US – Wisconsin DMV Implements Facial Recognition Technology

The Wisconsin Department of Motor Vehicles has deployed a new facial recognition technology. In less than eight months, facial recognition technology has helped the DMV cancel approximately 600 products, mostly driver’s licenses and identification cards. “It has ranged from underage people trying to get an ID under a different name for either tobacco or alcohol, to someone who was convicted of a sexual assault of a child and trying to change his identity and get a driver’s license under a different name.” [Source]

US – Biometric Security Tests Begin at Waco Airport

The Waco Regional Airport is trying to determine the effectiveness and accuracy of a biometric facial recognition security system. Starting last week, the airport will take pictures of 10,000 visitors over the next 30 days to assess the accuracy of a technology. [Source]

JP – Face Recognition Surveillance Starts in Tokyo Subway

The Japanese government said last week that it has begun a test run of surveillance cameras in Tokyo to monitor commuters as an anti-terrorism measure. Faces of commuters are to be compared with files of terrorists or wanted criminals. When the system detects a facial match, an alarm is to go off. But people concerned with protection of privacy have been opposing even the system’s trial run. [Source]

CA – Canadian Study Shows Widespread Violation of Privacy Laws

In a report released last week, entitled Compliance with Canadian Data Protection Laws: Are Retailers Measuring Up? the Canadian Internet Policy and Public Interest Clinic (CIPPIC) published results of the first Canadian survey assessing the compliance of retailers with data protection laws. The results show widespread non-compliance with federal laws requiring openness, accountability, consent, and individual access to personal data. The study assessed the compliance of 64 online retailers with specific legal requirements for accountability, openness and consent. It also separately assessed the compliance of 72 online and offline retailers with the requirement to provide individuals with access to their personal information, upon request. Among other things, the study found that:

· It is unreasonably difficult for consumers to get answers to basic questions about company data protection policies over the phone;

· A significant proportion of privacy policies are unclear, even when tested by people with university education;

· Even more policies are incomplete, often failing to identify third parties with whom the company shares customer information or to describe the type of information shared;

· The vast majority of companies rely on “opt-out” methods of obtaining consumer consent, but many fail to bring the opt-out option to the customer’s attention or require the customer to go to unnecessary effort in order to exercise the opt-out;

· Many companies bury notice of their secondary uses and disclosures of customer data, along with notice of the consumer’s right to opt-out, in lengthy privacy policies that few consumers would have the time to read and understand;

· Many companies that use or share customer data for unnecessary purposes do not offer consumers a choice regarding such unnecessary uses or disclosures;

· A number of companies suggest that they do not use or share consumer information without the consumer’s explicit consent when in fact they do;

· Few companies provide complete responses to written requests for specific information about what personal information the company holds about the individual, how it is used, and to whom it is disclosed.

In a companion report entitled On the Data Trail: How Detailed Information About You Gets Into The Hands Of Organizations With Whom You Have No Relationship, CIPPIC exposes the many ways in which consumer information is gathered and traded in the marketplace. That study found, among other things, that detailed personal information about individual consumers is collected from a variety of sources including product warranty/registration cards, rebate and special offer responses, contest entry forms, online registration forms, payment processing centers, and surveys that consumers are often enticed to complete in exchange for coupons or other benefits. It is then compiled into lists that are rented or sold to marketers. Detailed demographic information about geographically defined groups, available from Statistics Canada as well as private sources such as credit bureaus and market research companies, is also widely used for target marketing purposes. [Source] [Source] [Source]

CA – Privacy Commissioner Gives Green Light to Online Census Effort

As 32 million Canadians receive their census forms this week, Canada’s census officials are aiming to have 20% of respondents complete the forms online. The mailed forms will include a special Internet access code that allows users to check on a Web site to determine if their computers have strong enough security safeguards. Statistics Canada, which conducts a national census every five years, said the Web site is “10 times more secure than the average Internet banking site.” A spokeswoman for the Privacy Commissioner of Canada, said the system meets the agency’s expectations. [Source]

CA – B.C. Amendment of PIPA

Bill 30, the second Miscellaneous Statutes Amendment Act of 2006, was introduced on April 27 by Attorney General Wally Oppal. Among the statutes amended is the Personal Information Protection Act. “These amendments will permit the collection, use and disclosure of third party personal information without the consent of the third party when the information is necessary to provide services such as medical, counselling or legal to an individual who is the source of the third party information. It will also permit a lawyer to refuse access to personal information where a solicitor’s lien for non-payment of legal fees is in place.” [Press Release] [Text of Amendments]

CA – B.C. FOIPPA & PATRIOT Act Amendments

Bill 30, the second Miscellaneous Statutes Amendment Act of 2006, was introduced on 27 April by Attorney General Wally Oppal. Among the statutes amended is the Freedom of Information and Protection of Privacy Act (FOIPPA). “These amendments will increase openness, with proactive public disclosure of joint solutions procurement contract information, while protecting commercially sensitive information. It will permit limited and temporary trans-border access of personal information in special circumstances necessary for system maintenance or when an employee is travelling outside of Canada and needs access to information. It will ensure transparency for the uses of personal health information within health information banks by requiring the publishing of summaries on a public online directory.” [Press Release] [Text of Amendments] [Merits of Proposed Amendments to Privacy Law Debated]

CA – New Brunswick’s Privacy Laws Up For Review

New Brunswich Premier Bernard Lord says the province’s Protection of Private Information Act - which indirectly caused the resignation of his press secretary last week - might be up for review this year but if there are changes, they won’t necessarily make the legislation weaker. Since the Protection of Private Information Act is “linked” to the Right to Information Act, “this could be an appropriate time to review that legislation as well,” said the premier. However, a review could lead to even stronger laws, he suggested [Source] [N.B. Premier Under Investigation for Privacy Breach Complaint]

CA – Nova Scotia Introduces Bill to Address PATRIOT Act Fear

Nova Scotia has introduced the Personal Information International Disclosure Protection Act, which outlines a series of requirements and penalties that protect personal information from inappropriate disclosure. The act provides protection regarding storage, disclosure and access to personal information outside of Canada in the custody or under the control of a public body or municipality. [Source]

CA – BC Privacy Commissioner Issues PIPA Employee Hiring Guide

Extract: “PIPA requires every organization to have policies on how the organization will meet its obligations under PIPA to protect personal information, including employee personal information. It is good practice for employers to give their new employees a copy of the privacy policy or, at least, to tell new employees how to get a copy of the policy. It is also a good practice to train employees about their role in ensuring the policy is properly applied. PIPA is still relatively new, since it came into force on January 1, 2004. The Office of the Information and Privacy Commissioner for British Columbia continues to receive requests from employers for clarification of their responsibilities in relation to the hiring of new employees. This document answers questions we most frequently hear.” [Full Text of Guide]

WW – Aggressive Anti-Spam Tactics Leading to More Problems

Internet companies are taking more aggressive steps to stop the flow of unwanted email. In a significant number of cases, though, consumers complain that the efforts increasingly are blocking the good along with the bad. [Source] [Sophos Report: China Close to Passing U.S. as Top Source of Spam]

UK – U.K. Consumers Not Notified About Security Breaches

The UK’s Data Protection Act does not require businesses to notify consumers after a security breach. Some experts argue that the law offers enough protection to consumers, making any breach notification requirement unnecessary. Others argue that consumers would benefit from a notification requirement, but companies are opposed to it because they fear public knowledge of a security breach will damage their reputation. [Source]

WW – Study: Stricter Privacy Rules in Europe but Better Controls In U.S.

The global law firm White & Case sponsored a study conducted by the Ponemon Institute, an independent privacy think tank, that compared corporate privacy practices of 47 U.S. and European multinationals. The survey found that European companies impose tighter restrictions on the sharing of sensitive information. However, U.S. companies have more sophisticated security and controls in place to prevent data breaches, according to the study. [Source] [Study]

WW – Banking Websites Put Customers at Risk, Researcher Warns

Online bank customers may want to pay a little more attention to their browsers the next time they log in, because many of the most popular banking sites in the U.S. may be needlessly placing their customers at risk to online thieves, a noted security researcher warned. At issue are the user login areas that can be found on banking sites such as Chase.com and Americanexpress.com, which ask users to submit their user ID and password information. [Source] [List of banks use of SSL authentication]

WW – American Express Warns of False Website Security Measures

American Express has issued a warning about what it calls a false “security measures” pop-up screen that appears when users log in to its secure site. In an alert posted online, the NY-based company included a screenshot of a pop-up log-in screen, which tries to lure the user into his entering name, Social Security number, mother’s maiden name and date of birth. [Source]

CA – Information Commissioner Slams Harper for About Face on Info Access Reform

Prime Minister Stephen Harper has done a complete about-face, introducing plans that would increase government secrecy after campaigning on openness, says Canada’s information czar. The proposed Accountability Act, now being debated in the House of Commons, will actually make government less accountable when it comes to making information available to Canadians, Information Commissioner John Reid said. In a special report to Parliament, Reid said no government has ever put forward “a more retrograde and dangerous” set of proposals to change the Access to Information Act since the legislation first came into effect in 1983. The Accountability Act, and other reforms being proposed, will “increase the government’s ability to cover up wrongdoing, shield itself from embarrassment and control the flow of information to Canadians,” says the scathing report. [Source] [Special report]

CA – National DNA Databank Survives Key Constitutional Challenge

The national DNA databank, containing the genetic material of serious offenders, survived a key constitutional challenge in the Supreme Court of Canada last week in a decision that ordered a repeat sex offender to surrender a sample. The 4-3 ruling could give legal ammunition to the Conservative government’s plan to expand the six-year-old databank to include more offenders. Dennis Rodgers of Sudbury failed to convince the court that he should be excluded from the databank because it came into effect when he was already on parole. Justice Louise Charron said Rodgers should have “a reduced expectation of privacy” because of his crimes and, therefore, be forced to submit to a databank that has “revolutionized” criminal investigations. “Society’s interest in using this powerful new technology to assist law enforcement agencies in the identification of offenders is beyond dispute,” she wrote for the majority. [Source]

CA – Balancing Two Public Goods: Privacy and Health Research; the View of Canadians

Canadians value privacy, and also recognize the importance of health research in the public interest. So, how do they balance these when it comes to the use of personal health information for research purposes? Almost 100 randomly selected citizens considered this question last year in a series of deliberative dialogues organized by CPRN in collaboration and under contract with a team of researchers from McMaster University, funded by the Canadian Institutes of Health Research and Health Canada. [Source]

US – States Consider Crackdown on Doctors’ Prescribing Data

Some doctors and lawmakers are opposed to a longtime system that provides pharmaceutical representatives with detailed prescribing habits of doctors. The data, which is given to drug companies as a result of contracts the American Medical Association has with data-mining companies, allows drug reps to formulate tactics to persuade physicians to write more prescriptions for their products. Bills addressing the practice are pending in New Hampshire, Arizona and West Virginia. [Source] [Source]

US – HIV-Positives Worry About Identification Policy

Under pressure from the federal government, Massachusetts may soon be required to report the names of residents that test positive for HIV, causing concern from local AIDS organizations that such a change could hinder prevention work. Massachusetts is one of seven states that does not require names when a doctor or a testing facility administers an HIV test. [Source]

US – Aetna Laptop with Data on 38,000 Members Stolen

Health insurer Aetna said a laptop computer containing personal information on about 38,000 of its members, including names, addresses and SSNs was stolen from an employee’s car. [Source] [Source]

US – Pentagon Hacker Compromises Personal Data

An intruder gained access to a Defense Department computer server and compromised confidential health care insurance information for more than 14,000 people, the department said last week. The affected individuals have been advised by letter that the compromise of personal information could put them at risk for identity theft. [Source] [Source]

US – Wells Fargo Warns Of Possible Data Theft

Wells Fargo, the second-largest US mortgage lender, said Friday that a computer containing confidential data about mortgage customers and prospective customers is missing and may have been stolen. The missing data include names, addresses, Social Security numbers and mortgage loan deposit numbers. Wells Fargo said there is no indication that anyone has misused the data, or accessed the data without authorization. [Source]

US – Report: Medical ID Theft Can Wreck Victims’ Health and Finances
A new report out from the World Privacy Forum, a nonprofit research group, has found more than 19,000 complaints of medical ID theft on file with the federal government. [Source] [Report] [Background]

CA – Demand for Canadian Passports Expected to Double

A surging demand for travel documents has left Canada’s passport agency scrambling to keep up - pressure that’s only going to intensify in coming years, internal briefing notes reveal. Passport Canada is “struggling to maintain service standards and introduce new security features,” say the notes prepared for Foreign Affairs Minister Peter MacKay. Copies of the declassified memos, originally stamped secret, were obtained by The Canadian Press under the Access to Information Act. [Source]

US – Real ID Rebellion Fizzles in N.H. Senate

A rebellion against national rules for driver’s licenses failed to take hold in the state Senate last week, derailing efforts to bar the state from participating in the federal Real ID Act. Many senators said they were uncomfortable rejecting Real ID outright and voted instead for a study commission that would examine the costs and benefits of participating or opting out of the tighter identification requirements. The study commission proposal passed 14-9. [Source]

UK – Q. What Could A Boarding Pass Tell An Identity Fraudster? A. Way Too Much

A simple airline stub, picked out of a bin near Heathrow, led one reporter to investigate a shocking breach of security. This is the story of a British Airways boarding-pass stub thrown away in a dustbin on the Heathrow Express to Paddington station. The traveller’s name was Mark Broer. It said Broer had flown from Brussels to London on March 15 at 7.10am on BA flight 389 in seat 03C. The pass also said he was a “Gold” standard passenger and provided his frequent-flyer number. This stub would provide the building blocks for stealing his identity, ruining his future travel plans - and even allow the reporter to fake his passport... [Source]

US – Survey Shows Washington Residents Lack Internet Safety Savvy

Nearly 3/4 of adults in Washington state own a computer, one of the highest rates in the nation, but a new survey shows they don’t always know how to protect themselves online. About 800 residents were surveyed as part of a campaign launched this spring by AARP, the state Attorney General’s Office, Microsoft and the FTC to arm consumers against hackers and scam artists. The study found about half of Washington computer users don’t recognize “phishing” scams, where victims are fooled by realistic-looking e-mails that appear to come from banks or other financial institutions. About 49% said they were unaware banks don’t send e-mails to customers asking them to click a link to verify account information. Three-quarters of Internet users didn’t know that a Web site’s privacy policy does not prevent the company from sharing customers’ personal information, according to the survey. Too many people don’t realize everything they do online can be recorded and tracked, including their shopping. [Source]

US – Maine Sex Offender Sues to Keep Listing Off Internet Registry

A Kennebec County man is asking a court to prevent the state from listing him on Maine’s on-line sex offender registry, contending the registry violates the Maine Constitution. The man acted after the state sent him a letter last month instructing him to register with the sex offender registry. The man was convicted 21 years ago of having sexual contact with a 12-year-old boy when he was age 19. Under a law that took effect last September, sex offenders whose crimes occurred as long ago as 1982 must register with the state and local police. The registry, the state government’s most popular Web site, provides an offender’s name, photo and also home and work addresses. According to the suit filed last week, John Doe believes that being listed means that he will lose his job, his wife will leave him and his neighbors will try to force him to move. He also fears someone will harm him. He is required to be on the registry for the rest of his life. The suit comes at time of increased scrutiny of the Internet listings, following the murder last month of two Maine men on the registry. [Source]

ON – Survey: Identity Theft Tops List of Concerns

An opinion poll of Brampton residents carried out for the Mayor’s Task Force on Community Safety and Security by Pollara Strategic Public Opinion and Market Research and released Monday, shows 31% of residents believe crime has increased in the past two or three years – pointing to break and enters, property theft and gun violence as specific crimes they perceive as being on the rise. Despite that perception, residents are most likely to worry about being an identity theft or fraud victim. The fear of white collar crime surprised task force chairperson and provincial commissioner of emergency management Julian Fantino. The poll of 502 residents was conducted between March 17 and 19. [Source]

CA – Electronic Supervision of Nova Scotia Offenders Begins

On May 2 the Nova Scotia Justice Minister Murray Scott announced the launch of a one-year implementation of the electronic supervision of offenders. Nova Scotia is the first province in Canada to use GPS technology to monitor offenders. The initial implementation will involve up to 25 offenders and will take place in the Halifax Regional Municipality. Offenders who are subject to a sentence order containing conditions for house arrest and electronic supervision will be the initial target group. [Source]

WW – Proposed “Whois” Changes Highlight Internet Anonymity Debate

If proposed rule changes are adopted by the organization that runs the Internet, corporate and government investigators won’t be able to rely on Whois to find the owners of fraudulent Web sites. Earlier this month, at the urging of privacy advocates and over the opposition of major corporations, the ICANN committee responsible for Whois voted 18-9 to restrict its listings solely to someone who can resolve technical “configuration” problems. [Source]

US – Court Orders $4 Million Settlement in Seismic Spyware Case

A federal court has ordered a halt to a business that deceptively downloaded software onto people’s computers, ordering the owners of the operation to turn over more than $4 million in ill-gotten gains. CDT filed a complaint with the FTC about the company, Seismic Entertainment Productions in 2004. The FTC announced that it had obtained a preliminary injunction against another spyware distributor, Odysseus Marketing, which was also named in a CDT complaint. [FTC Announcement] [CDT Seismic Complaint]

US – Legislation Introduced to Force ISP Retention of Internet Records

A Democratic member of the Congressional Internet Caucus has introduced an amendment that would make certain data deletion illegal. Colorado Rep. Diana DeGette’s proposal says that any Internet service that “enables users to access content” must permanently retain records that would permit police to identify each user. [Source] [Amendment] [Source] [Source] Follow up: Rep. Diana DeGette said she was “horrified that the provider community is not working with us” on proposed legislation that would force ISPs to keep records about their users’ Web activity. The Congresswoman also added that a committee hearing will be held soon to question ISP representatives about the plan. [Source]

ZA – South African Businesses Face Hurdles Under Proposed Data Privacy Law

All businesses would be required to comply with new requirements related to the collection, use, dissemination and processing of customer and employee information under a broad bill expected to become law sometime this year. The South African Law Reform Commission has released a discussion paper that includes a draft data privacy bill, known as the Protection of Personal Information Bill. The law would require appropriate steps to ensure the security of personal information. The proposed bill incorporates eight principles relating to the protection of data, including a very broad definition of personal information that can include views and opinions. Two options are under consideration for notification of consumers in the event of a security breach. [Source] [Source]

US – U.S. Senator Patrick Leahy Calls For Privacy Summit

U.S. citizens need to be given the opportunity to participate in a high-level summit convened by Congress and the Bush administration, Leahy, D-Vt., said at a conference in Washington. Leahy said the privacy summit is needed in the wake of the administration’s once-secret efforts to wiretap Americans and recent reports that the FBI and Department of Homeland Security have monitored Iraqi war protesters. [Source]

US – Appeals Judges Hear Subway Search Debate

A federal appeals court panel challenged a civil liberties lawyer yesterday to explain how searching people’s bags at random in city subways was different from searching passengers at airports, which has become standard practice to combat terrorism. The often sharp questioning came as the New York Civil Liberties Union appealed a lower court ruling allowing random searches in the subways - which began last July - to continue because of the “real and substantial threat” of a terrorist attack in the subway system. [Source]

WW – Q&A With IBM’s Harriet Pearson

In this Computerworld interview with Harriet Pearson, IBM’s Vice President of Corporate Affairs, Chief Privacy Officer expounds on the data security challenges U.S. companies face with an increasing body of breach notification laws and the rapid globalization of business operations. Pearson stresses the need for a team approach among security, technology, legal, audit and marketing departments across the enterprise. Pearson also touts the need for privacy certification, and mentions IBM’s involvement in creating a government certification program for government employees. [Source]

US – Best Practices for RFID Use Unveiled In Las Vegas

A group of businesses and consumer advocates unveiled guidelines for RFID use during a technology trade show in Las Vegas. The guidelines recommend that consumers be told when goods carry the tiny radio frequency tags. The guidelines also call for making it clear to consumers how they may disable the tags easily after buying a particular item. Businesses should notify consumers about how they will use the information collected by the tags. Not all interested groups endorsed the guidelines, including the Electronic Frontier Foundation, which expressed concern that the guidelines failed to address the government’s use of RFID. [Source] [Press Release] [RFID Best Practices][Source][Source] [Source] [Source] [Source] [Source]

US – IBM Releases New RFID Tag Intended to Address Privacy Concerns

Responding to RFID privacy concerns, IBM has developed a “clipped tag” technology, offering consumers the ability to tear or scratch off RFID antennae. IBM demonstrated the new RFID tag which will allows consumers to reduce its range from 30 feet to less than 2 inches. The device’s design addresses privacy concerns by eliminating the possibility that someone could intercept the transmitted information from a distance while still allowing the tag to remain intact for product returns or other purposes. [Source] [Source] [Source][Source]

US – Wisconsin Bill to Ban Coerced RFID Chip Implants

Wisconsin’s legislative branch cleared a bill late last week that would ban anyone from implanting RFID microchips into people without their consent. Assembly Bill 291, by State Rep. Marlin Schneider (D) will now move to the governor’s office, where Gov. Jim Doyle is expected to sign it into law. The legislation prohibits anyone, including employers or government agencies, from requiring people to have microchips implanted in them. Violators would face fines of up to $10,000. Rep. Schneider says he introduced the bill mainly to protect individual rights. “We ought not to allow employers to force this technology onto employees to track them every time they walk into a bathroom or leave a building,” he says. “That is very intrusive, even more so than anything Orwell ever dreamed of.” [Source] [Background]

WW – Privacy Breach Impact Calculator

How much would a customer privacy breach impact your business? Most businesses are not aware of the many factors that can contribute to the financial impact of a data privacy breach. This calculator, based on the expanded one found within Privacy Management Toolkit Version 1, by information security and privacy expert Rebecca Herold, provides an example of some of the items an organization should consider when estimating the potential business impacts of a data privacy breach. The expanded Privacy Breach Impact Calculator within the toolkit includes an additional 15 items that should be considered. [Source]

US – NIST Draft Guide for Developing Performance Metrics for Information Security

NIST’s Computer Security Division has completed the initial public draft of Special Publication 800-80, Guide for Developing Performance Metrics for Information Security. This guide is intended to assist organizations in developing metrics for an information security program. The methodology links information security program performance to agency performance. It leverages agency-level strategic planning processes and uses security controls from NIST SP 800-53, Recommended Security Controls for Federal Information Systems, to characterize security performance. [Source]

AU – Australian PM Announces $1 Billion Plan to Issue Smart Cards

The federal government has opted for a smart card over a national ID card, according to Prime Minister John Howard. The new smart card, intended to replace 17 existing cads, would help citizens access health and welfare services. The new card will contain enhanced security features, such as a biometric photograph. Officials said the plan attempts to balance personal privacy, stronger ID security and ease of access. [Source] [Australia Police and Intelligence Agencies to Get SmartCard Data, including biometrics] [Australia SmartCard Could be a $5bn Noose for Government] [Source]

MY – Malaysia to Roll-out Smart Card to 24 Million Citizens

Unisys announced that its subsidiary Unisys MSC has been awarded a two-year US $5 million contract as part of the national rollout of Malaysia’s MyKad smartcard project. The identity card is a government multi-application smart card and is the largest deployment of government smartcards with over 19 million cards being issued to date. Under the new contract, Unisys will be ensuring that the MyKad application runs 24x7 at the Government Service Centre data center. [Source] [Source] [Editorial]

US – Feds Move to Dismiss Lawsuit Challenging AT&T, NSA Spy Tactics

The Justice Department said late last week it was moving to dismiss a federal lawsuit challenging the Bush administration’s secretive domestic wiretapping program. The lawsuit, brought by the San Francisco-based Internet privacy group, Electronic Frontier Foundation, does not include the government but instead names AT&T Inc., whom the group accuses of colluding with the National Security Agency to make communications on AT&T networks available to the spy agency without warrants. The government said the lawsuit threatens to expose government and military secrets and therefore should be tossed. The administration added that its bid to intervene in the case should not be viewed as a concession that the allegations are true. [Source] [USA Statement of Interest Filing] [Source] [Source] [Source] [Source] [Source] [Source] [Source] [Source] [EFF Hires Two DC Attorneys]

US – Data Show How Patriot Act Used: FBI Sought Data on Thousands in 2005

The FBI secretly sought information last year on 3,501 U.S. citizens and legal residents from their banks and credit card, telephone and Internet companies without a court’s approval, the Justice Department said last week. It was the first time the Bush administration has publicly disclosed how often it uses the administrative subpoena known as a National Security Letter, which allows the executive branch of government to obtain records about people in terrorism and espionage investigations without a judge’s approval or a grand jury subpoena. [Source] [Source] [Source] [Source] [Source] [Source] [Source] [U.S. Wiretapping Controversy Sparked Inquiries from Canadian Spy Watchdog]

US – Who’s Buying Cell Phone Records Online? Cops

Net sellers tell Congress they supply law enforcement officials with call lists. A congressional panel investigating the fraudulent acquisition and sale of mobile phone records by Internet Web firms has collected evidence that indicates law enforcement officials at the local, state and federal levels use the Internet-based services as an investigative short-cut, MSNBC.com has learned. At least one Web-based data seller has told Congress that the FBI is a client. [Source] [Source] [Source]

US – FCC Approves Net-Wiretapping Taxes

The Federal Communications Commission stood firm on its May 2007 deadline for Voice over IP providers to build standardized wiretap backdoors into their systems. The decision comes only two days before the FCC goes to court to defend its authority to extend the Communications Assistance for Law Enforcement Act to facilities-based broadband and VoIP providers. Broadband providers and Internet phone companies will have to pick up the tab for the cost of building in mandatory wiretap access for police surveillance, federal regulators ruled unanimously last week. Universities have estimated their cost to be about $7 billion. [Source] [Source] [Feds Push To Wiretap University Networks] [FCC Upholds Deadline for Wiretapping Law] [FCC keeps deadline for broadband wiretap access][Source]

US – Federal Appeals Court Hears Arguments on FCC Rules Related To Wiretapping Law

A judge on the U.S. District Court of Appeals in Washington today asked tough questions during a hearing on whether the FCC exceeded its legal authority when it used a 1994 law to allow the government to extend wiretapping rules to the Internet - despite the law’s focus on telephone networks. The groups opposed to the FCC’s position argued that Congress never intended to apply the law to broadband providers, corporations and universities, or to force them to install network features to allow law enforcement officers to snoop on Internet communications. In a related development, the FCC ruled earlier this week that universities and companies would have to bear the costs of network upgrades to comply with its Internet wiretapping rules. [Source]

US – Report: Electronic Surveillance Up 20%, Government Report Finds

Electronic Surveillance Up, Government Report Finds - An annual report on wiretapping reveals that state and federal agencies completed wiretaps in 1,773 cases in 2005, an increase of four percent. State and local police surveillance outpaced federal activity in criminal cases, reflecting a shift of FBI and other federal resources from criminal investigations to intelligence investigations. In a separate report, the Department of Justice reported that electronic surveillance and physical searches conducted under the Foreign Intelligence Surveillance Act (FISA) reached a new high in 2005, with more than 2,000 applications for surveillance and searches being approved by the FISA court. Those numbers obviously don’t include the warrantless wiretapping being conducted under the President’s orders outside of FISA. May 02, 2006

[ 2005 Wiretap Report, May 01, 2006 ] [ 2005 FISA Report, April 28, 2006 ] [Source] [Governments in Europe Gain More Powers for Wiretapping]

US – Approval for State Court Wiretaps Rises - On Federal Side, 14% Drop

State judges approved a growing number of secret wiretaps in criminal investigations in 2005, while federal criminal wiretaps dropped 14%, according to court data released last week. Nationwide, court-approved wiretaps increased 4% to 1,773 in state and federal investigations. Only one application was denied. The increase in 2005 was much smaller than the 2004 figures, which leapt 19%. [Source]

US – Surveillance or Safety? Parents Grapple With Use of Child-Monitoring Cell Phones

According to the NY Times story, parents will soon have a new cell phone plan option that allows them to monitor the whereabouts of their children. The systems allow parents to keep tabs on their children via the Internet. However, some parents are working through their feelings of uneasiness that the new service invades their children’s personal privacy. The cell phone companies said they attempted to balance privacy and safety concerns after consulting with missing-children advocates, law enforcement and educators. [Source]

US – Non-Profits Ask Court to Strike Down Do-Not-Call Law

Attacking one of the toughest DNC laws in the country, the National Coalition of Prayer and other groups are asking a federal appeals court to rule that Indiana’s DNC law violates free-speech rights. While the law allows charities to solicit funds by telephone, they may not rely on professional telemarketers to make those calls. The Indiana Office of the Attorney General defended the law, arguing that it balanced First Amendment rights with the privacy of household members. [Source]

US – FTC Files Suits Against 5 Web Sites for Sale of Confidential Phone Records

The FTC is continuing its crackdown on the online sale of consumers’ confidential phone records. The FTC sued the Web-based operations in federal court in five states. The complaints also seek orders against the companies to force them to stop sale of telephone records and to forfeit the proceeds from the sale of those records. [Source] [Source] [Source]

US – FBI Sought Data on Thousands In 2005

According to new data released by the Justice Department, the FBI sought personal information on thousands of Americans last year from banks, ISPs, and other companies without having to seek approval from a court. The new statistics provide the latest measure of the government’s rapidly expanding anti-terrorism activities, which include a wide range of secret warrants and powers aimed at monitoring suspicious behaviour and preventing attacks. Meanwhile, the FBI’s use of the Patriot Act provision that lets it make secret requests for subscriber information from ISPs drew scrutiny from US senators yesterday. [Source] [Source]

US – Federal Privacy Officers Move Past Policy Roles

Federal privacy officers want to move beyond the policy enforcement role they gained under the 2002 E-Government Act and other laws to position themselves as promoters of their agencies’ IT missions. A panel of privacy specialists at last week’s Interagency Resources Management Conference discussed how privacy officers’ jobs have evolved along with IT managers’ understanding of the issues. Panelists said federal privacy officers shouldn’t be typecast in the role of Dr. No. Barbra Symonds, director of the IRS’ Privacy and Information Office, and Jim Dempsey, policy director of the Center for Democracy and Technology, described different ways privacy officers can shed the naysayer stereotype. “I like to call us the friendly auditors,” Symonds said. She emphasized the need to convince IT officials to build privacy controls into systems as they are being developed. [Source]

US – Canadian Visitors Could Face Screening

Canadian travellers who look sick to flight attendants could be pulled off a plane and forcibly detained under proposed new quarantine regulations by the U.S. Centers for Disease Control. The controversial plan, aimed to better detect and contain a pandemic flu or other infectious diseases, would affect all travellers on airlines, cruise ships and at border entry points. Civil liberty activists are opposed to the plan, saying it expects people with no medical background to diagnose passengers. Airlines asked to check ailing travellers Civil liberty groups slam proposal. The Air Transport Association of Canada objected to the data collection proposal in a written submission to the CDC in February and a spokesperson last week said the plan would involve staggering costs in computer reprogramming. [Source]

US – Feds Release Terrorist Travel Ban Strategy

The government has drawn up its first strategy aimed at limiting terrorists’ ability to travel, though acknowledging the U.S. could be years away from successfully clamping down on the threat. At Congress’ request, the National Counterterrorism Center assembled the 60-page document, released last week, to lay out programs aimed at preventing terrorists from traveling in the U.S., including watch lists, airport screening and enhanced passport requirements. Others are less visible, such as newly formed terrorism task forces. The document, which took almost a year to draft, says that border security organizations need to increase the number of tips they pass on to law enforcement agencies, that information on terrorists’ travel needs to be shared with allies and that other countries must be encouraged to shut down illegal immigrant smugglers and document forgers. [Source] National Counterterrorism Center:www.nctc.gov

US – Feds’ Watch List Eats Its Own
Newly released government documents show that even having a high-level security clearance won’t keep you off the TSA’s Kafkaesque terrorist watch list, where you’ll suffer missed flights and bureaucratic nightmares. Attorney Marcia Hoffman with the Electronic Privacy Information Center, who obtained the documents under the Freedom of Information Act, emphasizes that “an effective redress process to clear your name from the list is critical.” [Source] See also http://terrorwatchlist.org/

US – Senator Releases Draft Telecommunications Legislation

The U.S. Senate took the first serious step toward rewriting the nation’s telecommunications laws, a move that raises politically sensitive questions about digital copyright and Net neutrality and that could take years to complete. Ted Stevens, chairman of the Senate Commerce Committee, released a 135-page draft bill that represents the most sweeping rewrite in a decade of laws dealing with video, satellite and broadband communications. [Source] [Text of Proposed Legislation]

US – Online Data-Broker Bill Passes in House

In a unanimous vote Tuesday the U.S. House of Representatives passed H.R. 4709, the Law Enforcement and Phone Privacy Protection Act of 2006. The bill introduced by Rep. Lamar Smith, R-Texas, back in February 2006 would amend Title 18 to provide criminal penalties for fraudulent sale or solicitation of unauthorized disclosure of phone records. The bipartisan legislation was approved by a vote of 409-0. “Few things are more personal and potentially more revealing than our phone records,” Smith said in a statement. “A careful study of these records may reveal details of our medical or financial life. It may even disclose our physical location and occupation – a serious concern for undercover police officers and victims of stalking or domestic violence.” [Source]

US – Revised Hawaiian Law May Increase Wiretaps

State law enforcement agencies may be more likely to ask judges for wiretap authority now that state lawmakers have agreed to eliminate a requirement for a closed adversarial hearing before approval is granted. Prosecutors and police have rarely asked for wiretaps under the state’s electronic surveillance law because of the requirement for an adversarial hearing, where a defense attorney is appointed by the court to potentially challenge evidence presented by law enforcement. Police on O’ahu could not recall using the state’s law for a wiretap since a sports betting case in 1998. [Source]

US – Arizona Data Security Bill Criticized

Consumer advocates have criticized Arizona’s data breach legislation because it allows organizations to determine if a breach is serious enough to deserve consumer notification. Critics believe that effective state data protection laws should be similar to California’s 2003 security law. Arizona’s bill has been approved by the state legislature and must now be signed by the governor before it can be enacted. [Source]

US – Pennsylvania Senate Wants Hearings on Bill About Data Recorders In Vehicles

A bill to require car dealers to tell car buyers if an automobile contains an event data recorder, or EDR, that records accident-related information, suffered a serious setback last week. Instead of voting on the bill, as supporters had hoped, the state Senate voted to delay action by sending it back to the Transportation Committee. The panel will hold hearings around the state this summer, but the measure won’t come up for a vote before October, said Sen. Roger Madigan, transportation chairman. Mr. Madigan, a co-sponsor of the bill, was disappointed at yesterday’s action, calling it “bad for consumers.” [Source]

CA – Manitobans Want Big Brother to Back Off

A lot of us think Big Brother is watching and we don’t like it, a conference of government information and privacy officers was told last week. Some 325 delegates at a Privacy in the Public Sector conference at a downtown hotel yesterday were warned public patience with the way private information is collected and stored by governments is surrounded by suspicion. “In Manitoba, 52% of Manitobans do not trust government to do the right thing to protect their information,” British Columbia-based information expert David Flaherty told the conference, citing a 2005 study prepared by Toronto-based EKOS Research Associates for the Office of the Manitoba Ombudsman entitled Privacy and Security, a Manitoba Perspective. “There is a significant distrust and suspicion regarding government collection and use of personal information,” concluded the study, citing a large number of Manitobans believe the federal government (52%) and the provincial government (42%) have one large database containing all their personal information. Because of that suspicion, 70% of Manitobans say that there is “no real privacy” because government access to personal information is so great, their most sensitive secrets are not protected from prying eyes, the EKOS study said. The study was based on two surveys – telephone survey of 500 Manitobans in January 2005 and a mail-in questionnaire of 221 Manitobans last February and March. Flaherty acted as an adviser to the federal government on its omnibus privacy law, the Personal Information Protection and Electronic Documents Act. He was speaking to government privacy and information officers. People are suspicious, partly out of ignorance because they don’t understand how privacy laws work, he said. For instance, only one third of people even know that the province actually has privacy laws that are intended to safeguard their most sensitive secrets. When they seek out their files, they don’t head to privacy officers in government agencies or even the province’s ombudsman office, which governs privacy and access to information laws. Instead, 39% of people go to the police to find out what the government has on them. And another 7% lawyers to find out for them. “My God, you’ve got to have deep pockets to go to (lawyers),” Flaherty said. Other suspicions are warranted, Flaherty said. “People are really worried about identity theft,” the privacy consultant said, adding people have good reason to be concerned. [Source: Winnipeg Free Press ]

--------