “Look for a lot of grandstanding early in the year followed by the passing of a new data privacy bill sometime in the fall.” No. 2 on the list is data governance. “Look for large organizations to get serious about data governance this year.” He also predicts that encryption will abound, especially with “PCI and new privacy regulation” serving as the “hammer” for implementation. “By 2008, encrypting data won’t be as big a deal.” [Source]

EU – Italy Passes Law Requiring ISPs to Block Child Porn

Italy has introduced a new law requiring Internet service providers to block child pornography Web sites within six hours of being told to do so. The decree, which comes into force almost immediately, requires Internet providers to set up a system that blocks child pornography Web sites from being viewed soon after the providers are notified of their existence. [Source]

CA – Critic Frustrated By B.C.’s Slow Freedom of Information System

B.C.’s freedom of information system is breaking down and residents are spending years waiting for satisfactory responses to their requests, says an information advocate. The information commissioner has been hit with budget and staff cuts, which make the job of responding to requests much more difficult, said Darrell Evans of the B.C. Freedom of Information and Privacy Association. “That office is in desperate need of finances and desperate need of staff. It’s simply dysfunctional. They try to do good work, but the system is breaking down.” Evans added that the backlogs will worsen as the information commissioner takes on new responsibilities to regulate the protection of personal privacy. [Source]

US – South Carolina Bill Calls For DNA In Every Arrest

Lawmakers in South Carolina are considering a bill that would create the nation’s most aggressive DNA collection program, instructing police to take genetic samples from people arrested in any crime - including misdemeanors such as shoplifting - and enter them into state and national DNA databases. Every state collects DNA from people convicted of murder or sex crimes; 44 states, including South Carolina, take samples from all convicted felons. Six of those 44 states, including California, have approved taking samples from people arrested on suspicion of certain crimes. States maintain their own DNA databases, which are linked to form the national network. But South Carolina, if it enacts the bill, would be the first requiring a DNA sample from anyone arrested in any crime. Civil libertarians say it would trample on privacy rights. [Source] [Source]

US – Critics Worry That Electronic Medical Records May Endanger Patient Confidentiality

As hospitals and health-care providers move toward a digital medical records system, old medical records are being scanned and deposited into databases, leaving patients and privacy advocates worried that their most confidential medical records could be revealed and even used against them. This Wall Street Journal story looks at one instance where a patient’s mental health records were used against her to deny a disability claim. This story notes that complaints of privacy violations are “piling up at the Department of Health and Human Services.” Peter Swire, a law professor at Ohio State University, notes that the department has yet to bring one enforcement case in three years. [Source]

US – Towers Perrin Loses Laptops With Data On Thousands

Five laptops containing data about tens of thousands of retirement-plan participants at multiple companies were reported stolen by benefits consulting giant Towers Perrin last month, the latest in a string of thefts across industries raising concerns about privacy and identity theft. Towers Perrin reported the laptops missing on Dec. 7, and New York City police made an arrest on Dec. 28, but the computers haven’t been recovered, people familiar with the matter said. [Source]

US – Stolen Computer Leads to Exposure Of Personal Information for 38,000 Patients

Emory University officials said last week they have notified 38,000 patients by mail that a computer containing their personal information was stolen SSNs, addresses and other medical data, according to the university. Police do not believe the motivation behind the burglary was identity theft. [Source]

US – Gilmore Court Challenge Of ID Requirement Fails

The U.S. Supreme Court this week rebuffed a challenge to the federal government’s policy of requiring airline passengers to show identification before they board flights, spurning arguments that the well-known but unpublished policy would lead to more secret laws. John Gilmore sued the government because it has long refused to disclose the text of the regulation that forces air travelers to present an ID. The question before the justices was whether travelers have sufficient notice of the TSA ID policy to satisfy constitutional due process of law, which typically requires a law to be published so people know how to comply with it. [Source] [Source]

AU – Australia ID Card Roll-Call For 16.7m

The federal Government will start signing up Australians for its $1.1 billion human services smartcard from April next year, using a network of 600 offices and a fleet of vehicles kitted out as mobile registration units. The government is also developing targeted strategies for registering groups such as students, retirees and shift workers for the welfare access card, as it works towards an ambitious plan of issuing cards to 32,000 people daily between 2008 and 2010. Chief technology architect Marie Johnson said plans to register 16.7 million cardholders were well advanced, although final decisions would be contingent on recommendations from the access card Consumer and Privacy Taskforce. [Source]

US – New Authentication Industry Organization Launched

The growing problems of global counterfeiting, piracy, identity theft and terrorism have created a compelling need to ensure the validity of vital government documents such as currency, passports, drivers licenses and identity cards. Also, companies the world over are increasingly under attack from counterfeiters who are stealing billions of dollars annually in revenue and profits, undermining public trust in valuable brands and in extreme cases causing injury and even death to unsuspecting consumers. In this fight against fraud, governments and companies have increasingly come to rely on the use of authentication technologies as a first line of defense against counterfeits, in order to quickly and positively identify genuine products from fake products. Today, these authentication technologies are all around us, not just in money and credit cards, but in everyday products like clothing, footwear, computers, cell phones, video games, jewelry and software, and critical healthcare products like drugs and medical devices. But even though authentication technologies are everywhere, their use is not well understood by many stakeholder groups who can benefit from them. To respond to this need for better communication and understanding of how authentication technologies can be utilized in anti-counterfeiting strategy, 17 companies have joined together to form the International Authentication Association or IAA. The International Authentication Association’s primary objectives are to promote the use of authentication technologies as an integral part of an effective strategy to protect products, documents and their users from counterfeiting and fraud, and to educate government agencies, inter-government organizations and brand owners regarding the role and use of authentication. [Source]

US – FCC Denies E911 Extensions, Waivers

The FCC has denied all requests from cell phone companies who sought extensions to a federal mandate requiring enhanced 911 systems that allow emergency call centers to locate wireless callers. The wireless carriers were required to have 95% of their subscribers equipped with location-capable handsets by Dec. 31, 2005. None did. [Source]

WW – New Photo Search Technology Raises Privacy Concerns

A Swedish company, Polar Rose, plans to launch its facial recognition technology in the next few weeks. The plan is to tie the technology to the photo-sharing site Flickr. The technology will allow searches of images across the Web and then identify the subjects with the use of facial-recognition technology. The service would allow anonymous people in photographs to be identified, a concern of privacy advocates. Lee Tien of the Electronic Frontier Foundation said the technology could allow stalkers to track down victims. Employers or the government could gain a new tool to find out information that may be unflattering to the photo subjects. [Source] [Source]

KR – Internet Real Name System to Start In July

Beginning in July, Internet users in Korea will have to provide their identification data including real names to make online postings at local Web sites where more than 100,000 visit a day. The Ministry of Information and Communication Tuesday said the National Assembly revised a law late last month to introduce such a requirement. [Source]

JP – Japan Releases Guidelines For Privacy Victims

The Japan Ministry of Internal Affairs and Communications and related Internet firms have decided to introduce guidelines to give the victims of online privacy violations and defamation access to the names and addresses of the people who post the offending data, it has been learned. Previously, if the offenders refused to supply their contact details, it was impossible for victims to track the source of offending data. Now, however, the ministry has decided to hand over the information even if the attackers do not give their consent. [Source]

US – DHS Passenger Scoring Illegal?

A newly revealed system that has been assigning terrorism scores to Americans traveling into or out of the country for the past five years is not merely invasive, privacy advocates charge, it’s an illegal violation of limits Congress has placed on the Department of Homeland Security for the last three years. The Identity Project, founded by online rights pioneer John Gilmore, filed official objections to the Automated Targeting System, or ATS, this week, calling the program clearly illegal. The comment cited a little-known provision in the 2007 Homeland Security funding bill prohibiting government agencies from developing algorithms that assign risk scores to travelers not on government watchlists. [Source]

US – Opinion: President Ford’s Privacy Legacy

Robert Ellis Smith, publisher of the Privacy Journal newsletter, writes a commentary about President Gerald Ford’s contributions to privacy in the immediate aftermath of Watergate. Beginning with President Richard Nixon’s appointment of Ford to head a privacy committee within the Domestic Council, the White House domestic policy office, Ford became deeply involved in privacy policy efforts that endure today. On New Year’s Day in 1975, Ford signed the Privacy Act of 1974. The next year, President Ford worked with Sen. Edward Kennedy on an agreement that would require a special court to approve warrantless wiretapping to gather information related to foreign intelligence. The principles in that agreement provided the framework for the Foreign Intelligence Surveillance Act of 1978. Smith writes in this commentary published in Forbes that “privacy was the issue that most involved Ford in his nine months as vice president.” [Source]

WW – IBM Introduces WebSphere RFID Information Center

IBM has introduced new RFID technology aimed at the pharmaceutical industry that it says not only provides better tracking information but also offers users more flexibility in analyzing the data that it generates. WebSphere RFID Information Center, essentially a data-gathering and repository application, is based on the EPCglobal standard called “EPCIS.” The system captures, manages and shares RFID, sensor and 2D barcode “events” across the enterprise. [Source]

US – Experts: Security Breaches Expected To Rise In 2007

Much of the legislation proposed in the wake of the February 2005 ChoicePoint breach that sparked calls for reforms to increase privacy protections for American consumers has failed to advance, notes this Cox News Service report. Security breaches remain commonplace, with government institutions and universities suffering repeated instances of data leaks. This story points out that an Internet-based survey of nearly 200 senior executives, released by pollster Harris Interactive, found that 61 percent identified security breaches as a higher concern than any other crisis. [Source]

US – Proposed PASS Card Lacks Strong Privacy, Security Protections: CDT

A proposed ID card that could be used in place of a passport by Americans who make frequent trips to Canada, Mexico and the Caribbean lacks adequate privacy protections and needs to be rethought. In comments submitted to the State Department this past week, CDT highlighted concerns with the proposed PASS (People Access Security Service) Card, which would use non-secure RFID technology to transmit information about citizens crossing borders. In the comments, CDT urges the State and Homeland Security Departments to reconsider whether the PASS Card program is really necessary; and if they do move forward to use a technology that will allow for better privacy and security safeguards. [CDT Comments on PASS Card, January 08, 2007]

US – Defense Dept. Settles Suit on Database for Recruiting

The Defense Department this week announced changes in how it will treat information in an enormous military recruiting database. The changes are part of the settlement of a lawsuit brought by the New York Civil Liberties Union on behalf of six New York City high school students that challenged the legality of the way information in the database was collected and used. The database, the Joint Advertising, Market Research and Studies Program, is, according to court papers, probably the largest repository of information concerning 16-to-25-year-olds. It includes names, ages, sex, races, addresses, phone and SSNs, e-mail addresses, schools attended, fields of study and grades. The information is collected or bought from high schools, motor vehicle departments and commercial vendors, and is used to identify and contact military recruiting prospects. The Defense Department agreed to use the database only for recruiting, giving up the possibility of sharing it with law enforcement and intelligence agencies. It agreed to destroy information on individuals after three years rather than five years or longer. The department also agreed to collect Social Security numbers only from the Selective Service System. Perhaps most significantly, it established a way for people to opt out of the database. The civil liberties group has posted a form letter on its Web site to that end, along with form letters meant to be sent to newspapers applauding the settlement and chastising the Defense Department. [Source] [Source]

US – President’s Identity Theft Task Force Seeks Public Comment

The President’s Identity Theft Task Force is seeking feedback from the public before completing its work for President Bush. Comments must be filed by Jan. 19. The task force is considering how to improve the coordination and effectiveness of criminal enforcement and ways to provide more comprehensive consumer education, among other issues. [Source] [ www.usdoj.gov/ittf/ ]

US – DOJ Pushes FBI to Broaden Data Sharing With Outside Agencies

The U.S. Department of Justice is pushing the FBI and its other operating units to speed up and expand their efforts to share a wide array of information with outside law enforcement agencies via a centralized database called OneDOJ. [Source]

US – Senators: US Government Data Mining Needs Oversight

Dozens of U.S. government data-mining programs collect private data about U.S. residents with few civil liberties safeguards, and some violate U.S. law, Democratic members of the U.S. Senate Judiciary Committee said this week. Democratic senators pledged to provide more congressional scrutiny for data-mining programs authorized by President George Bush’s administration. “All I want is the administration to follow the law,” Senator Patrick Leahy, a Vermont Democrat, said during the Judiciary Committee’s first hearing since Democrats took over the majority in Congress this month. “They want us to follow the law – they should follow the law.” [Source] [Senate to hold hearings on program’s usefulness]

US – CDT Testifies on Government Data Mining

CDT Executive Director Leslie Harris this week told lawmakers that any government “data mining” program must be built on a policy framework that includes meaningful safeguards for privacy and security. Testifying before the Senate Judiciary Committee, Harris urged lawmakers also to demand that no data-mining program be implemented until its efficacy as an anti-terrorism tool can be demonstrated. Harris also noted that the existing legal framework protecting Americans’ privacy has been rendered ineffective by the march of technology, and suggested that core laws like the Privacy Act have become inadequate. [Harris Testimony, January 10, 2007] [Source]

US – President Bush Claims Sweeping Powers To Open Mail Without Warrant

Civil liberties advocates and some lawmakers are seeking clarification about a signing statement President Bush attached to postal legislation last month. The concern is that the statement may allow the government to open first-class mail without a warrant. A U.S. postal official said that first-class mail is protected from unreasonable search and seizure. The official said the president was “not exerting any new authority.” [Source] [Source] [Source] [NYT: White House Denies Switch in Mail Policy]

US – New Congress Gets to Work on Privacy Issues

Privacy issues are showing up in the early hours of the new Congress, with a bill scheduled for consideration that would, among other things, give more authority to the 2-year-old Privacy and Civil Liberties Oversight Board. The bill proposes removing the five-member board from the president’s office. Instead, the bill proposes to make it an independent federal agency with subpoena power. The bill also would require the board, in most instances, to submit unclassified reports to Congress. The measure also would give the Department of Homeland Security’s Chief Privacy Officer greater investigatory powers. In other action, the Senate Judiciary Committee plans to devote its first hearing tomorrow on the privacy implications of government data-mining programs. [Source] [Source]

US – New FCC Pretexting Rules Expected Later This Month

The Federal Communications Commission (FCC) is reportedly expected to issue new rules later this month designed to protect consumers’ personal phone records. FCC Chairman Kevin Martin is recommending that phone companies, including wireless carriers, require their customers to obtain their phone records from a company representative. The FCC also would give consumers the option of obtaining their records without a password – but only if the information was sent to their home addresses or a company employee called them back at their home or on their cellphone. [Source] [Source]

US – New Maryland Law Prevents Businesses From Printing SSNs on Paychecks

A law that was signed in May but took effect last week many have escaped attention by Maryland businesses, according to interviews with some business owners. The law prohibits placing Social Security numbers on paychecks. Businesses face a maximum $1,000 fine for violations of the new law, according to the Attorney General’s Office. [Source]

US – Michigan Governor Signs Identity Theft Protection Bill

Governor Jennifer M. Granholm today signed legislation that requires Michigan residents be notified if the security of a database containing their personal information is breached. Granholm called for the new protection in her 2006 State of the State Address. [Source]

US – Arkansas Bill Seeks To Combat Identity Theft

In an effort to combat identity theft, Arkansans would be allowed to block access to their consumer credit reports under a bill filed for the 2007 legislative session. The bill by state Rep. Dawn Creekmore, D-Hensley, would require credit reporting agencies to “freeze” a person’s consumer credit report, blocking anyone from accessing it, at the consumer’s request. Creekmore said Thursday that House Bill 1038, filed Wednesday, was based on similar laws enacted in 25 states. [Source]

US – New Illinois Law Lets Consumers Lock Down Credit Reports

A new law makes it easier for Illinois consumers to lock down their credit reports and reduce the risk of identity thieves getting loans and credit cards in their names. The law, which went in effect Monday, allows anyone to freeze their credit file, prohibiting others from accessing the document that reveals loan repayment histories, liens, judgments, employment and other credit-related facts. [Source]

CA – Ontario Court: No Finger Scan System To Clock Employees

An Ontario court has upheld an arbitrator’s decision that an employer can’t use a finger scan system to check employees in and out of the workplace. IKO Industries Ltd. appealed the arbitrator’s ruling, alleging the arbitrator did not have jurisdiction to hear the grievance and that the decision was patently unreasonable. But the Ontario Superior Court of Justice pointed out that the employer conceded before the arbitrator that the employee’s right to privacy was recognized in the arbitral jurisprudence and made it clear to the arbitrator, “that the company does not contest my jurisdiction to determine whether such right is violated here as alleged by the union.” The court said it would not be appropriate to challenge the arbitrator’s jurisdiction for the first time on an application for judicial review and, furthermore, it said the arbitrator’s decision was thorough and well reasoned. [Source]

--------