US – Airport Scanner That Sees Through Clothes Tested at Arizona SHIA

An X-ray security scanner that can see through clothing was put into its first operational use last Friday at Sky Harbor International Airport and could be rolled out to two other major airports by year’s end. The so-called “backscatter” technology has been controversial, with critics saying the high-resolution images are too invasive. But the TSA adjusted the machine’s images so the normally graphic pictures can be blurred in certain areas while still being effective at detecting concealed weapons or other threats. “I think the work we’ve done with the industry to address the privacy concerns has really done well,” said an agency spokesman. The machine will be tested for up to 90 days at a single checkpoint at Sky Harbor’s largest terminal. The technology could be left in place after the trial period, and the TSA hopes to also roll out the technology at L.A. International Airport and New York’s John F. Kennedy International Airport by year’s end. During the pilot program, the machine will be used only as a secondary screening measure; passengers who fail the standard screening process will be able to choose between the new device or a typical pat-down search. The TSA said that the security officer who works with the passenger going through the screening will never see the image the machine produces. The images will be viewed by another officer who will be about 50 feet away and won’t see the passenger. The machine can’t store the image or transmit them. “Once we’re done screening the passenger, the image is gone forever,” the TSAsaid. [Source] [Source] [Source] [Source] [Source] [Source] [Source] [Source] [Source]

EU – From Schengen to Prüm: Data Protection under 3rd pillar a Prerequisite

One of the main priorities of the current German presidency, the inclusion of the Prüm’s Treaty into the EU legal framework, is likely to be achieved before its end in 30 June 2007. During its last meeting on 15 February the EU JHA Council agreed on incorporating into EU legislation most of the Treaty provisions falling into the third pillar. This decision will create the largest pan-European network of police database, including DNA profiles, fingerprints and other personal and non personal data. [More]

CA – Canada Rejects Anti-Terror Laws

The Canadian parliament has voted against renewing two controversial anti-terror measures that had been adopted after the 11 September attacks. The measures allowed suspects to be detained without charge for three days and could compel witnesses to testify. The minority Conservative government accused the opposition Liberals of being soft on terror. The vote comes days after the Supreme Court revoked a law allowing foreign suspects to be detained indefinitely. Neither measure has ever been used since they were brought in by the then ruling Liberals in 2001. [Source]

CA – PIAC Publishes Report on National Identity Cards, Biometrics and the Consumer

As Canada continues to bolster national security post September 11th, and consumer commerce becomes increasingly jeopardized by identity theft, a National Identity Card scheme has been discussed as a potential solution. However, critics charge that National Identity Cards could turn into “de facto internal passports” which would be required to access almost all government or business services. Additionally, this new Card could lead to serious breaches to personal privacy. The PIAC report first focuses on the security solutions offered by a National Identity Card, in terms of (a) National Security, (b) Identity Theft. Second, the privacy implications of a National Identity Card program will be identified, including a discussion of the effect of PIPEDA in enabling infringement of personal privacy in the context of a National Identity Card scheme. [Source] [Report]

CA – PIAC Publishes Report “RFID and Privacy: Shopping into Surveillance”

The Public Interest Advocacy Centre (PIAC) has published a 62-page report on RFID and privacy, concluding that “[a]s RFID implementation is moving forward quickly, it is recommended that immediate action be undertaken by the OPCC to provide RFID-specific guidelines which explain the constraints on the use of the technology for consumer surveillance and profiling, at least in the absence of very clear, and informed consumer consent. Ideally, the OPCC should ask that RFID- or surveillance-specific provisions be added to PIPEDA during the Parliamentary review of the legislation slated for 2006.” [Source] [Report]

CA – PIAC Publishes Report: “Spyware: Looking Out for Consumers”

The Public Interest Advocacy Centre has published a report on spyware that examines consumer concerns in the Canadian regulatory context, concluding with “recommendations for a multi-facted approach to controlling spyware that includes regulation of certain aspects of spyware, including spyware-specific legislation. [Source] [Report]

CA – Canadian Privacy Commissioner Rules on Domain Name ID Disclosure

The Privacy Commissioner of Canada has issued a finding examining registrar requirements that domain name registrants submit a copy of a driver’s license in order to alter the administrative address for the domain name. The Commissioner found for the registrar, ruling that the requirement was reasonable in light of domain name hijacking concerns. [Source] [Commentary]

WW – New Ad Technology Might Keep Tabs on Consumers

Electronic advertising boards could soon sense how you react to them and change their display to grab your attention, researchers say. The developers are negotiating to trial the new advertising technology in shops. “We have a concept called ‘agile retail’,” Mike Wu said, who is in charge of the project at government-funded National ICT Australia. “The message will respond to the body of the customer.” Mr Wu emphasises after the information is analysed it will be destroyed immediately. Regardless of what advertisers say will happen to the information after it is collected, some ethicists are concerned about the new technology. [Source]

US – New Zealand Passes Anti-Spam Law

The New Zealand Parliament has passed a new anti-spam law. The Unsolicited Electronic Messages Act 2007 aims to prevent New Zealand becoming a haven for spammers by prohibiting unsolicited commercial electronic messages and requiring senders of commercial electronic messages to include accurate sender information and a functional unsubscribe facility. [Source]

US – Accenture Study: Patients Favor Doctors that Use Electronic Medical Records

Doctors looking to attract new patients may want to buy an electronic medical record system because a new survey released Monday found that a majority of consumers said the technology plays a role in their selection of a physician. Only 10% of doctors surveyed said they had the technology, according to a survey by Accenture, a consulting, technology services and outsourcing company. 86% of the doctors cited the cost of implementing and/or maintaining the system as a concern. Physicians also worried about the time it would take to implement a program and potential privacy risks for patient information. [Source] [Source] [Accenture Press Release]

EU – Governments Seek Stricter Rules Against Online Anonymity

The cloak of online anonymity could be lifted in parts of Europe as some governments seek to make it easier to identify people who use fake names to set up e-mail accounts and Web sites. The German and Dutch governments have taken the lead, writing proposals that would make the use of false or fake information illegal in opening a Web-based e-mail account and require phone companies to save detailed records, including when customers make calls, where and to whom. The measures, none of which have yet become law, would not outlaw having false or misleading names on e-mail or other Internet addresses – only providing false information to ISPs. The aim, analysts say, is to make it easier for law enforcement officials to get information when they investigate crimes or terrorist attacks. But Europeans have long cherished their privacy, railing against measures that would see personal information stored for commercial use or government examination. “The people of Europe have a long record of fighting for their personal freedom, and are unlikely to accept such regulations being imposed upon them,” said a consultant with London-based consulting group Sophos. “No one disagrees with the need to take decisive action against terrorism and organized crime, but to introduce such restrictive surveillance on the general public and Internet companies –without proper safeguards in place– seems positively Orwellian.” [Source]

EU – Article 29 Working Party Adopts Transparency Declaration

The Register this week reported that the Article 29 Working Party has adopted a declaration of transparency. However, the article pointedly takes aim at the group of European data protection authorities for its failure to publicly reveal the details of the transparency pledge. The group has been discussing strategies to better communicate its work for years, according to this article. [Source] [summary of the proceedings]

EU – Hustinx: Increased Europol Powers Need Increased Data Protection Policies

Peter Hustinx, the European Data Protection Supervisor (EDPS) considers that the changes on the legal basis of Europe’s police (Europol) proposed by the European Parliament meant to increase its powers have to be accompanied by proper data protection rules. The European Parliament has proposed changes that would increase Europol powers in order to fight radical Islamic terrorism, considered as the highest threat to the security in Europe. The EDPS thinks that, before increasing these powers, Europol data protection policies and data exchange rules should be more consistent and fair. Some of his recommendations were that specific conditions and limitations should be included regarding information obtained from private parties, to ensure the accuracy of these data. Strict conditions and guarantees should be applied in cases of interoperability with other processing systems. He also recommended that data processing should be limited to the relevance assessment for personal data for which the relevance has not been assessed and that safeguards should be provided for the access to data of people with no criminal records. “Computerized access and retrieval of data from other national and international information systems should be allowed only on a case by case basis, under strict conditions.” Hustinx advised. He also believes that if Europol gets involved in pan-European data sharing, guarantees must be provided on the independence of its data protection officer who is responsible for Europol’s lawful data processing. The EDPS ended his statement by stating he would himself “oversee any information transfer to Europol from European Commission institutions”.[Source] [Opinion of the European Data Protection Supervisor on the Proposal for a Council Decision establishing the European Police Office (16.02.2007) ]

US – One-Third of Net Users in U.S. Have Used Wireless

A survey by the Pew Internet & American Life Project discovered that 34% of Internet users in the U.S. have used a wireless connection to surf the Web or check e-mail. The figures were up from February 2004, when 22% of Internet users said they had gone online using a wireless device. [Source] [Report]

US – CDT Analyzes Data Retention, Other Proposals for Protecting Kids Online

One in five children is sexually solicited online, according to a study that U.S. Attorney General Alberto Gonzales cited during a speech last year. Few would dispute the severity of the problem, but a free speech and privacy group is scrutinizing several plans to combat it. Congress has introduced a slew of bills to deal with the problem. Some legislation would hold technology and communications companies responsible for predatory activities that take place through their services. Others would increase funding for safety initiatives focusing on empowering parents and educating children. The Center for Democracy and Technology has analyzed several of the proposals to protect children on the Internet and concluded that most would be ineffective and violate the U.S. Constitution. The privately-funded policy group says it supports protection of children online, but the best way to do it is through education and filtering tools -- not through blacklisting, data retention, or mandatory labeling. [Source] [CDT policy analysis]

EU – SWIFT Sides With US in Data Spat With EU

The Belgian firm stuck in the middle of a transatlantic spat over the US infringement of civil liberties by the agents of its war on terror is throwing its lot in with the Americans. In open defiance of European privacy officials, the Society for Worldwide Interbank Financial Telecommunication (SWIFT), has declared that it has applied to the US FTC for ‘safe harbour’ protection for the data it holds on US soil. Swift had handed data containing the details of private international financial transactions to US terrorist finance investigators under a secret arrangement since late 2001. Since the transfers came to light last June, Europe’s data protection authorities have declared that Swift is a data controller and, as such, it should take responsibility for the privacy of the data it administers for its banking clients. Swift claims it is not a controller, but a mere processor and cannot be held responsible for what European authorities say is the illegal transfer of data to US Treasury agents. [Source]

US – Banks Look To Bolster Data Security

Eastern Bank this week is requiring an extra measure of security before customers can access their online accounts. According to this Patriot Ledger story, the Boston-based bank will require customers to enter a “pass phrase” that matches an image, in addition to user names and passwords. This story also explores the efforts of the retail industry to improve data security. [Source]

US – Federal Health IT Advisory Group Member Resigns over Lack of Privacy Progress

The leader of a federal panel charged with providing privacy recommendations for the national health information network resigned last week, thwarted, he said, in efforts to develop adequate standards. The resignation comes amid complaints from others about the speed with which standards are being written. Paul Feldman, deputy director of the nonprofit Health Privacy Project, stepped down from his position as co-chair of the American Health Information Community’s Confidentiality, Privacy, and Security Workgroup, created in May 2006. In a letter sent Wednesday to 15 members of Congress, Department of Health and Human Services Secretary Michael Leavitt and HHS Interim National Coordinator for Health Information Technology Robert Kolodner, Feldman said the workgroup’s efforts to establish standards for the nation’s developing healthcare IT network, are “a far cry from a comprehensive and timely approach that would give privacy policy equal and necessary footing with interoperability and systems development efforts.” Janlori Goldman, director of the Health Privacy Project, also signed the letter. “We already know that the majority of people in this country fear that their health information is more prone to misuse in electronic form,” Feldman said. “We must not shirk our duty to protect them from such harm.” [Source]

US – Data Thieves Hit Stop & Shop, Card Readers Tampered With, PIN Numbers Stolen

Quincy, Massachusetts-based Stop & Shop Supermarkets reports that several of its stores have been hit by thieves who tampered with checkout-lane card readers in order to steal shoppers’ information. A bank notified Stop & Shop management that fraudulent purchases had been made using data from cards that had been used for shopping at its stores. Stop & Shop executives investigated and found that the keypads shoppers use to submit PIN-based transactions had been broken into, tampered with, and then reinstalled. Stop & Shop called in the U.S. Secret Service to help with the investigation, and found tampered keypads at four additional stores. The bank which had found the fraudulent purchases was not identified. The stolen data included customer PINs (Personal Identification Numbers). The thieves had altered the PIN readers to steal the data. Stop & Shop stated that it had since “bolted down” PIN keypads to prevent any further breaches. Stop & Shop posted a notice providing information about the breach on the company’s Web site. [Source] [Mastercard Inc.: TJX Companies Not In Compliance With PCI At Time Of Breach]

US – TJX Says Customer Data Breach Began In 2005

Retail giant TJX, whose stores include discount clothing chains T.J. Maxx and Marshalls, said yesterday that a computer-security breach stretched back 10 months earlier than the company originally thought, compromising credit and debit card data, drivers’ license numbers, and names and addresses. TJX said that while it first thought the intrusion took place from May 2006 to January 2007, it now thinks its computer system was also hacked in July 2005 and on “various subsequent dates” that year. [Source]

CA – Canada/U.S. Partnership Calls For Exploration of Passport Options

A group of Canadian politicians, who include Shawn Graham of New Brunswick, Dalton McGuinty of Ontario, and Gary Doer of Manitoba, are teaming up with American business leaders to urge the departments of State (State) and Homeland Security (DHS) to explore alternatives to a passport before implementing the Western Hemisphere Travel Initiative (WHTI) passport requirement at land and sea entry points. Three Canadian premiers and leaders from the American travel industry are concerned that the WHTI will diminish trade and tourism, cost jobs, and disrupt the daily lives of Canadian and American citizens if not properly implemented. The group is calling upon State and DHS to use the extended deadline of June 1, 2009, granted by Congress, to allow for the development and testing of options other than a passport, and to ensure that the necessary infrastructure, training and technology are funded and in place along the Canada-U.S. border. The group is also calling for greater bilateral co-operation between the two federal governments in exploring and testing options. [Source] [Secure Border Initiative: SBInet Planning and Management Improvements Needed to Control Risks]

CA – New Ontario Licence May Double As Passport

The Ontario government plans to start issuing new “high-security” drivers’ licences by the end of the year, the Star has learned. The government believes it can convince the U.S. to accept the new licences as alternatives to passports, which American lawmakers are saying must be used to cross the border by land as early as next January. The new licences will feature laser engraving, holograms, currency-like print quality and other security measures invisible to the naked eye, said a government source familiar with the project. [Source] [Source]

WW – Bandit and Higgins Projects Bridge Multiple Identity Systems

The Bandit and Eclipse Higgins Projects have announced the achievement of a key milestone in the development of open source identity services. Based on working code from the two projects and the larger community of open source developers, the teams have created a reference application that showcases open source identity services that are interoperable with Microsoft’s Windows CardSpace identity management system and enable Liberty Alliance-based identity federation via Novell Access Manager. This reference application is a first-of-its-kind open source identity system that features interoperability with leading platforms and protocols. This ground-breaking work was demonstrated at the upcoming RSA Conference in San Francisco. [Novell Press Release] [Kim Cameron’s blog]

US – Extortion Charges Dropped as Two Take Deal in Myspace Case

Two New York men accused of trying to extort $150,000 from MySpace.com by developing code that tracked visitors pleaded no contest Monday to illegal computer access in a bargain with the prosecution. The men were accused of demanding the money as a “consulting fee” from the News Corp. subsidiary. The pair were offering the code on their own Web site for $29.95 and claimed to be developing an unbreakable version. MySpace had blocked the existing version after it was discovered. [Source]

CA – RCMP Seeks Easier Access to Personal Information

The RCMP is calling for lowering the bar in PIPEDA to allow greater access to personal information in the course of investigations. The Act, as it is currently in force, allows organizations to provide personal information without consent to law enforcement in certain circumstances where the law enforcement agency has “lawful authority to obtain the information.” Representatives of the RCMP told a Parliamentary committee this requirement is the force’s largest single impediment in child exploitation investigations. The force would like the ability to get personal information even in circumstances where they don’t have enough to justify a warrant. The Privacy Commissioner disagrees. [PIPEDA Review] [Source]

US – FTC Report: Law Protects Children’s Privacy

America’s laws protecting children’s privacy online are working just fine, according to the FTC. But just to make sure, it will slap violators with bigger fines. Signed into law in 2000, The Children’s Online Privacy Protection Act (COPPA) has seen the FTC bring just 12 companies to task over how they compile and use data collected from children aged 13 and under. But in a progress report released this week, the FTC stressed the need for sites pitched at a general audience to redouble age verification efforts, as they can fall foul of COPPA if they have knowledge that children’s data may be being collected, used or disclosed to other parties. Last month, for example, MySpace answered complaints over the ease with which pedophiles and other sexual predators roamed the site, by promising to let parents monitor their children’s activities. But such a move is not enough to absolve it of COPPA responsibilities. [Source] [Source] See also: [CDT Recommends Steady Increase in FTC Funding]

WW – Bebo and MySpace Teens Confused Over Privacy: Survey

More than half of teenagers across Europe make their online social network profiles public and disclose a great deal of information; many don’t know what to do about making their information public or private, according to a survey. The Insafe survey of 21,872 young people from across Europe by European Schoolnet revealed that more needs to be done to raise awareness of privacy issues and providers need to do more to enable their users to make parts or whole profiles private. [Source]

US – White House Set to Release REAL ID Requirements

The White House is warning Congress not to further delay or oppose the REAL ID Act, saying the federal effort to tighten security measures for driver’s licenses came about as a result of a recommendation from the Sept. 11 Commission. However, states are balking at the unfunded federal mandate, including the state of Maine. At least 21 states have measures pending that oppose or raise concerns about the federal law. Other objections are centered on concerns held by some privacy advocates who fear the program is essentially creating a de facto national ID card. [Source] See also: [California DMV Boss Lobbies For Real ID Changes] [Illinois may join the Real ID ‘revolt’: officials see problems, expense in standardized drivers license law] [Wyoming Senate kills bill against Real ID] [Oregon aims to put Real ID on fast-track] [Lawmaker wants to keep Missouri from federal ID requirements]

US – Lawmaker Probes TSA Website Gaffe

The U.S. House Committee on Oversight and Government Reform is investigating a Transportation Security Administration Web site that promised to help air travelers caught up in terrorist watch lists, after a Wired News blog revealed that the site was potentially exposing user’s personal information to eavesdroppers. The Traveler Verification Identity Program Web site was intended to allow domestic airline travelers whose names are similar to entries on the government’s No Fly List and other watch lists to submit a complaint online, instead of calling TSA and requesting a form be sent to them by mail. [Source] [Source] [Source] [Waxman: Online ‘no-fly’ list endangers privacy] [DHS Launches Traveler Redress Inquiry Program]

US – Report Raps Congress’s Web sites

In the past, Web sites kept by congressional offices haven’t enjoyed the most gleaming track record for fulfilling visitor privacy expectations or even staying online. Now a new report has attempted to quantify and catalogue who is and isn’t getting it right. In its “2006 Gold Mouse Report: Recognizing the Best Sites on Capitol Hill“ released this week, the Congressional Management Foundation, a 30-year-old non-profit organization that bills itself as “dedicated to promoting a more effective Congress,” reaches one major conclusion: The quality of congressional Web sites, in general, is “disappointing.” Among the findings are that about half of the House Web sites and 73% of the Senate Web sites post privacy statements. Less than half of House Web sites and 62% of Senate Web sites post a privacy statement on every page. Much of this year’s 100-page document is also devoted to a series of seemingly common-sense do’s and don’ts for congressional Web managers. Among the advice: “Don’t fail to keep your information fresh and updated” and do “Foster trust in your Web site by protecting citizens’ privacy.” [Source]

WW – RFID Security Broken: Company Muzzles Security Researcher

New research into security vulnerabilities in RFID access cards made by technology giant HID Global has been pulled from the lineup at an East Coast security conference this week. Researchers from Seattle-based security provider IOActive were planning to detail a technique they developed to clone the credentials stored on certain RFID cards made by HID. A criminal could use such a device to copy an electronic door key and gain access to secured areas. “The concepts behind this attack are not new. Indeed, most of our efforts in validating the effectiveness and ease of this attack involved reviewing research already performed by others in this area,” said IOActive president Joshua Pennell. The company was expected to present the findings Wednesday at the Black Hat Federal security conference in Virginia. However, IOActive last Thursday was contacted by HID attorneys, who claimed the researchers were infringing on HID’s intellectual property. Chris Paget (director of research for IOActive) said he built the cloning device by using information from HID’s publicly filed patents and materials that anyone could purchase off of eBay for about $20. He said his concern is that the same HID technology is being deployed to protect critical national infrastructure sites. [Source] [Source] [Source] [Video Clip demonstration!] [Lawmakers Working to Limit RFID Door Cards] [RFID Now Silencing Opposing View]

US – Consumer Group Offers New Materials for Understanding RFID

The National Consumers League, the oldest consumer advocacy group in the United States, has created a new area on its site dedicated to RFID. The site contains a glossary of the most basic RFID terms and frequently asked questions, including privacy. The Q&A deal exclusively with Electronic Product Code (EPC) systems and don’t address issues such as RFID tags in passports or contactless credit cards. The site addresses such concerns as the potential for RFID to contain consumers’ personal information, including health records and bank-account numbers. It also discusses several benefits to consumers, including greater convenience and reduced anticounterfeiting. [Source]

JP – Hitachi Unveils World’s Tiniest RFID “Powder” Tag

The world’s smallest RFID tags have been unveiled by Japanese electronics firm Hitachi. The minute devices measure just 0.05mm by 0.05mm (0.002x0.002in) and to the naked eye look like spots of powder. They are thin enough to be embedded in a sheet of paper, a Hitachi spokesman says. Hitachi says it wants to study the tags’ possible uses, but it does not yet have any plans to put its latest creation into commercial production. However, some have raised concerns that the technology poses a threat to privacy, and that it could be used in covert monitoring schemes. And the fact that they are becoming ever more invisible could fuel this apprehension However, said Hitachi: “We are not imagining such uses.” [Source]

US – Wisconsin Lawmakers Revise Policy in Wake of Data Theft

As a result of a Jan. 31 data theft affecting 109 legislative representatives and staff members, the Wisconsin Legislature enacted a new policy that prohibits legislative employees from taking documents that contain sensitive personal information away from the office. Employees who violate the policy face possible termination. [Source]

US – U.S. agency CIOs: IT Security Remains Top Concern

IT security is at the top of the priority list for U.S. government chief information officers. It’s also an area where CIOs are making progress, according to a survey released Monday by the Information Technology Association of America. CIOs told the ITAA, a trade group, that they made progress in certifying their IT systems, training IT workers and other employees about cybersecurity, and setting up IT security policies during 2006, said the chairman of ITAA’s CIO survey project. Even as multiple reports of missing government laptops and other devices containing personal information came to light last year, federal CIOs said they’re making “incremental progress” toward achieving federal cybersecurity mandates, Wohlleben said. [Source]

WW – Tor Open to Attack: Report

An anonymous Slashdot reader writes “A group of researchers have written a paper that lays out an attack against Tor (PDF) in enough detail to cause Roger Dingledine a fair amount of heartburn. The essential avenue of attack is that Tor doesn’t verify claims of uptime or bandwidth, allowing an attacker to advertise more than it need deliver, and thus draw traffic. If the attacker controls the entry and exit node and has decent clocks, then the attacker can link these together and trace someone through the network.” [Source]

WW – Second Google Desktop Attack Reported.

Google Desktop is vulnerable to a Web-based attack that could give an attacker access to data indexed by the software, say security researchers. [Source]

AU – Australia Access Card Will Be Forged, Says MP

The government’s controversial new access card will undoubtedly be forged, a Liberal backbencher says. Queensland MP Steven Ciobo’s comments, made in parliament, are at odds with the government’s claim that the card is a solution to welfare fraud. “I have no doubt that the access card will and can be fraudulently reproduced in the future,” Mr Ciobo said. “The notion that in some way this card is unable to be forged is wrong, it of course can be and will be forged and in that respect, production of the access card as a form of identity verification is of no consequence whatsoever.” Mr Ciobo was refuting suggestions the access card could become a national identity card, one of a number of issues Labor raised as debate on the card began in parliament. [Source] [Hacking new smartcard ‘not impossible’]

AU – No Headscarf for Australian Access Card Photo

Muslim women who wear headscarves will have to make sure their face is fully visible when they have a photograph taken for the government’s new access card. The proposed system will replace the Medicare card and be compulsory for any Australian who wants to access up to 16 other government health and welfare services. In its submission to a Senate inquiry examining the access card legislation, which is currently before parliament, the government provided examples of a how a photograph would be taken of a person wearing a headscarf. [Source]

AU – Australian Government Could Tighten Access Card Laws

Human Services Minister Ian Campbell has left open the possibility of tightening laws protecting the privacy of people using the federal government’s new access card. The introduction of the card passed its first parliamentary hurdle in the lower house last week and will now go to the Senate for approval. Amid continuing concerns about its privacy implications, Senator Campbell said current laws could be tightened if the new smart card was abused. “I am very keen to ensure that all Australians know that their privacy will be protected ... I retain an open mind in terms of enhancing privacy around the use of the card,” Senator Campbell told parliament. [Source]

AU – Haste Needed on Card, says Australia Government

The Access Card Bill must be passed immediately to “provide certainty for contract negotiations” for procurement of critical elements of the system, the Australian federal Government has said. “If passage of the Bill were to be significantly delayed, this would reduce the time available to properly implement the new system (to meet the Government’s 2008 deadline for the start of registration),” the Government says in a submission to the Senate inquiry into the scope and purposes of the card. “This could jeopardise contract negotiations and would not allow adequate time to fully inform the Australian community of these important changes. “Nor would there be sufficient time to put in place the necessary infrastructure and administrative arrangement, given these are dependent on the legal framework being in place.” A tender process is currently underway for the first two contracts - systems integrator and cards issuance. [Source]

US – Privacy Concerns a Major Roadblock for Location-based Services: Survey

Results of a survey released last week by Harris Interactive shows that most U.S. mobile phone users worry about privacy when it comes to next-generation telecommunications technologies. Known collectively as location-based services (LBS) and presence technology, these services, some of which are already on the market, can tell other contacts where a person is physically located, what communication devices they are using, and how to reach them at any given moment. “We expect these technologies eventually to catch on,” said Joe Porus, VP and chief architect with Harris Interactive’s Technology and Telecom Practice. “But providers must give users control over location-based features to allay privacy concerns.” Milt Ellis, VP and sr. consultant with the practice, added, “For marketers of these services, the key initially is to target groups of users – such as teenagers, busy executives, delivery and emergency service personnel -- who value the benefits of being connected more than they worry about privacy.” [Source]

US – EFF Suit Demands Details on Secret Court’s Wiretap Ruling

A privacy rights group sued the Justice Department this week to try to pry loose a ruling by a secret court that the Bush administration says approved its clandestine wiretapping program. The suit, if it succeeds, should answer an important question about the future of the program: whether the court will require individual warrants, with specific evidence, before allowing the government to intercept phone calls and e-mails between Americans and alleged terrorists in foreign countries. [Source] [AT&T Can Continue Hiding Surveillance Secrets]

EU – EU Moves Forward on Regulation of Electronic Communications

The EU’s Telecom and Media Commissioner Viviane Reding, and Roberto Viola, chairman of the European Regulators Group (ERG), released a joint statement yesterday following a meeting on reform of the EU’s regulatory framework for electronic communications. The statement says that the regulatory framework -- expected to take effect by 2010 -- will enable the development of pan-European and cross-border services. It goes on to say that the ERG will be transformed into a “federal system” of national regulators, possibly modeled on the European system of central Banks. A letter by the ERG to the Commission said:”If Europe is to play a leading role in the global economy, its 27 national regulatory authorities will need to work closely together to ensure that European businesses can take full advantage of the scale of the European market.” [Source]

US – New DHS Profiling Program Raises Privacy Concerns

The Department of Homeland Security is testing a data-mining program (Analysis, Dissemination, Visualization, Insight and Semantic Enhancement – ADVISE ) that would attempt to spot terrorists by combing vast amounts of information about average Americans, such as flight and hotel reservations. Similar to a Pentagon program killed by Congress in 2003 over concerns about civil liberties, the new program could take effect as soon as next year. But researchers testing the system are likely to already have violated privacy laws by reviewing real information, instead of fake data, according to a source familiar with a congressional investigation into the $42.5 million program. [Source]

US – Six Additional State Data Security Breach Notification Laws Effective in 2007

With heightened awareness of the value and vulnerability of personal and financial information collected by businesses and governments, more states are enacting legislation to require consumer notification when there are security breaches involving this information. In 2006, 35 states and the District of Columbia introduced legislation addressing security breach notification. The latest legislation-Arizona, Hawaii, Maine, New Hampshire, Utah and Vermont-became effective in January 2007. Below is a brief summary of the newly effective laws. [Full comparison matrix of the various state data breach laws] [Source] [Symantec: US data breach legislation needed]

US – Mass. Bill Would Require Stores to Pay for Data Breaches

Businesses would have to reimburse banks for costs stemming from data security breaches, under a Massachusetts bill that could be mimicked by other states and in Congress. In what appears to be the first stab at such an approach, the proposal would require any “commercial entity” that handles personal financial data to foot the bill for various banking costs caused by hacks or other intrusions into their systems. [Source] [Mass. bill wants stores to pay more in data breaches]

US – New Jersey Considers New Rules for Online Dating Sites

Amid growing concern about child safety on the computer, New Jersey lawmakers are considering a measure to prohibit released sex offenders from using the Internet and to impose new rules for online dating sites. “We’re living in some very scary times,” said Senate President Richard J. Codey, who is spearheading New Jersey’s effort. “No matter how much you trust your kids, no matter how much you think you know what they’re doing, there are some sick people out there who will stop at nothing to prey on them.” Released sex offenders caught using the Internet would face up to 18 months in jail and fines of up to $10,000. Sex offenders caught using the Internet to solicit a child would face a mandatory five years in jail, rather than the three years they face under the current law. The measure also requires online dating sites to tell New Jersey residents whether they do background checks. [Source]

CA – Ontario Company Introduces Pre-Employment Background Checking Service

ISB Corporate Services, announces VST-CHECK, a volunteer, teacher, social worker [domestic caregiver, and other employee] background checking service. VST-CHECK is a reduced-rate, hassle-free way to obtain Criminal Record Checks, Vulnerable Sector Checks, Driver Record Checks and more for volunteers and workers. The company offers various ‘packages’ of Canadian and US background checks including a bundle for $85.00 that includes a “Criminal Records Check, Financial Inquiry, SIN Validation, Address Verification, Name Verification and a ‘TERRORISM CHECK’“ Additional a la carte services include ‘Ontario Land Title Search’ and ‘Ontario PPSA Search’. [Source] [Source]

--------