US – Shell Station Customers ‘Pay by Touch’

Ten Shell gas stations in the Windy City are testing biometric systems that let consumers walk up to the pump, scan their fingertips on a device and fill up their vehicles. The systems, also installed at Shell convenience stores, are directly linked to customers’ checking or credit-card accounts for payment. Shell said it is the first brand to launch the biometric systems, though expansion hinges on whether its customers take to the futuristic finger scanners. Sunflower Market, a Chicago grocery store, also has Pay By Touch systems installed. About 2% of its customers signed up for the payment option, said the store’s manager. “I think it scares people. They’re more confused about the whole system. Some of them say, ‘Well, now the FBI can find me.’” [Source]

US – Nashville Schools to Include Facial Recognition Technology in Camera Surveillance

The Nashville school system plans to become the first in the nation to use security cameras that spot intruders with controversial face-recognition technology. Starting Dec. 1, the 75,000-student district will equip three schools and an administration building with cameras that can detect an unfamiliar face or someone barred from school grounds. The technology is denounced by civil libertarians and has been discarded by police in Tampa and Virginia Beach, which found face-recognition cameras in downtown districts did not help in spotting wanted criminals. “Schools should not feel like some sort of prison,” said Melissa Ngo of the EPIC. [Source]

CA – Top Court Upholds Conviction in ‘Right to Remain Silent’ Case

The Supreme Court of Canada has upheld the murder conviction of a B.C. man in a case viewed as a test of how police interrogation tactics should square with the charter’s long-protected right to silence. The court ruled 5-4 against the appeal from Jagrup Singh, of his 2002 conviction for second-degree murder. The case revolved around the question of whether police breached Singh’s right to remain silent when they persisted in questioning him about a shooting, even though he repeatedly made it clear that he didn’t want to talk. Under the Charter of Rights and Freedoms, the accused has the right “not to be compelled to be a witness” against himself in criminal proceedings. Justice Louise Charron wrote in her majority opinion that “[i]t is not appropriate to impose a rigid requirement that police refrain from questioning a detainee who states that he or she does not wish to speak to police.” [Source]

CA – Industry Canada Calls For Public Input on PIPEDA Reform

The battle over Canadian privacy continues in the wake yet another review of the Personal Information Protection and Electronic Documents Act (PIPEDA). This time, however, a significant sally forward has been made, with Industry Canada opening up their recommendations to public opinion. There have been several commissions looking into PIPEDA over the last year or so, with the Privacy Commissioner running her own review (complete with public consultation), and a parliamentary committee (the Standing Committee on Access to Information Privacy and Ethics) running theirs, with the results released in May. Industry Canada’s review - ”Government Response to the Fourth Report of the Standing Committee on Access to Information Privacy and Ethics: Statutory Review of the Personal Information Protection and Electronic Documents Act (PIPEDA)” - was in response to this committee’s findings. [Source] [Privacy Advocates say Ottawa Regulations Backward]

CA – New Assistant Canadian Privacy Commissioner Appointed

The Minister of Justice and Attorney General, on the recommendation of the Privacy Commissioner, has announced the appointment of Elizabeth Denham as Assistant Privacy Commissioner, effective November 1, 2007. Elizabeth Denham was most recently Director of Research, Analysis and Stakeholder Relations with the Office of the Privacy Commissioner. On secondment from the Office of the Information and Privacy Commissioner of Alberta, she had been the Director, Private Sector, responsible for the enforcement of Alberta’s new Personal Information Protection Act. [Source] [Press Release]

US – FTC Concludes 2-Day Review of Online Advertising Practices

Google, Yahoo and Microsoft detailed their privacy practices last week during a town hall-style meeting held by the FTC. The companies said that they store user data for 18 months or less before they destroy it. The event also explored online advertising practices amid calls for more federal regulation, including a Do-Not-Track registry similar to the popular Do-Not-Call registry. About $20 billion will be spent on online advertising. An FTC commissioner said that one outcome of competition among search engines is that they are “tripping over each other to improve privacy.” [Source] [Update: Tracking of Web Use by Marketers Gains Favor]

US – Most Consumers Clueless About Online Tracking, Behavior Profiling: Survey

But the average American consumer is largely unaware of online tracking by online marketers and advertising networks, the extent to which it is happening or how exactly information is being used. That’s according to a new poll released this week by the Samuelson Clinic at the University of California, Berkeley, and the Annenberg Public Policy Center at the University of Pennsylvania. The survey of nearly 1,200 California adults studied consumer perceptions about online privacy and common advertising practices. “Consumers still think that [online] privacy policies are representing that the Web site will not sell or use data in specific ways,” said Chris Hoofnagle, one of the authors of the report and a senior staff attorney at the Berkeley Center for Law and Technology. But “there is a disconnect between the business practices and consumer expectations.” [Source] [Survey]

US – FTC Calls for Power to Fine Spyware Purveyors

The FTC wants the authority to impose fines on spyware purveyors. Presently, the FTC can collect only profits and money to compensate victims. Without the threat of fines looming over their heads, spyware distributors are unlikely to be discouraged from their activity. The Spy Act, a bill passed by the House of Representatives but presently stalled in the Senate, would give the FTC the authority to impose civil fines on companies that put spyware on consumers’ computers. [Source] [Source] See also: [FTC 'Do Not Call' Crackdown Nets $7.7 Million In Fines]

UK – Data Sharing Plans in Queen’s Speech

New powers to enable the automatic sharing of data held by police and intelligence agencies are to be included in the Counter-Terrorism Bill unveiled in this week’s Queen’s Speech setting out the Parliamentary programme for the coming year. The proposed measures are intended to “help the investigation of terrorism” include “making full use” of the DNA database which has been rapidly built up by the police in England and Wales. It contains biometric details of more than four million individuals, including children, arrested by the police regardless of whether they are convicted of a crime. The Home Office said the intention of the new powers are “to ensure that full use can be made of DNA in terrorism investigations”. Ministers are also considering putting the Counter Terror DNA database on a statutory footing. [Source] See also: [Shared Services Raise Governance Challenges in Ontario: Langhout]

US – OMB Issues Poor Grades to Agencies on US E-Gov Progress

21 U.S. agencies saw their progress grade drop under the final fiscal 2007 President’s Management Agenda scorecard because officials failed to develop and implement an information technology breach notification policy by Sept. 22. The Office of Management and Budget required agencies to create this new process in a May 22 memo on safeguarding and responding to personal identifiable information. However, it looks as though no agency took that action. Agencies traditionally do not see their progress scores drop because OMB focuses on status scores. But one agency CIO said no one remembered this requirement, including OMB, until its officials were reviewing the grading criteria. The scorecard was released Nov. 5^th [Source] [Source]

US – No Email Privacy Rights Under Constitution, U.S. Gov’t Claims

On October 8, 2007, the U.S. Court of Appeals for the Sixth Circuit in Cincinnati granted the government’s request for a full-panel hearing in U.S. v. Warshak case centering on the right of privacy for stored electronic communications. At issue is whether the procedure whereby the government can subpoena stored copies of your email - similar to the way they could simply subpoena any physical mail sitting on your desk – is unconstitutionally broad. This appears to be more than a mere argument in support of the constitutionality of a Congressional email privacy and access scheme. It represents what may be the fundamental governmental position on Constitutional email and electronic privacy - that there isn’t any. What is important in this case is not the ultimate resolution of that narrow issue, but the position that the U.S. government is taking on the entire issue of electronic privacy. That position, if accepted, may mean that the government can read anybody’s email at any time without a warrant. [Source]

CA – Encrypted E-Mail Company Hushmail Spills to Feds

Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer." But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company. A September court document from a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the U.S. and Canada. [Source] [Court Order]

EU – EU Seeks Data on American Passengers

American travelers’ personal data would for the first time be exported to all E.U. states by airline carriers flying to Europe under a proposal to be announced this week. According to a draft copy obtained by The Washington Post, the data, including names, telephone numbers, credit card information, and travel itinerary, would be sent to EU member states so they could assess passenger risk for counterterrorism purposes. [Source] [Source]

EU – Germany’s Parliament Set to Consider Data Retention Law Next Week

Telecom associations have sent a letter to all of the parties in Germany’s parliament urging them to consider changes to a data retention law set to come up next week. The letter expresses the associations’ views that the German law should not exceed the minimum standards set forth in the EU directive; law enforcement should be allowed to access the retained data for the prosecution of “severe crimes” only; as well as other concerns. Consideration of the German bill comes as observers await a decision from the European Court of Justice on the legality of the EU Data Retention Directive and its compliance with EU law. [Source]

UK – English Police Ordered to Delete Old Records of One-Time Cautions

Four English police forces have been ordered to delete criminal records because they have been kept for too long. The forces are appealing the decision to the Information Tribunal. The Information Commissioner’s Office (ICO) has ordered the deletion of the records, stating concerns “that the old conviction information is held contrary to the principles of the Data Protection Act because the information is no longer relevant and is excessive for policing purposes. Personal data processed for any purpose should be adequate, relevant and not excessive, and should not be kept for longer than is necessary for that purpose.” The ICO said that the incidents involved were not serious and in some cases involved people who were minors at the time. The incidents are up to 30 years old and in each case involve people who were never again convicted of an offence. [Source]

US – Nearly 80% of U.S. Adults Go Online

Four out of five U.S. adults go online now, according to a new Harris Poll. The survey found that 79% of adults--about 178 million--go online, spending an average 11 hours a week on the Internet. The results reflect a steady rise since 2000, when 57% of adults polled said they went online. In 2006, the number was 77%. When Harris Interactive, a market research firm, first began tracking online use among adults in 1995, the group found that only 9% of the population—or 17.5 million—said they went online. [Source] See also: [StatsCan Study: One third of Canadians Use Government Services Online]

CA – Cellphones as Wallets? RBC, Visa Test Mobile Technology

Royal Bank of Canada and Visa Canada announced that they are testing technology that would allow people to use their cellphones as electronic wallets. The bank and credit card company said they are launching an Ontario-based pilot project, to be conducted in three stages in 2008, that would allow consumers to simply swipe their phone in front of a scanner to make simple purchases. The pilot program will begin with laboratory testing followed by two trials, one for RBC employees in early 2008 and another, larger trial later in the year with consumers. The “contactless” technology would be similar to one currently being tested for use in credit cards. Instead of imbedding a chip in the card, however, the chip would be placed on a handset. [Source]

US – Feds Require Financial Institutions to Create Identity Theft System

The Federal Reserve Board, joined by other bank regulators, this week has released rules that will require financial institutions to create “reasonable polices and procedures” to detect and prevent ID theft, according to this Forbes.com article. The so-called “Red Flag” rules require the institutions to have strategies to detect troubling activities that signal the possibility of ID theft. Regulators also released guidelines designed to help financial institutions develop an ID theft program. The rule will take effect Jan. 1, and financial institutions must comply by Nov. 1, 2008. [Source]

CA – Alberta Premier to Improve Transparency of Agencies, Boards and Commissions

Alberta Premier Ed Stelmach is promising to improve the transparency and accountability of the government’s agencies, boards and commissions by acting on recommendations from the task force that he established to review the governance of these agencies. The recommendations include: developing broad legislation to guide agency governance and operations; creating a classification system for agencies, with corresponding governance practices; clarifying mandates and roles of agencies, ministries and government; improving agency recruitment processes; and, creating a secretariat to provide coordination and leading governance practice support to ministries and agencies. [Source]

UK – PM Embraces Notion of Easier Access to Government Data

The case for allowing free access to data collected and held at taxpayers’ expense has received endorsement from the top of the British government. In his speech on civil liberties last week, Gordon Brown, the prime minister acknowledged the power of the web to give access to information about public services. “The availability of real-time data about what is happening on the ground - whether about local policing or local health services - is vital in enabling people to make informed choices about how they use their local services and the standards they expect.” Brown is also considering opening new parts of the government’s digital archives. A committee headed by the editor-in-chief of Associated Newspapers is to consider relaxing the rule under which government records do not become public documents in the care of the National Archives until 30 years have passed. It will report by the middle of next year. The National Archives welcomed the review, saying it “may have significant implications for citizens’’ access to information, as any changes may lead to the speeding up of access to many records”. [Source]

CA – DNA Databank for Missing Persons Proposed

An Ontario MP has revived calls for a national DNA databank for missing persons and will present a petition to Parliament this week. Wayne Marston, the NDP member for Hamilton East Stoney Creek, said he took up the cause after learning that potential clues in a missing-persons case in his riding could not be tested for DNA because no body had been found. Consultations on such a database were held in 2005 by the former Liberal government. Some 10,763 Canadians are listed as missing, according to the RCMP. These include a wide range of cases, such as patients who leave mental health institutions without authorization. There are 308 unidentified human remains on record, the agency said. [Source] See also: [Genetic Testing Company Spurs Privacy, Ethical Questions]

UK – Shock at UK Cops’ DNA Database

The names of more than 17,000 North under-16s are contained on a police DNA database … even though many of them have committed no crime. The figure is the highest in the country and has led a Labour MP to slam the secret way the information has been collected. Liberal Democrat Shadow Home Secretary, Nick Clegg MP, said: “These figures underline the shocking extent to which this database has intruded, often without parental consent, into the lives of our children. Thousands of these children will have been found guilty of no crime, yet samples of their DNA will remain on file for life. “The disturbing and illiberal policy of adding a child’s most personal information to a massive Government computer system, simply on the grounds of an accusation, must stop immediately. “The Government has to come up with a proportionate and sensible way of using this technology, not the unfair scattergun approach that prevails.” A spokeswoman for human rights group Liberty added: “The UK’s database is five times larger than any other country in the world. The DNA of those who commit violent or sexual crimes should be retained even if they are under 16-years of age. However, the fact that DNA is taken from nearly everyone who is arrested means many innocent children have had their DNA recorded, without need, forever.” [Source]

US – DOJ Whistleblower eMail Addresses Accidentally Exposed

Human error exposed the email addresses of approximately 150 US Justice Department (DOJ) employees who had used a House Judiciary Committee website to submit tips about “alleged politicization” at DOJ. The House Judiciary Committee has been looking into the firings of US attorneys. A message sent to all those submitting tips accidentally included everyone’s email addresses in the “to” field rather than the “BCC” field; some of those addresses include pieces of the individuals’ real names. The list also included the public email address of Vice President Dick Cheney. [Source] [Source]

WW – Global Identity Crisis Centre Established

A new industry-led international initiative, the Centre for Ethical Identity Assurance (CEIA) has been launched to address the growing problem of identity fraud, the demand for greater identity assurance and the need to develop common standards and practices in this area. The CEIA’s principal mission is to establish and promote globally interoperable standards and best practices for identity assurance, leveraging technologies such as smart cards, RFID and biometrics. High on their agenda is the development of a draft Consumer Bill of Rights to protect personal information and safeguard against identity fraud. The CEIA will also sponsor research and educational symposia. The CEIA will operate under the aegis of the Association for Automatic Identification and Mobility (AIM Global), a global trade association representing manufacturers and vendors of identity verification technologies. Co-founders Unisys and AIM Global are joined by other organisations, including Biometric Signature ID, Computing Technology Industry Association (CompTIA), HID Global, Identity Alliance, Information Assurance Advisory Council (IAAC), Information Technology Association of America (ITAA), the Massachusetts Institute of Technology, the Ponemon Institute, University College London, the University of Canberra, the University of Texas at Dallas, and the University of Warwick. [Source]

CA – Les Canadiens peuvent apprendre à mieux gérer leur identité en ligne

C’est ce que révèle un sondage MSN Canada / Ipsos-Reid, dont les résultats sont publiés cette semaine. De plus, deux Canadiens sur dix affirment avoir élaboré avec soin une stratégie de messages et de marque personnelle alors que quatre Canadiens sur dix avouent ne pas savoir comment utiliser Internet pour se promouvoir ou promouvoir leur carrière. Le sondage conclut qu’une majorité de Canadiens croient qu’ils sont conscients de leur image dans le domaine public. Les trois quarts ont affirmé être conscients des conséquences que leurs activités en ligne peuvent avoir sur leur image, lien que les femmes (81%) sont plus susceptibles de faire que les hommes (70%). Les pseudonymes choisis pour le courriel sont en général à l’avant-plan de la représentation en ligne. Près de 80% des Canadiens qualifient ces pseudonymes de «personnels» - une variation sur leur nom, un surnom ou un trait de leur personnalité -, alors que 23% les qualifient de «professionnels», contenant leur nom ou le nom de leur lieu de travail. Enfin, près 10% ont choisi un pseudonyme lié à leur «communauté», qui reflète leurs intérêts personnels ou un passe-temps. [Source]

US – TSA Moves Forward With Transportation Worker Smart-ID Initiative

After months of delay, the U.S. Transportation Security Administration (TSA) has finally taken the first steps toward issuing new smart card identity credentials to transportation workers around the country. Earlier this week, the agency began enrolling about 6,000 port workers, longshoremen, truckers and other employees at the Texas port of Corpus Christi into its Transportation Worker Identity Credential (TWIC) program. Over the next few days, several other ports will follow suit. About 1 million transportation workers at 147 ports nationwide are expected to be enrolled into the program by the end of 2008. Workers who apply for the card are required to undergo a criminal background check before the tamperproof biometric credential can be issued to them. TWIC is being rolled out in multiple phases. The cards are being issued to the maritime sector first and will then be introduced at other transportation facilities. Also, only the biometric cards themselves are being rolled out initially. The readers for actually reading and authenticating TWIC cards won’t be in place for another two years or so at least. [Source]

UK – ID Cards Could be Delayed as PM Calls for Review into Technology

UK PM Gordon Brown has demanded a review of the technology behind the proposed new ID cards. The prime minister is understood to have expressed concern that the huge new project - the biggest since the introduction of a computerised national patients system - does not prove to be another IT fiasco. Ministers have fought in the courts and in information tribunals any move to disclose existing assessments by Whitehall of the viability of ID cards in the Gateway Reviews by the Treasury’s Office of Government Commerce. The reviews, thought to have been highly critical, were never published. [Source] See also [UK - Clegg vows to lead ID card revolt] [UK Home Office says projected cost of the identity card scheme will be £5.612bn over the next 10 years] and [Spain’s New Electronic ID Card Program Gathers Speed] See also: [Disney Responds to Canadians’ Passport Confusion]

NZ – New Zealand Public Asked for Input on Online ID Service

The Department of Internal Affairs wants New Zealanders to have their say on its cutting-edge online Identity Verification Service due to go live in 2009. The department says it wants is to gather feedback from potential users about how the new service might work and has announced a public consultation process that will run through to December 7. The Identity Verification Service (IVS) is part of the All-of-Government Authentication Programme being led by the State Services Commission and will be introduced in phases, beginning in 2009 and as existing laws permit. The Authentication Programme falls under the wider aims of the E-government Strategy. [Source]

AU – Victoria, Australia Police Abused Database Privileges

According to a report from the Commissioner for Law Enforcement Data Security, police in Victoria, Australia have misused the Law Enforcement Assistance Program (LEAP) database at least 26 times in the last year; 16 additional incidents are under investigation. The commissioner’s post was created in 2005 after growing concerns about privacy violations and abuse of the LEAP database. In several cases, files containing information about hundreds of individuals were sent to people requesting their own information. The database is slated for replacement. [Source]

WW – Facebook Rolls Out Highly Targeted Viral Ad System

After weeks of speculation, Facebook’s new ad system, has been revealed. Put simply, it’s an ad system that allows businesses to track users’ activities on the web (and on Facebook) to deliver product referrals and targeted advertising. At its core, Facebook Ads has three primary components. The first is straight forward enough – businesses are now able to create Facebook profiles. Not much of a surprise here, but there’s a twist. Along with serving as a hub for the business’ brand, the profile can also serve as the spring board for viral apps (the second component). These can manifest themselves as anything from brand-stamped casual games, or even e-commerce apps that track purchases on partner websites. The real kicker is the third component. It essentially collects the data from the first two components (keeping user info anonymous, of course) and provides it to a given business to assist in its targeted advertising objectives. For instance, a user who goes to Coke’s page and interacts with or installs its viral app (“Sprite Sips”) can pretty much expect to become a shill – inserting all sorts of branding messages and endorsements into friends’ News Feeds. [Source] Facebook said it plans to help companies target their advertisements on the site based on what its users and their friends buy and do on the Internet. As Web companies look to boost advertising revenue by offering to target ads to their users’ hobbies, interests, and behavior, Facebook’s move could change the tone of the site and revive privacy complaints it faced last year. [Source] See also: [Big Brothers, Big Facebook: Your Orwellian Community] and [50% of employers block MySpace and Facebook use] and [YouTube Canada Launches]

WW – MySpace Expands Ads Targeted to Details on User Profiles

MySpace is expanding its program for letting advertisers target their pitches using personal details on users’ profile pages. Since July, MySpace has allowed more than 50 leading advertisers to target any of 10 interest groups, such as movies, travel, and auto. In the program’s second phase, which launched yesterday, MySpace is adding an 11th category, television, along with hundreds of subcategories, such as horror movies. [Source] See also: [Wikipedia Fends Off Privacy Lawsuit]

WW – Google counters Facebook with Open Platform

Google plans has launched an open development platform for social networking site applications. The project, called OpenSocial, introduces a common application programming interface developers can use to create applications that will work on any participating social network site. Participants are reported to include Google’s social network, Orkut, business networking site LinkedIn, business software maker Salesforce.com and enterprise software company Oracle. Other social networking sites rumoured to be involved are hi5, Friendster, Plaxo and Ning. Reports say these sites have a combined 100 million users, more than double the size of Facebook. [Source] See also: [Google Unveils Cellphone Alliance]

US – New York State to Put Visa Data on Driver’s Licenses

New York state will revive the practice of putting visa expiration dates on foreign visitors’ driver’s licenses as part of a deal between the Spitzer administration and the Department of Homeland Security, an official said last week. The commissioner of the Department of Motor Vehicles discussed the change when he was asked about licenses for immigrants after a demonstration of new facial-recognition and document-scanning technology that his agency will adopt in the coming months to root out fraud in and duplication of driver’s licenses. The change follows Gov. Eliot Spitzer’s announcement last weekend that he was revising his much-criticized plan that would have allowed illegal immigrants to obtain the same licenses as citizens. The state will now move to a new three-tier driver’s license system that complies with forthcoming federal security rules. [Source]

US – No Privacy Rights In Video of Killer Whale Attack

A Denver man seeking to eliminate the public airing of video of killer whales attacking him 20 years ago at Sea World cannot expect privacy after he once licensed rights to the footage to two television programs, a judge has ruled. A U.S. District Judge wrote in a recent ruling that it was unreasonable for Jonathan E. Smith to expect that footage of the March 4, 1987, attack by two killer whales in San Diego would never be seen. “As a matter of law, Smith could not have a reasonable expectation of privacy in a video that he had previously licensed for broadcast on national television,” the judge said, rejecting Smith’s claims that once-public facts can become private again. [Source]

WW – Mitsubishi’s RFID Reader/Writer Protects Privacy, Enhances Security

Mitsubishi Electric Corp will launch a UHF band RFID reader and writer device featuring privacy protection and security modes against unwanted tag accesses in January 2008 and in March 2008. Both products support access standards formulated by EPCglobal. To protect privacy, the products feature “kill command,” which terminates an IC tag’s entire capability forever, while being equipped with a capability to limit access to memory inside tags using passwords to enhance security. [Source]

WW – IBM Sets Major Data-Security Project

IBM has announced that it is launching a “major initiative” to boost sales in the fast-growing data-security market, including $1.5 billion in spending next year on marketing and product development. The boost comes as companies and governments are growing more fearful of security breaches like the theft of credit-card information at TJX Cos. This year that compromised 94 million credit cards and cost the company more than $100 million in litigation settlements. [Source]

US – Washington DC DMV wants SmarTrip Chips in Driver’s Licenses

Privacy advocates are alarmed by a D.C. Department of Motor Vehicles initiative to embed SmarTrip computer chips inside every new D.C. driver’s license, making it easier than ever to track D.C. residents on their travels through the transit system. The DMV will spend $830,000 a year to install SmarTrip chips in all driver’s licenses and identification cards starting in October 2008. SmarTrip “is the most efficient way of paying for transit service,” according to DMV documents, and lodging the chips in about 440,000 licenses “will allow all District residents access to SmarTrip cards and encourage transit use.” SmarTrip does, however, provide Metro and the government with a system to follow users, though the agency reportedly “has no intention to track [a] person’s movements on the Metro system.” Said the director of policy and advocacy with the Privacy Rights Clearinghouse: “if you’re paying your fare with it, they’re going to have the ability to know by name who entered each Metro station at what time and who exited a Metro station at what time. That can be used by the government to track your comings and goings. It’s an absolutely awful idea.” Said EPIC “D.C. is setting up an infrastructure where the government can track you all the time.” Combining a license, smart card, credit card and ID badge into one “leaves you open to identity theft on a variety of levels. It’s just not good security.” [Source]

US – Librarians Say Surveillance Bills Lack Adequate Oversight

A little-remarked feature of pending legislation on domestic surveillance has provoked alarm among university and public librarians who say it could allow U.S. federal intelligence-gathering on library patrons without sufficient court oversight. Draft House and Senate bills would allow the U.S. government to compel any “communications service provider” to provide access to e-mails and other electronic information within the United States as part of federal surveillance of non-U.S. citizens outside the country. [Source]

US – 15,000 Want Off the U.S. Terror Watch List

More than 15,000 people have appealed to the government since February to have their names removed from the terrorist watch list that delayed their travel at U.S. airports and border crossings, the Homeland Security Department says. The complaints have created such a backlog that members of Congress are calling for a speedier appeal system that would help innocent people clear their names so they won’t fall under future suspicion. Among those who have been flagged at checkpoints: toddlers and senior citizens with the same names as suspected terrorists on the watch list. “To leave individuals in this purgatory is un-American,” says Rep. Yvette Clarke, D-N.Y., who says she’ll introduce legislation to try to streamline the process. The Homeland Security Department says it gets about 2,000 requests a month from people who want to have their names cleared. That number is so high that the department has been unable to meet its goal of resolving cases in 30 days, said a TSA spokesman. The TSA takes about 44 days to process a complaint. The list has more than 750,000 names. [Source] See also: [Canadian Privacy watchdog isn’t sold on need for no-fly list]

US – GAO: Weaknesses in Traveler Inspections Exist at U.S. Ports of Entry

GAO examined U.S. Customs and Border Protection (CBP) traveler inspection efforts, the progress made and the challenges that remain in staffing and training at ports of entry, and the progress CBP has made in developing strategic plans and performance measures for its traveler inspection program. GAO has concluded that while CBP has had some success in identifying inadmissible aliens and other violators, weaknesses in its operations increase the potential that terrorists and inadmissible travelers could enter the country. [Source] [GAO Report] [GAO Report - Executive Summary]

US – Bush Administration Plans to Extend REAL ID Deadlines for State Compliance

DHS is planning to extend deadlines to comply with national standards for tamper-proof driver’s licenses amid escalating complaints from states that the program is too costly and difficult to achieve, according to this Washington Post article. The original deadline for the states was May 2008. That deadline was extended first to 2013, but DHS is prepared to move the deadline to 2018. Eight states have approved legislation to opt out of the program, which Congress approved in 2005. The law requires all states to adopt national guidelines for licenses, including a digital photograph, signature and machine-readable bar code, according to the article. The law also requires states to verify applicants’ citizenship and cross-check applicants’ identity documents with information in other federal databases. [Source] See also: [REAL ID In Its Death Throes, Says ACLU] and [High-Tech Border Crossing Praised by Canadians]

US – Senate Committee to Consider Wiretap Bill

The Senate Judiciary Committee is planning on November 8 to consider legislation that sets rules allowing U.S. intelligence agencies to snoop on the international communications of Americans, including their telephone calls and e-mail. The bill, S. 2248, is intended to replace a hastily enacted law that granted the President authority to carry out warrantless surveillance of these communications in the name of fighting terrorism. CDT is urging Senators to amend the bill, which has already been approved by the Senate Intelligence Committee, to ensure that there is adequate judicial supervision of any surveillance affecting the rights of Americans. [CDT Policy Post 13.13: Bills Would Strengthen, Weaken Surveillance Standards] See also: [AT&T Gave Feds Access to All Web, Phone Traffic, Ex-Tech Says] and [US Judge Forces Telcos to Retain Data in NSA Spying Case] and [Book: Privacy at Risk (by Christopher Slobogin)]

--------