CA – Inadequate Security Safeguards Led to TJX Breach, Commissioners Say

An investigation by the Privacy Commissioners of Canada and Alberta has found that the risk of a breach of sensitive personal information held by TJX, the US parent company of Winners and HomeSense stores in Canada, was foreseeable, but the company failed to put in place adequate security safeguards. “The company collected too much personal information, kept it too long and relied on weak encryption technology to protect it – putting the privacy of millions of its customers at risk,” said Privacy Commissioner of Canada Jennifer Stoddart, adding that “The TJX breach is a dramatic example of how keeping large amounts of sensitive information – particularly information that is not required for business purposes – for a long time can be a serious liability.” Frank Work, the Information and Privacy Commissioner of Alberta, said: “This case is a wake-up call for all retailers. They must collect only the personal information necessary for a transaction.” [Source] [Report] [Source]

CA – Identity, Privacy and Security Initiative (IPSI) Launched

A new university program has been launched to address the need for a more holistic approach to privacy, identity and security management. The Identity, Privacy and Security Initiative (IPSI) was created by the University of Toronto to develop new approaches to security that maintain privacy, freedom and safety of the user and the broader community. As a result of the initiative, the U. of T. has launched two new interdisciplinary masters level programs leading to either a Masters of Professional Engineering (M.Eng), or a Masters of Information Studies with concentration on security (MISt). In a release from Ontario’s Information and Privacy Commissioner, Ann Cavoukian said that “In essence, the IPSI program will not only educate future generations on how to build privacy into technology, but it will also hopefully develop a culture of privacy - a way of thinking that is committed to better information management and the protection of privacy.” For further information visit www.ipsi.utoronto.ca [Source] See also: [The Privacy Prognosis: Protect it like Fort Knox] [IPC website: more info]

CA – New Brunswick. Privacy Laws ‘Hopelessly Outdated’: Report

New Brunswick’s access-to-information and privacy laws are “hopelessly outdated,” and an overhaul is needed, according to a new report. The report, headed by Donald Savoie, Canada research chair in public administration and governance at the University of Moncton, says the laws are too complicated. It says there should be a single statute combining the Protection of Personal Information Act with the Right to Information Act. In an unusual move, the report was made available to the public at the same time it was handed in to the government. The authors said it was completed for about $19,000, more than $130,000 under budget. The 43 recommendations aim to promote a more “open and transparent” democratic system in the province. [Source] [Final Report]

CA – British Columbia to Test Digital ID Card

British Columbia will test a virtual ID “card” that enables citizens to connect with the government’s online services more safely and easily, a top technology official said. The government plans to begin tests on an “information card” early in the new year. The cards are in the early stages, and “there’s going to be some challenges,” Bailey said. An information card is not a card at all: it’s more like a document delivered to users’ computers which they can then use to access government websites. It’s meant to replace the current method of access, which involves logging on to a site with a name and password, and has a digital signature that can’t be changed or reproduced. Among other attributes, using an information card means:

· The government won’t know which sites the user visits.

· The user is in control of shared information.

· The cards won’t have to reveal users’ birthdates or addresses, or a student’s school.

Instead, it could simply confirm the user is over 19, a B.C. resident or a student. He compared using the card to using a driver’s licence for identification since, in both cases, the government does not know what the citizen is doing. [Source] See also: [NZ joint winner of global online identity award]

AU – One Privacy Breach a Day at CentreLink

Australia’s CentreLink says its staff breached privacy regulations 367 times in the past financial year, but only two employees were sacked. The federal welfare support agency’s checks also identified 289 conflict of interest cases. Of the proven privacy and code of conduct breaches, 24 employees resigned and two had their employment terminated. Another 296 employees received a written warning, 13 were reprimanded and 44 were fined or had their salary reduced. [Source]

CA – Ontario Couple Receives Eight Election Forms

An Ontario couple received multiple notice-of-registration cards in the mail this week, in advance of the Oct. 10 provincial election and referendum. “I got four of them addressed to me, and my wife got four addressed to her. This is a waste of taxpayers’ money.” The double-sided forms confirm a resident’s inclusion on the official voters’ list, and point them to the appropriate polling station. Peter received four of the cards, and so did his wife. “There are only three of us here, and (our 8-month-old son) can’t vote,” the couple added. While the names and addresses are identical, the several-digit number accompanying the bar code on each form differs, he noted. “I wondered if the computer was spitting out four of the same (forms), but it’s obviously not,” he added. [Source]

WW – International Privacy Experts Meet In Montreal

The world’s top privacy experts met in Montreal this week to explore emerging new threats to privacy. The Office of the Privacy Commissioner of Canada hosted the 29th International Conference of Data Protection and Privacy Commissioners, the key international privacy event each year, from September 25th to 28th. Workshops addressed privacy in the context of public safety, globalization, Radio Frequency Identification, children and the Internet, location-based tracking, data mining, Internet crime and many other topics. Leading international experts on all of these topics attended the conference. Speakers include US Homeland Security Secretary Michael Chertoff, who gave a keynote address on privacy and public security; Google global privacy counsel Peter Fleischer; author and privacy and security expert Bruce Schneier, prominent consumer privacy advocate Katherine Albrecht as well as global privacy campaigners such as Simon Davies of Privacy International. [Source]

EU – Hustinx Condemns Weakening of EU Data Protection

Europe’s Data Protection Supervisor, Peter Hustinx, says the EU is weakening planned privacy protection in order to secure agreement for the Data Protection Framework Decision (DPFD), a proposed basis for police data sharing across Europe. He says the agreement threatens to reduce privacy protection in Europe. Hustinx has three times raised serious objections to the way negotiations over the DPFD have progressed. He also previously called for a proportionality of response to data, so that a suspect’s data would be treated differently to that of a witness or a convicted person. He has now raised another serious concern, which is that the negotiations have produced a compromise by which protection will only be extended to data coming from another country. [Source]

US – Verizon Rejects Abortion Rights Group’s Text Messages

Saying it had the right to block “controversial or unsavory” text messages, Verizon Wireless has rejected a request from Naral Pro-Choice America, the abortion rights group, to make Verizon’s mobile network available for a text-message program. The other leading wireless carriers have accepted the program, which allows people to sign up for text messages from Naral by sending a message to a five-digit number known as a short code. [Source]

US – Trans Union, Equifax Reverse Policy, Offer Consumers Credit Freeze in 50 States

In a surprise reversal and a major win for consumers, the Trans Union credit bureau announced that it would offer consumers the ability to “freeze” their credit files in all 50 states in order to protect themselves against identity theft and fraud. The service will be available in the 11 states that do not already have credit-freeze laws, costing consumers $10 to set the freeze and $10 to unlock it, and will “meet or exceed the requirements” of states with existing freeze laws. The freeze service will be free to victims of identity theft, and is scheduled to roll out Oct. 15. Consumer advocates hailed Trans Union’s decision and urged the remaining bureaus to follow suit. Equifax followed suit, announcing this week that it too would offer credit freezes for customers in all 50 states, and would roll out its own plan sometime in October. Experian remains undecided. Credit freezes and associated protection plans represent a potentially lucrative new revenue stream for the bureaus to make use of. But as Consumers Union’s Hillebrand notes, if the bureaus have the technical means to enable instant locking and unlocking of credit, they should not be charging high fees to use a service that can be turned on and off in minutes. “TransUnion and the rest of the credit bureaus should follow the lead of the states with the best security freeze laws and provide this protection to all consumers for no more than $5,” Hillebrand said. “All three credit bureaus should make it fast, affordable, and easy for consumers nationwide to take advantage of this important identity theft safeguard.” [Source] [TransUnion press release]

CA – Taxman Goes Browsing on eBay for Tax Avoiders

The Canada Revenue Agency has won a Federal Court order requiring eBay Canada to turn over the names, addresses, phone numbers and e-mail addresses of all high-volume sellers on the popular website. The CRA wants to find out whether those individuals or companies are reporting the income they made from online sales in 2004 and 2005. According to their affidavit, the CRA is seeking to verify compliance with the obligations and duties under the Income Tax Act of certain Canadian taxpayers selling goods in an online marketplace. [Source]

CA – Public Data Being Withheld: Freedom of Information Study

When journalists from across Canada asked government officials for 85 public records ranging from court documents to local water quality reports to federal food safety warnings, the answer was “no” nearly half the time. Even after filing formal written requests under information laws, journalists were still unable to pry basic public records from government filing cabinets in 40% of cases. Findings from the third annual National Freedom of Information Audit illustrate how government secrecy undermines the public’s right to know, says Anne Kothawala, president of the Canadian Newspaper Association, which conducted the audit. “Year after year, newspapers show through this exercise that many Canadian governments have a flawed understanding of the importance of transparency to the democratic system. But transparency is exactly what underpins the accountability principle at the heart of it all. “You can’t have one without the other.” Over a period of two months, more than 40 journalists visited provincial court offices, federal government departments and city halls documenting how public servants respond to requests for public information. [Source] [3rd Annual Audit] [Great Wall Of Secrecy] [Commissioner Ann Cavoukian sending out four teams for Right to Know Blitz Day, Sept. 28]

CA – Freedom of Information Flow Easier on American Side of Canada-U.S. Border

Canada and the United States share a commitment to freedom, but, when filing freedom of information requests, fact-seekers generally find an easier flow on the U.S. side of the border. If the U.S. system bogs down, however - as it often does if the question even remotely touches on national security - then be prepared to pay some fat legal fees, with no guarantee of success. Yet on both sides of the border, sensitive FOI requests can and do languish for years. Also shared in the post-9/11 age, critics say, is a growing sense among access-seekers that, at high levels of government, secrecy rather than forthrightness is the norm. [Source]

NZ – Worrying Secrecy Exposed In New Zealand Govt Agencies

National Party State Services spokesman Gerry Brownlee says the Office of the Ombudsmen has exposed a worrying trend in government agency secrecy that needs to be remedied. “Government agencies can’t pick and choose when they should follow the law. The proper release of public information is a vital cog in our democracy.” Mr Brownlee is commenting on the release of the Office of the Ombudsmen’s Annual Report which has been tabled in Parliament. The report has slammed government agencies for claiming that information is so sensitive that the Official Information Act should not apply. Mr Brownlee says any Government committed to openness and transparency would take the Ombudsmen’s views seriously. “This has potentially far-reaching consequences. [Source] [Ombudsman 2007 Annual Report] See also: [Cayman Islands, Long A Privacy Haunt, Celebrates ASNE-Inspired ‘Sunshine Week’]

CA – P.E.I. Information Requests Way Down

The number of access-to-information requests in P.E.I. has dropped significantly since the province’s freedom-of-information legislation first came into effect in 2003. Karen Rose, the provincial freedom-of-information and privacy commissioner, said this week that in 2003, the number of requests to government bodies was 161. That dropped to 59 last year. “We expected a lot of requests for the first couple of years simply because the legislation was new. We did expect a levelling out at some point,” Rose said. But Rose isn’t convinced that’s the only factor at play. She said she believes some government bodies are more likely to simply hand over information now, rather than force people to go through a formal process. [Source]

EU – France Plans to Screen Visa-Seekers’ DNA

The French National Assembly last week approved a controversial proposal authorizing the use of DNA testing to determine whether foreigners applying for visas are actually related to family members they seek to join in France. The plan, part of President Nicolas Sarkozy’s efforts to make it tougher for foreigners from Middle Eastern and African countries to immigrate to France, prompted outrage from human rights groups, opposition politicians and some members of the president’s cabinet. [Source] See also: [Gene information opens new frontier in privacy debate]

US – Drug Info Firms Target Vermont Prescriber Data Laws

Doctors do not have a privacy right to their prescription-writing habits, data-collection firms say as they sue in Vermont and Maine. After landing a first-round federal court victory against a 2006 New Hampshire prescriber privacy law, data-gathering firms are targeting similar laws set to take effect next year in Maine and Vermont. Legislators in those two states, wary of a similar legal upset, shied away from a New Hampshire-style ban on any marketing use of prescriber data. Instead, they crafted legislation allowing physicians and other prescribers to choose whether drugmakers can access their prescription data. In Maine, doctors could opt out of data sharing; in Vermont, they could opt in. But prescription-data-collection firms IMS Health Inc., Verispan LLC and Source Healthcare Analytics Inc. filed federal lawsuits in late August challenging the new laws. The complaints argue that they violate the U.S. Constitution’s First and 14th Amendments as well as the Commerce Clause. “The problem with the Maine and Vermont laws is that they create an entirely new and unprecedented privacy right for physicians in their professional conduct,” an IMS spokesman said. The U.S. District Court of New Hampshire ruled last spring that the state’s prescriber privacy law infringes on constitutionally protected commercial speech rights. The court also concluded that physicians do not have a privacy right in their prescribing habits. In August, New Hampshire Attorney General appealed the decision to the 1st U.S. Circuit Court of Appeals. A ruling is not expected before next year. The state medical societies in New Hampshire, Vermont and Maine backed their states’ prescriber privacy legislation. [Source] See also: [Physician Prescribing Data Information Center] [AMA website][AMA Physician Data Restriction Program]. [AMA Therapeutic Insights].

US – Mortgage Data on 5,200 Customers Exposed through Filesharing Network

Personally identifiable information of more than 5,200 ABN Amro Mortgage customers was leaked to the Internet. A former ABN employee had BearShare filesharing software installed on her computer, which allowed the leak of the ABN spreadsheets as well as some of her own personal information. The leaked data include SSNs. The company is investigating. There is legitimate concern that the information could be used to commit identity fraud; a man was recently arrested in Washington state for misusing information he obtained through filesharing networks. [Source] [Source] [Source] [Source]

US – University of Michigan Suffers Another Data Security Breach

For the third time in one year, the University of Michigan has suffered a data theft. Several weeks ago, backup tapes containing personally identifiable patient information were stolen from the School of Nursing. The compromised data include names, addresses and SSNs. More than 8,000 individuals have been affected by this incident. The university has notified those affected by the theft. The other two incidents of compromised data involved direct cyber attacks; this was the first instance in which storage media were stolen. [Source] [Source]

US – “Security Measures Enhance Privacy”, Chertoff Says at Montreal Conference

Secure identification and sharing international passenger lists boost security with the added bonus of protecting privacy, U.S. Homeland Security Secretary Michael Chertoff told skeptical privacy watchdogs this week. Chertoff said new ID cards with chips and other tough-to-copy features prevent identification theft from innocent people. Chertoff added that passenger lists and other shared intelligence on the 80 million people who fly into the U.S. every year allow security officials to drastically narrow down their targets for arrival screening. “I think by focusing on people who are the higher risk, we are net increasing privacy for the vast majority of innocent travellers,” Chertoff said. Chertoff’s contentious speech to open the conference was met with skepticism and outright hostility. [Source] [Security czar says freedom comes at a cost] [U.S. Homeland security chief says personal information needed on travellers]

US – Supreme Court to Hear Case on Indiana Voter ID Law

With the 2008 presidential and Congressional elections on the horizon, the Supreme Court agreed to consider whether voter-identification laws unfairly keep poor people and members of minority groups from going to the polls. The justices will hear arguments from an Indiana case, in which a federal district judge and a panel of the U.S. Court of Appeals in January upheld a state law requiring, with certain exceptions, that someone wanting to vote in person in a primary or general election present a government-issued photo identification. Before the law was enacted in 2005, an Indiana voter was required only to sign a book at the polling place, where a photocopy of the voter’s signature was kept on file. Voter-identification requirements have divided Democrats and Republicans, and the courts, for years. In general, Republicans argue that identification laws reduce voter fraud, while Democrats oppose them on grounds that they lower the turnout among people who tend to vote Democratic. [NYT Source] [NYT: Fear but Few Facts in Debate on Voter I.D.’s]

WW – Google to Create Canadian Version of Street View

The man in charge of Google’s privacy policy says the Internet giant is working on a version of its controversial Street View service that won’t breach Canadian privacy rules, after federal privacy commissioner Jennifer Stoddart raised concerns about the service earlier this month. Peter Fleischer, Google’s global privacy counsel, said in an interview from Montreal on Monday the company understands Canada has “struck a different balance” than the U.S. has in terms of what is public and what is private, and that Google is sensitive to those differences. [Source] [Privacy commissioner hopeful about Google proposal to blur Street View] [Why Google Street View May Violate Privacy Law] [Letter to Google] [PrivCom press release]

WW – Google Says Global Privacy Rules Needed Within Five Years

National regulators need to agree on a basic set of global privacy protections for the Internet within the next five years, a senior official with web searcher Google said this week. Peter Fleischer, the firm’s global privacy counsel, said three quarters of countries had no Internet privacy standards at a time when the amount of sensitive personal and financial data on the Web was soaring. [Source] See also: [$5 billion suit against Google over privacy, terrorism][Statement of Claim] See also: [Ordinary citizens part of ‘surveillance society’: Stoddart]

US – U.S. Agent Indicted for Using Homeland Security Database to Stalk Girlfriend

A special agent with the Department of Commerce has been charged with unlawfully accessing a database within the Department of Homeland Security to stalk his former girlfriend and her family. Benjamin Robinson was indicted by a federal grand jury last week in connection with allegations that he accessed a government database known as the Treasury Enforcement Communications System (TECS) at least 163 times to track a woman’s travel patterns. He is being charged with making a false statement to a government agency, and unlawfully obtaining information from a protected computer. Robinson faces a maximum of 10 years in prison and a fine of $500,000. “Those of us who are sworn to public service must continually strive to uphold the highest standards of professional conduct,” said U.S. Attorney Scott N. Schools, in a statement. “Federal officers who violate the public trust by abusing their official positions to pursue a private vendetta must be held accountable for those actions.” [Source]

WW – MySpace Has Data-Mining Plans

Social networking site MySpace has launched an initiative to capture personal information from the profile pages and blogs of its 110 million active users, and then use that to target ads. This news was announced to investors on September 18 during the quarterly investor conference. According to the spokesman the company has not issued a statement about this news to press and would not comment further. This has not stopped others in the industry from speculating on what this change could mean for MySpace and online advertising at large. MySpace may be able to almost double its revenue, from $40 million a month to $70 million a month, thanks to the data mining solution. “We’ve moved from the ‘build it and they will come’ stage to the ‘they are here, let’s understand what they like and deliver it while making money’ stage,” he said. There is a tremendous amount of insight from the collective user data on social networking sites, such as MySpace. The information users post about themselves, their likes and dislikes and how and where they spend their time and money, can all be mined and used for improved targeting. [Source]

UK – Social Networking 6-In-10 Users Protect Their Identity by Giving False Information

Nearly two thirds (62%) of networking sites users say they are worried about the safety of their personal data held on these sites, reveals a survey. The concern is so high that almost one third of users (31%) have already entered false information about themselves to protect their identity. One UK Security consultant commented that “as we become citizens of cyberspace and with social networking sites making details of members visible through public search engines, we need to learn how to use privacy settings in better ways and use computers safely.” Users of social networking sites visit these sites on a regular basis and almost half of them (48%) admit using these websites at work. Nearly one in four (24%) users log in every day with half of them logging in several times a day. Up to 45% of users log in at least once a week. [Source]

SA – South Africa Preparing First Privacy Law

A new law designed to regulate how businesses can use and handle personal information currently is being considered in South Africa. The South African Law Commission recently issued a discussion paper on privacy and data protection. The next step will be the drafting of a bill. According to this Business Day article, Saret van Loggerenberg, senior manager in advisory services at KPMG, said that South Africa is behind other countries in passing information privacy laws, and that the “possible development of information privacy legislation for SA is in line with international trends.” [Source]

US – Judge Rules Two Provisions of Patriot Act Unconstitutional

A federal judge ruled this week that two provisions of the USA Patriot Act are unconstitutional because they allow search warrants to be issued without a showing of probable cause. U.S. District Judge Ann Aiken ruled that the Foreign Intelligence Surveillance Act, as amended by the Patriot Act, “now permits the executive branch of government to conduct surveillance and searches of American citizens without satisfying the probable cause requirements of the Fourth Amendment.” [Source]

US – Idaho Pulls Out of REAL ID, Alaska DMV Sued

Idaho became the second state to reject the REAL ID Act, a 2005 measure that creates a de facto national identification card by requiring states to issue standardized licenses and share citizen information. Idaho, like Maine, rejected the mandate, citing privacy issues, states rights and the lack of federal reimbursement. Proposed rules for how states must comply or else have their citizens stopped from flying or entering federal courthouses were issued last week. But not all states hate the idea. In other news, the Identity Project has helped file suit against Alaska’s DMV for preparing to conform to the REAL ID requirements without getting legislative approval or following administrative procedures. [Source]

US – TJX Agrees to Settlement in U.S. Class Action Suit

The TJX Companies have announced a yet-to-be-finalized settlement for several class action suits resulting from various data breaches over the last few years. TJX, which operates such discount retail chains as T.J. Maxx and Marshalls in the U.S. and Winners and HomeSense stores in Canada, is offering claimants three years of credit monitoring (or two additional years if the customer already has a credit monitoring service), credit insurance for up to $20,000 in losses, and the cost of replacing driver’s licenses. A second group will receive one or two $30 vouchers good at any TJX-owned store. [Source]

US – Companies Still Not Taking Adequate Measures to Wipe Used Drives

The percentage of used hard drives containing sensitive data has not changed much in the last two years. According to statistics from BT Group, 37% of second-hand hard drives still contain confidential information from their previous users. BT Group examined 350 hard drives bought in online auctions. Nineteen percent of the disks had sufficient data on them to identify the organization of origin, and 65% contained personally identifiable information. The report, which has yet to be released, also says that used drives are not highly reliable; 44% of the 133 disks purchased in the UK did not work [Source]

WW – Survey: Employee Error Fuels Data Security Breaches

Employee misconduct and unintentional actions like errors and omissions are the greatest cause of data security breaches, according to a survey released by Deloitte Touche Tohmatsu. The firm surveyed senior information technology executives on the current trends in security and privacy from 169 major global institutions. Deloitte said 68% of those surveyed were banks. Almost two-thirds of survey respondents reported repeated external security breaches, and the top three breaches this year were viruses and worms, email attacks, and phishing/pharming-- all unwittingly perpetrated via the customer, Deloitte said. The survey also revealed a shift in priorities from protecting sensitive data from attack by outsiders to addressing internal threats. An overwhelming majority of respondents, 91% are concerned about employees. Nearly 80% cited the human factor as the root cause for information security failures. According to the Deloitte survey, virtually all respondents indicated increased security budgets. But 35% said that their investment in information security is lagging behind business needs and only 20% of U.S. respondents feel that they have the required skills and competencies to deal with existing and foreseeable security requirements. The Deloitte survey identified identity and access management as the top operational initiative of the year, followed by regulatory compliance, security training and awareness, governance for security and disaster recovery and business continuity. Two other recent studies show that some firms are not doing enough planning before throwing money at the issue. A study on IT security by the Computing Technology Industry Association (CompTIA) found that proper training of IT pros could help stave off a security breach. Meanwhile, a VeriSign review of PCI Data Security Standard (PCI DSS) assessments it conducted found that more than half were still stumbling on the path to compliance. [Source] [Source] See also: [Malicious or Careless, the Insider Threat Grows] [Computer Security Institute report on insider threats] and, finally: [Car dealers least trusted with personal data: UK Survey]

UK - New Data: CCTV Ineffective On Solving Crimes

The UK’s Liberal Democrats object to the “surveillance society” that they believe has grown up in Britain, and they’ve released a set of figures on CCTV use that purport to show that the cameras are ineffective at helping police solve crimes. The data was released by the London Assembly of the Liberal Democrats, which gathered police data from the greater London area. According to the information, London police solve only 21% of all crimes, and the rate of success does not appear to have any correlation to the number of CCTV cameras installed in each borough. The current data was gathered to help make a political point. The Liberal Democrats have just concluded their Autumn Conference, at which they passed a motion calling for the immediate repeal of the Identity Cards Act, the destruction of all DNA samples from people not charged with a crime, and more regulation of CCTV and personal information. Apart from the recently released numbers, there have been a number of more rigorous studies done on the topic. The UK’s own Home Office reports that CCTV helps lower crime rates by about 4 percent. The effect only works so long as people remain aware of the cameras, though. CCTV is actually much more effective in car parks, though it has small or no effects in many other situations. In fact, five of the 22 studies analyzed by the Home Office showed that CCTV deployments actually correlated with a rise in crime. [Source] [Figures]

US – New Service Eavesdrops on Net Calls to Display Targeted Ads

A startup has come up with a new way to make money from phone calls connected via the Internet, by having software listen to the calls, then displaying ads on the callers’ computer screens based on the discussions. The advertising model is similar to that of Google’s Gmail, which shows ads based on scans of the user’s e-mail correspondence. That idea initially raised privacy concerns, but those have mostly abated as users have become comfortable with the system. [Source]

US – Ruling Eases U.S. Government’s Efforts for Cell Phone Tracking

A federal court in Massachusetts has ruled that the government doesn’t need probable cause to obtain a warrant allowing it to use a person’s cell phone to track his past movements. According to the ruling by the U.S. District Court in Massachusetts, law enforcement officials only need to show the information is “relevant to an ongoing investigation.” In addition, the district court ruled that an individual’s past movements were not protected under the Fourth Amendment because the government wasn’t looking to track the individual’s real-time or future movements. “This is the first decision that’s been about historical tracking,” said the Electronic Frontier Foundation. [Source] [Decision]

US – New Legislation Would Reform National Security Letters

Senators Russ Feingold (D-WI) and John Sununu (R-NH) have introduced a bill to reform National Security Letters -- demands issued by FBI agents without a judge’s approval to compel disclosure of financial, telephone, Internet and other records. Under the proposed NSL Reform Act, the FBI could still use an NSL to obtain less sensitive information such as a person’s name, address and account identifying information, but more sensitive information such as financial details or logs of the e-mail addresses would require a different process, such as a court order or a subpoena. CDT welcomed the measure as a response to some of the more egregious problems with NSLs that were identified in an Inspector General’s report issued in March 2007. [CDT Testimony: National Security Letters] See also: [Bush Administration Aiming To Ease Surveillance Concerns]

CA – Security Clearance Deadline Looms for Port Workers

Beginning on Dec. 15, security clearances will be required by workers at the ports of Montreal, Halifax, Vancouver, Fraser River and North Fraser River. As well, security clearances will be required for workers at the control centres of the St. Lawrence Seaway Management, under phase I of the Marine Transportation Security Clearance Program. The Marine Transportation Security Clearance Program was initially announced on Nov. 16. [Source]

--------