Biometrics

UK – UK Pushes Airport Facial Recognition

The UK Border Agency is urging passengers to use new facial recognition gates available at Stansted airport. The queue-busting technology was recently installed at the airport and the new machines are being trialled to improve border security and cut waiting time at arrivals. Passengers travelling back to the UK via Stansted can have their faces scanned and checked against their passport photo in seconds. If there is a match, the automatic gates allow the traveller across the border. The gates can be used by any British or European passenger who has a new e-passport with an electronic chip. Nearly 17 million biometric passports, which contain images, fingerprints or iris patterns, have been issued in the UK since their introduction in 2006. And nearly 160,000 passengers have used the facial recognition gates so far at Stansted since the trial started in December. The trial has been extended until October so the gates will be in use at Stansted throughout the busy summer holiday season. [Source]

WW – Biometric Scanners to Delve Inside Your Brain

Scanners that probe brain activity and heart rate are among the next generation of biometric security sensors being developed by the EU. As part of an EU-backed trial, volunteers were sat in front of a camera and microphone and wore a cap that measured heart and brain activity. The volunteer’s voice, face, heart and brain activity was matched to their record, called up on the computer by an RFID chip carried by the volunteer, and used to verify their identity. The trial is part of the Humabio project. Humabio stands for Human Monitoring and Authentication using Biometric Indicators and Behavioural Analysis. The project is looking at biometric systems that could be fitted to control access to sensitive locations using “unobtrusive” biometric checks. Researchers said the volunteers had “no reservations” about the sensors and the system was able to block all unauthorised access attempts. Other technologies being developed by Humabio include seats with sensors that refuse to start a vehicle if it can’t authenticate the driver. [Source] SEE ALSO: HUMABIO [Human Monitoring and Authentication using Biodybamic Indicators and Behavioral Analysis] Project Description.

Canada

CA – Ottawa’s Plan to Fingerprint Those Not Yet Charged Comes Under Fire

The Harper government unveiled legislation this week that would change criminal law procedure so police can fingerprint and photograph people whom they’ve arrested but not yet charged - a measure that raises civil-rights concerns for opposition parties and defence lawyers. The Identification of Criminals Act does not currently authorize police officers to fingerprint or photograph someone in custody until he or she is charged or convicted. Federal Justice Minister Rob Nicholson says allowing fingerprinting before someone is charged with an offence will help “streamline the process” and avoid unnecessary delays that prolong an individual’s stay at a police station. But prominent Toronto defence lawyer Clayton Ruby said he’s concerned this legislative change could be misused. “Providing fingerprints is self-incrimination and the Constitution protects us from this. The line that is drawn is when you are charged. And to allow police to compel you to incriminate yourself before that moment is open to abuse,” Mr. Ruby said. NDP justice critic Joe Comartin said he shares this concern and is also worried about the fact that Ottawa is not proposing under these changes to automatically destroy fingerprints and photographs of people that are never ultimately charged with an offence. Ottawa said yesterday it would be up to those fingerprinted but not charged to request that police stations delete the records collected. Mr. Comartin said he would like Ottawa to amend its plans so that fingerprints and photographs collected from those who are arrested but released without charge are deleted after a fixed amount of time. The Tories also propose to speed up the application process for search and seizure warrants by granting police greater access to “tele-warrants” via telephone or other means. Another proposed change would give parties more time to respond to expert evidence brought before court in criminal matters. The minority Conservatives will need the support of at least 12 opposition MPs to pass the crime bill. [Source]

CA – Supreme Court Will Hear G&M Appeal of Order to Reveal Sources

The Supreme Court of Canada has agreed to hear an appeal of a controversial judicial order requiring a Globe and Mail reporter to reveal his sources in the federal sponsorship scandal. The Court said that the case will be heard on an expedited basis, on Oct. 21. At the heart of the appeal is a Quebec Superior Court decision last August that allowed lawyers for an advertising firm, La Groupe Polygone, to question G&M reporter Daniel Leblanc about confidential sources who supplied him information about the sponsorship program. The court ordered 22 people - mostly government workers - to state under oath whether they helped Mr. Leblanc by providing him with sensitive information that allowed him to put together his ground-breaking expose of the program. “The ability to protect sources is fundamental to democracy, which is why freedom of the press is guaranteed in the Charter,” The Globe’s editor-in-chief, Edward Greenspon, said after the top court decided to hear the case. “A small civil suit cannot be allowed to trump those fundamental freedom of the press rights, and certainly not without the courts first weighing the harm to journalism and democracy very carefully.” [Source]

CA – Privacy Breach at Conservative Party of Canada Data Sharing

The Conservative Party of Canada (CPC) has slapped four provincial campaigns in Ontario with a cease-and-desist letter for using federal membership lists in campaign efforts. Data on thousands of CPC members is involved. “I would like to remind all campaign teams that Conservative party data... is not to be used by any of the leadership campaign teams in any form,” wrote CPC official Doug Finley. The party had been accused of contravening privacy laws, but Canada’s federal privacy legislation does not apply to political parties. The federal privacy commissioner’s office says this is an area of study. [Source]

CA – Toronto Homeowners Can Soon Manage Power Use Online, Google Says

Toronto Hydro has become the first Canadian utility - and one of eight worldwide - to test drive a new Web-based energy management tool developed by Internet search giant Google. Called Google PowerMeter, the software allows homeowners to see their daily electricity use on a personalized iGoogle home page, along with weather forecasts, news updates and horoscopes. Google collects the data from utilities that have installed smart meters outside customer homes. Toronto Hydro-Electric System has installed more than 600,000 residential smart meters throughout the city. The first 10,000 of those customers were switched last week to time-of-use pricing, meaning they are charged a premium for power used during peak times and offered a discount during off-peak times. Toronto Hydro said today the pilot is limited to a select group of customers - less than 1,000 - and will last a few months. “If successful, Toronto Hydro and Google will then offer the PowerMeter to all Toronto Hydro customers.” [Source]

Consumer

US – FPF Announces Consumer Notices Research Initiative

The Future of Privacy Forum (FPF) has launched an initiative geared toward finding new ways of helping companies communicate with consumers regarding online advertising and privacy practices. Six to ten years ago, an executive would have responded with incredulity to the notion that his company needed to do something more to educate consumers about advertising practices outside of the standard privacy policy. Today, however, we have reached a turning point. It may be due to the Web 2.0 mentality, the recognition of the expansion of data use, concerns of new legislation or the steps forward by a few business leaders, but the tide has turned. Companies are now beginning to look seriously at new ways of communicating with their users about behavioral advertising in a more effective and innovative manner. FPF’s new research project looks to build upon these efforts by specific companies and by industry groups to help find meaningful ways to engage users. [press release] [Leibowitz heartened by effort]

US – Mint.com May Begin Selling Access to Anonymous Consumer Data

Mint Software Inc., an online service that helps consumers track every dime they spend, has a goal for its own pocketbook: boosting sales as much as 10-fold this year. To fuel revenue, the company may start charging for access to anonymous data, Chief Executive Officer Aaron Patzer said. [Bloomberg]

US – MyIDscore.com Offers Free ID Theft Risk Score

Consumers trying to determine their risk of becoming an identity theft victim typically are told to check their credit report for signs of unauthorized or suspicious activity. But a new Web-based service aims to give users a view into tricks ID thieves use that credit reports often miss, such as when crooks use only parts of a victim’s identity to fabricate a new one. The new service, www.myidscore.com, is a free offering by ID Analytics, a company that sells anti-fraud software to banks and other creditors. After providing some personal information and answering a handful of questions, visitors to the site are presented with a score from 1 to 999. Unlike credit scores, where a higher score signifies a favorable credit history, with myidscore.com, a higher score means a greater risk of identity theft. [Source]

E-Government

UK – Database of All Children Launched

A controversial database which holds the details of every child in England has become available to childcare professionals for the first time ContactPoint is beginning its national roll-out in the north west. The system, costing £224m, has been delayed twice amid data security fears. The government says it will enable more co-ordinated services for children and ensure none slips through the net. It will hold the details of 11 million children and young people aged up to 18 years. The delays were prompted by concerns over access to the database. In 2007, a report into the project by auditors Deloitte and Touche said it could never be totally secure. Last summer ministers delayed the database, admitting there were some “issues” identified in testing. It says 390,000 people will have access to the database, but will have gone through stringent security training. The system will be available to workers in 17 local authorities in the north west of England, before eventually being rolled out across the rest of the country. More than 51,000 children deemed vulnerable will have their identities and information shielded, the government says, after fears were raised that information about children’s whereabouts could fall into the wrong hands. The Conservatives have called for the database to be scrapped. [Source]

UK – National Child Database Goes Live Despite Security Fears

The UK Government will launch a national database system, ContactPoint, containing details of all children under 18 years of age in England. ContactPoint was proposed following investigations into the death in 2000 of a young girl by her abusive guardians. The investigation found that while various agencies held crucial information relating to her case, that information was not shared, a factor many believe led to her death. The system has twice been delayed amid security concerns with a report from auditors Deloitte and Touche in 2007 claiming the database could never be totally secure. The UK Government says the system is vital in preventing any children from slipping through the net and that the 390,000 people who will be authorized to access the database will have gone through stringent security training. [Source] [Source] [Source]

US – White House Wins Court Fight on Email Disclosure

A U.S. federal appeals court ruled that the office that has records about millions of possibly missing e-mails from the Bush White House does not have to make them public. The appeals court in Washington ruled that the White House Office of Administration is not an agency subject to the Freedom of Information Act, allowing the White House to keep secret documents about an email system that has been plagued with problems. [WSJ] [Documents About Lost E-Mail Can Stay Secret]

US – Transparency Initiatives Launched by the White House

The White House has launched a new process for soliciting public input in the policy-making process. This three-phase structured process runs as follows:

1. Brainstorming: Starting today, citizens will be able to submit and rank ideas regarding how the government should become more transparent, participatory and collaborative.

2. Blog Discussion: Starting June 3, citizens and federal employees will discuss some of the top issues raised during the brainstorming session. For example, how can privacy and security be protected as government data is made available?

3. Wiki-based Draft: Starting June 15, the public can help craft the language of recommendations on open government. These formal recommendations will become the framework for how the open-government directive will be implemented. [Source]

E-Mail

CA – Anti-Spam Bill Targeting Phishers, Spyware

The recent introduction of the Electronic Consumer Protection Act, Canada’s long-awaited anti-spam bill, has been greeted with initial all-party support in the House of Commons. The bill just passed second reading, with committee hearings the next step in the legislative process. The bill strives to address most Internet-related consumer harms. These include email and text message spam, software programs that are secretly installed on users’ computers (spyware), the use of emails and websites that trick users into thinking they are visiting a trusted site (phishing), as well as the use of computers infected by viruses to send spam (botnets). If enacted into law, the ECPA would make it illegal to send an electronic commercial message without the prior consent of the recipient. This would create an “opt-in” system, whereby, subject to certain exceptions, marketers would have to obtain consumers’ consent before sending them commercial messages. Moreover, marketers would be required to meet several form requirements including identifying the sender and providing a mechanism to allow consumers to unsubscribe from receipt of further messages. In addition to the consent requirements, the ECPA targets the tactics frequently employed by spammers. It would become illegal to harvest email addresses without consent or to alter the transmission information on an electronic message, a rule designed to target phishing practices. The bill also makes several important amendments to the Competition Act to better ensure that the law captures false or misleading representations. Attempts to install computer programs without a user’s express consent are also included within the ECPA. This not only addresses spyware that’s secretly inserted into some emails, but also software companies that attempt to install updates without informing users, or music companies that surreptitiously install anti-copying technologies. The new provisions will only be effective if enforced and the ECPA features some of the toughest penalties in the world. The CRTC has been given a wide range of investigatory powers, including the power to compel Internet service providers to preserve transmission data. Once it concludes its investigation, the commission can pursue a settlement or bring a notice of violation with penalties that can run as high as $10 million. The Privacy Commissioner of Canada can also investigate certain complaints and the Competition Bureau can go after misleading representations with penalties up to 14 years in jail (indictment) or $200,000 and a year in jail (summary conviction). For those not content to wait for the CRTC or the Competition Bureau to act, the law also creates a private right of action to facilitate lawsuits against Canadian-based spammers. The ECPA addresses many of the recommendations of the 2005 National Anti-Spam Task Force. [Source]

Electronic Records

US – Bill Pushes Doctors to Computerize Records

The move towards electronic medical records will get a kick-start in the state of Maryland today when the governor signs a bill aimed at boosting adoption of health information technology (HIT). Gov. Martin O’Malley is expected to sign the bill, which will require private insurance companies to offer doctors financial incentives for implementing HIT. “Health IT is the future of health care in our country, and we want Maryland to lead the way,” said O’Malley. State officials have reportedly acknowledged the privacy concerns inherent in HIT, and say protections will be included in the HIT environment. [Source]

US – CDT Issue Brief: Impact of Health Privacy Law Changes in California

The California Healthcare Foundation has published a major issue brief by Deven McGraw, director of CDT’s Health Privacy Project, which analyzes the health privacy landscape in California before 2009 and changes made by enactment of recent improvements to both California and federal health privacy laws. As electronic medical records become more widely used in the changing U.S. health care environment, will consumer privacy be at risk in the process? McGraw’s paper examines numerous improvements in federal health privacy law, but also notes significant gaps in privacy protection that deserve further attention from state and federal policymakers. [CDT Issue Brief, May 12, 2009]

US – Group Seeks Sway Over E-Records System

A health technology trade association has asked the Obama administration to require that any electronic health-record equipment receiving stimulus funding be certified by a group the association helped to start and run, documents show. The Healthcare Information and Management Systems Society (HIMSS), which represents 350 technology vendors and 20,000 members, was a key force behind the decision to include $36.5 billion in the stimulus package to create a nationwide network for medical records. HIMSS is now urging officials at the Department of Health and Human Services to give an organization called the Certification Commission for Healthcare Information Technology, or CCHIT, responsibility for deciding what health records systems are eligible to receive stimulus spending. [Source]

EU Developments

UK – UK Govt Says Privacy Laws Enough to Keep Phorm In Check

In response to a citizens’ online petition, the UK government said yesterday that Britain’s data protection laws offer sufficient protection from certain behavioral advertising techniques. More than 21,000 British consumers requested lawmakers investigate the legality of Phorm’s method for helping Internet service providers deliver tailored adverts. In its statement, the government said: “It is also important that consumers’ privacy is fully protected and that they are given sufficient information and opportunity to make a clear and informed decision whether to participate in services such as Phorm.” [Source]

EU – Harmonisation of European Privacy Laws Needed: Study

Two of the authors of a recently released RAND Europe report on the EU Data Protection Directive say that the EU probably does not need to issue a new directive soon, but regulators should address discordance in member states’ privacy regulations and enforcement approaches. In a European Voice article, Lorenzo Valeri and Neil Robinson cite recent surveys revealing that, when it comes to their personal data, Europeans feel less protected than they once felt. The authors say that new threats to privacy, such as genome sequencing and social networking, also contribute to the need for a more harmonised approach to data protection. [Source] See also: [ICO Hopes Report Sparks Debate]

EU – EU Directive Flawed, Out of Date: Report

A RAND Europe study questions the efficacy of the EU Data Protection Directive. UK Information Commissioner Richard Thomas commissioned the review, which concludes that the law is flawed and out of date. In its report, RAND made nine recommendations for improving the 15-year-old directive, citing the need to change its fundamental approach to focus on protecting people and their data rather than the processes that lead to that. Among the recommendations, RAND calls for increased enforcement authority for regulators. “The success or failure of privacy and data protection is not governed by the text of legislation, but rather by the action of those called upon to enforce the law.” [Source] [Report]

EU – Spam Down, Breaches Up: Irish Data Commissioner

Data Protection Commissioner Billy Hawkes noted a decrease in spam complaints in 2008. The commissioner released his annual report yesterday, which also highlighted an increase in personal data breaches due to lost or stolen equipment. Hawkes said the reduction in spam can be attributed to a greater awareness among companies as a result of prosecutions in this area. Hawkes also noted that while he is encouraged by the public sector’s new awareness that good data handling equals good customer service, he is concerned about the EU Data Protection Directive’s “extended requirement to retain telecommunications data for possible police use.” [Source]

Genetics

US – Prosecutors Block Access to DNA Testing for Inmates

A vast majority of states have laws making DNA available to prisoners who want to challenge their convictions. But in a disturbing number of cases, prosecutors have been blocking inmates, including ones on death row, from doing DNA tests. Courts and legislatures need to do more to ensure that prisoners have access to DNA that could help prove their innocence. [Prosecutors Block Access to DNA Testing for Inmates] [NYT editorial]

US – 13,000 Offer up DNA to Put their Genomes Online

Since opening to the public late last month, The Personal Genome Project has signed up 13,000 volunteers who will donate genetic material for the benefit of gene research worldwide. Information about the genetic material will also be posted online. The project was launched last year with the goal of creating the world’s first publicly accessible database of human genomic and trait data from 100,000 people. Volunteers will have their genomes, along with photos and personal and family history, placed online as a pilot for the experiment, which one day could include millions of unique genomes. Church said study participants have not been promised any anonymity – just the opposite. [Source]

Health / Medical

US – California Regulators Issue First Fines Under New Medical Privacy Law

On Thursday, the California Department of Public Health fined Kaiser Permanente’s Bellflower hospital $250,000 for not taking adequate protections to stop employees from improperly accessing the medical records of Nadya Suleman, who gave birth to octuplets at the facility in January. The fine is the first under a state law that took effect Jan. 1. The law permits the state to fine health care providers $25,000 for the first breach of a patient’s medical records and $17,500 for each additional violation. A state report indicated that 21 employees and two physicians inappropriately accessed Suleman’s medical records 22 times from Jan. 6 to Feb. 19. Those involved also could lose their medical licenses, according to HealthLeaders Media (Clark, HealthLeaders Media, 5/15). [Source]

AU – Give Prescription Data, Get Software

A medical market research firm wants doctors’ prescribing data and will offer free software to incent physicians to provide it. AsteRx says knowing what doctors are prescribing will help it track healthcare trends. The firm will offer its business intelligence application to doctors at no cost in exchange for their signing up to release the data. Despite reassurances that patient details will be de-identified, some fear such an arrangement puts privacy at risk. “I think there’s a clear need to regulate these kinds of commercial interventions...,” said Juanita Fernando of the Australian Privacy Foundation. [Source]

EU – Health Insurance Sold Patient Data Illegally

Public insurers may have sold confidential patient information to private insurers. Federal data protection commissioner Peter Schaar has filed a legal report on the matter and prosecutors in Oldenburg and Aurich are investigating the public health insurer IKK Weser-Ems. The data sold included information such as “no teeth,” and “ill with cancer,” and may have been purchased by the private insurers for the purpose of targeting supplemental health plans. Schaar said: “I’m afraid that other public health insurers work in similar ways with private insurers.” [Source]

AU – Commissioner to Probe Potential Health Privacy Breaches

Australian Federal privacy commissioner Karen Curtis is making enquiries into certain practices related to patient privacy. The Australian Privacy Foundation (APF) health committee requested that Ms Curtis look into recent news reports that, they say, suggest doctors are “selling or trading health records” to third parties unbeknownst to patients. One involves a pharmaceutical company paying nurses to mine patient records for potential users of one its drugs. The other relates to a market research firm’s plans to glean prescribing data from physicians in exchange for free software. [Source]

Horror Stories

US – National Archives Breach Involves Clinton-Era Data

The FBI is investigating the loss of a computer hard drive from the National Archives record center, reports the New York Times. The drive contains a terabyte of data, including the personal information of individuals affiliated with the Clinton presidency. A National Archives statement said the drive houses “an as-yet unknown amount of personally identifiable information of White House staff and visitors.” Social Security numbers, home addresses and security procedures, but no classified information, are believed to be on the drive. Authorities confirmed the breach in April. Analysts are still reviewing the drive’s content. [Source]

Identity Issues

CH – Swiss Voters Narrowly Approve Biometric Passports

Swiss voters yesterday narrowly approved a referendum to add biometric technologies into passports. Fingerprint and facial features will be added into Swiss citizens’ travel documents beginning in March 2010. The vote follows the government’s 2008 decision to join Europe’s “control-free travel zone,” thus aligning itself with the U.S. visa waiver requirement. But opponents concerned about potential abuses of citizens’ biometric data collected enough signatures to bring a vote on that decision. One opponent expressed disappointment in the 50.1-49.9 results, citing data protection concerns. [Source]

US – Push to expand COPPA highly misguided

Legislative proposals to expand the Children’s Online Privacy Protection Act are highly misguided, explain Berin Szoka and Adam Thierer in “COPPA 2.0: The New Battle Over Privacy, Age Verification, Online Safety & Free Speech,” released by The Progress & Freedom Foundation. Expanding age verification mandates would require all users to surrender privacy and speech rights while doing little to improve the online safety of minors. In the paper, PFF Fellows Szoka and Thierer argue that proposed state laws to expand the parental consent framework in the Children’s Online Privacy Protection Act (COPPA) to include adolescents between 13 and 17 would essentially require age verification of all users of affected sites, including large numbers of adults. This would violate the First Amendment rights of adults as well as of minors and site operators. Attempts to enact such proposals at the state level would also conflict with the Commerce Clause because of the interstate nature of the Internet. Furthermore, in light of widespread “social networking” found in most Web 2.0 websites today, expansion of parental consent requirements would be unworkable because of the increased hassles and costs of compliance. Expanding age verification mandates would also require websites to obtain more information about both minors and their parents, which runs counter to the original goal of the Act: protecting the privacy of minors. [Source] [Report] Also see: [Podcast: Could expanding privacy law harm children?] and Parental Controls and Online Protection: A Survey of Tools and Methods

Internet / WWW

US – Privacy Rights Don’t Extend to the Dead, Family Discovers

A court ruling expected any day in California could determine whether or not someone who is dead still has a right to privacy. That may sound odd, but for one family that very question has turned their daughter’s death into a nightmare they are forced to keep reliving. On Halloween 2006, 18-yr old Nikki Catsouras took her dad’s Porsche, flew nearly 160km/h down a highway, clipped another car, flipped across the median and crashed into a toll booth. The accident scene was so horrific, the coroner would not allow Nikki’s parents to help identify her body. Little did they know that millions of people would see their daughter’s tragic death. “I didn’t understand it initially,” says her father, Christos Catsauros. “I didn’t understand, ‘What do you mean there are pictures?’“ Within days, accident scene photos showed up online. The most horrific were of Nikki’s nearly decapitated head. The pictures got out when at least one California Highway Patrol dispatcher emailed them to friends. From there they spread like wildfire. Today, the name Nikki Catsouras returns nearly 3 million results on a Yahoo search. Someone even emailed Christos the most gruesome photo of his daughter. The Catsouras family eventually realised they couldn’t fight cyberspace. “These internet predators that are harming us, that won’t take the photos down, have more rights than we do,” says Lesli. She is right - even those trafficking in death images online are generally protected by free speech. So instead the Catsouras family hired a lawyer and sued the California Highway Patrol for invasion of privacy. But the court ruled that privacy rights don’t extend to the dead. The family is appealing. [Source]

US – Study: Consumers Would Not Benefit from Privacy Regulation

A new study by the think tank Technology Policy Institute concludes that new online privacy measures won’t help consumers and could hinder Web companies. “Regulation should be undertaken only if a market is not functioning properly and if the benefits of new measures outweigh their costs,” states the 56-page report, “In Defense of Data.” “Our analysis suggests that proposals to restrict the amount of information available would not yield net benefits for consumers.” To a large extent, the paper reiterates arguments that online ad companies first made a decade ago: Targeted ads are more relevant to consumers, subsidize free content, and pose no threat to privacy because they are anonymous. “More privacy implies less information available for producing benefits for consumers,” state the writers, economists Thomas M. Lenard and Paul H. Rubin. Lenard has previously worked in the Office of Management and Budget and the Federal Trade Commission. The report comes as policymakers are calling for increased privacy protections online. Rep. Rick (D-Va.), chairman of the House Communications, Technology and Internet Subcommittee, recently vowed to introduce new legislation. In addition, FTC chair Jon Leibowitz has said the industry should do a better job of notifying Web users about online ad targeting and allowing them to opt out. In one recent interview, Leibowitz went even further and urged companies to obtain users’ explicit opt-in consent. [Source] [Study: Consumers Would Not Benefit From Privacy Regulation] [Source] [TPI Paper: In Defense of Data: Information and the Costs of Privacy]

Law Enforcement

UK – Court Orders Cops to Destroy Photos of Peaceful Protesters

Police surveillance tactics were dealt a blow by appeal judges with a ruling that photographs taken of peaceful protesters campaigning against the arms trade must be destroyed. Two out of three judges in the Court of Appeal ruled that there had been a disproportionate interference with a protester’s right to privacy when police surveillance teams photographed him and followed him. The judges ordered that the Metropolitan Police destroy the photographs taken of Andrew Wood, a member of the Campaign Against Arms Trade, when he was protesting in London in April 2005. But the order was stayed for a month to allow the police, who must also pay the legal costs, a chance to apply to take the case to the House of Lords. A spokesman for Liberty, the human rights group which backed the case, said that the decision could have implications for future use of photography by the police - a tactic which it says is being used more frequently, particularly when policing protests. [Source]

Location

US – Scrubbed Geo-Location Data Not So Anonymous After All

Anonymized data collected from GPS-enabled devices may not be as anonymous as you think, according to researchers who show that knowing someone’s general home and work locations can be enough to identify an individual uniquely. The findings, by Philippe Golle and Kurt Partridge of PARC, or the Palo Alto Research Center, are significant, given the proliferation of devices that monitor a user’s geographic location using global positioning system and other technologies. At the same time, a growing number of websites monitor user location to offer restaurant recommendations and other services. “Obfuscation techniques which prevent re-identification based on (approximate) home location alone may not be adequate if the subject’s (approximate) work location is also known,” they write. “In fact, we show that home and work locations, even at a coarse resolution, are often sufficient to uniquely identify a person.” [Source] [33 Bits of Entropy blog] See also: [6.5m vehicles to be tracked by 2012]

Online Privacy

US – NebuAd Closing

Behavioral targeting firm NebuAd has closed. The company came under scrutiny last summer during Congressional hearings on its behavioral targeting platform, which collects Web surfers’ online histories for the purpose of tailoring ads. At one time, the company employed 60 people, but has been working with a “skeleton staff” lately, according to an attorney familiar with the situation. NebuAd filed court papers that confirm the closure. A dozen Web users filed suit against NebuAd and six ISPs in November for alleged privacy violations. [Source]

US – Just Browsing? A Web Store May Follow You out the Door

The e-mail addresses and phone numbers offered up by online shoppers could soon be used for more than just order confirmations. The New York Times reports on a Web service currently in beta testing that will use customer-offered information to remarket to them in real time. The idea, according to the maker, is to help online retailers recover from instances of shopping cart abandonment--when a shopper puts items into his or her cart, but doesn’t follow through with a purchase. When this occurs, the service alerts the Web store and the shopper is contacted immediately by phone or e-mail to see what’s up. [Source]

EU – Google Threatened With Sanctions Over Photo Mapping Service in Germany

A German data protection official on Tuesday threatened Google with “unspecified sanctions” if the company did not change its Street View panoramic photo mapping service to conform to the country’s strict privacy laws. Johannes Caspar, the data protection regulator for the German city-state of Hamburg, where Google has its German headquarters, said officials would be forced to pursue unspecified sanctions if he did not receive written guarantees from Google agreeing to changes before 10 a.m. local time Wednesday. [NY Times]

US – Germany Reaches Deal with Google on Street View

Hamburg’s data protection authority and Google have reached a preliminary arrangement regarding the company’s online mapping service, Street View. Johannes Caspar said that the company must modify its service to conform to German data protection laws, and earlier this week requested written guarantees from Google on identity protection techniques and data retention matters. Street View provides 360-degree views of cities and has launched in 11 countries so far. The company has not set a launch date for the German version of Street View, but began photographing German cities in 2008. Caspar says data privacy discussions will continue in the coming week. [Source]

WW – What Happens When You Delete Your Photos Online?

The results of a study released by University of Cambridge researchers conclude that Web sites that host user-uploaded photos commonly store those photos even after users deleted them. The researchers studied 16 popular Web sites, noting the URLs of uploaded photos, and then revisiting those URLs after deleting the photos. On seven of the 16 sites, the photos remained accessible after 30 days. The researchers noted that social networks are particularly slow to fully delete. “This demonstrates how social networking sites often take a lazy approach to user privacy,” said researcher Joseph Bonneau. [Light Blue Touchpaper » Blog Archive » Attack of the Zombie Photos] [Coverage]

US – IAB Issues Social Advertising Guidelines

At its Social Media Marketplace conference in New York, the Interactive Advertising Bureau (IAB) released guidelines for social media advertising. The standards intend to aid advertising growth on social networks. The guidelines offer privacy policies and suggestions on using consumer information. They also recommend opt-in and opt-out policies and additional user privacy oversight. “Industry standards are essential to making social media easy, safe and scalable for advertisers,” said the IAB’s Seth Goldstein. “The new IAB framework is a critical first step in this direction and we are excited to help enable the next generation of social advertising.” [Source]

Privacy (US)

US – FCC Can Search Homes Without A Warrant, Agency Says

Privacy experts are slamming FCC officials who claim they have broad powers to enter U.S. homes and to conduct searches without a warrant, if they suspect a personal electronic device is interrupting other signals. “Anything using RF [radio frequency] energy, we have the right to inspect it to make sure it is not causing interference,” FCC spokesman David Fiske tells Wired.com. That FCC policy dates back to the Communications Act of 1934, which grants the Commission broad powers to regulate the airwaves, assign frequencies in the public interest, and ensure broadcasters’ transmissions do not interfere with other stations’ signals. That 1934 Act, however, did not envision a telecommunications environment where it is common for ordinary homeowners to use a variety of RF-generating devices such as wireless routers, cell phones, wireless phones, even garage-door openers and baby monitors. The Electronic Frontier foundation, an online privacy group, called the FCC’s interpretation a “major stretch.” [Source] [Experts Sound Alarms Over FCC Searches] [Experts Sound Alarms Over FCC Searches]

US – FTC Provides Another “Strong Nudge” for Self-Regulated Advertising

The FTC continues its push for more robust standards in the online advertising arena. At the Online Marketing Summit in Washington, DC last week, the FTC’s Richard Quaresima echoed FTC Chairman Jon Leibowitz’s earlier statement that, in the eyes of the commission, the industry needs to beef up its self-regulatory guidelines. “I think you can view this as an extremely strong nudge,” Quaresima said. The FTC released its own principles for online behavioral advertisers earlier this year. Quaresima also noted that any data that can be tied to a specific consumer, computer or device should be considered personally identifiable when it comes to behavioral advertising. [Source]

US – Groups Launch “Chain of Trust” Initiative

The CDT-organized Anti-Spyware Coalition, working jointly with the National Cyber Security Alliance and StopBadware.org, today launched a new initiative to combat malicious software (malware) by establishing a “Chain of Trust” among all organizations and individuals that play a role in securing the Internet. The Initiative will link together security vendors, researchers, government agencies, Internet companies, network providers, advocacy and education groups in a systemic effort to stem the rising tide of malware. Applying many of the same approaches used to bring nuisance adware under control, the Chain of Trust Initiative aims to establish a united front against a threat continues to grow exponentially. [Chain of Trust Press Release, May 19, 2009]

WW – One in Five Teenagers Claim to Have Used Hacking Tools

A recent survey of 4,000 teenagers between the ages of 15 to 18 years of age states that 17% of those surveyed know how to find hacking tools online with one third of that group admitting that they have used the tools. The survey also reveals that 67% of the teenagers surveyed admitted to trying on at least one occasion to hacking into a friend’s email or social networking account. [Source] [Source] See also: [Another Phishing Attack Targets Facebook Users]

US – Woody Allen Wins $5M in Lawsuit Over His Images

American Apparel Inc settled film director Woody Allen’s lawsuit over the company’s use of his image in advertising for $5-million. “I am told the settlement of five million dollars I am being paid is the largest reported amount ever paid under the New York right to privacy law,” Mr. Allen told reporters outside Manhattan federal court where the case was being heard. Mr. Allen sued the U.S. clothing company more than a year ago seeking more than $10-million after the American film director’s image appeared on billboards in New York and Los Angeles. Mr. Allen says his reputation was damaged and his image was used for profit without his consent. [Source]

Security

US – Survey: Security Budgets Down

A study of more than 200 information security officers (ISOs) has revealed that security budgets are falling. Deloitte surveyed ISOs in the high-tech, media and telecom sectors for its 2009 Global Security Survey, finding that 32% are facing reduced budgets, the report states. 25% of those surveyed indicated their budgets have increased slightly. The number of ISOs investing in new security technologies is down 13%, according to the results, from 67 to 53%. The study also revealed a six percent decline in companies that had an “executive responsible for privacy.” [Source]

UK – Ministry of Defence Admits to Losing 28 laptops This Year

Between January 1st and May 11th of this year the UK Ministry of Defence has admitted that 28 laptops, 20 USB Drives, four PCs and a Blackberry were lost or stolen. It is unclear as to whether or not any of the lost devices were encrypted. Minister of State Bob Ainsworth said “New processes, instructions and technological aids are also being implemented to mitigate human errors and raise awareness of every individual in the department.” [Source] [Source] [Source]

Surveillance

CA – Three-Year Plan Sought for Toronto Police Security Camera Use

The Toronto Police Services Board has asked Police Chief Bill Blair to lay out a three-year plan for the force’s use of closed-circuit security cameras, after hearing privacy concerns from activists. Chief Blair had asked the board to approve the permanent use of 24 police cameras set up for pilot projects in the city’s nightclub district, a downtown stretch of Yonge Street, Jane and Finch and other areas. He said the cameras had helped reduce crime and had made residents feel safer. The cameras can still be used in the meantime, but the board voted to have Chief Blair detail how and where the cameras would be deployed in the future and commit to having their effects on crime independently evaluated by an academic expert. Detective-Sergeant Mark Barkley said the cameras, in use since 2006, had resulted in four dozen charges being laid. But a police evaluation also concluded that while crime rates went down in many camera locations, it was difficult to prove conclusively that the cameras were responsible. [Source] [Source] [Police cameras challenged]

WW – EC & WADA: More Privacy Talks Coming

Although European and World Anti-Doping Agency (WADA) officials reached a compromise on some data protection matters recently, privacy discussions will continue. Earlier this month WADA officials revised data protection guidelines to meet certain EU demands, but concerns remain about the agency’s ability to protect European athletes’ personal data, as do concerns about the agency’s “whereabouts” rule, which requires Olympic-level athletes to declare their whereabouts every day. European Commission officials at an anti-doping conference last week said that privacy negotiations will resume next month. [Source]

Telecom / TV

EU – Swedish Retention Amendment “Incongruous” with IPRED

A proposed amendment to an anti-piracy law would require Swedish Internet service providers (ISPs) to save user traffic data for a minimum of six months to aid in the investigation of serious crimes. The draft amendment, say some, poses compliance challenges. “It appears as if these rules are incongruous,” said Stockholm University law professor Cecilia Magnusson Sjöberg, citing the difficulty ISPs will have complying with the parent law--the EU Intellectual Property Rights Enforcement Directive (IPRED)--should the amendment pass. The IPRED lets courts force ISPs to release information about users to aid piracy investigations. It went into effect on April 1. [Source]

US Government Programs

US – FBI ‘Going Dark’ with New Advanced Surveillance Program

The proposed 2010 Justice Department budget published last week reveals the development of a new FBI advanced electronic surveillance program dubbed “Going Dark.” The program is being budgeted $233.9 million next year. According to the published budget summary, the program “supports the FBI’s electronic surveillance (ELSUR), intelligence collection and evidence gathering capabilities, as well as those of the greater Intelligence Community.” An FBI spokesman said the program’s name, Going Dark, refers to the FBI’s Operational Technology Division’s (OTD) lawful interception program which is shared with other law enforcement agencies.” He added that “The term applies to the research and development of new tools, technical support and training initiatives.” The program is designed to help the agency address challenges with conducting surveillance over newish technologies, such as VoIP. The program is also doing research on automated link analysis to find connections between subjects of surveillance “and other investigative suspects.” The budget report also discusses a Biometric Technology Center that is being developed jointly by the FBI, Defense Department and Justice Department in conjunction with the University of West Virginia for research and development of biometric technologies. The center is located at the Criminal Justice Information Services (CJIS) Division complex in Clarksburg, West Virginia. The biometric project will also encompass “a vast database of personal data including fingerprints, iris scans and DNA which the FBI calls the Next Generation Identification (NGI),” according to ABC, which could be online next year. Lockheed Martin has been awarded the contract to update and maintain the database at an estimated cost of up to $1 billion a year. [Source]

US – FBI Use of Patriot Act Authority Increased Dramatically in 2008

FISA-court authorizations for national security and counter-terrorism wiretaps dropped last year by almost 300, a new Justice Department report to Congress shows. But the FBI’s use of “national security letters” to get information on Americans without a court order increased dramatically, from 16,804 in 2007 to 24,744 in 2008. The 2008 requests targeted 7,225 U.S. people. This is still much lower than the number of NSLs issued in 2006 — more than 49,000 — but indicates that the FBI’s reliance on the self-authorized subpoenas is rebounding, after audits in 2006 and 2007 revealed the bureau had been abusing the tool. The new seven-page report was submitted to Congress last week. [Source]

US Legislation

US – Tennessee Speeders Could Get Fingerprinted: Bill Ignites Debate About Privacy

Motorists stopped for traffic violations in Tennessee could be fingerprinted if state lawmakers approve a bill pending in the legislature. Currently, when drivers are cited during traffic stops, police officers ask for the driver’s signature on the ticket, but the proposed bill would allow police departments to eliminate signatures and collect fingerprints. Supporters say collecting fingerprints would save money and help police determine whether the driver is wanted for a criminal offense, but opponents worry that it allows the government to tread on individual privacy rights. The bill has been approved by the state House of Representatives, and senators will vote on the measure this week. The bill, if passed, will take effect on July 1. At that time, any police department within the state could require fingerprinting as a means of identification, said Haynes, a Goodlettsville Democrat. “It’s their discretion,” he said. [Source]

US – Republican Bill Would Give Patients More Privacy, Control Over Care

New federal legislation seeks to prevent government bureaucrats from interfering in private health care and guarantee patient rights to control health care decisions. Republican Congressman Pennsylvania Rep. Charlie Dent, R-15, and Illinois Rep. Mark Kirk are the cosponsors of the Medical Rights Act of 2009 bill, which was introduced this week. The bill prevents the government from rationing private health care and actions that interfere in the doctor-patient relationship, the congressman contends. It also would prevent the federal government from regulating the hiring practices of organizations that provide health care, such as hospitals and clinics. The bill protects the rights of patients to buy health insurance, or make any other arrangements to pay for their own health care. [Source]

Workplace Privacy

WW – Bosses and Workers Disagree on Social Network Privacy

Employers and employees have different attitudes about what is private, according to the results of a new Deloitte survey. The Wall Street Journal reports that while 60% of respondents with managerial job titles indicated that businesses have a right to know what their employees are posting on social networking sites, 53% of employee respondents said their posts are none of the boss’s business. Sharon Allen of Deloitte said the results “tee up the challenging debate or discussion that needs to take place to try to resolve both of their concerns.” Allen suggests employers set guidelines on ethical behavior and encourage employees’ use of privacy settings. [Source]

+++