Privacy News Highlights
20–26 April 2007
Contents:
CA – Canadian Airlines, Airports Push For
Biometric Scans
US – Massachusetts School Scraps Fingerprint Plan to Pay
for School Lunches
CA – Ontario Border Driver’s Licence Plan Gains Traction
CA – B.C. Government Strengthens Privacy Legislation
US – Poll: Americans Value Privacy Rights
US – Survey: 70% of Americans Support Real ID Act,
Uniform License Standards
US – State CIOs Warned About Insider Threat: Report
WW – PKware Offers Free Windows Desktop Encryption
Software
US – IBM Analytics Gets DHS SAFETY Nod
EU – Peter Schaar Accuses German Government of Neglecting
Data Privacy
EU – French Government Issues Draft Decree on Data
Retention
WW – Card Fraud by Airlines at One-In-Five: Deloitte Study
UK –
Press Privacy Complaints Soar
US – Survey: Financial Firms Policing Identity Theft
UK – Data Watchdog to Investigate Barclays Bank
EU – Complaints on Lack of Access to European Commission
Documents
AU – Expert: Key to Acceptance of Digital Health Records
is Patient Control, Access
EU – New Austrian Drug Addict Law Favors Therapy Over
Privacy
US – Nevada Lawmakers Reject Prescription Privacy Bill
US – ID Theft Task Force Wants Stronger Laws
US – Canada, Mexico Travel Cards Under Privacy Attack
WW – CDT Unveils Draft Identity Principles
US – ID Breach by Agriculture Department Smaller than
Feared
WW – Report: 8 in 10 Web Sites Place Customer Data at
Risk
UK – Study: State Has 266 Ways to Enter Your Home
EU – EU Police Data-Sharing Plan Draws Criticism
IN – Nasscom to Monitor Privacy, Data Security Standards
for Outsourcing Firms
WW – Google’s Data-Storing Feature Fuels Privacy Fears,
FTC Complaint
US – Tom Ridge Rips Privacy Laws After Campus Massacre
US – Court Weighs Rights of Passengers When Police Stop
Cars
WW – Study: RFID Chips Exposing Users to Danger as Use
Expands
US – California Bill Would Prohibit RFID in Licenses
US – NH Bill Would Regulate Uses of RFID
WW – McAfee Releases New Security Breach Report
US – Gov’t Straining to Secure Computer Systems: Testimony
US – New York Activists Call For Surveillance Camera Laws
US – US Gov Hints at Major Passenger Tracking System
US – American Teleservices Association Releases Draft
Self-Regulatory Standards
US – Pentagon to End Talon Data-Gathering Program
US – House Panel Approves Bill That Would Make Ban Some
Harmful Spyware
US – Nebraska Lawmakers Approve Bill to Place Limits on
Employer Use Of SSNs
US – North Carolina Bill Looks to Open Adoption Records
US – Proposed NY Legislation Establishes Fundamental
Right to Privacy For Women
US – A New Twist on Snooping at Wal-Mart
A coalition of Canadian airlines and airports is
putting pressure on Transport Minister Lawrence Cannon to adopt a biometric
travel screening program that would allow passengers to “fast track” through
airport security and avoid hassles such as taking off their shoes and coats and
removing laptops from their cases before boarding planes. The voluntary
program, which is in place at several major U.S. airports, relies on iris and
fingerprint scans to identify passengers and quickly move them through airport security.
The biometric screening system is seen as a way to significantly reduce lineups
and other delays that have become a major hassle for passengers, particularly
those who travel frequently, according to the coalition, which includes Air
Canada, WestJet, as well as the Toronto, Montreal and Edmonton airport
authorities. [Source]
See also: [Ottawa
open to revamped air safety bill]
After weeks of opposition from parents, a
Massachusetts School Committee has abandoned plans to let students pay for school
lunches using biometric fingerprint scans. One parent said “I am thrilled that
the battle is won, but the war is not over,” adding she’d like to see a state
law against using biometric scanning on school children. She was one of a group
of parents whose “Ban the Scan” movement persuaded the school committee to dump
the proposal. The committee voted to upgrade the cafeteria payment system
without the fingerprint scanners. [Source] vs.
[Tough Love in
the School Cafeteria Lunch Line] and also: [Fingerprint
scanners introduced track Chinese college students]
AE – UAE ID
Card to Support Iris Biometrics
In what would be the first mandatory use of iris
patterns as a biometric identifier on a national ID card, the United Arab
Emirates plans to introduce the technology on its ID smart card for expatriate
workers and citizens, reports say. The ID card, launched a couple of years ago
storing cardholder fingerprints, will add the second biometric identifier in
mid-2007. The state has introduced the ID card to help secure its borders,
reduce identity theft and keep better track of the expats. It’s an ambitious
project: Besides serving as a residence and labor card, plans call for the ID
to also double as a health card, e-passport within the Gulf region and as an
ATM and e-purse card. The government also wants cardholders to eventually use
the cards to authenticate themselves when they conduct e-government services.
The cards will carry not one but two 64-kilobyte chips. [Source]
More northern U.S. border states are expected to
request permission to test enhanced drivers’ licences for their residents
returning from Canada - a move Ontario officials are hailing as major progress
in their battle to ease tough new land-border requirements. Ontario Tourism
Minister Jim Bradley said this week that U.S. DHS officials told him that
Vermont could follow the lead of a Washington state pilot project to see if
secure licences can be used instead of passports or special identification
cards when new border regulations come into force. Bradley said Queen’s Park
has begun discussions with Michigan Secretary of State Terri Lynn Land to begin
a pilot project at Ontario-Michigan crossings, the busiest access points
between the two nations. [Source]
Legislation was introduced last week to strengthen
B.C.’s Freedom of Information and
Protection of Privacy Act, said the BC Minister of Labour and Citizens’
Services. “The changes [contained in Bill 25] continue government’s tradition
of enhancing the Freedom of Information Act’s privacy and access provisions to
ensure that it remains the strongest legislation of its kind in Canada,” she
said. The amendments to the Freedom of Information and Protection of Privacy
Act address recommendations of the Special Committee that reviewed the
FOIPP Act, and include a number of other changes and amendments that clarify
and update other sections. Specifically, the amendments:
§
Enhance
privacy protection by requiring employees and service providers to notify
public bodies about unauthorized disclosures of personal information.
§
Strengthen
the Information and Privacy Commissioner’s inquiry and review processes.
§
Improve
disclosure processes by allowing public bodies to routinely disclose
predetermined personal information that they can currently disclose in response
to access requests.
§
Improve
consistencies in the FOIPP Act by making the time period for public bodies
responding to transferred access requests consistent with the time period for
responding directly to access requests.
§
Address
the needs of school boards by allowing them to disclose personal information to
museums and archives for archival or historical purposes. [Source]
A majority of respondents to a UPI-Zogby International
poll said the U.S. government shouldn’t be allowed to suspend privacy laws to
share terror information. The 5,932 U.S. residents who took part in the April
13-16 Zogby interactive poll were asked whether the government could suspend
privacy laws to enable the sharing of counter-terror information that could
include private data on U.S. citizens. [Source]
See also: [Chamber
of Commerce: Companies Should Be Allowed to Break Law if Helping Government]
A new poll shows that 70% of Americans support the
introduction of national standards for driver’s licenses under the Real ID Act,
despite opposition from several state legislatures and charges that the program
amounts to a national ID card. The poll, a survey of nearly 6,000 adults across
the country, also found that a large number –more than 44%– would support a
federal law mandating compulsory national biometric ID cards for all US
residents. A slim majority –51%– would oppose such a national ID scheme
however, and nearly one in four opposed the Real ID Act. Opponents of the Real
ID Act played down the figures, saying they reflected they absence of real
national debate on the issue, and that the opposition from a growing list of
state legislatures to the new law was a better gauge of U.S. opinion. [Source]
State government CIOs need to be more aware
of insider threats to their networks, including lost laptops and malicious
actions by disgruntled employees, according to a national group of state CIOs.
Insider threats, including inattentive, complacent or untrained employees, as
well as security lapses by contractors or outsourcing companies, represent the
most important risks facing state IT networks, according to the National
Association of State Chief Information Officers (NASCIO) in a report released
last week. NASCIO also warned state governments about insufficient IT security
compliance and oversight and about data on mobile devices. [Source]
[NASCIO Report] See also [Consentry
Report: The dissolving perimeter]
PKware Inc. today began giving away its flagship
desktop data encryption product, SecureZIP. SecureZIP Standard Version 11,
which runs on Windows, supports passphrase- and digital signature-based encryption,
or both simultaneously, said PKware. The application also integrates with
popular e-mail clients, such as Microsoft Corp.’s Outlook, to let users encrypt
and digitally sign both the message body and any file attachments. “We
conducted a survey at the RSA Conference in February that showed that while 86%
of more than 100 respondents were very concerned or extremely concerned about
their confidential personal information falling into the wrong hands, almost
one-third admitted they don’t use any tools to ensure that the files they send
and store are protected,” said PKware’s chief operating officer. Other features
in the program include file name encryption, automatic file wiping after
deletion (up to the NSA-mandated seven times) and support for security tokens
and smart cards. The free edition, however, lacks enterprise tools such as
administrative-enabled settings lockdown and automatic access to public keys
for encryption and decryption. [Source]
[Download SecureZIP] [Product
Review]
The Department of Homeland Security has approved
analytics software from IBM Corp. for use in fighting terrorism. The IBM Global
Name Scoring software has been qualified under the guidelines set by the
Support Anti-terrorism by Fostering Effective Technologies Act of 2002,
according to the company. The guidelines act as a seal of approval, assuring
the product does what it claims to do. It also protects the vendor from legal
liabilities sparked by the product. Global Name Scoring can search for
instances of names across different languages. It takes into account “the
linguistic, phonetic and specific cultural variation patterns of names,”
according to the IBM statement. Thus far, approximately 100 products have been
qualified to meet Safety Act guidelines. [Source]
The Federal Commissioner for Data Protection has
accused the German government of “culpable neglect” in protecting data privacy.
He said the government should halt plans for greater access to phone and
Internet records. Fundamental civil liberties in Germany are increasingly under
attack from state authorities and private businesses seeking to snoop into
peoples’ lives, said German Federal Commissioner for Data Protection Peter
Schaar during an annual data protection presentation in Berlin. Schaar accused
security officials of violating the law in their attempts to fight terror,
adding that the Federal Criminal Police Office had passed on information to
Germany’s domestic intelligence agency that was unnecessary for its fight
against terrorism. Schaar said modern technology provides plenty of
opportunities for unauthorized access to personal data that had previously been
protected under stringent laws. “Data protection laws have not kept up with the
advance of technology,” Schaar said, calling for an update of data privacy
laws. “Complete surveillance is already technologically possible today.” [Source] See
also: [German government
admits it is already conducting online searches]
The French Government is preparing a decree to require
webmasters, hosting companies, fixed and mobile telephony operators and
Internet service providers to retain all information and on Internet users and
telephone subscribers and to deliver it to the police or the State upon simple
request. It will require identification of anyone in France who has made any
modification in a blog, a chat room or on the web and the systematic recording
of anything put, modified or erased online. Furthermore, chapter 2 of the draft
decree establishes that the data retained by the ISPs and hosting companies and
obtained by the police can be kept by the latter for a period of three years in
the automatic processing systems provided by the Ministry of Domestic Affairs
and the Ministry of Defence. And this comes at a time when the police have
already been given wider prerogatives while no data protection measures are
provided for the data retained. [IRIS press
release on data retention] [Debate
on the information data retention] [Does
the State want to kill the Internet in France?] See also: [Europe makes ‘progress’
on police data protection] and [New
Canadian Private Members Bill to Restrict Internet is Wrong Approach: Experts]
Airline staff have stolen passengers’ identity and
ripped-off their credit card details up to 20% of international airlines have
admitted in a survey. However, the worrying statistic for the public is that
20% of the airlines surveyed had experienced internal abuse of passengers’
personal details. It found that 7% of internal auditors of the airlines had
found that employees had ‘stolen’ the identities of passengers. [Source]
Britain’s
press watchdog has confirmed that 2006 saw more complaints about invasion of
privacy than ever before. The Press Complaints Commission (PCC) also revealed
in its annual report that it successfully conciliated a record number of
complaints 20% more than a year earlier after 418 were resolved. But the total
number of complaints about British newspapers and magazines, including their websites,
dropped by about 10% to 3,325. [Source]
Most victims of identity theft are alerted to
suspicious transactions by financial-services companies, a recent survey found.
In a survey of 771 identity theft victims over a one-month period, 62% were
made aware of the situation directly by their banks, credit-card company, or
other financial-services firm, according to the Identity Theft Assistance
Center, a Washington-based consumer support group. Other common ways included
having a credit-card purchase denied, during a credit check, or by receiving a
strange bill in the mail. By contrast, less than 1% were alerted by police, the
survey found. [Source]
See also: [Consumers
Beware: Jim Stickley Achieves 1,000th Successful Bank Heist] See also: [Institutions
only notify 62% of identity theft victims, Assistance Center reveals] and [Staples
Inc to offer identity theft insurance] [AU
– Five Years Jail for ID Theft]
Barclays today faced the humiliation of a full
investigation by data protection officials after allegations that call centre
staff accessed private customer files and made sales calls to people who asked
not to be contacted. The UK Information Commissioner’s Office said that
allegations in a BBC Whistleblower programme in March were a cause for concern.
It was based on an investigation by journalists who worked at two Barclays call
centres over nine months. [Source]
[Source]
Statewatch has made two complaints to the European
Ombudsman against the European Commission, one for having failed to keep a
proper public record of documents and the other for having failed in 2006 to
issue its annual report on access to documents for 2005. The group considers
both cases as maladministration, in breach of Regulation 1049/2001 that sets up
the EU bodies public registers of documents. “Open, transparent and accountable
decision-making is the essence of any democratic system. Secrecy is its enemy
and produces distrust, cynicism and apathy among citizens and closed minds
among policy makers. The European Commission must be called to account for its
actions or rather its failures to act” said Tony Bunyan, Director of
Statewatch. [Source]
Dr. Michael Zaroukian told the Australian National
Committee on Vital and Health Statistics subcommittee on Privacy and
Confidentiality that acceptance and use of the developing National Health
Information Network is dependent on “control of content and access by
individuals to clinical information.” Zaroukian also stressed that patients “should
be able to access their health and medical data conveniently, reliably and
affordably.” [Source] [Privacy, trust still the
biggest barriers to electronic record sharing]
On 1 March 2007 the Austrian Department of Health
enacted a highly controversial revision of the Narcotic Substances Act,
provoking an immediate outcry from both the medical and pharmaceutical associations
and privacy experts. The draft amendments have been heavily criticised as “the
ultimate worst case scenario from a medical point of view”. In order to receive
substitution therapy, under the new law, patients have to agree to have their
intimate personal data transmitted by their attending physician. Otherwise they
won’t receive their medication. In other words: if you require a substitute
drug, you lose your right to the legal requirement concerning your confidential
medical communication. This clearly constitutes an infringement of the European
Convention of Human Rights. [Source]
[Source]
[Source]
Scores of bills passed but a few died - including one
to block pharmacies from peddling doctors’ prescription information to data mining
firms - as Nevada lawmakers rushed Monday to meet a deadline for action on
measures. SB231, strongly opposed by pharmaceutical and medical data mining
companies, lost on a 9-12 vote in the state Senate. Republicans split on the
bill, sponsored by Sen. Joe Heck, R-Henderson, an emergency room doctor, while
most Democrats opposed the plan. [Source]
WW – Sex Lube Co’s Data Breach Exposes 250,000
Personal Records: Sexual
lubricant maker Astroglide is reported to have suffered a data breach recently,
and it sounds like a doozy. Personal information about more than a quarter
million people – including names, mailing addresses, and the specific variety
of lube they purchased – ended up on Google-accessible web pages. Some of the
data may have been accessible online for days, months, even years (some records
date back to 2003). And some of the data remains available through Google’s
cache even now, because Astroglide apparently failed to clean up the mess
properly. [Source]
[Coverage]
[Coverage]
US – U.S. Census Exposed Personal Data on Web Site: For more than a
decade, the U.S. Census Bureau posted on a public Web site the Social Security
numbers of 63,000 people who received financial aid. The apparent violation of
federal privacy law prompted concerns about identity theft. Government
officials removed the data from the Web site on April 13, the day they were
alerted to the breach by an Illinois farmer who discovered the numbers while
surfing the Internet. [Source]
US – Laptop Theft Exposes Personal Data on 160,000
Neiman Marcus Employees: A
computer containing personal information of current and former employees was
stolen from a third-party pension benefits plan consultant working for Neiman
Marcus. The retailer found out about the stolen computer on April 5, but
criminal investigators asked the company not to disclose the incident until
this week, according to a spokeswoman. [Source]
SEE ALSO: [13
People Indicted in New York City in $3 Million ID Theft Ring] and
especially: [“Data
Dysprotection”: Weekly Roundup of Horror Stories]
NZ – Dentist Posts Cash Reward for Stolen Patient
Records: The dental
records of 1000 Hamilton patients have vanished after a laptop storing the data
was stolen from a dentist’s locked car. Dr Ibrahim’s car was one of four
vehicles broken into while parked at Whitiora School during the Chiefs-Sharks
Super 14 game at Waikato Stadium on Saturday. A door was jemmied open, and the
thieves took Dr Ibrahim’s Sony Vaio laptop and back-up discs containing his patient
records and personal data. [Source]
See also: [junior
doctors’ details exposed online]
The U.S. government plans to establish a national
identity theft law enforcement centre and create a multi-year public education
campaign about the dangers of ID theft, as part of a series of recommendations
released by a task force this week. The President’s Identity Theft Task Force,
created in May 2006, also called for national data protection standards for
private companies that collect and sell personal information, as well as a
national law requiring companies to tell customers when their personal data has
been compromised. Federal agencies should stop the unnecessary use of SSNs, and
the federal government should step up its efforts to educate agencies about
data security best practices and regulations in place, the task force
recommended. U.S. Attorney General Alberto Gonzales, co-chair of the task
force, called ID theft a national security issue. The task force
recommendations target both private companies and federal agencies. [Source]
[Source]
Related Documents: [Combating
Identity Theft: A Strategic Plan, Final recommendations] [Volume II:
Supplemental Information] [Identity Theft
Task Force Website] Coverage: [ID Task
Force Ideas Receive Cool Reception] [Industry
group wants government data protection standard, too] [Retailers Express Concerns Over
Identity Theft Bill]
A forthcoming travel identification card geared toward
Americans who frequently cross U.S. borders into Mexico and Canada is drawing
renewed criticism. At a Monday workshop here, privacy advocates said they were
puzzled that come summertime, the U.S. Department of State, in consultation
with the Department of Homeland Security, still hopes to begin issuing
so-called “passport cards” embedded with RFID chips whose data can be skimmed
by readers up to at least 20 feet away. [Source]
The technology, which is similar to the passes read by highway tollbooths, is already
being used in other U.S. immigration documents and programs, but that doesn’t
make it any less troublesome, critics said at the first day of an FTC
identification workshop in Washington]
As information-gathering technology improves and
governments seek to bolster their capacity to identify individuals, questions
surrounding how to manage individual identity have mounted. CDT today officially
unveiled its draft Privacy Principles for Identity in the Digital Age, which
seek to address those issues in a way that takes into account privacy,
security, as well as the broader issues associated with identity. CDT Deputy
Director Ari Schwartz discussed the principles at the Federal Trade Commission
workshop “Proof
Positive: New Directions for ID Authentication.” [Privacy Principles
for Identity in the Digital Age (Draft) [PDF], March 27, 2007]
A final review has concluded that the SSNs of 38,700
recipients of Agriculture Department grants had been posted on a government web
site since 1996. Federal officials initially feared that as many as 150,000
Social Security numbers had been exposed by the security breach. The numbers
were promptly removed after it was reported to the government on April 13.
Federal officials said they were not aware of any identify thefts using the
posted numbers but are offering a year of free credit monitoring to affected
individuals. [Source]
WhiteHat Security has released the results of a
security report that found eight in 10 Web sites have flaws that hackers could
exploit to steal customer data. The company said that 30% of the sites it
regularly scans contain a flaw that would allow hackers to directly access the
company’s customer information database. [Source]
The state has 266 powers to draw upon when its agents
want to enter homes, according to a report from the Centre for
Policy Studies which says that an Englishman’s home is less his castle and
more “a right of way” for police, local government officials and other
bureaucrats. English law has traditionally regarded a citizen’s home as a
privileged space. In the 1950s just 10 new powers of entry were granted by
statute. In the 1980s and 1990s an extra 60 were added. Harry Snook, a
barrister and the author of the study, Crossing the Threshold, has drawn
together the full list of entry powers in the state’s possession. Force can be
used in most cases. Regular record of the use of entry powers are not always
kept. The research comes at a time of heightened concern over the lengthening
arm of the state, with ID cards around the corner and more sophisticated surveillance
equipment being used to watch people. The report says the disparate provisions
should be harmonised under a new Act. This should make clear that officials
should always seek permission to enter a home; a reasonable time for entry
should be specified; and state officials should always have to get a warrant
before they can force entry to a private home. [Source]
Plans by several EU members states to establish a
system for sharing police data have drawn criticism from the European Data
Protection Supervisor (EDPS) Peter Hustinx, who warns that the proposal, in its
current form, still lacks safeguards to ensure sufficient data protection for
the public. Under the system, known as the Treaty of Prum, participating
nations allow mutual and automatic access to databases containing DNA and
fingerprint records as well as car registration and other personal information.
While Hustinx is not opposed to the exchange of DNA and fingerprint data per
se, he is concerned about a lack of specific rules governing the use of an
E.U.-wide system for sharing personal information. Germany and Austria are
currently testing the police database exchange, with Belgium, France,
Luxemburg, the Netherlands and Spain to follow. In all, 15 E.U. member states
have so far agreed to join, including a few new members from Eastern Europe. [Source]
The National Association of Software and Service
Companies (Nasscom), which represents the Indian software industry, has set up
an independent Self Regulatory Organization (SRO) to inspire confidence in
India’s outsourcing industry. The SRO will award accreditation to deserving IT
companies. It will also provide training and education for its members. The new
chairman of the SRO, Shyamal Ghosh, said participation will be voluntary.
However, the SRO will provide “appropriate inducements” to firms that follow
the SRO’s statutory regulations, Ghosh said. [Source]
[Source]
Facing worries about its tracking Web surfers’ every
move, Google Inc. is now offering a feature to track Web surfers’ every move.
Its free Web History service is strictly voluntary — Google users can sign up
to have the Internet giant keep detailed records of every website they visit so
they can easily find them again later. The feature is similar to that offered
by Web browsers, except the data are stored on Google’s servers instead of
users’ computers and there’s no set time after which it is erased. Web History’s
quiet debut this week came as privacy advocates continued to raise alarms about
the prospect of Google combining its collection of information on individuals
with that of DoubleClick Inc. Google has agreed to acquire the New York-based
company, which distributes Web ads and tracks where the majority of people go
on the Internet, for $3.1 billion. Three consumer groups filed a complaint over
Google’s privacy practices with the Federal Trade Commission on Friday, asking
it to investigate before approving the DoubleClick deal. [Source]
[EPIC
Files Complaint at FTC to Block Google Acquisition of DoubleClick] [EPIC Complaint]
[Google to Face FTC
Privacy Complaint Over Doubleclick] See also: [Oops!
EPIC fails to renew domain just before launching big legal fight ] and [Google
To Retool Calendar Privacy Warning] [Google
Vows Changes In Online Privacy Protections] and [EU
Privacy Officials Inform Google of Data Privacy Concerns] [Privacy
bodies investigate Google’s data protection standards] [DoubleClick
issues statement on concerns raised with FTC]
“Privacy law that prevented Virginia Tech and mental
health officials from sharing information about Cho Seung-Hui that could have
prevented the university massacre ‘cries out’ for review, former Gov. Tom Ridge
said this week. Confidentiality laws prevent colleges from sharing information
-- from grades to medical history -- with parents or others without a student’s
permission. Privacy laws also might have contributed to Virginia Tech officials
being unaware that Cho had been ordered by a court to seek counseling when he
was released from a mental health facility in December 2005. ‘All I can say is,
parents that pay tuition to college can’t get access to their kids’ grades
unless they get a waiver,’ Ridge said in a phone interview. [Source]
See also: [Bill
would let colleges tell parents of problems]
Most people sitting in the passenger seat of a car
that has been stopped by a police officer do not feel free to open the door and
leave. Neither do most members of the Supreme Court, or so the justices’
comments indicated during an argument Monday on the constitutional rights of
passengers in that familiar but uncomfortable situation. The question of
whether a “reasonable” passenger would feel free to leave was significant
because that perception is a principal part of the court’s test for whether a “seizure”
has taken place within the meaning of the Fourth Amendment, which prohibits
unreasonable searches and seizures. If a reasonable person would not feel
constrained, then he or she has not been “seized” and has no basis for
complaining that the police have violated the Fourth Amendment. The converse is
also true: a person who reasonably feels detained by the police is entitled to
challenge the validity of the police action and perhaps to keep illegally
seized evidence out of court. [Source] [Source]
[Source]
The current generation of RFID technology is
vulnerable to eavesdropping, cloning and forging, according to an April security
trends report from security software vendor McAfee. The report warns that
as RFID technology becomes more pervasive, the risk for users increases
dramatically. The study notes that the technology is increasingly embedded in
clothing, food and health care products and that some companies are even embedding
RFID chips into the bodies of employees. Some states have already passed laws
to prohibit
forced implantation of the chips. The report found that the rapid spread of
RFID technology is making it very attractive to hackers, who can clone chips
and steal authentication information to gain access to a users’ personal
information. [Source]
See also [RFID Journal: McAfee
Recycles Old Privacy Fears and McAfee Report Hypes RFID
Threat].
The California Department of Motor Vehicles could not
issue driver’s licenses that used radio waves to transmit motorists’ personal
information if legislation approved Monday by the state Senate becomes law. The
bill would prohibit the DMV from using radio frequency identification technology,
commonly known as RFID, in driver’s licenses or identification cards before
Jan. 1, 2011. Sen. Joe Simitian, D-Palo Alto, called his legislation a “look
before you leap approach” that would give officials time to ensure that any
technology adopted by the DMV would not violate privacy rights. [Source]
A pending bill in New Hampshire would regulate the use
of RFID in consumer products and ban their use in government documents. The
bill would require retailers to label any products that contain RFID chips.
However, the measure would exempt cell phones, WiFi cards and GPS receivers.
The bill would prevent the implantation of the technology in humans. At least
17 other similar bills are pending in other states. [Source]
Research done by Datamonitor for McAfee reveals that
33% of the 1,400 IT professionals surveyed in the U.S. UK, France, Germany and
Australia agree that a major security breach could lead to their companies’
downfall. The survey indicates that while awareness of the dangers related to a
security breach are growing, so too is the problem. 60% of the respondents
indicated their companies had experienced a security breach in the past 12
months. [Source]
[Study:
IT Managers Spending 0.5 Percent Of Budgets On Data Security] See also [TJX
Faces New Class-Action Lawsuit] [UK
Arrests Over Wi-Fi ‘Piggy-Backing] [Companies
Say Security Breach Could Destroy Their Business] See also: [KPMG:
Data protection crisis imminent] AND ALSO: [New
McAfee product claims to prevent data leakage] [IBM:
Tapes with personal data lost]
U.S. government security experts told a congressional
oversight committee yesterday that federal computer networks are being targeted
on an unprecedented scale and recent high-profile compromises at two key
federal agencies are likely just the most visible symptoms of a government-wide
security epidemic. Officials from the Commerce and State departments appeared
before the House Homeland Security Committee’s cyber-security panel to explain
at least three separate instances where sensitive government electronic data
was compromised. [Source]
New York rights activists called on the city council this
week to regulate surveillance cameras to prevent intrusion into people’s
privacy and prevent an abuse of footage. Norman Siegel, a lawyer and former director
of the New York Civil Liberties Union, told a debate arranged by a group of
lawyers that laws were needed to limit how long video footage could be held and
to restrict distribution and access. Siegel, who estimated there were at least
10,000 cameras around New York City, said surveillance cameras should also be
registered with a government agency and people on the street should be informed
that they being filmed. [Source]
[Source]
The Transportation Security Administration has issued
a public request for information (RFI) about methods and technologies that
could be used to build a comprehensive airline passenger- and luggage-tracking
system, reports RFID Law Blog. A division of the US Department of Homeland
Security, the TSA indicated in the RFI that eligible technologies include RFID,
biometrics, smart cards, video surveillance, document scanners, and portals and
kiosks, among others. The goal of the system would be to allow the track and
trace of each passenger and his or her luggage at every point along a journey,
from reservation to the passenger’s exit at the destination airport. Not only
would the system track passengers and their luggage independently, it would
also offer the ability to identify travelers and associate them with the
location of their checked and carry-on luggage in real time. [Source] [Source]
[RFI]
[RFI]
See also: [TSA
to screen DIA passengers’ behaviour]
The American Teleservices Association has unveiled a
draft of self-regulatory standards setting forth the best practices for inbound
and outbound calls, state registration requirements, call monitoring
compliance, calls by charities, and privacy. One key standard would require
members to adhere to a “Teleservices Bill of Rights.” [Source]
See also: [Do-not-call
registry proposed for India]
Less than two weeks after being sworn in as
undersecretary of defense for intelligence, James R. Clapper Jr. is moving to
end the controversial Talon electronic data program, which collected and
circulated unverified reports about people and organizations that allegedly
threaten Defense Department facilities. Clapper, a former head of the Defense
Intelligence Agency and the National Geospatial-Intelligence Agency, “has
assessed the results of the Talon program and does not believe they merit
continuing the program as currently constituted, particularly in light of its
image in Congress and the media,” according to a statement released in his name
yesterday by a Pentagon spokesman. Talon, launched in 2003 with an eye toward
Sept. 11, 2001, came under public scrutiny in December 2005 with the disclosure
that it had collected data on anti-military protesters and peaceful
demonstrators. More recently, the American Civil Liberties Union released an
internal Pentagon report showing that, as of 18 months ago, Talon had about
13,000 entries, of which 2,821 involved reports on U.S. citizens. [Source]
[Source]
The House Subcommittee on Commerce Trade and Consumer
Protection has passed the Spy Act on a voice vote. The bill would require
distributors of “information collection programs,” as defined in the bill, to
notify consumers and obtain their express consent before installing their programs.
The bill now advances to the full committee. [Source] [Source]
[Spyware
legislation could curtail consumer choice: IAB tells Congress] [Commentary:
Spy Act Only Protects Vendors and Their DRM]
Legislators have approved a bill this week that would
help to protect Nebraskans from ID theft by limiting employer use of their
employees’ SSNs. The bill would prevent employers from using SSNs to access
Internet sites. Employers would be prohibited from sending the numbers by email
unless they were encrypted. The bill also would prohibit employers from using a
worker’s full SSN as an employee ID number, among other restrictions. [Source]
Efforts are under way to change North Carolina’s
adoption laws so that once adopted children reach adulthood, they would have
access to their original birth certificate containing their birth parents’
names. Roberta MacDonald of the N.C. Coalition for Adoption Reform said the
change is necessary to, among other things, give adults who have been adopted
the same rights that other adults have. Lee Allen, a spokesman for the National
Council for Adoption, disagreed. He said the legislation fails to take into consideration
the rights and privacy of birth mothers. [Source]
[Adoptees seek open
records]
New York Governor Eliot Spitzer today announced his
plans to submit legislation that will update New York’s laws pertaining to
reproductive rights and establish a fundamental, statutory right to privacy for
women in making personal reproductive decisions. The bill would enact the “Reproductive
Health and Privacy Protection Act” under the Public Health Law. Additionally,
it would amend or repeal various statutes to ensure that New York Law protects
a woman’s right to choose the course of her pregnancy, and the right of all New
Yorkers to use or refuse contraceptives. [Source]
A former Wal-Mart computer technician, who asserted
that company employees eavesdropped on board meetings and conducted clandestine
surveillance on shareholders, has reversed himself and denied both claims in
sworn testimony, the giant retailer said yesterday. Bruce D. Gabbard, who was
fired in March for taping telephone calls between Wal-Mart employees and a
reporter for The New York Times, had told The Wall Street Journal that he was
part of an elaborate operation that snooped on employees, stockholders and
company critics. [Source]
See also: [EU:
UK Employee’s privacy breached by employer’s monitoring]
--------