ABN AMRO is introducing voice verification for its telephone banking customers in the Netherlands. The computer verifies whether the voice matches the caller using more than 100 biometric characteristics (pitch, frequency, soft and hard palate, jaw structure, etc). Voice verification will initially be applied to customers making balance enquiries, transfers and investment orders via the telephone. This is done by speaking the account number. Customers will not have to remember pass codes anymore. With this new method of banking ABN AMRO is responding to modern developments. 95% of all transactions are now conducted through direct channels (the internet and telephone). [Source]

CA – Ontario Privacy Chief Issues Order in Medical Records Breach

A patient undergoing heart surgery specifically asked that her estranged husband and his girlfriend – both hospital employees – not have access to her electronic medical records. In a complaint filed with the Ontario Information and Privacy Commissioner, Dr. Ann Cavoukian, the woman said her file was accessed without authorization 10 times during a six-week period. Cavoukian ordered Ottawa Hospital to take a number of steps in the wake of the breach, including a review and revision of practices and procedures related to patient privacy. [Executive Summary] [Order] [Ottawa Hospital’s Unbelievable Privacy Failure]

CA – Privacy Commissioner Launches Investigation of SWIFT

The Privacy Commissioner of Canada, Jennifer Stoddart, has officially launched an investigation of the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a European-based financial cooperative that supplies messaging services and interface software to a large number of financial institutions in more than 200 countries, including Canada, to determine whether personal information relating to Canadians’ financial transactions is being improperly disclosed by SWIFT to foreign authorities. In addition to its investigation of SWIFT, the OPC has also received complaints against several Canadian financial institutions and is investigating their involvement. [Source] [Coverage]

CA – Survey: Majority of Canadians Concerned About Online Privacy, Security

The Canadian Internet Use Survey for 2005 was published this week. StatsCan says that about 60% of Canadians bank online, and 40% ordered personal goods or services over the Internet last year. But 75% indicated they were worried about privacy and security online, and 57% were very concerned about using their credit card online. StatsCan surveyed more than 30,000 people aged 18 and over for the report. [Source] [Source]

US – U.S. Government Offers Reward for Return of Missing Laptop

The Department of Transportation (DOT) has offered a $10,000 reward for the return of a stolen government laptop that contained the personal information on 133,000 Florida residents. An agent with the DOT’s office of the Inspector General had been working at home on a fraud investigation and missed the most recent security upgrade that would have added encryption to protect the information on the laptop. [Source]

US – ‘Worst Ever Security Flaw‘ Found in Deibold Voting Machine

This may be the worst security flaw we have seen in touch screen voting machines, says Open Voting Foundation president. Upon examining the inner workings of one of the most popular paperless touch screen voting machines used in public elections in the U.S., it has been determined that with the flip of a single switch inside, the machine can behave in a completely different manner compared to the tested and certified version. [Source] [Images] [Illustration] [Pa. Sued Over Electronic Voting Machines]

US – VA to Install Encryption on Agency Laptops

The Veterans Affairs Secretary has announced “a system-wide encryption program” to improve the “safety and security of sensitive veteran information.” Encryption technology will be installed in laptops over the next month and desktop computers will then undergo the security upgrade. [Source]

UK - Internet Fraud Slips Through Police Fingers, Says Attorney General

Internet fraud accounts for 8% of all fraud in the UK, according to the Attorney General’s office, which says that fraud costs the UK billions of pounds every year. The Attorney General has published the final report of his fraud review and has found that internet fraud can sometimes slip through current policing procedures and cost users and businesses dearly. [Source] [Report: Fraud Review]

UK – Survey: Much British ID Theft Not Reported

A British survey finds that many victims of identity theft apparently do not report the crime to police. 10% of the 2,000 people 18 or older who were polled said they have been victims of the crime. The group most likely to be victimized are those under 30. That appears to be because many young adults do not realize how vulnerable they are. Investigators say the number of reported cases grew almost seven-fold in six years, from 20,000 cases in 1999 to 137,000 in 2005. Many cases are not only unreported, they are undetected even by the victims. [Source]

UK – U.K. Internet Bank Data Sold in Africa, Report Says

Bank account details belonging to thousands of Britons are being sold in West Africa for less than £20 each, the BBC’s Real Story programme has found. It discovered that fraudsters in Nigeria were able to find internet banking data stored on recycled PCs sent from the UK to Africa. [Source]

CA – Atlantic Provinces Contract Drivers Licenses to U.S. Firm

The Atlantic provinces have agreed to move to a common licence, awarding an $18-million contract to a subsidiary of an Oregon company to produce them. Prince Edward Islanders will be the first to get the new-look licences, starting this fall. Nova Scotians won’t start seeing them until 2009 because of the current revamping of government’s information system. Thhe new licences will look the same, except for the province’s name and logo at the top. [Source] [Official says data in DL safe from Patriot Act]

CA – Petition Asks Government to Prohibit TPMs on IT Devices

Concerned Canadians are collecting signatures for a petition that will ask the government to mandate consent from users before technological protection measures are applied to their hardware devices. A draft of the petition, which has been published by Digital Copyright Canada, focuses on the use of technological protection measures (TPMs), which Digital Copyright argues strips users of their rights and exposes them to unnecessary security risks such as Sony’s rootkit. The group plans to present the petition in Parliament later this year. [Source]

WW – Child Online Safety Card Launched in Australia, Canada, UK and USA

A virtual ID card designed to keep children safe while they’re surfing the net has been launched in the UK, US, Canada and Australia. The Net-ID-me is a secure electronic identity card that displays the user’s first name, age, gender, and general location. It can be swapped by children online when using chatrooms, instant messaging and social networks. [Source] [Press Release] [Net-ID-Me website]

WW – US ‘Worst’ For Online Child Abuse

More than 50% of online images of child abuse reported to an internet watchdog can be traced to the US. Investigations by the Internet Watch Foundation (IWF) found nearly 2,500 US sites containing illegal images. The IWF study also said that some sites that contain the illegal content remain accessible for up to five years despite being reported to relevant authorities. US still the worst place for child abuse images. [Source]

NZ – Parents Scare Kids Off Crime with Police ID Database

New Zealand Police are collecting voluntary samples of children’s finger and palm prints for a nationwide juvenile print database, in a desperate bid by parents to scare their children off crime. “Feedback from parents is that it’s a wake-up call for the youths, and crime prevention.” [Source]

WW – Google to Keep Storing Search Inquiries, CEO Says

Although he was alarmed by AOL’s haphazard release of its subscribers’ online search requests, Google Inc. CEO Eric Schmidt said the privacy concerns raised by that breach won’t change his company’s practice of storing the inquiries made by its users. “We are reasonably satisfied... that this sort of thing would not happen at Google, although you can never say never,” Schmidt said during an appearance at a major search engine conference in San Jose. [Source]

WW – Amazon ‘Plans World’s Biggest Personal Data Stash’

Amazon.com is investing in IP to create the largest database of personal information ever gathered by an online retailer, according to the Seattle Post Intelligencer. The database would, mingle information on sexual orientation and race, as well as purchasing habits, according to Patent application 20060178946

(“Providing gift clustering functionality to assist a user in ordering multiple items for a recipient”) which was filed last December and published last week, although it has yet to be granted. The patent application is the latest in a long line of database mining techniques for online ordering filed by Amazon.com, and is no more intrusive than many other over-reaching patent applications. Amazon has patented, or attempted to patent, search histories, gift certificates, and customer reviews. In the aftermath of AOL’s release of search queries from over half a million users recently, it is however, a lot more topical. A suggested implementation of Application ‘946 includes data such as “education levels, genders, income levels, interests, races, ethnicities, religions, occupations, sexual orientations”, which could not be accurately inferred from a user’s purchasing history, and could only be gained from external sources or information volunteered by the Amazon user. [Source]

US – Analysis: “MySpace Bill” Would Block Valuable Internet Content

A bill that would force schools and libraries to block access to online chat and social networking tools would violate the constitution and prevent many lower-income people from using valuable Internet tools, according to a new CDT analysis released today. The Deleting Online Predators Act (DOPA) -- often called the “MySpace Bill” – would require schools and libraries to filter access to chat and social networking tools or lose their federal e-rate funding. Because chat and social networking are so deeply ingrained in Internet communications, and are a part of a great diversity of web sites, the legislation could force librarians to cordon off vast amounts of valuable Internet content. The bill would place the Federal Communications Commission in the untenable position of either ordering the blocking of all sites with chat capability, or engaging in a clearly unconstitutional process of picking which sites to block. [CDT Analysis: Deleting Online Predators Act]

US – Washington Attorney General Files Second Case Under Spyware Law

Washington State Attorney General Rob McKenna this week announced that he had sued four California companies for violating Washington’s 2005 anti-spyware law. According to the complaint, the defendants install difficult-to-remove software on victims’ computers that barrages them with payment demands for a movie download service. The lawsuit is the second filed under Washington’s Computer Spyware Act. Enforcement is a key prong in the war against spyware and unwanted adware. A recent CDT report detailed enforcement efforts at the federal and state levels. [Complaint] [26 June 2006 CDT Report on Spyware]

US – Department of State Begins Issuing Electronic Passports to the Public

The public launch of the US RFID e-passport begins this week. According to the official announcement from the US State Department, production has started at the Colorado Passport Agency and will be expanded to other production facilities over the next few months. Try the US Electronic Passport section of the department’s website for more information on the program. [Source] [Source]

UK – Study: Hard Disks Still Scrapped with Data Intact

Companies are still selling on old hard drives without taking the slightest precaution to wipe business-sensitive data first, a study has found. A University in Wales analysed 317 hard drives purchased second-hand in the UK, Australia, Germany and the US. About 35–40% of these turned out to come from businesses, 23% of which contained enough information to identify the specific company that had owned them, using only off-the-shelf analysis tools. A shocking 5% held sensitive business information. A further 25% came from individuals, while the remainder could not be identified. Researchers found many hard drives choc-full of porn, and even had to refer two hard drives to the police for suspected paedophile crimes. The study - a follow-up to an almost identical one conducted last year - found that the treatment of hard disks had barely improved since then. [Source] [Source]

US – Consumer Reports’ 2006 State of the Net Report

According to Consumer Reports’ 2006 State of the Net report, computer users have a one in three chance of falling prey to viruses, spyware or phishing attacks. The chances of becoming a victim of malware are equivalent to figures from last year’s survey, but the actual numbers of spyware and virus infections recorded in the survey have dropped since 2005. Of the 2000 US households surveyed this spring, 20% did not have anti-virus software and 35% did not have spyware blockers. [Source] [Source]

US – EFF Wants FTC to Investigate AOL’s Privacy Practices

The Electronic Frontier Foundation filed a complaint asking the FTC to investigate AOL and require strengthening of its privacy protections after the Dulles-based firm recently released 20 million search records of 658,000 AOL users. In its complaint, the advocacy group contended that the data release violated AOL’s privacy policy and the FTC Act’s bar on deceptive or unfair trade practices. [Source]

US – DirecTV Telemarketer to Pay FTC $75,000 Penalty

Nomrah Records Inc. and its president, Mark Harmon, have settled a Federal Trade Commission case related to allegations that DirecTV, and others who did telemarketing for the company, had violated the DNC rule and the Telemarketing Sales Rule. Under the settlement, Harmon must pay a $75,000 civil penalty and both he and the company are prohibited from violating both rules in the future. [Source]

US – Scare Sparks Debate On Frequent-Flier Screening

The failed terrorist plot to blow up U.S.-bound airlines could spur support for a fledgling program intended to streamline security checks for frequent fliers. But last week’s development also could have the opposite effect, increasing fears that the program will divert security efforts for the benefit of a small number of fliers, among other concerns. [Source] [U.S. Officials Say Plot Shows Need for More Sharing of Passenger Data]

US – AOL Search Data Exposure Renews Focus on Privacy Legislation

The recent exposure of search queries of more than 650,000 AOL customers has reinvigorated interest in proposed legislation that could prevent future data exposure. US Representative Ed Markey (D-Ma.) introduced the Eliminate Warehousing of Consumer Internet Data Act (EWOCID) in February, and said this week that AOL’s recent blunder only reinforces the need for the legislation. EWOCID would place limits on the amount of personal information held by web sites; it would also require all web site operators to delete personal information, including names, email addresses and in some cases, Internet Protocol (IP) addresses, from their logs “within a reasonable period of time.” [Source] [Source] [Source]

--------