This week Nymity recognized 40 Canadian companies with the most transparent privacy policies by presenting them with the 2006 Top Privacy Policies in Canada award. The Award goes to the top 5 companies in 8 sectors (Banking, Telcos, Retail, Financial Services, Insurance, Media, Consumer Services, Buisness Services) “that best provide clear, complete and readily available notice of their privacy policies and practices.” Privacy commissioners from B.C., Alberta, and Ontario expressed congratulations to the award recipients. [Source] [letter of support]

US – Survey: Consumers Taking Steps to Stymie ID Theft

According to a Wall Street Journal/Harris Interactive poll, 73% of 2,100 U.S. adults surveyed said that they now monitor their bank and/or credit card accounts for suspicious activity, while 72% claim they shred mail that contains account numbers. Other steps consumers have taken include limiting access to their Social Security numbers (69%), checking credit reports regularly (4%), limiting online buying (30%), and cutting back on online banking (24%). That last move – to stop using or limit online banking – has been the subject of several consumer surveys, most recently one released by research firm eMarketer that claimed security worries were slowing online banking adoption. [Source] [Source]

US – Survey: Americans Want Stronger Federal Data Security Laws

The U.S. public wants stronger federal data security legislation as its confidence wanes in current laws intended to protect them on the Internet, according to a new survey the Cybersecurity Industry Alliance released this week. The April survey of 1,150 adults found that only 18% - less than one in five - believe that existing laws are sufficient to protect them on the Internet. 66% of the survey’s respondents thought Congress should make protecting information systems and networks a higher priority, and 71% thought Congress should pass a strong data security law, such as one resembling California’s. Of that group, 46% said they would have “serious” or “very serious” doubts about political candidates who do not support quick action to improve existing laws. [Source] [Source]

WW – PGP Creator Offers VoIP Crypto to Windows Users

Philip Zimmermann, developer of the PGP encryption algorithm, has released a new public beta of a software package designed to encrypt VoIP calls. Zfone generates a per-session key for IP Telephony calls using a protocol called ZRTP, that Zimmermann says is superior to other approaches. “[ZRTP] achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world,” Zimmermann explained. “It also does not rely on SIP (Session Initiation Protocol) signaling for the key management, and in fact does not rely on any servers at all. It performs its key agreements and key management in a purely peer-to-peer manner over the RTP (Real-time Transport Protocol) packet stream. It interoperates with any standard SIP phone.” Zimmermann has submitted the ZRTP to the IETF as a proposed public standard. As with PGP, he has published the source code of Zfone for peer review. [Source]

US – Judge Approves Class-Action Suit Against Verisign Over SSL Certificates

A California Superior Court judge has given the green light to a class action suit against VeriSign regarding the registrar’s SSL security certificates. More than 400,000 plaintiff are seeking $500 each in restitution, bringing the company’s potential liability to $200 million. [Source]

UK – Scotland’s CPS Plan for Newborn Database

Every newborn child in Edinburgh and area faces being stored on a “Big Brother-style” national database under a major shake-up of Scotland’s child protection system. The computerized files would be kept “live” until the child reaches the age of 16 and will include personal details of their health, family life and education. The child’s file will be closed when they reach 16, but it will then be kept on record for up to 75 years. Teachers, police, GPs and social workers will be able to access the files to check for signs of abuse. If the child is regularly late for school or their behaviour changes dramatically, the details could be put into the system where it is hoped it will build up a picture of the child’s overall welfare. [Source]

US – Online Socializing: Latest Data

The Top 10 social-networking sites now reach a whopping 45% of active Web users, according to Nielsen/NetRatings’ latest figures. Together, the ten sites have grown 47% in the past year (from 46.8 million unique visitors in April 2005 to 68.8 million last month). Nielsen’s Top 10 are: MySpace, Blogger, Classmates Online, YouTube, MSN Groups, AOL Hometown, Yahoo! Groups, MSN Spaces, SixApart, TypePad, and Xanga. [Source] [Report]

US – Internet Use Involves Both Pros and Cons for Children and Adolescents,

Between 75 and 90 % of teenagers in the U.S. use the Internet to email, instant message (IM), visit chat rooms and explore other sites on the World Wide Web. According to the latest research published by the American Psychological Association (APA), spending a lot of time on the Web can have both negative and positive effects on young people, i.e., the sharing of self-injury practices by some and the improvement of academic performance and health awareness by others. [Source]

UK – Government Sets Target for ISP Blocking

The UK Government is setting a target that by the end of 2007, all ISPs offering broadband internet connectivity to the UK general public put in place technical measures that prevent their customers accessing websites containing illegal images of child abuse identified by the IWF. [Source]

AU - No Certainty for ISPs on Filters

The Australian government has given the internet industry mixed signals over the performance of current laws designed to shield consumers from porn and offensive content online. ICT Minister Helen Coonan said that findings of an audit carried out by the communications regulator demonstrated the effectiveness of codes of practice under its co-regulatory content regulation scheme. However, a spokeswoman for the Minister said that the federal Government had not ruled out ISP-level content filtering. [Source]

CA – In War on Financial Privacy, FINTRAC Eying Online Banking

Suspected criminals may be turning more frequently to Internet money transfers and online casinos to launder dirty money, a top official with Canada’s financial intelligence agency suggested last week. In an interview with CanWest News Service, Sandra Wing, senior deputy director at the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), said rapidly evolving online banking will require more attention from her agency in the coming years. [Source]

US – Financial Institutions File More Suspicious Activity Reports

Banks and financial institutions are reporting more incidents of suspicious transactions to the U.S. Treasury Department. During the first six months of 2005 - the most recent period available - the institutions filed 435,167 reports, compared with 689,414 for all of 2004. The increase in the filings is the result of the USA PATRIOT Act, which broadened the definition of a financial institution. Institutions are prohibited by law from informing customers when they are the subject of a Suspicious Activity Report. [Source]

CA – Manitoba Urged To Improve Information Access By Ombudsman

The province's ombudsman has joined the chorus of groups calling for the provincial government to do a better job providing information to Manitobans. Irene Hamilton says she agrees with calls from the Canadian Association of Journalists (CAJ) and the Canadian Taxpayers Federation for the government to follow through with pledges made two years ago to reform access-to-information laws. Hamilton says the problem is compounded by the fact that many Manitobans are unaware of how much information is available. [Source]

CA – BC Pharmacists Pushing More Rx Info Sharing

British Columbia pharmacists welcomed the expansion of PharmaNet access into doctor’s offices and called for the B.C. government to continue exploring opportunities for greater information sharing amongst health-care professionals. [Source]

US – Electronic Data on 26.5 Million Veterans Stolen

Personal electronic data on up to 26.5 million military veterans, including their Social Security numbers and birth dates, was stolen from the home of a Department of Veterans Affairs employee who had taken the information without authorization, the agency said. Whether the incident is called a security breach or identity theft, it appeared to be one of the biggest of the computer age, according to records kept by the Privacy Rights Clearinghouse. [Source] [Source] [Source] [Source] [Update] [Update] [Congress to hold hearings on theft of veterans’ data] [VA was cautioned about data security - Inspector waved red flags years before theft] [VA Has Consistently Scored Poorly on Information Security]

US – Information on Ohio University Servers Vulnerable For More Than A Year

The FBI discovered that hackers remotely had taken control of one of Ohio University’s servers – an intrusion that may have persisted for more than a year. The discovery has led the university’s chief information officer to reorganize the computer services department. Hackers accessed student health records and Social Security numbers of 60,000 other people. Another compromised server led to the exposure of Social Security numbers belonging to 137,000 people. [Source]

UK – Wanadoo in Customer Data Security Breach

A security breach at one of the largest ISPs in the UK led to thousands of customers’ private details being made public. Wanadoo, which has 2 million Internet subscribers in Britain, admitted that a technical mistake led to swaths of customer account information, including their real names and passwords, being published online. [Source]

AU – Fels to Oversee Australian Smartcard Privacy

Allan Fels has been appointed to oversee privacy concerns associated with the implementation of an Australian national health and welfare smartcard. The announcement was made by Human Services Minister Joe Hockey this week. Professor Fels said he would offer frank and fearless advice to the government and would not hesitate to speak publicly if his concerns were ignored by the government. “I welcome the establishment of this position,” Prof Fels told reporters. It is the first major appointment announced by Mr Hockey as he continues to deflect criticism the smartcard will attack individual privacy. “This is a significant appointment,” Mr Hockey said. Prof Fels will start work immediately, his first task to form an access card consumer and privacy taskforce. “My essential safeguard is the right to public comment,” Prof Fels said. [Source] [Source]

PH – Group Asks High Court to Overturn Ruling on ID System

A militant Philippine labor group has asked the Supreme Court (SC) to reverse its earlier decision declaring Executive Order (EO) 420 or the “unified multi-purpose identification system” as constitutional, insisting it would lead to various abuses, including violation of citizens’ right to privacy. [Source]

US – Veterans Administration Security Breach May Be Largest-Ever Theft of SSNs

Gartner’s security analyst estimates that security breaches have placed one out of seven Social Security numbers in criminals’ hands. Gartner’s Avivah Litan said the mounting security breaches have compromised the confidentiality of Social Security numbers. His company warns businesses not to use SSNs to identify individuals. [Source]

US – Judge Approves Sony Rootkit Settlement

A federal judge on Monday gave final approval to a settlement in a class action suit against Sony BMG Music Entertainment over anticopying software the company had embedded in some music CDs. The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments. [Source]

WW – Microsoft: Open Source Software is ‘Not Reliable or Dependable’

A senior Microsoft executive told a BBC documentary that people should use commercial software if they’re looking for stability. ‘I don’t think (open source) is anti-Microsoft in the sense that it’s giving people choices in the technologies that they use,’ Jonathan Murray, the vice president and chief technology officer of Microsoft Europe, told BBC World in the first part of the documentary ‘The Code Breakers,’ which aired this week. [Source]

US – San Francisco to Push Google on Privacy

San Francisco will push Google and EarthLink for greater privacy protections than the companies outlined in their proposal for a citywide wireless Internet service, officials said last week. In negotiations with the companies, expected to begin soon, the city will seek an “opt-in” system for users to share personal information, notification of users when there are legal requests for their information and a commitment from the operators on how long they will keep user data they collect, said a senior policy analyst for the city. [Source]

EU – German Police File Criminal Charges vs. 2,000 File Sharers

German police have filed criminal charges against more than 2,000 people accused of using the eDonkey file-sharing network to share copyrighted music illegally, the recording industry’s trade group said on Tuesday. The legal action, which will also include claims for compensation under civil law, is “the biggest single action against illegal file-sharing,” according to the London-based International Federation of the Phonographic Industry. [Source]

CA – Privacy Rules Block Information Exchange: Police Chief

Police Chief Mike Boyd says privacy legislation prevents police from passing information about criminals to private security companies. Boyd said today that although private security companies want information on criminal records, police can't legally provide it. He told a meeting of about 100 officials from private security firms to work with federal and provincial governments to change freedom-of-information and privacy laws. [Source]

WW – Survey: Spyware Infections Up 50% Over Last Year

According to the annual Websense Web@Work survey, the number of organizations reporting their systems have been infected with spyware is up nearly 50%. 17% of companies with more than 100 employees reported their networks have been infiltrated by spyware, such as keystroke loggers. One likely reason for the increase in spyware infestations is the increasing availability of spyware toolkits on the Internet. The study also says that 44% of IT decision makers do not believe their employees can distinguish phishing sites from legitimate ones. [Source]

SP – New Data Protection Law on the Horizon

A Singapore government committee is drafting a data protection law that experts say will improve consumers’ control over how companies collect and use personal information. The committee is scheduled to submit its report next month, but the law will not be ready for another two years, according to experts. The bill is expected to contain a provision that would require data collectors to obtain a person’s consent before the information could be used for direct marketing. [Source]

US – Requests for Corporate Data Multiply From Police

The WSJ reports that Internet and financial companies are increasingly being targeted by intelligence and law enforcement agencies, forcing them into situations where they must choose between customers’ rights to privacy and the desire to help the US government. Banks, ISPs, and other companies that possess large amounts of data on their customers say that police and intelligence agencies have been increasingly coming to them looking for tidbits of information that could help them stop everything from money launderers to pedophiles and terrorists. Some companies have had to create special units that do nothing but deal with these demands, a process often called “subpoena management.” [Source] [U.S. Focused on Obtaining Long-Distance Phone Data] [The Snooping Goes Beyond Phone Calls]

US – Keep Your Data Options Open, Warns Gartner

International companies keeping data abroad might want to reconsider their options after a number of US telcos were accused of leaking data to a US government agency earlier this month, analyst house Gartner has warned. Now, says Gartner, companies should judge whether keeping their data offshore might be a risk to privacy. The analyst house said in a research note: “Businesses with both domestic and international employees and customers - particularly those with significant operations in Canada and the EU - should expect heightened sensitivity about the way they use telecommunications, internet and other communications service providers in the United States, and be prepared to answer questions about their use of U.S. providers.” [Source] [Source]

US – FCC Will Not Probe Consumer Privacy Issues With NSA Actions

The FCC won’t look into whether telephone companies violated consumer-privacy laws by allegedly sharing millions of phone records with the National Security Agency. Kevin Martin, the FCC’s Republican chairman, yesterday cited the “classified nature” of the NSA’s activities in explaining that his agency would be “unable to investigate the alleged violations ... at this time.” [Source] [Source] [NSA secrecy makes investigation impossible, FCC says]

US – DHS Report Warns RFID is Not Best for Tracking People

Radio frequency identification technology in secure travel documents could harm national security and personal privacy, according to a draft report the Homeland Security Department released last week. DHS and other federal agencies use RFID to efficiently track and identify equipment and other goods, wrote the report’s authors, who are members of DHS’ Data Privacy and Integrity Advisory Committee’s Emerging Applications and Technology Subcommittee. But they warned that using RFID technology to track people is not a good idea. Without formidable safeguards, RFID technology in identification cards and tokens could allow others to track individuals’ movements, profile their activities, and manipulate identification and other information, the report states. RFID will make people more prone to surveillance and less aware that others are tracking them. Users also won’t know what information they are sharing, the report states. The full privacy committee is scheduled to review the draft at its quarterly public meeting in San Francisco June 7. [Source] [The Use of RFID for Human Identification] [Coverage] [Coverage]

EU – Privacy-Friendly RFID?

In workshop remarks to the EU Commission examining RFID technologies, Humberto Moran, chief executive of UK not-for-profit organization Open Source Innovation argued last week that the e-privacy directive is inadequate to ensure deployment of privacy-friendly RFID technologies and uses. For this to occur, the EU “requires the creation of privacy-friendly spaces requires open source software, certification programmes, and consumer awareness. Ideally, these should be complemented by privacy-friendly tags to prevent on-street (external) privacy issues, and should be enforced by regulation or market forces - e.g. by creating privacy-friendly trademarks similar to organic or “fair trade” products. The latter seems better because it provides citizens with the right to choose.” [Source]

US – E-Passport RFID Tag Comes With Switch

Israeli RFID systems provider SmartCode says it has developed an RFID tag with a switch that users would need to activate before the tag could transmit data. The company aims to provide a low-cost way to prevent RFID-enabled passports and ID cards from being skimmed while in a holder’s bag or pocket. The design accomplishes this by placing a button switch on the tag itself. Pressing the button completes the circuit between the chip and the antenna, allowing the passive tag to transmit its data while within the read field of an interrogator (reader). If that circuit is not completed, the tag remains inactive. [Source]

US – Citibank Experiments with RFID Technology

Unisys Global Visual Commerce is conducting tests in Europe on RFID technology for use in a multinational bank with U.S. branches. Banks in the U.S. have been reluctant to adopt the RFID technology. However, Citibank has touted its use of RFID in ATMs and credit cards used in New York City. This summer, the RFID readers will be expanded to the city’s Metro trains. [Source]

WW – Anti-Virus Companies Issue Warning for Microsoft Word

Antivirus companies and the SANS Internet Storm Center issued a warning about sophisticated e-mail attacks that are using a previously unknown hole in Microsoft Word to infiltrate corporate networks. Symantec raised its Internet threat rating, citing confirmation of attacks using an unknown hole in Microsoft Word were being used to compromise computers on the Internet. [Source]

US – Smart Card Alliance Response to DHS RFID Report

The Smart Card Alliance has submitted comments in response to the request for comments by the DHS Emerging Applications and Technology Subcommittee of the DHS Data Privacy and Integrity Advisory Committee on the draft report, ““The Use of RFID for Human Identification“ The Alliance disagrees with the report’s conclusion to “disfavor” all RFID technologies for applications involving human identification. They “believe that the report defines RFID too broadly and, therefore, this recommendation will unduly restrict appropriate and secure applications of smart cards with RF technology that can meet the strictest privacy and security requirements.” [Source]

US – AT&T Provided NSA With Power to Review All Internet Messages

Documents unveiled in a lawsuit that privacy advocates filed against AT&T Inc. contain allegations from a former AT&T technician that the company allowed the NSA to install equipment capable of examining “every individual message” on the Internet. In the documents, Mark Klein, the former AT&T employee, offers technical explanations for how the NSA may have tapped into AT&T’s network by installing hardware in secret rooms at the company’s San Francisco office and elsewhere. [Source]

US – Suit Seeks to Stop AT&T from Giving Phone Records to NSA

A lawsuit filed Monday on behalf of author Studs Terkel and other professionals seeks to stop AT&T from giving customer phone records to the National Security Agency without a court order. The plaintiffs, who also include a doctor and a state lawmaker, said they rely on confidentiality in their work and are worried their clients will be less likely to phone them if they think the government collects lists of the numbers they are calling. [Source] [For telecoms, a storm of lawsuits awaits] [ACLU seeks to rally population against govt’s phone snooping]

US – Qwest Enjoys Its Newfound Reputation as Consumer Protector

Telecommunications company Qwest has enjoyed the boost it received in the aftermath of last week’s revelations that telecoms were providing call records to the NSA. Qwest, according to reports, has refused to turn over the records, which turned “a beleaguered regional phone company with a somewhat lackluster customer-service record into a gleaming political touchstone and a beacon of consumer protection,” writes Tom Zeller Jr. in The New York Times. [Source] [Some customers sever ties with phone providers]

AU – Australia Introduces Do Not Call Register Legislation

“An end to nuisance calls has moved a step closer to reality with the introduction of legislation to create a $33 million national Do Not Call Register, however the initiative will still be an illusion to many.” The Do Not Call Register Bill 2006 and the Do Not Call Register (Consequential Amendments) Bill 2006 will facilitate a national register allowing individuals to opt-out from receiving unsolicited telemarketing calls. [Source]

US – 22 States Sign On to HHS Privacy Program

In an attempt to settle privacy and security concerns associated with health information exchanges, 22 states and territories have signed on to a Department of Health and Human Services program. And HHS expects more to join in the next few weeks. The biggest hurdles to the formation of health information exchanges are the security of patient data and patients’ privacy expectations. HHS awarded a contract to RTI International to work with health care professionals, patients and other stakeholders in states and territories to devise solutions that address those obstacles. The $17.2 million program will examine issues such as variations in privacy and security practices, laws affecting health information exchanges, best practices for solutions, and outreach aimed at increasing community expertise on security and privacy issues. [Source]

US – Federal Privacy Bill Unlikely To Pass

The House Judiciary Commercial and Administrative Law Subcommittee approved a privacy bill that would require federal agencies to assess a proposed rule’s impact on personal privacy and conduct a privacy impact report before adopting a final rule. However, the measure, known as the Federal Agency Protection of Privacy Act, is unlikely to pass this year. [Source]

US – Minnesota Lawmakers Pass Credit Freeze Bill

A bill that would allow Minnesota residents to freeze their credit for a $5 fee is headed to the Senate after the House approved the measure Friday. ID theft victims would not be charged the $5 fee if they have a police report about the incident. The bill also would place stricter controls on credit card solicitations by mail. [Source]

--------