AU – Biometrics Error Rate Too High

Electronic Frontiers Australia has called on the federal Government to demonstrate whether its planned access card biometrics system will work. “Human Services (Department) claims that one-to-many biometric face-matching against a very large database is accurate enough to detect fraudulent registrations, but this is not borne out by recent evaluations of the technology,” EFA’s Greg Taylor said. “The performance of facial recognition systems has improved in recent years, but error rates are still very high. Several recent studies have dismissed facial recognition as not feasible for large-scale databases.” With more than 16 million Australians to be registered for the card before 2010, “the proposed database would be the world’s largest rollout of a one-to-many matching system”, he said. “Given that face-matching checks during registration will need to be made at an average rate of 32,000 per day, substantial demands will be placed on the database and on the personnel responsible for checking matches thrown up by the computer.” [Source]

SG – Citibank First Bank in the World to Introduce Biometric Credit Card

Singaporeans will be among the first in the world to use a biometric credit card. Citibank has chosen to launch its biometric credit cards in Singapore. With the biometric payment system, shoppers no longer need to carry or present their credit card and sign for payment. Instead, it will just be a matter of having a finger scan followed by the keying in of a PIN number. The bank is first introducing the card to some 190,000 cardholders between the age of 25 and 34. The system uses technology belonging to Pay By Touch, a global biometric authentication and payment solutions provider. Citibank plans to eventually expand the service to all of its one million Singapore customers. Besides credit payments, users will also be able to make debit payments from their savings accounts. [Source] See also: [Keyboard that recognizes typing ‘will cut ID theft] and [How quickly did you type that password?]

CA – High Risk of Canadian Data Falling Into Hands of US Government

A review of federal government contracts with private companies found more than 50 cases where personal information about Canadians was at significant risk of being subpoenaed by U.S. authorities under its post-9/11 Patriot Act. According to a Treasury Board Secretariat memo obtained through the Access to Information Act, at least one such contract was ultimately cancelled and several renegotiations were undertaken to better protect the data flowing across the border into the U.S. Those contracts stemmed from seven federal institutions deemed as medium-to-high risks: Canada Post, Justice, Industry Canada, Foreign Affairs, Public Works and Government Services, International Trade and Canada Food Inspection Agency. [Source] [Source]

CA – Outsourcing Privacy Worries Prompt Scrutiny by Canadian Privacy Commissioner

Canada’s Privacy Commissioner is expressing concerns over justice, health and other sensitive government records being managed by private companies. The issue has been raised in a House of Commons committee examining the protection of privacy and is already the subject of a study by B.C.’s privacy commissioner. At issue are companies that are hired to manage or process information on behalf of a government, many of whom also work for private companies such as insurance firms. [Source]

CA – Conservative MP Introduces ‘Clean Internet Act’

Conservative MP Joy Smith this week introduced the Clean Internet Act (Bill C-427). The private member’s bill would establish an ISP licensing system to be administered by the CRTC along with “know your subscriber” requirements and content blocking powers. Smith introduced the bill by warning against the use of the Internet to support human trafficking and added that “the bill would address the fact that child pornography is not okay to put on the Internet throughout our nation,” though the Criminal Code already does that. The bill itself includes:

- an ISP licensing system to be administered by the CRTC that is defined so broadly that it would seemingly capture anyone offering a wifi connection

- “know your subscriber” requirement where ISPs would be required to deny service to past offenders

- new power that would allow the Minister of Industry to order an ISP to block access to content that promotes violence against women, promotes hatred, or contains child pornography. ISPs that fail to block face possible jail time for the company’s directors and officers.

- the Minister of Industry can prescribe special powers to facilitate searches of electronic data systems (ie. lawful access) [Source] [Source] [Clean Internet Act (Bill C-427)] See also [Jennings lawful access bill]

US – Survey: Customers Reject E-Commerce Sites That Have Left Information Vulnerable

Javelin Strategy has conducted a study that found that 77% of respondents said they planned to stop spending on sites that have suffered data breaches. Companies that distinguish themselves as security leaders will benefit, the survey found. The survey found that 85% of consumers said they would spend more on sites they perceive to be secure. [Source]

UK – National Research: Lack of Consumer Trust in the Security of Personal Data

A national survey of over 1,200 UK consumers, conducted by Ipsos MORI, reveals that 91% of the country is bothered about the protection of their personal data. 1 in 7 high earning consumers already victims of data theft and more than half of consumers surveyed will take their business elsewhere if data is lost. According to the survey, there is a clear call for retailers to become more responsible in protecting their customers’ data. One quarter of those surveyed chose online retailers as the group they most want to see being more proactive about protecting their data with a similar number (22%) choosing high street retailers. But over half still see the most important need as being political action by government bodies and banks and building societies, mentioned by 58% of the total sample. Retailers should heed the fact that 83% specify the security of their bank and credit card details as being their primary concern in terms of data they want to see protected. . [Source]

UK – Two Thirds of Workers Reveal Passwords for Chocolate and A Pretty Smile

A survey by Infosecurity Europe of 300 office workers and IT professionals has found that 64% were prepared to give their passwords in exchange for a bar of chocolate and a smile. The survey also found that 67% thought that someone else in their organisation knew their CEO’s password with the most likely candidate being the secretary or PA. The survey was carried out to find out how easy it was to extract peoples work passwords using social engineering techniques with literally just the offer of a chocolate bar for taking part in a survey. The survey was carried out amongst commuters in London Stations and also at an IT exhibition full of computer professionals just to see how much more security savvy they were compared with the average worker. [Source]

CA – British Columbia Strikes Deal to Establish E-Medical Records System

The B.C. government has reached a multi-million dollar deal with Sun Microsystems and other partners to launch an e-medical record system in the province. The project is the largest digital medical records project in Canada. The system, which supporters tout as a way to improve healthcare delivery, will allow doctors to access lab results, diagnostic imaging and patients’ medical records. [Source] [Source] [Source] See also [Infoway Upbeat on EHR Progress]

US – GSA, DOD Seek Data Encryption Under SmartBuy

The General Services Administration and the Defense Department issued a request for quotations last week for full-disk encryption or a file/folder encryption system under the government’s SmartBuy enterprise software management program. The impetus behind the SmartBuy deal is an Office of Management and Budget memo issued June 2006 requiring agencies to encrypt all data on mobile devices. Many agencies have yet to meet that and other requirements stated in the memo. A governmentwide blanket purchase agreement would give chief information officers and chief information security officers an easy way to identify and buy such software at a volume discount, according to the RFQ. Released under GSA’s e-Buy program, the RFQ asks vendors on the GSA schedule to submit a price quotation for implementing, maintaining, integrating and training people to use encryption software for data at rest. [Source]

EU – EU Advisory Body Criticizes Google’s Privacy Practices

A European Union advisory body that monitors data privacy has written a letter to Google Inc. warning the No. 1 provider of Internet searches that its practices fall short of EU data protection standards, according to a person familiar with the group’s plans. A Google spokeswoman confirmed that Google received an earlier letter from the Norwegian Data Protection Group, which has a representative on the regulatory body known as the Article 29 Working Party. [Source]

US – PEW Report Released on Teens, Privacy and Online Social Networks

According to a new study, the majority of teens actively manage their online profiles to keep the information they believe is most sensitive away from the unwanted gaze of strangers, parents and other adults. While many teens post their first name and photos on their profiles, they rarely post information on public profiles they believe would help strangers actually locate them such as their full name, home phone number or cell phone number. At the same time, nearly two-thirds of teens with profiles (63%) believe that a motivated person could eventually identify them from the information they publicly provide on their profiles. The new report, based on a survey and a series of focus groups conducted by the Pew Internet & American Life Project examine how teens, particularly those with profiles online, make decisions about disclosing or shielding personal information. Some 55% of online teens have profiles and most of them restrict access to their profile in some way. Of those with profiles, 66% say their profile is not visible to all internet users. Of those whose profile can be accessed by anyone online, nearly half (46%) say they give at least some false information. Teens post fake information to protect themselves and also to be playful or silly. [Source] See also: [OECD Issues Report on User Generated Content] and [Spock’s New People Engine]

US – OPEN Government Act Heads to Senate Floor

Legislation that would help protect the public’s right to know is one step closer to passing. Today the Senate Judiciary Committee marked up the OPEN Government Act, which would provide some much needed updates to the Freedom of Information Act (FOIA). The bill now heads to the Senate floor, and a similar bill has already passed in the House. [Source]

US – Massachusetts Police May Begin Searching Suspect Kin’s DNA

The Massachusetts State Police crime laboratory is considering expanding the use of its DNA database to search for close relatives of suspects whose DNA is recovered from crime scenes, a controversial crime-fighting technique that prosecutors say would help them solve more cases but that critics say would target innocent people, many of them members of minority groups. [Source]

CA – Canada Debates Patient Privacy Rights

The case of an Alberta medical office clerk who illegally checked the health records of her lover’s wife is being discussed at a groundbreaking meeting on privacy. About 140 health and privacy experts are in Regina at a health information privacy conference. They’re talking about the best way to balance patients’ privacy with research, and are also hearing stories about inappropriate use of health information. In Alberta, the medical clerk accessed the records of her lover’s wife 17 times in an effort to convince the man that his wife was terminally ill with cancer. Last week, the clerk was fined $10,000 for illegally obtaining health records. Alberta privacy commissioner Frank Work says the fine sets an important precedent for health-care providers and sends the message that breaches won’t be tolerated. [Source] See also [Banking on privacy: States and the federal government take contrasting approaches to building large medical record repositories] [Health information privacy is crucial] [‘Horror stories’ heard as Prairie experts meet to discuss health privacy] [US: Not all agree with health-privacy week’s focus] [AHIMA and the American Medical Informatics Association Position on Privacy and PHRs]

AU – Australian Doctors Sending Medical Files Overseas

Australian doctors are breaching privacy laws and could endanger patients’ lives by sending their medical files overseas to be typed up cheaply, it has been reported. An investigation found a growing number of Australian hospitals and medical practices are outsourcing secretarial work to companies in India, Pakistan and the Philippines. At least 4 Sydney hospitals and hundreds of doctors are using cheap labour to transcribe digitally recorded verbal notes online. [Source] [Offshore medical records ‘not at risk’]

US – Scope, Duration of TJX Breach May Indicate Inside Job

A TJX spokeswoman told AP that the company investigation is looking at the potential that the intrusion may have been the work of insiders. Several factors point to possible insider involvement, including the 17-month duration of the breach and the intruder’s apparent knowledge of the company’s electronic encryption keys. However, the company’s investigation, which involves more than 50 experts, has not reached any conclusions so far, according to its March 28 regulatory filing. [Source] [TJX Thieves Had Time to Steal, Trip Up]

US – Social Security Administration Employee Charged in Identity Fraud Case: A former Social Security Administration employee has been charged with disclosing personally identifiable information taken from a government computer, which was used to commit identity fraud by another to the tune of US $2.5 million. If convicted on all charges, the employee could be sentenced to as many as 15 years in prison. The conspirator already pleaded guilty last fall to charges of conspiracy and unlawful possession of a means of identification. The SSA employee allegedly received US $20 for each query she ran that obtained information. [Source]

UK – UK Policeman Gets Jail Time for Stealing Data from National Police Database: A UK police officer who provided personal information from a national police database to a known violent offender has had his sentence increased to nine months in jail. The officer pleaded guilty to malfeasance in a public office for accessing the police national computer database with the intent of providing another with personal information of three people. An appeal from the Attorney General increased his punishment to nine months in jail. [Source] [Source]

US – CVS latest retailer cited for identity theft violation: The Texas Attorney General has taken legal action against CVS Pharmacy for exposing customers to identity theft. According to a press release issued by Attorney General Greg Abbott’s office on Tuesday, employees at a CVS store in Liberty, Texas, chucked hundreds of customer records into a dumpster behind the storefront. Left in the trash were documents including customers’ names, addresses, Social Security numbers, credit card numbers, prescriptions and doctors, according to the release. Many of the credit and debit card numbers were still active when found, the release says, as expiration dates were included in the information. [Source]

[UCSF computer server with research subject information is stolen] [Feds: ID Theft Ring Run From Prison] [UK: 100,000 Bulldog ISP customer details Stolen] [6 years in prison for stealing hundreds of identities [Hospital Billing & Collection Service Inc.]

UK – Websense Report: More Public Disclosure of Information Leaks Needed

A survey conducted by Websense at this year’s e-Crime Congress in London suggests that employees are the greatest risk to any organisation’s data and intellectual property. Some 95% of the 105 international security professionals surveyed said that their company would not be confident of knowing about an information leak, and 64% believed that the board would be held responsible should a leak occur. One in seven respondents believe that data leaks are widespread, and 15% indicated that most companies have experienced some form of data leak in the past 12 months. Internal threats such as data leakage through malicious intent or by accident continues to be the greatest concern, topping the poll at 59%. This represents a 15% increase on last year’s annual e-Crime Congress survey. Furthermore, 79 per cent believe that legislation should be in place to curb data leakage and to ensure greater transparency in the advent of an information breach. [Source]

CA – BC Bars’ ID Tracking System Under Scrutiny by BC Commissioner

B.C. Privacy Commissioner David Loukidelis is investigating the use of a high-tech system used by Vancouver bars to track unruly patrons. The system scans a customer’s ID upon entry and takes a photograph of them. Clubs are now sharing information about certain customers. Loukidelis recently has made the investigation a priority after learning more about the system. A spokesman for Loukidelis said the office is concerned about the information collected, the security of the data and with whom the information is shared after its collection. [Source]

UK – Experian Warns of Spike in Identity Theft In The UK

Reports of identity theft have increased 69% in 2006 over the same period the previous year, according to Experian. The company warned that in the UK, 2,124 people called the agency’s hotline for identity theft victims. Gary Wood, Managing Director of Experian’s fraud prevention operations, said that ID thieves are using victims’ current addresses when applying for credit, which increases the chances of approval. The agency also said that it has detected a shift from ID thieves rummaging through garbage to steal personal information to more sophisticated ID theft rings. [Source] See also: [Hoofnagle: Opinion: Banks Should Provide More Transparency On Identity Theft]

WW – Alexander Dix: Global Networks Need Built-In Privacy Controls

Dr. Alexander Dix, Chairman of the International Working Group on Data Protection, said that global networks – to be successful – must have built-in privacy protections. Surveillance of online activities will undermine trust, he said. Dix recently called for a “uniform privacy law that would give consumers control over their personal information.” [Source] See also: [Invention: Xerox’s All-knowing browser] [Xerox patent application: User Profile Classification By Web Usage Analysis] See also: [

WW – Google Vows to ‘DoubleProtect’ Consumer Privacy

When Google announced its purchase of the internet’s largest placer of banner ads, DoubleClick, last Friday for $3.1 billion in cash, the search and text-ad giant took a big step closer to online omniscience, and immediately drew the ire of privacy advocates and competitors. Google’s acquisition of the ad company – which pioneered the business of tracking consumers from website to website – will make it even easier for Google to create profiles on internet users, without being transparent about what it is doing, charges the Center for Digital Democracy. A preemptive complaint to government regulators against the search giant is likely. The FTC is already investigating the internet advertising industry’s data practices, following a complaint in November. But Google says that internet users will actually have more privacy now that it has acquired DoubleClick. The company recently announced it would standardize its data retention policy for all its services, and would remove identifying details from data more than 18 months old. It promises to bring that newfound commitment to user privacy to DoubleClick. “Users will benefit from our commitment to protecting user privacy following the acquisition,” said a Google spokeswoman. “We’re exploring a number of ideas that will better safeguard user privacy while providing advertisers no less information about their ad placement and performance than they receive today.” [Source] [Google to pay $3.1B for DoubleClick] [Microsoft and Others Oppose Google’s Purchase of DoubleClick on Privacy, Antitrust Grounds] [Expert: Potential Sale Of DoubleClick Raises Privacy Concerns] [DoubleClick’s History] See also:

WW – Google Releases New Tools to Remove Content from Google Index

Google has released some new tools to help those looking to remove their content from the search giant’s indexes. The new tools are mix of options for site owners to quickly remove pages and cached copies of pages, as well as more general options to request the removal of any page. [Source]

AU – Australia Broadcasting Corporation Appeals Against Landmark Privacy Judgment

The Australian Broadcasting Corporation has lodged an appeal against a landmark judgment that awarded one of Australia’s first payouts for invasion of privacy. County Court judge Felicity Hampel this month awarded $234,190, plus about $65,500 in interest, to a rape victim named in an ABC radio news broadcast. The woman, who can be identified only by the pseudonym Jane Doe, sued the ABC, a reporter and a sub-editor over the 2002 broadcasts. Judge Hampel ruled the defendants were negligent, breached the woman’s privacy, and committed a breach of confidence and of their statutory duty. The woman was awarded damages for post-traumatic stress, loss of earnings and medical expenses as well as compensation for hurt and distress, embarrassment, humiliation and shame. But in documents lodged with the Court of Appeal, the defendants say Judge Hampel erred in law by finding the existence of a tort of invasion of privacy in Australia. [Source]

US – U.S. Limits Access to Student Loan Database

The US Department of Education has cut off outside access to a government database that contains the personal financial information of millions of student aid applicants. The department acted on concerns that loan companies or other marketers were improperly obtaining private information on potential borrowers. The shutdown, announced by Education Secretary Margaret Spellings, is its strongest response to a broadening student loan scandal that has already implicated loan companies and caused several universities to put their financial aid administrators on leave and review their dealings with lenders.[Source] [Lawnakers wants lenders blocked from student data] [Lenders Searching Student Database Sparks Privacy Fears] [Student Loan Companies Access U.S. Department of Education’s Student Database]

US – Ponemon Institute Releases Results of 2007 Most Trusted Retail Banks

Privacy and information management research firm the Ponemon Institute announced the results of the 2007 Privacy Trust Study for Retail Banking, measuring consumer perceptions of trustworthiness for retail banking institutes. In its sixth year, the study examines how issues related to consumer privacy and data security, and the ways in which retail banking institutions address those issues, translate to consumer opinion. ... Overall, privacy trust scores for all top twenty banks increased slightly from 2006. However, banks that experienced a significant data breach event saw a decline in their privacy trust scores. [Source] [Source]

US – Arizona House Approves Bill to Strip SSNs from Some Online Public Records

House lawmakers gave preliminary approval to a bill that would protect residents of Maricopa County from identity theft by ensuring that users who access county records will not be able to see Social Security numbers. The bill would apply to records in the state’s largest county because officials there already have purchased software to redact the SSNs from records. County recorders in the state’s 14 other counties will have to redact SSNs from Web-based public records only upon request. [Source]

US – North Dakota Becomes Second State to Ban Forced RFID Implantation

As expected, North Dakota has become the second state in the U.S. to ban the forced implanting of radio frequency identification (RFID) chips in people. The two-sentence bill, passed by the state legislature, was signed into law by Gov. John Hoeven last Wednesday. Essentially, it forbids anyone from compelling someone else to have an RFID chip injected into their skin. The state follows in the steps of Wisconsin, which passed similar legislation last year. “We need to strike a balance as we continue to develop this technology between what it can do and our civil liberties, our right to privacy,” Hoeven said in an interview. He emphasized that the law doesn’t prohibit voluntary chipping. Military personnel who want an RFID chip injected so they can be more easily tracked will still be allowed to get a chip. There are also potential uses for the technology in corrections or in monitoring animals, he noted. [Source]

US – California Senate Fights RFID Tracking for Schoolkids

California’s state Senate approved legislation last week that would prohibit public schools from requiring the implementation of radio-wave devices that broadcast students’ personal identification and monitor their movement around campus. The bill was introduced by Democrat Sen. Joe Simitian and sent to Assembly on a 28-5 vote. “The reason we have this level of support is it is a narrowly crafted bill, Simitian told the Associated Press. “We’re dealing only with mandatory use that tells parents they don’t get to be in charge of their kids’ personal information.” The bill provisions would expire in 2011. [Source] [California Senate OKs bill banning student monitoring devices]

WW – Report Says Rootkits Becoming Increasingly Complex

According to a security report released yesterday by McAfee, Complexity in rootkits is growing at a phenomenal rate, allowing malicious software to burrow deep and potentially go undetected inside Microsoft’s Windows platform. McAfee said rootkits have grown over the past five years from 27 components to 2,400. [Source] See also: [Targeted E-Mail Attacks Increasing: Report]

US – US Government Secure Configuration Mandate to Help Everyone

A panel of experts instrumental in the development of the recent Office of Management and Budget (OMB) security mandate regarding standardized configurations of Windows operating systems on government computers helped elucidate the benefits it brings not only to government systems, but also to systems in the private sector. Analysis from the National Security Agency (NSA) indicates that the mandated secure settings block more than 85% of common attack vectors. Furthermore, because the agencies are required to deploy secure system configurations, vendors will need to make sure applications work appropriately within those configurations. “Each time a vendor solves the problem for one federal agency, it solves it for all agencies and for every other organization that buys that application and uses the secure configuration.” [OMB Memo to Agency Heads] [OMB Memo to CIOs] [Microsoft Windows XP security configurations] and [Here] [Source] [Source] [Source]

WW – Paint May Cover Users When It Comes to Online Privacy

A U.S. manufacturer is selling paint that is billed as an electromagnetic shield that would prevent hackers from breaking into wireless systems. EMSEC Technologies, which is selling the paint for $6 per-square-foot, says the product would completely secure a data room from intrusion. It would not be suitable, however, for an entire office because it blocks radio signals, which would prevent mobile devices from receiving or sending signals. [Source]

US – GAO: Despite Advances, TSA TWIC Problems Remain

The Transportation Security Administration has improved its management of the Transportation Workers Identification Credential (TWIC) in the last six months, but problems remain in ensuring effectiveness and compatibility of the TWIC cards and readers in the field, according to testimony this week by the GAO. There are concerns about educating workers, maintaining a timetable for enrollment and dealing with background checks for all the workers, GAO said. In addition, the TWIC card and reader technologies and their validations remain problematic. Overall, it won’t be possible to fully judge the effectiveness of TSA’s management of TWIC until enrollment begins, and setting realistic schedules is a key concern, the GAO said. [testimony] See also: [Trust and Logistics Key to Standard Employee ID Cards] [Rapid Expansion of Smart Cards in Government Evident]

AU – Photo on Australia Card Vital, Says Ellison

A photograph, signature and personal number will be retained as key elements of the Howard Government’s new Access Card, despite backbench protests this will make it a de facto identity card. Human Services Minister Chris Ellison, who shelved legislation delivering the card last month pending further consultation, said that the concerns raised by his colleagues did not reflect community views. His comments came despite a report by the Senate’s finance and public administration committee in which Coalition senators joined the Opposition to call for a delay and reconsideration of the plan. The committee was particularly worried about a proposal that the card include a biometric photograph, warning that this would increase the likelihood of its becoming a “de facto national ID card”. [Source] [Access card under fire over ID concerns] See also: [Spain eID “Going Smoothly”]

EU – More than 1,000 People Demonstrate Against Big Brother State

At a recent demonstration in Frankfurt-on-the-Main between 1,500 and 2,000 civil rights campaigners visibly came out against what they describe as “rampant surveillance.” On their placards the demonstrators compared privacy to oxygen and noted that it was high time to stop branding data protection “a crime.” The protesters vehemently lambasted the highly controversial new anti-terror legislation intended to expand Germany’s surveillance structure significantly and, among other things, give the police automatic access to digital passport photos and the fingerprints that will in future be stored on German ID documents. They also excoriated the plans currently being discussed to retain telephone call and Internet data, search PCs surreptitiously via the Net, the drive to expand the video surveillance of public spaces, the practice of passing on Passenger Name Records (PNRs) and the proposals for automatic scanning and database comparison of number plates of vehicles traveling or parked on public roads. [Source] [German minister wants access to private computers] [German government approves retention of data]

CA – Manitoba to Slap Electronic Monitoring Bracelets in Worst Car Thieves

Mayor Sam Katz praised this week’s announcement by the Doer government to outfit the 20 worst car thieves in Manitoba with an electronic monitoring device. “The only thing they should be wearing is cold, hard steel,” Katz said in reference to the Global Positioning Satellite-based devices. [Source] See also: [Tag elderly people, says UK science minister]

US – AT&T Settles In ‘Pretexting’ Case

AT&T has settled with 13 data brokers it accused of fraudulently obtaining customer phone records after the brokers agreed to pay an undisclosed cash settlement and to not seek customer data in the future. The lawsuits were AT&T’s first involving so-called pretexting, where customer data is accessed by people posing as customers to get unauthorized online accounts where they could see calling records and other information. [Source]

US – Administration Seeks Warrantless Domestic Surveillance Authority

The US administration has proposed a bill to relax certain legal restrictions on the government’s ability to intercept telephone calls and other communications in the U.S.. The proposal would change provisions in the primary law on domestic surveillance that the Bush administration says limit its ability to spy on the domestic and international communications of foreigners and would provide new legal immunity for telecommunications companies that have been sued for cooperating with the government as it conducts domestic wiretapping. But the proposed changes to the Foreign Intelligence Surveillance Act of 1978 face resistance in Congress. Democratic lawmakers have been pressing for more oversight of the domestic eavesdropping run by the NSA before they agree to amend the laws, and they have become increasingly concerned by disclosures of abuses in other data collection programs, too. [Source] [Source] [Administration press release 2007-04-13] [Draft bill] See also: [NYT: Who’s Watching the F.B.I.? “national-security letters”] [Jeffrey Rosen: Trust Waning In Wake Of Revelations About FBI Abuses (New York Times Magazine article) ]

US – Montana Governor Signs Bill Defying REAL ID Law

Gov. Brian Schweitzer said ‘no, nope, no way, hell no’ Tuesday to national driver’s licenses, signing into law a bill supporters say is one of the strongest rejections to the federal plan. The move means the state won’t comply with the Real ID Act, a federal law that sets a national standard for driver’s licenses and requires states to link their record-keeping systems to national databases. Though several states have either passed or are considering resolutions or bills against the act, Montana is the first state to outright deny its implementation, according to the ACLU. [Source]

US – Washington Governor Signs Bill Rejecting REAL ID

As part of a growing state rebellion, Gov. Christine Gregoire this week signed a bill rejecting REAL ID. Legislatures in four other states - Maine, Idaho, Arkansas and Montana - also have adopted measures opposing REAL ID, and lawmakers in more than 20 other states are considering similar action. The measure will prohibit state implementation of the REAL ID Act, unless the federal government fully funds it and provides stronger protections for the privacy of Washington drivers. The measure (SB 5087) passed both chambers of the legislature with bipartisan support, including an overwhelming 95-2 vote in the House. [Source] See also ACLU’s RealNightmare

US – Connecticut Kills Bill Giving Adults Access to Their Adoption Records

An effort to resurrect a bill allowing adult adopted children to obtain their birth certificates when they turn 21 fizzled last week amid concerns the legislation would lead to more abortions. The 16-24 defeat in the Judiciary Committee came nearly a year after Gov. M. Jodi Rell vetoed a similar bill, arguing it violated privacy rights of birth mothers who put their children up for adoption believing their identities would remain confidential. The governor asked lawmakers to draft a bill this session that balances the privacy of birth parents with the desire of adoptees to seek their birth information. [Source] [Source]

US – DMA Reiterates Need for Data Security Legislation

The Direct Marketing Association has again called for legislation that would create a national standard for notifying consumers in the event of the loss or theft of personal data without impeding the legitimate exchange of data necessary for electronic commerce. The Senate Committee on Commerce, Science and Transportation is expected to introduce a data security bill in the next two weeks. In a letter sent last week to committee leaders the DMA outlined the principles it supports for any data security legislation. [Source] OTHER NEWS:: [California Assembly Committee Passes Data Breach Bill] [Texas House Votes to Shield Handgun Owners’ Names]

US – Employees Surveilled, Sacked for Inappropriate E-Mails, IM and Blogging

American firms have stepped up surveillance on employee e-mail traffic, Web-surfing and blogging activities on company networks as workers’ online conduct take a hefty toll on U.S. employers. E-mail mismanagement has resulted in costly lawsuits against corporations, and businesses are responding by firing more workers who violate corporate computer policies, according to the ePolicy Institute, an online risk consultancy organization. More than 26% of the 400 American companies surveyed by the institute and the American Management Association (AMA) last year terminated employees for e-mail misuse. Another 2% dismissed workers for inappropriate instant messaging (IM) chat and 2% fired workers for creating offensive blog content. The ePolicy/AMA survey showed that 24% of U.S. companies have been ordered by a court or regulatory body to produce employee e-mail. 15% of the companies said they fought a workplace lawsuit triggered by a sexual or racial harassment claim involving employee e-mail. [Source] See also: [EU Court Ruling: Employers May Not Spy on Staff By Secretly Monitoring Emails] and [Even White House Aides Deserve Privacy When It Comes To Email] [Employers warned on email spying]

CA – Full-Name Badges Breach Nurses’ Privacy

Nurses in Prince Edward Island, a province of Canada, have won the right not to wear name tags displaying their full names as the result of a recent ruling by Acting Privacy Commissioner, Karen Rose. She ruled that a nurse in a long-term care facility should not be required to display both her first and family names, because doing so could expose her to an immediate personal risk. [Source]

--------