CA – CATSA Pumps $40 Million Into Biometric Tech

Transport Canada is set to rollout a biometric card – with fingerprint and iris information – In an effort to enhance their restricted area pass system for flight crews, re-fuelers, caterers and others who require access to restricted areas. The Canadian Air Transport Security Authority (CATSA) is spending $40 million in biometric technology for Transport Canada to be implemented in 29 airports across the country by the end of this year. [Source]

CA – Mortgage Fraud an ‘Absolute Epidemic,’ Conference Told

Canada is becoming a global trendsetter in mortgage fraud, a crime and risk management expert told an anti-fraud conference that opened in Toronto this week. Chris Mathers told the conference that real estate fraud is the newest form of identity theft. “[Mortgage fraud] is an absolute epidemic, a huge problem in the developed countries, especially here in Canada … and I don’t see it changing anytime soon.” [Source] [Source]

CA – NF Minister Announces Roll-Out of New Drivers’ Licences and Photo ID Cards

The roll-out has begun for Newfoundland and Labrador’s new drivers’ licences and photo identification cards. The roll-out is over a five-year period. The new cards have many new security features including security patterns on the front of the card which are visible only under ultraviolet light. There are one-dimensional and two-dimensional barcodes, micro-printing and a “ghost” portrait. The laminate coating on the card contains an optical image that increases the card’s durability, security and tamper resistance. These patterns shift in colour as the card is tilted. With these new security features, the new licences are extremely difficult to alter or counterfeit without detection. [Source]

US – Direct Marketers Watch for 3 Legal Issues Next Year

During 2007, familiar issues are poised to have the largest impact on the direct marketing industry. Net Neutrality, increased privacy regulation and do not mail legislation at the state level will be the year’s big issues. How each of these issues will play out is unclear, but whatever happens, these issues will impact the way direct marketers do business. [Source]

UK – Online e-Government Systems at Heart of Blair’s Plan for Red Tape Busting

A government-wide action plan identifying over 500 ways to reduce red tape was unveiled by the Prime Minister this week - and e-Government services are central to its delivery. The government ‘Simplification Plans’ will save business and the third sector over £2 billion in administrative costs. The detailed measures, across 19 departments and agencies, have been identified as a result of comprehensive consultation with business, public and third sector organizations. The aim is to cut administrative burdens by 25% by 2010. [Source] [Single Point for Details Updates] [Customer voice in transforming public services - Government response published]

US – OMB Score Card Neglects Citizens: Report

The Executive Branch Management Score Card that measures the use of e-government in agencies neglects citizen input, according to a new report. The Office of Management and Budget scores agencies quarterly on how well they are instituting the President’s Management Agenda, but the scoring leaves goals related to citizens untracked, said a senior research analyst at Government Insights, an IDC company, and author of the report, “Citizen-Centered eGovernment Needs Performance Measures for Success.” OMB needs to measure citizen satisfaction or possibly risk ignoring the citizen-centered aspect of the initiative as agencies push to match the agenda’s performance metrics, according to the report, which was released today. [Source] [IDC Report]

WW – E-mail Service Seeks to Charge Spammers

A new e-mail-forwarding service hopes to make senders pay for access to your eyeballs, and is offering you a piece of the action. San Francisco-based Boxbe lets you set up an e-mail address and add your friends, family and co-workers to an approved senders list, allowing them to e-mail you for free. Anybody else who wants to reach you will have to pay. Boxbe plans to add an anonymous profiling capability that will help marketers target likely candidates for particular products or services. “We’ll eventually be launching software that allows retailers to profile members automatically,” said Barr. “That should add up to more earnings for members.” [Source]

US – Americans Believe Digital Medical Records Would Increase Quality of Healthcare

The Markle Foundation has released a survey which found that Americans have high hopes for electronic personal health records. The survey of 1,003 Americans found that 88% believe digital health records would help to reduce the number of tests and procedures ordered by doctors. The respondents also believe that the electronic records would give them more control over their healthcare. The Markle Foundation this week also released a white paper that stresses the need to couple privacy protections with the development of electronic personal health records. [Source] [News Release] [Research Summary] [Connecting Americans to Their Health Care: A Common Framework for Networked Personal Health Information]

US – NIST Issues Recommendations for Digital Signature Applications

NIST announces the release of Special Publication 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications. This Recommendation specifies methods for obtaining the assurances necessary for valid digital signatures: assurance of domain parameter validity, assurance of public key validity, assurance that the key pair owner actually possesses the private key, and assurance of the identity of the key pair owner. [Source] [Source]

UK – Tabloids Drive Black Market, Says UK Privacy Tsar

A league table of newspapers and magazines which have paid private detectives to obtain illegal information about celebrities and other individuals was published this week. Richard Thomas, the UK information commissioner, compiled the report from evidence found by his investigators during a raid on a private detective who was working undercover for a string of newspapers and celebrity magazines. [Source] [Press Release] [ICO Report]

US – Two-Thirds Think U.S. Spies on Its Citizens: Poll

Two-thirds of Americans believe that the FBI and other federal agencies are intruding on privacy rights as part of terrorism investigations, but they remain divided over whether such tactics are justified, according to a News poll released this week. Overall, the poll showed a continued skepticism about whether the government is adequately protecting privacy rights as it conducts terrorism-related investigations. Compared with June 2002, for example, almost twice as many respondents say the need to respect privacy outranks the need to investigate terrorist threats. 66% of those questioned said that the FBI and other agencies are “intruding on some Americans’ privacy rights” in terrorism investigations, up from 58% in September 2003. 30% think the government is not intruding on privacy. Support for intrusive tactics has dropped even more significantly during that time. A bare majority, 51%, feel the tactics are justified, down from 63% three years ago. [Source]

UK – 79% Agree UK Is a Surveillance Society: Poll

Many Britons are concerned about the increased use of cameras and biometrics in their country, according to a poll by YouGov published in the Daily Telegraph. 79% of respondents believe the country can accurately be described as a surveillance society. [Source]

UK – Online Banking Fraud ‘Up 8,000%

The UK has seen an 8,000% increase in fake internet banking scams in the past two years, the government’s financial watchdog has warned. The Financial Services Authority (FSA) told peers it was “very concerned” about the growth in “phishing”. Phishing involves using fake websites to lure people into revealing their bank account numbers. The amount stolen is still relatively small but it is set to go up by 90% for the second year running, peers heard. [Source]

UK – UK Financial Institutions Not Reporting Online Fraud

A Metropolitan Police officer giving evidence to the all-parliamentary group on identity fraud told British Members of Parliament that financial institutions are not reporting online fraud. Detective Superintendent Russell Day attributed the reluctance to two factors: the financial institutions’ lack of confidence in the police’s ability to deal with the crimes and their concerns about what effect attack disclosures would have on their reputations. Det. Supt. Day’s comments indicate the cost of ID theft in the UK could be much higher than the estimated GBP 1.7 billion (US$3.34 billion) annually. [Source]

UK – UK Gov’t Proposes Changes in the Operation of the FOI Act

The UK Department of Constitutional Affairs published a consultation paper with draft regulations on 14 December 2006. These could allow government departments to refuse more requests for information on the grounds of excessive cost. The draft regulations would allow public authorities to include time for reading, considering and consultation in calculating the cost of handling a request. They would also be able to aggregate requests made by any person or persons apparently acting in concert in making a calculation. In October the DCA released a review of FOI that claimed the average cost for a central government official to deal with a request is £254 per hour and that it takes 7.5 hours. It proposed the right to refuse any request costing £600 or more. [Source]

US – Online Database to Provide Info About People With Disabilities During Disasters

The Utah Division of Homeland Security is creating an online database that would give disaster teams information about people with disabilities. The database will hold information provided voluntarily online or by telephone. State homeland security officials said the sensitive data will be stored on a protected server and only certain personnel will have access to the information. [Source]

US – UCLA Break-In Puts Data on 800,000 at Risk

In one of the largest known security breaches at a university, the database at the University of California has been broken into, exposing the private information of about 800,000 people. Administrators discovered Nov. 21 that the database had been compromised, according to a letter that was posted to the university’s Web site. The hacker had exploited a previously undetected software flaw and gained access to the database from October 2005 until the discovery. The breach affects UCLA students, staff, applicants and some students’ parents. Sensitive information stored in the database included SSNs, home addresses, dates of birth and contact information. Financial information, such as credit card numbers or bank accounts, was not housed in the database. [Source] [Source] [Source] [UCLA seeks to allay fears over database breach]

US – Stolen Laptop Puts 382,000 Boeing Worker Data at Risk

In a disturbing case of deja vu, 382,000 Boeing retirees and active workers are at risk of ID theft and credit-card fraud because of the theft of a company laptop computer. The files on the computer contained their names, SSNs and home addresses, phone numbers and birth dates as well as salary information on some. The theft, which Boeing confirmed this week, is the third such incident in the past 13 months in which a laptop computer containing personnel information was stolen, and it took place despite safeguards the company put in place. This time around, the huge number of people affected includes mostly retirees. As was the case in the other situations, information on the laptop wasn’t encrypted. [Source]

US – Ameriprise Financial Services Settles With Mass. Secretary Of State Over Data Loss

Secretary of State William F. Galvin announced this week that Ameriprise Financial has agreed to pay $25,000 to settle an investigation into the loss of a company laptop that contained the personal data of thousands of Massachusetts residents. A spokesman for the company said the data on about 70,000 financial advisers and 130,000 customers should have been encrypted under company policy. An employee was fired in connection with the violation of company policy. The laptop, which was stolen in 2005, was recovered. [Source]

US – GPO Makes Millionth E-Passport

The Government Printing Office reached a landmark this week when it produced its millionth electronic passport. At the beginning of the year, GPO began producing the passports for the State Department, which then personalizes the blank documents. “We are very proud to reach this milestone,” said an assistant public printer for security and intelligent documents. “In the post-[Sept. 11] era, many documents require new levels of security, from their creation to the distribution.” [Source]

US – FTC Mails 1,400 Claim Forms to ChoicePoint Data Breach Victims

The US FTC has mailed claim forms to 1,400 individuals who incurred out-of-pocket expenses as a result of data aggregator ChoicePoint’s massive security breach in the fall of 2004. One third of the US$15 million settlement reached in January 2006 has been designated to reimburse affected consumers. The reparation forms must be postmarked by February 4, 2007 to be considered for reimbursement. [Source] [Source]

US – Web Users Have False Sense of Security: Truste, TNS Survey

TRUSTe and TNS have collaborated on a survey that shows that 86% of U.S. Internet users believe they know what steps to take to protect their online privacy. However, the research shows that a much lower percentage of the users actually take the common online privacy protection steps. For example, only 20% read privacy statements and 33% regularly changed their passwords. The survey, which polled 1,025 U.S. consumers, found that in the past six months, 71% did not register or buy online because they would have had to provide information they were not willing to share. [Source] [Truste Press Release]

US – Officials Announce Legal Sweep Against Online Fraud

A combined federal-state task force announced a law enforcement sweep targeting bogus business opportunities and work-at-home scams, including several Internet operations. Dubbed Project FAL$E HOPE$, Assistant A-G Peter Keisler said the ongoing law enforcement action so far this year has resulted in 23 fraud convictions and the sentencing of 25 individuals to more than 160 years of prison time. [Source]

US – Va. AG Wants Law Requiring Sex Offenders to Register IDs

Virginia Attorney General Bob McDonnell said he will seek legislation requiring convicted sex offenders to register their online identities with the state to help MySpace and other online hangouts more easily block access. If enacted, Virginia would be the first state to require registration of e-mail addresses and instant-messaging identities on the state’s sex offender registry, McDonnell’s office said. [Source] [Va. Proposal Would Track Sex Offenders By E-Mail, IM]

US – 110th, Democratic-led Congress Wows to Guard Privacy Rights

The incoming Democratic chairman of the U.S. Senate Judiciary Committee promised this week to combat what he denounced as President Bush’s war-time trampling of American rights. “We have a duty to repair real damage done to our system of government over the last few years,” Sen. Patrick Leahy of Vermont said in outlining his panel’s agenda for the 110th, Democratic-led Congress, which is set to convene on January 4. “Americans’ privacy is a price the Bush administration is willing to pay for the cavalier way it is spawning new databanks. But privacy rights belong to the people, not to the government,” Leahy said. [Source] [Source]

US – HP to Pay $14.5 Million to Settle With California AG

HP has agreed to pay $14.5 million to settle allegations that it violated California’s privacy laws during an internal investigation into boardroom leaks that allegedly used pretexting to identify the source who was revealing information to the media. HP, which did not admit liability, has agreed to a settlement with Calif. Attorney General Bill Lockyer to implement legal and ethical best practices to ensure that the company does not run afoul of state laws when conducting internal investigations. [Source] [Source]

US – DHS Panel Softens Stance on RFID

A technology advisory panel to the Homeland Security Department has toned down its objections to radio frequency identification in the latest version of its report on the subject. The report, “The Uses of RFID for Human Identification,” was revised at the Dec. 6 meeting of the Emerging Applications and Technology Subcommittee, which is part of the Data Privacy and Integrity Committee that advises the department. The new Version 3.4a states that if DHS selects RFID systems as the best available technologies to identify individuals, then privacy and information security must be built into the system in the design stage. [Source]

US – Injunction May Slow Momentum for RFID E-Pedigrees

US government efforts to tighten security in the pharmaceutical supply chain hit a roadblock last week when a federal court judge issued an injunction that lifts pedigree requirements for drug shipments. While RFID had not been a requirement for the pedigrees, industry observers agreed that pedigree enforcement generally was a positive step toward the ultimate adoption of RFID-based e-pedigrees. Thus, with the FDA pedigree requirement now postponed, momentum behind RFID e-pedigree adoption may be slowed.
[What the FDA Announcement Means for RFID] [RFID Industry Implications of the FDA Update] [Commentary] [HDMA press release] [RFID-based track-and-trace initiative] [Pharmaceutical Pilot Finds Promise, Problems] [library of court filings] [pharmaceutical law blog]

US – Medline Markets RFID System for Surgical Sponges

Medline Industries, a U.S. distributor of medical supplies, has begun marketing a medical system that uses RFID to detect any surgical gauze, towels and sponges left behind in human bodies after an operation. The distributor says the first orders will begin shipping the system, called RF-Detect, to hospitals in December. Two hospitals should have the system running by early January, with 10 centers adopting it during the first quarter of 2007. RF Surgical Systems, a medical device company based in Bellevue, Wash., developed RF-Detect, which received U.S. FDA regulatory approval on Nov. 3. The platform aims to augment manual procedures in place that require surgical teams to count equipment before performing operations and then recount just prior to sewing up the body. [Source]

WW – Survey: Security Vendors Face Lucrative Opportunity in Protecting Cell Phones

Juniper Research predicts that companies and individual users will seek mobile phone security products because of the threat of ID theft, malware, corporate governance rules, new legislation and the increasing reliance on mobile devices. The study estimates that those factors will result in mobile security software installation on 247 million devices over the next five years. The demand will increase revenues from security products to almost $5 billion by 2011, according to Alan Goode, who wrote the study, Mobile Data Security: Access, Content, Identity & Threat Management, 2006-2011. [Source] [Press Release] [Mobile security is the next gold rush]

AU – Australia Access Card Details Unveiled

More than 300 executives from the banking and technology sectors were present as the federal Government unveiled the hotly-anticipated details of its $1.1 billion welfare Access Card. The delegation, including representatives of Australia’s biggest banks and some of the world’s largest outsourcers and system integrators learned the architectural specifications of the Access Card. The federal Department of Human Services will issue draft legislation governing use of its Access Card and detail a timetable for tendering and implementing the substantial project. [Source] [Source] [Pubs, banks could be banned for asking for smartcard ID]

US – RSA Releases Government Compliance Product

RSA Security has announced a smart-card management product aimed at helping U.S. government agencies comply with an upcoming presidential directive mandating the use of chip-based identity cards. The RSA Card Manager product, available next month, is aimed at helping agencies comply with Homeland Security Presidential Directive 12 (HSPD-12), requiring federal employees and contractors to use a new standard for physical and computer access using smart cards. [Source]

US – Data-Mining Won’t Catch the Terrorists, Will Hurt Privacy: Experts

Noting that the 9/11 terrorists “were hiding in plain sight,” a report released this week by the Washington, DC-based Cato Institute concludes that the practice of data-mining will not help investigators discover terrorists and severely infringes on civil liberties. The report was written by Jeff Jonas, a distinguished engineer and chief scientist with IBM’s Entity Analytic Solutions Group, and Jim Harper of the Cato Institute. Applying this concept to terrorism is faulty, the report warns. Jonas and Harper find that “Unlike consumers’ shopping habits and financial fraud, terrorism does not occur with enough frequency to enable the creation of valid predictive models....The one thing predictable about predictive data mining for terrorism is that it would be consistently wrong.” Frighteningly, the report cites other studies that show that “Assuming a 99% accuracy rate, searching our population of nearly 300,000,000, some 3,000,000 people would be identified as potential terrorists.” To become more effective “data-mining efforts would rely on even more collections of transactional and behavioral information, and on centralization of that data, all to examine Americans for criminality or disloyalty to the U.S. or Western society. That level of surveillance, aimed at the entire citizenry, would be inconsistent with American values.” [Report] [Source] [Source]

US – New Tracking Software Allows MIT Students to Locate Friends With Privacy Intact

Students at the Massachusetts Institute of Technology will be able to pinpoint the location of their friends on campus with new tracking software that debuts this week. The iFIND software project allows users to share their locations with friends without uploading personal information onto a central network. Laptops determine users’ locations by using Wi Fi access points and then shares that information with a select group of friends. However, the network never receives any personal information. [Source]

WW – International Travel Groups Oppose Traveler Screening Program

A Department of Homeland Security (DHS) program used to perform risk assessments of foreign travelers coming into the country by land, sea and air is encountering increased opposition from inside the U.S. and among international travel groups. The international travel groups have written a letter to Homeland Security Secretary Michael Chertoff. The letter objects to the “far-reaching and invasive screening of millions of business travelers entering and exiting the U.S.” Chertoff has defended the program as an essential tool for U.S. border agents to protect the homeland. DHS has extended the comment period to Dec. 29. [Source] [Traveler Data Program Defied Ban, Critics Say Congress Barred Funds for DHS Development] [Canadians could be sacrificing their privacy when they travel] [Chertoff: Traveler screening program wasn’t a secret] [ATS Traveler risk system may violate Congress’s ban] [DHS Passenger Scoring Illegal?] [Welcome Aboard Air Kafka ...Risk Scoring and the National Insecurity State] [Homeland Security’s Automated Program of Risk Assessments for Travelers: Why It Fails to Sufficiently Protect Individual Privacy] [US outlines privacy safeguards - and reveals plans to mine personal data] [Air Passenger Data Program Concerns European Officials] [Opposition to DHS traveler screening program mounts]

US – HHS: Less Than 25% of Medical Privacy Complaints Merit Further Investigation

Less than a quarter of the total medical privacy complaints lodged with the Department of Health and Human Services (HHS) were eligible for further federal investigation of healthcare organizations covered by HIPAA. Since April 2003, when the deadline for complying with HIPAA’s privacy rules took effect, HHS has received 23,268 complaints about alleged breaches of patient privacy. The department says that 76% of the privacy and 43% of the security complaints have been closed - in some cases because they were not HIPAA violations. HIPAA gives federal prosecutors the power to prosecute criminal violations. HHS has referred 346 privacy complaints and two security complaints to the Department of Justice, which has taken action on four cases [Source] [HHS Prefers ‘Voluntary Cooperation,’ Not Fines]

US – Senators Propose Repeal of National ID Card Law

A pair of Senators last week proposed legislation to repeal a controversial law mandating the creation of a national identification card. Senators Daniel Akaka (D-Hawaii) and John Sununu (R-N.H.) proposed the bill on the last day before the 109th Congress adjourned for good, but are likely to reintroduce it in 2007. The Real ID Act – approved in 2005 without hearings or debate – was intended to standardize state drivers’ licenses and create a national network of databases of personal information. Since then, it has become increasingly apparent that REAL ID is so fraught with privacy and security concerns that it requires fundamental reevaluation. CDT supports the bill and urges Sens. Akaka and Sununu to reintroduce it in the 110th Congress. [Akaka-Sununu Bill] [Akaka Floor Statement]

US – Anti-Pretexting Bill Passed by Congress, Awaits President Signature

The Senate has passed a bill that would make it illegal to obtain s consumer’s telephone records without permission. The legislation would impose a maximum 10-year prison sentence and a maximum $500,000 fine for tricking telephone companies into providing telephone records. The bill also would ban the sale of telephone records and contains penalties for people who obtain phone records to help them commit a violent crime. [Source] [Senate Passes Bill To Criminalize Pretexting]

US – Congress Approves Data Security Bill for VA

The high-profile theft of a laptop computer from the home of an employee of the Department of Veterans Affairs led to a bill approved by Congress last week that would require the creation of a new information security program for the agency. The bill would require the development of security programs to provide a cost-effective way to reduce risks to an “acceptable” level. The program also establishes procedures to follow if VA data is lost, stolen or misplaced. It would require periodic assessments on each of the VA’s information systems. It also would require annual employee security awareness training, which also would apply to contractors or any others granted access to the VA’s records. [Source]

US – Tech Firms Seek Federal Data-Privacy Law

Microsoft, HP, and other high-tech companies are preparing to push for data-privacy legislation next year to replace what they consider an outdated patchwork of state and federal laws that are inconsistent and burdensome. Microsoft, HP, and eBay earlier this year formed the Consumer Privacy Legislative Forum to lobby for privacy legislation. Google, Intel, Oracle, and other companies later joined. [Source]

US – McCain Bill Would Require Reporting of Illegal Images

Millions of commercial Web sites and personal blogs would be required to report illegal images or videos posted by their users or pay fines of up to $300,000, if a new proposal in the U.S. Senate came into law. The legislation, drafted by Sen. John McCain, would also require Web sites that offer user profiles to delete pages posted by sex offenders. [Source]

--------