CA – Biometric Screening Program Planned for Visa Applicants

The Conservative government, concerned about negative media coverage and public concerns over privacy issues, is taking a “low-key” approach to its plans to launch a six-month trial later this year of controversial biometrics screening technology at key entry points for immigrants and refugees, according to internal documents. The $3.5-million trial program will take place at two Canada-U.S. border stations in B.C., Vancouver International Airport, a refugee processing centre in Etobicoke, Ont., and visa offices in Seattle and Hong Kong. Newcomers will be screened using the latest technology to capture digitized photographs and inkless fingerprints from visa applicants and refugee claimants. The initiative, if it leads to what officials call a “full biometric” program for all immigrants and refugees, is intended to improve security, confirm the identity of immigration and refugee applicants, fight fraud, speed up legitimate travel, and meet U.S. demands for tighter border security in the post-9/11 era. “The field trial is considered to be a high-profile deliverable for Canada as it helps meet commitments made under the 2001 Canada-U.S. Smart Border Action Plan,” the Citizenship and Immigration deputy minister wrote in a March 15 briefing note endorsed with the signature of Immigration Minister Monte Solberg. [Source] [Source] [Source]

JP – Privacy Concerns Grow Over Fingerprint Cards for Passengers

The Diet is expected to pass a bill to create an immigration system that uses fingerprints for passport control despite increasing concerns the biometric information could be leaked around the world. The Lower House has already passed the bill to revise the immigration control law. Discussions are now underway at the Upper House. Under the proposed system, passengers with integrated circuit cards containing fingerprint information and other data will be able to skip long lines for passport control procedures. [Source]

EU – Biometric Passports for Romanians

Starting with 1 January 2007, passports containing electronic chips will be put into circulation for the Romanian citizens. The passports will include a storage system (probably RFID) for personal data, including a facial image and digital fingerprints. [Source] [Source]

CA – PEI’s Privacy Commissioner Takes Sick Leave, Citing Workload

Prince Edward Island’s Privacy Commissioner, Rebecca Wellner, filed an annual report this week saying there is too much work for her to complete in her part-time capacity, currently limited to 22.5 hours weekly. Wellner had asked that the position be made full time, but the legislative management committee denied her request. [Source] [Minister surprised by overwork complaint]

CA – B.C. Bills 23 and 30 Deferred Indefinitely.

Two bills that would have greatly restricted the public’s access to government information have been deferred indefinitely. In a surprise move, and citing concerns that were raised, Government House Leader Mike De Jong told the BC Legislature on May 10 that Bill 23, the Public Inquiry Act (which would have allowed cabinet to keep secret the final reports of public inquiries) will not proceed this session, saying “Government believes it would be beneficial to hear further from those with views.” Also deferred will be section 9 of Bill 30, which would have allowed government to keep secret information from its public-private business partnerships. De Jong noted objections to the bill by Information Commissioner David Loukidelis. De Jong didn’t mention if these bills would ever be reintroduced, but because of so many complaints being raised to them over the past week, it seems unlikely they will be reintroduced in their original forms. De Jong’s announcements were greeted with applause in the house. [Source]

CA – Do-Not-Call Telemarketing Registry Near

Ottawa is developing rules to implement the long-awaited national Do-Not-Call Registry to help consumers avoid telemarketers. It will likely be more than a year before all the rules – including fines as high as $15,000 for ignoring the registry - are put in place, according to the CRTC. The regulator now is developing the registry, which has been talked about in Ottawa for more than four years. “Many Canadians consider telemarketing calls to be an invasion of privacy,” Richard French, CRTC vice-chairman of telecommunications, said last week as he opened public hearings on rules for the registry. [Source] [Source]

CA – Canadian Pilots Fed Up With Airport Screening

An organization representing Air Canada pilots says hassles with airport security screening are leaving its members so frustrated and angry that some of them are distracted when they sit down to fly passenger aircraft. The Air Canada Pilots Association says that, five years after the Sept. 11 terror strikes, its pilots are still needlessly subjected to the same level of pre-boarding screening and baggage searches as their passengers – an absurd situation, given that they fly the planes. The association says it has received “complaints from pilots who are finding the screening process increasingly annoying, often demeaning and in some cases so enraging that they find themselves unable to properly focus on their duties when they get to their cockpit shortly thereafter.” [Source]

WW – Study: Why Phishing Works

“Why Phishing Works” a paper by Rachna Dhamija of Harvard University and Marti Hearst and J.D. Tygar of the University of California at Berkeley, found 90% of persons asked couldn’t distinguish fakes from real email messages from brand-name companies, regardless of their computer experience. A fifth of persons didn’t look at cues, like the address bar, the status bar, or security indicators. The three authors wanted to find out what precautions against phishing would be most effective. [paper]

UK – Info Commissioner Pushes Jail for Illegal Data Traders

UK Information Commissioner Richard Thomas said sanctions, including jail terms of up to two years, were needed to halt the growth of an industry dedicated to the buying and selling of private records including ex-directory numbers, bank account details and personal addresses. Mr Thomas is using special powers under the Data Protection Act for the first time to present Parliament with a report because of his “deep concern” over the issue. The report called “What Price Privacy?“, says private investigators and “tracing agents” are the main suppliers of the confidential information. They use methods such as the bribing of staff or the impersonating on the phone of officials or victims to get hold of the private data. [Source] [Source] [Press Release] [Report FAQ]

EU – Parliament Members Want More Privacy in SIS II

The Committee of Civil Liberties, Justice and Home Affairs at the European Parliament this week debated the draft Regulation on the establishment, operation and use of the second generation Schengen Information System (SIS II). There was a consensus among members of the committee that better privacy safeguards are needed for the SIS II, especially because it will contain sensitive biometric data. The draft report on the proposal for the Regulation from the MEP Carlos Coelho highlights that “a ‘bigger system’ requires ‘bigger safeguards’. Consequently amendments for improved data protection standards are put forward. A sense of priority for data protection has to be displayed.”

[ EU parliamentarians demand better privacy protection for Schengen Information System (5.05.2006) ]

[ Draft Report on the proposal for a regulation of the European Parliament and of the Council on the establishment, operation and use of the second generation Schengen information system (SIS II) (31.03.2006) ]

[ MEPs amendments to the proposal (25.04.2006) ]

[ Proposal for a regulation on the establishment, operation and use of the second generation Schengen information system (SIS II) (31.05.2005) ]

[ Declaration adopted at the Conference of European Data Protection Authorities (25.04.2006) ]

US – Minnesota Lawmakers Considering Ways to Fight ID Theft

As the Minnesota Legislature considers credit-freeze legislation as a way to cut down on ID theft, some lawmakers are concerned about the proposal’s impact on stores that seek to offer consumers instant credit. The Senate version of the bill allows any Minnesota resident to place a freeze on their credit. But the House version would apply only to victims of ID theft who file a police report. According to this article, 12 states have credit-freeze laws and eight of those states allow anyone to freeze their credit. [Source]

CA – Banks: It’s Time to Change Branch Insurance Restrictions

With the upcoming review of the Bank Act, banks are stepping up pressure to overhaul the restrictions that prevent them from displaying insurance brochures or making insurance referrals through local branches. Banks contend that giving their customers access to their insurance products is a wise policy. But the association that represents financial advisors, which supports the branch ban on marketing of life and health insurance, said consumer privacy is at stake if banks are allowed to use or share their customers’ information to generate more business. [Source]

CA – Money Laundering Watchdog Tweaks Reporting Rules

Canadian financial institutions, casinos and other businesses must report large cash transactions and suspicious activities to a federal agency whose job is to fight money laundering and fraud. Some of the rules for that reporting will change at the end of this month, and businesses and their software providers must make adjustments. [Source]

UK – Ministers Pledge to Tighten Investor Privacy

Ministers pledged on Tuesday to tighten the law to allow companies to shield small shareholders’ addresses from groups that could use this information to “harass or intimidate” them. The promise of legal action follows the move by animal rights activists to turn their campaign of intimidation to small investors. Letters sent this week to shareholders in GlaxoSmithKline warn their addresses will be posted on the internet unless they sell their shares within a fortnight. [Source]

US – N.J. Bill Aims to Close Loophole Allowing Sale of Personal Financial Data

Under a bill filed in New Jersey, banks, investment firms and other financial institutions would be prohibited from selling customers’ information to marketers, including credit reports, charitable donations and bank statements. The bill would prohibit the sale of the private information to outside entities. However, it would allow the firms to share the data with affiliated businesses. The bill would require customers to provide the financial institutions with written permission before they could disclose any data that is not a public record. [Source]

US – Judge Strikes Down Part of DNA Databank Law

At least a part of the DNA registry that helped crack two Vermont murder cases has been ruled unconstitutional by a Vermont judge. It’s an issue that pits the privacy rights of some criminals against police power to preserve potential evidence. Eight years ago, Vermont became the last state to enact a law that requires felons convicted of violent crimes to provide a DNA sample for storage in the FBI’s national databank. Last year, the legislature expanded the law to include DNA collection from non-violent felons, such as burglars, drug dealers and chronic drunk drivers. But a judge has now ruled that the expanded DNA law is illegal. “Well we were surprised with Judge Levitt’s ruling given the weight of cases around the country,” said Bill Sorrell, D-Vt. Attorney General. [Source]

CA – Medical Record Fee Flap Reaches Privacy Commissioner

The Ontario Hospital Association said the provincial government’s proposal to amend regulations that govern how much the public pays for access to their medical records is unnecessary and could potentially result in increased cost to the patient. The OHA issued its response earlier this week at the end of a 60-day period that followed the publication of a proposed regulation by the Ministry of Health and Long-Term Care to amend Regulation 329/04 under PHIPA. [Source]

ON – E-Health Centre to Test Patient Records Systems

Following the completion of its initial pilot phase earlier this spring, Canada Health Infoway and the Centre for Global eHealth Innovation on Monday officially launched the e-Health Collaboratory at the Centre’s site at Toronto General Hospital. The Collaboratory, a non-profit initiative between Infoway and the Centre, was designed to help vendors comply with Infoway’s standards for electronic health records called the Standards Collaboration Process (SCP). [Source]

US – New Hampshire Bill Would Restrict Sale of Prescription Info

New Hampshire’s state Senate voted overwhelmingly last week for a first-in-the-nation proposal to bar pharmaceutical companies from obtaining doctors’ prescription information to increase sales. The bill would prohibit pharmacies, benefits managers, insurance companies and data-mining companies from selling, transferring and using prescription information for commercial purposes, including any purpose “that could be used to influence sales or market share of a pharmaceutical product, influence or evaluate the prescribing behavior of an individual health care professional.” The bill would make New Hampshire the first state with such a ban. [Source]

US – Feds Want HIV Tests to Become Routine

Federal officials are reportedly planning to recommend U.S. physicians provide routine HIV testing for all of their patients ages 13 to 64. Centers for Disease Control officials say they will make that recommendation as part of a sweeping revision of HIV guidelines, along with no longer requiring patients to sign informed-consent forms before submitting to an HIV test. [Source]

US – Privacy Groups Balk at Tracking Travelers’ Personal Info

Privacy advocates are raising concerns about a proposed Health and Human Services (HHS) Department rule designed to make it easier to track communicable diseases that travelers may have brought back from overseas trips. HHS proposed the rule last November, in part as a response to difficulty in tracking down passengers who may have been exposed to SARS in 2002. The proposed rule would require airlines and passenger ships to maintain passenger flight information for 60 days. Such information is often kept for less than 48 hours. [Source]

US – Pentagon Warns Conference Attendees Data May Be at Risk

The Pentagon has sent warning letters to thousands of people who may have had their personal data stolen, advising them that they may be at risk of identify theft and other fraudulent activities. Most of those affected used an online registration for an August 2001 Defense Department conference on health-care fraud. Names, Social Security numbers, credit card numbers, employer identification and other personal information were entered into a computer database by conference attendees, a Defense Department spokeswoman said. [Source]

US – Idaho Power Drives Sold on eBay Not Adequately Scrubbed

Idaho Power Co. is trying to track down old company hard drives that were sold on eBay without going through prescribed scrubbing procedures. The data on the drives includes memos, customer correspondence and confidential employee data. Idaho Power recycles old drives through a salvage vendor. The power company has launched a private investigation into why scrubbing procedures were not followed. According to a Gartner survey, approximately 30% of organizations use third party companies to dispose of PCs and servers they are no longer using. Idaho Power says it will now destroy old drives rather than recycle them. [Source] [Paper]

US – Mandate for ID Meets Resistance from States

Reacting to the Sept. 11 attacks, Congress passed the Real ID law last year, intending to make it tougher for terrorists to obtain driver’s licenses and for people without proper identification to board planes or enter federal buildings. But with the deadline for setting up the law two years away, states are frustrated. They say the law - which requires states to use sources like birth certificates and national immigration databases to verify that people applying for or renewing driver’s licenses are American citizens or legal residents – will be too expensive and difficult to put in place by the May 2008 deadline. Another issue is the privacy impact of the requirement that states share, through databases, the personal information needed for a driver’s license. Concerns are so great that last week, the National Governors Association, the National Conference of State Legislatures and the American Association of Motor Vehicle Administrators issued a report saying that the states have not been given the time or money to comply with the law and that they need at least another eight years. Two states have considered resolutions calling for the law to be repealed, the New York City Council passed a resolution opposing it and New Hampshire is considering opting out entirely. [Source]

US – Bush Creates Task Force to Fight ‘Horror’ of Identity Theft

U.S. President George W. Bush this week announced the creation of a top-level task force to combat what he called “horror stories” associated with the rapidly growing crime of identity theft. Bush said the panel has been created to “not only put those people who commit identity fraud in jail, but to help the victims of identity fraud.” He also called attention to new U.S. laws cracking down on convicted identity thieves, imposing stiffer fines and prison terms. “I signed laws enhancing penalties. Now what we’re going to do is make sure that the 13 governmental agencies involved with identity theft have a well-coordinated strategy to help the victims and to put those who commit the theft behind bars,” the president said. At a press briefing following Bush’s remarks, US Attorney General Alberto Gonzales said he, along with Federal Trade Commission chairwoman Deb Majoras, will co-chair the panel tasked with fighting identity theft. [Source] [Source] [Fact Sheet: The President’s Identity Theft Task Force]

CA – Need to Show Passports at Borders Sends a Chill Across North America

Americans phoning for theatre tickets this summer at the annual Shaw Festival in Niagara-on-the-Lake, Ontario, can expect to be asked for more than their seating preferences and credit card details. The festival’s organizers also want to know whether their customers have a passport and, if not, whether they intend to get one. The organizers have reason to be worried, as Americans make up 40% of the festival’s business. Under changes to the US Immigration and Nationality Act passed by Congress in 2004, anyone entering the US will soon require a secure, fraud-resistant travel document, confirming both identity and citizenship. Only 25% of Americans own a passport, which is the only document that meets the legislation’s criteria. The new rules, known as the Western Hemisphere Travel Initiative (WHTI), are part of the Bush administration’s drive to tighten border security since the September 11 attacks. [Source]

US – Citibank Issues Two-Factor Authentication Tokens

Following a similar move by UK bank HSBC, Citibank is issuing anti-phishing tokens to its business customers to bolster online security. When the clients log into the bank’s Web site, they will be asked to provide a password and the unique passcode generated by the Vasco device. [Source]

WW – Windows Vista Will Doom Anti-Spyware Makers, Report Says

A Yankee Group report predicts imminent doom for anti-spyware makers with the release of Windows Vista. But don’t plan a funeral for WebRoot and Ad-Aware just yet. First, Microsoft has to sell the darned operating system. [Source]

IN – Indian Outsourcers to Set Up Security Audit & Oversight Body

India’s IT trade association plans to establish a new regulatory security body to reassure customers concerned about recent security breaches. The independent body will receive $300,000 of initial funding, and membership fees will cover its future costs. Sunil Mehta, vice-president of the National Association of Software and Service Companies (Nasscom), said the organization would audit members’ security procedures and monitor any breaches; and would impose penalties on non-compliant companies. The security scheme has been set up following allegations of employee fraud in the Indian outsourcing sector last year, and of staff selling on customer data. [Source] [Source]

US – An Open Letter to Google: Concepts for a Google Privacy Initiative

Lauren Weinstein of People for Internet Responsibility (PFIR) has written an open letter to Google outlining concerns about Google’s immense data processing, storage, and related infrastructures and how these might be abused in the future, particularly by outside entities in a position to force Google’s hand despite Google’s own best intentions. [Source]

CA – Spyware Workshop in Ottawa Planned For May 16^th

CIPPIC is co-hosting a full day public workshop on spyware, in Ottawa, on May 16th. [Conference site]

JP – Yokohama Government to Submit Citizens’ Data to Juki Net

The Yokohama municipal government announced that it will send all data on citizens to the Basic Residents’ Registration Network, abolishing its policy of giving residents the chance to opt out of having personal information posted on the network for the reason of privacy. The municipality has registered residents for the network, better known as Juki Net, only when they gave permission. About 826,000 citizens have chosen not to be included. Data on unregistered citizens will be sent to the network starting in early July. [Source]

US – FCC’s Wiretap Arguments ‘Gobbledygook’: Judge

A U.S. appeals panel sharply challenged the Bush administration last week over new rules making it easier for police and the FBI to wiretap Internet phone calls. A judge said the government’s courtroom arguments were “gobbledygook.” The skepticism expressed so openly toward the administration’s case encouraged civil liberties and education groups that argued the United States is improperly applying telephone-era rules to a new generation of Internet services. “Your argument makes no sense,” U.S. Circuit Judge Harry Edwards told the lawyer for the FCC, Jacob Lewis. “When you go back to the office, have a big chuckle. I’m not missing this. This is ridiculous. Counsel!” At another point in the hearing, Edwards told the FCC’s lawyer that his arguments were “gobbledygook” and “nonsense.” The court’s decision was expected within several months. [Source] [Source] [Source]

US – Rhode Island House Passes Anti-RFID Bill

The House of Representatives in Rhode Island on April 26 approved a bill (HR 7432) saying, “Except where provided by federal law, no state or municipal agency, or any subdivision thereof, shall use, or request, the use of Radio Frequency Identification Devices for the purposes of tracking the movement or identity of any employee, student or client, or of any other individual as a condition of obtaining a benefit or service from such agency.” Before the vote, legislators added amendments to exempt most corrections, child-welfare, and emergency medical uses from the prohibition. The Senate Judiciary Committee is now considering the proposal by Rep. Charlene Lima. [Source: Privacy Journal]

UK – Tag, You’re It: RFID Lets Boss Track Workers

A Cambridge, UK-based form, Ubisense, is promoting a technology that promises to create new opportunities – as well as controversy. Ubisense specializes in radio frequency identification (RFID), which uses electronic tags for storing data. The company, which employs 10 people in its U.S. headquarters in Greenwood Village, has developed precise, real-time location systems that can locate employees and objects as close as one foot away through RFID tags and 3-D computer monitors. [Source]

US – Consumer Reports Finds Personal Privacy Concerns in Planned RFID Uses

A three-month investigation in the June 2006 issue of Consumer Reports has found the RFID industry lacking in the necessary measures to strengthen tag security against identity thieves. The idea that a tiny radio chip might be traveling in their shirts or shorts doesn’t sit well with Americans. The public unease has put the RFID industry on the defensive and its leaders proclaim the importance of addressing the consumer’s privacy concerns. But when Consumer Reports asked to discuss the subject with executives of one company, attempts were stonewalled by public relations representatives. “It’s essential to develop the proper framework to protect consumers from the unprecedented privacy and identity theft risks that come with RFID,” said Andrea Rock, senior editor at Consumer Reports. [Source]

US – Levi Strauss Deploys Item-Level RFID Tags

Levi Strauss is testing RFID on men’s jeans sold in one U.S. store and on pants in two stores in Mexico. The company hopes the tags, which are removed when the pants are bought, will allow quicker restocking and fewer empty shelves. [Source]

US – Radio ID Technology Spreads; Privacy Activists Dig In

As radio-frequency identification (RFID) technology continues to spread through the marketplace, privacy and consumer advocates are continuing their campaign for regulation of this controversial tracking technology. Now they are joined by lawmakers pushing legislation to curb RFID use by government agencies. The most recent battle over RFID use played out this week in New Hampshire, where Senators considered a bill to prohibit state participation in the Real ID Act, a federal bill to standardize government-issued identification across states. Though the bill received the green light in the house, senators did not approve it, instead voting 14-9 to establish a commission to report on the pros and cons of Real ID. Privacy concerns stood among the main reasons prompting public interest groups to reject Real ID, especially surrounding the potential for future RFID requirements for state IDs. Aside from New Hampshire, some states are considering laws that provide more oversight of RFID use. Last week, lawmakers in Wisconsin approved a bill that prohibits requiring a person be implanted with an RFID chip. The governor is expected to sign the measure. Rep. Marlin Schneider, sponsor of the bill, said that “companies can or will be ordering their employees to have chips implanted. We want to stop that before it begins.” Bills in other states, however, have met resistance, and watchdogs say industry pressure is to blame. In California, a bill that would place a three-year moratorium on RFID chips in state IDs that passed the senate has been stuck in an assembly committee since last year. Similarly, the New Hampshire house passed a comprehensive bill regulating use of RFID last January. However a senate amendment stripped away regulatory powers, paring the bill down until it merely created a study committee. Bills restricting use of RFID or requiring labeling and notification of RFID use have also failed in South Dakota, New Mexico, Montana, Nevada and Missouri. McIntyre believes that the RFID industry is not only succeeding in killing legislation regulating their products but also in overloading consumers to “make them think it’s a done deal.” [Source]

UK – Chip and Pin Payments Halted at Some UK Shell Stations

Shell has stopped accepting chip and pin payments at 600 of its fuel stations in the UK after learning that thieves misused the system to steal approximately GBP 1 million (US$1.86 million) from customer accounts. Eight people have been arrested in connection with the scheme, which is reportedly limited to the Shell chain. [Source]

CA – IBM Canada Bumps Up Security Investments by $43 Million

Funding will go towards identity management and SMB services: IBM Canada said this week it plans to invest $43 million in its security operations over the next three years due to the rapid expansion of a market that is growing beyond its expectations. IBM Canada opened a Security Operations Centre in Markham, Ont., in 2004 with an initial investment of $40 million over five years. Another $43 million is necessary to keep up with the demand for security services from Canadian enterprises, said Nicole Stampatori, IBM Canada’s national practice leader for security, identity and privacy. Since the SOC opened, IBM has largely focused on delivering managed services like intrusion detection, anti-virus, anti-spam. The fresh investment will allow the company to expand those services - particularly to small and medium-sized businesses - and bolster other areas like identity management. A lot of enterprises have dealt with their perimeter security requirements and are now addressing their internal issues, like reporting and staff management, said Stampatori. “Compliance, as an example, is driving a lot of companies (towards) a really good understanding of who connects to what system and the reports that can show that yes, this person has gotten access to this system,” she said. [Source]

AU – Feds Confirm Smart Card, Centrelink Spending Despite Privacy Concerns

The Australian federal government confirmed it had allocated AU$1.09 billion over four years to a controversial health and welfare access card scheme, which a private consultant said would save AU$3 billion over 10 years. In 2006/07 budget documents, released this week, the government said current systems would remain in place until early 2010, after which anyone wishing to interact with agencies would have to obtain a card. Hockey also announced an additional AU$115 million over two years to boost Centrelink’s call centre capabilities, saying demand had increased by 12% per year over the last four years. Centrelink was now trying to handle 22 million calls per annum. A significant proportion of the funding would go to enhancing phone voice recognition services, with an additional 25% of customers expected to use the option by the end of 2007-08. [Source] [Source] [Opposition]

AU – Smartcard Chief Resigns, Concerns Include Privacy

James Kelaher, a principal adviser on the Australian Government’s new smartcard project has resigned in protest saying that it is being rushed and is missing necessary third-party advice and safety measures. After warning Human Services Minister Joe Hockey against financial management and privacy protection plans for the $1 billion dollar ID card project, Kelaher quit from the project saying that he does not agree with the rushed way in which such a sensitive project was being approached. [Source] [Source] [Source]

AU – Supermarkets May be Given Access to “Smart Card” Info

Federal Human Services Minister Joe Hockey has signalled that private sector companies like banks and supermarkets may be given access to information stored on the Government’s “smart card”. [Source]

AU – Privacy Officer to Monitor Smart Card

Privacy concerns about a new health and welfare smart card will be monitored by a senior public servant. The position of senior privacy and consumer adviser has been announced by Human Services Minister Joe Hockey. “Their role will be to liaise with both privacy groups and with consumer groups on a regular basis,” Mr Hockey said. The announcement follows concerns from privacy advocates and minor parties. [Source] [Source]

US – NSA Secretly Collects Phone Records of Ordinary Americans

The National Security Agency has secretly collected telephone records of tens of millions of Americans with the help of major telecommunications companies, sources with direct knowledge of the program told USA TODAY. Three major telecommunications companies are working under contract with the NSA program, which was created after the Sept. 11 terrorist attacks as a way to analyze calling patterns in an effort to detect terrorist activity. According to the sources, the companies are not providing the spy agency with the callers’ names, street addresses and other personal data. The NSA’s spokesman refused comment. [Source] [NSA secret database report triggers fierce debate in Washington] [Coverage] [Bush Is Pressed Over New Report on Surveillance] [Specter wants to know about NSA phone database] [Congress Demands Phone Records Answers] [Conservatives shocked by NSA phone program] [Both Parties Condemn Practice] [Anger Grows] [Coverage] [ Report on NSA brings surveillance in focus] [ ‘Climate has changed’ for data privacy ] [ Nation Split on NSA Records Collection ] [ FISA and the Patriot Act Are the Abuse ] [Commentary] [Background] [Q&A] [Bush denies spying infringes on privacy] [Bush Defends Spying] [Lawmakers Call for Hearings; Report May Complicate Hayden Confirmation at CIA ] [New York Times Editorial] [Boston Globe Editorial]

US – Qwest Praised for Rejecting NSA’s Request

Privacy-conscious customers took refuge in the apparent security of Qwest as reports this week said that the Denver-based company - the largest landline phone service provider in Utah - had turned down a warrantless request by the federal government for its customers’ records. Activists on the political left and far right already have launched campaigns to persuade people to switch to Qwest, which was being hailed by some as a “corporate hero.” [Source]

HK – Shady Practices Unregulated In Wiretapping Law

Hong Kong legislators say the government’s narrow definition of covert surveillance means a number of dubious practices, such as stalking, will not be bound by any rules under the new wiretapping law. The government’s response: you’re absolutely right. The draft bill, which must be passed before legislators recess for the summer on July 12, seemed to be making quick progress after lawmakers moved to a clause-by-clause reading of the bill Tuesday. But it hit a snag just a few clauses into the dense and complex draft law when pro-democratic legislators argued that the bill’s limited definition of “covert surveillance” left far too many shady practices unregulated. [Source]

US – Illinois City’s Cameras Prove Expensive and Unhelpful

In May 2005, the Evanston City Council voted to install 57 surveillance cameras on city property hoping to prevent crime and catch criminals. But one year later, many residents still doubt the benefits and fear infringements on their privacy. The cameras are not monitored, said Max Rubin, Evanston’s director of facilities management. They record digital video to city computers that can be reviewed after an incident. But library officials said the three times they attempted to use the video to investigate incidents, the images captured were not useful for identifying suspects. “We haven’t been able to see the images clearly enough,” said the library’s administrative services manager. “There were no resulting charges brought.” Still, Gottschalk said the cameras are “absolutely worth it” because they should deter crime. [Source]

CA – Vancouver Police Chief Wants Surveillance Cameras

Vancouver police Chief Jamie Graham wants the city to reconsider plans for closed circuit TV surveillance cameras to monitor public spaces. Graham said with the 2010 Olympics on the horizon, it’s time to take another look at video surveillance to help deal with the threat of terrorism. An earlier police proposal focused on street-level crime in the city’s Downtown Eastside. But the police board scrapped the plan two years ago because there was no evidence the cameras did anything to prevent crime. Graham said with the Olympics on the way, he wants to revive the proposal. “We live in a dangerous world and we’re about to host one of the biggest sporting events in the world, and we want to be careful. [Source]

US – Cell Phone Industry Ask Congress to Clarify Police Tracking Powers

A lawyer who represents cell phone providers said the industry wants clear, standardized rules regarding law enforcement’s practice of real-time tracking of suspects by their cell phones. The Justice Department has maintained that a combination of laws, including wiretap laws, allows law enforcement to track suspects without probable cause. The issue was the subject of a panel discussion at the Computers, Freedom and Privacy conference. [Source]

US – Bush’s CIA Pick Fuels Warrantless Wiretap Debate

By formally nominating Gen. Michael Hayden to head the embattled Central Intelligence Agency, U.S. President George W. Bush is inviting a renewed national debate on his controversial wiretapping program. It was Hayden, as the former director of the National Security Agency, who publicly and vigorously defended the wiretapping program he helped establish and which was conducted in secrecy until revealed in December by The New York Times. While the wiretapping controversy could dominate Hayden’s coming U.S. Senate confirmation hearings, there is also substantial resistance among members of both parties to a career military man being placed in control of a civilian intelligence agency still reeling from its failure to detect the Sept. 11, 2001 attacks and its role in providing flawed intelligence in the run-up to the 2003 Iraq invasion. [Source] [Source] [Source]

US – NHC Settled With FTC over Dumping Data

Some data protection cases are complex and difficult for the FTC to prove. Then there is the case of Nations Title Agency (NTA) and its parent company, Nations Holding Company (NHC). The FTC claims that the NHC, a real estate services firm with operations in 44 states, tossed consumer home loan applications in an unsecured dumpster. This was just one among a laundry list of lax security practices the FTC lodged against the company, which promised consumers that it maintained “physical, electronic and procedural safeguards” to protect data. NHC settled with the FTC this week, agreeing to not misrepresent the extent of its data protection safeguards. The company also agreed to establish and maintain a comprehensive information security program subject to third-party audits for the next 20 years. [Source]

US – CDT Analysis: Federal Data Breach Notification Law Unlikely This Year

In the wake of a series of data breaches in early 2005, the U.S. Congress seemed ready to move quickly on legislation that would require companies to notify customers when their personal information had been compromised. Now, more than a year after data breaches at ChoicePoint Inc. and LexisNexis set off a national debate about identification theft and data security, time is running out for Congress to pass a law before it finishes business this year. Some proponents of a national breach notification law say it’s unlikely that Congress will be able to pass a law by then. Lawmakers have introduced more than 10 bills dealing with data breach notification since early 2005. The bills differ in several ways, including varying requirements about when a breached company should notify customers and whether consumers should be able to freeze their credit reports following a breach. Beyond the confusion about the differences in the bills, five congressional committees have claimed jurisdiction over some of the data breach bills. “It’s certainly a popular and pro-consumer issue to tackle,” said David Sohn, a staff counsel at the Center for Democracy and Technology, a privacy and civil rights advocacy group. “It’s difficult to see how Congress will reconcile all the bills.” [Source]

US – Federal Bill Requires Feds Be Notified of Data Breaches

A new proposal in Congress would force anyone who possesses electronic personal data to report “major” security breaches to federal authorities before alerting consumers--or face hefty fines and even imprisonment. The 11-page House of Representatives bill aims to deter identity thieves and dismantle cybercrime operations, such as phishing scams, that swipe personal information. It was introduced this week by House Judiciary Committee Chairman James Sensenbrenner and backed by three Republicans and one Democrat. The Republican-backed bill would require “whoever owns or possesses data in electronic form” that contains personally identifiable information--such as a person’s name, Social Security number or date of birth--to inform the U.S. Secret Service or the FBI within two weeks of discovering a “major breach.” [Source]

US – Congress May Slap Restrictions on SSN Use

Democratic and Republican politicians this week both promised to enact new federal laws by the end of the year that would restrict some commercial uses of Social Security numbers, which are often implicated in identity fraud cases. In both the House and the Senate, there are at least three pieces of pending legislation that propose different approaches to restricting the use and sale of SSNs. The Markey bill would require the FTC to make new rules limiting the sale and purchase of those identifiers, with exceptions for law enforcement, public health, certain emergency situations and selected research projects. The Shaw bill would restrict the display of SSNs on credit reports and on various government-issued documents and identification tags. It would also make it illegal in certain cases for anyone to refuse to do business with people who decline to supply their SSNs. [Source]

US – Calfornia Bowen IDd Theft Prevention Bill Clears Senate Floor

Helping people protect themselves from identity theft by giving them the ability to lock and unlock their credit reports in 15 minutes is the goal of SB 1744 by California State Senator Debra Bowen, which passed the full Senate today on a 24-11 vote.” The security freeze is the only tool that’s proven effective in stopping identity thieves in their tracks,” said Bowen.” [Source]

US – New Federal Cybercrime Bill Inadequate, Consumer Advocates Say

Critics claim proposed legislation falls short of protecting consumers: New proposed federal legislation intended to help law enforcement agencies fight cybercrime falls short because it does not give consumers tools to guard against identity theft, a lawmaker and a consumer advocate said today. The Cyber-Security Enhancement and Consumer Data Protection Act, introduced earlier this week, would be inadequate as a stand-alone cybersecurity bill because it does not require companies with data breaches to notify affected consumers, and it does not allow consumers to freeze their credit when they’ve been victims of ID theft, said a policy analyst for Consumers Union. [Source]

US – Colorado ID Theft Bill Clears Legislature

A bill to create a task force within the Colorado Bureau of Investigation to investigate and prosecute identity theft and financial fraud has now passed both houses of Colorado’s Legislature, the Colorado Bankers Association (CBA) said Friday. The Colorado House of Representatives on Friday concurred with Senate amendments to the bill, which previously had passed the Senate by a vote of 33-2, and the House by a vote of 58-6. It now heads to Gov. Bill Owens for consideration. [Source]

US – Birth-Record Access Bill Will Be Revived

Bruised by the legislative process but more savvy as a result, Maine members of the American Adoption Congress will reintroduce legislation next session to allow adoptees access to their birth records. Their bill, LD 1805, was killed in committee at their request “because it didn’t even resemble what we’d initially asked for,” said Falmouth resident Cathy Robishaw of the Adoption Congress. The bill as initially submitted would have allowed adoptees access to their original birth certificates. However, opposition to the bill came early from legislators who said it would impede adoptions and invade the privacy of birth mothers who don’t want to be contacted. An amendment was introduced that would have required adoptees to petition a probate judge for the certificate and pay a fee. But Robishaw said the amendment, introduced by Judiciary Committee Chairwoman Deborah Simpson, “doesn’t address the basic human right of getting your birth certificate.” As the amended version was gaining more and more support in committee and Robishaw and her organization feared it might be the one to be passed on the House and Senate floor, they withdrew the bill. [Source]

US – Bill Would Require ID Theft Warnings on Wi-Fi Network Devices

Legislation that would require makers of laptop computer network devices to provide consumer warnings about how to protect personal information has cleared an Assembly committee. Assemby Bill 2415 aims to help prevent at least one form of identity theft known as “piggybacking.” That is when unauthorized users tap into a user’s wireless connection. Assembly Speaker Fabian Nunez’ measure would require a warning to the consumer on how to protect their personal information while using a Wi-Fi device. The required warning would apply to wireless network routers, switches and bridges sold commercially after January 1, 2008. [Source]

––––