CA – Halifax Port Security to Scan Veins in Hands

The Port of Halifax will soon beef up its security by scanning the veins in employees’ hands before allowing them to enter through its gates. The port will use a new personal identification system known as vascular biometrics, and Colin Wright, of Identica Canada Corp. in Toronto, says it’s much safer than scanning people’s eyes. He said people can fool machines that examine the iris. “You get a picture of someone very close up and reproduce a picture of their eye, and reproduce it on a fake contact lens, and you become them,” Wright explained Thursday. Identica’s vascular pattern-recognition technology takes a picture of how the veins are laid out in the back of a person’s hand. [Source]

UK – Biometric Identity Data in UK Schools Targeted

Tighter controls on the use of biometric identification data in schools are being considered in Gloucestershire. An investigation by the county council found 29 schools, with a total of 8,400 pupils, used such systems, and another seven were considering the option. Restrictions will be brought in to protect parents’ rights as well as the privacy of children, the council said. The systems use fingerprints, retina and iris patterns, as well as voice waves, to recognise an individual. [Source]

UK – Britons ‘Back Biometric Database’

The majority of Britons are prepared to surrender their fingerprints and iris identities to a central government database in order to fight crime, a survey suggests. Research from personal ID advisors CPP found that 80% of the 3,000 UK adults questioned would rather swap chip-and-pin ID verification with biometric methods to boost the security of their everyday transactions. 7/10 said they supported rolling out the use of biometric data for anti-terrorism measures at Britain’s airports, but just 10% said they were willing to pay to make the improvement. “People are clearly aware of the need to tackle issues such as identity fraud and terrorism in the UK, and in principle, are behind biometrics or something that will solve these modern problems,” a CPP Identity Protection spokesperson said. “There are, however, concerns around how biometrics will work in the real world and some fundamental questions that need answering around issues of privacy, data protection, hygiene and cost.” [Source]

US – EFF: “Victory Against School Biometrics in Illinois”

A small-town mom from Earlville, Illinois (pop. 1,778) began a one-woman campaign to fight the use of biometrics in the schools — and won. In August of 2005, the public school in Earlville installed biometric equipment, allowing the school to track students by scanning their fingerprints. Use of the scans for school lunch was apparently mandatory. Ignoring ridicule from neighbors, the mother brought her concerns to the administration, the school board, the local paper, and then began lobbying the Illinois state legislature. Eventually, she managed to bring some national media attention to the issue. In February, 2007, SB 1702 was introduced by State Senator Kim Lightford, requiring school districts to have a policy before collecting any biometric information from students, prohibiting the sale or disclosure of biometric information, and requiring parental consent before any children are scanned. On August 1st, Governor Rod Blagojevich signed the bill into law. Meanwhile, the use of biometric technologies in schools around the country continues to spread. [Source] [Pippa King’s blog: Biometrics in Schools] [Leave Them Kids Alone]

CA – Ontario Privacy Commissioner Issues Cease Collection Order Against Ottawa

Ontario Information and Privacy Commissioner Ann Cavoukian – invoking for the first time a cease collection and destroy records provision in Ontario privacy laws – this week ordered the City of Ottawa and the Ottawa Police to stop collecting extensive personal information from individuals selling used goods to second-hand stores. She also ordered the destruction of all personal information already collected. “In my view,” said Commissioner Cavoukian, “the creation and maintenance of this database constitutes a grave infringement to the privacy rights of individuals. The police are not required to obtain a warrant or demonstrate any suspicion of wrongdoing, in order to access this database, while every individual who sells an item to a second-hand goods store may become subject to scrutiny by the police, even though it is clear that the vast majority are innocent, law-abiding citizens who have committed no offence. This matter cannot be taken lightly. The routine collection of personally identifiable information from those who have committed no offence goes beyond the constitutional compromise that permits intrusive action by the police in the context of criminal law investigations. In the interests of liberty, we must draw the line at the potential surveillance of law-abiding citizens by the state and firmly say ‘No’ to any unnecessary intrusions on our privacy. The Commissioner also said that her office will soon be publishing a set of Guidelines with respect to the regulation of used goods, in an effort to provide assistance to all municipalities and police services in the province. [Release] [Order MO-2225]

CA – New Alberta Program Fights Identity Theft

The Alberta government announced a new education program this week to help combat identity theft. Changing Faces is a training kit for business and community groups interested in providing information to Albertans on identity theft and its far-reaching consequences. Created by the provincial government and city police, the kit includes an 18-minute DVD that gives viewers a dramatic presentation of how identity theft happens and includes tips on how to be on guard for con artists. It also includes a “risk test” and a presenter’s guide. The Changing Faces kits are free. [Source] [Press Release] see also [Minnesota State accused of not doing enough in ID theft]

CA – Canadian Government Moving to Access Personal Info, Sparking Privacy Fears

Government agencies are moving to gain access to telephone and internet customers’ personal information without first getting a court order, according to a document obtained by CBCNews.ca that is raising privacy issues. Public Safety Canada and Industry Canada have begun a consultation on how law enforcement and national security agencies can gain lawful access to customers’ information. The information would include names, addresses, land and cellphone numbers, as well as additional mobile phone identification, such as a device serial number and a subscriber identity module (SIM) card number. The consultation also seeks input on access to e-mail addresses and IP addresses. The document says the objective of the consultation is to provide law enforcement and national security agencies with the ability to obtain the information while protecting the privacy of Canadians. The document says that under current processes, enforcement agencies have been experiencing difficulties in gaining the information from telecommunications service providers, some of which have been demanding a court-issued warrant before turning over the data. Privacy advocates, however, expressed displeasure over both the content and the process of the consultation. Michael Geist, chair of internet and e-commerce law at the University of Ottawa, said the process is not being conducted publicly as two previous consultations have been, in 2002 and in 2005. [Source][Michael Geist blog]

US – Minnesota Statewide Plan to Share Medical Files Launched

Minnesota’s largest health plans and hospital system unveiled a statewide online medical record “information exchange,” giving doctors and hospitals instant access to vital health information about new or unfamiliar patients. Under the new system, patients will have their medical histories with them even at clinics and hospitals out of their provider networks or far from home. The Minnesota Health Information Exchange is expected to be online next year and synchronize records of 3 million patients covered by the three private health plans or by state programs. A privacy advocate criticized the plan as compromising personal health information. Among the concerns of the Citizens Council on Health Care were whether the consent would be in writing or whether a verbal “OK” would give doctors and others indefinite access to patient records. Even if patients don’t want their information shared, the system still has to have some way of identifying them. “There’s just all sorts of problems when a person doesn’t really have consent and control, and they don’t really have an option to have their records offline.” [Source]

EU – US Gains New Advantages in the EU-USA PNR Agreement

Statewatch has revealed that very soon after the EU-USA agreement on PNR was signed on 28 June 2007, the US government announced some changes in its Privacy Act that give exemptions from responding to request for personal information held to DHS and ATS (Automated Targeting System). The US Government also sent a written request to the Council of EU to agree on keeping secret all the documents on the negotiations for at least 10 years. The declared purpose of the above-mentioned exemptions is for “national security, law enforcement, immigration and intelligence activities. The exemptions are related to the new “Arrival and Departure System” (ADIS) that the USA is to introduce and which is meant to authorize people to travel only after PNR and API (Advance Passenger Information) data has been checked and cleared by US agency watchlists. The Automated Targeting System, that is to be exempted as well, is a system of 6 modules of dealing with Passenger Name Record (PNR) data. [US changes the privacy rules to exemption access to personal data (4.09.2007)] [US demands 10 year ban on access to PNR documents (2.09.2007)] [Proposed Rules, Federal Register - DHS, 6 CFR Part 5, Privacy Act of 1974: Implementation of Exemptions (22.08.2007)] [Article 29 Data Protection Working Part - Opinion 5/2007 on the follow-up agreement between the European Union and the United States of America on the processing and transfer of passenger name record (PNR) data by air carriers to the United States Department of Homeland Security concluded in July 2007 (17.08.2007) ]

EU – ISP Claims Court Ruling Will Force it Into ‘Illegal’ Behaviour

A Belgian court ruling would force ISPs into conducting “invisible and illegal” checks on internet users’ actions, according to the managing director of Belgian ISP Scarlet. Scarlet was recently ordered by a Belgian court to block its users from engaging in illegal file-sharing. It has now lodged an appeal against that ruling. Scarlet says that it believes that complying with the court order would force it to break the law. It said that Belgian phone tap laws prohibit it from eavesdropping on subscriber data transfers. It also said that Belgian privacy laws prevented it from the proactive monitoring of people’s communications. Scarlet also said that e-commerce laws stipulated that such activity is only appropriate in certain specific circumstances, and not as a general approach that can be taken with all customers. [Source] See also: [Belgian ISP will appeal order to block file-sharing] [ISP told to block file-sharing in landmark case]

AU – Australia Credit Firms May Get More Customer Info

Australian banks, credit card companies and other lenders will see more of their customers’ personal information under a proposed overhaul of privacy laws. The Australian Law Reform Commission has recommended that credit providers be given greater access to information about customers so the amount of credit offered is appropriate to their ability to repay. Law Reform Commission president said: “If credit reporting agencies are able to gather a wider range of information, this may encourage improved lending practices and make it easier for some people on low incomes to obtain finance. Australia’s credit reporting agencies are limited to using only “negative” information, such as previous defaults, in assessing the risk of providing credit.” The commission recommends expanding the type of information that may be recorded on a credit file to include information about current credit accounts, the dates those accounts were opened and closed, and the credit limits of each. [Australia Credit Firms May Get More Customer Info]

UK – Information Commissioner Comments on Proposed DNA Database Expansion

The Information Commissioner, Richard Thomas, has commented on the issue of a national DNA database., saying: “Society needs to take a very long and very hard look at this issue before a universal database of everyone’s DNA is considered. I welcome a debate on the future of the database especially as there is unfairness with the current system and the issue has received little public debate to date. “However, to extend the database further has serious implications for people’s privacy in this country. “There are significant risks associated with creating a universal database: it would be highly intrusive, and the more information collected about us, the greater the risk of false matches and other mistakes. The potential for technical and human error leading to serious consequences cannot be under estimated. “There are also significant practicalities to address, such as keeping track of people, and keeping the records up to date and accurate. “A proper public debate is needed about whose DNA should be held, for how long and with what safeguards. [Source] Background [The U.K.’s “Big Brother” DNA Database] [Universal DNA Database: Like catnip for crooks; you are a suspect until proven innocent] [Plan to put everyone in DNA database hinges on human rights case]

EU – Europe to Rule on Whether Police Can Keep DNA of Innocent People

Police could lose the power to keep DNA samples taken from suspects who have been cleared of any wrongdoing, in a landmark case which is to be decided by the highest court in Europe. A ruling against the British Government could lead to the destruction of tens of thousands of DNA and fingerprint materials as well as deal a severe blow to any plans to create a universal genetic database. The challenge at the European Court of Human Rights is being brought by two UK subjects who were charged and cleared, and have no criminal records. The Court of Appeal ruled in 2002 that they cannot ask for their DNA and fingerprint evidence to be destroyed. One of the judges hearing the appeal was Sir Stephen Sedley, who this week called for a national database to include DNA samples taken from every British citizen and any foreign visitors to this country. European judges in Strasbourg believe the issue is so important that they have decided to fast-track the case to go before the grand chamber, where all the Strasbourg justices will sit to determine the matter. Said the barrister and civil liberties specialist for the plaintiffs: “We think this will be one of the most important human rights challenges the court has grappled with in recent years.” [Source]

US – Judge Voids FBI Tool Granted by Patriot Act

A federal judge this week struck down the parts of the recently revised USA Patriot Act that authorized the FBI to use informal secret demands called national security letters to compel companies to provide customer records. The law allowed the FBI not only to force communications companies, including telephone and Internet providers, to turn over the records without court authorization, but also to forbid the companies to tell the customers or anyone else what they had done. Under the law, enacted last year, the ability of the courts to review challenges to the ban on disclosures was quite limited. A Manhattan District Court Judge ruled that the measure violated the First Amendment and the separation of powers guarantee. Judge Marrero said he feared that the law could be the first step in a series of intrusions into the judiciary’s role that would be “the legislative equivalent of breaking and entering, with an ominous free pass to the hijacking of constitutional values.” According to a report from the Justice Department’s inspector general in March, the FBI issued about 143,000 requests through national security letters from 2003 to 2005. The report found that the bureau had often used the letters improperly and sometimes illegally. Judge Marrero used his strongest language and evocative historical analogies in criticizing the aspect of the new law that imposed restrictions on the courts’ ability to review the FBI’s determinations. “When the judiciary lowers its guard on the Constitution, it opens the door to far-reaching invasions of privacy,” Judge Marrero wrote, pointing to discredited Supreme Court decisions endorsing the internment of Japanese-Americans during World War II and racially segregated railroad cars in the 19th century. “The only thing left of the judiciary’s function for those Americans in that experience,” he wrote, “was a symbolic act: to sing a requiem and lower the flag on the Bill of Rights.” ACLU Lawyers, which represented the Internet company, said Judge Marrero had confirmed a bedrock principle. “A statute that allows the FBI to silence people without meaningful judicial oversight is unconstitutional.” [Source] [Judge Rules Feds Cannot Silence ISPs With Patriot Act] [Judge deals blow to Patriot Act] [Court Strikes Down Key Patriot Act Power Again] [Judge Rules Provisions of Patriot Act Unconstitutional]

US – Chertoff Lauds REAL ID as a Boon to Personal Privacy

Homeland Security Secretary Michael Chertoff submitted written testimony to the U.S. House of Representatives this week that touts the privacy benefits of a federally mandated, “machine-readable” ID card that states must issue to citizens, beginning in May 2008. Chertoff said the new driver’s licenses and other state-issued cards will strengthen personal privacy by offering protections against ID theft. Opponents of the federal mandate on the states have said the program will actually exacerbate ID theft because of privacy and security flaws in the plan. [Source] [Testimony]

WW – Microsoft Gets Patent for Automated Privacy Updates

Microsoft has received a patent for a system that automatically notifies users of its software when there is a change to their application’s privacy policies, according to documents released Tuesday by the federal patent office. The patented system automatically informs users if there is a change to the way in which Microsoft intends to use personal data embedded in the application, and then prompts them to consent to the change. It also prevents the application from accessing the user’s personal information or data unless the consent is given. Microsoft’s new patent also defines ways in which users’ individual privacy preferences can be associated with the applications they use, according to documents posted on the U.S. Patent and Trade Office’s Web site. The patent, for “Privacy Policy Change Notification,” additionally describes a way to automatically check and see if an application’s privacy policies have changed since it was last accessed by an individual user. While the system sounds like a convenience to the end user, some Microsoft watchers are worried the company could use it to browbeat customers into either accepting more relaxed privacy policies are having access to their online applications cut off. [Source] [USPTO Patent] [Slashdot] See also: [Microsoft Patents Uncrackable DRM] [US Patent No. 7,266,697]

US – License Plate Scanners Find Stolen Cars but Spark Concerns

An estimated 400 of the nation’s 18,000 police agencies own at least one license plate scanner, a $20,000 device that uses small infrared cameras mounted on the police car to scan license plates and match the numbers against databases of stolen vehicles and people wanted for crimes, and police officials expect them to become more common in coming years as their price falls. The readers let officers scan about 75 times more plates during an 8-hour shift than the old method: writing down numbers and running them past a dispatcher. For civil libertarians, however, the scanners raise troubling questions about whether the government will expand its use of the technology to track people’s private lives. “That’s a lesson in history: Whenever the government collects data, sooner or later they will misuse it,” said the legal director for the ACLU of Ohio. But as police were quick to point out, anyone can jot down license plate numbers on a street corner, and that’s what the scanners do, only more efficiently. “What privacy?” asked a spokesman for the Chicago Police Department, which uses a few of the scanners. “You’re driving on a public way. There is no privacy about driving a car on a public way.” [Source]

CA – Canadian Privacy Commissioner “Google Street Pics Could Be Illegal In Canada”

Canada’s privacy commissioner has raised concerns over the search engine’s new Street View web photo application. Jennifer Stoddart says many of the street-level images Google is making available on the Internet could break Canada’s privacy laws. Street View isn’t yet available in Canada but has been expanding in the U.S. since being launched in May. Stoddart has written to Google, and Calgary-based Immersive Media (which helped develop the imagery technology for Street View) asking both companies to respond to her concerns. “I am concerned that, if the Street View application were deployed in Canada, it might not comply with our federal privacy legislation … In particular, it does not appear to meet the basic requirements of knowledge, consent, and limited collection and use as set out in the legislation. Our Office considers images of individuals that are sufficiently clear to allow an individual to be identified to be personal information within the meaning of PIPEDA,” Stoddart writes. Street View does allow viewers to request their images be removed. However, by then, Stoddart says, it’s too late. [Source] [News Release] [Letter to Google]

WW – Facebook Dismisses Fears Over Privacy

Facebook has shrugged off the privacy concerns surrounding the social networking site, as it gave notice of its intention to target advertisements increasingly according to the data that its users plug into the site. The company’s chief revenue officer said that the site would be adding new advertising features in coming weeks in an effort to boosts sales. Facebook regards making adverts more personal a priority, he said. Asked about last week’s decision by Facebook to make basic details –including names and photographs– of its users accessible through search engines including Google, Chris Kelly, the company’s chief privacy officer, noted that information posted on alternative sites was already “completely discoverable”. Senior Facebook executives have consistently argued that the way people can manage personal data has changed fundamentally in the internet era – and that people can no longer hope to remain anonymous online, only to control how much is known about them by the web at large. Mr Kelly added: “We have always said that information [submitted by users] may be used to target adverts”. He added that Facebook feels confident that better-targeted advertising will be welcomed by its community. Mr Kelly said that Facebook saw no tension between the pressure to keep data private and commercial imperatives. The network is regarded as a potential goldmine to advertisers because it contains a host of data on its users, such as their birthdate, interests, events they plan to attend, holidays and musical tastes, as well as numerous photographs. [Source] [Facebook Parts Walled Garden, Triggers Privacy Concerns] [Does Facebook’s privacy policy stack up?] [How to hide on Facebook]

AU – Australian Law Reform Commission Issues Review of Australian Privacy Law

The Australian Law Reform Commission (ALRC) has released a blueprint for a sweeping overhaul of Australia's privacy laws. The Commission has drafted 301 proposals after staging the largest public consultation process in its history. These include abolishing the fee for silent telephone numbers, expanding the powers of the privacy commissioner, and introducing a new law enabling individuals to sue for invasion of privacy. After receiving more than 300 submissions and holding more than 170 meetings on Australia’s privacy regime, the ALRC is pushing for a “single set of privacy principles for information-handling across all sectors, and all levels of government.” The single set of privacy principles would make it easier and less expensive for organizations to comply, according to the ALRC. It also would allow people to better understand their rights. The recommendations also seek to require security breach notification of individuals when there is a “real risk of serious harm.” [Source] [PDF of paper][Australian Privacy Laws Outdated in Internet Age]

US – Lawmaker Questions Legality of Domestic Satellite Surveillance

The chairman of the House Committee on Homeland Security this week questioned the legal basis of a new Bush administration plan to expand domestic law enforcement agencies’ access to powerful satellite and aircraft sensor surveillance technology, contending that the administration has failed to build in adequate privacy safeguards for Americans. Rep. Bennie G. Thompson (D-Miss.) called DHS officials to testify on the spying program at a hearing this week after complaining that DHS officials failed to brief his committee or one in the Senate about the operation before it was disclosed by the news media last month. The program will be managed under a new DHS National Applications Office (NAO). “Despite my repeated requests that the Department take privacy and civil liberties seriously, the privacy officer and civil rights and civil liberties officer were not brought into the NAO development process until this spring – more than a year and a half after the NAO started coming together. This is unacceptable,” Thompson said in his opening statement. “Rigorous privacy and civil liberties protections must be ‘baked in’ from the beginning, and your department’s experts on these topics were shut out,” he charged. [Source] [‘Spy satellite’ plan draws fire on Capitol Hill] [Democrats want delay for Homeland Security satellite program] [Administration defends secret warrants, spy satellites]

US – Plan to Use RFID in U.S. Border Control Draws Fire

A U.S. government plan to use long-range RFID technology as part of a border-crossing security initiative is coming under intensified fire by an industry group. Beginning Jan. 31, 2008, a valid driver’s license won’t be enough for travelers to pass between the U.S. and Canada, Mexico, the Caribbean and Bermuda, under new DHS rules. A standard government passport will be required, or a birth certificate with driver’s license. But as an alternative, DHS is moving forward with a pilot program in Washington, Vermont and Arizona that has states adding long-range RFID technology to driver’s licenses. The idea is to have U.S. border guards with RFID readers quickly read a traveler’s RFID-enhanced driver’s license remotely and make a face check and watch for any posted security red flags pulled up by a database. But the RFID technology is coming under fire from some, including the industry group Smart Card Alliance, which says long-range RFID is a bad idea in terms of security and operational efficiency. “Long-range RFID is meant for tracking packages in a warehouse … So far, there is no security method in place to prevent anyone from re-programming their cards,” said an Alliance spokesperson of long-range RFID in enhanced driver’s licenses. “There’s no encryption or security. It’s designed to be used by anyone with access to an RFID reader at a distance of 20 feet. Anyone could track these RFID cards and get the number of the card.” In addition, the industry points out that since the U.S. government has adopted smart-card chip technology for new passports, the enhanced driver’s license based on RFID would fail to leverage the infrastructure now being put in place by DHS and the State Department to support the new ePassport. [Source] [Smart Card Alliance: Department of Homeland Security and State Pilots for Enhanced Driver’s Licenses: Concerns about Privacy, Security and Operational Impact of Technology Selection - Statement prepared by the Smart Card Alliance, August 2007] See also: [Industry group urges caution for RFID-enabled ID cards]

WW – RFID Chip Implants Linked to Cancer in Animals

Studies on animals discovered high incidents of tumours close to the sites of RFID chip implants. The findings from studies dating from the 1990s up to last year suggesting implanted chips “induced” malignant tumors in some lab mice and rats are by no means conclusive, but raise serious question marks about the FDA’s decision to approve the implantation of RFID chips, a decision that gave the go-ahead to controversial human chipping firm VeriChip in 2005. The studies have reignited the debate about the technology. Cancer specialists who reviewed the research for AP backed a call for further research before RFID transponders become widely used. Some said they would oppose plans by any family members to receive implants. Almost 2,000 glass-encased RFID transponders have been implanted in humans worldwide, according to figures from VeriChip. The firm maintains that its technology is safe. Nonetheless critics have been quick to seize on the research as a reason for would-be punters to avoid implanted RFID chips like the plague. Dr. Katherine Albrecht said that “this kind of negative publicity spells the beginning of the end for VeriChip and their plans to chip us all like barcoded packages of meat”. [Source] [Report] [Reports Link RFID Implants to Cancer, Critics Are Skeptical] [VeriChip shares take tumble] [NYT: A Debate We Don’t Need: Do RFID Chips in Humans Cause Cancer?]

WW – Survey: CIOs Are Worried About Mobile Security

Mformation Technologies, an Edison, N.J., mobile technology security vendor, has sponsored a survey of 200 CIOs and telecommunications directors at large companies in the U.S. and Europe. The survey found that 55% of the CIOs say that technical product, sales and customer data are accessible on their organization’s mobile devices. 86% of the U.S. CIOs say that tackling data security issues related to mobile devices are among the most pressing issues they face in the next few years. The results are consistent InformationWeek Research’s 10th annual Global Information Security Survey 2007, published earlier this year. [Source]

US – New NYC Cameras Will Watch Every Move in Financial District

Beginning next September, virtually every car, truck and human moving through Manhattan’s Financial District will be eyed by a network of closed-circuit cameras programmed to search for suspicious activity, in one of the most ambitious security initiatives in the world, modeled on London’s “Ring of Steel.” The Lower Manhattan Security Initiative, as the plan is called, will eventually include 3,000 private and public cameras trained on the area and relaying images in real time to a new command center; more than 100 license plate readers at bridges and tunnels and throughout the financial district. But civil liberties advocates question its impact on privacy and its worth as a terrorism prevention tool. Even some security experts believe its value as a deterrent is oversold. Also under consideration is an option to match faces captured on camera with images stored in a database –a prospect particularly worrisome to privacy advocates. “The concern is that ... police will start keeping tabs on everyone –regardless of whether they’re suspected of wrongdoing,” said the New York Civil Liberties Union. The NY Deputy Commissioner countered that the courts have found no expectation of privacy on public streets, and the police do not plan to keep pictures on file. The plan has generated little public discussion thus far, although civil liberties advocates say it marks a dramatic increase in surveillance, and involves little oversight. [Source] [Source] [Source] See also: [Good video cameras prevent crime: Ottawa chief]

NZ – Mandatory Screening of Every New Zealand Infant’s Home Life Proposed

The New Zealand Children’s Commissioner is proposing mandatory screening of every baby’s home life in a bid to halve New Zealand’s high child murder rate. Cindy Kiro wants every newborn baby’s parents or caregivers to nominate an authorized provider to assess their family’s progress through home visits. Those who refused to take part would be referred to welfare authorities. Dr Kiro told the Dominion Post the scheme would cost about $5 million a year. Professional assessments suggested it could save five children a year in the first five years. She did not know of any similar schemes internationally. “We can lead the world in it.” The system is dependent on the establishment of a database tracking the development of every New Zealand child - a move which has been resisted by civil liberties groups. [Source] [Child home-screening plan ‘insult’]

US – F.B.I. Data Mining Reached Beyond Initial Targets

The FBI cast a much wider net in its terrorism investigations than it has previously acknowledged by relying on telecommunications companies to analyze phone-call patterns of the associates of Americans who had come under suspicion, according to newly obtained bureau records. The documents indicate that the FBI used secret demands for records to obtain data not only on individuals it saw as targets but also details on their “community of interest” — the network of people that the target was in contact with. The bureau stopped the practice early this year in part because of broader questions raised about its aggressive use of the records demands, which are known as national security letters, officials said. The community of interest data sought by the FBI is central to a data-mining technique intelligence officials call link analysis. Typically, community of interest data might include an analysis of which people the targets called most frequently, how long they generally talked and at what times of day, sudden fluctuations in activity, geographic regions that were called, and other data. [Source]

US – GAO Finds Gaps in DHS Visitor Tracking Program

Despite “ample opportunity,” the DHS has failed to meet some congressional requirements and recommendations for a multibillion dollar system to track visitor entries and exits, according to a new report from the GAO. The report (GAO-07-1065) stated that though DHS met some of the legislative mandates for the US Visitor and Immigrant Status Indicator Technology program, others in the department’s fiscal 2007 spending bill went unfulfilled. Officials in charge of US VISIT also have fallen short on implementing recommendations in previous GAO reports aimed at establishing program oversight capability. The congressional requirements “need to be addressed quickly and completely,” wrote Randolph Hite, GAO’s director of information technology architecture and systems issues, in the report. He added that it is unclear why DHS has yet to fulfill them. [Source] (GAO-07-1065) [GAO: US-VISIT management out of whack]

US – 700,000 Name Terror Watch List Still Riddled With False Information

The U.S. centralized terrorist watch list that is used to screen 270 million individuals every month now contains more than 700,000 entries, but remains marred by duplication, erroneous information, incorrect tracking codes and poor coordination between the watch list and the agencies that use the list, according to an audit released last week by the Justice Department’s inspector general. The auditors looked at 105 records that Terrorist Screening Center employees had given routine quality assurance reviews’ and found that 38% still contained inaccuracies. Additionally, the audit showed that due to data sync issues, the data provided to some agencies did not include all of the records in the database. When complaints about the watch list filtered through government agencies to the TSC, 45% of the watch list records related to complaints required modification or deletion from the watch list. Inspector General Glenn Fine’s report enumerated the risks of a faulty watch list: “Deficiencies in the accuracy of watchlist data increase the possibility that reliable information will not be available to frontline screening agents, which could prevent them from successfully identifying a known or suspected terrorist during an encounter or place their safety at greater risk by providing inappropriate handling instructions for a suspected terrorist. Furthermore, inaccurate, incomplete, and obsolete watchlist information increases the chances of innocent persons being stopped or detained during an encounter because of being misidentified as a watchlist identity.” [Source]: [Inspector General report]

US – California Data Protection Bill Moves Forward

The California Senate has passed a bill to protect consumer data. The bill, AB 779, Consumer Data Protection Act, would provide notice to consumers, telling them which retailers lost their credit or debit card information, and when the information was lost. It would require retailers responsible for data breaches to assume all costs of consumer notification and card replacement. It also would require retailers to follow key provisions of the payment card industry data security standards to ensure proper retention and protection of credit and debit card information. Consumer groups support the bill, but the California Retailers Association opposes it. The latter group took out a political ad, with support from the California Bankers Association, claiming that credit unions are exempt from the data security provisions. [Source] [Full text of the bill is available online through the California Legislature’s Web site]

US – Massachusetts State Eases Access to Adoption Records

Gov. Deval L. Patrick this week signed a bill that allows adopted people access to their birth certificates without going to court, making it easier to learn identities of biological parents. Under the new law, people already born who are adopted in the future and those born on or after Jan. 1, 2008, will be able to obtain a copy of their birth certificates from the state after they turn 18. And adoptive parents may get a birth certificate for a child born in Massachusetts after Jan. 1, 2008. In addition, adopted people who were born on or before July 17, 1974, also may obtain their birth certificates. [Source]

US – Lawmakers Slam Background Checks for Federal Employees

U.S. lawmakers are slamming new rules requiring background checks for federal employees, which have provoked a lawsuit from NASA scientists. Last week 28 senior researchers at NASA’s Jet Propulsion Laboratory – none of whom does work requiring a security clearance – filed a lawsuit, claiming waivers they were required to sign to get new, secure IDs, violated their constitutional rights. Under President Bush’s 2004 Homeland Security Presidential Directive 12, all federal departments and agencies have to issue new secure IDs to their employees and contractors that will grant them access to U.S. government buildings and computer networks. But as part of the issuance process for the new “smart” cards, employees are required to sign a broad waiver allowing investigators to look at their employment, financial and medical histories, and to question friends and colleagues about their psychological health, political background and sexual proclivities. The new requirements apply even to those employees who have no access to classified information and who do not require a security clearance. The lawsuit says the 2004 presidential directive was supposed to be only about establishing common ID standards across the federal government and “contemplates no additional background investigation or suitability determination beyond that already required by law.” Schiff said that privacy interests and the need for a free flow of information to assist scientific inquiry had to be balanced “against legitimate security needs.” “I am not satisfied that it has been done here. The broad privacy waivers that are being required of scientists working on non-sensitive matters must be re-examined and if not justified, must be reined back.” [Source]

UK – UK Council Employees Asked to Reveal Sexual Orientation

A London Council has requested that employees disclose their sexual orientation in a confidential survey. According to reports, all council staff were sent a form in which they are asked to disclose if they are bisexual, a gay man, gay woman (lesbian), heterosexual (straight), ‘other’ or ‘prefer not to say’. The letter asks for a reply in a pre-paid envelope. The town hall’s human resources unit says it is gathering information on the sexual orientation of all staff for monitoring purposes so it can ensure it is fulfilling commitments on equal opportunities and diversities. [Source]