Most Canadians don’t understand what biometrics are, but think the government should use them to prevent prospective immigrants from using bogus identity documents to enter the country, according to a Ipsos Reid survey conducted for Citizenship & Immigration Canada. Fraudulent identity documents are a “very serious problem” and biometrics should be used to prevent people from abusing government programs, including the immigration and refugee systems, said more than half the respondents. “Four out of five Canadians believe that by the end of this decade, it is likely almost every adult Canadian will have at least one biometric ID on file to verify their identity,” the survey notes. “67% support conducting background checks to verify the identity of non-Canadians applying for an immigration visa to enter Canada.” [Source]

CA – OPC Releases Report on Plans and Priorities for 2006-2007

The Office of the Privacy Commissioner of Canada has set out its strategic directions, priorities, expected results and spending estimates for the coming fiscal year. Program Priorities for 2006-2007 are: New technologies; Interconnected information systems; Trans-border data flows; National security and law enforcement; and Legislative Review: 2006-2007 Strategic Priorities are:

1. Improve and expand service delivery (Ongoing)

2. Respond to Parliament (Ongoing)

3. Participate in PIPEDA review and Privacy Act reform (Ongoing)

4. Plan and prepare for 2007 International Data Protection & Privacy Commissioners Conference (New)

5. Build organizational capacity; hire and integrate new staff, engage and train existing staff (New)

6. Develop results-based systems and baselines (New) [Source]

CA – Bill to Curb ID Theft Under Consideration

The Liberals said they will study an ID theft bill proposed by Tory MPP Joe Tascona as Canadians are increasingly victimized by identity theft and mortgage fraud - estimated to be worth $1.5 billion. In the meantime, insurance companies and banks are offering services to help consumers take steps to protect themselves. [Source]

NZ – State Services Commission Calls for Tenders In Largest State Sector IT Programme

Providing further proof the days of Username and Password security authentication are over, the State Services Commission today sought proposals for the supply of a token-based, moderate strength logon service to the Government Logon Service (GLS). The GLS is after a one-time-password (OTP) system that combines with a GLS password to provide a logon of medium range security. The key fob or similar device will carry the commission’s brand, and be a self-contained, standalone OTP generator. The device will be sealed, have a lifetime battery and require no user maintenance. The GLS is an all-of-government service that provides ongoing re-confirmation of online identity and follows standards developed by the All-of-government Authentication Programme. This is one of the largest IT programmes within the New Zealand State sector and is led by the Information and Communication Technologies Branch of the State Services Commission. [Source]

CA – Study: Canadian Doctors Slow to Embrace IT

A recent Infoway study of the IT use by general practitioners in 11 industrialized countries, found Canadian doctors lagged well behind their international counterparts. In Britain, Australia and most of Europe, more than 95% of GPs have office computers that are used for clinical purposes, which usually means managing drug prescriptions and dealing with lab results, though some (and some here, too) are now starting to receive digitalized CT-scans and X-rays online. In Canada, by contrast, the number of GPs who use electronic medical records or IT for clinical care is only about 2%, says the University of Victoria study released by Infoway and the CMA in July. In fact, if you read the small print, the study says that only 20.9% of family physicians have an electronic record system and only 16.9% of them actually use it. [Source] [CMA research reports]

EU – U.S., E.U. Fail to Reach Agreement on Sharing Passenger Data

The U.S. and the E.U. failed to meet a Saturday deadline to conclude a permanent new agreement on the sharing of airline passenger data, an issue that has raised serious privacy concerns in Europe. However, both sides said talks will continue and flights will not be affected. [Source] [Source] [Source]

US – Court Orders Online Payment Processor Offline

A federal judge has ordered online payment processor Qchex to cease its current method of online payment processing, which U.S. regulators say facilitated fraud. Qchex let people create and send checks drawn on any bank account without verifying their authority to do so, the FTC said in a statement this week. The San Diego-based company’s business focused on generating electronic checks online that could be e-mailed and then printed out by the recipient. [Source] [FTC Release] [Civil Action Document]

CA – Service Canada Tells Ontario Staff to Fudge Service Performance Statistics

The union representing employment insurance processing staff is blowing the whistle on a move by Service Canada to fudge its performance figures by ordering Ontario staff to temporarily cease all work on client files older than 28 days. (Service Canada is a massive 22,000-person department launched in 2005 by the previous government in order to provide superior services and deliver savings of $2.5-billion over five years.) Ian Shaw, Ontario VP of the Canada Employment and Immigration Union (CEIU), says this latest deception “is fully and sadly consistent with a model based on the worst type of Ottawa doublespeak - promising the public more while actually providing less. “The current desperate effort to mask declining service is the latest evidence of a bad idea getting worse by the day. In abandoning claims more than 28 days old, Service Canada is actually cutting service to those who have waited the longest. This isn’t being done for the public good, but to make the current month’s ‘production’ stats look better than they truly are”. At issue is Service Canada’s so-called ‘speed of pay target’ - a measurement Shaw says is more appropriate to an industrial assembly-line than to one-to-one personalized service delivery. [Source]

CA – Study: Canadian Public Info Suddenly a Military Secret

The Defence Department has invoked a new wave of secrecy in the last 18 months using national security provisions in federal Access to Information legislation to censor details of financial bungling and what some critics are calling questionable uses of military resources. The department also tried to hide records detailing how it is keeping tabs on a security analyst who is an outspoken critic of Canada’s role in Afghanistan. In an examination of 23 access requests over the last 18 months CanWest News Service found 87 pieces of information, now censored, which had been previously released to the public or are still on government and Defence Department websites. [Source]

US – GAO Report: Health Records For Millions At Risk Of Improper Disclosure

The Government Accountability Office said yesterday that security weaknesses have left millions of elderly, disabled, and poor Americans vulnerable to unauthorized disclosure of their medical and personal records. The GAO said it discovered 47 weaknesses in the computer system used by the Centers for Medicare and Medicaid Services to send and receive bills and to communicate with health care providers.

[Source] [GAO Report: Information Security: The Centers for Medicare & Medicaid Services Needs to Improve Controls over Key Communication Network. GAO-06-750, August 30] [Highlights]

US – Supreme Court Rejects Medical Privacy Case

The Supreme Court this week rejected a lawsuit by privacy advocates who say the Bush administration’s rules for disclosing medical records are too lax. Ten groups representing 750,000 consumers, medical practitioners and their patients challenged a federal rule that encourages development of an information system for electronic transfer of health data. An initial proposal would have required health-care providers to obtain patients’ consent before disclosing health information. That approach prompted complaints from professionals in the health care sector, who said it would significantly impair the industry’s ability to provide timely and efficient medical services. The final rule put in place in 2003 leaves it up to health-care providers whether to seek patients’ consent to use or disclose information for routine uses. The rule requires that disclosure must be limited to the “minimum necessary” information to accomplish the intended purpose. It also allows states to have more stringent standards if they wish. In a decision the privacy advocates had sought to reverse, the 3rd U.S. Circuit Court of Appeals said that any privacy violations could not properly be blamed on the government. The federal rule did not “compel” or “command” any privacy violations, said the appeals court. The rule does not displace existing privacy protections, the government argued. [Source]

CA – Cabinet Filled With Census Files Sold At Auction

Personal files of some of this year’s census workers turned up in a filing cabinet at an Edmonton auction, Global TV reported Wednesday night. The files on about 75 workers from across the Prairies included their names, social insurance numbers and earnings, according to the report. Statistics Canada acknowledged it goofed. Global said the statistics agency intends to apologize to every person listed in the files. The federal office of the privacy commissioner is investigating the breach. Census worker Melissa Mouat, from Calgary, was among people angered that employment records made it to auction of used federal government furniture last weekend. “I think it’s kind of a pathetic irony that I spent my entire summer reassuring (census respondents) that, no, you can give me this information , it will be safe with me -- and then they go off and sell mine,” the census worker said. [Source]

US – 146,000 Kentucky State Workers Warned of ID Theft

Letters sent to 146,000 government employees in Kentucky inadvertently displayed each of their Social Security numbers on the front, prompting A-G Greg Stumbo to issue a warning about possible identity theft. The Kentucky Personnel Cabinet sent the letters to employees in state agencies, community and technical colleges, school districts, health departments and other offices covered by the state’s insurance program. The letters provided routine information about enrollment in the coverage plan for next year. The SSNs were included as the first nine digits in 14-digit codes that were clearly visible in the address window of each of the envelopes. [Source]

CA – RCMP Buying Canadians’ Personal Info

Since September 2001, the Mounties have been buying and storing personal information on Canadians from private data brokers, which have been used by U.S. authorities to combat terrorism even though the information they sell has been criticized for its inaccuracy. Data brokers collect personal information from all kinds of sources, ranging from warranty forms, gold credit card use, travel agencies and donations to charitable and religious groups. Traditionally, the information is sold to third parties, usually marketers looking to target a consumer niche. Privacy experts say the RCMP’s purchase and storage of such information raises questions about the reach of law-enforcement agencies into the lives of Canadians, particularly in the wake of the Arar inquiry. [Source] [Source]

IN – Investigation Indicates Indian Call Center Data is Being Stolen and Sold

According to a program scheduled to air on British television on Sunday, October 1, sensitive personal data belonging to UK citizens are being stolen from call centers in India and sold to the highest bidder. The data include credit card information, passport and driver’s license numbers and bank account details. Those selling the data also have access to taped conversations with US consumers in which they divulge sensitive information, such as credit card security numbers. [Source] [Source]

SP – Survey: ID Theft Main Concern for Singaporeans

Security consulting firm Unisys has conducted a survey of 900 Singaporeans which found that 81% were extremely concerned about unauthorized access to personal information. The survey also found that 80% of the respondents said they were very concerned about others obtaining personal credit card information and nearly half said they were wary about the security of online shopping and banking. [Source]

JP – Yahoo Japan to Sue for Damages From Phishing

Yahoo Japan is planning to file a lawsuit seeking about 30 million yen in compensation from 14 indicted members of a ring that lured people to a fake Yahoo auction site to steal personal information, company sources said Saturday. The suit, to be filed in October at the earliest, will be the first damages suit in Japan by an Internet auction site operator over organized fraud known as “phishing.” [Source]

EU – Swedish Appellate Court Overturns P2P Conviction

A 29-year-old man suspected of sharing files from his computer has been acquitted by the Swedish Court of Appeal. Last year the man was the first person in Sweden to be convicted of file-sharing, having been charged with making the Swedish film Hip Hip Hora available for download from the internet. The Court of Appeal decided that it does not have sufficient proof that the film was uploaded from the man’s computer. [Source]

US – Cingular Sues Private Eye for Pretexting

Cingular Wireless, the nation’s largest cell phone provider, on Friday sued a private eye caught up in the scandal over the HP leak investigation, seeking to make him pay for allegedly obtaining customer-call records under false pretenses. The company said in federal court papers it wants Charles Kelly, his firm CAS Agency and any of its agents to return all Cingular customer information they may have, give up any profits they made for getting the data and pay unspecified damages for their conduct. [Source]

US – California Governor Terminates RFID ID Bill

On Saturday, California Governor Arnold Schwarzenegger vetoed SB 768, the Identity Information Protection Act of 2006, which would have been the first state bill to address how RFID technology may be used in identification documents issued by state and local governments and agencies. In vetoing the bill, Schwarzenegger said it could “inhibit various state agencies from procuring technology that could enhance and streamline operations, reduce expenses and improve customer service to the public, and may unnecessarily restrict state agencies.” Senator Simitian plans to reintroduce the bill next year. [Source]

US – Survey Says Consumer Data Breaches Will Get Worse

A new survey finds that the current epidemic of data breaches and identity theft resulting from stolen corporate laptops and other mobile devices will continue until more companies take aggressive action to protect the privacy of personal information they routinely collect on their customers – and ultimate victims. Credant Technologies’ annual survey uncovers that – 88% of 426 respondents, representing IT organizations world-wide, say they know that large amounts of personally identifying and other sensitive information reside on employee’s mobile devices, and 72% cite that encryption is required to protect personal identifiable information, yet less than 20% have implemented encryption. [Source] [Press Release]

WW – McAfee Knocks Microsoft Over Vista Roadblocks

McAfee charged in a full-page ad in Monday’s Financial Times that Microsoft is working to hamstring software companies trying to overcome “inherent weaknesses” in Windows security. McAfee, Symantec and other security software companies argue that Microsoft’s new Vista operating system will make it more difficult to protect customers because for the first time, they have been denied access to the core of the operating system. [Source]

CA – Study: Canadian Enterprises an Open Target for IT Disaster

Nearly half of Canadian companies have suffered from a disaster such as a power outage or IT failure, according to statistics released this week – but almost three quarters of the country’s businesses are unprotected by a business continuity plan. The survey, conducted by Leger Marketing, also reveals that only half of the companies with a disaster recovery plan consider it to be “full-blown,” with nearly one in three firms admitting to an “unofficial” program. 12% of firms rely on a phone tree as their primary means of continuing business in the event of a disaster. [Source]

AU – Facial Recognition Cams at Australian Sydney Train Stations

Hundreds of cameras with facial recognition capabilities will be installed at Sydney train stations as part of a $1.1 million counter-terrorism plan. Live feeds of station activity will also be screened to the public on plasma screens as part of the plan to deter terrorist and criminal activity. Unlike the existing CCTV footage, the cameras are capable of taking images which can be matched with facial recognition software to identify suspects. Under the State Government plan, more than 275 high-resolution cameras will be installed at strategically located entry points such as access gates at Sydney’s busiest stations. Transport Minister John Watkins said the cameras would complement 6000 CCTVs in place across the network. [Source] [Source]

EU – Greek DPA Fines Police for Street Surveillance Cameras

The Greek police have been fined by the country’s Data Protection Authority for the use of street surveillance cameras for crime fighting. Greece’s powerful privacy watchdog, which has the final word on how cameras can be used, imposed a fine of €3,000 last week, ruling that police were using street cameras -installed across the city for traffic management- for detecting crime. The police had sought to extend their surveillance powers following the July 7 terrorist attacks in London in 2005. But the privacy authority had rejected the request. The authority had ruled in August 2005 that the surveillance cameras - installed in Athens as part of a massive Olympic security operation in 2004 - can only be used to monitor traffic. Street cameras in Athens have repeatedly been the target of arson attacks by anarchist groups. [Source]

CA – Mixed Views on Public Surveillance Cameras in Alberta

Alberta’s Solicitor General says he supports the idea of video camera monitoring for public protection in higher crime areas in Calgary and Edmonton. Harvey Cenaiko says its not a matter of infringing on personal rights, but a matter of protecting citizens. He says monitoring LRT stations would act as a deterrent to criminals and provide police with a tool in crime investigation. Cenaiko says he’s more concerned with protecting people from assaults and rapes than he is about answering questions about right to privacy in public places. But the President of the Alberta Civil Liberties Association says there’s no proof that cameras actually reduce or prevent crime. [Source]

US – DC Police: Cameras Not Helping Fight Crime Much, Residents Split

Many D.C. police said they had hoped that installing dozens of new surveillance cameras across the city would assist them in cracking down on crime, but the system does not appear to be working as planned. It was a very violent weekend across the D.C. area, with 11 people shot, four of them fatally. One of the shootings in the District was caught on one of the new cameras, but police said so far, the cameras have not been much help in any other case. [Source]

CA – Feds’ Cameras Target Canadian Airports

Canadian airports have been outfitted with a state-of-the-art camera system allowing officials at an operations centre in Ottawa to zoom in on luggage or passengers as they are being screened across the country. The high-tech equipment, considered the most sophisticated in the world, has provided another level of security in the new age of almost regular terrorist threats. A network of more than 500 cameras at 25 airports has been installed at a cost of $1.8 million in the first phase of the project by the Canadian Air Transport Security Authority. Toronto’s Pearson Airport has just gotten its cameras and Vancouver International’s have been up and running for months. [Source]

UK – Black Box to Cut Car Insurance

UK Drivers will be charged for insurance in accordance with the distance and time of day they travel under a radical overhaul of motoring policies. Cars will be fitted with black boxes to log details of all journeys, resulting in lower bills for those who drive less frequently and during daylight hours. Those who often drive at night, when serious accidents are more likely, will face higher premiums under the scheme. Norwich Union, one of Britain’s biggest motor insurers, plans to offer the “pay as you drive” policy to all its customers after a trial of the technology proved a resounding success. The system, which relies on satellite tracking technology to monitor a driver’s movements, could eventually be used to implement a national road pricing network. Civil liberties campaigners are concerned that the black boxes may be used to collect potentially incriminating data against drivers, such as breaches of the speed limit. [Source]

US – California Gov. Signs Telephone Privacy (Pretexting) Bill

California Gov. Arnold Schwarzenegger signed a law last week making it a crime to buy telephone records or obtain them through deceit, an issue that has become important amid a furor over HP’s attempts to track down boardroom leaks to the press. The new law punishes violators with a fine of up to $2,500 and a year in prison, with the maximum fine rising to $10,000 for repeat offenders. It applies to anyone who sells, buys, or conspires to buy or sell any records of telephone-calling patterns without the written consent of the subscriber, or anyone who obtains such records through fraud or deceit. [Source] [Source] [Source]

US – Legislation Exempts CPAs from Sending Privacy Notices

CPAs are exempted from the Gramm-Leach-Bliley Act’s requirement to send clients an annual privacy notice under legislation the House and Senate passed recently. The American Institute of CPAs said the annual privacy notice was unnecessary because CPAs are already subject to state laws and regulations that prevent them from disclosing nonpublic personal information without their clients’ consent. [Source]

US – House Votes to Expand Electronic Spying Powers

Amid serious misgivings from opponents, the U.S. House of Representatives has approved a bill that would expand the government’s electronic spying powers in terrorism investigations. The Electronic Surveillance Modernization Act passed late last week by a 232 to 191 vote, with 177 Democrats voting against it and 18 siding with the Republican majority on the vote. Under the House’s bill, the president would have the authority to authorize electronic surveillance without a court order for up to one year, if it is directed at the communications of foreign powers or their agents. [Source] [Warrantless Wiretapping Bill Becoming Campaign Issue: being used by Republicans to paint Democrats as weak on terror]

US – Federal Lawmakers Break, Leaving Pretexting Bill on Hold

The congressional hearings this week into Hewlett-Packard’s leak investigation shined a light on lawmakers’ attempts to make a practice known as pretexting clearly illegal and punishable by federal law, but their efforts were stymied Friday as Congress got ready to break and campaign for the November elections. That outcome stands in contrast to that in California, where Gov. Arnold Schwarzenegger signed a bill Friday to make the practice illegal. [Source] [Source] [Source] [Source] [Wireless execs would support anti-pretexting law] [House Panelists Rail at HP] [Colorado is hot spot for questionable data mining] [Coalition Wants Phone Records Inquiry Expanded] [Privacy Coalition Letter] [Lawmakers, Executives, Regulators All Want Anti-Pretexting law]

US – New North Carolina Law: Gov’t Agencies Must Disclose Data Breaches

State and local government agencies must tell consumers when their information has been lost or stolen under a new law that takes effect this week. Also starting this week, businesses can no longer print Social

Security numbers on mailings or on cards needed to receive services, such as health insurance. Both laws are aimed at reducing identity theft. [Source] [Source]

--------