UK – All UK ID Cardholders Could Have Fingerprints Checked

Orindary citizens forced to sign up to the UK government’s identity-card scheme will be treated as potential criminal suspects when their fingerprints are checked, in a bid to solve 900,000 crimes. In an e-mail to 28,000 signatories petitioning the Prime Minister to drop the controversial identity-card scheme, Tony Blair confirmed that police would be able to ask Identity and Passport Service staff to check all fingerprints on the biometric database. [Source]

US – Driver’s License Photos Emerge as Crime-Fighting Tool, Privacy Advocates Worry

Massachusetts and at least 6 other states have or are working on enormous databases of driver’s license photographs, in an effort to couple them with facial-recognition technology or law enforcement purposes. Critics say the databases may therefore also represent a profound threat to privacy. “What is the D.M.V.?” asked Lee Tien, a lawyer with the Electronic Frontier Foundation. “Does it license motor vehicles and drivers? Or is it really an identification arm of law enforcement?” Anne Collins, the Massachusetts registrar of motor vehicles, said that people seeking a driver’s license at least implicitly consent to allowing their images to be used for other purposes. “One of the things a driver’s license has become,” Ms Collins said, “is evidence that you are who you say you are.” The databases are primarily intended to prevent people from obtaining multiple licenses under different names. That can help prevent identity theft and stop people who try to get a second license after their first has been suspended. In time, though, the combination of facial recognition and other information - from financial records, mobile phones, automobile positioning devices and other sources – may do away with the ability to move anonymously through the world, Mr. Tien said. “The real question with biometrics,” he said, “is that they are part of a cluster of technologies that will allow for location tracking in both public and private places.” [Source]

CA – New Ontario Licence May Double As Passport

The Ontario government plans to start issuing new “high-security” drivers’ licences by the end of the year. The government believes it can convince the U.S. to accept the new licences as alternatives to passports, which American lawmakers are saying must be used to cross the border by land as early as next January. The new licences will feature laser engraving, holograms, currency-like print quality and other security measures invisible to the naked eye, said a government source familiar with the project. Premier Dalton McGuinty will tout the effort in Washington next week as he joins Manitoba Premier Gary Doer and New Brunswick Premier Shawn Graham to lobby members of Congress and state governors on the border issue. [Source] [Three Premiers Take Passport Concerns to Washington] See also: [Young Canadians to Get Free Pass at U.S. Land Borders]

CA – Privacy Czar Balks at Sharing Voters’ Birthdates

The federal Privacy Commissioner is criticizing a bill that would provide the birthdate of electors to political parties, which could then use the information to send birthday cards or target their fundraising efforts to specific age groups. In a letter to NDP MP Paul Dewar, Privacy Commissioner Jennifer Stoddart said that Bill C-31 is designed to prevent electoral fraud, and that providing personal information to political parties is unnecessary. “I fail to understand how the disclosure of birth information in this way would contribute to protecting or improving the integrity of the electoral process,” Ms. Stoddart said in the letter. “Providing date-of-birth information to politicians for the purpose of target marketing of constituents is neither a use consistent with protecting the integrity of the electoral system nor a use that a person would reasonably expect when registering to vote.” [Source] [NDP to filibuster voter photo ID bill] [Bill C-31]

CA – Privacy Attorneys: Negligence Class Action Suits Likely

Mark Hayes, a partner at Blake Cassels & Graydon LLP, said during an Ontario Bar Association Institute meeting that security breaches will likely lead to negligence class action lawsuits. However, class action lawsuits are uncertain because damages remain unclear, Hayes said. Recent incidents involving the personal information of Canadians have led to an examination of how to handle privacy breaches. Participants also discussed the public policy question of whether breach disclosure was the right approach, with some proponents of notification saying consumers have the right to know when their information has been exposed and others decrying the impact of notification overload. [Source]

US – Banking System May Be a Model for Medical Record Storage

Medical providers are experimenting with regional networks for storing patient medical records, though security questions remain. Johns Hopkins School of Nursing professor Marion J. Ball said she thinks the banking system might be a good model for keeping medical record storage under control. “There’s a whole major movement in this country to see how we can move information from one network to another,” she said. Questions include how to secure the information and protect the patient’s privacy, but she said the biggest issue is, “Who owns the information? Is it the patient, is it the doctor who makes the diagnosis, is it the insurance company who paid for it?” In an article published recently in the IBM Systems Journal, Ball proposed a private-industry standard where patients control who can access their information, and how much. The system could pay for itself by mining nonidentifying data to sell to researchers, drug developers and private industry, Ball said. [Source]

US – NIST Recertifies Open Source Encryption Module

The National Institute of Standards and Technology has recertified the OpenSSL open source encryption module. OpenSSL once again is compliant with Federal Information Processing Standard 140-2 Level 1 standard, according to the Open Source Software Institute (OSSI) of Hattiesburg, Miss. Last July, NIST revoked its certification for the OpenSSL open-source encryption tool when questions were raised about the validated module’s interaction with outside software. Earlier this month NIST posted a new certificate number for OpenSSL on the Cryptographic Module Validation Program Web site. Government agencies use FIPS 140-2 cryptographic products to secure networks carrying unclassified sensitive data. “Because of the National Security Telecommunications and Information Systems Security Policy, anything that is information assurance-enabled has to get a validation to be used in classified and unclassified systems,” OSSI executive director John Weathersby said. [Source]

EU – Europe Plans to Track Phone and Net Use

European governments are preparing legislation to require companies to keep detailed data about people’s Internet and phone use that goes beyond what the countries will be required to do under a European Union directive. In Germany, a proposal from the Ministry of Justice would essentially prohibit using false information to create an e-mail account, making the standard Internet practice of creating accounts with pseudonyms illegal. [Source] [Source]

UK – Privacy Row: 439,000 Phone And E-Mail Taps

Almost 450,000 requests were made to monitor people’s telephone calls, e-mails and post by secret agencies and other authorized bodies in just over a year, the spying watchdog said this week. In the first report of its kind from the Interceptions of Communications Commissioner, it was also revealed that nearly 4,000 errors were reported in a 15-month period from 2005 to 2006. While most appeared to concern “lower-level data” such as requests for telephone lists and individual e-mail addresses, 67 were mistakes concerning direct interception of communications. Sir Swinton Thomas, the report’s author, described the figure as “unacceptably high”. The disclosures came as Tony Blair admitted that the fingerprints of everyone obtaining identity cards could be checked against nearly a million unsolved crimes. Human-rights campaigners described the twin revelations yesterday as signs of a “creeping contempt for our personal privacy”. [Source] [Surveillance figures could mask bugging of millions] [Coverage]

UK – Sex Offenders' Register to Include Senders of Indecent Email

The sending of emails of a sexual nature could earn the sender a place on the sex offenders' register under changes to existing legislation that came into force today. An Order has amended the Sexual Offences Act of 2003 to make it possible for offences which are not primarily sexual in nature to be punishable by a sexual offences prevention order (SOPO). [Source] [The Sexual Offences Act 2003 (Amendment of Schedules 3 and 5) Order 2007]

AU – Membership-Based Directory Tracks Poorly Behaved Hotel Guests

Hotel, motel and vacation home operators in Australia are able to obtain a membership to the Guests Behaving Badly register to check up on the conduct of potential customers. The registry is expected to expand to other countries, depending on the impact of each country’s privacy laws. Since the database’s launch in December 2006, more than 1,000 properties have signed up for a membership to access the information. [Source]

US – Ponemon Announces 2007 Privacy Trust Rankings of Gov't Agencies

Privacy and information management research firm the Ponemon Institute released its 2007 Privacy Trust Study of the United States Government. The report ranks from most- to least-trusted 74 federal agencies known to collect information on individuals. In its third year, the Privacy Trust Study of the United States Government seeks to determine and track public perceptions related to the ability of public institutions to safeguard citizen's privacy and personal information. Data generated from the study is evaluated and ranked using the Ponemon Institute's Privacy Trust index and assigned a privacy trust score. According to the Ponemon Institute, the five most trusted federal agencies are: 1. U.S. Postal Service: 83%; 2. Federal Trade Commission: 80%; 3. Bureau of Consumer Protection: 79%; 4. National Institutes of Health: 71%; 5. Census Bureau: 68%. The five least trusted federal agencies, according to the Ponemon Institute study: 1. National Security Agency: 19%; 2. Central Intelligence Agency 21%; 3. Department of Homeland Security: 22%; 4. Office of Attorney General: 23%; 5. Transportation Security Administration: 25%

[Source] [Press Release]

EU - European Council Backs Plans to Extend DNA Data Sharing

The European Council has backed plans to extend a Germany-Austria police database across Europe. If implemented, the plan would allow police forces across Europe to share information including criminals’ DNA. The Prüm Treaty signed between Germany and Austria is the core of a system which also includes Belgium, Spain, France, Luxembourg and The Netherlands. Italy, Sweden, Greece, Slovenia, Finland, Bulgaria and Romania have all said that they will join the scheme. The countries are reported to have collaborated on the database sharing initiative separately to the institutions of EU government in order to move more quickly and bypass some of the EU’s bureaucracy. [Source]

CA – BC e-health EMR RFP Issued

The BC provincial government and the BC Medical Association have announced a new initiative intended to help physicians implement electronic medical records. A request for proposals has been issued on the BC Bid website seeking vendors to supply electronic medical records to physicians across B.C. [Source]

WW – The TJX Breach: It's Even Worse Than They Thought

TJX Companies released this week some of the findings from its investigation into the massive security breach it announced last month that indicated the problems go back much earlier than last Christmas. The breach is believed to have occurred between May 2006 and mid-December of 2006, but the report states that the investigation has unearthed other, earlier breaches, including several incidents in 2005. TJX discovered the most recent intrusion in December and reported it to authorities in the U.S. and Canada as well as the major credit card companies and its payment processors soon after it happened but at the request of law enforcement, it was kept quiet until late January. [Source]

US – Conn. State Workers’ Info Ends Up On Web

More than 1,700 state workers recently learned that some of their personal information, including their names and SSNs, had been inadvertently posted on the Internet. The information on the website for the state Department of Administrative Services may have been there since October 2003. The employees were notified by letter just last week. State officials apparently learned of it last month when a state worker found his name on a site. “With all the attention that has been given to similar losses of data at the Veterans Administration and at banks and universities, I would have thought somebody would have been a lot more careful with that information,” said one of the 1,753 state employees who received one of the letters. [Source] [Source]

AU – Passenger Lists From Ocean Cruise Ships Found On Footpath

A confidential list of 1500 passengers aboard one of two massive ocean liners to visit Sydney was discovered on a Sydney footpath. Yesterday’s arrival of the Queen Mary 2 and its smaller sister ship, the Queen Elizabeth 2, in Sydney Harbour wowed Sydneysiders and caused traffic chaos as locals lined up in their thousands to see the two vessels. Radio station Nova FM today said 20 pages of passenger lists with confidential personal information, including birth dates and passport numbers, were discovered lying on the ground at Circular Quay last night by an unidentified person. The list includes the names of 1500 passengers, as well as their nationalities, cabin numbers, passport details, and where and when they would leave the ship. Nova FM said it was unable to verify to which ship the list related. [Source]

UK – ID Cards: Tony Blair Responds to 28,000 ‘Anti’ Petitioners

Tony Blair has written an emailed reply to more than 27,000 people who signed a petition against the introduction of identity cards. People who get identity cards will have their fingerprints checked against those found at the scene of nearly a million unsolved crimes, Tony Blair said. Responding to the petition, Mr Blair said the biometric recognition details, such as fingerprints, would be entered on a new National Identity Register. Mr Blair’s email appears to contradict an assurance given by Tony McNulty, a Home Office Minister, when the legislation was going through the Commons in 2005. Mr McNulty said there were safeguards against state agencies “for want of a better phrase, going fishing in the database’’. The Conservatives are committed to scrapping the ID card scheme, which they claim will cost at least pounds 5 billion. [Source] [ID cards ‘will allow crime fingerprint checks’] [Blair under fire over police access to ID card database]

AU – Australia Crucial ID Card Systems Lagging

No decisions about which identity documents will meet the tough standards for an Access Card have been taken, and the Document Verification Service will not be operational until 2010. These revelations came as senior officials were forced into embarrassing admissions during Senate Estimates questioning last week. Attorney General’s Department deputy secretary Miles Jordana said the $25 million DVS was on track for delivery in 2010, and there was “no expectation” that the full system would be available for initial access card enrolments. Under the Government’s timeline, almost 17 million Australians will be registered between April 2008 and early 2010. After 2010, a card will be needed to access Medicare and other welfare benefits. [Source]

US – Michigan State May Introduce “Dual Purpose” License

Michigan could be a pilot state for a program to implement dual-purpose drivers’ licenses and state identification cards. Secretary of State Terri Lynn Land proposed more than a year ago creating Michigan drivers’ licenses that could also serve as passports. The change was offered in response to the federal REAL ID Act and the Western Hemisphere Travel Initiative (WHTI), said Ken Silfven, a spokesperson for Secretary Land. “You would only need one document,” Silfven said. [Source]

US – Study Finds Lower Turnout in States Requiring Voter ID

States that imposed identification requirements on voters reduced turnout at the polls in the 2004 presidential election by about 3%, and by two to three times as much for minorities, new research suggests. The study, prepared by scholars at Rutgers and Ohio State Universities for the federal Election Assistance Commission, supports concerns among voting-rights advocates that blacks and Hispanics could be disproportionately affected by ID requirements. But federal officials say more research is needed to draw firmer conclusions about the effects on future elections. [Source]

WW – Sxip Identity Delivers On-Demand Identity Management for Google Apps

Sxip Identity has announced the availability of Sxip Access for Google Apps. An identity and access management solution for Google Apps(TM) Premier Edition, Sxip Access extends the access privileges, security policies and manageability of the corporate network to the online world. More specifically, Sxip Access ensures additional: - Control - maintain centralized user control by tightly integrating with existing corporate directories, increases IT efficiency and reduces management costs - Security - instantly create, modify or revoke user access to Google Apps, protects critical data and mitigates risks from unauthorized access - Productivity - seamless access to Google Apps with no additional usernames and passwords, improves user experience, promotes application uptake and utilization [Source]

US – AT&T Whistleblower Wins EFF Award

Whistleblower Mark Klein will get some well-deserved acknowledgement when he receives a James Madison Freedom of Information Award next month. The award could hardly find a more deserving recipient — Klein is the former AT&T technician who exposed the extent of the government’s warrantless wiretapping program. In early 2006, Klein came forward with internal AT&T documents that show the company cooperated with the NSA’s secret program to eavesdrop on internet communications, in violation of federal wiretapping laws and the Fourth Amendment. Klein’s evidence demonstrates that in at least one of AT&T’s facilities, internet traffic was diverted to a secret, secure room to which only the NSA had access. All of the documents have been used in EFF’s court case, which is currently under review by the Ninth Circuit Court of Appeals and a portion have been made broadly available on the internet since April, 2006. In the words of EFF Staff Attorney Kurt Opsahl, Klein is “a true American hero.” This public recognition of his bravery in defense of the public’s right to know is richly deserved. [Source]

US – Judge Limits New York Police Taping of Protests

In a rebuke of a surveillance practice greatly expanded by the New York Police Department after the Sept. 11 attacks, a federal judge ruled this week that the police must stop the routine videotaping of people at public gatherings unless there is an indication that unlawful activity may occur. In yesterday’s ruling, Judge Haight, of U.S. District Court in Manhattan, found that by videotaping people who were exercising their right to free speech and breaking no laws, the Police Department had ignored the milder limits he had imposed on it in 2003. [Source] [Text of the Decision] [The Empire Zone Blog: Court Case Primeval] [Police Infiltrate Protests, Videotapes Show (Dec. 22, 2005)] [Video: N.Y.C. Police Surveillance]

US – FTC Settles with Direct Revenue and its Principals for $1.5 Million

DirectRevenue LLC and four of its principals have agreed to settle FTC allegations that they used unfair and deceptive methods to download adware onto consumers’ computers and then obstruct them from removing it, in violation of federal law. The settlement bars future downloads of DirectRevenue’s adware without consumers’ express consent and requires DirectRevenue to provide a reasonable and effective way for consumers to locate and remove the adware from their computers. The settlement also requires DirectRevenue to pay $1.5 million. [Source] See also: [FTC chief: Pop-ups and adware are bad business]

WW – Google Shuts Hole in Desktop Product

A potentially devastating hole in Google’s prevalent desktop search product could have exposed personal files on users’ computers to data thieves. Google fixed the defect within weeks of being informed about it and says it has no evidence the vulnerability was exploited. The flaw was uncovered late last year by Watchfire Corp., a security-analysis provider. While the vulnerability exists in roughly 80% of Web applications, this problem appeared far more extreme “given the sensitive nature of what Google Desktop is doing,” said a researcher at Watchfire. [Source] [Watchfire security analysis]

AU – Australia Women Wary of Domestic Violence "Name and Shame"

The Premier's plan to "name and shame" the perpetrators of domestic violence has run into immediate opposition - not from men, but women. If a violent husband is named and humiliated publicly, few may have sympathy for him. But his battered wife and their children would be named – and shamed - at the same time, critics say. Morris Iemma announced yesterday there would be a new law for a "specific new offence" of domestic violence. He said "offenders will no longer be able to hide behind assault charges" and, if convicted, would be exposed as "the cowards they are". But the Women's Electoral Lobby branded this as a "simplistic and sensationalist" response to a complex problem. "Often women have spent years concealing the violence in their lives, and as a result of that violence in their relationships they often suffer from very low esteem," said the lobby's spokeswoman, Sarah Maddison. "The prospect of that very private aspect of their lives becoming part of a naming and shaming circus would be a deterrent for many to come forward." Then there is the humiliation in the schoolyard... [Source] See also: [Ontario Government website targets Ontario's 'deadbeat' parents]

IN – India Airports Dump Backscatter X-Ray Machines

Indian airports have ditched high-powered X-ray surveillance that offers near-naked images of passengers amid fears of protests over privacy abuse, officials said last week. The Central Industrial Security Force (CISF), which guards Indian airports, said a single Backscatter X-ray device imported from the United States in November had been mothballed after its results shocked security personnel. [Source]

US – Arizona Field Tests Begin on Backscatter X-Ray Machines

An X-ray machine aimed at detecting weapons and explosives hidden on passengers is scheduled to make its debut Friday at Phoenix’s Sky Harbor International Airport. The “backscatter” will be in operation at Security Checkpoint B in Terminal 4. While any Terminal 4 ticketed passenger can pass through any checkpoint, the B concourse is primarily used by travelers on Tempe-based US Airways. [Source] See also: [T-Rays Advance Toward Airport Screening]

US – Feinstein to GAO: Investigate E-voting System

During the 2006 election in Florida, electronic voting machines may have “undercounted” to the tune of 18,000 votes in Sarasota County. But because the new machines were not designed to provide paper receipts, there is no way to double check the vote. Now, Senator Dianne Feinstein of California has taken action. Last week, she asked the Government Accountability Office (GAO) to investigate electronic voting systems that do not provide voter-verified paper ballots. Senator Feinstein specifically highlighted the problems in Florida, and asked for a “top to bottom investigation”. “Should the GAO become aware of any systems that are prone to software malfunctions, are susceptible to fraud, or use hardware design that would lead to voting system problems, I would request that you also inspect those systems,” writes Senator Feinstein. E-voting page. [Source] [Campaign Strengthens for a voting paper trail]

US – Magistrate Judge to Decide if Couple Will Be Prosecuted for ‘Stalking’ Officer

A Georgia couple, apparently tired of people speeding past their house, installed a camera and radar gun on their property. After it was installed, they caught a police office going 17MPH over the posted limit. They brought this to the attention of the local police department, and are now being forced to appear in front of a judge to answer to charges of stalking. [Source] [Source]

US – 8^th Circuit Upholds Conviction in Acxiom Data-Theft Case

The 8th U.S. Circuit Court of Appeals has upheld the conviction and 8-year prison sentence given to a Florida man in the theft of 1 billion records that the database manager Acxiom Corp. collected in its work for large corporations. He was was also ordered to pay $153,395 in restitution to Acxiom. [Source]

US – U.S. Borders Axe RFID Security

The U.S. Department of Homeland Security is now looking to alternative technologies for its border security system after RFID tags failed to work as expected in a 15-month test. The department is now looking to options such as biometric technologies that will be used to track foreign visitors passing through checkpoints when they exit the U.S., according to a Department of Homeland Security spokeswoman. The DHS tested the RFID technology in an effort to improve its U.S. Visitor and Immigration Status Indicator Technology (US-VISIT) program, which was created by Congress in January 2004 to track foreign nationals within the U.S. The spokeswoman said the department had hoped that the RFID technology could be used to automate and speed up the process of getting an accurate record of foreign visitors as they leave the country. [Source]

US – Washington State Lawmaker Files Bill To Limit RFID Uses

Rep. Jeff Morris has filed a bill that includes some of the nation’s tightest restrictions on RFID. The bill would prevent the technology’s use to track people through tiny tags affixed to goods they buy. The bill would require product labeling to notify consumers about the presence of the tags and notification of consumers if the item is able to transmit personal data. Consumers also would have to be informed about how they can deactivate the transmitter. Technology companies oppose the bill, saying it would stifle innovation when they already are committed to protecting customers’ privacy. [Source] [House Bill 1031] [Coverage]

CA – Canadian Internet Users “Enthusiastic” About RFID in Grocery Stores: Poll

Canadian Internet users are ready to embrace RFID technology not only in their grocery stores, but also in their homes, and while they mention safety, privacy and security as concerns, they are more worried about the cost of RFID and that it might not work properly, a new poll conducted by TNS Canadian Facts reveals. As the technology is introduced in grocery stores, consumers will be able to roll their entire shopping cart onto a platform and all items would be scanned simultaneously and rung up quickly. [Source] [Coverage] [Coverage] [Coverage] [Coverage]

US – NIST Releases Info Security Documents

On 12 February, the National Institute of Standards and Technology (NIST) published two new interagency reports designed to help auditors, inspectors general and senior management understand and evaluate information security programs. NISTIR 7359, titled “Information Security Guide for Government Executives,” is an overview of IT security concepts that senior management should grasp. NISTIR 7358, titled “Program Review for Information Security Management Assistance (PRISMA},” lays out a standardized approach for measuring the maturity of an information security program. On 20 February, NIST released the following final publications: SP 800-45 Version 2, Guidelines on Electronic Mail Security ; SP 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS) ; and SP 800-97, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i SP 800-45 Version 2.[Source] [Source]

CA – 2/3 of IT Security Professionals Say Data Less Secure Than Two Years Ago

Even IT security professionals are pessimistic about the security of personal data in this digital age, according to a new nCircle survey. The survey noted that 66% of the 83 IT professionals polled said their data was less secure than it was two years ago. “IT security professionals see online data attacks every day and they know that no-one’s data is secure,” said nCircle senior researcher Sheldon Malm in a statement. “IT professionals are keenly aware that most organizations adopt a defensive approach to data security which is an incomplete solution that leaves both data and organizations vulnerable.” [Source] See also: [Auditors stress importance of data security to TSP officials]

CA – Q1 Labs, UNB, and the Gov’t of Canada Form Info Security Center of Excellence

Q1 Labs, a network security management company, and the University of New Brunswick (UNB) in Fredericton, have announced the founding of an Information Security Center of Excellence. Co-funded by Q1 Labs and a Canadian government research grant, graduate students in the program are already working on research projects that will advance the current state of threat detection, attack simulation, correlation techniques, and network application discovery. [Source]

AU – Australia Smart Card Personal Data ‘Easily Accessible’: Task Force

Sensitive personal information stored on the Australian proposed health and welfare smart card will be easily accessible to anyone with a card scanner, a Government-appointed taskforce has found. Private health and contact information will become “effectively a public and relatively easily accessible record”, the taskforce warned this week. The controversial card will replace the Medicare card and become compulsory for any Australian who wants to access up to 16 other government health and welfare services. The Government believes the micro-chipped access card is a must to secure Australian citizens against burgeoning card fraud. Under its plan, electronic space on the card would also be made available for cardholders to store personal information that could be used in medical emergencies. Former human services minister Joe Hockey has said that next of kin and doctor details, allergies, chronic illness and organ donor and immunization status could be stored on the card. But the Access Card Consumer and Privacy Taskforce this week raised concerns that private information about individuals, such whether they suffer from epilepsy or diabetes, would be available to anyone with a card reader. [Source] [Source] [Australian Privacy Task Force to Investigate Security Issues] [Source] [Source] [Source] [Task Force website] [Report]

US – Many HSPD-12 Cards Fail Their First Test

A majority of the identification cards agencies issued to meet Homeland Security Presidential Directive-12 fell short of complying with the federal standard and must be retested. Industry and government officials confirmed that most cards issued in October had an assortment of problems-some of them major, such as a lack of interoperability, and some minor, such as using the wrong shade of blue on the card. “There were over 100 tests the General Services Administration performed, but the most important one was for basic interoperability,” said one department official close to the HSPD-12 process, who requested anonymity. “We knew we wouldn’t pass because we have our own testing tool and we were having specific issues [other than interoperability]. But we didn’t necessarily fail because, to me, [failing] means they weren’t interoperable, and they were.” The official said many of that agency’s problems were due to not meeting the standard’s “persnickety” requirements. [Source]

KR – Korea CCTV Regulation Eyed for Privacy

The government plans to employ tighter restrictions on the use of close circuit television (CCTV) cameras in public spaces over privacy concerns. According to plans announced by the Ministry of Government Administration and Home Affairs Wednesday, policymakers are also considering lowering the voting age to 19 for local elections as they prepare to introduce recall elections in July that allow voters to remove an elected official from office. ``We expect to produce legal guidelines by the end of the year that will regulate the installment and use of CCTV cameras to protect the privacy of individuals and reduce infringements,'' said Home Affairs Minister Park Myung-jae in a news conference at the central government complex in Seoul. Although the ministry did not reveal details of the regulations, there are a number of related bills being discussed in the National Assembly. [Source]

CA – Toronto CCTV: The Politics of Privacy

Toronto blogs are filled with expressions of opposition to the closed circuit television (CCTV) pilot project, but a recent public consultation revealed that Torontonians seem more enthusiastic about the prospect than the police. At Wednesday's public meeting at Marc Garneau Secondary School, most comments from the floor to representatives of the Toronto Police and Toronto Police Services Board fell into two categories: disappointment at how few people showed up (there were 12 members of the public, and about 15 police officers), and a fervent desire for there to be as many cameras as possible -- as soon as possible. [Source] See also: [Toronto Transit Surveillance Cam Project Shelved]

EU – Air Liner Surveillance: CCTV in Every Seat

Tiny cameras the size of a fingernail linked to specialist computers will be used to monitor the behaviour of airline passengers as part of the war on terrorism. Fitted to seat-backs, the cameras will record every twitch or suspicious movement before sending the data to onboard software that will check it against individual passenger profiles. Scientists from Britain and Germany are spending £25 million to develop a system they hope will make it virtually impossible to hijack an airliner by providing pilots and cabin crew with an early warning system. They say rapid eye movements, blinking excessively, licking lips or ways of stroking hair or ears are classic symptoms of somebody trying to conceal something. A separate microphone will record speech, including whispers; Islamic suicide bombers whisper texts from the Koran in the moments before they explode bombs. The software being developed by the scientists will be so sophisticated it will be able to take account of nervous flyers or people with a natural twitch, helping to ensure there are no false alarms. "We're trying to develop technologies that indicate the differences between normal passengers and those who may be a threat to others or themselves," said Catherine Neary of BAE Systems. [Source] [Source] [Source] [Remarks by Bruce Schneier]

UK – London Motorists 'Being Tracked By Police'

Hundreds of motorists have been tracked through London by police utilizing technology introduced to monitor congestion charging, it emerged this week. As the congestion charging area expands in to west London on Monday, figures released under the Freedom of Information Act show almost 1,500 drivers have had their details passed to the police by Transport for London, the body responsible for London's transport system. However, it is claimed that most of the drivers targeted will be law-abiding because criminals know how to get round the system, claim the Association of British Drivers. The pressure group also claimed the figures debunk Government assurances that drivers will not be traced. The figures show that between July 25th 2005, when TfL started recording when police forces asked for information about drivers - known as 'Section 29 requests' - and December 10 last year, 1,768 requests were made, and 1,465 granted, an average of almost three cars tracked through London every day. [Source] See also: [Car number plate cameras 'first step towards tolls']

US – U.S. Official Admits to Big Delay in Revamping No-Fly Program

The federal takeover of checking passenger names against terrorist watch lists, a top priority for aviation officials since the 2001 terrorist attacks, is not expected to be complete until 2010, more than five years behind schedule, a top Department of Homeland Security official acknowledged this week. The delay in the timetable is the latest setback in a long-promised program intended to enhance aviation safety, while reducing the number of passengers mistakenly identified as possible terrorists. The agency's administrator, Kip Hawley, said in an interview Tuesday that after spending a year re-examining Secure Flight, officials have come up with a way to reduce mistakes, protect privacy rights and achieve the reliability needed to screen some two million passengers who fly each day. It will cost some $80 million more in the next year and a half to develop the enhanced system, which will then require more than a year of testing, resulting in the estimate that it will be in full use sometime in 2010. Officials would not release an estimate of how much they expected to spend before the system was complete. [Source]

US – US-VISIT Has Not Met Expectations; Longstanding Challenges Remain: GAO

The Department of Homeland Security (DHS) is investing billions of dollars in its U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program to collect, maintain, and share information on selected foreign nationals who enter and exit the United States. The program uses biometric identifiers (digital fingerscans and photographs) to screen people against watch lists and to verify that a visitor is the person who was issued a visa or other travel document. The program is also to biometrically confirm the individual’s departure. For over 3 years, GAO has reported on US-VISIT capability deployments and shortfalls, as well as fundamental limitations in DHS’s efforts to define and justify US-VISIT’s future direction and to cost-effectively manage the delivery of program capabilities on time and within budget. GAO was asked to testify on (1) the status of the program’s implementation and (2) the program’s progress in addressing longstanding management weaknesses. Given where US-VISIT is today and the challenges and uncertainties associated with where it is going, GAO believes that DHS is long overdue in demonstrating that it is pursuing the right US-VISIT solution and that it is managing US-VISIT the right way. [Source]

US – ACLU Issues Real ID “Scorecard” Checklist for Evaluating Regulations

The American Civil Liberties Union this week released a "scorecard" for evaluating Real ID Act regulations that are expected to be released soon by the Department of Homeland Security (DHS). The rules will provide the states with precise instructions on how to implement the act, which seeks to create a backdoor national identity card system by federalizing state driver's licenses. ACLU’s Barry Steinhardt said that when the regulations are released, the ACLU will fill in the scorecard and rate the degree to which the regulations succeed. DHS Secretary Michael Chertoff has indicated that the regulations would be released before the end of February. They will then be subject to a public comment period. [Source] [ACLU Real ID scorecard] [Comprehensive and up-to-the-minute information on Real ID Act] See also:[Arizona State Senate OKs Complaint About Real ID Law] [State senator wants Maryland to oppose federal REAL ID Act]

US – California Introduces Security Breach Bill to Protect Patient Records

Speaker pro Tempore Sally Lieber (D-San Jose) introduced legislation this week that requires companies to disclose all security breaches of a person's electronic medical or health care records in order to protect patients from identity theft and inappropriate use of their private medical records (Assembly Bill 512). "Victims of medical identity theft have more to worry about than financial problems-their physical health and future insurability is at risk as well." said Lieber. "If someone steals and uses your medical identity that person's information, including different blood type, allergies, prescriptions and medical conditions will then end up on your health records" Lieber explained. [Source]

US – New Hampshire Law to Prohibit Listing Cell-Phone Numbers

Rep. Neal Kurk, R-Weare, and Rep. James Phinizy, D/R-Acworth, are sponsoring legislation to protect people who do not want their cell-phone numbers published. The pending bill, which would take effect Jan. 1, 2008, would allow a customer to bring action for damages against someone for publishing his or her cell-phone number without written permission. The plaintiff could sue for the amount of damage caused to them or $1,000, whichever is greater. [Source]

--------