Privacy News Highlights
26 April–18 May 2007
Contents:
EU – EU to Store Visa Seekers’ Fingerprints, Pictures In
Central Database
US – DHS About-Faces on Biometric Exit Process
US – US-Visit Announces 10-Finger Print Scanning For
Entry Into US
AS – Study: Fingerprint Scans are Preferred Method of
Identity Authentication
UK – Biometric Eye-Scanning Border-Control System Goes
Live at Gatwick Airport
SK – Seoul to Include Fingerprints in New Biometric
Passports
CA – Committee Reviewing PIPEDA Makes Recommendations to
Parliament
CA – Negligence Blamed for Increased Identity Theft:
Federal Privacy Commissioner
CA – Big Business Writing Rules on Personal Data, Critics
Say
CA – Senators Balk at Possible Invasion of Privacy on
Voters’ Lists
CA – Canada to Launch No-Fly List in June
CA – Tories Plan to Outlaw Identity Theft
CA – NB Task Force on Right to Information and Protection
of Personal Information
CA – Saskatchewan FOI, Privacy Act Should Cover Police,
Commissioner Says
WW – Major Anti-Spam Lawsuit Filed in Virginia
US – HHS Joins International Partners to Promote
Electronic Health Records Standards
CA – IPC Fact Sheet #12 - Encrypting Personal Health
Information on Mobile Devices
EU – Phone Taps in Italy Spur Rush Toward Encryption
WW – HP Laptops Get Full Disk Encryption
EU – EU Sets Out Data Protection Plan for ‘Privacy
Enhancing Technologies’
EU – EDPS Data Watchdog Annual Report Warns of Biometric,
PII Database Creep
EU – EC Survey: Support High for Breach Notification Law
EU – US Asks Europe to Relax Privacy Rules for New
Airline Deal
UK – UK Information Commissioner Demands New Powers
EU – Irish Data Protection Complaints Double
CA – Canadians’ Cellphone Use Almost On Par With Land
Lines
CA – Canada-U.S. Cross-Border Travel Tumbles
US – FACT Act Revision Will Require Banks to Watch for
Address Fraud
US – Google Helps State Governments Open Up
US – ACLU Slams Move to Censor Privacy Report
US – House Passes Genetic Non-Discrimination Bill
UK – Innocent Ethnic Minority People 3-Times More Likely
to be on DNA Database
US – New York Plan for DNA Data in Most Crimes
CA – Report: Citizens’ Dialogue on Privacy and the Use of
Personal Information
US – New Hampshire State to Appeal Rx Privacy Decision
US – TSA Acknowledges Potential Data Breach
US – TJX Takes $12 Million Charge Related to Data Breach
CA – McGill Student Records Made Public on The Web
US – NIST Gives Thumbs Up to Revised PASS Card
EU – Sweden: Everyone Has the Right to an ID Card
UK – ID Card Costs Rise Above £5bn
US – Federal ID Card Standards Draw Harsh Criticism
AU – Australia Plan to Track HIV-Positive Visitors
CA – How to Protect your Privacy on Facebook by “Opting
Out’ of Default Settings
CA – Facebook Banned for Ontario Government Staffers
US – MySpace Photo Costs Teacher Education Degree
US – Won a Pulitzer for Exposing Data Mining, NYTimes
Eager to do own Data Mining
UK – ID Cards Scheme “Getting Out Of Control”
US – 43 Groups Join Campaign to Stop REAL ID
US – Opposition to REAL ID Escalates in the U.S.
US - National Research Council Calls for Federal Privacy
Czar
WW – Survey Uncovers Top Four Concerns of Privacy
Managers
US – NIST Issues RFID Security Guidelines
US – Plan to ‘Chip’ Alzheimer’s Patients Causes Protest
WW – Privacy Advocate Wary of New RFID Label
US – New Law Serves as Warning to RFID Industry
BM – Bermuda: All Vehicles on Island to Get RFID Chip
UK – Wi-Fi Networks Still Insecure In London’s City
WW – VeriSign to Offer Disposable Passwords
WW – One in 10 Web Pages Contain Malicious Code That
Could Infect a User’s PC
US – Survey: IT Professionals Worry Security Breach Could
Send Them Packing
US – Despite Frequency of Breaches, Companies Lack Data
Breach Preparedness
EU – Amsterdam Airport Starts Full-Body Scans
NZ – New Zealand Microchip Cards for Seniors to Go Ahead,
Some Safeguards Added
CA – IPC Smart Card Applications: Design Tool &
Privacy Impact Assessment
US – FISA Court Issued Record Number of Warrants in 2006
US – NY Activists Call for Surveillance Camera Laws
AU – GoFinder Brings Budget Vehicle Tracking
US – DHS Secretary Discusses Data-Mining Efforts With
European Parliament
EU – European Security Officials Back Plan to Profile
Mosques in Fight Against Terror
US – Bush Wants Phone Firms Immune to Privacy Suits
AU – Australian DNC Register Cracks 500,000
US – GAO Report: DHS, Customs Break Privacy Laws in Data
Collection
US – Education Dept Restore Access to Database Info on
Financial Aid Applicants
US – House Committee Endorses SSN Limits, Antispyware
Effort
US – Senate Committee Approves Data Protection Bill
US – Two Arizona Bills Keep Consumers’ Personal Data
Private
US – US Court Permits Search of Personal Computer in
Workplace
CA – Alta Privacy Commissioner: Employers Can Keep Some
Employee Info Secret
Fifteen European states plan to launch a common
database to store pictures and fingerprints of visa applicants in 2009 to help
better control who they allow into the region, lawmakers and officials said
this week. From June 2009, the database will be common to all states in the
so-called “Schengen” area, a region of 13 EU countries plus Norway and Iceland
with no internal border checks. “The database will store the personal and
biometric data – digitalised photos and fingerprints – of about 20 million
Schengen visa applicants every year,” said MEP Sarah Ludford. The data will be
stored for five years and police will be able to consult the database on a
case-by-case basis. EU Justice Commissioner Franco Frattini has said he hopes
the plan would be backed by EU interior ministers in June. Ludford said the
database would possibly be the world’s largest of biometric data. [Source]
The Homeland Security Department has pushed biometric
exit procedures out of the pilot testing phase even though officials recently
said they are not ready to be implemented. Those exit procedures would allow
foreign nationals to check out of the country using biometrics. The U.S.
Visitor and Immigrant Status Indicator Technology program conducted the
biometric exit pilot at 14 major airports across the country during the past
three years. The move goes against statements by US-VISIT officials, who said a
biometric exit process would not be viable for implementation because of DHS’
move to a 10-finger scanning process. This technology could cause major delays
for people leaving the country because the scanning procedure may currently be
too slow. [Source]
[Source]
[Source] Also: [Immigration
Reform Proposals Include Plans for Biometric Technology] [Air Transport
Association takes issue with DHS plan to get passengers’ biometric data] [Air
carriers reject demands to collect passenger fingerprints] [Don’t
Bank on Biometrics or You May Break the Bank] [New
Technology Wasted at U.S.-Mexico Border] [DHS
Explores Use Of Facial Recognition Technology In Terrorism Fight]
Bob Mocny, director of US Visit, announced last week
that from March next year the government will begin trailing 10-finger print
scanners at airports across the U.S..
The process will be completed by December 2008. Since the initial
fingerprint screening experiment started in 2004, 1800 people have been caught
trying to illegally gain entry into the US using false identities. The reason
for adding the extra prints, Mocny said, is because the small portion of finger
they currently scan is bringing up too many false-positives and several people
each year are forced into a second screening process having been misidentified.
Once a traveller has had ten prints scanned on the first occasion, they may not
be required to have all ten scanned each time they enter the country. There are
currently 80 million fingerprints in the system which are kept for 75 years. US
citizens are not fingerprinted at international entry points. [Source]
The UK is looking at bringing in fingerprint scanning at airports this year –
see: [UK
Government tests biometrics at border control points] See also: [U.S.
Seeks Closing of Visa Loophole for Britons]
A recent study conducted by Unisys revealed that
respondents from Singapore and Malaysia favor fingerprint scans as the
preferred method for verifying their identity with banks, government agencies
and other organizations. Just over seven in 10 Malaysian respondents were “most
willing to use a scan of their fingerprint to verify identity,” while 70% of
respondents from Singapore opted for it as a “preferred security measure.”
According to Unisys, the results indicate that respondents “particularly are
interested in giving up more personal data to get security and convenience.” [Source]
See also:
The Home Office's drive to
strengthen Britain's border controls took another step forward this week with
the opening of IRIS at Gatwick South. IRIS (Iris Recognition Immigration
System) is a new step in exploiting biometric technology to strength Britain's
border controls. IRIS enables registered passengers to enter the UK without
queuing to see an immigration officer at passport control. Instead, individuals
enrolled on the scheme are able to walk up to an automated barrier, look into a
camera and if the system recognises them, enter the UK. Immigration Minister
Liam Byrne said: "We are significantly toughening Britain's borders. Iris
recognition barriers combine speed and maximum security to let positively
vetted passengers travel faster." "Soon we will also see uniformed
officers with new powers at airports across the UK." [Source]
The South Korean government has decided to include
fingerprints in new electronic passports, a key requirement for entry into the
U.S. visa waiver program, along with images of passport holders’ faces, a
official said. South Korea plans to start issuing electronic passports in
December on a trial run, with the official issuing of the new passports with
personal biometric data to begin early next year. [Source]
See also: [India to
Move to Biometric Passport] [New US Passport]
The House of Commons Standing Committee on Access to
Information, Privacy and Ethics made recommendations in its fourth Report to
Parliament, following a statutory five-year review of Canada’s federal privacy
legislation, the Personal Information Protection and Electronic Documents Act
(PIPEDA). The Committee held hearings between November 20, 2006 and February
22, 2007. The report recommends that PIPEDA be amended to require companies to
tell Canadians when their personal information is lost or stolen by identity
thieves. Companies that suffer a security breach should be required to inform
the federal privacy commissioner, who will then decide whether the loss is
serious enough to inform affected individuals. However, the report stops short
of calling for mandatory notification, which would require retailers, banks and
other organizations to tell the privacy commissioner of every security breach.
[Source]
[Source]
[Coverage]
Canada’s privacy commissioner is warning that “the
negligence of businesses and even government” is adding to the growing problem
of identity theft that is threatening an increasing number of Canadians every
year. Jennifer Stoddart told a parliamentary committee that the federal
government must take strong leadership to combat the problem. “This is an
underground, possibly organized crime industry, and it’s helped by the
negligence of businesses, even governments, ourselves in handling our personal
information.” So far, Ottawa has failed to take adequate steps to address the
problems associated with identity theft, despite the fact thousands of
Canadians fall victim every year. [Source]
The federal privacy commissioner is preparing to
publish guidelines instructing banks and other businesses when to tell
consumers about security breaches. But Canadians could remain in the dark when
their personal information is lost or stolen because the new rules were written
by the private sector, which has “an obvious interest in minimizing
disclosure,” warn consumer and privacy experts who have read the draft regulations.
Under the guidelines, businesses that fall victim to hackers or lose sensitive
personal information would continue to decide if and when to tell the affected
consumers – a system that’s a far cry from the mandatory breach notification
that consumer advocates had been hoping for, said John Lawford, research
analyst at the Public Interest Advocacy Centre. [Source]
A bill proposing to put the birth dates of all federal
electors on copies of the permanent voter registry given to political parties
could cause an explosion of identity theft and invasion of privacy, Liberal and
Conservative senators have warned. In a rare departure from the wrangling that
has recently enveloped the Senate, senators from both sides questioned
Government House Leader Peter Van Loan over the proposal to release vital
personal information so broadly. “With the passage of this bill, everybody’s
date of birth is going to be known to everybody in Canada,” said Liberal
Senator George Baker, noting Elections Canada gives the political parties
electronic copies of the permanent voters list three times a year as it is
updated with new data on citizens. [Source]
See also: [New
Zealand Restricting Access to Birth, Death and Marriage Records]
A Canadian “no-fly” list of people to be barred from
boarding domestic and international airline flights is set to take effect June
18, just as the busy summer flying season gets underway. The move, nearly six
years after the 9/11 terrorist attacks, amounts to a flight blacklist of people
“reasonably suspected” by federal officials as immediate threats to the safety
of commercial aircraft, passengers or crew. Under the rules, as passengers
check in for flights, whether at kiosks or counters, their names will be
automatically screened against the government’s list, known as the “Passenger
Protect” program. The no-fly list will be drawn up by Transport Canada, with
input from the RCMP and CSIS. If a name is red-flagged as a possible match with
a name on the no-fly list, the traveller will be directed to a flight agent,
who will contact Transport Canada for a decision on whether to allow boarding.
Airlines are responsible for protecting the passenger’s confidentiality. [Source] [Privacy Commissioner Wary Of No-Fly List]
The Conservative government is planning to outlaw
identity theft, an exploding problem, although it carries no specific criminal
sanctions in Canada. Justice Minister Rob Nicholson plans to take a blueprint
to the federal cabinet, with plans to introduce legislation this spring or
fall. The move to criminalize theft of another person’s personal information
comes amid widespread calls for a crackdown, most recently from the House of
Commons finance committee and Canada’s privacy commissioner. [Source]
[Source]
See also: [Day Seeks
Security Powers; Ottawa wants to restore `preventive arrests’]
The independent Task Force on Right to Information and
Protection of Personal Information is looking for the views and suggestions of
New Brunswickers to improve access to public information while better
protecting personal information. The task force’s discussion paper has two
objectives: first, to identify and explore possible reform measures to both
access to information and personal privacy legislation; and second, to promote
participation in the review process. [Source] [Task Force Website] [Discussion paper]
With confidential Regina police reports at the centre
of a political controversy, Saskatchewan’s information and privacy commissioner
renewed his call for municipal police services to be covered under the
province’s Freedom of Information and
Protection of Privacy Act (FOIPP). Gary Dickson said this week that
Saskatchewan and PEI are the only provinces where municipal police services and
commissions are not covered by such legislation. [Source]
A company representing Internet users in more than 100
countries has filed a lawsuit in Virginia seeking the identity of individuals
responsible for harvesting millions of e-mail addresses on behalf of spammers.
The lead attorney on the case said the group hopes to follow the trail from the
people doing the harvesting of e-mail addresses to the actual spammers. “It is
clear that the key to stopping spam is identifying those responsible for it,
and getting that information into the hands of those capable of doing something
about it,” he said. [Source]
[E-mail
harvesters hit with $1 billion antispam lawsuit]
U.S. Health and Human Services (HHS) Secretary Mike
Leavitt announced the U.S. will participate in an international effort to
encourage more rapid development and worldwide adoption of standard clinical
terminology for EHRs. The US is one of nine charter members of the new
International Health Terminology Standards Development Organization (IHT SDO).
Other charter members are from Australia, Canada, Denmark, Lithuania, the
Netherlands, New Zealand, Sweden, and the UK. [Source] See also: [N.Zealand
Patient privacy seen as serious issue in bar code system]
The IPC has released a new fact sheet regarding the
encryption of personal health information on mobile devices. They state that
because of the high incidence of loss or theft of mobile devices such as laptop
computers, personal digital assistants (PDAs), or flash drives, custodians need
to ensure that personal health information that is stored on mobile devices is
encrypted. When encryption is implemented properly, it renders PHI safe from
disclosure. The availability of encryption means that it is easier to safeguard
electronic records of PHI than it is to safeguard paper-based records when
being transported. This fact sheet goes through the how and why issues around
encryption on mobile devices. [Source]
Drumming up business would seem to be an easy task for
those who sell encrypted cellphones in Italy. All they have to do is browse the
major newspapers for likely customers. “Initially, we thought we would market
to the big businesses, to lawyers and the government,” said the commercial
director of Caspertech, a four-year-old company that sells encrypted cellphone
software. “But after the Juventus soccer scandal, we had so many clients that
we had never thought to contact.” Three years ago, the company’s only clients
were the government and the military; last year 60% of sales were to ordinary
civilians. [Source]
HP is shipping laptops that include full
disk-encryption (FDE) software from SafeBoot to prevent data falling into the
wrong hands when laptops are lost or stolen. The software installed on the
devices inserts itself in the boot process, so users must authenticate
themselves to the software before the operating system kicks in. If the device
is lost or stolen, SafeBoot device encryption prevents anyone without the
proper authentication - which can include two-factor authentication - from
accessing the machine. The software on the laptops is intended for small and
mid-size businesses that don’t necessarily have the resources to buy and manage
enterprise-sized disk encryption. [Source]
The European Commission has set out plans to examine
the use of Privacy Enhancing Technologies (PETs) to counteract identity theft,
discriminatory profiling and surveillance. The commission will promote the
research and development of PETs, run large-scale pilots in industry and public
sectors, and create an EU-wide privacy seal system. Commission VP Franco
Frattini said the plan will encourage the use of systems which minimise the
collection and use of personal data, “to ensure that breaches of the data
protection rules and violations of individual’s rights are not only something
forbidden and subject to sanctions under the existing legal provisions, but
also technically more difficult”. The technology will benefit businesses as
well as consumers, as increased trust will encourage confidence in online
spending, said the EU’s Commissioner for Information Society and Media. [Source]
[Source]
State databases, the way the European Data Protection
Supervisor talks about them in its annual report quickly grow beyond their
function and not always with benign consequences for the people they have
numbered. The EDPS'
2006 Annual Report, published this month, noted how the data guardian's
attention had been drawn to the increasing tendency of authorities to establish
central databases and large scale IT systems. This could be problematic because
the systems had a habit of snowballing, it said. "The EDPS has observed a
trend in that once a database has been established, access to it is extended to
more authorities, for other purposes than those for which it was set up.
"The risk of illegitimate use is another important reason why these
databases create particular risks for the people whose data are used." The
report loosely describes how part of the reason people were at greater risk of
becoming victims of the system was that authorities were rushing ahead with new
technologies and thinking about the consequences for civil liberties later. So
European plans for co-operation between its police forces and judiciaries were
being rushed through ahead of laws that would ensure their association was done
without offending citizens' rights to data protection. Generally speaking, said
the report, the EDPS had only just started to get results in 2006, two years
since its inception, and there was still much to do. It had to get the
administration to adopt "data protection culture as a part of good
governance", while striving to get data protection cover into EU
legislation. The annual report indicates that the number of complaints filed
nearly doubled in 2006, but only 20% of those were filed appropriately with the
privacy chief of EU institutions. Of the 52 complaints filed in 2006, all but
10 should have been filed instead with national data protection authorities in
the member states. [Source] [Source] [EU watchdog criticizes
governments for hasty use of biometric data] [annual report]
[Privacy watchdog slams EU-wide
sharing of police data] [Data
Protection Developments In Europe]
The European Commission’s E-Communications Household
Survey indicates that 84% of the UK respondents said they would want an
organization to notify them in the event of a data breach. Seventy-five percent
of this group wanted to be notified no matter what, and an additional 9% said
they would want organizations to notify them if the breach carried a risk of
financial harm. Just 10% of the respondents indicated that they would not want
to receive notification at all. The study queried respondents from 27,000
households across Europe. The results indicate that UK respondents are more
concerned about notification than other Europeans. [Source]
[Source]
See also: [Australia
- Support grows for data breach notification law]
US Homeland Security Secretary Michael Chertoff has
asked the European Parliament to relax restrictions on the sharing of personal
data provided by airlines to US authorities. Surveillance state can’t monitor
itself, says Chertoff. It would be impractical for the US to monitor how its
border guards use the massive databases it is building on European citizens, US
Homeland Security Security secretary Michael Chertoff told the European
Parliament this week. Answering questions before an extraordinary meeting of
the European Parliament’s Committee on Civil Liberties, Justice and Home
Affairs, Chertoff defended the Automated Targeting System - a US database that
creates profiles of people who cross America’s borders. MEPs questioned
Chertoff on the US collection of Passenger Name Records, which was the
precursor to the Automated Targeting System. Dutch MEP Sophie Int-Veld told
Chertoff: “It’s never justified to give unlimited and uncontrolled powers to
any government.” She is the rapporteur for the Parliament on the EU’s attempt
to restrain the US collection of data about European citizens. [Source]
[Source]
[Source]
[Source] [Frattini
Hopeful on Airline Data Privacy Pact]
New safeguards are needed to protect people’s personal
details in today’s “surveillance society”, the UK privacy watchdog said.
Information Commissioner Richard Thomas wants all Government departments to
carry out privacy impact assessments on proposed schemes. These would set out
possible threats to privacy and how that threat could be minimised. Mr Thomas’
comments - included in his submission to a Home Affairs Select Committee
inquiry - calls for penalties for data protection breaches to be stepped up. He
recommends all public sector bodies follow a new code of practice on how they
pool information. And Mr Thomas wants his powers to be increased to inspect and
audit organisations suspected of breaching privacy laws without their consent.
[Source]
[Source] [evidence
submitted by the Information Commissioner to the Parliamentary Inquiry into the
Surveillance Society] [Surveillance
Society Report] [Surveillance
Society Follow-up Report] [Business
Group Seeks Cautious Approach To Giving Privacy Chief New Powers] see also:
[Information Commissioner audits
HBOS]
The number of data protection cases investigated last
year was more than double the figure for 2005, the Irish Data Protection
Commissioner Bill Hawkes revealed this week. Launching the Office of the Data
Protection Commissioner’s annul report for 2006, Mr Hawkes said one of the main
focus’s for 2006 had been the “gradual erosion of the individual’s private
space and the need to address this through an emphasis on the right of the
individual to choose what personal information s/he discloses and to have some
control over how it is used”. [Source]
Cellphones have become so popular in Canada that they
are about to eclipse the use of traditional wire lines for the first time as
the wireless industry continues to grow in reach and profitability. There were
18 million wireless subscribers at the end of 2006 – about the same number of
fixed access lines. That doesn’t include more than 740,000 subscribers who have
transferred to cable telephony services. [Source]
Travel between Canada and the United States fell in both directions in February, possibly the result of new passport requirements for air travel into the U.S. that came into force Jan. 23. Figures remained 2.5% lower than the previous year’s monthly average even though, in the face of the new requirements, overnight plane travel from the U.S. to Canada rebounded from January?s three-year low, rising 2.7% to 312,000. Statistics Canada reports overnight car travel from the United States fell 6% to 629,000 trips in February, the lowest level in 22 years. [Source]
The final revision of the Fair and Accurate Credit
Transactions Act of 2003 is coming out in late summer. The new addendum to the
act, which companies would have to comply with by mid-2008, will ensure that
credit grantors will no longer be able to simply brush aside an address
discrepancy on a credit application - which happens on about 20% of all
credit-worthy credit card applications. [Source]
Google’s plan to team with four states to make
government records available online is a cause for concern for some privacy
watchdogs who question whether too much personal information will be easily
available for nefarious purposes. Google’s CEO Eric Schmidt said the company is
eager to connect “citizens with their government by offering the public better
access to public sector information and services consistent with our broader
vision.” Google is collaborating with Arizona, California, Utah and Virginia on
the project. [Source]
[Privacy
Watchdogs Wary Of Google Plan To Make Public Records Available Online] [Google urges
shareholders to permit censorship] [Google
Shareholders Vote Against Anti-Censorship Proposal] [Google Halts `Hijacked’ Ads
Used To Steal Personal Data] [Google, Yahoo Urged to
Boost Privacy and Human Rights Policies] [Google
Explores Plan To Scrutinize Gamers’ Behavior For Ad Targeting] [New
York State Asks FTC To Delay Google-DoubleClick Merger]
The American Civil Liberties Union this week
criticized what it said were White House efforts to censor a privacy report by
the Privacy and Civil Liberties Oversight Board. “We clearly see what the
administration is trying to hide when White House staff made 200 redactions and
edits to the Privacy and Civil Liberties Oversight Board’s report,” the ACLU
said. “The board is a toothless entity that blindly and obediently advances the
Bush agenda by endorsing its most egregious civil liberties violations. For the
administration to take it one step further by censoring the PCLOB’s report is
shameless.” [Source]
[Only
Democrat on Privacy Board Quits]
The U.S. House of Representatives passed the Genetic
Information Non-discrimination Act. The bill, known as GINA, would prohibit
improper use of genetic information in hiring and health insurance decisions.
GINA makes it illegal for group health plans and health insurers to deny
coverage to a healthy individual or charge him or her higher premiums based
solely on a genetic predisposition to a specific disease. The legislation also
bars employers from using individuals’ genetic information when making hiring,
firing, job placement or promotion decisions. [Source]
See also: [Advances
In Genetic Research Raise Privacy Dilemma] [Eli Lilly
Formalizes Genetic Anti-Discrimination Policy] [Opinion:
Genetic Advances Rely On Privacy]
The Liberal Democrats released statistics showing that
innocent people from ethnic minorities are three times more likely to have had
their DNA samples put on the national database. The figures show the number of
people who are arrested and have their DNA kept by the police, despite no
further action being taken. The statistics are broken down by ethnicity and
region. In some areas, innocent people from ethnic minorities are over eight
times more likely to have had their DNA samples taken. [Source]
[Watchdog
to examine use of DNA database]
Gov. Eliot Spitzer is proposing a major expansion of
New York’s database of DNA samples to include people convicted of most crimes,
while making it easier for prisoners to use DNA to try to establish their
innocence. Currently, New York State collects DNA from those convicted of about
half of all crimes, typically the most serious. The governor’s proposal would
order DNA taken from those found guilty of any misdemeanor, including minor
drug offenses, harassment or unauthorized use of a credit card, according to a
draft of his bill. In expanding its database to include all felonies and
misdemeanors, New York would be nearly alone, although a handful of states
collect DNA from some defendants upon arrest, even before conviction. [Source]
See also: [Police
can use trickery to obtain DNA evidence] [Trick to get
suspect’s DNA raises concerns] [WA
court: Licking an envelope gives up privacy right to saliva]
CPRN’s Public Involvement Network undertook a national
citizens’ dialogue, in partnership with McMaster University. The dialogue
probed citizens’ values and policy choices with respect to their preferences
for personal privacy and the use of their personal information for health
research. The project was sponsored by the Canadian Institutes of Health
Research and Health Canada. Dialogue sessions engaged a randomly-selected
sample of approximately 100 Canadians. Using a deliberative dialogue
methodology, day-long sessions were held in 7 communities across the country
from April to May 2005. [Source]
[Report] [Workbook] See also: [A
Tireless Advocate For Patient Privacy: Modern Healthcare profile of
psychiatrist Deborah Peel] and [A
Look At Australian Patient Privacy Protections] and [Legal
Guidelines Being Drafted in Singapore to Protect Biomedical Research
Participants] [Kaiser
Permanente Survey: Rewards Of Electronic Medical Records Outweigh Risks] [Paper
medical records more secure than electronic: survey]
New Hampshire will appeal a recent federal trial court
decision striking down as a violation of constitutional guarantees of free
speech a 2006 state law that bars data-miners from using patients’ prescription
drug information to directly market pharmaceuticals to physicians-an industry practice
called detailing. “The state has a substantial interest in protecting the
privacy of New Hampshire physicians, defending the sanctity of the
doctor-patient relationship and reducing healthcare costs,” said Attorney
General Kelly Ayotte in a written statement. “Healthcare costs in the state of
New Hampshire are skyrocketing. The Prescription Information Law
protects the state’s interests and the interests of New Hampshire’s physicians
and citizens, which strongly outweigh the pharmaceutical industry’s interest in
increased profits.” [Source]
[Source]
[US
court overturns New Hampshire prescription drug law] See also: [Vermont
- Following NH Ruling House Rewriting Drug Bill]
The US TSA acknowledged that an external hard drive
containing data from approximately 100,000 archived employment records went
missing from a controlled area at the agency’s Office of Human Capital. The TSA
has enlisted both the FBI and the U.S. Secret Service for assistance, and has
started to notify individuals who may have been affected, and is working on
purchasing a year’s worth of credit monitoring services for any current or
former employees whose data was involved in the breach. The employee records
extend from January 2002 to August 2005 and contain potentially sensitive data
including names, dates of birth, SSSNs, payroll information, and bank account
data. [Source]
[Airport
Security Screeners File Lawsuit Against TSA]
JX Cos., operator of discount clothing chains T.J.
Maxx and Marshalls, said Tuesday its first-quarter profit dipped 1% as costs
related to a widely publicized breach of customer data offset revenue growth.
The company took a $12 million charge related to the data breach. [Source] [Source]
[Behind The Scenes at The TJX Data Breach
Case]
Montreal’s McGill University is reviewing its computer
system after the private academic records of hundreds of students were made
accessible on the school’s website. McGill graduate Kent Glowinski
discovered the files from 2004 while using the website’s search engine. He said
entering a student’s name brought up information about their transcripts,
including their marks. Normally, transcripts are private and are mailed to
students who request them. [Source]
A revised technology design for the Homeland Security
and State departments’ upcoming border-crossing identification card now meets
international security standards, according to the National Institute of
Standards and Technology. NIST Director William Jeffrey said the agency
reviewed, and recommended changes to, the proposed card architecture for the
People Access Security Services (PASS) card, which will be used by Americans,
Canadians and Mexicans who frequently cross back and forth across the U.S.
borders. In recent months, DHS and State officials have indicated they intend
to seek proposals for a Pass card with a long-distance RFID tag capable of
being read at distances of up to 20 feet. [Source]
The Swedish government has decided to look into the
question of ID cards for people who are not Swedish citizens but have the right
to live in Sweden. The objective is to guarantee these individuals the
opportunity to have an ID card. In some cases it is difficult for people who
are not Swedish citizens to get an identity card. The Swedish Cashier Service
tightened its rules as of 1 January 2007. The new requirements mean that an
applicant who does not have satisfactory identification must be accompanied by
a person who has approved Swedish identity documentation, and is also a close
relative. People who have recently immigrated to Sweden often have neither
Swedish identification papers nor close relatives of the kind required by the
new rules. They are therefore often denied an ID card, which is a prerequisite
for being able to function normally in society, for example, when in contact
with health care services, the chemist, bank or post office. [Source]
The official cost of the controversial ID card scheme
has risen to £5.31bn. The figures were released as Tony Blair announced his
departure, leading to claims from the opposition that the government was
“burying bad news”. The Tories and Lib Dems also claimed that the Home Office
broke the law by releasing the updated figures a month later than they should
have. The Home Office put the £400m increased costs down to extra staff
carrying out vetting and extra anti-fraud measures. [Source]
Standards proposed by the Homeland Security Department
for secure drivers licenses and identification cards issued by all 50 states
are drawing fire from state officials. The regulations, mandated by the 2005
Real ID Act, could end up posing a threat to personal and national security,
said the American Association of Motor Vehicle Administrators and the
California Department of Motor Vehicles in comments on the proposed rules. They
said that under the new system, counterfeiters would only need to concentrate
on one license standard, rather than 50. The Real ID Act also requires that
states provide other states with access to their databases, which the
California DMV said could result in an interconnected virtual database of the
242 million driver’s licenses in the country that would be a prime target for
hackers and criminals. [Source]
[Real
ID Act 2D Barcode Security Isn’t Good Enough: Smart Card Industry] See
also: [CDT:
DHS Should Revise REAL ID Regulations] [NYT: Agency Affirms
Mandates for Driver’s Licenses] [NASCIO: Feds must
increase cybersecurity, Real ID funds] [NASA scientists: ID
plan threatens privacy] [IBIA
Submits comments on Real ID] [Microsoft
Touts Trust-Based ID][CIO Council: ABC:
An Introduction to Identity Management]
HIV-positive visitors to Australia could have their
movements monitored or be prevented from coming altogether, under policy
options being considered by the Australian Government. Prime Minister John
Howard has written to his immigration and health ministers asking them for
advice on whether HIV/AIDS poses a public health risk and on the public health
implications of letting HIV-positive people into the country. When Mr Howard
said last month that he would consider stopping HIV-positive people coming to
the country unless there were humanitarian reasons to let them in, his comments
were dismissed by some as populist. But this latest move suggests there is a
possibility those infected could find it harder to come to Australia, or, if
they can come, to move about the country without having to report their
movements. [Source]
A new resource from the Ontario Information and
Privacy Commissioner is a tip sheet on how to set your privacy settings on
Facebook to the optimal level of protection. [Source]
See also: [Kids
think posting online is private, say educators]
The province of Ontario has quietly banned
bureaucrats, political staffers and most MPPs from accessing the popular
Facebook website from government computers. To the surprise of thousands of Ontario
government employees as well as Liberal aides, MPPs, and cabinet ministers, the
21 million-member social networking tool is now off limits. When workers tried
to log on to their accounts, they were greeted with the same “access denied”
message that pops up on their screens should someone attempt to download
pornography on an Ontario government computer. “The Internet website that you
have requested has been deemed unacceptable for use for government business
purposes,” the warning reads. Facebook joins YouTube, online poker gambling
websites and hardcore sex sites as verboten in any provincial government office
across Ontario. [Source]
[Facebook
ban a knee-jerk reaction, say experts] [Michael Geist
Commentary] [Source]See
also: [Politicians
ponder joining Facebook website] and [MPs
jockey for Facebook buddies] [US
Defense Department blocks MySpace, YouTube] [MySpace
Refuses To Turn Over Sex Offender Data, citing privacy laws]
Teacher in training Stacy Snyder was denied her
education degree on the eve of graduation when Millersville University
apparently found pictures on her MySpace page “promoting underage drinking.” As
a result, the 27-year-old mother of two had her teaching certificate withheld
and was granted an English degree instead. In response, Snyder has filed a
Federal lawsuit against the Pennsylvania university asking for her education
diploma and certificate along with $75,000 in damages. [Source]
[Web
can ruin reputation with stroke of a key]
Barely a year after their reporters won a Pulitzer
prize for exposing data mining of ordinary citizens by a government spy agency,
New York Times officials had some exciting news for stockholders last week: The
company plans to do its own data mining of ordinary citizens, in the name of
online profits. [Source]
The UK’s identity cards scheme appears “out of
control”, according to a group of researchers at the London School of Economics
(LSE), who are calling for an independent review of the project’s figures. Last
week a government report revealed the ID cards scheme will cost more than
£5.5bn to set up and run over the next 10 years. But the LSE’s Identity Project
group - long-term critics of the ID cards scheme - has warned the government’s
report reveals “not a project that is progressing well but rather one that
appears to be getting out of control, despite the best efforts of the Identity
and Passport Service to minimise the risks and costs of the scheme”. For
example the dropping of iris biometrics and reuse of existing government
databases should have had a noticeable effect on the costs of the scheme but
this is not the case, the LSE report claims. The report said: “Either the
radical redesign of the scheme has had no other effect on the costs of the
scheme, or the previous estimates of costs were much higher than parliament had
previously been told.” [Source]
[Britain
Weaves Biometric Cloak For Tighter Border Controls] [Kill ID
Cards Before They Kill Your Government, Mr Brown]
As of may 1, 43
organizations began a campaign against the illegal national identification
system created by the Department of Homeland Security under the REAL ID
program. The national campaign solicits public comments to stop a national ID
scheme without adequate privacy and security safeguards; which will make it
more difficult for people to get driver’s licenses; and which will make it too
easy for identity thieves, stalkers, and corrupt government officials to get
access to the personal data of 245 million individuals. The draft regulations
to implement the REAL ID Act are open for comment until 5 p.m. EST on May 8,
2007. [Source] [Coalition
Press Release] [Source]
The most recent group to join the mounting opposition
against the Real ID bill in the U.S. is the Department of Homeland Security
(DHS). In comments submitted to the DHS earlier this week, the department’s own
Data Privacy & Integrity Advisory Committee called the Real ID Act “one of
the largest identity management undertakings in history” and said it raises
serious privacy, security and logistical concerns. “These include, but are not
limited to, the implementation costs, the privacy consequences, the security of
stored identity documents and personal information,” the committee noted. It
also cited other concerns such as mission creep, redress and fairness issues. [Source]
[Leahy Speaks Out Against Id Standards]
[National
ID Card a Disaster in the Making] [Mass
State says Real ID plan will cost $150m, predicts agencies will be swamped]
[Oregon
Senate sends messages on Real ID] [Montana,
Washington’s revolt over Real ID Act sending echoes in Congress] [Texas
among states opposed to standardized ID cards] [Real
ID Revolt] [Congress
rethinks the Real ID Act] [Privacy Concerns,
Cost, Jeopardize Plans For US Identity Card] [Slow down national ID
standards, state officials say] etc., etc.
The National Research Council has just issued a
massive report (“Engaging
Privacy and Information Technology in a Digital Age”) on privacy in the US.
The 456-page document (executive
summary) makes a number of recommendations, some of which are
uncontroversial (people should have some form of recourse when the government
violates its own privacy standards), others are sure to stir up more debate,
such as the recommendation to establish a national privacy commissioner. In
recommending the creation of a high-level federal official, the report argues
that "it is unrealistic to expect that privacy bargains will become
settled 'once and for all' or that expectations will be static." Given the
pace of technological change and the effect that this has on privacy, the NRC
believes that the issue needs an advocate high in government circles who can
react quickly to changing conditions and can keep the issue of privacy before
policymakers. The group also suggests that the federal government
"undertake a broad systematic review of national privacy laws and
regulations" with the goal of coming up with a uniform national standard
instead of the current "patchwork" of laws, regulations, and judicial
rulings. Though the authors of the report often speak in generalities, they do
make one specific suggestion regarding privacy: information collection must require
meaningful consent. In too many cases, privacy practices are
"disclosed" in lengthy EULAs or legal documents that are buried on
web sites, and the least-private options are generally the ones preselected for
users. The NRC recommends that "the principle of choice and consent should
be implemented so that individual choices and consent are genuinely informed
and so that its implementation accounts fairly for demonstrated human
tendencies to accept without change choices made by default." The report
also contains a reference to the government practice of hiring third-party
private firms to deal with data in ways that the government itself would not be
allowed to do. The NRC pays special attention to closing this privacy loophole,
saying that oversight is needed "regarding the government use of
private-sector organizations to obtain personal information about
individuals." [Source]
[Source]
[Report] See also: [Former
9/11 Panel Questions Record of Privacy Board]
A survey conducted at an Open Compliance and Ethics
Group event revealed that the top four concerns of privacy managers are
assessing privacy program performance, assessing policy design, mapping of
privacy requirements to privacy policies and communicating procedures. The
survey also showed that more than two-thirds of privacy managers “are seeing
moderate to material increases in external scrutiny -- with almost half
reporting material increases.” [Source]
The National Institute of Standards and Technology has
issued guidelines and a set of best practices for the use of radio frequency
technology by federal agencies, as well as private corporations. The 154-page
report is titled Guidelines
for Securing Radio Frequency Identification Systems. NIST said entities
deploying RFID technologies need to consider any security or privacy risks that
could arise and should minimize those risks by following a list of best
practices developed for RFID users. The guidelines focus specifically on the
use of RFID technologies for asset management, tracking, matching and process
and supply chain control. While RFID offers the potential for organizations to
improve their logistics, reduce expenses and increase safety, it also entails
the risk of eavesdropping and unauthorized use, according to NIST. NIST
prepared the report to meet requirements of the Federal Information and Security
Management Act of 2002 that call on NIST to assist federal agencies in
adequately securing their IT systems. While intended primarily for a federal
audience, the report's recommendations apply equally to the private sector,
NIST said. NIST's list of best practices include installing firewalls between
RFID databases and an organization's other IT systems, encryption of RFID
signals, authentication systems to identify approved users, shielding of RFID
tags to prevent eavesdropping, audit procedures such as logging and time
stamping to detect breaches and disabling or destroying used tags to protect
sensitive data. The paper lists four major risks companies face: business
process risk; business intelligence risk, privacy risk and externality risk. [Source] [Source] [Source] [Guidelines]
[Report on smart
tags includes security, privacy warnings]
The battle lines are being drawn in a quiet corner of
West Palm Beach, Florida. On 12 May, some 30 protesters held an inter-faith
prayer vigil outside Alzheimer’s Community Care, a day-care facility for people
with dementia. At issue is the facility’s plan to implant 200 patients with
microchips manufactured and donated by VeriChip. When scanned, the chip reveals
a unique ID number, which when entered into a password-protected database gives
access to medical information about its owner. If the plan goes ahead, it will
be the first time the technology has been tried on a group of people with a
specific mental impairment. Privacy advocates say that the proposed use of the
tags is unacceptable. “This is a community that is not in a position to give
fully informed consent or to say no,” says Katherine Albrecht of CASPIAN, a
Florida-based consumer rights organisation. “The nature of the disease is that
they can’t fully understand.” [Source]
Checkpoint Systems Inc. is unveiling a dual-purpose
RFID label that can be used simultaneously for inventory control and as a
mechanism to catch shoplifters. Katherine Albrecht, a consumer rights privacy
advocate, said she fears the new label will be used to secretly provide
marketers with information about consumers. [Source]
The US Senate last week passed FDA legislation that
included a provision that mandates internet-based pharmacies to include visual
anti-counterfeiting technology on all pharmaceuticals sold to US customers. The
provision explicitly excludes technology like RFID or barcodes that require a
supporting infrastructure of readers, antennas, etc. [Source] [Source] See also:
[Arizona
First State To Prohibit Mandatory Animal Identification]
Cars in Bermuda are getting chipped. RFID chipped that
is. Bermuda’s Transport Control Department, a division of the tiny string of
island’s Ministry of Tourism, announced May 7 that it plans to automate vehicle
registration, compliance and enforcement with an island-wide deployment of EVR
(electronic vehicle registration). The EVR system is made up of RFID tags,
antennas, readers and a database system. Over the next five years, the program
is expected to generate over $11 million in lost fees from unlicensed and uninsured
vehicles, according to a press release. At the same time TCD expects to reduce
the number of non-compliant vehicles on the island’s roadways to less than 1%,
officials said. The program kicks off this month. [Source] See
also: [Most New Cars Equipped
With Event Data Recorders] and [Israel: New Drivers
& Bad Drivers To be GPS Monitored]
After years of stark warnings, many Wi-Fi networks
located in London’s City financial district still lack basic levels of
security, a security vendor claims to have found. According to security testing
company NTA Monitor, which recently assessed security using passive monitoring,
internal resources such as printer queues could be found quite easily, while
other networks used only weak WEP security to keep network traffic from prying
eyes. Astonishingly, others used no encryption at all. “For a malicious user
wishing to connect to a corporate network, the City seems to be an ideal
location,” he said. [Source]
A leading provider of digital-security services wants
to make disposable passwords easier for consumers to accept by squeezing the
technology into the corner of a regular credit or ATM card. VeriSign said the
one-time passwords haven’t taken off in the U.S. partly because consumers need
to carry a small device that generates passwords on the fly. That barrier is
removed, he said, by having the technology built into cards consumers already
carry. With the card, consumers logging on to an online bank account, for
instance, would type in their regular username and password, along with a
six-digit code that appears on the card’s display window. That code constantly
changes, meaning the customer needs to have possession of the card to access
the account. Security companies like VeriSign and EMC Corp.’s RSA Security Inc.
have been promoting one-time passwords and other “two-factor” authentication
systems to combat “phishing” and other scams aimed at tricking users into
revealing sensitive data like passwords. [Source]
Researchers from the firm surveyed billions of sites,
subjecting 4.5 million pages to “in-depth analysis”. About 450,000 were capable
of launching so-called “drive-by downloads”, sites that install malicious code,
such as spyware, without a user’s knowledge. A further 700,000 pages were
thought to contain code that could compromise a user’s computer, the team
report. To address the problem, the researchers say the company has “started an
effort to identify all web pages on the internet that could be malicious”. [Source]
Nearly 75% of Fortune 100,000 IT professionals are
concerned that a security breach could lead to their dismissal. KACE, a provider
of systems management and deployment appliances, released the results of a
study done by King Research that indicates that most of the organizations
surveyed are not confident with their current security measures. [Source]
Scott & Scott, a law and technology services firm,
joined with The Ponemon Institute to conduct a survey on the business impact of
security breaches. In this Q&A, Robert Scott, Managing Partner, discusses
the findings. Scott said that despite the prevalence of security breaches, many
organizations remain unprepared for an information security crisis. The survey
of 702 respondents also found that businesses “believed that data subjects
typically suffered little or no actual monetary harm as a result.” [Source] [Data
breach plagues U.S. companies]
Amsterdam’s Schiphol airport has become the first in
the world to deploy a new “see-through” security system that allows screeners
to view the shape of the traveler’s body beneath their clothes. The system is
designed to detect weapons and explosives hidden under clothing. Numerous
airports have tested the system, but this is the first permanent installation
of the security devices. Schiphol officials are making the body scanners
optional, allowing passengers to submit to the 3-second scans in lieu of
waiting in long security lines or being frisked by security personnel. [Source]
A bid to halt the microchipping of discount cards for
senior citizens has failed, but stronger safeguards will be included to ensure
privacy and security of card-holders is guarded. Yesterday, Parliament voted
down an attempt by Act MP Heather Roy to have the microchipping clause removed
from the bill which introduces senior citizen discount cards, the Super Gold
Cards. However, an amendment by Independent MP Taito Philip Field will allow
microchipping to go ahead only after consultation with the Privacy
Commissioner, the State Services Commission and any other relevant bodies. [Source]
[New
Zealand MPs worried over microchipping on cards for seniors]
With input and production assistance from the IPC, the
Advanced Card Technology Association of Canada (ACT Canada) has developed this
document to help companies and organizations understand and implement, in a
practical way, the principles of privacy protection in regards to contactless
smart cards. [Document
Source]
A secret court approved all but one of the
government's requests last year to search or eavesdrop on suspected terrorists
and spies, according to Justice Department data released this month. In all,
the Foreign Intelligence Surveillance Court signed off on 2,176 warrants
targeting people in the United States believed to be spies or have links to
international terror organizations. The record number is more than twice as
many as were issued in 2000, the last full year before the terrorist attacks of
Sept. 11, 2001. One application was denied in part, and 73 required changes before
being approved. The disclosure was mandated as part of the renewal of the
Patriot Act, the sweeping anti-terrorism law. It was released as a Senate
intelligence panel examined changes to the 1978 Foreign Intelligence
Surveillance Act that could facilitate monitoring of homegrown terrorists. But
in its three-page public report, the Justice Department said it could not yet
provide data on how many times the FBI secretly sought telephone, Internet and
banking records about U.S. citizens and residents without court approval. The
department is still compiling those numbers amid an internal investigation of
the FBI's use of so-called national security letters. The letters are
administrative subpoenas that do not require a judge's approval. [Source] [Intelligence
Chief Decries Constraints, Update of Surveillance Law Urged] [NYT: Bush
Administration Pulls Back on Surveillance Agreement] [Senators leery about
revising rules for domestic spying] [FISA
immunity for telecom firms slammed] [Bush
Wants Phone Firms Immune to Privacy Suits] [ISPs Face Wiretap Deadline] [House
reaffirms FISA as “exclusive means by which electronic surveillance may be
conducted”]
New York rights activists called on the city council
to regulate surveillance cameras to prevent intrusion into people's privacy and
prevent an abuse of footage. Norman Siegel, a lawyer and former director of the
New York Civil Liberties Union, told a debate arranged by a group of lawyers
that laws were needed to limit how long video footage could be held and to
restrict distribution and access.
Siegel, who estimated there were at least 10,000 cameras around New York
City, said surveillance cameras should also be registered with a government agency
and people on the street should be informed that they being filmed. "There are 4 million video surveillance
cameras in Britain, 500,000 in London alone - do we want that in New York
City?" Siegel told the debate, "Caught on camera: security concerns
vs privacy rights." He suggested that it be made a criminal offence to
abuse surveillance camera footage. Surveillance has come under the spotlight in
New York with the police department due to appeal a court ruling on Thursday
that banned unrestricted photo surveillance of protesters except in cases where
criminal investigation is warranted. [Source]
See also: [Victoria
BC Police Want Tiny Portable Surveillance Cams] [TransLink
tests digital cameras in Vancouver city buses] [Downtown Halifax
Video Surveillance to Expand] [Montréal
Surveillance Cams: Atop a slippery slope] [Surveillance
cameras roll on St. Laurent Blvd] [More surveillance cams for
Toronto] [Toronto
Police To Unveil More Than A Dozen Closed-Circuit Cameras] [Toronto
Police Deploy CCTV Cameras Early] [More Surveillance
Cameras on Milwaukee's South Side] [Police cameras simply don’t work -
Always under surveillance] [UK
- Classically Orwellian: CCTV's hugely popular - We must keep a close eye on
surveillance]
The Trimble TrimTracPro will go on sale in Australia
at $495, and distributor GoFinder says this makes it the first device of its
kind that’s affordable for mass-market uses such as monitoring teenagers’ use of
family cars or watching for the improper use of fleet vehicles. Applications
include detecting a vehicle travelling outside a set area, speeding, being
operated outside agreed hours, and not being operated during working hours.
“The controversial ‘spy in the cab’ argument may be unpopular with some drivers
and their unions but it is only a concern with people who do the wrong thing,”
said the GoFinder CEO. [Source]
U.S. Homeland Security Secretary Michael Chertoff took
questions this week from members of the European Parliament’s Committee on
Civil Liberties, Justice and Home Affairs on a database that compiles profiles
of people who cross U.S. borders. Chertoff cited examples of how the database
thwarted efforts of terrorists to enter the U.S. But he added that it was
difficult to gauge every example of when border guards – using the database as
one tool in their decision-making -- detained people or barred them from entry.
[Source]
Security officials from Europe’s largest countries
this week threw their weight behind the EU Commission’s plans to map out
mosques on the continent to identify imams who preach radical Islam that raises
the threat of homegrown terrorism. The project, to be finished by the fall,
will focus on the roles of imams, their training, their ability to speak in the
local language and their source of funding, EU Justice and Home Affairs
Commissioner Franco Frattini told a news conference. Italian Interior Minister
Guiliano Amato said Europe had ample experience with the “misuse of mosques,
which instead of being places of worship are used for other ends. [Source]
The Bush administration is urging Congress to pass a
law that would halt dozens of lawsuits charging phone companies with invading
ordinary citizens’ privacy through a post-Sept. 11 warrantless surveillance
program. The measure is part of a legislative package drafted by the Justice
Department to relax provisions in the 1978 Foreign Intelligence Surveillance
Act (FISA) that restrict the administration’s ability to intercept electronic
communications in the United States. If passed, the proposed changes would
forestall efforts to compel disclosure of the program’s details through
Congress or the court system. [Source]
[NYT: Spying
on Americans] [PBS: Spying on the Home Front]
[Big Victory: House
Affirms Limits on Warrantless Spying]
Australians have delivered a stunning rebuke to
telemarketers after more than half a million people signed up to the national
Do Not Call Register in just seven days. While the $33 million register does
not come into effect until May 31, Australians have submitted a deluge of
pre-registrations in order to block telemarketers from calling them at home from
next month. [Source]
The Government Accountability Office (GAO) HAS
releaseD a report that details how the Department of Homeland Security (DHS)
Department’s Customs and Border Protection agency is breaking privacy laws by
failing to “fully inform the public about all of its systems for prescreening
aviation passenger information,” according to this Washington Post article. The
GAO report also says “passengers are not assured that their privacy is
protected during the international screening process,” according to the story.
In a letter to the GAO, a DHS official disputes the findings, saying the GAO’s
conclusions are “incorrect and without merit.” [Source]
The Department of Education has outlined a new
security protocol for the National Student Loan Data System. The new procedures
were outlined in a letter sent to 35 guarantors, according to this story in The
New York Times. Before gaining access, the guarantors will have to identify the
names of employees who will access the database along with a certification from
the company that it will follow access rules. Access has not yet been restored
for lenders and loan service companies. The database contains personal
information on millions of financial aid applicants. [NYT
Source] [Lawmaker
Asks FTC To Investigate Marketing Practices Of Student Loan Companies]
The U.S. House Energy and Commerce Committee has
unanimously approved a pair of bills that would impose a slew of new
regulations in the name of spyware crackdowns and new limits on the use of
SSNs. The Spy Act is the second antispyware bill that House committees have
passed in recent weeks. [Source]
[Securely
Protect Yourself Against Cyber Trespass Act (the SPY ACT Act), H.R. 964 a Mixed
Bag] [Internet
Spyware Prevention Act, or I-Spy Approved] [U.S. Spyware Clampdown Won’t Impress European
Governments]
The U.S. moved closer to passing a legislation that
would set limits on personal data use by government and private firms after a
key Senate committee approved an amended version of the bill. The U.S. Senate
Judiciary Committee gave the nod to an amended version of the Personal Data
Privacy and Security Act. The proposed legislation seeks to put a rein of
how government and private companies can use personal data taken from their
customers. Several recent controversial incidents involving the compromise of
personal information--including incidents in universities, corporations and
federal agencies--have led to continuing public outcry in the U.S. over poor
protection of sensitive personal data. Although separate state laws for data
protection have already been filed, a nationwide legislation would override
existing state laws. The proposed data protection act would require entities to
put in security and privacy protection measures, notification requirements, and
impose stiff fines on violators. [Source]
That information encoded on Arizona driver’s license
would get a little more privacy protection under terms of legislation given
final House approval this week. Without dissent, lawmakers voted to bar
retailers from selling or otherwise sharing information that they collect from
a customer’s driver’s license or other state-issued ID. Violators could end up
paying fines of $500 for a first offense – and $5,000 the third time. The measure,
HB 2291, now awaits the governor’s signature. That legislation actually was one
of two bills the House sent to the governor designed to shield personal data.
The second bill, HB 2726, would bar utility companies from selling individual
customer information to anyone. It also would make it illegal for anyone to use
fraudulent means to try to obtain utility records. [Source] [Source]
See also: [Massachusetts
House OK’s identity theft protection bill] [Tennessee Senate
Approves Identity Theft Protection Bill]
While the 4th Amendment of the U.S.
Constitution provides broad protections when it comes to state-sponsored
searches and seizures, there certainly are exceptions to this general rule.
Indeed, a federal court has just held that an employee did not have a
reasonable expectation of privacy in his personal computer he brought to work.
Thus, the government was deemed to have properly searched his computer without
a warrant, and he was not allowed to exclude the evidence seized from that
computer. [Source]
[Legal
Brief: Privacy Expectations in Personal Computer at Work] [No expectation of privacy
in personal computer at work]
Companies know to keep trap shut on bad employees.
Most employers fear lawsuits, despite recent favourable ruling. A section of
Alberta's Personal Information and Protection Act does allow an employer to
collect personal information about a potential employee without consent. It
also allows a former employer to disclose personal employee information to a
prospective employer. They can keep that information confidential. [Source]
--------