WW – CIO Panel Predicts Which Biometrics Will Replace Passwords and PINs

According to UK IT chiefs, iris and fingerprint-scanning technology will replace passwords and PIN numbers as the long-term answer to identity management problems. An overwhelming majority of IT bosses - 11 out of the 12-man CIO IT user panel - predicted biometrics will overcome the current technical and standards issues to be a more user-friendly and secure alternative to passwords. [Source]

WW – Expert Panel: Biometrics Struggle to Go Mainstream

A host of problems is keeping biometric security from becoming a mainstream application, a panel of experts at this year’s RSA Conference concluded. One of the major problems is a lack of agreed standards that prevents organisations from using equipment from several vendors in creating interoperable networks. The panel conceded that availability of hardware was not enough to guarantee adoption of biometrics, and that “bullet-proof authentication and security” is a myth: many low-end fingerprint scanners can be easily spoofed, and remain highly prone to low accuracy from false positives and negatives. Ease of use can also be a problem: up to 20% of elderly people were unable to use one of the tested biometric device. Disney World in Orlando installed biometric-enabled turnstiles to allow customers with multi-day access passes easy access to the park. But the technology worked so poorly that the theme park was forced to put a staff member next to every scanner to speed up queues. Biometrics technology is mainly struggling to cross over from government applications to the public sector, as vendors remain primarily focused on selling to governments. There is only limited commercially available research on the accuracy, cost and ease of use of biometric security to allow potential buyers to make informed decisions. Government agencies such as intelligence services and the armed forces have done extensive research, but are keeping those results under wraps. [Source]

UK – Face Recognition Program to Fight Child Pornography

European forensic scientists have developed a state-of-the-art computer program to help track down child victims of sexual exploitation on the Internet. The prototype program – the first of its kind – can discriminate between the faces of children, youths, and adults with great precision. Scientists and police hope to refine the software enough to be able to scan the massive amounts of image data that investigators routinely confiscate. The software would automatically filter out images of children from older people, thereby relieving police of having to do the job manually. [Source]

CA – Do Not Call Registry Moves Forward

The Cdn Radio, Television and Telecommunications Commission is seeking public comment about the development and operation of a national DNC list. The CRTC has the authority to choose a 3^rd-party administrator to run the DNC list, and also the power to levy administrative & monetary penalties. [Source]

CA – Survey: Privacy Is Not Just a Compliance Issue

Larry Ponemon, president of the Ponemon Institute, said companies have to take privacy outside the legal department directly to customers. To foster consumer confidence in businesses and their online operations, privacy has “become a pillar of trust.” The Ponemon Institute and the Carlson Marketing Group in Toronto conducted a survey of 695 Canadians. The survey found that privacy concerns are on the rise among consumers. [Source]

CA – SSHRC “Reconsidering Privacy & Confidentiality in the TCPS”

Canada’s Social Sciences and Humanities Research Council (SSHRC) has begun a public consultation “on evolving the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (TCPS)” to be more inclusive of the full diversity of Canada’s research community with respect to privacy and confidentiality issues. The deadline for receiving submissions is 10 April 2006. [Source]

US – Survey: Need for Privacy Officers and Better Employee Training

A survey by Marketing Improvement found that only 28% of 100 firms could properly direct a call seeking to speak to the company’s Privacy Officer. The researchers also looked at whether the switchboard operators – when asked if the caller could speak to the privacy officer – understood the question. The survey found that 26% of the operators responded with an immediate “no idea.” The results revealed that 34% of the companies had a Privacy Officer. The survey recommends that companies hire a Chief Privacy Officer and ensure that employees have accurate information about their company’s privacy pro. [Source] [Report]

US – Congressman Wants Retailer ID’d in Data Breach

The top Democrat on the U.S. House Financial Services Committee last week said he would consider legislation to require credit card companies to name the party responsible for consumer data breaches. In nearly identical letters to the chief executives of Visa USA and MasterCard International, Massachusetts Rep. Barney Frank said a company responsible for security systems that are breached should be the one to notify customers, or should be identified publicly as the party responsible for the breach. Frank’s letter follows an announcement last week from Visa USA that a data security breach at a U.S. merchant may have compromised some account information, prompting at least two banks to reissue some debit cards. [Source] [Fraud probe widens]

US – OMB Official Urges Agencies to Complete Privacy Assessments

The Office of Management and Budget (OMB) reminded CIOs to finish privacy impact assessments before issuing credentials under Homeland Security Presidential Directive 12. Karen Evans, the OMB administrator for e-government and IT, last week gave agencies five examples to use as models to comply with privacy requirements before the issuance of new credentials. [Source]

US – Bulk E-Mailer, Hacker Gets Eight Years in Prison

A bulk e-mailer who looted more than a billion records with personal information from a data warehouse has been sentenced to eight years in prison, federal prosecutors said. Scott Levine, 46, was sentenced by a federal judge in Little Rock, Ark., after being found guilty of breaking into Acxiom’s servers and downloading gigabytes of data in what the U.S. Justice Department calls one of the largest data heists to date. [Source]

EU – Leading Operators Join Forces to Tackle Mobile Spam

The GSM Association (GSMA) has brought together 15 of the world’s leading mobile phone operators, representing 500 million customers in more than 50 countries across all regions of the world, to sign a code of practice committing them to work together to minimize spam sent via text and picture messages. Overseen by the GSMA, the code commits the operators to work together to investigate cases of mobile spam transmitted across mobile networks and take action where appropriate. Through the code, the operators plan to introduce anti-spam conditions into all new contracts with third party suppliers, enabling them to suspend or terminate the mobile contracts of spammers. [Source] [Code of Conduct Summary]

CH – China to Crack Down on Spam

China is cracking down on junk e-mail and illegal mobile phone text messages. A new regulation will ban sending e-mail for advertising purposes to people without their permission, and all advertising e-mail must be titled “advertisement” or “AD”. [Source]

UK – Research: Lax Data Protection Compliance Fueled In Part by Weak Enforcement

Opt-4, a U.K. data protection consultant, and KyteMark, a market research company, have found that companies are not keeping track of consumer opt- outs from marketing materials. Companies may be flouting data protection rules out of a perception that the Office of the Information Commissioner has weak powers to enforce the Data Protection Act. [Source]

US – Report: Centralized Voter Databases Must Be Secured

The Association of Computing Machinery (ACM), a professional organization of computer scientists, warns that state election officials may not have taken proper security precautions to guard against fraud. In a 60-page report released last week, the scientists call for more aggressive steps to protect the security, privacy and reliability of computerized, centralized databases of voter records that are mandated by U.S. federal law, which the report says are vulnerable to stealthy and undetectable forms of manipulation by political operatives. Unless proper authentication practices are followed, security flaws could permit hackers to insert fraudulent names into voter databases or delete names of eligible voters. “Since there are many ways that an attacker might try to subvert the system, one needs processes that encourage secure system design and detect and close significant vulnerabilities,” the ACM report says. Privacy is another topic singled out for attention. Although laws may vary, all states permit voter registration data to be sold for political purposes such as campaigning and direct mail. But 20 states and the District of Columbia also allow unrestricted access for commercial purposes such as marketing. [Source]

EU – EU Justice Ministers Approve Data Retention Directive

EU justice ministers have approved a controversial new law requiring telecom operators to store phone and Internet data for 6-24 months to help fight terrorism. The so-called data retention directive has been the subject of a heated political debate in Brussels for over a year, with supporters saying it is needed to track down terrorists, pedophiles and criminal gangs, and civil liberties campaigners arguing it is an intrusion on basic rights. EU members have 18 months to implement the new data retention rules [Source] [Source] [Privacy International Warns EU on Data Retention] [Source]

UK – ID Card Project Slips Back a Year

The government’s £5.8bn national ID card project has slipped back a year following delays in passing the ID card bill through Parliament, a government minister conceded this week. Home Office minister Andy Burnham said that the first ID cards would not be introduced until 2009, a year later than originally planned. Procurement for the project would start immediately after the bill receives royal assent, expected in March, Burnham revealed. [Source]

EU – Article 29 Working Party Issues Opinion on Whistleblowing Compliance

The Article 29 Working Party has issued its latest guidance on helping US companies navigate the whistleblowing requirements of the Sarbanes-Oxley Act without running afoul of the EU Data Protection Directive. To ensure the data is collected fairly, the whistleblowing schemes should not allow anonymous reporting, according to the opinion. [Source]

US – Debit Card Security Breach Results in Canceled Cards

Thousands of debit cards have been canceled and replaced in recent weeks after U.S. banks discovered security problems, apparently after “a retailer lost control of their data”. One bank caught $55,000 in fraudulent charges. The FBI is investigating. One monitoring program discovered $22,000 in fraudulent charges on an unspecified number of debit cards. Most were ATM withdrawals from around the world, including St. Petersburg, Russia; Spain and across the U.S. Some withdrawals were spotted because they were made shortly after transactions in Fresno, leaving too short a time for the person to travel to Russia or other locations. [Source]

US – Federal Intelligence Agencies Reclassify Thousands of Documents

Intelligence agencies have reclassified about 9,500 documents that were available to the public for years at the National Archives, according to a recent report by the New York Times. The effort began seven years ago after the CIA and five other agencies complained about the implications of a declassification order signed by President Clinton in 1995. About 8,000 documents have been reclassified during the Bush presidency alone. Documents that have been taken off the Archive’s shelves through the program include decades-old reports from the State Department, as well as historical documents that researchers photocopied and have kept in their files. [Source]

US – Judge Dismisses Challenge to Federal DNA Law

Anyone convicted of a federal felony will have to continue providing a DNA sample. A federal judge in Tulsa is dismissing a lawsuit challenging the practice as unconstitutional. Judge Terence Kern says the government’s interest in collecting DNA outweighs the “minimal privacy interest” of the convicted felons. A group of people who were convicted of nonviolent felonies filed the lawsuit saying that forcing them to provide blood samples for a DNA database is an unreasonable search and seizure. An attorney for the group says an appeal of the ruling that upholds the law is likely. [Source]

UK – MP Slams “out of control” DNA Database

An “out of control stealth database” storing thousands of innocent people’s DNA is being created because of a lack of guidelines and controls over how police collect DNA, according to a campaign group led by a Conservative U.K. MP. More than 100,000 innocent adults have their DNA permanently stored on the national police database. Figures obtained by the MP show more than 24,000 children aged between 10 and 18 have had their DNA added despite never being cautioned or charged for any offence. The figures show that Northamptonshire police are adding innocent kids’ DNA profiles at the fastest rate - 182 per 100,000 children each month. [Source]

US – NY State Troopers Lose Medical Privacy Suit

New York state troopers have lost a lawsuit that sought to prevent the law enforcement agency from forcing its employees to reveal confidential health records. The union representing state troopers claimed state police officials coerced troopers into disclosing personal information that’s protected under the federal HIPAA. The troopers union alleged that state police officials threatened to discipline or fire employees who didn’t divulge their medical records. A state Supreme Court judge in Albany has rejected the union’s allegations and said two troopers who refused to sign health record disclosure waivers put themselves and the public at risk. The judge said state police must protect the public from employees who aren’t mentally or physically capable of performing their duties. [Source]

US – Blue Cross Says Contractor Took 27,000 Social Security Numbers

The names and Social Security numbers of about 27,000 Blue Cross and Blue Shield of Florida current and former employees, vendors and contractors were sent by a contractor to his home computer in violation of company policies, the company said. The contractor had access to a database of identification badge information and transferred it via e-mail to a home computer. Blue Cross is declining to name the contractor because the breach is being investigated by the U.S. Attorney’s Office and the FBI. More than half of the information was that of current and former employees. Blue Cross is notifying those affected and will provide them with a year’s worth of free credit monitoring service. [Source]

US – Government Accidentally Releases Farmers’ Social Security Numbers

The Agriculture Department says it accidentally released Social Security numbers and tax IDs for 350,000 tobacco farmers. But the department says those who received the information agreed to destroy copies and return discs to the government. The agency said it inadvertently released the data in response to Freedom of Information Act requests about the tobacco buyout program. The information went to eight different people or groups. [Source]

US – Auditor Working For Security Software Maker Loses CD Containing Personal Data

An auditor left behind an unencrypted CD containing the personal information of thousands of employees of McAfee, the security software company. The CD, which contained the information of 3,290 current employees and 6,000 former employees, was forgotten on a plane Dec. 15. The auditor did not report the CD was missing until Jan. 8. [Source] [Source]

WW – Surfers Still too Careless With ID, Says British Telecom (BT)

BT has said UK web surfers are still doing too little to protect themselves against identity theft and has released a web user guide in an attempt to stop the problem escalating even further. The 10-point guide has been put together by BT in association with CPP, LloydsTSB, the Met Police and Yahoo! as well as the Get Safe Online initiative. The head of security at BT Global Services said identity theft is still on the rise, dubbing it a “silent part of fraud in the UK”. Stanton cited figures from the UK government which suggest fraud accounted for £1.7bn in the UK last year. Although those figures have subsequently been subject to serious doubts, it’s undeniable that identity theft is a major problem. [Source]

EU – German Parliament calls for Blanket Monitoring of Telecommunications

After an intensive debate, the grand coalition passed a bill last week with few nay votes from within to have telephone and Internet data archived for six months as required by an EU directive. The German government is now obligated to “carefully” record “a minimum” of the data tracks users leave in order to implement the EU directive. The opposition did not mince its words. A former Justice Minister called the law an “excessive” measure that was extremely unlikely to help prevent crime. She complained that it will soon be possible to tell who surfed the Internet and who called whom down to the minute even months after the fact. She called this a “breach of the principles of prevention and criminal prosecution,” especially because the records do not have to be related to any specific suspicion. The FDP politician commented on the compensation called for by the coalition to cover the extra expenses that telecommunications providers will incur to fulfill this condition by saying, “citizens are being required to pay for their own monitoring.” [Source]

CA – Toronto Police Officer Found Guilty of Misusing Police Database

A police tribunal ended with the loss of 18 days’ pay for a Toronto police officer who conducted 13 unauthorized computer searches “for personal curiosity for personal benefit.” The 24-year veteran accessed the Canadian Police Information Centre (CPIC) database to conduct the searches on six people. “The reputation of the Toronto Police Service was repetitively hurt as this case played out through the media… CPIC violations are serious acts of misconduct in that they are a breach of privacy rights and a breach of contract with the RCMP ... Accessing private and protected information for personal and private use is an unethical breach of trust.” [Source]

US – Homeland Security Official Suggests Banning Rootkits

Jonathan Frenkel, director of law enforcement policy at the U.S Department of Homeland Security, has raised the idea of outlawing the use of rootkits in light of Sony rootkit incident. Frenkel said that “the recent Sony experience shows us that we need to be thinking about how we ensure that consumers are not surprised by what their software programs do.” [Source]

US – Combatting Crimes Against Children A Top Priority for U.S. DOJ

Fighting cybercrime will be a top priority for the U.S. Department of Justice, according to U.S. Attorney General Alberto R. Gonzales. In his remarks to address the Department’s areas of focus for the coming year, Gonzales announced the Project Safe Childhood Initiative to combat crimes against children facilitated by computers. The new initiative calls for strengthening resources available to law enforcement and a national prevention education campaign. For more information on the program, please see the U.S. Department of Justice’s Fact Sheet. [Source] [FBI Director Seeks Help from Businesses on Cybercrime]

JP – New Privacy Law Impedes Pollsters Seeing Public Opinion

The Personal Information Protection Law that took effect last year is making it difficult for pollsters and researchers to gather opinions from citizens. People are refusing to cooperate and local governments have denied researchers access to the Basic Resident Register files. [Source] For those interested, see official translation of Japan’s personal information protection law .

US – Google Criticizes Bush Administration over Subpoena

Last week Google criticized the Bush administration’s demand to examine millions of its users’ Internet search requests as a misguided fishing expedition that threatens to ruin the company’s credibility and reveal its closely guarded secrets. If the U.S. Justice Department is successful in obtaining a week’s worth of search terms from Google, a second round of subpoenas is shaping up to be far more intrusive. [Google brief] Coverage at [Source] [Google Admits Desktop Risk]

US – Companies Ban Google Desktop 3

Cleveland State University and Johnson Controls, a manufacturing company, have both banned the use of Google Desktop 3 on their computer systems. The software has a new feature, Search Across Computers, that does what its name suggests while also storing copies of users’ files on Google servers for up to 30 days. For the University, the security risk of having data on public servers is too great. Similarly, Johnson Controls handles government contracts that include secure, classified information and its own intellectual property. [Source] See also: [Gartner Warns of “Unacceptable Risk” in Google Desktop]

US – Most Americans Don’t Like Saving Searches, Survey Says

Most Americans are uncomfortable with the fact that Internet search engines record their users’ queries, according to a survey that examined perceptions about federal authorities’ demands for such records. Search engine companies recently sparked the debate by responding differently to the Justice Department’s subpoena for records on what their users had been looking up. [Source]

US – Survey: Strangers, Online Dangers Are Among the ID Theft Myths

A study that relied on 5,000 telephone interviews with consumers reveals the changing tactics of ID thieves and some persistent myths about ID theft. For example, the survey indicates that awareness of ID theft has led to fewer victims. Seniors are not the most frequent target of ID thieves. The survey indicates that it is not accurate that thieves steal personal information most often online. Acquaintances or relatives are more often the ones who steal personal information, not strangers. [Source]

US – Americans Give Stamp of Approval to U.S. Postal Service for Privacy

The Ponemon Institute conducted a survey rating Americans’ opinions about whether federal agencies do a good job of protecting personal information. The U.S. Postal Service placed first in the survey. [Source]

US – Meeting Notice: DHS Data Privacy and Integrity Advisory Committee

The Department of Homeland Security has announced that the next meeting of the Department of Homeland Security Data Privacy and Integrity Advisory Committee, which will include an administrative session closed to the public, will be held on Tuesday, March 7, 2006, in Washington, DC. [Source]

US – Sun Chief Underscores How Privacy, Security Are Essential To Online Success

During a recent keynote address, Scott McNealy, the CEO of Sun Microsystems, stresses the importance of protecting users’ privacy and securing their data. Companies are recognizing that privacy is good for business – a “hard won lesson in the industry, and one for which consumers continue to pay.” [Source]

WW – How to Kill RFID Tags with a Cell Phone

RFID tags have quickly found their way into identification badges, shipping containers, even ordinary store products. Because, unlike barcodes, the tags can be read surreptitiously, a number of groups have raised privacy concerns. To address these concerns, leading RFID makers have created so-called “Gen 2” chips that will divulge their data only after a reader transmits the correct password. The new chips can also be triggered by a different password to silently self-destruct, for example as a customer leaves a store. Encryption protects the password transmission. But renowned cryptographer Adi Shamir of Weizmann University claims to have found a way to bypass the encryption scheme and obtain the self-destruct password using technology no more sophisticated than that in a common cell phone. Shamir announced the discovery at the 2006 RSA Conference. “We believe that a cell phone has all the ingredients needed to detect these passwords and disable all the RFIDs in the area.” If confirmed by others, the flaw would raise serious questions about the suitability of current RFIDs for use in theft prevention, employee identification and other applications. [Scientific American]

US – Storage Security Should Not Be an Afterthought

Data storage security is a “fundamental part of IT security,” yet many companies are neglecting this imperative, according to a survey by Enterprise Strategy Group. The survey found that 30% of 288 storage professionals indicated their companies’ security policies did not address storage systems. [Source]

US – Charles Schwab Announces Security Guarantee

The Charles Schwab Corp. announced this week that the company will cover 100% of any account losses related to fraud. The company announced the “public promise” to assuage the fears of customers, many of whom prefer to conduct their transactions online. The company said the guarantee would build confidence in consumers who are increasingly concerned about online fraud and identity theft. [Source]

US – CDT Deputy Director Ari Schwartz Wins Major Policy Award

CDT Deputy Director Ari Schwartz won the RSA Conference Award for Public Policy for his role in organizing the efforts of the Anti-Spyware Coalition – a group of anti-spyware companies and public interest groups working together to help users regain control of their computers. Schwartz joins an elite group of federal regulators, lawmakers and public interest advocates who’ve received the public policy award since its creation in 1998. [Press Release] [Anti-Spyware Coalition Web site]

UK – DVLA to Review Data Access

The UK agency responsible for drivers’ personal information wants to update the rules for accessing official vehicle databases after widespread concern that companies that had broken the law were given access to personal information. A range of public and private sector organizations are able to access the registers held by the Driver and Vehicle Licensing Agency (DVLA) as long as they can prove they have “reasonable cause” to obtain the data. The DVLA is now looking to change the rules governing access. Its consultation, which began February 16, suggests the rules could be tightened, with one option to allow insurance companies access but to prevent private car parking firms. Another proposal involves increasing the fee per enquiry. The DVLA is also looking to introduce a new audit regime for organizations granted access which could involve spot checks on the way information is used, reviews of groups applying for access and cross checking with Companies House. The consultation closes March 31, 2006. [Source]

US – Houston Proposes Cameras in Public and in Private Places

Houston’s Chief of Police proposed last week to install video surveillance cameras in downtown streets, shopping malls, apartment complexes and even private homes, in order to fight against crime and to remedy a shortage of police officers. The intended purpose is to make people “feel safer” “in reality and perception.” However, most studies of video surveillance have shown that cameras do not reduce crime in public places, because criminals simply go elsewhere to commit their crimes out of camera range. Though the cameras may make residents “feel safer,” their actual safety is unchanged. [Source]

US – Yahoo on NSA Surveillance: No Comment

Under cross-examination during a congressional hearing, Yahoo’s top lawyer refused last week to say whether the company opens its records for government surveillance without a court order. Michael Callahan, Yahoo’s senior vice president and general counsel, declined five times to answer that question from Rep. Brad Sherman, a California Democrat who was probing whether the Internet company had cooperated with the NSA’s domestic surveillance efforts. “It wouldn’t be appropriate for me to comment,” said Callahan, who was testifying under oath. He added that Yahoo would “only turn over information if it’s required by law.” But Callahan refused to say whether a demand from the NSA – not backed by a court order – qualifies as required by law. [Source] See also: [American Bar Association Says Unlawful Surveillance Must Stop]

US – CDT Report: Stronger Laws Needed to Protect Privacy

A public-advocacy group (CDT) says two popular and increasingly ubiquitous digital technologies – Web-based e-mail and location awareness – inadvertently give the U.S. government unprecedented access to Americans’ personal data. As such, it believes stronger laws are needed to control the growing levels of official surveillance practices. In a just-issued 48-page report, the CDT suggests technology is making government surveillance easier, not harder, and that stronger protections are needed if innocent Americans are to retain their privacy rights. The group claims recent government-surveillance stories aren’t isolated incidents, but instead reflect a widening gap between the technology that collects sensitive personal data and the laws designed to protect that data against government misuse. [CDT Report: Digital Search and Seizure] CDT Press Release: Digital Technology Makes Surveillance Easier; Stronger Laws Needed, Report Finds, February 22, 2006. [Source]

US – Committee Identifies Phone Record Brokers; Demands Data, Trade Practices

U.S. House Energy and Commerce Committee investigators have identified people behind 22 Web pages that may offer criminals, stalkers and any other paying customer the detailed records of a person’s private telephone calls. Committee members sent letters demanding that the companies provide information about the cottage industry. The committee opened its investigation on Feb. 3 with similar letters to First Source Information Specialists, Inc., of Tamarac, Fla., which manages the datafind.org, locatecell.com, celltolls.com, and peoplesearchamerica.com sites; and to PDJ Services of Granbury, Texas, which manages phonebust.com. [Source]

US – Groups Urge San Francisco to Deploy Privacy-Friendly Wifi Network

The ACLU, EFF, and EPIC submitted comments to San Francisco TechConnect urging it to establish a privacy-friendly municipal broadband service in the city. San Francisco TechConnect has been tasked by the Mayor to research options for a free or low-cost municipal Internet service. Provider proposals are expected to pitch systems that would use personal information for advertising or otherwise implicate privacy interests. The coalition comments urged TechConnect to set minimum standards for privacy protection in the new network, including accommodations for anonymous and pseudonymous users, limits on the retention of personal information, and strong standards protecting users’ interests when legal demands are made for network data. [Coalition Letter] [Source]

US – Civil Liberties Fear as US Terror Suspect List Rises to 325,000

Civil liberties organizations expressed outrage yesterday after it was reported that the database of terrorist suspects kept by the US authorities now holds 325,000 names, a fourfold increase in two and a half years.

The list, maintained by the National Counterterrorism Centre (NCTC), includes different spellings of the same person’s names as well as aliases, but the Washington Post quoted NCTC officials as saying that at least 200,000 individuals are on it. They said that “only a very, very small fraction” of that number were US citizens, but that insistence did little to defuse the reaction. [Source]

US – Privacy Guardian Is Still a Paper Tiger

A year after its creation, the White House civil liberties board has yet to do a single day of work. For Americans troubled by the prospect of federal agents eavesdropping on their phone conversations or combing through their Internet records, there is good news: A little-known board exists in the White House whose purpose is to ensure that privacy and civil liberties are protected in the fight against terrorism. Someday, it might actually meet. Initially proposed by the bipartisan commission that investigated the attacks of Sept. 11, 2001, the Privacy and Civil Liberties Oversight Board was created by the intelligence overhaul that President Bush signed into law in December 2004. More than a year later, it exists only on paper. Foot-dragging, debate over its budget and powers, and concern over the qualifications of some of its members — one was treasurer of Bush’s first campaign for Texas governor — has kept the board from doing a single day of work. Last week, after months of delay, the Senate Judiciary Committee took a first step toward standing up the fledgling watchdog, approving the two lawyers Bush nominated to lead the panel. [Source]

US – FTC Settles CardSystems Solutions Case

In what the FTC said was the “largest known compromise of financial data to date,” CardSystems Solutions, now owned by Pay By Touch, has reached a proposed agreement to settle allegations that it failed to protect customer data. The proposed settlement would require the company to adopt tighter security measures and submit to an independent audit every other year for 20 years. Before finalizing the settlement, the FTC will accept public comments for a month. [Full Story]

US – FTC Reaches Settlement With Marketing Company

Bookspan has agreed to pay a $680,000 civil penalty to settle allegations that it called more than 100,000 consumers on the DNC list between October ‘03 and August ‘04. The FTC’s complaint also alleged that Bookspan, which operates more than 35 book clubs, called tens of thousands of consumers who had asked the company not to call them when they placed their name on the company’s internal list. [Full Story]

US – Patriot Act Closer to Renewal

The Senate voted 96-3 against Senator Russ Feingold’s attempt to block Patriot Act renewal with a filibuster. The Senate will now vote on passage of the bill. [Source] [Feingold statement] [Source] Senate Committee Declines Eavesdropping Investigation: The Senate Intelligence Committee decided not to investigate the administration’s warrantless wiretapping program, at least for now. Ranking Member John Rockefeller called the decision an abdication of the committee’s responsibility to oversee the nation’s intelligence activities. The House Intelligence Committee members have indicated that committee will conduct an inquiry, but it is unclear whether it will focus on the operational facts or the legality of the program. CDT believes Congress must learn the details of the program before it attempts to pass any legislation weakening surveillance laws. [Source]

UK – Accountants Reject E-Mail Monitoring

UK accounting firms are unlikely to use email monitoring systems to check movement of market and client sensitive information in the short term. This is despite a similar scheme being introduced by one of the world’s biggest investment banks. Deutsche Bank is set to unveil an email monitoring system to head off market abuse concerns associated with email communication. Many UK accounting organisations, however, have no current plans to watch over client-related emails sent from staff. [Source]

US – Survey: Employers Monitor Web Usage But Allow Some Personal Time

According to a 2005 survey by the American Management Association, 75% of companies monitor their employees’ Internet use. The survey also found that 65% of companies rely on software to block access to certain Web sites – a 27% increase since 2001. The city of Pittsburgh is taking a get-tough approach with its 1,300-member workforce as it prepares to expand a policy to all workers that they limit their Internet use to 30 minutes daily. [Source]

--------