CA – B.C. Considers Biometric ID for Driver’s Licences

B.C. could soon become the first Canadian jurisdiction to imprint driver’s licences with fingerprints or other biometric features. The province is studying the biometric technology, which, according to B.C. Solicitor General, would bolster the argument against controversial American plans to require passports for Canadians visiting the U.S. by 2009. “This is the potential solution in terms of whether people need passports or some other identification evidence as they cross the American border.” Work is well underway on the province’s “next generation” of driver’s licences and the role of biometrics in them. Other jurisdictions in Canada, such as Manitoba and Ontario, have considered adding biometric data to driver’s licences and health cards, but have so far not gone ahead with the technology. [Source]

CA – National Secrets Law Ruled Unconstitutional

An Ontario judge has struck down key portions of Canada’s national secrecy law, tossed out RCMP warrants used to search a reporter’s home, and delivered yet another stinging rebuke to the Mounties over the Maher Arar affair. Justice Lynn Ratushny of Ontario Superior Court, in a ruling last week, quashed three sections of the so-called leakage provisions of the Security of Information Act. The sections of the law that were struck down were drawn from the decades-old Official Secrets Act, and dealt with communicating, receiving and failing to return official information. Ratushny said all three provisions were unconstitutionally vague and overly broad, violating the principle of fundamental justice enshrined in the Charter of Rights. The judge also ruled the sections contravened the constitutional guarantee of a free press. “They have not been well-tailored to suit their purpose,” she wrote. “They arbitrarily and unfairly and with a blunt club of criminal sanction restrict freedom of expression, including freedom of the press.” Ratushny slammed the RCMP for what she called an abuse of the legal process in threatening to lay charges against O’Neill - when the primary aim of the investigation was actually to find out whether someone within the force had leaked information to her about the Arar affair. [Source] [Source] [Source] [Source] [Commentary] [Commentary]

CA – Lawyer Fights for Right to Privacy in Ontario Adoption Law

An Ontario adoption law that allows birth parents and adoptees to access information about each other is “dumb,” “unconstitutional” and violates the Charter of Rights & Freedoms, lawyer Clayton Ruby said last week. Ruby is launching a constitutional challenge to the Adoption Information Disclosure Act, which passed third reading a year ago and is expected to be proclaimed next year. “This is a personal choice and the government has failed to respect the personal nature of that choice,” Ruby said. “We say it’s not only dumb, it’s unconstitutional.” Ruby is filing the challenge on behalf of 4 Ontario residents, 3 adoptees and one who gave up a child for adoption. They say the legislation should have included a veto for anyone who wishes to remain anonymous. The group maintains that people who entered into adoption under the promise of privacy should not have that security taken away. [Source] [Source] [Source] [Challenge won’t hurt adoption law: advocates] [NJ Bill to give adoptees access to birthRecords]

CA – PEI Rolls Out Enhanced Driver’s License to Islanders

The PEI Department of Transportation and Public Works has begun offering an enhanced driver’s license to Islanders. The new driver’s license is part of an initiative of the four Atlantic provinces to collaborate on developing, procuring and implementing a single driver’s license system for citizens within their jurisdictions. The four Atlantic provinces jointly developed the project through an RFI and RFP process, ultimately tendering the project to Digimarc ID Canada Inc. for up to eight years. [Source]

WW – ID Theft Warning for Yahoo & Hotmail E-Mail

Web retailers should stop accepting transactions from customers using Yahoo and Hotmail email addresses, according to credit-reference agency checkmyfile. The company said retailers accepting transactions from the popular web-based email services are up to 7 times more likely to have to refund the owners’ credit cards due to fraudulent activity. [Source]

US – MSNBC Privacy Survey Reveals Consumers Value Convenience Over Privacy

Bob Sullivan, technology correspondent for MSNBC.com, reveals the results of a 30-question privacy survey developed with the help of Larry Ponemon, founder of The Ponemon Institute. More than 6,500 MSNBC.com users voluntarily took the survey, which Ponemon said revealed some surprising results. Users do not trust the government or organizations with their information and see an erosion in their privacy. Despite this dim view, they generally are eager to share personal details online in exchange for convenience, according to the survey results. [Source]

CA – Ottawa Reviewing Billion-Dollar Secure Channel

An internal document that was published this week says Canada Revenue Agency has ordered a review of Secure Channel, the system used at the federal level to transact a variety of public services. According to the document, Secure Channel is riddled with bugs and has experienced a series of crashes, poorly timed upgrades and administration problems. It also revealed that the cost of Secure Channel is going way up - from $600,000 at the moment to an expected $1 billion by the end of the decade. Even the Canada Revenue Agency Review is to cost $100,000. For a country that has regular sat atop a worldwide Accenture survey of online public sector achievements, this is a portrait of everything e-government is not supposed to be - unreliable, inefficient and expensive. [Source] [Source] [Source] [Source]

CA – Survey: Majority of GTA Residents Support Online Voting

A new survey suggests a large majority of residents living in the GTA would rather vote online if the method were offered in municipal elections. The poll, sponsored by Delvinia Interactive, released this week found 69% of residents planning to vote in the Nov. 13 election would prefer the high-tech way of casting ballots as opposed to the traditional method of lining up at polling stations. Of those not planning to vote, 82% said the Internet option would increase their likelihood of voting. [Source] [Source]

AU – Graduate School Mistakenly Sends Alums Entire Email Database

The Alumni office of the Macquarie Graduate School of Management accidentally sent its email database containing 25,000 addresses to every graduate. The school has apologized for the error, which it blamed on a technical error. [Source]

AU – Audit Finds Australia e-Records Patchy

An audit of three Australian federal agencies has found a patchy approach to electronic record-keeping. The audit, which examined the record keeping practices of the Attorney-General’s Department, the Australian Electoral Commission and the Department of the Prime Minister and Cabinet, examined all facets of the agencies’ archiving practices. All three agencies used a mixture of paper-based and electronic systems. But the audit found electronic records caused particular problems, echoing findings from two previous reports. [Source]

CA – Privacy Commissioner Releases Guidelines on Identification and Authentication

Canada’s Privacy Commissioner Jennifer Stoddart is recommending in a new report, Guidelines for Identification and Authentication, that banks and other organizations should not require customers to identify themselves online with birth dates, social insurance and driver’s license numbers. [Source] [Guidelines for Identification and Authentication]

EU – EC Holds Hearing on DRM

Consumer groups, artists’ organizations and copyright owners clashed on whether digital rights management tools would help increase Europe’s online content and production industry. Part of the discussion focused on an opinion by the EU Article 29 Working Party on privacy issues related to intellectual property rights. The group found that under the EU privacy directive, IP numbers must be considered “judicial data,” which means they deserve additional protection. Content owners seeking to track a pirate of online content by an IP address must first obtain the target’s permission to do so. [Source]

US – Ponemon Institute Study: Data Breach Costs Escalate In 2006

A study released this week shows that data breaches have become more costly this year to U.S. companies. The Ponemon Institute estimates that privacy breaches have an average pricetag of $182 per compromised record in 2006, compared to an average loss of $138 per record last year. The study is based on interviews with 56 companies that experienced a security breach within the past year. Each company lost about $2.5 million in lost business, based on their security breaches. [Source] [Source]

US – Sociology Professor Publishes Privacy Encyclopedia

The Encyclopedia of Privacy, edited by William G. Staples, professor and chair of the Department of Sociology at the University of Kansas, takes a comprehensive look at the issue of privacy in the U.S. today and throughout history. The product of more than two years worth of work, the two-volume encyclopedia contains 226 entries written by accomplished scholars, technology experts, policy practitioners and privacy advocates, ranging from brief technical explanations of various computer technologies to lengthy essays exploring the philosophical, cultural and legal bases of our understandings and beliefs about privacy. [Source] [Website] [brochure]

UK – Research: UK Household Trash a Gold Mine for ID Thieves

Research by the business advisor Waste Works shows that more than 21 million UK households are at risk for ID theft because they are throwing away documents that trash-pickers could use to commit fraud. 30% of people had thrown away papers that contained a whole credit or debit card number. The research also found that 48% threw away all the information an identity thief needs to commit ID theft. The research was released at the launch of National Identity Fraud Prevention Week in the UK. [Source]

US – U.S. Government Defends 1998 Anti-Porn Law

Eight years after Congress passed a law aimed at protecting children from online pornography, free speech advocates and Web site publishers argued in federal court this week that the never-enforced measure is fatally flawed. Salon.com, Nerve.com, and other plaintiffs warned that the 1998 Child Online Protection Act could be used to criminalize such things as sexual health information, erotic literature and news photographs of naked prisoners tortured at Abu Ghraib. [Source]

EU – Swiss Official Says Banks Broke Law by Supplying Data to U.S.

Swiss banks broke their nation’s laws by providing banking information to American counterterrorism officials, Switzerland’s top data-protection official said last week. The banks, known for safeguarding privacy, should have informed customers using the Swift money-transfer service that their data could be passed on to third parties, the Swiss official, Hanspeter Thür, said in Bern. Just the possibility of the data being leaked should have been grounds enough to warn customers, he said. His statement was at odds with the views of the Swiss finance minister, Hans-Rudolf Merz, who said last month that giving the C.I.A. such access did not infringe on the country’s banking secrecy rules. [Source] [Source] [Privacy complaint lodged to protect customer bank records]

UK – ID Theft Risk on Bank Websites

Three UK banks are failing to prevent the possible theft of online customers’ identity, an online security company has warned. Heise Security says they have failed to make their banking websites more secure against “phishing” attacks. In September, Heise showed how the sites of six banks could be “spoofed” so that criminals could steal details of their users’ identities. It showed that it was possible for a fake or spoofed page to be inserted onto the web sites of six online banks, with no chance of ordinary customers being able to detect that anything was wrong. [Source] [UK online banks 'drag feet over security breach']

WW – SEC: Hackers Increasingly Target Online Stock Accounts

Hackers have been breaking into customer accounts at large online brokerages in the United States and making unauthorized trades worth millions of dollars as part of a fast-growing new form of online fraud under investigation by federal authorities. E-Trade Financial Corp., the nation's fourth-largest online broker, said last week that "concerted rings" in Eastern Europe and Thailand caused their customers $18 million in losses in the third quarter alone. [Source]

MY – Banks: Online Banking Fraud Result of Phishing, Not Intrusion

The Association of Malaysian Banks said 159 online banking fraud cases during the first 9 months of 2006 were mainly the result of phishing, not intrusion into the banks’ Internet banking systems. The group said that Internet banking systems are secure. Banks and customers must do their parts to tackle online fraud, the banking group says. Consumer education is critical to foil the fraudsters. [Source]

UK – Morgan Stanley ID Theft Risk Calculator Launched

In order to help the battle against the risk of ID theft, Morgan Stanley has introduced an ID theft risk calculator to give customers the chance to weigh up the likelihood of them falling victim to the crime. Found on the Morgan Stanley website, the ID theft risk calculator works by posing a series of questions relating to specific aspects of card usage. The risk calculator asks questions on four subjects: home, finances, lifestyle and personal details, so that the level of risk an individual faces due to their habits can be effectively assessed. Level of risk is displayed by a green and red warning system with the aim of making people more aware of the risk they may run regarding ID theft. [Source]

CA – Access to Information Researcher Complains of Government Profiling

Testifying before a parliamentary committee, Ken Rubin revealed that he learned recently he has been the subject of just such a profile. Documents Rubin obtained from the Canadian Border Services Agency revealed a memo prepared in January 2004 for then-public safety minister Anne McLellan outlining an access request that Rubin had filed for information concerning the department’s Advance Passenger Information project. In the memo, which the department told Rubin was never transmitted all the way to the minister, the department outlines details of telephone calls officials had with Rubin, other access requests he had filed and the fact that he had volunteered to help Maher Arar and his wife get information about their case. The memo was released to Rubin earlier this month under the Access to Information Act after he filed a complaint. [Source] [Government ‘Abusing Public’s Right to Know] [Open letter Regarding TB President John Baird’s possible breach of privacy laws]

CA – Hackers Steal Personal Information from Brock University Computers

The personal information – Including some credit card and bank account numbers – of about 70,000 people who gave money to Brock University has been stolen from the school’s computers by a hacker. The digital intruder had the secret passwords needed to access the file listing of possibly every individual to ever donate to the university. The hacker tapped into the system on Sept. 22, taking only 4 minutes to make off with the file containing thousands of names, birthdates and e-mail addresses. About 90 credit card numbers and some 270 bank account details were also in the file. Those people were called within 24 hours, while the remaining thousands received a letter in the mail explaining what had happened. The school didn’t see the “value” in issuing a public announcement or news release about the breach because all those directly affected had already been notified. [Source]

CA – Ontario Commissioner Announces Plan to Create New Online Identity System

Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, has introduced 750 privacy professionals, speakers and exhibitors attending the IAPP Privacy Academy 2006 in Toronto to what she describes as the coming “Big Bang” for connecting identity systems online that have built-in privacy protections. The new framework, which is intended to limit the amount of information companies and organizations collect from users and to reduce cybercrime, springs from the “7 Laws of Identity” formulated by Microsoft for its new Vista operating system. [Source] [Cavoukian says privacy fears crippling e-commerce] [Source][Q&A]

WW – FBI Expert Says Electronic Age Makes ID Theft Much Easier

Speaking in Toronto recently, Catch Me If You Can fraud artist Frank Abagnale says the advent of computers and the Internet actually makes it much easier for fraud artists to rip off innocent victims. “I think out of my entire career, the thing that is most amazing to me is that every year, it gets easier,” Mr. Abagnale said recently in an interview after a detailed seminar on fraud prevention in Toronto. “We’ve moved from this paper to electronic file, where anything is available to anybody. You can simply go online and find out … A lot of identity theft, in my opinion, is easily prevented if they control the information they give out, if they use common sense,” Mr. Abagnale said. Although many people consider crime to revolve around murder, burglary and other violent acts, Mr. Abagnale underlined the importance of paying attention to white-collar crimes and the fact they have a significant impact on the entire economy. “In my 31 years at the FBI, I have only seen crime get easier, faster, harder to detect, committed from thousands of miles away,” Mr. Abagnale told the Toronto audience. [Source]

US – FBI Warns Online Jobseekers of Identity Theft
The Internet makes it easier to look for a new job. By posting your resume on a number of popular jobs sites, it’s easier for employers to find you. Unfortunately, it’s also easier for identity thieves to find you. The FBI says it increasingly receives reports of job seekers being contacted by criminals out to steal their identity. Posing as a potential employer, the scammer requests more information, including sensitive data like social security number and date of birth. Many people fall victim to this scam because they think the request is legitimate, and the information is needed for a background check. Instead, the information is used to open credit card accounts and lines of credit in the victim’s name. For job hunting online, the FBI has some advice: [Source][Source]

o Don’t give out a SSN until you’re sure of the identity of the person making the request.

o Don’t agree to a background check until after an interview in person.

o Never set up a direct deposit until officially hired, and

o When applying online, target specific employers and don’t blanket the web with resumes.

US – ID Theft Up 21% this Year

Anti-fraud group Cifas has released a study that finds that identity theft will affect 70,000 people by the end of the year. In the first nine months of 2006, ID fraud cases have increased 21%, affecting nearly double the number of victims four years ago. The study finds that one of the most productive fraud methods involves raiding the garbage for enough personal information to steal a person’s identity. A study last week confirmed this trend when experts who examined the trash discarded in bins on a south London street found 97% of people had thrown away documents containing their name and address. [Source]

US – Class Action Suit Over ID Theft Tossed Out

A federal judge in Arkansas has thrown out a class action lawsuit against Acxiom, which exposed massive amounts of Americans’ personal information in a high-profile Internet security snafu three years ago. Even though a spammer had downloaded more than one billion records from the company, U.S. District Judge William Wilson ruled that there was no evidence that Acxiom’s purloined database had been used to send junk e-mail or postal mail. Because the class action attorneys could not prove that anyone’s information had actually been misused, Wilson dismissed the case and the request for damages on the grounds that any harm would be entirely speculative. “Because plaintiff has not alleged that she has suffered any concrete damages, she does not have standing under the case-or-controversy requirement,” he wrote. The decision, published on Oct. 3, could prove influential in other identity fraud cases where breaches have exposed personal information such as home addresses and Social Security numbers, but there’s no proof that the information has been misused. [Source]

WW – IBM Launches Global Initiative to Help Clients Detect Threat and Combat Fraud

IBM has announced a comprehensive software and solutions strategy expected to provide customers with the industry’s most advanced and complete identity recognition solutions for uncovering and managing potential threats and fraudulent activity by individuals and groups attempting to mask, hide, or misrepresent their identities. IBM’s Threat & Fraud Intelligence strategy will enable five focused solution portfolios with a common, extensible and re-usable technology platform - each tailored to meet the needs of a specific industry or focus area. [Source]

US – Ben Edelman vs. TRUSTe Web Seals

In his recently published paper, author and spyware researcher Ben Edelman concluded that, out of a sampling of over 500,000 top sites, 5.4% of TRUSTe-certified sites are actually untrustworthy, compared with 2.5% of all sites in the test group. “So,” he writes, “TRUSTe-certified sites are more than twice as likely to be untrustworthy.” Edelman singles out sites he believes should not have been awarded the TRUSTe privacy seal, some of which still remain approved. He also criticizes the ability of Better Business Bureau seal programs and major search engines to shield users from potential dangers of visiting or interacting with certain sites. Edelman contends most users expect a privacy certification process to consider spyware or e-mail abuse. Thus, he concluded, by separating privacy policy adherence from other nefarious activities, “I don’t think [TRUSTe] passes the smell taste with most users.” [Source]

AU – New Web Site Teaches Online Safety

A new Australian government Web site aims to teach people how to avoid Internet pitfalls. The regularly updated site offers advice such as how to protect children from online predators, how to spot a money scam, and how to guard against viruses. [Source]

US – Data Retention Endorsed by FBI, International Association of Chiefs of Police

The International Association of Chiefs of Police (IACP) has endorsed the concept of data retention in a resolution. The IACP resolution seeks data retention being extended from ISPs to registrars and registries. Search engines have also been talked about as potential targets. And FBI director Robert Mueller applauded them a few hours later: [Source] [Source] [Source] [Source]

EU – EU gives US Prosecutors Access to Criminal Cases Data

The EU and the U.S. have agreed on a new deal which would give the US access to European data regarding criminal cases under investigation, the EU said Tuesday. The agreement approved by EU ministers was particularly important for the investigation of terrorism-related cases, the EU's current Finnish presidency said in a statement. Under the pact, the EU's prosecution agency Eurojust and US judicial authorities will participate in meetings at which cases under evaluation of charges are examined, it said. [Source]

IN – Legislation Would Impose Security and Privacy Protections on Outsourcing Industry

In response to a recent British television report that highlighted data security shortcomings in the outsourcing industry, the government this week strengthened the Information Technology Act, 2000, with amendments that require corporations and organizations that have access to customers’ personal information to adopt security practices. The amended bill will be introduced next month in the winter session of parliament. [Source] [Source] [Indian Cabinet Amends IT Act for Data Protection]

CA – Ontario Privacy Commissioner Cavoukian on Privacy & Social Networking

Posting your personal information on a social networking website without considering your privacy options is like crossing the street without looking both ways, says Ontario Information and Privacy Commissioner Ann Cavoukian. Neither is advisable. The Commissioner and social networking website Facebook released a joint brochure, When Online Gets Out of Line: Privacy - Make an Informed Online Choice, which encourages university, college and high school students to carefully consider their privacy options before hitting “send.” “Social networking sites are becoming a significant technological and social phenomenon,” said the Commissioner. “These websites help to connect people with various interests and are becoming increasingly popular with university and college students. They can offer basic information about people and also provide blogs, chat rooms and discussion forums. There are hundreds, if not thousands, of these websites. Most offer students minimal protection.” [Source]

CH – China Moves Toward ‘Real Name System’ for Blogs

The Internet Society of China has recommended to the government that bloggers be required to use their real names when they register blogs in the latest attempt to regulate free-wheeling Web content. The society, which is affiliated with the Ministry of Information Industry, said no decision had been made but that a ‘real name system’ was inevitable. [Source]

WW – Microsoft Announces Guidelines to Help Developers Protect Customers’ Privacy

The Privacy Guidelines for Developing Software Products and Services, released at the IAPP Privacy Academy in Toronto, draw from the company’s experience incorporating privacy into its development processes and reflect customers’ expectations as well as privacy legislation in effect worldwide. Currently, there are no industry-wide practices to help standardize the user experience for privacy-oriented software features, or to address privacy issues and concerns in the development process. To help establish a starting point for these efforts and open an industry dialogue about privacy guidelines for development, Microsoft has released an extensive set of privacy guidelines for developing software products, Web sites and services. [Source] [Source]

US – Privacy Group Sues FBI for Database Info

The Electronic Frontier Foundation has sued the U.S. government for information about an FBI database of more than 700 million personal records set up after the Sept. 11 terrorist attacks, because the FBI failed to respond to Freedom of Information Act requests on its “Investigative Data Warehouse.” The lawsuit also charges the FBI has not posted a public notice describing the criteria on personal information included in the database, as required by the Privacy Act of 1974. [Source] [Your Papers, Please! Fighting the Total Surveillance Society]

US – ChoicePoint Names a "Consumer Advocate"

ChoicePoint, whose name has become synonymous with “data breach,” has created a new “Consumer Advocate” position in hopes of cleaning up its image. The job is designed to address, as ChoicePoint president Doug Curling put it, “the need for us to be more transparent to the consumer and more receptive to their concerns.” The first individual to hold the position is Katherine Bryant. [Source]

US – Judge Limits Ability to Search Laptops at Borders

Government officials must have reasonable suspicion under the Fourth Amendment to search someone’s laptop at U.S. borders, according to a recent ruling by a U.S. District Court in California. The decision is the first within the area of the 9th Circuit to address whether searching a laptop is more than routine and therefore subject to the search and seizure protections of the Fourth Amendment. [Source]

RFID – EU Commissioner Calls for RFID Privacy Enhancements

A European Commission survey of nearly 2,200 people has revealed privacy concerns related to the use of RFID tags. 70% of respondents indicated they favor revealing the tags by notice to consumers as well as providing an opportunity to disable or destroy them. The survey, conducted over six months, found that people and organizations are concerned about losing control of their data collected by the tags and the possibility of surveillance. Information society and media commissioner Viviane Reding said she would consider legislation to give consumers privacy protections. [Source] [Source] [EU needs RFID privacy regs, study finds] [Privacy Law in the Cards?] [EC Final Report] [Source] [Source] [EU to tackle radio chip privacy fears] [Source] [Source]

WW – Researchers Reveal Potential Security, Privacy Flaws in New RFID Credit Cards

A new generation of credit cards that require no swiping may have some privacy and security challenges, according to researchers who did a public demonstration to reveal the shortcomings. Companies that issue the cards said the academic exercise was interesting, but the demonstration does not translate into real risks for consumers. The companies have given consumers the impression that the data was encrypted to prevent hackers from obtaining sensitive information. However, the researchers say they were able to obtain the cardholder’s name and other details – all unencrypted. [Source] [Report Reveals RFID Credit Cards Ripe for Info Skimming] [Source] [Source] [Source] [CASPIAN Advises Consumers to Immediately Remove Cards from Wallets]

US – DHS Proposes Vicinity RFID Technology for PASSport Card

The U.S. Department of Homeland Security and Department of State have spelled out plans for the use of the RFID-enabled PASSport card at U.S. ports of entry. Under the newly proposed rule, Americans driving across U.S. borders or traveling by sea from Mexico, Canada, the Caribbean or Bermuda will carry a driver’s license-sized card with an RFID chip that could be used instead of a traditional passport book at those crossings and be read through a vehicle as the owner approaches the border. The cards would contain passive EPC Gen 2 RFID tags, with a read range up to 20 feet to facilitate the processing of multiple travelers simultaneously. The RFID chip would contain the unique ID number of the PASSport card, while data specific to the person owning that card would be linked to that number in a database managed by CBP. Readers could process information from as many as eight PASSports at a time. The State Department also reviewed, but rejected, proximity RFID chips, which require a card be presented within 4 inches of a reader and conform to the ISO 14443 standard. Unlike a proximity-card system, a vicinity-card PASSport system would be able to read multiple cards at once, such as when many people are in a single car, and allow border agents to access information about the travelers before they even reach the crossing, further expediting the process. The proposed PASSport card regulations are available for public comment until Dec. 18. [Source] [Source] [State Department seeks advice on border cards] [Source]

US – Smart Card Alliance: Use of Long Range RFID’s in Passports Bad for Privacy

Using the long read range radio frequency identification (RFID) technology the Department of Homeland Security and State Department are proposing for passport cards will do little to increase the security of the nation’s borders, and opens up possibilities that U.S. citizens could be tracked, the Smart Card Alliance said last week. The Alliance contends that a more privacy sensitive and secure passport card solution using the same contactless smart card technology found in the new electronic passports (ePassports) can improve border security without causing delays at crossings. “Using long range RFID technology is a major step backwards for government-issued identity credentials,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “These RFID tags simply don’t have the security features necessary to protect the border and also maintain citizen privacy. “The stated goal of the passport card program is to help secure the border without compromising citizen privacy or efficiency at the border crossing. The only proven technology that meets all of these objectives is the contactless smart card technology that is used in the ePassport. This would achieve the objective of a faster, more secure means for tens of millions of citizens to cross back into our borders from land and sea, while still protecting the security and privacy of individuals,” concluded Vanderhoof. [Source] [New ‘e-passports’ raise security issues]

EU – Project to Track Passengers in Airports Using RFID

University College London, in partnership with Innovation Research and Technology of the U.K., said it plans to start using RFID technology this month to track all passengers in a small Hungarian airport under its Optag project, funded by the EU commission. Optag is designed to monitor the location of passengers in the airport through the use of tags attached to their boarding passes or on wrist bands. The tags will feed passenger information to tag readers attached to closed-circuit surveillance cameras located throughout the airport, making it easy to locate any passengers within about 3.3 feet and alert them if they are missing at the gate at boarding time, Brennan said. The Optag system consists of a network of ceiling- and wall-mounted units containing cameras and antennas capable of picking up signals from the tags, which have a range of 30–50 feet. [Source]

WW – The DeadMan’s Handle: Failsafe For Laptop Security

More often the not, laptop thieves are after hardware and stumble upon information. DeadMan’s Handle is designed to delete secure information in the event a laptop is stolen. When the laptop is turned onby the thief a prompt designated by the user is presented. If the proper answer to the “innocuous-looking challenge” is not entered DeadMan’s Handle “quietly deletes the confidential information ... on the machine” and deletes itself. Account numbers, personal files, or even remote network configuration files can all be deemed confidential. Harmless warnings about virus protection expirations or innocent looking update panels are among the 70 different challenges the program can be shipped with. [Source]

WW – Microsoft Accepts Outside Security Vendors for Vista

Microsoft Corp. did an about-face, agreeing to make it easier for customers of its forthcoming Vista operating system to use outside security vendors, such as those who make popular antivirus and anti-spyware programs. Until now, Microsoft had planned to block those companies from installing their products in the deepest levels of the new operating system, which is scheduled for release early next year. [Source] [Microsoft Releases Free Anti-Spyware Program]

AU – Australia Privacy Commissioner Urges System Thinking on Smartcard

The Australian Privacy Commissioner has urged the federal government to recognize the proposed Smartcard will be a system, not just a standalone card, and that new laws will be need to protect privacy when the smartcard is introduced. And it is also warning the government against allowing the kind of function creep which overtook the Canadian Social Insurance Number to plague the so-called Access Card. In its submission to the government’s Access Card Consumer and Privacy Taskforce, the Office of the Privacy Commissioner argues existing protections won’t alleviate the threat to privacy posed by the introduction of the health and welfare Access Card. The government plans for the card to replace 17 existing social services cards. [Source]

US – US Gov’t to Roll Out New Employee ID Card

Beginning Oct. 27 and continuing over the next two years, U.S. agencies will dispense new smart access cards to all federal employees and thousands of contractors who work in or frequent federal buildings. By October 2008, all federal employees will get into their office buildings by waving these smart cards over a reader and having a fingerprint scanned. Once at his desk, an employee will insert the card into a reader hooked up to his computer, press a finger on another scanner, type in a four- to eight-digit personal identification number, and automatically log on to e-mail, instant messaging, databases or other systems without any further logins. If an employee visits another federal agency, he won’t have to sign in at the door and get a visitor’s badge - just another swipe and fingerprint scan. And while visiting another federal office, a fed can plug his card into a computer to remotely check his office e-mail or access information on his agency’s database. [Source]

EU – Finnish Government Employees Get Chip ID Cards

Chip ID cards for government employees are being adopted throughout Finnish central government. The photo ID cards contain a qualified certificate enabling identification to log into information networks, authentication of network users and their usage rights, encryption of email and other documents and provision of a binding and undisputable electronic signature, as specified in Finnish legislation. [Source]

EU – E-Passport Launched in Ireland

Ireland has launched its e-passport, just days ahead of a US deadline to bring in biometric passports or risk being booted from the visa waiver scheme. The new, high-tech document includes a secure, contactless electronic chip to store encrypted digital information on the holder’s identity, biographical information, and a digital image identical to that of the holder. The microchip embedded in the passport can be read by a special chip reader, while digital signatures verify the data’s authenticity, or reveal if the data has been tampered with. [Source]

EU – Dutch Police Ordered More Internet Surveillance in 2005, Industry Groups Says

Dutch police have been steadily increasing their surveillance of Internet users suspected of crimes, an industry group of Internet service providers said in a statement last week. Since 2002, Dutch ISPs have been obliged to provide police with tapping services on request. There were six such taps ordered in 2003, the Netherlands’ organization of Internet Providers said, increasing to 10 in 2004, 15 in 2005, and an estimated 31 in 2006. The Dutch Justice Ministry has not released any data on such taps. The ISP organization said its task has gotten more difficult each year, as new kinds of traffic pop up and require new software and equipment for monitoring, such as telephony over high-speed connection services. It added that the cost per tap has been falling, but is still around euro9,500 (US$11,900). [Source]

CA – Ontario Government Spends $2 Million for TO Surveillance Cams

CCTVs in high-risk neighbourhoods will help keep Toronto communities safe, Community Safety and Correctional Services Minister Monte Kwinter said this week. “We are committed to giving police the tools and resources they need to protect our citizens,” said Kwinter, who announced $2 million in funding from the province to purchase a closed-circuit television system that includes 15 video cameras installed in areas of Toronto where street crime and gun violence have been problematic. Initially, police will be able to move the cameras between different parts of the targeted neighbourhoods and then to other high-risk areas of the city if needed. Cameras will monitor streets, sidewalks, parks and other public areas for criminal activity. The cameras will have a night vision capability and will be remotely operated. Full deployment of the camera system is scheduled for April 2007. [Source] SEE ALSO: [Halifax Police Testing Video Surveillance] [Source] [Hamilton Police Eying Talking Surveillance Cameras] [Crime-fighting cameras to take back streets] [Saskatoon Police Air Surveillance Gets Support] [Vancouver transit buses ready to test surveillanceCams]

US – FTC Rejects Industry Efforts to Allow Recorded Calls

After receiving thousands of comments from consumers opposed to an industry request to allow more recorded telemarketing pitches without consumer consent, the FTC has denied the petition filed by Voice Message Broadcasting Corp. of Costa Mesa, Calif. Some opponents said the proposal would create a loophole in the efficient Do-Not-Call Registry. Under the ruling, the FTC said companies with a prior business relationship would not be able to use taped calls unless consumers agreed in writing to receive those calls. The new rule, which takes effect Jan. 2, will supersede a 1991 Federal Communications Commission rule that allows recorded calls to existing customers. [Source]

US – Report: Federal Government Agencies Have Sloppy Data Privacy Practices

The House Government Reform Committee released a report last week that warns that personal information held by the federal government “remains at risk.” The committee had asked agencies to provide details about the loss or compromise of any sensitive personal information by the departments or its contractors since Jan. 1, 2003. The report documented the theft of more than 1,800 government-owned laptop computers. In addition, those agencies don’t always know what information has been lost or how many people could be affected because they aren’t tracking those losses, the report said. Only a small number of the data breaches were caused by hackers breaking into computer systems. Most of the data losses stemmed from the theft of laptops, drives and disks, as well as unauthorized use of the information by employees. Contractors were also responsible for many of the reported breaches. [Source] [Theft causes most data losses, report finds] [Report: Data loss widespread at government agencies] [Source]

US – States Continue to Ban Pretexting While Congress Talks Tough

Despite impassioned calls in Washington for a bill to ban pretexting, it appears that the pretexting bill promised by the House is stalled and going nowhere. Telcos are opposed to the House’s bill because of its broad requirements that would force them to implement new security measures to prevent access to customer records. The bill also would require the companies to file regular reports on any suspicious activity or face fines. The companies instead favor other stalled bills that outlaw pretexting, but nothing more. Meanwhile, 15 states – most recently California – have passed laws banning pretexting. [Source]

US – DoE Ends Polygraph Screening of Job Applicants, Employees

The U.S. Energy Department plans to end its across-the-board polygraph testing of job applicants and employees, according to a rule that department officials published in the Federal Register. The policy change becomes effective Oct. 30. Some researchers say there have been no major physiological or technological advances in the past few years to justify the use of polygraphs for employee security screening at federal agencies. Opponents of polygraph testing have argued for years that DOE and other agencies should scrap such evaluations. Now, after ignoring studies that show that polygraphs are not reliably accurate, DOE has decided to decrease its reliance on such testing for screening prospective counterintelligence employees. DOE screens employees using a computerized polygraph system to prevent insiders from leaking classified information to the country’s enemies. The department has been administering polygraphs to all employees, consultants and contractor employees before granting them access to sensitive information. [Source]

--------