CA – Getting Fingerprinted in BC is Getting Faster

It's not quite up to CSI speed, but a new digital-fingerprinting service that opened this week will make criminal-record checks faster for BC residents applying for citizenship, immigration and jobs in the security industry. The new service is run by Commissionaires BC. The process works using an optical scanner that captures the applicant's fingerprints. The image is sent by e-mail to the RCMP's Canadian Criminal Real Time Information System, where it is checked against a criminal-record database. The results are then returned to the applicant in about 10 days, as opposed to the 120 days it usually takes when done manually at a local police station. The service has been used by about 2,300 people so far this year. A similar service in Toronto has been used by about 12,000 people. [Source]

CA – Privacy Commissioner of Canada (OPC) Issues Annual Report

The Commissioner’s latest Annual Report to Parliament on the Privacy Act describes how privacy and security problems in Canada’s passport operations added up to a significant risk for Canadians applying for passports. The Commissioner is pleased that Passport Canada and the Department of Foreign Affairs and International Trade have indicated they will act on her recommendations and improve privacy and security safeguards. The annual report also highlights the Commissioner’s concerns that the online posting of personal information by some federal administrative and quasi-judicial bodies does not strike the right balance between the public interest and privacy rights. The OPC investigated 23 complaints regarding the disclosure of personal information on the Internet by seven bodies created by Parliament to adjudicate disputes. Decisions of these bodies often include highly personal information such as an individual’s financial status, health and personal history. The Commissioner agreed that the “open court” principle is an important part of Canada’s legal system, but there is a crucial distinction between the courts and the bodies the OPC investigated: The Privacy Act does not apply to the courts, but it does apply to many administrative tribunals and quasi-judicial bodies. The Commissioner recommended, among other steps, that the bodies reasonably depersonalize decisions posted online by replacing names with random initials. However, the Commissioner noted that, where there is a genuine and compelling public interest in such a disclosure, these bodies have the legal authority under the Act to exercise discretion in disclosing personal information. The OPC has also asked Treasury Board Secretariat to develop centralized policy guidance on the online posting of personal information by administrative and quasi-judicial bodies. [Source] [Annual Report to Parliament 2007-2008 — Report on the Privacy Act] [Privacy Audit of Canadian Passport Operations] [Passport info at risk, watchdog says]

CA – Canada Backpedals on Sharing Personal Info With U.S.

Ottawa has quietly dropped plans to let the United States house a database of personal information about Canadians who hold special driver’s licenses aimed at better securing the border. The move follows vocal criticism from federal and provincial privacy commissioners, who warned earlier this year the scheme could open the door to abuse of the sensitive data. [Source]

CA – Privacy Commissioners Warn Against Using Driver’s Licence as ID

In an attempt to help protect Canadians from identity theft, federal, B.C. and Alberta privacy commissioners yesterday issued guidelines to help retailers determine when it’s appropriate to collect customers’ driver’s licence numbers. “A driver’s licence is proof that someone is allowed to drive a car,” said B.C. Information and Privacy Commissioner David Loukidelis. “It is not a universal identity card,” nor should it be used to analyze shopping return habits, the commissioner said. Provincial privacy laws say that licence data may only be collected for a “specific and reasonable purpose.” The commissioners are also urging consumers to be wary when a retailer asks for their licence. [Source] [Guidance]

CA – Privacy Commissioner Launches 6th Annual Privacy Research Program

The Office of the Privacy Commissioner of Canada (OPC) today announced the launch of the 2009-2010 privacy research Contributions Program. This is the sixth year for the annual program, and up to $500,000 in funding will be available for research, as well as public education and awareness initiatives. The OPC is inviting research proposals focused on four key privacy priority areas: 1) national security; 2) identity integrity and protection; 3) information technology; and 4) genetic privacy. [Source] [Contributions Program website]

CA – Privacy Commissioner Urged to Probe Tory Eavesdropping

A public interest researcher has filed a formal complaint with the federal Privacy Commissioner, charging top prime ministerial aides, a parliamentary secretary and an MP with “serious breaches” of the privacy laws. Ken Rubin is asking Stoddart to investigate the eavesdropping, recording and distribution of a NDP conference call by a Conservative MP about a proposed alternative coalition government. The office of P.M. Stephen Harper claimed that the MP was “invited” to participate by email, but the NDP suggested Conservative MP John Duncan mistakenly received an email intended for their MP Linda Duncan, and should not have participated in the call, let alone tape it. The party has asked the RCMP to investigate whether an offence under the Criminal Code occurred. Rubin contends that even if criminal law wasn’t broken, there were serious breaches of privacy by a government that has claimed it would fight identity theft with tougher criminal code provisions. In a letter sent to Stoddart, Rubin writes that provisions in privacy legislation “mean you cannot collect or share personal information or conversations of others that you are not a legitimate party to.” Rubin’s complaint may reach a dead end. A spokesperson for Stoddart said that “the Privacy Act does not cover political parties or members of Parliament.” The privacy commissioner also does not have jurisdiction over either political parties or MPs. [Source]

CA – Privacy Breach Alleged Over Tories’ Mailing

Letters sent from Conservative MPs to Prairie farmers urging them to vote for specific candidates in the Canadian Wheat Board’s director elections may be a privacy breach, the National Farmers Union claims. The NFU on Monday wrote to federal privacy commissioner Jennifer Stoddart, asking her to investigate the letters, which urge farmers to vote for candidates with a pro-deregulation or “marketing choice” stance. “It seems certain that Canadian members of Parliament have unlawfully used confidential information about Canadian citizens to conduct an inappropriate mail-out campaign,” NFU president Stewart Wells wrote. “We believe that there is clear evidence that these MPs and their government have violated the Privacy Act,” he wrote. Based on information from people who received letters from MPs, Wells wrote, “we assert that the mailing list used by the Conservative MPs was derived from the actual voters’ list created for the Canadian Wheat Board director elections. [Source]

CA – Alberta Privacy Commissioner OK’s Parking system

Alberta’s ParkPlus parking system does not breach provincial privacy laws. That’s according to yesterday’s ruling of Alberta Information and Privacy Commissioner Frank Work, who investigated the system after receiving a complaint about the type of information being collected from parkers. ParkPlus replaces parking meters and people are required to enter their licence plate information into a machine when parking. The system allows parkers to pay using their credit cards, and that data is retained for a period of two years. Work ruled that the city has adequate measures in place to protect the information collected and that the system does not break privacy laws. [Source]

CA – CIBC’s Talvest Data Breach a Mystery, Probe Finds

The Privacy Commissioner’s Office this week issued its finding on the Canadian Imperial Bank of Commerce (CIBC) data loss incident of 2006, reports Reuters. The OPC said that it is satisfied with the bank’s response to the incident, which involved the personal information of nearly a half-million Talvest mutual fund customers, but concerned about the bank’s uncertainty as to whether the information was actually lost. “I am troubled that the CIBC has been unable to establish whether a data transfer to a portable disk drive had ever been made,” said Assistant Privacy Commissioner Elizabeth Denham in a statement released yesterday. [Source]

CA – Thousands of Canadians Complain About Do-Not-Call List

Thousands of Canadians have called the CRTC to complain about its newly launched do-not-call list, with some saying they are receiving more calls than ever after having registered with the service. “People are receiving calls who have not received calls in the past,” said CRTC spokeswoman Lynne Fancy. “That’s currently under investigation.” [CBC]

EU – Commission Seeks Views on Settling Large Scale Consumer Complaints

The European Commission has published a Green Paper on Consumer Collective Redress on how to facilitate redress in situations where large numbers of consumers have been harmed by a single trader’s practice which is in breach of consumer law. Violations of consumer rules could include overcharging consumers - through hidden charges or overbilling - misleading advertising on websites, or failing to provide compulsory information on financial products. These kinds of illegal practices, if they occur to a large number of consumers, can cause considerable damage to consumers, generate unfair competition and distort markets. The Green Paper identifies barriers to effective consumer redress in terms of access, effectiveness and affordability and presents various options to close the gaps identified. The options set out in the Green Paper seek to ensure that consumers who are victims of illegal commercial practices can get compensated for their losses, while avoiding unfounded claims. Comments on the Green Paper can be submitted until 1 March 2009. [Source] [The Green Paper on Consumer Collective Redress]

WW – Parliaments Seem to Use Very Little IT Technology: Study

The findings of the World e-Parliament Report 2008 achieved by UNDESA and the Inter-Parliamentary Union on the use of information and communication technologies within 105 parliament assemblies from all over the world were presented on 25 November 2008. The Report is the first one of this kind and was meant to assess the level to which information and communication technologies are used by parliaments within their activities. The purpose of the report was to help “legislatures evaluate the potential benefits of ICT in supporting parliament’s basic values of transparency, accessibility, accountability and effectiveness, and, at the same time, its representative, legislative and oversight functions. Its publication is intended to establish a shared knowledge base among the parliaments of the world and, most importantly, promote international dialogue on these matters.” The issues tackled by the report were: the relationship between parliaments, ICT and the information society; innovation and leadership; management, planning and resources; infrastructures and services; documenting the legislative process; parliamentary websites; building a knowledge base for parliament; enhancement of the dialogue between parliaments and citizens and cooperation and coordination. According to the report, only 10% of the parliaments from EU, Africa, Latin America, Australia and Canada use ICT to make their activities known to their citizens. “For most parliaments, our survey has documented that there is a significant gap between what is possible with ICT and what has been accomplished,” said Jeffrey Griffith, one of the authors. The study has shown that only 43% of the parliaments stated having document management systems and most of them find it difficult to keep their websites up to date and accessible to the wide public. Even when the sites displayed the texts of bills they lacked links to the relevant information. In most cases, but not in all, the level of the ICT use by a parliament appears to be related to the level of the national income. The World e-Parliament Report 2008 also points out the “opportunities for parliaments to benefit from cooperating at the regional and global levels in the e-parliament domain. Existing and emerging parliamentary networks can sustain some of these efforts, but a worldwide dialogue is becoming increasingly essential. By offering coordinated support and training for those parliaments with fewer resources, increasing the opportunities for sharing expertise and software at a global level and providing greater access to parliamentary information resources, parliaments will be better positioned to fulfil citizens’ legitimate expectations, achieve common goals and advance the principles of the World Summit on the Information Society.” [Parliaments are slow in going online, study shows] [World e-Parliament Report 2008 - Executive summary]

WW – United Nations Publishes e-Government Survey 2008

Published February 17, 2008 the survey contains case studies, governance and citizenship, With the Subtitled ‘From E-Government to Connected Governance’, UN recently published the outcome of its annual e-Government Survey. They compared 192 countries on ‘eGovernment readiness’. The Top 10 countries are: 1. Sweden; 2. Denmark; 3. Norway; 4. United States; 5. Netherlands; 6. Republic of Korea; 7. Canada; 8. Australia; 9. France; and 10. United Kingdom. [Source]

AU – Australia Introduces New Laws to Target ID Fraud Nationwide

Stealing someone’s identity will become a criminal offence across the country. Draft laws aimed at combatting the fraud, which has been exacerbated by social websites such as Facebook, have been introduced to parliament. Presently, it is only an offence to steal someone’s identity in Queensland and South Australia. Identity theft across the country will be punishable by up to five years jail. The crime includes a range of offences including using another person’s credit card details to stealing their personal information to open bank accounts and take out loans. [Source]

CA – Senator Goldstein Has Reintroduces Anti-Spam Bill in the Senate

Canadian Senator Yoine Goldstein has reintroduced his anti-spam bill. Bill S-202 is designed to provide Canadian authorities with the tools to address spamming activities. [News Release] [Source][Text of Bill]

EU – EDPS Issues Opinion on Cross-Border Health Data Privacy

European Data Protection Supervisor Peter Hustinx said more concrete data protection and privacy provisions need to be included in the proposal for a patients’ rights Directive pertaining to cross-border healthcare. The Directive would establish a framework for instances when patients seek medical care outside of their Member State. In an opinion earlier this week, Hustinx wrote: “A uniform and sound data protection approach throughout the various healthcare Community initiatives” is needed, “not only to ensure the citizens’ fundamental rights to the protection of their data, but also to contribute to the further development of cross-border healthcare in the EU.” [Source] [EDPS Opinion]

UK – ICO Convenes Privacy by Design Conference, Issues Report

The U.K. Information Commissioner has published a report calling for “privacy by design”--building privacy guards into new information systems during the development stage to help protect data and prevent privacy breaches. In a video interview, Assistant Information Commissioner Jonathan Bramford and privacy lawyer Stuart Room explain the concept of privacy by design and how organisations can implement it. [Source] [ICO Press Release] [ICO Final Report] [www.privacybydesign.co.uk] [Workshop report]

UK – Government Announces New Law for Increased Data Sharing

The powers of Government to share data will be increased under new laws announced yesterday. Legislation will introduce a fast-track procedure to allow data sharing whenever “a robust case” can be made for sharing, said a Ministry of Justice report. The report also made clear that the UK will not introduce a security breach notification law. (See: The UK does not need a security breach notification law, says Government, OUT-LAW News, 25/11/2008) Another report published by the Ministry of Justice yesterday gave the Information Commissioner’s Office (ICO) new inspection powers, though not the powers that the Commissioner had asked for. It also changed the ICO’s funding arrangements which will lead to increased compliance costs for large businesses. (See: ICO to get powers to audit public bodies without consent, OUT-LAW News, 25/11/2008). [Source] [Response to the Data Sharing Review Report] [Response to the inspection powers and funding arrangements consultation] [The July consultation paper on inspection powers and funding arrangements] The July Data Sharing Review Report] and [Section 55A of the Data Protection Act] See also: [Ireland proposes to legalise covert surveillance] [Time to take a close look at surveillance]

UK – Government Will Not Establish Breach Notification Law for Private Sector

Last week, the UK government announced in a report that it will allow the Information Commissioner’s Office (ICO) to impose increased fines for “deliberate or reckless loss of data,” but stopped short of calling for a law, instead allowing the ICO to establish rules for breach disclosure. The “Response to the Data Sharing Review Report” says that private sector organizations should disclose data breaches “as a matter of good practice,” and that the Information Commissioner’s office (ICO) should consider whether or not such organizations did disclose breaches when taking enforcement action against the company. Public sector organizations are already subject to requirements that they report any data security incidents to the ICO. [Source] [Source]

EU – Changes in the Telecom Package Adopted by the Council

A political agreement on the telecom package was reached by the EU Council on 27 November 2008. Even though the final text does not support the 3 strikes measures proposed by the French Presidency, it has also deleted some important amendments adopted by the European Parliament in order to safeguard the citizen’s fundamental rights. The new text of the modified Universal Services Directive allows the national regulatory authorities to “promote cooperation between undertakings providing electronic communications networks and/or services and the sectors interested in the promotion of lawful content in electronic communication networks and services.” The adopted recitals makes it clear that any cooperation procedures will not allow for systematic Internet monitoring and that the Member States, and not the electronic communication providers, have to “decide, in accordance with due process, whether content, applications or services are lawful or harmful or not.” According to EDRI, the text adopted by the European Telecom Council is not so positive from the privacy point of view. [2907th Transport, Telecommunications and Energy Council meeting] [European Council - Reviewed ePrivacy Directive] [European Council - Reviewed Universal Service Directive] [Federal government supports opposition against “voluntary data retention”] [EU states bin telecoms ‘super-regulator’ idea] [Citizen safeguards striked out in EU Council] [Bulgaria, Hungary, Poland - only EU members on the same page vis-à-vis Internet content control] [European Council opposes Parliament on Amendment 138]

UK – The Big Brother State – by Stealth

Personal information detailing intimate aspects of the lives of every British citizen is to be handed over to government agencies under sweeping new powers. The measure, which will give ministers the right to allow all public bodies to exchange sensitive data with each other, is expected to be rushed through Parliament in a Bill to be published this week. The new legislation would deny MPs a full vote on such data-sharing. Instead, ministers could authorise the swapping of information between councils, the police, NHS trusts, the Inland Revenue, education authorities, the Driver and Vehicle Licensing Authority, the Department for Work and Pensions and other ministries. Opponents of the move accused the Government of bringing in by stealth a data-sharing programme that exposed everyone to the dangers of a Big Brother state and one of the most intrusive personal databases in the world. The new law would remove the right to protection against misuse of information by thousands of unaccountable civil servants, they added. The Council of Europe’s commissioner for human rights, said he believed Britain had gone too far in helping to bring about a “surveillance society”. In a report drawing on personal data infringements across Europe but “inspired” by Britain’s plan for a new internet, email and telephone database, he added: “General surveillance raises serious democratic problems which are not answered by the repeated assertion that those who have nothing to hide have nothing to fear. This puts the onus in the wrong place: it should be for states to justify the interferences they seek to make on privacy rights.” [Source]

AU – Anti Internet Filtering Rebels Hit the Streets

Opponents to the government’s Internet content filtering scheme will take to the streets in a series of protests planned in Australia’s capital cities. The protests, organised by members from activist groups including the Electronic Freedom Project and Digital Liberty Coalition, will be held at Sydney’s Town Hall, Brisbane Square, Melbourne’s State Library, Adelaide Parliament House, Perth’s Stirling Gardens and at Tasmania’s Parliament Lawns. Participants have created Facebook groups and a YouTube video to rally support and direct activists to the events. Opposition and Greens senators have expressed interest in attending the protests. The government initiative, funded as part of the government’s $125.8 million cyber safety plan, will impose mandatory ISP-level Internet content filtering nation-wide, and will block Web pages detailed in two blacklists operated by the Australian Communications and Media Authority (ACMA). Prescribed filtering technology, short-listed following a July trial, will be tested again by ISPs during the Christmas period. The trial is expected to use a blacklist of 10,000 banned Web pages, using the rumoured 1300-page blacklist held by the ACMA mixed with dummy data. [Source] See also: [Jeffrey Rosen in NYT: Google’s Gatekeepers]

WW – Global Network Initiative to Protect Online Privacy

The new Global Network Initiative (GNI), created to combat online censorship and protect user privacy on the Internet, is inviting the public to participate in its introduction. An evening forum will be held in Paris on December 4, 2008, accoompanied by online activities. Along with its tech giant founders, such as Google, Microsoft and Yahoo!, online and human rights organizations including the Committee to Protect Journalists, Human Rights Watch and the World Press Freedom Committee, GNI members will participate in an open roundtable, to be followed by a discussion with the audience. The forum is taking place in conjunction with the International Seminar on Business and Human Rights, in celebration of the 60th anniversary of the Universal Declaration of Human Rights. [Source]

CA – eBay Canada Ltd. v. Canada (National Revenue)

Minister of National Revenue is authorized to require eBay to produce electronic customer information stored on servers outside of Canada; with the click of a mouse, the information appear on computer screens in Canada. [Decision]

WW – Effects of Counter-Terrorism Legislation on Freedom of the Media: Report

A new report conducted by Privacy International (PI) for the Council of Europe Media and Information Society Division reveals effects of new counter-terrorism laws on media and free expression rights in European countries. The report “Speaking of Terror” examines how the “war on terror” has affected access to information, the growth of incitement, glorification and “extremism” restrictions on speech, blocking of internet sites, increased surveillance of journalists and limits on protection of journalists’ sources. The report finds that the laws have already seriously affected freedom of expression while providing little benefit in fighting terrorism. The report also examines the roles of the United Nations Security Council, European Union and Council of Europe in promoting new laws while paying little attention to human rights. [Speaking of Terror: A survey of the effects of counter-terrorism legislation on freedom of the media in Europe]

US – Editing Public Records of Personal Information Could Cost $1.8 Million

Administrators say it will cost about $1.8 million to redact sensitive information from the IowaLandRecords.org Web site, reports the Des Moines Register. The site’s database, used mostly by county auditors, contains the information on hundreds of thousands of Iowa landowners. It made the headlines in September when it was discovered that thousands of Social Security numbers were publicly available on the database, leaving citizens vulnerable to identity theft. Iowa state law prohibits the inclusion of Social Security numbers in public records, but records from before the law went into effect in 2002 often include such information. [Source]

EU – Court Rules Unanimously: DNA Database Violates Privacy

Nearly one million innocent people could have their profiles wiped off Britain’s ‘Orwellian’ DNA database. A landmark European ruling said it was unlawful for police to store for life swabs and fingerprints from people arrested, but later cleared of wrongdoing. The national DNA database was thrown into turmoil after a court severely criticised the policy of holding samples of people absolved of any crime. The damning verdict by the European Court of Human Rights could force the Government to wipe the DNA details of almost 860,000 people from the sprawling database. In an excoriating attack on the system, 17 senior judges ruled unanimously that retaining the information of law-abiding citizens ‘could not be regarded as necessary in a democratic society’. Home Secretary Jacqui Smith said she was ‘disappointed’ by the verdict, which it is claimed could have far-reaching consequences for the police’s ability to fight crime. But civil rights campaigners said the ruling was a ‘triumph for justice’ over the hugely controversial ‘Big Brother’ policy. Some anti-surveillance society campaigners went as far saying it ‘called into question the legality’ of other Government databases, including the national ID register, children’s databases, police profiling techniques and even TV licensing information. [Source]

CA – Commissioner Concerned by Amendments to Health Information Act

Proposed amendments to Alberta’s health information act worry provincial Information and Privacy Commissioner Frank Work. Work says the amendments would prevent Albertans’ from keeping their medical information out of the province’s electronic health record. Work also cited a lack of rules on how researchers can use the sensitive information contained in such records. The proposed legislation is being considered by an all-party policy committee. [Source] [Press Release]

US – Cleveland Clinic Discloses Doctors' Industry Ties

The Cleveland Clinic plans to announce this week it has begun publicly reporting the business relationships that any of its 1,800 staff doctors and scientists have with drug and device makers. The clinic, one of the nation's most prominent medical research centers, is making a complete disclosure of doctors' and researchers' financial ties available on its Web site, www.clevelandclinic.org. It appears to be the first such step by a major medical center to disclose the industry relationships of individual doctors. And it comes as the nation's doctors and hospitals are under mounting pressure to address potential financial conflicts of interest that can occur when they work closely with companies to develop and research new drugs and devices. [Source]

US – Patient Photos Aid Docs Reading Faceless CT scans

Imagine sitting in a dark room all day, evaluating CT scans and other medical images on a computer screen but never actually seeing real patients. That’s life for many radiologists. But an intriguing Israeli study found adding photos of patients’ faces to the file made these doctors more meticulous when looking at the X-rays. They reported more details and said they felt more empathy for patients who were otherwise strangers. Adding patients’ photos is a simple, low-tech way to reap rewards for both doctors and their patients, the researchers concluded. Several experts not involved in the study agreed, although Dr. James Thrall, chairman of the American College of Radiology’s board of chancellors, said making it common practice in the United States could be problematic because of privacy laws. [Source]

US – Former UCLA Hospital Worker Admits Selling Records

A former employee of UCLA Medical Center pleaded guilty to selling information from the medical records of celebrities and high-profile patients, including Britney Spears and Farrah Fawcett, to the National Enquirer. She faces a maximum sentence of 10 years in prison, followed by three years of supervised release, and a $250,000 fine. Sentencing is set for May. [Source]

US – Florida State Agency Exposes 250,000 Names, SSNs

The names and Social Security numbers of 250,000 job-seekers in Florida were accidentally posted online and remained there for 19 days. Those who have used the services of one of the state’s Agency for Workforce Innovation career centers during the last six years were affected. The agency began notifying individuals this week. “We are thoroughly investigating this matter and are making every effort to enhance the security of our computer systems,” said agency director Monesia Brown. [Source]

JP – Waseda University Admits Sensitive Info Leak

A list containing information on at least 719 cases of Waseda University students and employees who sought consultation about sexual harassment and other sensitive concerns has been leaked on the Internet, the school said. The list includes the names and university status of students and workers who sought consultations from April 1999 to May 2007. Data on people they accused of acts including sexual harassment, “power harassment” and stalking were also leaked. The information is believed to have been leaked in July after a consultant worker took the data home. [Source]

US – MySpace Suicide Case Verdict: Three Misdemeanor Convictions

Lori Drew, the Missouri woman who perpetrated an Internet hoax that prompted a 13-year old neighbor to kill herself, was convicted of three misdemeanor offenses of accessing computers without authorization; a federal jury acquitted Drew of three felony counts of accessing computers without authorization to inflict emotional harm. The misdemeanor offenses are each punishable by up to one year in prison and a fine of US $100,000. If she had been convicted of the additional charges, Drew could have faced 20 years in prison. Drew was tried under the US Computer Fraud and Abuse Act for violating the MySpace terms of agreement by establishing a phony identity and harassing another MySpace member. The case was tried in Los Angeles because that is where MySpace servers are housed; there was no applicable Missouri law that could be used to prosecute Drew. [Source] [Source] [Source] See also: [Conviction in MySpace Suicide Case Dangerous Ruling: CDT and CDT Amicus Brief in U.S. v. Lori Drew, August 01, 2008] [Policy Beta Blog Post, May 15, 2008]

EU – Identifying Individuals in Internet Iniquity: ECHR Rules on Naming Wrongdoers

The European Court of Human Rights gave an important decision today in KU v. Finland, dealing with the issue of whether states are obliged to have laws which allow for the identification of internet wrongdoers. In short, according to the court the answer is yes - national laws must “provide the framework for reconciling the various claims which compete for protection in this context” and a national law which gives an absolute guarantee of anonymity and confidentiality of communication may breach the rights of persons who are affected by online wrongdoing. [Source]

WW – Data Privacy Day 2009 Announced

On January 28, 2009, the U.S., Canada, and 27 European countries will celebrate Data Privacy Day together for the second time. Designed to raise awareness and generate discussion about data privacy practices and rights, Data Privacy Day activities in the U.S. have included privacy professionals, corporations, government officials, and representatives, academics, and students across the country. One of the primary goals of Data Privacy Day is to promote privacy awareness and education among teens across the United States. Data Privacy Day also serves the important purpose of furthering international collaboration and cooperation around privacy issues. Educational Materials – online teen privacy: [Teen privacy online] [Teen privacy online script] [Teen privacy online sources and resources] [Teen privacy online highlights] [Privacy Today slide presentation] Canada: [Canada’s youth privacy webpage and video competition] [Office of the Information and Privacy Commissioner of Ontario] [“Be a Player: Take Control of Your Privacy on Facebook,” a video prepared by Commissioner] [How to Protect Your Privacy on Facebook, a tip sheet] [Source] also: [Children's advocate taking Ontario province to court]

WW – Facebook Announced Facebook Connect

Facebook, the Internet’s largest social network, wants to let you take your friends with you as you travel the Web. But having been burned by privacy concerns in the last year, it plans to keep close tabs on those outings. Facebook Connect, as the company’s new feature is called, allows its members to log onto other Web sites using their Facebook identification and see their friends’ activities on those sites. Like Beacon, the controversial advertising program that Facebook introduced and then withdrew last year after it raised a hullabaloo over privacy, Connect also gives members the opportunity to broadcast their actions on those sites to their friends on Facebook. In the next few weeks, a number of prominent Web sites will weave this service into their pages, including those of the Discovery Channel and The San Francisco Chronicle, the social news site Digg, the genealogy network Geni and the online video hub Hulu. [Source] [Pew critical of FB Connect]

NZ – Google’s StreetView Arrives in New Zealand

Google photographers have been capturing images across the globe for the company’s StreetView feature, and today New Zealanders got a first-glimpse at their own streets and side roads with the launch of the Kiwi version. The free service gives viewers a 360 degree, street-level look at cities and towns in seven nations, so far. It has sparked controversy and invasion of privacy lawsuits in some locales. Before the New Zealand launch, Google consulted with New Zealand Privacy Commissioner Marie Shroff and agreed to blur the faces of those captured in photos. [Source]

WW – Delete Cookies, Says New Privacy Forum

The newly formed Future of Privacy forum is offering tips for protecting online privacy, reports MediaPost Publications. From deleting and blocking cookies to deleting log files, the group wants Internet users to know how to make their online experience more anonymous. “You may not be aware that when you visit a site you’re actually a part of a complex advertising and marketing mechanism,” the group writes. [Source] [Future of Privacy Forum advice] See also: [NYT: You're Leaving a Digital Trail. What About Privacy?]

EU – Council’s Five-Year Plan to Tackle Cyber Crime Includes Remote Searches

The EU Council of Ministers has approved a five year plan to tackle cyber crime. Among the tactics proposed are remote searches of computers suspected of being used in criminal activity; the investigations will be coordinated by Europol. The plan also aims to improve information sharing among European law enforcement agencies of member nations and private companies to help prosecute criminals. Europol has been granted 300,000 Euros (US $379,000) to develop a system to consolidate crime reports and issue warnings about emergent threats. [Source] [Source]

CA – RCMP Put Pipeline Investigation Online

Police turn to public to help them identify eight people in surveillance images they hope will lead to a break in probe into three blasts at EnCana natural gas facilities. The photos - posted on dawsoncreekbombings.com, a website set up as part of the RCMP investigation - are part of an effort to persuade the public to help identify a culprit, who police believe is a local resident with a grudge.[Source]

CA – Privacy Right Extends to Drugs In Luggage: Judge

Socks, undies and a toothbrush aren’t the only things considered private when checking luggage at the airport. So are illegal drugs and wads of cash, according to a ruling by the Supreme Court of Newfoundland. A judge in St. John’s, Newfoundland recently decided that a man found with 14 grams of cocaine, 62 ecstasy pills and $11,000 in cash had an expectation of privacy when he checked his luggage prior to a flight in 2006. The ruling means the man can continue his legal battle to have the evidence against him thrown out. Crown prosecutors argued Mr. Crisby gave up all his privacy rights when he voluntarily checked his baggage, because he knew air travel is subject to strict controls, including security screening. The problem with that, Justice Robert Hall ruled, is that airport security laws are designed to protect travellers against weapons and explosives, not to catch illegal drugs. He described the Crown’s argument as an “incremental intrusion upon privacy rights.” “Obviously, searching or screening the accused’s bags for the presence of drugs does not fit into the category of purposes for which screening was authorized,” wrote Mr. Hall. [Source]

US – Privacy Panel Advises House Committee

A panel of privacy experts met with Democratic members of the House Homeland Security Committee on Monday to discuss privacy in the new Congress. Nuala O’Connor Kelly, former chief privacy officer at the Department of Homeland Security and an IAPP Board member, recommended strengthening the Privacy Act and updating a 2002 statute on electronic government services. Cybersecurity expert Fred Cate echoed that sentiment, citing a recent Government Accountability Office report concluding that technological and policy changes have rendered the Privacy Act “almost entirely ineffective.” Panelists also recommended eliminating predictive data-mining. [Source]

US – Study Finds Lack of High-Level Oversight

Researchers at Carnegie Mellon University’s CyLab are recommending more top level involvement in risk management and privacy. The advice comes in a report showing a lack of corporate board and senior executive oversight in data protection. The researchers surveyed 703 individuals from public U.S. companies, finding that the majority are not involved with oversight of information security. Thirty-six percent of respondents indicated they or their board had some involvement. “Without the right organizational structure and interest from top officials, enterprise security can’t be effective no matter how much money an organization throws at it,” said Richard Power, report co-author and CyLab distinguished fellow. [Source] [Source] [Report]

US – Group Raises Privacy Concerns About RFID Chips in Identification Docs at Borders

The Association of Corporate Travel Executives (ACTE) wants the US to stop using a system that reads RFID tags in government issued identification documents at border crossings, pending a review of the security issues the system poses. ACTE is concerned specifically with the possibility that people could eavesdrop on the RFID chips at the border or even at other locations. Presently, the only information contained in the chips is a unique identification number, but there is concern that this number alone is enough to track an individual’s travel. A paper published last summer examined security concerns raised by the use of RFID tags in passport cards and driver’s licenses. [Source] [RSA paper] See also:

US – Unisys Announces First Border Crossing Points to Support RFID-Enabled IDs

Unisys announced the first US border crossing points to support RFID-enabled travel documents issued by federal and state government agencies are now operational. Border checkpoints in Blaine, Washington and Nogales, Arizona now accept RFID-enabled enhanced driver’s licenses and passport cards that were created as part of the Western Hemisphere Travel Initiative (WHTI). Implementation is planned for 37 more sites by June, 2009. [Source]For more background see US Gov Sets Controversial RFID Passport Card Specs.

US – DS to Track Immigration Detainees with RFID

The US Department of Homeland Security (DHS) plans to start tracking 20,000 immigration detainees at US facilities with RFID wristbands beginning in January, 2009. Installation of the new RFID tracking system is planned for 19 DHS detention facilities and will mark the first time the agency has used RFID to track detainees, TSI Prism announced its RFID-based inmate tracking system was selected for the project, which is part of a larger contract awarded to Northrop Grumman to create an infrastructure for housing and transporting DHS detainees. TSI Prism’s largest installation covers 140 acres with 700 readers at an Illinois state prison, although a new installation at a Washington, DC jail will have 920 read points. The DHS project, which covers 19 facilities and includes orders for 22,000 inmate wristbands, will be the largest deployment of RFID inmate tracking technology anywhere. Details for the DHS implementation timeline have not been finalized. [Source] [Source]

US – Florida Hospital to Use RFID to Track Implantable Cardiac Devices

The facility expects to lower costs and improve patient care, thanks to a solution combining WaveMark’s 13.56 MHz passive RFID system with Lumedx billing software. [Source]

US – Microsoft Partners With Implantable RFID Chip Maker VeriChip

Users of VeriChip’s VeriMed technology can now utilize a Microsoft HealthVault account to access and manage their personal health data stored in the VeriMed database. [Source]

EU – Belgian Hospitals Use RFID to Track Temperatures, Assets and Patients

St. Trudo and Jan Yperman are using AeroScout’s Wi-Fi-based active RFID system not only to monitor patient or asset locations, but also to track the temperature of equipment or supplies, or the status of wheelchairs and other items. [Source]

EU – EU Research Group Releases RFID Stndardization Report

The Global RFID Interoperability Forum for Standards, or GRIFS, has released a report assessing the state of RFID standards around the world. A key conclusion of the report is the need for better communication and collaboration between key standards organizations. The report is available for free download here. GRIFS is a group funded by the European Commission whose role is to “develop liaisons between standards organisations and initiate a long-term forum of exchange and collaboration for global RFID stakeholders.” [report] [Source]

US – Ponemon Releases Report on Security of Paper Documents in the Workplace

A U.S. study provides insight into where and why paper documents are more at risk than electronic documents; ten recommendations to protect confidential and sensitive documents. [Source]

CH – China Internet Cafes Switching to Chinese OS

Requirements that Internet cafes in a southern Chinese city install Chinese-developed operating systems are raising new concerns over cybersnooping by authorities, a U.S. government-funded radio station has reported. The new rules that went into effect Nov. 5 are aimed at cracking down on the use of pirated software, said a spokesman for the Culture Bureau in the city of Nanchang. Internet cafe operators are required to remove unlicensed software and replace it with legitimate copies of either Microsoft Windows or China’s homegrown Red Flag Linux operating system while paying a fee, he said. However, Radio Free Asia said cafes were being required to install Red Flag Linux even if they were using authorized copies of Windows. It quoted Xiao Qiang, director of the California-based China Internet Project, as saying the new rules would help authorities regulate Internet cafes that now operate on the margins of the law, and allow them to undertake heightened surveillance. [Source]

US – CDT and E&Y Issue Briefing on Telecommuting Risks to Company Networks

The Center for Democracy and technology has published a briefing note discussing how the rise of telecommuting poses unique privacy and security threats to company networks. Their briefing is structured along three points

1) Telecommuting Carves A New Privacy and Security Landscape for Employers

2) Emerging Privacy and Security Concerns Are Not Being Consistently Addressed

3) Companies Must Adopt New Practices to Offset Telecommuting Risks

WW – Launch of .Tel Domain ‘Most Significant Move Since .Com’

A new Internet domain that hopes to become an online equivalent to the phone directory has gone on sale for the first time. The new .tel domain allows companies and individuals to create a virtual address book, storing a variety of contact information online and offering it to users according to where they are and how they connect to the service. [Guardian]

US – DHS Center to Focus on Security Studies, Tech Concepts

The Homeland Security Department will award a contract that could eventually be worth $330 million for an organization to establish a research and development center to provide specialized technical expertise to DHS program managers. The center would work in programs to prevent terrorism and catastrophic incidents through improved interoperability and information sharing. The Homeland Security Studies and Analysis Institute (HSSAI) would generally work on the most complex homeland security issues and provide recommendations for policy and operational changes, as well as technology concepts, the department said. The specialized technical expertise provided would help transform DHS’ mission-level goals into strategies, operational requirements and performance metrics, according to a solicitation first published by DHS on Nov. 28 and amended Dec. 1. DHS’ Science and Technology Directorate would provide a program office for the center to be a liaison between the research institute and the department’s component agencies. According to the request for proposal, over the long term the center would promote frameworks and strategies to enhance the general understanding of trade-offs inherent in preventing terrorism and catastrophic incidents through improved interoperability and information sharing. [Source]

WW – Most Employers Restrict Staff Time On Internet, Says Survey

Two-thirds of employers monitor staff use of the Internet during working hours and block access to sites deemed irrelevant to the job, a survey of managers has revealed. The Chartered Management Institute said the censoring of employees’ Web browsing was an example of old-fashioned thinking in boardrooms where senior executives have not caught up with the business benefits of exploiting new technology. [Guardian]

+++