Privacy News Highlights
10–20 March 2008
Contents:
CA – Ontario Privacy Czar Applauds Voice Biometrics
WW – United States, Germany Will Share Biometric Data
US – Face Scanner Gives Illinois DMV Security Lift
US – Citizen CRM: Treating Taxpayers Like Customers, Part 1
UK – New Standard Raises Bar For Public Services
WW – BlackBerry Server Users Leave Door Open to Hacks
CA – SSHA Glitch Reveals Risks Lurking In Network Interdependencies
EU – German Court Strikes Down Police License-Plate Scanning Tactic
WW – EU and US Reach Deal on Travel Security Negotiations
UK – ICO Investigates 40 New Government Breaches
WW – Community Ports Proposed for Kids Who Click
EU – European Judge to Review US SWIFT Compliance
UK – Banks More Trustworthy than Government over Data Security
US – IRS Puts ‘Phishing’ at Top of List of Scams
US – U.S. Financial Practices Contribute to High ID Theft Rates
US – Oklahoma Court Rules Cut Off Online Access to Records
US – State Governments Resist ‘Sunshine Laws’
US – Major Player Emerges on Health Information Technology and Privacy
US – Supermarket Data Breach Affects 4.2 Million Accounts
US – Medical Workers to be Fired After Peeking at Spears’ Files
UK – DVLA Gets £9 Million for Your Details
US – University Eliminates SSN Use for IDs
WW – Google: We Didn’t Help the NSA (or did we?)
EU – Italian Data Commissioner Rules Against Spying on File Sharers
UK – Policy Group Argues Phorm Illegal Under UK Law
WW – AOL to Buy Social Network Bebo For $850 Million
UK – Police Suffer Memory Loss
WW – ‘Net Pioneer Is Anti-Tracking
WW – BT’s Growing Sophistication Enables Precise Targeting
WW – Godaddy Shuts Down Police Rating Site
WW – Latest Facebook Application Pays Users 10 Percent for Referrals
US – ValueClick to Pay $2.9 Million to Settle FTC Charges
US – CDT: Commission Needed to Explore Revamping Privacy Act
US – N.H. House Committee Kills RFID Labeling Proposal
WW – Heart Defibrillator Implants Can Be Hacked: Experts
WW – Insurance for Privacy Breaches
US – N.H. Lawmakers Kill Medical Privacy Bill
CA – Angus Reid: Canadians Back Use of Surveillance Cameras
US – Chicago Links School Cameras to 911 Center
CA – Study Looks Into Effects of Surveillance
US – NSA Builds Data Surveillance System
WW – Ad Delivery to Cell Phones Gives Spammers New Venue
US – CDT Comments on E-Verify Program
US – Justice Says FBI Privacy Violations Rose in 2006
US – House Rejects Immunity in Eavesdropping Bill
US – Legislators Mull New Regulations for Data Brokers
US – California State Workers Protest Salary Database Publication
Major advancements in privacy-enhancing biometrics have come from Europe, where Netherlands-based electronics giant Philips has taken its biometric encryption technology and applied it to Israel-based PerSay Inc.’s “voiceprint” and speak verification products. According to Ontario privacy commissioner Ann Cavoukian, the combination of these technologies has ushered in a new layer of privacy and security. One of the biggest markets for voice biometrics is among the financial sector, where banks are increasingly offering more and more of its services via the telephone. Cavoukian said increased privacy measures for these voice authenticated systems would be a perfect fit. “This encryption technology would be ideally suited for sensitive tasks such as banking, checking your market account, or trading over the phone,” she said. [Source] [Biometrics Shows Its Growing Body of Work]
The U.S. and Germany will share some biometric information in their respective fingerprint databases, officials from both countries announced at a joint ministerial conference in Germany. Officials said the agreement is a benefit to counterterrorism efforts, and it has symbolic significance. “The agreement further provides a mechanism for sharing information about known and suspected terrorists, so we can prevent them from entering our countries and attacking our people,” U.S. Attorney General Michael Mukasey said in a statement. “But beyond the important practical value of this agreement, it symbolizes the joint resolve of Germany and the United States to fight terrorism and transnational crime.” [Source] See also: [Facial recognition software used for national security]
Facial scanning technology in use at the Illinois Division of Motor Vehicles provides the agency with a fast, convenient way of catching potential driver’s license fraud. The technology detects whether or not the image captured for use on the ID matches previous images used by the license holder, then checks to see if the image is being used on any other DMV licenses. Since the system was put in place in 1999, more than 5,000 cases of attempted identity fraud have been discovered. Similar systems are set to go into effect in 20 other states in the near future. [Source]
The fact that we pay the taxes that support the costs of government ought to make us the customers of the government, right? That seems logical, but often taxpayers and constituents (or drivers, in the case of the DMV) are treated more like an annoyance than a valued customer. However, some government agencies are starting to see the light and work on providing customer service to taxpayers, re-labeling constituents as “customers.” The ho-hum reception of federal, state and local government agencies that are turning to CRM solutions to improve interactions with citizens may liven a bit as applications turn from simple record-keeping to proactive response. “Originally, we were only engaged in transactional tracking, but as we got deeper into it we began to see greater and more proactive uses for CRM,” said one U.S city strategic program manager. “Part of the obstacles associated with CRM in the government space is process/operation-centric, rather than specific to CRM technologies. In many respects, government technology is siloed, battles are fought over turf issues, and policy/legislation can limit a true customer-centric approach to new technology implementation. Governments need to embrace not only CRM and customer-centric technologies, but also utilize new business and operational processes to facilitate and maximize these tools.” [Source] [NYT: Where Every Ad Knows Your Name]
The UK Minister for Transformational Government has launched the new Customer Service Excellence (CSE) standard – a practical tool to support and drive public services that are more responsive to people’s needs. The aim of CSE is to encourage, enable and reward organisations that are delivering services based on a genuine understanding of the needs and preferences of their customers and communities. Successful organisations will be able to demonstrate:
The standard is itself a result of a customer-focused process, developed on the back of extensive research with both service providers and users into the key drivers of satisfaction with public services. [Source]
Many companies running BlackBerry Enterprise Server (BES) could be inadvertently opening a door to attackers, a penetration testing company has found. Penetration testing consultancy NTA Monitor found that most of its customers running the BlackBerry Server with Microsoft Exchange were taking the path of least resistance by opening unencrypted ports from the heart of their network to service providers. The providers, in turn, opened a return back to the BES that would pass through firewalls without any policies being applied. This left the network open on several levels, including session hijacking, IP spoofing, or just the interception of unencrypted traffic. NTA Monitor, which recently found holes in VPNs offers several general security recommendations for clients using BES. These include using SSL encryption, enabling content protection on the handheld, disallowing non-approved applications – including P2P messaging – and turning off Bluetooth on the handheld. Source: http://tinyurl.com/ytx2nx
An outage at the Smart Systems for Health Agency’s (SSHA) One network in January that left several hundred doctors in Ontario unable to access patient health records for several days has roused concerns about the risks of housing electronic health records (EHRs) in interdependent networks. There has been insufficient attention paid to the potential problems, says Elaine Gibson, associate director of the Health Law Institute in Halifax. “The issue of liability is almost an untested field here.” Legal liability issues will likely come to the fore as more and more healthcare information is digitized and centralized in networks, added Gibson. [Source]
Germany’s highest court has ruled that a police practice of automatically scanning license plates and checking them against lists of suspects violates the country’s constitution. The Federal Constitutional Court said in its ruling that the practice violates privacy rights. The ruling came after three drivers filed complaints about the practice. The court agreed with their argument that the two states’ regulations on the surveillance technique were too broad, and could allow authorities to do things such as profile individuals’ movements. Eight of Germany’s 16 states had been using the method, and others were planning to add it to their arsenal of policing tools. [Source]
After weeks of EU internal political wrangling, the European Commission has secured itself a seat at the negotiating table when it comes to discussing a new set of US security conditions for establishing a visa-free regime with EU member states. At a high-level meeting between the two sides last week, they agreed a so-called twin track approach meaning that matters that fall within national responsibilities will be discussed with respective EU governments, while issues that fall within EU responsibility will be discussed with Brussels. Until now, the European Commission has been particularly concerned about the possible scope of data that could be handed to US security agencies under bilateral deals. [Source]
Since disclosure of a massive governmental data breach with HM Revenue and Customs that exposed the personal information of more than 25 million Britons, the Office of the UK Information Commissioner has opened investigations on as many as 40 new breaches involving government agencies. Although Commissioner Richard Thomas says most of the new reports are minor, the HMRC event opened the eyes of many within government who are erring on the side of caution. Following the HMRC breach, the government requires that all breaches be immediately reported to the Office. [Source]
In an article for REDORBIT.com, Cheryl Preston lays out a new approach to protecting children online by reducing or eliminating minors’ access and exposure to Internet pornography. The Internet Community Ports Concept uses technology to “zone” the virtual world into ports, which Internet users may opt-into. Preston writes, “existing Internet providers and Web page page publishers are only minimally burdened, and establishing the electronic framework for the system is very inexpensive, causes no delays, and makes no change in the visible content.” [Source]
The European Union has appointed a French counter-terror judge to review whether or not the United States has been compliant with Society for Worldwide Interbank Financial Telecommunication (SWIFT) standards. Franco Frattini, the European Commissioner for Justice, Freedom and Security, named Jean-Louis Bruguiere an “eminent person” in the investigation. Bruguiere will meet with the U.S. officials tasked with managing the program, which The New York Times revealed last year had been secretly handing information to U.S. investigators looking into potential terrorism financing. [Source]
UK consumers have more confidence in the IT security of banks and building societies than they do in central government, according to a YouGov survey. More than half (52%) of respondents said they trusted their bank or building societies with their data security, but only 25% had the same confidence in central government and only 21% in local councils. While 20% thought mortgage brokers, stockbrokers and financial advisers could keep their details safe from fraudsters, only 18% trusted utility firms with the same task. Nearly half (49%) of women would consider not using online shopping or banking to avoid being targeted, and 46% of all respondents said there is not enough information available about how to protect against fraud. [Source] [YouGov]
‘Phishing’ topped the Internal Revenue Service’s annual list of scams that taxpayers should be aware of. The IRS yesterday also warned people not to fall for predators posing as IRS representatives who tell them they must reveal personal information to obtain the economic stimulus payment. That payment goes out automatically to anyone who files a tax return. [SiliconValley.com]
After being asked by an Austrian journalist why identity theft rates in the United States are higher than in other countries, Network World’s M.E. Kabay looked into the issue and found a number of possible contributing factors, including the use of a universal identification number (Social Security number) as the key to financial transactions, and practices within the credit card and banking industries that penalize consumers (via exorbitant interest rates) rather than the companies for lax security measures. [Source]
The Oklahoma Supreme Court has adopted rules cutting off public access to court records now available on the Internet. When the rules go into effect on June 10, online access to court documents in the Supreme Court and district courts would be limited to court dockets only. “The individual pleadings and other recorded documents filed of record in state court actions shall not be publicly displayed on the Internet,” according to the order, which described the new rules as an effort to balance the rights of privacy of individuals and public access. Besides eliminating Internet access, the order puts new restrictions on what information the public can access from legal documents filed with court clerks. [Source] See also: [Illinois Attorney General’s office not enforcing Freedom of Information Act]
While e-mail and text messaging has become a hugely popular way to communicate throughout society, U.S. governments at all levels are often unwilling to let the public see the e-mails of their elected officials. Officially, e-mails in all but a handful of states are treated like paper documents and subject to FOI requests. However, most of these states have rules allowing them to choose which e-mails to turn over, and most decide on their own when e-mail records are deleted. [Washington Post]
CDT has announced that it is joining forces with the Health Privacy Project, creating a ‘major voice’ to address the privacy challenges posed by the electronic exchange of personal health information. CDT’s Health Privacy Project will take on key policy questions, including: the proper role of notice and consent, the right of patients to access their own health records in electronic formats, identification and authentication, secondary uses, and enforcement mechanisms. It will address both the traditional exchange of records among providers and payers, as well as new consumer access services and Personal Health Records. [CDT Launches Health Privacy Project, March 11, 2008] [eHealth: Putting Patients First] [Beyond Consumer Consent]: [Opinion: The Promise of Health 2.0]
The Hannaford Bros. supermarket chain said a breach of its computer system potentially exposed about 4.2 million credit and debit card numbers. Hannaford, based in Maine, said about 1,800 cases of fraud have been tied to the breach, but no personal information – such as names or addresses – was accessed, and it has contained the breach. The company said in a statement posted to its website that the stolen data was “illegally accessed from our computer systems during transmission of card authorization.’’ Separately, the Massachusetts Bankers Association said today that Visa and MasterCard had warned as many as 70 banks in Massachusetts about a large data breach at a major retailer, and association urged consumers to monitor their accounts. The banking trade group said neither Visa nor MasterCard would identify the source of the breach. [Source] See also: [Harvard grad students hit in computer intrusion]
The UCLA Medical Center in Los Angeles is expected to fire more than a dozen employees as well as disciplining another 12, some of them doctors, for taking a peek at Britney Spears’ medical files. It is taking the action because the employees checked out the confidential medical records of the pop star, who was hospitalized in its psychiatric ward twice earlier this year. [Source]
The Driving and Vehicle Licensing Agency (DVLA) has raised more than £9 million since 2002 by selling motorists’ personal details to private wheel-clamping and car parking firms. The DVLA charges £2.50 a time, or a flat fee of £3000 a year, to provide organisations with the personal records of any motorist caught parking too long on private property. In 2007, the income reached a new high, with the DVLA raising £3.7m by selling the names and addresses of more than 1.3 million registered vehicle keepers to private firms. Mike Hancock, MP for Portsmouth South, said: ‘I think the figures are outrageous. I don’t think they should be allowed to sell people’s personal details and I think the Government should step in now to stop it. It is an utter disgrace.’ [Source]
The University of Wisconsin-Madison has taken steps to fully eliminate the use of Social Security numbers for the school’s remaining students and staff not already weaned off the old system. Said the UW-Madison Chief Information Officer: “Protecting privacy is a growing issue and challenge in our increasingly electronic world. UW-Madison takes this issue extremely seriously, and this will be one of many steps we are taking in the coming months and years to safeguard our campus community.” About 8,000 people at the school still hold IDs that use SSNs.” [Source]
Google is now the first of the major search engines and e-mail providers to make a firm statement on the issue of the National Security Agency’s wholesale surveillance of Internet content. Google has stated it didn’t help the NSA search your e-mails. More specifically the company denies participating in the NSA’s Terrorist Surveillance Program. But the company’s carefully worded denial might not be enough to reassure savvy readers. The Wall Street Journal recently revealed the true extent of the NSA’s surveillance system: “According to current and former intelligence officials, the spy agency now monitors huge volumes of records of domestic e-mails and Internet searches.” This builds on what we learned the previous week, when The Washington Post revealed that the primary motivation for the White House’s wiretapping immunity demands is to protect those firms that assisted with illegal, mass-scale surveillance of e-mail traffic. Google has now taken the interesting step to become the first major Internet company to deny helping the NSA. [Source] See also: [VoIP: Who Might Be Spying on Your Communications? (Hint — It’s Not Just the NSA) ]
Italian companies may not spy on individuals who engage in illegal file sharing, according to a controversial new ruling. The ruling of Francesco Pizzetti, president of the official Italian body for Guaranteeing the Protection of Private Data, follows the attempts of a German record label, Peppermint, which last year began using the Swiss computer firm Logistep to gather the IP addresses of at least 300 Italians who were illegally sharing files. [Billboard]
Online advert system Phorm is illegal in the UK, the Foundation for Information Policy Research, has argued in an open letter. BT, Talk Talk and Virgin have all signed up to use Phorm, which targets adverts to users based on web habits. [BBC] [Open Letter to UK Info Commissioner] See also: [report by 80/20, a consultancy run by Simon Davies and Gus Hosein (better known for their role in Privacy International), which examined the implications of the Phorm setup] [Response]
AOL said it will pay $850 million to acquire the online hangout Bebo. The move gives the struggling Internet company a foothold in an expanding business. Bebo is one of the largest social networks in Britain, is ranked No. 1 in Ireland and New Zealand, and has a global membership of more than 40 million. [SiliconValley.com]
A Polic memory stick containing confidential information about offenders known to the police has been found by a member of the public. The stick contained offenders’ names, addresses and convictions and was found lying in a gutter outside a betting shop in Stevenage, according to a national newspaper. It said a passer-by picked up the stick containing 330 megabytes of data, equivalent to 165,000 pages, and was able to access the confidential information at home, as it was not encrypted. The newspaper also quoted a police insider as saying: “This is absolutely top secret information and it would have been disastrous had it fallen into the wrong hands.” [Source]
Internet and World Wide Web pioneer Sir Tim Berners-Lee said this week that he is opposed to technologies that track Web users’ activities online and would change his Internet service provider if it introduced such capability. In an interview with the BBC, Berners-Lee responded to reports that numerous Internet companies are considering adopting new technology by advertising personalization service Phorm. He said information pertaining to his Web browsing belongs to him, “It’s mine -- you can’t have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I’m getting in return.” [Source]
A New York Times article on the growing sophistication of behavioral targeting techniques shows that privacy advocates continue to be alarmed at the volume of consumer data collection and the ways in which it is collected online. By closely tracking a consumer’s online habits--where a person browses, how long they linger at a particular page, what they buy and when, etc.--ad serving companies are increasingly better able to predict what kind of advertising that person may be most interested in seeing or more likely to respond to. An analysis of 15 media companies’ ability to target based on information collected was conducted for the article by comScore. [Source] See also: [The Economist: Your call is important to us]
Domain hoster Go Daddy has shut down a Web site that lets people criticize individual police officers, saying it was using too much bandwidth. But the site owner says he is being censored after police complained. Up recently, visitors to RateMyCop.com were able to post comments and ratings on specific police officers. The site disclosed officer names and badge numbers, which is public information. [CNET]
A new Facebook application aims to inject more commerce into the social playground by paying Facebook members who help merchants sell to their friends. The program, called Market Lodge, revolves around the notion that consumers are more likely to buy merchandise or services recommended by someone they know and trust. Market Lodge will pay Facebook members a 10 percent commission on all sales made on their recommendations. [SiliconValley.com]
The Federal Trade Commission (FTC) will collect $2.9 million from online advertiser ValueClick, Inc., in the largest settlement to date based on the 2003 CAN-SPAM Act. The agency charged that ValueClick made deceptive advertising and e-mail claims and violated federal law. The agency also charged that ValueClick and its subsidiaries, Hi-Speed Media and E-Babylon, failed to protect consumers’ personally-identifiable information, despite claims they had. In addition to the $2.9 million civil penalty, ValueClick and Hi-Speed Media must create a comprehensive security program subject to external audit for 20 years, among other requirements. [Source]
The Privacy Act of 1974 is in need of improvements to ensure its relevance into the future, CDT Deputy Director Ari Schwartz said in testimony before a congressional panel today. The Act’s limitations are particularly apparent with regard to government use of commercially compiled personal information, Schwartz told the House Government Affairs Subcommittee. Commercial information plays a key role in important government functions, like law enforcement and national security. However, agencies relying on that data should have clear guidelines on its use. The role Privacy Impact Assessments play in protecting privacy is essential. Two bills help bolster PIAs: S.2341 lays out “best practices” guidelines and HR 4791 requires PIAs for government use of commercial databases. CDT believes Congress should create a Commission to review the Act and suggest possible reforms. [Ari Schwartz testimony before House Government Affairs Subcommittee, March 11, 2008]
A proposed amendment to a New Hampshire bill designed to regulate the use of RFID has been killed by committee, reports WMUR.com. Rep. Joel Winters proposed the measure, which would have required businesses to label any product embedded with RFID. “I was very disappointed,” Winters said of the ruling. “This was legal work that’s been going through the House for several years.” Although the labeling measure failed, the House will continue discussions on RFID legislation. [Source]
Implanted heart defibrillators, which automatically shock a fluttering heart back into a normal rhythm, can be hacked from the outside, U.S. researchers reported last week. There is no immediate danger to patients, the team of computer experts, electrical engineers and cardiologists said. But they made one Medtronic Inc device give up patient information off its computer chip, got it to fire improperly, and ran its battery down, all using inexpensive equipment. They offered a way to fix these weaknesses and said they were publishing their findings not to frighten patients but to inform the industry and regulators. “It may be possible to deter malicious activities by making patients aware of those activities,” the authors wrote. Their report, is available on the Internet at http://www.secure-medicine.org. More and more devices will use radio technology to communicate with physicians. “Right now these devices communicate over several feet most of time but it concerns us that in future they will communicate over longer and longer distances, so we want to initiate the discussion now,” he said. Between 1990 and 2002, more than 2.6 million pacemakers and ICDs were implanted into patients in the U.S. [Source]
Toronto-based Executive Risk Insurance Services will now cover corporate clients for costs associated with data breaches. So far, only a few Canadian companies have signed up, but “it’s an emerging risk that more and more boards are becoming aware of.” The Executive Risk privacy breach policy includes coverage of costs associated with: notifying customers of a breach; compensating customers for costs of repairing credit damage; computer damage repair costs; compensating credit card companies; and costs of dealing with regulators or paying fines.[Source]
A bill to extend HIPAA by placing more privacy restrictions on electronic medical records failed in the New Hampshire House, 166-150. Opponents felt the measure would create unnecessary financial and bureaucratic burdens, while supporters argued that patients should have greater control over their health records. “It’s really about power and money,” said supporter Rep. Neal Kurk, R-Weare. “The hospitals don’t want to give up control on who has access for these records. Hospitals don’t want to change. They want to keep their power.” Despite defeat, the bill is headed back to interim study. [Source]
Adults in Canada welcome the use of security cameras to prevent and solve crime, according to a poll by Angus Reid Strategies. 69% of respondents think the devices are necessary, while 21% disagree. In addition, 63% of respondents believe the need for safety trumps individual privacy rights on the topic of surveillance cameras, while 20% think individual privacy rights should always come before safety concerns. Source: Angus Reid Strategies See also: [Opinion]
More than 4,500 cameras in Chicago public schools are being connected to police headquarters and the city’s 911 center in a technological upgrade designed to improve safety, officials said last week. In an emergency, arriving officers also will be able to view real-time images from the cameras on screens in their squad cars. [Source]
A University of Victoria researcher will examine the effects of video camera surveillance during the 2010 Winter Olympics in Vancouver, British Columbia. UVic political scientist Colin Bennett says his study “will look at the social consequences of monitoring human action and behaviour for issues such as privacy, civil liberties, discrimination and equity.” Construction and infrastructure projects underway in preparation for the Olympics include an extensive surveillance network. [Source]
A Pentagon domestic surveillance program plan, scuttled as too broad and intrusive of citizen privacy, has been slowly taking shape within the National Security Agency. The NSA is quietly gathering a broad swath of electronic communications data and searching for patterns that may hint at terrorist activity. Examples of the kinds of information being collected and analyzed by the NSA include: email sender, recipient, subject and time; Internet browsing activity and searches; cellular phone call sender, recipient and call duration; telephone call sender, recipient and call duration; financial transactions and credit card use; and air travel information. [Source] [Case Report - Arbitrator articulates standard for use of surreptitious surveillance]
Spam has begun to plague the text services of cell phone subscribers. Industry estimates put the number of text messages sent to cell phones between 1.1 and 1.5 billion per year, and Verizon Wireless says it blocks more than 200 million spam text messages per year. Text message spam is seen as a bigger problem because texting costs the recipient money and is perceived as a greater privacy violation. “We have every incentive to stop spam texts from getting through, since we end up footing the bill for a lot of it,” Verizon Wireless spokesman Jeffrey Nelson told the Post. “The longer a service like text is out there, the bigger the bulls’-eye gets.” [Source]
Today CDT submitted written comments to the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee on the substantial privacy and civil liberties risks of E-Verify, the DHS program to electronically verify the work eligibility of newly hired employees in an effort to combat illegal immigration. CDT urged the Committee to make recommendations to DHS and Congress to provide adequate safeguards and procedures to protect the rights of workers. [CDT Comments on Privacy and Civil Liberties Implications of E-Verify, March 12, 2008]
The Justice Department inspector general investigating FBI privacy abuses said that the agency’s violations increased during 2006 as it obtained information about American citizens in its ongoing anti-terror activities Measures implemented to curb such violations have been put in place, but Inspector General Glenn Fine said “It is too early to tell whether these measures will eliminate fully the problems.” Following the 9-11 terror attacks, the FBI improperly used security letters to obtain financial, communications and other customer records to identify possible terror suspects. [Source] See also: [VA Breach A Case Study In What Not To Do]
After its first secret session in a quarter-century, the House last week rejected retroactive immunity for the phone companies that took part in the National Security Agency’s warrantless eavesdropping program after the Sept. 11 attacks, and it voted to place greater restrictions on the government’s wiretapping powers. The decision, by a largely party-line vote of 213 to 197, is one of the few times when Democrats have been willing to buck up against the White House on a national security issue. It also ensures that the months-long battle over the government’s wiretapping powers will drag on for at least a few more weeks and possibly much longer. [Source]
Increased use of data acquired from data brokers by governmental agencies, and use of that data, has legislators concerned for citizens’ privacy, and new legislation regulating its use within the government is being considered. While no bills have yet been drafted, Federal Computer Week reports that a March 11 hearing revealed the Office of Budget and Management has issued ambiguous guidelines, and that some believe new rules are needed to address advances in data technology, while others feel an overhaul of the Privacy Act of 1974 may be in order. [Source] See also:
[UK: Counselling Service admits breach of trust after releasing over 300 emails]
A Sacramento newspaper has come under fire for publishing information on California state workers. Names, salaries, job classifications and work locations have been made available through a searchable database on the newspaper’s Web site. The issue of most concern has been the privacy of state employees. By including the names and work locations of the workers, claim some, such a database could jeopardize the safety of individuals whose information is made available. The Bee was not receptive to removing names, even when a state workers’ safety is an issue. “The Bee did not set out to embarrass anyone or to invade anyone’s privacy – government pay is public record, not private information,” claimed The Bee. “In California, salary data is public information, and some of this information has been published previously by The Bee along with other publications or by government entities.” [Source]
--------