Last week, the biometrics program manager in Iraq expressed concern that the database containing biometrics and secret files on thousand of Iraqis could “become a hit list if it gets in the wrong hands.” According to Lt. Col. Velliquette, the Iraqi system has approximately 750,000 records in its database. Currently, the U.S. military administers the database of Iraqis’ personal information. According to reports, U.S. troops are using mobile scanners to take fingerprints, eye scans, and input other personal data from Iraqis at checkpoints, workplaces, the sites of attacks, and door-to-door canvasses. The database information is tied to other Iraq biometric databases at the Biometric Fusion Center in West Virginia. There are at least 31 U.S. officials who have access to the database, but this number is likely much higher. Further, the idea of the U.S. military turning over the database system to the Iraqi government is already under discussion. In July, EPIC, Privacy International, and Human Rights Watch wrote to the US Defense Secretary to warn that the system will lead to reprisals and further killings. The letter draws attention to international privacy obligations, including Article 12 of the Universal Declaration of Human Rights, a document that the United States has endorsed. [Letter from privacy groups to Robert Gates, Secretary of Defense, July 27, 2007] [Council on Foreign Relations, “A National ID Program for Iraq?”] [EPIC’s Iraqi Biometric ID page] [Human Rights Watch’s page on Iraq]

US – Facial Recognition Program Flunks Test at Oceanfront

A Norfolk, Virgina city’s highly debated facial recognition program at the Oceanfront suffered from technical and performance problems, and the $200,000 system has not been used in nearly two years. The Beach was the second city in the nation to adopt the technology, which paired cameras and a computer database in an attempt to improve security in the tourist areas. According to the police Chief, it just was not the right fit for the resort community and did not lead to a single arrest. The failure of the facial recognition program was outlined in roughly 80 pages of documents obtained from the city under the Freedom of Information Act. Officials had been convinced of the technology’s effectiveness after extensive research in Tampa, the first city to install the system. Tampa shut down its operation in August 2003 after it failed to recognize anyone wanted by authorities. Around the same time, Virginia Beach was running into problems of its own. The system continued to record numerous “captures” - more than 52,000 in one day alone - but many of them were inaccurate, according to a log. During a five-month period in 2003, when the Oceanfront was at its busiest, thousands of alerts resulted in false alarms from “sidewalk captures,” according to the logbooks. The system also created errors and shut down, froze after being rebooted, and malfunctioned several times during a single shift. As recently as December 2006, an e-mail from a Police Department supervising officer called the technology “old and unusable.” He also mentioned that the company that had provided the system was sold and the new vendor had offered to upgrade it “for huge money.” [Source]

EU – Swedish DPA: Pupils ‘Should Not be Forced to Give Fingerprints’

Forcing schoolchildren to give fingerprints in order to get their lunches should be forbidden, the Swedish Data Inspection Board has said. Children at schools in the town of Lerum have to prove that they have paid for school lunches by giving their fingerprints or handprints. Once their prints have been compared with a database, a machine releases their plates. The data inspection board is taking Lerum Council to The Supreme Administrative Court in an attempt to put a stop to the practice. The Administrative Court of Appeal already gave the go-ahead to the schools to use fingerprints, but the board argues that the school should find another way to identify pupils. The requirement to use fingerprints or handprints is a violation of pupils’ personal integrity, it argues. [Source]

CA – LSAC Complies with Privacy Commissioner Finding

A student discussion forum confirms that the LSAC has substituted fingerprinting with a photograph for students who take the LSAT exam: According to a notice for LSAT registrants at Canadian Centers, “Effective with the September 2007 Administration of the LSAT, candidates testing at test centers in Canada MUST bring a photograph to the test center on the day of the test. These photographs will be retained by LSAC.” [Source]

CA – U.S. Asked To Stall Border Rules: Provinces Need More Time to Upgrade Licences

Ottawa is formally requesting a delay in strict new land and sea border crossing rules, arguing the Bush administration’s deadline does not give provinces enough time to upgrade drivers’ licences as an alternative to passports. The federal government also tells Washington, in documents filed Monday, that in order to justify the time and money needed to make Canadian drivers’ licences more secure, they need an assurance from the U.S. that they will be acceptable at border crossings. Ottawa also says it is considering introducing a passport card for frequent travellers, a type of “passport lite,” a smaller, cheaper version of the passport book that is being developed for Americans here. The federal government filed its official comment on the proposed rules for land and sea borders under the Western Hemisphere Travel Initiative. [Source]

CA – CIPPIC Files Complaint About Privacy Impacts of Foreign Outsourcing

CIPPIC has asked the Privacy Commissioner of Canada to investigate and report on canada.com’s compliance with PIPEDA, and in so doing to clarify legal requirements for notice and consent in situations involving outsourcing of core business operations to a US-based company. Earlier this year, canada.com outsourced its email service operations to US-based Velocity Services Inc., raising concerns about the consequent increased risk of surreptitious US government access to the email communications of canada.com subscribers. CIPPIC has asked the Privacy Commissioner to investigate and report on whether Canadian subscribers of canada.com email services receive a “comparable level of protection” of their personal data from US-based providers as compared to Canadian providers. [Source]

US – Data Losses Can Harm a Business Brand: Survey

87% of consumers said they lost respect for businesses after those companies lost customers’ personal information, according to InfoSurv’s survey of 400 consumers. Tablus, the survey’s sponsor, said that respondents’ comments indicated that a loss of personal information equals a loss of business because consumers believe businesses should place a high priority on maintaining trust and the confidentiality of their information. In fact, 96% of respondents said that protecting customers from data breaches should be a company’s highest priority. 95% of respondents said there is no excuse for exposing customers’ confidential information, and 93% said that businesses are obligated to protect sensitive content. 94% of respondents said if there’s a technology to prevent the loss of confidential and personal information, all businesses should use it. 90% said they did not trust companies that could not protect their confidential information, 85% said they would prefer to do business with companies that have never experienced data breaches, and 82% said they would warn others against doing business with companies that exposed customers’ personal information. 88% of respondents said that companies that better protect customers’ information have better reputations and 82% said that companies that never lost data were more trustworthy than those that have. [Source]

US – OMB, CIO Council Issue Architecture Principles

The Office of Management and Budget and the CIO Council released today a new framework that underpins many of the Bush administration’s core management tenets. The Architecture Principles for the U.S. Government defines what is important to the administration, said Karen Evans, OMB’s administrator for e-government and information technology. “These principles balance department and agency mandates on the one hand and governmentwide interests on the other,” wrote Evans, also the council’s director, and Dave Wennergren, Defense Department deputy chief information officer and vice chairman of the council, in an e-mail message to CIOs. “Clear, well-understood and sanctioned principles, combined with an executive commitment to enforce them, help drive change across disparate departments and programs, and also within agencies.” [Source] See also: [10 perspectives on EA] and [New ISACA certification seeks governance excellence]

EU – Study Indicates Network Encryption Not Widely Used

A survey of 1,200 IT directors and other security professionals indicates that 34% of UK companies encrypt less than one-quarter of their network traffic. The number of organizations with no network traffic protection at all fell one percentage point, from 6% to 5%, since 2006. The total number of organizations using encryption and other security measures on network traffic has actually dropped since last year. [Source]

UK – Definition of Personal Information Expands: UK Commissioner Updates Guidance

The Information Commissioner’s Office (ICO) has published new guidance this week that explains its view of what counts as personal data under the Data Protection Act (DPA). Information that is not personal data today may become personal data as technology advances, it says. The DPA defines personal data as “data which relate to a living individual who can be identified (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual”. It is the interpretation of that definition that is the subject of the ICO guidance. The ICO says in its new guidance that many kinds of information can count as personal data, even in situations in which people may not consider it to be so. “When considering identifiability it should be assumed that you are not looking just at the means reasonably likely to be used by the ordinary man in the street, but also the means that are likely to be used by a determined person with a particular reason to want to identify individuals,” the ICO said. “Examples would include investigative journalists, estranged partners, stalkers, or industrial spies.” [Source] [Guidance from ICO]

AU – One-in-10 Aussies Victims of ID Theft: Report

Almost 2 million Australians have had their personal details stolen and used fraudulently by a third party, according to a report released this week by the Office of the Privacy Commissioner, which highlights the internet as a growing privacy pain point. The report found only 17% of Australians trusted online businesses to handle their personal information responsibly, compared with 37% for regular retailers, 73% for government departments and 91% for health service providers. The report found 9% of Australians claimed to have been a victim of “ID theft” and 17% knew someone else who had been a victim. The Privacy Commissioner, Karen Curtis, said it was “statistically valid” to extrapolate the figure to mean just under 2 million Australians had been victims, but it was a “big extrapolation”. Half of the respondents were more concerned about giving personal information over the internet than they were two years ago, while 45% believed ID theft was likely to occur as a result of using the internet. [Source] [Media release] [National Survey]

UK – e-Money Providers Must Verify Identity - New Guidance

The Joint Money Laundering Steering Group (JMLSG) has published draft amended guidance for electronic money. It covers products that are card-based as well as those that are entirely software-based. The JMLSG is made up of the leading UK trade associations in the financial services industry. The purpose of the guidance is to provide clarification to e-money issuers on verification of identity and other customer due diligence measures required by legislation. The new guidance augments the limits with systems for the detection of abuse. These include transaction monitoring systems that detect anomalies or patterns of behaviour; systems that identify discrepancies between submitted and detected information - for example, between country of origin submitted information and the electronically-detected IP address; and on-chip controls that disable a card when a given pattern of activity is detected, requiring interaction with the issuer before it can be re-enabled. The JMLSG is inviting comments on the draft guidance by 7 September 2007. [Source] [The draft guidance]

US – Florida Launches Open Government Commission

Florida Gov. Charlie Crist this week addressed the Commission on Open Government during the group’s first meeting in Tallahassee. The nine commission members appointed by the governor are charged with reviewing and evaluating the public’s right of access to government meetings and records. The meeting is the first of at least three public hearings to receive input from the public, media and government representatives throughout the state. “Citizen participation in all levels of government is a basic principle of our democracy, and the commission will play an important role in helping ensure government organizations provide access to the information needed for that participation,” said Crist. The commission will review policies and statutes related to Florida’s Sunshine Laws. Their findings and recommendations will be presented by December 31, 2008. [Source]

US – DOD Will Share E-Medical Records With FDA

The Defense Department will share at least some of its electronic medical records for 9.1 million military personnel and their families with the Food and Drug Administration to help FDA spot problems and learn more about the efficacy of prescription drugs. The data-sharing agreement was signed in July as part of the FDA’s project to develop a Sentinel Network that will link medical databases and screen the data for signs of adverse drug effects. The network also should allow the FDA to evaluate over time whether a drug is effective in curing ailments or their symptoms. FDA has come under fire for ineffective monitoring of prescription drugs after they are approved for use. The clinical trials used to gauge the safety and effectiveness of drugs before FDA approval often are limited in length and in the number and types of people on whom a drug is tested. [Source] See also: [Amicus Brief of EPIC and 16 Experts in Privacy Law and Technology (August 20, 2007)]

US – MedicAlert Says Leaked Info Didn’t Hurt Clients

Information inappropriately e-mailed to her own account by a former MedicAlert alert employee did not compromise the financial records of the company’s 4 million members, its chief executive said this week. Investigators arrested Andrea Terry last week on suspicion of e-mailing information about 10,000 MedicAlert clients to an outside account she controlled. The MedicAlert CEO said those records did not include medical information, Social Security numbers or bank-related data. The information accessed consisted of a list of member names and a corresponding client identification number.[Source]

WW – Monster.com Admits to Previous Identity Attacks

The theft of personal information from some 1.3 million users of the Monster.com job search service first revealed two weeks ago was not a one-time attack, the company’s CEO said this week. “The Company has determined that this incident is not the first time Monster’s database has been the target of criminal activity,” Sal Iannuzzi, the chairman and CEO of Monster Worldwide Inc., said in a statement. In an interview with Reuters, Iannuzzi also acknowledged that the most recent breach may have been substantially larger than the 1.3 million users the company said earlier had been affected. “It could easily be in the millions,” Iannuzzi told Reuters. [Source]

CA – B.C. Hydro Apologizes to Customers for Inadvertent Data Breach

Late last month, B.C. Hydro asked 10,000 customers to participate in a survey on energy issues. The survey was conduced by Energy Insights, a company with operations in Canada and the U.S. About 750 customers filled out the survey. However, the data gleaned from the survey was stored on U.S. servers, which is a violation of B.C.’s Freedom of Information and Protection of Privacy Act, according to this article in The Province. The company, which removed the information Aug. 10, has sent a letter of apology to the affected customers. A spokesman for the utility said the incident was “due to lack of training and awareness with our employees,” who now are participating in privacy training. [Source]

US – Arizona Joins Hybrid ID Effort

Arizona became the third state last week to volunteer for a Homeland Security Department program in which it will develop a hybrid identification card that combines a state driver’s license with a U.S. border-crossing card. DHS and state officials announced an agreement to partner in development of the “enhanced” driver’s license that is expected to meet the department’s Western Hemisphere Travel Initiative requirements as well as align with future driver’s license requirements of the Real ID Act, DHS said in a news release. [Source]

EU – eID Reaches Portuguese Mainland

The inhabitants of Castelo de Vide, in the Portalegre district, were the first continental Portuguese to start receiving the new eID, which replaces the previous identity papers, as well as the cards for taxation, voting, social security and healthcare. Distribution began there on 31 July. The electronic cards had been piloted in the Azores islands since February. There, 6 789 electronic cards have been issued and more than 9 500 applications are being processed. Two-fifths of electronic card holders have so far opted to have the electronic signature facility activated. By July 2008, eIDs should be available in all parts of the country. Known as the Citizen Card, the new document has been assigned a dual role by the Portuguese authorities: “As a physical document, it enables citizens to identify themselves, in their own presence, in a secure way. As a technological document, it enables them to identify themselves to computerised services and to authenticate electronic documents.” [Source]

AU – Australian Pubs Warned Over ID Privacy Issues

Australia’s privacy commissioner has warned pubs and clubs which electronically scan patrons’ identification documents that they must comply with the Privacy Act. Privacy Commissioner Karen Curtis said her office had received several complaints in recent months about the use of ID scanning technology at pubs and clubs. Ms Curtis said a national survey taken earlier this year had found that only 18% of Australians believed that it was acceptable for their ID to be copied or scanned when entering licensed premises. [Source]

WW – Sony Hiding Files Again, Security Firm Says

Sony Corp. is up to its old tricks again, hiding software that can be exploited by hackers in a line of portable USB drives, a Finnish security firm says. The fingerprint reader software included with Sony’s MicroVault USM-F line installs a driver in a hidden folder that can be accessed by hackers on the user’s computer, according to F-Secure Corp. Hackers could get into that folder, which is not visible through Windows, and use it to store additional hidden files, F-Secure wrote on its blog. [Source]

WW – WHOIS Privacy Reform Reaches Dead End

Reforms to the WHOIS database in order to address growing privacy concerns have once again come to a halt, leaving a seven-year-old debate to continue on how much personal information should be displayed to the public. The WHOIS Working Group published its Final Outcomes report this week, which detailed nearly three months’ worth of talks, negotiations, and disagreements among 70 users, service providers, and law enforcement officials. The group was pulled in two directions: one by those who want increased privacy protections for individuals registering domains and another by those who want easier and quicker access to WHOIS contact information in order to keep an eye on bad apples. Caught in the center are domain registrars, which currently offer proxy services to registrants who want to protect their identities, addresses, phone numbers, and other contact information from being publicly displayed. Such services usually cost less than $8 per year and are a relatively minor cost to many people in exchange for the privacy benefits. But privacy advocates say that customers shouldn’t have to pay to keep their information private-the WHOIS database should offer some level of privacy by default while still offering up enough information to be helpful. [Source] See also: [The Globe on Terror Goes Digital: Wrong, Wrong Wrong]

WW – To Protect User Privacy, TorrentSpy Shuts Doors to America

Unwilling to compromise the privacy of its users, TorrentSpy has shut its doors to American file sharers. The move came just hours before a U.S. judge denied an appeal from the company, insisting - once again - that it turn over server logs detailing user behavior. In May 2007, TorrentSpy was ordered to save its server logs to disk and fork them over to the court as evidence. The logs include user IP addresses and lists of downloaded files. No American court had ever laid down such an order, and many believe it has the power to erode privacy across the web. TorrentSpy’s server logs pass through system memory, but are never permanently recorded. The company argues that saving this data would violate its privacy policy. When the Court order went public, the Electronic Frontier Foundation (EFF) launched a defense of its own. “We think it’s a very troubling ruling that goes well beyond TorrentSpy,” an EFF lawyer said. “It potentially allows any company’s privacy policy to be re-written by its adversary’s lawyers. It’s a bad precedent to set.” [Source] [Websites could be required to retain visitor info]

NZ – New Zealand Commissioner: ‘Privacy Pollution’ Erodes Choices

Small, incremental intrusions into personal privacy can combine to erode private space, thoughts and choices, Privacy Commissioner Marie Shroff says. “I am NOT talking about a few spam emails or telemarketing calls. “The issue is the combination of spam, unwanted sales calls, CCTV in the supermarket, at the petrol station, in the video shop, on the street and at the bank. Our transactions are recorded, stored and shared. Our behaviour is silently recorded on camera. “I call this ‘privacy pollution’, similar to air pollution where small blots of contamination build to form blankets of smog. In themselves, they are relatively minor - specks of soot or puffs of smoke - but in combination, the effect can be overpowering,” Mrs Shroff said today at a Privacy Awareness Week forum, ‘Privacy and Technology in the 21st Century. Intrusions such as telemarketing calls were offensive to many people because they came without invitation into our personal space and time, she said. [Source][Privacy During Privacy Awareness Week] [NZ Commissioner site]

AU – Australia’s Tax Office Gets Tough on File Privacy

Fraud detection systems have uncovered a rash of privacy breaches at the Australian Taxation Office as employees flout tough data protection rules despite ongoing monitoring and training. The sweeps of data access logs led to three terminations during the 2007 financial year and another nine staff resigned after the ATO detected unauthorised access to taxpayer records. [Source]

US – Hearing to Address Surveillance Privacy Concerns With New DHS Office

A House committee will hold hearings next week on the Homeland Security Department’s new National Applications Office (NAO). Rep. Bennie Thompson, D-Miss., chairman of the House Homeland Security Committee last week complained in a letter to Homeland Security Secretary Michael Chertoff that he had learned only through media reports of the department’s two-year-old plans to create the office and use spy satellites for homeland security and law enforcement purposes. “Let me state this clearly,” he wrote, “the release of important information to the public . prior to notification to this committee is unacceptable.” In his letter, Thompson complained that Chertoff is ignoring privacy concerns as he creates the new office. “The enormity of the NAO’s capabilities and the intended use of the imagery received though these satellites and the unintended consequences that may arise, have heightened concerns among the general public,” Thompson wrote. “At present, I am not certain that the proper privacy, civil rights and civil liberties issues have been fully addressed.” The hearing, which at press time was scheduled for Sept. 6, will focus on potential civil liberty and privacy problems that could be created by NAO, committee aides said. Although the witness list has not been finalized, three department officials are confirmed as attending: Charles Allen, chief intelligence officer; Hugo Teufel, chief privacy officer; and Dan Sutherland, civil rights and civil liberties officer. [Source]

US – CISOs Worried About Mobile Data Security

The vast majority of federal chief information security information officers noted that laptop use has increased in their agencies over the past year, and more than half said that securing data on mobile devises is now their primary concern, according to a recent survey of 35 of the 117 federal CISOs. They are worried that federal teleworkers do not have sufficient data security training and technology, according to the poll conducted by the Telework Exchange and underwritten by Hewlett Packard. This is especially true when it comes to “unofficial” teleworkers -- people who work from home at night and on the weekends without going through an agency’s telework program. These individuals are the biggest threat, according to one quarter of CISOs. In contrast, nine in ten CISOs said official teleworkers were not a security concern. [Source]

US – Study: Mobile Workers Leave Security to IT

A study commissioned jointly by Cisco Systems and the National Cyber Security Alliance found that most mobile wireless workers view security as “IT’s job.” 44% of respondents said they open email messages and attachments from unknown or suspicious senders and one-third use unauthorized wireless connections. While many of the 700 mobile workers surveyed said they are sometimes aware of security issues and best practices, more than a quarter said they “hardly ever” consider those issues. Those workers said that they were busy getting their work done and that security should be addressed by IT. [Source] [Source]

AU – Aussie Smartcard Program Delayed, Fate Rests on Election

Repeated attempts by the Australian government to get the A$1.1 billion Access Card legislation through parliament has stalled, with future plans for the smartcard now on hold until at least 2008. Human Services Minister Chris Ellison admitted the government’s original timetable, which involved getting the legislation through both houses of parliament by June 2007, was far too ambitious. The card has been dogged by privacy and security concerns since its inception. Ellison has confirmed the draft legislation will not return to parliament this year. “We won’t be able to have legislation for the next session because we’ve had more than 40 submissions and there are ongoing talks planned with the states and territories,” adding that public support was essential for the project to succeed. With an election looming, all bets are off, particularly as the Labor Party has promised to dump the card upon winning the election. [Source]

UK – Call for CCTV Surveillance in Drug Addict Homes

A leading drugs expert has proposed a controversial plan to install CCTV in drug addicts’ homes to protect their children. Professor Neil McKeganey, head of the centre for Drug Misuse Research at Glasgow University, believes radical moves are needed to protect youngsters from the chaotic lifestyles of their parents. He believes that it is impossible for social workers to guarantee the safety of addicts’ children due to the numbers involved. Recent figures estimate that 50,000 children have a parent with a drug problem while around 80,000 to 100,000 have a parent with an alcohol problem. Prof McKeganey accepted that the proposal to put CCTV inside addicts’ homes was controversial, but said that the issue must be debated. He said: “The question is whether we are prepared to say the principle of the privacy of family life is more important than that of child protection. If we accept that privacy is the most important then there will be many more tragic cases. “The response to this suggestion will be to say that it is an unacceptable extension of ‘big brother’ and a violation of individuals human rights. But the Human Rights Act was never intended to be a “get out” clause for those committing crimes or harming vulnerable children.” He added: “We have become used to the proliferation of CCTV cameras within public spaces. We have also become used to the idea that those cameras are an effective tool in crime prevention. What we have not considered though is their possible use in private spaces.” [Source]

US – Role of Telecom Firms in Wiretaps Is Confirmed

The Bush administration has confirmed for the first time that American telecommunications companies played a crucial role in the National Security Agency’s domestic eavesdropping program after asserting for more than a year that any role played by them was a “state secret.” The acknowledgment was in an unusual interview that Mike McConnell, the director of national intelligence, gave last week in which he disclosed details on classified intelligence issues that the administration has long insisted would harm national security if discussed publicly. Mr. McConnell made the remarks apparently in an effort to bolster support for the broadened wiretapping authority that Congress approved this month, even as Democrats are threatening to rework the legislation because they say it gives the executive branch too much power. [NYT Source] According to nearly a thousand pages of restricted documents newly released under the Freedom of Information Act, the FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device. The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is far more intricately woven into the nation’s telecom infrastructure than observers suspected. It’s a “comprehensive wiretap system that intercepts wire-line phones, cellular phones, SMS and push-to-talk systems,” said one Columbia University computer science professor and longtime surveillance expert. [Source] [Hawaii fears wiretap law will erode privacy] [Spy chief’s disclosures stun Congress] [FBI’s Wiretapping Behemoth Revealed] [DCSNet documents]

US – Bloated U.S. Watch Lists Yield Few Arrests

The U.S. government’s terrorist screening database flagged Americans and foreigners as suspected terrorists almost 20,000 times last year. But only a small fraction of those questioned were arrested or denied entry into the U.S., raising concerns among critics about privacy and the list’s effectiveness. Slightly more than half of the 20,000 encounters last year were logged by Customs and Border Protection officers, who turned back or handed over to authorities 550 people, most of them foreigners, Customs officials said. FBI and other officials said that they could not provide data on the number of people arrested or denied entry for the other half of the database hits. FBI officials indicated that the number of arrests was small. The government says the database is a powerful tool for identifying and tracking suspected terrorists and for sharing intelligence, and that its purpose is not necessarily to make arrests. But the new details about the numbers, disclosed in an FBI budget document and in interviews, raise questions about the database’s effectiveness and its impact on privacy, critics said. They argued that the number of hits relative to arrests was alarmingly high and indicated that the threshold for including someone on a watch list was too low, potentially violating thousands of Americans’ civil liberties when they are stopped. David Sobel, senior counsel with the Electronic Frontier Foundation, a privacy organization, said the numbers “suggest a staggeringly high rate of false positives with respect to the identification of supposed terrorists.” He added that “this really confirms the long-standing fear that this list is inaccurate and ultimately ineffective as an anti-terrorism tool.” [Source]

US – US Spooks Get Their Own MySpace

The US Intelligence community has joined the social networking phenomenon with the launch of A-Space, a MySpace style social network. The move is said to be part of the ongoing effort to transform the American Intelligence community following the failure to detect the 9/11 terrorist attacks or find weapons of mass destruction in Iraq. Thomas Fingar, the Deputy Director of National Intelligence for Analysis said that A-Space would be ‘MySpace for analysts’ that will break down firewalls across the ‘traditionally stove-piped intelligence community.’ A-Space will initially be voluntary ‘to assuage worries of spies concerned about blowing their cover.’ The service will be equipped with web-based email and software that recommends areas of interest to the user ‘just like Amazon suggests books to its customers.’ The site will also allow users to create and modify documents and determine user privileges. The US Director of National Intelligence will open the site to the entire intelligence community in December. [Source] [CIA plans social networking site for spies] See also: [Consumer Innovations To Inform Web Site For Spies]

EU – Irish DPA Furious over Roll-Out of Biometric Testing for Hotel Staff

The Irish national privacy watchdog has expressed concern at the growth in ‘Big Brother’-style clock-in systems that read workers’ physical data after another hi-tech attendance procedure was launched at a major hotel. Ireland’s Data Protection Commissioner Billy Hawkes issued his warning after it emerged that the Gresham Hotel in Dublin is the latest employer to introduce a ‘biometric’ system. Workers claim they were not consulted about the introduction of the system that reads handprints. [Source]

--------