US – Inspector General: Biometrics Could Reduce Fraud, Improve Identity Verification

The IG for the Department of Homeland Security recommends that the U.S. Citizenship and Immigration Services agency should use biometrics to verify identities. The report concludes that the system used to verify identities of people applying for U.S. citizenship and residency relies too much on paper documents and remains vulnerable to fraud. [Source]

UK – Government Officials Reveal Anti-Crime Wish List

The Home Office is seeking increased use of biometrics and RFID tracking to fight crime. The government is planning increased use of biometrics to verify identities. The Home Office plans to create a “Biometric Center of Excellence” to explore other uses for the technology. [Source]

BC – Loukidelis Re-appointed as BC’s Information and Privacy Commissioner

BC’s Information and Privacy Commissioner, David Loukidelis, was appointed for a second six-year term. Members of a Special Committee of the Legislature unanimously recommended that the House reappoint Loukidelis. In its deliberations, members of the Committee considered it appropriate to interview Mr. Loukidelis before deciding whether or not to undertake an open competition. As a result of their interview and their assessment of the Commissioner’s performance during his first term, it was clear to the Committee that a further search was unlikely to result in a more accomplished applicant. A September 2005 amendment to the Freedom of Information and Protection of Privacy Act removed a provision limiting a Commissioner to serving only one six-year term. The amendment brought the Act into line with the statutes governing the other statutory officers in British Columbia, as well as those governing Information and Privacy Commissioners in other jurisdictions. [Committee Report]

CA – Proposed Merger of Privacy, Information Czars a Mistake

Merging the offices of the information and privacy watchdogs would take some of the bite out of their roles, warns a federally commissioned report. Former Supreme Court justice Gerard La Forest urged the federal government to focus instead on making information and privacy laws work better for the public. The information commissioner is an ombudsman for Canadians who request files under the federal access law, while the privacy commissioner handles complaints about abuses of personal information. The appointment of a single commissioner to both offices “would likely have a detrimental impact” on the policy aims of the access and privacy laws, Mr. La Forest’s report says. Combining the functions would not save much money and could leave one commissioner with too much work, he said. Mr. La Forest calls on the government to “do much more” to foster compliance with information and privacy obligations. He says the government should:

- Make it clear that information should be provided to requesters unless there is a compelling reason not to do so;

- Develop better information management systems;

- Provide incentives for complying with the law. [Source] [Coverage]

CA – Canada Passes Do Not Call Legislation

Bill C-37, the do-not-call bill, is now law in Canada. The Canadian Senate put the bill on the fast track last week and granted it the necessary approvals. [Source]

CA – Ottawa To Allocate $110 Million for Big-City Transit Security

The federal government will spend $110 million on improving transit security in the country's six largest cities, announcved Transport Minister Jean Lapierre's last week. The bulk of the money will go to Vancouver, Calgary, Edmonton, Toronto, Ottawa and Montreal, though other cities will be eligible for assistance to carry out assessments and develop plans. The money will cover 75% of the costs of new transit security measures, the minister said. "A number of cities have quite antiquated security systems. Toronto's subway, for instance, has very limited video surveillance." Other components of the program announced Wednesday include:

A new passenger rail and public transit security program, called RideSecure, to be implemented over three years.
Enhanced security expertise and specialized technology assessments.
Security measures on domestic ferries under Transport Canada's marine security program.
A new task force on intelligence, policing and response.

Lapierre also announced $29.1 million will be distributed among 101 ports and marine facilities for surveillance equipment, dockside and perimeter security, communications equipment and training. He said the new security started with aviation. Next came ports. Now the focus is on mass transit. [Source]

WW – Surveys Show Online Shoppers Fear ID Theft

Two recent surveys of U.S. Internet users indicate that online shoppers would take their business elsewhere if their personal information was at risk. One survey of 2,000 adults - commissioned by Sun Microsystems and done by Harris Interactive - found that two-thirds of respondents expected to shop online this holiday season. However, 67% said they were likely to stop making online purchases if their personal information was compromised. Another study by Forrester Custom Consumer Research, commissioned by the Business Software Alliance, found that U.S. customers ranked their greatest concern as a fear that their personal information would be sold to a third party, followed by identity theft. [Source]

CA – Achats en ligne : les Canadiens plus craintifs que les Américains

Les craintes à l’endroit de la sécurité retiendront 40% des Canadiens d’acheter leurs cadeaux de Noël en ligne cette année, indique une récente étude de l’ACCVL, contre 24% d’Américains. Avec la saison des fêtes qui approche à grands pas, nombreux sont les consommateurs qui ont commencé à faire leurs emplettes de Noël. Les grandes surfaces, qui ont déjà sorti leurs étalages de Noël, se préparent à recevoir les masses soucieuses d’accomplir leur devoir de consommation. Certains, évidemment, voudront éviter la cohue (on les comprend...) et se tourneront vers Internet pour effectuer leurs achats de Noël. Mais, cette année, leur nombre ne sera apparemment pas aussi important que ne le voudraient les marchands qui ont pignon sur le Web. Or, des craintes au chapitre de la sécurité seraient la première responsable de la timidité des consommateurs en ligne, selon l’Alliance canadienne contre le vol de logiciels (ACCVL) qui vient de publier une étude sur le sujet. [Source]

UK – Report: E-Gov Becomes T-Gov

The UK Cabinet Office has published a study into e-government practices, highlighting how governments in the most advanced countries are moving into a new wave of electronic services and processes. This “fourth wave” is allowing governments to change the way they do things - even reforming legislation - rather than just creating electronic versions of existing processes and services, the study found. This new wave is beyond e-government, the group said, suggesting that a more accurate, if less catchy, buzzword could be technology-enabled government, or “t-government”. The full report, by Booz Allen Hamilton, gives a detailed analysis of common challenges and conditions facing the US, Germany, Japan, France, UK, Italy, Canada, Sweden and Australia, and gives case studies drawn from more than 450 initiatives that were assessed. The idea is to give concrete examples of best practice that governments can draw on rather than reinventing the wheel, said Jim Murphy MP, parliamentary secretary with the Cabinet Office. “The report will challenge us all to use ICT to make a real difference, by building on good practice examples to deliver customer-centered public services across Europe,” he said in a statement. [Source]

US – Internet Providers Better at Stopping Spam, FTC Says

E-mail spammers are aggressive as ever but Internet providers are getting better at blocking junk messages before they reach users’ inboxes, according to a U.S. Federal Trade Commission study. The FTC found that spammers continue to “scrape” e-mail addresses from the Web using automated programs that look for the telltale “@” sign. [Source] [FTC Report] [Source]

EU – EU Committee Approves Storage of Internet Usage

A European Union committee agreed that details of all EU-wide phone calls and Internet use should be stored, but the committee’s steps did not go as far as some member states had wanted in the battle against terrorism and crime. The European Parliament’s civil liberties committee voted 33 to 8 in favor of the new rules, whereby details on telephone calls and Internet use – but not their content – would be kept for 6–12 months. [Source]

UK – Patient Worries over e-Records

Many health campaigners fear that the introduction of electronic patient records will result in a loss of privacy and confidentiality, according to research issued on 30 November 2005. A survey of health campaigning organizations based in the UK and overseas finds that although the switch to e-records is generally welcome, over 60% are worried that data could get into the “wrong hands” and that privacy and confidentiality could become compromised. Among the 208 organizations polled, groups include the Parkinson’s Disease Society, Crisis, the Manchester Alliance for Community Care and Mind. [Source]

US – Disk Encryption Technology Integrated in U.S. Department of State Pilot Project

WinMagic has begun working on a pilot project with the U.S. Department of State which would integrate a Personal Identity Verification (PIV) card and biometrics with Public Key Infrastructure (PKI) and disk encryption. It is designed to help the department meet HSPD-12 mandates. The pilot project centers on the integration of a Personal Identity Verification (PIV) card and biometrics with Public Key Infrastructure (PKI) and disk encryption. WinMagic, along with Entrustr, Precise BiometricsT, SafeNetr, and VMwarer are working together on the pilot project. “Proactive federal agencies recognize the necessity to integrate data protection solutions such as the full-disk encryption offered by WinMagic’s SecureDocr with already mandated authentication technologies,” says Thi Nguyen-Huu, CEO, WinMagic. “These agencies realize this will not only protect sensitive data on computers from both internal and external security breaches, but will also prevent unauthorized access from stolen laptops. [Source]

EU – Review of EU Regulatory Framework for Electronic Communications and Services

Call for input on the forthcoming review of the EU regulatory framework for electronic communications and services, including review of the Recommendation on relevant markets. Deadline 31 January 2006. The Commission Services invite interested parties to give their views on possible changes to the five EP and Council directives that constitute the current EU framework for electronic communications, and to the Recommendation on relevant markets. See consultation document. A public workshop is provisionally planned for Tuesday 24 January 2006 in Brussels. The workshop will be open to all interested parties, but prior registration is required. [Source]

EU – Annul Passenger Data Decisions, says Advocate General

European Commission and Council decisions that led to a controversial agreement permitting the transfer of air passenger data to the US should be annulled because they do not have an adequate legal basis, according to Advocate General Phillipe Léger. [Source]

UK – Users Flood ‘Most Wanted’ Website

An FBI-style website, aimed at tracking the UK’s most wanted crime suspects, has received more than 350,000 hits on its first day. The site, launched by Crimestoppers, lists police appeals in the UK as well as pictures of wanted suspects. The Most Wanted site proved so popular on the morning of its launch, it received 21,000 hits in five minutes. [Source]

EU – Clock Ticking for EU Administration’s Compliance with Data Protection

The European Data Protection Supervisor (EDPS) has sent a paper to the heads of the EU administration, in which he addresses the Data Protection Officer’s (DPOs) role as a strategic partner in ensuring compliance with the data protection regulation (45/2001) without delay. One of the key messages is that also all EU bodies need to appoint a DPO, although the appointment in itself does not automatically mean full compliance with the regulation. A second key message is that the DPOs must be notified more adequately of personal data processing within their entity and that they must notify the EDPS of any processing which entails specific risks for the people concerned and therefore need a prior check. [Source]

EU – Commission Proposes Changes to JLS Databases

With a view to achieving a higher level of EU internal security the European Commission this week adopted a package of measures consisting of: (a) a proposal for a Council Decision concerning the access for consultation to the Visa Information System (VIS) to authorities of Member States responsible for internal security and to Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences, and (b) a communication on the medium- and long-term development of the three common European databases in the field of justice and home affairs: the Schengen Information System (SIS), the Visa Information System (VIS) and EURODAC, the database containing fingerprints of asylum seekers and illegal immigrants. [Source]

CA – Bank Warns Against Identity Theft Miscues

More than 9,000 people in Canada have had their identities stolen this year, and a new poll indicates 77% of Canadians worry about identity theft but only 10 per cent feel they know what to do about it. According to PhoneBusters, the central agency that collects information on identity theft in Canada, there were 9,034 victims of identity theft reported in the first 10 months of this year, with losses totalling $7.2 million. The early-November poll for the Canadian subsidiary of U.S.-based Capital One Financial Corp. found 45% of the 2,002 adults surveyed do not monitor their credit reports on a regular basis for errors or suspicious items. The Ipsos Reid survey, which claims a margin of error of 2.2 percentage points, "reveals that consumers should be more cognizant of some simple practices that could help protect against identity theft," says Capital One Bank. [Source]

ON – Security Worries Hamper Wireless Health-Care Plans

Canadian health care facilities have built highly secure wireless systems - but don’t expect them to use them for anything involving electronic patient records anytime soon. That was the consensus of the audience at a panel discussion Wednesday on overcoming challenges to wireless security at the 4th annual summit on wireless and mobile health care technology. “We at Saint Elizabeth Health Care partnered with Ontario’s Smart Systems for Health to establish secure e-mail,” said Paresh Manek, director of technology at the home health care provider organization in Toronto. “We use the SSHA network as the basis for exchanging information securely. We got everything done, and after all the celebrations were over, six months later it’s collecting dust.” Manek said the organization’s privacy officer shut it down, or at least confined its use to back office applications, because it is seen as too risky to exchange patient-related information among various facilities, although from an IT perspective, it’s as air-tight as it can be, he said.

[Source]

WW – Forecast: ID Theft by Insiders to Grow Dramatically in '06

A leading computer security analyst is predicting that even as companies implement more IT security to prevent Internet hackers from tapping their networks, there will be increased theft of secure data by insiders, like employees. The data security forecast by Joseph Ansanelli, chief executive officer of the data security firm Vontu, indicates that in 2006, as employees continue to learn about the value of sensitive customer information -- and if they are not trained and encouraged properly to protect this information – there is a real risk that this information will increasingly be misused by retail employees. [Source]

UK – ID Card Bill Powers Need More Scrutiny, says Select Committee

The UK Select Committee on Delegated Powers and Regulatory Reform has concluded that Parliamentary scrutiny of the ID Card Bill needs to be enhanced. It described powers being sought in the Bill by the Home Secretary as ‘inappropriate.’ Unlike three other Parliamentary Committees which have criticised the substance of the Government’s ID Card proposals, this Committee was established in the 1990s to counter ‘the considerable disquiet over the problem of wide and sometimes ill-defined order-making powers which give Ministers unlimited discretion’. In other words, the Committee looks at whether the executive arm of Government is seeking excessive powers or whether the powers being sought are subject to sufficient scrutiny by Parliament. [Source]

UK – Forged ID Cards Won’t Work, Insists Government

Forged identity cards will be “ineffective” because they won’t be able to be verified through the central identity database, the government has insisted. Earlier this month former MI5 chief Dame Stella Rimington said nobody in the security services would be pushing for the cards. She warned that if the cards could be forged they would be rendered “absolutely useless”. But now Home Office minister Andy Burnham has highlighted that the anti-forgery technologies used in the cards would make attempts to fake them a waste of time. In a written response to questions from MPs he said: “The identity cards scheme and the identity card itself are being designed to prevent the successful production and use of forged identity cards.” He said the ID card will be supported by an individual’s record on the National Identity Register.

[Source]

EU – Music Industry Seeks Access to Private Data to Fight Piracy

The music and film industries are demanding that the European parliament extends the scope of proposed anti-terror laws to help them prosecute illegal downloaders. In an open letter to MEPs, companies including Sony BMG, Disney and EMI have asked to be given access to communications data - records of phone calls, emails and internet surfing - in order to take legal action against pirates and filesharers. Current proposals restrict use of such information to cases of terrorism and organized crime. [Source]

US – Ct. Lawmakers Announce Bill to Limit Access to Electronic Scanners

Lawmakers plan to file a bill next year to fight the electronic theft of credit-card information. The state does not have a law on the books to restrict the use of the electronic scanners that can capture information from magnetic strips. Criminals are using the scanners to steal credit-card information. [Source]

UN – UN Assembly Adopts E-Contracting Convention

The United Nations General Assembly has adopted a new convention on using electronic communications in international contracting, superseding law negotiated before the development of e-mail and the Internet. The new Convention was approved last Wednesday. [Source]

WW – Cybercrime Outpaces Drug Trafficking, Expert Says

Global cybercrime generated a higher turnover than drug trafficking in 2004 and is set to grow even further with the wider use of technology in developing countries, a top expert said. No country is immune from cybercrime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy, said an advisor to the U.S. Treasury on cybercrime. [Source]

US – Crooks Covet Justice Databases

Adrian Minnis ran a heroin distribution ring that was violent and tightly knit, making it difficult for informers to penetrate it, federal authorities say. The gang also had a secret weapon: It cultivated a police officer to dig into a law enforcement database to figure out which of its customers might be undercover informers, according to an indictment filed against Minnis and 20 other alleged ring members. There is no indication the officer actually identified an informer, or that his prying into the REJIS database led to anyone being hurt. Yet the accusation against St. Louis police Officer Antoine Gordon, who has since resigned, suggests that crime rings can target REJIS or other databases to insulate themselves against investigations. “A police officer’s participation in a drug conspiracy heightens the risk to civilians and other law enforcement officers,” then-U.S. Attorney Jim Martin said at the time of Gordon’s indictment in February. “Such conduct is inexcusable.” [Source]

US – 50 US States Introduced Outsourcing Legislation

Legislation with respect to outsourcing were introduced in nearly all 50 US states as well as in the Congress and there is little to indicate that this legislative trend is going to stop, a new study has indicated. [Source] [Source]

US – GAO Auditors: Data Lacking on Impact of Offshoring on Consumer Privacy

The Government Accountability Office (GAO) has released a study on offshoring that concludes no federal data exits to inform the public about the impact of offshoring services on a range of issues, including consumer privacy and the security of consumers’ financial or medical data. Federal and state lawmakers are seeking passage of bills to restrict offshoring of certain government services. [Source]

US – Cybercrime Treaty Seen as Civil Liberties Threat

CNET’s Declan McCullagh reports on the move in the Senate to ratify the Council of Europe’s Cybercrime Treaty. McCullagh argues that the Convention will endanger Americans’ privacy and civil liberties and place the FBI’s massive surveillance apparatus at the disposal of nations with much less respect for individual liberties. [Source]

WW – Amazon Wish Lists Expose Kids

Amazon.com's wish list feature is a great way to let relatives know what a kid wants but it's also potentially a great way for predators to connect with kids. Creating a wish list is easy. Users register or sign in, search for products and then click the "Add to Wish List" button. But would-be recipients of largess must provide their shipping addresses at registration, and, Amazon.com warns them, "We will display your city and state to help your friends and family identify you. We won't, however, show your phone number or street address to others." But site visitors can search wish lists by name, presumably to see whether anyone they want to gift has set one up. However, it's relatively easy for a stranger to find a kid simply by searching for a common first name, then scrolling through the list to find those who have listed last names, cities and states. Clicking through to the wish list gives a good indication of how old the person is. [Source]

AU – Privacy Commissioner: Delays for Privacy Investigations

Consumers and businesses are being frustrated by a year-long wait before complaints about privacy breaches are allocated to a case officer, the Federal Privacy Commissioner’s office has conceded. The commissioner’s annual report reveals the office has failed to meet its targets and the formal investigation of privacy complaints now takes an average of 17 months. Many consumers must wait 12 months before an investigation even starts. [Source]

NZ – Privacy Commissioner: Privacy Complaints Have Decreased

The privacy commissioner has announced progress in clearing a backlog of complaints. In the year that ended June 30, 970 complaints were cleared – 637 of which the office resolved by informal conciliation between the parties. The office also reports that complaints have fallen from 818 to 569. However, the commissioner expects that “the rapid growth of information technologies” will result in an increase in privacy complaints. [Source]

CA – Study: Consumer Fears High About ID Theft

A study by Leger Marketing, Fusepoint Managed Services, Sun Microsystems and Symantec Canada found that nearly three quarters of respondents believe that everybody – even those who are savvy about technology – are at equal risk of identity theft. The survey also found that an overwhelming majority of business leaders indicate that it is important for companies to secure data. Yet the same poll of business leaders also found that 55% say their company’s private data is at risk of an attack. [Source]

WW – Microsoft Corp. Offers Free Test Version of Security Service Test

Microsoft has unveiled its new service to protect consumers from viruses and other Internet security threats. The company eventually plans to charge for its Windows OneCare Live, but subscription rates have not yet been announced. The test version of OneCare updates automatically on Internet-linked computers to protect against online threats while performing other “PC tune-ups” to allow smooth operation. [Source]

WW – Merchants Jump on Visa's Free Security Service

Enterprises conducting e-commerce transactions have been quick to take up Visa International Inc.'s free, hosted security auditing service, according to the company. According to Visa, the free service, which uses a U.S. vendor but is available across the Asia-Pacific, will be provided "indefinitely" at this point to all merchants that accept Visa cards for payment of goods and services. Visa's main message, that merchants and third-party processors should not be storing card information, remains unchanged. "If there is a need for that, then [merchants] need to protect the information," said a spokesperson, adding that card-holder data should not be stored. "Where we see incidents of compromise is because merchants are unnecessarily storing information." The data security standard for the payment card industry co-developed by Visa and MasterCard International Inc. has 12 requirements - from policy and procedure through to technology like encryption and wireless. [Source]

WW – Big Brother Monitor Sniffs Out Internal Fraud

Terms like firewall, IDS, and deep packet inspection may be indicative of today's network security landscape, but tomorrow's may also include 'big brother' style appliances that log all user activity in an attempt to counter internal threats. This week Israeli company Sabratec Ltd. is launching its Intellinx monitoring solution, which has been described as "one big sniffer", into the Australian market. It is installed on a separate system to analyze and archive every action users perform. The information can then be used as an audit trail in the event of fraud by in-house employees. [Source]

US – Federal Government Employees Slated To Receive New ID Cards Next Year

The government’s Personal Identity Verification Project calls for “secure and reliable forms of identification” for government workers to improve security and access to all agencies. Project officials have set standards and guidelines for the program. The federal government is expected to issue the cards to new employees by October 2006, followed by existing employees and contractors. The program raises questions about personal privacy and database security. [Source]

CA – Transport Canada plan could put the brakes on your right to drive

You don’t get very far into the Driver’s Handbook before the Ministry of Transportation sets you straight: driving is a privilege, not a right. Soon, the ability to control your vehicle may be a privilege, too. Transport Canada is reportedly pilot-testing a speed-limiting system by a Swedish manufacturer that uses a combination of GPS and built-in automation to control how fast cars can be driven on major highways. A digital map gives the system knowledge of the speed limits at various points, and would automatically make it more difficult to push the accelerator once the car has exceeded those limits by a certain percentage. If it gets the go-ahead - and it’s by no means clear how this would be rolled out to the millions of legacy vehicles already on the road - we will have entered a phase in e-government in which technology presumes guilt and restricts rather than empowers citizens. Such technology goes far beyond mere surveillance, which is becoming common enough now at airports and other public places that Canadians are beginning to take it for granted. It’s one thing to know that Big Brother is watching you. This time Big Brother is prepared to tap you on the shoulder any time a transgression occurs. As a deterrent it may be more powerful, but it also establishes a culture of mistrust many of us thought we could leave behind when the workday ends. [Source]

US – Cell Phone Companies to Develop Wireless 411 Directory

When you need to call someone and you don't have a phone book, the best place to turn is 411 directory assistance. But, since cell phone numbers are not included in directory assistance, that's not an option for the 30% or so of mobile phone subscribers who use cell phones as their primary or only phone, according to a study by The Pierz Group. Four national wireless companies -- Alltel, Cingular, Sprint Nextel and T-Mobile -- have hired Qsent Inc. to develop Wireless 411 Service, a free, optional and privacy-protected enhancement to the providers' existing service. [Source]

US – NC Businesses Must Destroy Documents Containing Personal Data under New Law

A new state law requires businesses to destroy unneeded documents containing personal information such as a Social Security number. The law also prevents companies from using Social Security numbers for identification purposes. [Source]

--------