UK – ICO Challenges Airport Fingerprinting Plan
The
UK Information Commissioner’s Office (ICO) is wary of a plan to fingerprint all
passengers using Heathrow’s new fifth terminal, saying that it may be a
violation of the Data Protection Act. Airport operator BAA says the
fingerprinting is necessary to stop terrorists from getting into the country,
and that the fingerprint data would be destroyed within 24 hours. “It does not
include personal details nor is it cross-referenced with any other database,” a
BAA spokesman said. But ICO officials wonder why BAA doesn’t instead use “less
intrusive” photographs to ensure security, as operators do at Gatwick and
Manchester airports. [Source]
[Heathrow
Terminal 5 fingerprint plans 'illegal'] [Commissioner
tells passengers to protest at security measures] [Fingerprint
plan for Terminal 5 "temporarily delayed"] and then: [Now
BAA wants to fingerprint passengers at ALL its airports] See also: [U.S.
increases fingerprints IDs at airports]
US – New York Airport Customs Unveil 10-Fingerprint
Scan
The
Department of Homeland Security (DHS) unveiled its new 10-finger screening
process last week at New York's Kennedy International Airport. The process
requires foreign travelers entering Customs to scan their thumbs and all of
their fingers on a small white machine in order for officials to gain a better
sense of who is entering the country. Nine other major U.S. airports are
testing the 10-finger scan and it eventually could be introduced at all points
of entry. Traveler reviews of the $280 million system so far have been mixed.
British visitor David Hughes said the process was "simple," but
wondered "What do they do with all this after they've gotten it?" [Source]
UK – Beat Police Will Have Access to National Mugshot
Database
On
18 March 2008, Peter Neyroud, the chief executive of the UK National Police
Improvement Agency (NPIA), told the Commons Home Affairs Committee, during the
final evidence session of a year-long inquiry on the surveillance society, that
the police was developing a national database of mugshots to be used with face
recognition technology that would match CCTV images with offenders. A pilot
system has started with three local police forces that have gathered during the
last 18 months a database including more than 750 000 face images. About 7.7
million euro has been allocated so far on developing the technology that will be
nationally launched in 2009. Neyroud stated that he hoped to have the beat
police equipped with advanced personal organizers by 2012 London Olympics. The
systems will allow them to access local CCTV cameras, take and transmit
fingerprints and download mugshots and other details such as scars or tattoos
from the police national computer system. [Source]
[Source]
and also: [Tories
attack plans for national child database]
EU – Hustinx Unsatisfied With Biometric Deal
Peter
Hustinx, the European Data Protection Supervisor, says he is unsatisfied with a
plan to implement an EU-wide biometric border security system. Concessions to
the plan, including exemptions for children and the elderly, don’t go far
enough in protecting citizens from what he characterized as “inherent
imperfections in biometric systems.” Hustinx wants more protections built into
the plan, including increasing the age exemption from 6 years to 14, exemptions
for those with physical disabilities and provisions for a review of the program
after a period of 3 years. [Source]
[26 March Opinion] See also:
[EU
defends plans to fingerprint all European citizens] and [Data Watchdog
Questions EU's Controversial Fingerprint Plan] SEE ALSO: [Hacker
Club Publishes German Official's Fingerprint]
EU – France Holds 2007 Big Brother Awards
On
21 March 2008, Paris was the host of the French Big Brother awards ceremony for
the year 2007. For the second time President Nicolas Sarkozy was excluded from
the competition on grounds of “genetic predisposition” for attacks to personal
life and freedoms. The jury has reached the conclusion that Mr. Sarkozy’s
problem must be of genetic source and therefore he should be considered legally
“irresponsible” of his repeated acts against private life and fundamental
freedoms. The Constitutional Council received the State award for having
validated a new Sarkozy law on “safety imprisonment” which allows for
imprisonment of people considered dangerous by experts and not judges. The
award for companies was won by Taser France and Elsa for the drone prototypes
Quadri France, surveillance pieces of equipment, initially developed for the
army, used now for the surveillance of the population especially in the rural
area. Google has received the award for the lifetime menace for placing its
users from the whole world under surveillance. [2007
Big Brother Awards France]
CA – BC Commissioner: National ID Card Would Be a Dangerous
Boondoggle
David
Loukidelis writes in the Times Colonist: “The column arguing that Canadians
should be compelled to carry national ID cards mixes apples (ID theft fears)
and oranges (national ID cards) and gets it wrong. You can be sure of two things
– a national ID card would be a massively expensive boondoggle that wouldn’t
really improve security or fight ID theft, but would significantly reduce our
privacy and liberties. It’s a shame Don Johnson’s ID-theft fears caused him to
do an about-face from his admirable opposition to national ID cards as being
Orwellian. ID cards wouldn’t deal with any of the examples he mentioned. In any
case, there’s no such thing, and never will be, as a “theft-proof” or
“fraud-proof” ID card. A few years ago the Canadian government’s Maple Leaf ID
card for landed immigrants was touted as the most secure ID card possible. Very
convincing fakes could be bought on European streets weeks after its launch.
National ID cards should be resisted vigorously. They won’t protect us from ID
theft -- there are cheaper and more effective ways to do that – but they will
diminish our privacy and freedom. David Loukidelis, B.C. Information and
Privacy Commissioner.” [Source]
CA – Alberta Privacy Commissioner Slaps Teachers’
Association
The
Alberta Teachers’ Association (ATA) has been slapped by the province’s privacy
commissioner. The Office of the Information and Privacy Commissioner of Alberta
has ruled the ATA News, the newsletter put out by the union, violated the Personal
Information Protection Act when it printed the names and employers of
educators who had opted out of the association’s Code of Professional Conduct.
The list, printed in 2005, names dozens of administrative staff at school
boards who elected to withdraw from the association after changes to the Teaching
Profession Act. The ATA News argued the list was printed for journalistic
purposes, but adjudicator Teresa Cunningham noted there was no other
information to go along with explaining the list. The complainants, the people
named in the list, said the ATA News violated their privacy by identifying them
and their employers without permission. The privacy commissioner ordered the
ATA News to cease disclosing the personal information of the complainants. [Source]
CA – Ottawa Bylaw Bars City from Collecting Pawnshop
Info
Following
the lead of other Canadian cities, second-hand stores are no longer required to
gather information on sellers for the City of Ottawa. Last month, Ottawa city
council passed amendments to second-hand store bylaws in order to adhere to an
order put out by the Information Privacy Commissioner of Ontario. The
commissioner found that certain bylaws breached a municipal privacy act.
Ottawa’s bylaws pertaining to pawn shops used to require store owners to ask
for photo identification. Shop owners can still ask for this information, but
only for their own businesses purposes. The city’s motion called for “deletion
of the offending provisions” and instructed that any previous information
collected and stored by the city must be destroyed. Some Ottawa businesses say
they will continue to collect the information, regardless of what new bylaws
say. [Source]
WW – Microsoft Offers Way to Share Data With Social
Networks
In
a move to give users more control over their data, Microsoft opened up its
Windows Live platform so users may share contact lists with five
social-networking sites. Currently, users have accessed such data through
work-arounds, which leaves them vulnerable to phishing, identity fraud, and
spam, the report says. Instead of having to hand over their Windows Live
passwords, users may now be invited to other social networks, and vice versa.
"We firmly believe that we are simply stewards of customers' data and that
customers should be able to choose how they control and share their data,"
wrote director of Microsoft's Windows Live platform. [Source]
US – PA Voter Registration Web Page Shut Down Due to
Data Leak
Pennsylvania’s
Department of State has disabled a page of its voter registration website after
learning that a vulnerability exposed information entered by previous visitors.
The compromised data include names, driver’s license numbers, and in some
instances, the last four digits of people’s SSNs. The page allowed people to
enter the information necessary for voter registration and then print out a
form that could be mailed to election officials. [Source]
[Source]
UK – Citizen Self-Service Set to Save 752 Staff Hours
per Month
A
London Borough can now present customer account information through secure
online accounts enabling citizens, businesses, social landlords and other
partners to answer their own Council Tax, Business Rates and Benefits
enquiries. The Council forecasts that if just 10% of its citizens register for
an online account, and 60% of registered citizens answer at least one query
online, it will ‘free-up’ approximately 752 full-time staff hours per month.
“The online accounts we are providing will give customers instant access to
their information 24 hours per day, 7 days a week and add significant capacity
during peak periods,” says the council’s Divisional Director Financial Customer
Services. “Interactions with customers take on average eight minutes by
telephone and twenty minutes by post which is an extremely time consuming and
costly method of communicating with customers. If we can switch just a small
proportion of this communication online we will make considerable time savings
freeing-up staff to focus on other more complex queries.” Registration for an
online account meets the required security standards to ensure customer
information remains confidential. [Source]
CA – Canadian Univ. Faculty Unhappy with Decision to
Use Google Apps
The
faculty association of Lakehead University in Thunder Bay, Ontario, has filed a
grievance against the university administration for using Google Apps to
replace the old and faltering computer system. Although the move saved the
university money (the tools are free), because the data are held in the US,
they are subject to US laws, which are at odds with Canadian privacy laws. Any
data hosted on US servers are deemed searchable by authorities under the US
Patriot Act. Canadian law guarantees individuals the right to privacy of
their information and to inform them when the information is shared. The
faculty was told not to transmit private data over the system. [Source]
[12 minute
Out-Law podcast]
UK – Blunders Prompt More Care Of Data
Eight
out of ten people are taking greater care to protect personal information
following recent data loss blunders, according to a survey. The poll for the
Information Commissioner’s Office (ICO) found that three-quarters were more
worried than ever over access to personal data. And 70% said they felt
powerless over how organisations kept an eye on data. The survey comes after
the government lost computer discs containing the entire child benefit
database. The ICO poll of 1,000 people found that 53% of those asked no longer
had confidence in the way banks, local authorities and government departments
handled personal information. [Source]
[UK
government not trusted with personal data]
US – Virtual Vaults to be Sold by Wells Fargo
Wells
Fargo & Co. plans to roll out an online vault service, vSafe, this summer.
Called vSafe, the service aims to provide an online alternative to the safe
deposit box, where customers can store digital versions of their most important
files. Monthly fees will range from $4.95-$14.95 per month for the storage, and
the company says that all vSafe documents will be encrypted in the same manner
the bank deploys to protect other Internet accounts. [Source]
UK – NHS Bosses Admit New Catalogue of Data Security
Breaches
NHS
organisations have admitted a catalogue of security breaches involving scores
of confidential patient records over the past year, in new documents uncovered.
The incidents have been reported as part of the Department of Health's review
of security arrangements, following the loss of data on hundreds of thousands
of patients from nine NHS trusts in January. Dossiers compiled by SHAs reveal a
raft of flaws in NHS data security, with 58 reported incidents involving the
loss of hundreds of patient records on memory sticks, stolen lap-tops, lost in
the post, faxed to the wrong place or simply found dumped in the bin. A new
journal investigation earlier this year showed serious weaknesses in controls
over access to patient data, with more than 4,000 NHS smartcards missing and
one in 10 trusts admitting they had no idea how many cards had been lost or
stolen. Strategic authorities are currently reviewing their procedures and some
have promised to publish all their security breaches in the future to boost
data security [Source]
WW – Merger Builds Momentum for EHRs
This
week’s merger of UK-based Misys PLC with Chicago-based Allscripts will create a
single company that provides electronic health record (EHR) services to about a
third of the U.S. market, building momentum for the push toward an EHR standard
in the $20 billion market. “Our aim is to create the Microsoft Office for
health care, to develop a standard all doctors can rely on,” Allscripts CEO
Glen Tullman told Time magazine. Microsoft and Google have both recently
announced plans to create their own EHR systems. [Source]
See also: [Electronic
medical records established in Sask. offices] [Chronic
Condition Web Site Raises Safety, Privacy Concerns]
WW – USB Password Sniffer Device Unveiled
Building
off recent research that showed how to extract encryption keys from a
computer’s memory, a penetration testing company has unveiled a tool that
sniffs out passwords, documents, and other sensitive data in a matter of
minutes. DaisyDukes is a memory sniffer that resides on a USB device. A
researcher can plug it into an unattended machine that is turned on but has
been locked and reboot the machine off a compact operating system contained on
the drive. Depending on the user’s needs, it can be configured to capture the
entire contents of a computer’s memory, or sniff out only certain types of data
- say a password to access the company network or unlock a user’s private
encryption key. It turns out both Windows and Linux retain “boatloads and
boatloads” of passwords in memory, said the penetration-testing firm that
developed the tool. It’s already been able to isolate passwords for
Thunderbird, AOL Instant Messenger, GPG, SSH, Outlook, Putty and TrueCrypt,
among others, and with additional research they believe they can find many
more. [Source]
EU – Germany’s Top Court Says Part of Data Retention
Law is Unconstitutional
Germany’s
highest court on March 19 blocked parts of a sweeping data-collection law that
had prompted large protests by civil liberties. Germany’s constitutional court
severely curbed parts of a wide-reaching and highly controversial data
collection law that requires telecom companies to store telephone and Internet
data for up to six months. The law, which went into effect in January to
fulfill an EU directive, gave the federal government broad access to data
including e-mail addresses, length of call and numbers dialed and in the case
of mobile phones, the location calls are made from. [Source] [Source]
[Source]
[Source]
[Germany’s
New Right to Online Privacy] See also: [EU
Commissioner: ‘The Problem is not Data Storage, It’s Terrorism’] [Deutsche Welle]
[Press
Release - German Constitutional Court on Data Retention case] [Germany’s Top
Court Curtails Disputed Data Storage Law] [Data
retention in Germany partly suspended by Constitutional Court] [EDRI-gram:
German constitutional challenge on Data Retention]
UK – National Security Strategy Falls Short on Cyber
Security
Security
companies are voicing their disappointment with British Prime Minister Gordon
Brown’s National Security Strategy for failing to adequately address the risk
of cyber attacks. Despite the fact that the plan notes that cyber attacks, from
both foreign states and terrorists, are on the rise, the plan offers no
concrete strategy to mitigate the risks. Some have pointed out that the
absorption of the National Hi-Tech Crime Unit (NHTCU) into the Serious
Organized Crime Agency (SOCA) leaves inadequate resources to address cyber
crime. Many would like to see the creation of an agency to address cyber crime
as well as laws mandating data breach disclosure. [Source]
[Source]
[Source]
[Source]
UK – Information Commissioner to Focus on Reducing
Risk, Not Enforcement
The
Information Commissioner’s Office (ICO) has said that its aim is to protect
people from the risks associated with abuses of their personal data rather than
strictly enforce the law. It has announced its broad aims in a new strategy
document. The document will guide its activities overall, prioritising the use
of its resources which it said were not sufficient to do everything it could in
the data protection arena. “Being a strategic regulator means that, in so far
as we have a choice, we have to be selective with our interventions,” said the
strategy document. “We will therefore apply our limited resources in ways that
deliver the maximum return in terms of a sustained reduction in data protection
risk. That is the risk of harm through improper use of personal information.”
The ICO identified a number of areas in which it will concentrate its
attentions. These include fighting the unlawful trade in personal information,
battling the increasing surveillance of UK residents, monitoring increasing
information sharing between organisations and undertaking data protection
supervision.[Source] [ICO
Strategy document] See also: [UK
Info Commissioner Blasts NHS Trust as "Clearly Inadequate”]
EU – EU Bankrolls PrimeLife Privacy Project
The
European Union is to invest €10m in a project to develop open source privacy
tools so that European citizens can safeguard personal information at online
communities like Facebook. The long-term aim of the PrimeLife project is to
provide tools which can manage an individual's private data throughout their
lifetime of online activity. PrimeLife is being coordinated by IBM's research
laboratory in Zurich and has 14 other partners, including industry bodies such
as the World Wide Web Consortium's Pling, Liberty Alliance, ISO/IEC JTC 1 and
the International Telecommunication Union. [Source]
EU – Article 29 Working
Party Holds Online Consultation on Children’s Privacy
Article 29 Working Party – consultation on working
document 147 on the protection of children's personal data (general
guidelines and the special case of schools)
This working document is concerned with the protection of information
about children. It is aimed primarily at those who handle children’s personal
data. In the context of schools, this will include teachers and school
authorities in particular. It is also aimed at national data protection
supervisory authorities, who are responsible for monitoring the processing of
such data. The Commission identified children's rights as one of its main
priorities in its Communication on Strategic Objectives 2005-2009: “A
particular priority must be effective protection of the rights of children,
both against economic exploitation and all forms of abuse". This document,
and the comments received on it, will be further examined in the light of the
mainstreaming principle, as described in the European Commission's
Communication “Towards an EU strategy on the Rights of the Child”. The Article 29 Working Party invites the
general public to comment on this Working Document WP 147 and to this end it
has launched this public consultation until June 30th, 2008. [Source]
WW – Council of Europe
Thinks Hard About Internet Filtering
The Council of Europe has issued guidelines for
using internet filters, under three categories.
I.
Using
and controlling Internet filters in order to fully exercise and enjoy the right
to freedom of expression and information;
II.
Appropriate
filtering for children and young people
III.
Use
and application of Internet filters by the public and private sector
US – SEC to Better Protect Investors’ Privacy
The
Securities and Exchange Commission (SEC) intends to better protect investors
from privacy breaches by beefing up Regulation S-P rules. The proposed new
guidelines call for data breach notifications requirements, broadening the
safeguards rule, and will align SEC privacy guidelines more closely with those
of other federal agencies. The SEC will accept comments on the proposed changes
until mid-May. [Source]
[Proposed Rule
for comment by May 12] See also: [How the Patriot Act Caught Spitzer]
CA – Federal Departments Overwhelmed by Access
Requests
The
federal Access to Information process appears to be in crisis as the rising
number of requests, along with the pressure of the Harper government’s promises
of increased transparency, are not being met with additional funding and
resources, a new government report indicates. The assessment, based on focus
groups with ATIP employees, reveals that one department is so overwhelmed that
it automatically implements one-year extensions for every request it receives
“regardless of the pressure” and the Access to Information and Privacy
Act’s target of 30-day responses. It says government employees who process
access requests are facing “some significant challenges” reflecting the
priority being placed on increased accountability and transparency by the
Harper government, but resources “have yet to be put in place to match this
increased priority and focus.” A Treasury Board spokesman said that it is
premature to comment on the report, which is only Phase 1 of a larger project
examining the government’s access community. The $52,000 project, which is
being conducted by the Strategic Counsel, is completing an online survey of
ATIP employees this month and the result will make up the main part of the
final report. [Source]
[Source]
[Coverage]
US – Genetic Testing Opens Privacy Pandora’s Box
With
a growing number of options available for individuals seeking to understand
more about their genetic makeup and the possible healthcare implications, new
challenges are arising over the use and protection of such data. The L.A. Times
reports that the healthcare industry may not be prepared to deal with the
complex issues that come with genetic testing, such as who should have access
to the information, and how precisely can future health issues be predicted
using the information. The article quotes Dr. Maren Scheuner of the Journal of
the American Medical Association, who said, “This is such an exciting time
right now [but] lots of different things will need to change as we adopt this
new information and technology.” [Source]
See also: [Maryland
House OKs bill for DNA extraction from suspects]
US – Healthcare Orgs Examine Patients’ Ability to Pay
- Credit Checks
In
a trend that has some people concerned, more and more hospitals are looking
into the credit records of their patients to gauge ability to pay. Hospital
administrators say the credit checks are to determine which individuals are
worth pursuing in the event of unpaid medical bills; but in a Wall Street
Journal article Mark Rukavina, executive director of the Access Project, warns
that the information might be used to pressure patients into receiving care
they cannot afford by accessing lines of credit that may charge high interest.
[Wall
Street Journal] See also: [As
More Health Records Move Online, Privacy Concerns Grow]
WW – Privacy Breach: Russians Exposed on Internet
Millions
of Russians and other CIS citizens have had their private details placed on the
internet, in what many say is a massive breach of human rights. It's not clear
who's behind the internet site, as the authors have carefully hidden their
identity. The site is registered to an apparent false name in California and
the server is located in the U.S. city of Saint-Lewis. For many years secret
databases from the Interior Ministry, road police and phone operators have been
available on the Russian black market. Making such data public is considered to
be a major violation of human rights says Eelena Lukyanova, a law expert.
"Those whose rights were violated can go to the prosecuters office. There
the authorities will have to make inquires and open a criminal case," she
explained. Experts are pessimistic about the prospects of punishing the site
owners. "Today there are no international documents that could help solve
this situation. The site is in COM, not RU registration zone. And hardly
anything could be done," Leyla Neyman, a media lawyer, said. Aleksey
Sabanov, an information security expert, says that there are many similar
cases. "We now observe a well organised trade of these databases. One of
the main questions is accuracy of the information sold," he said. [Source]
US – National Institutes of Health Laptop Stolen
A
U.S. government laptop computer containing sensitive medical information on
2,500 patients enrolled in a National Institutes of Health study was stolen in
February, potentially exposing seven years’ worth of clinical trial data,
including names, medical diagnoses and details of the patients’ heart scans.
The information was not encrypted, in violation of the government’s
data-security policy. [Source]
US – Stolen PC Had Agilent Workers’ Personal Data
A
laptop containing sensitive and unencrypted personal data on 51,000 current and
former employees of Agilent Technologies was stolen from the car of an Agilent
vendor. The data includes employee names, SSNs, home addresses, and details of
stock options and other stock-related awards. [SiliconValley.com] See
also: [Medical records sold as scrap paper]
and [Toronto Kids’ data exposed]
WW – OECD Report: ‘‘Personhood’’ and Digital Identity
in the Information Society
A
new OECD paper on digital identity argues that law and technology must be
crafted to respect certain “Properties of Identity” in identity management
(IDM) in order for the information society to be free and open. Respect for the
Properties of Identity is necessary for data protection; data protection is
necessary for accountability; and accountability is necessary for trust. To
show some threats that may arise if a sufficiently protective framework for
identity information is not in place, the section on “Data Protection in the
IDM-Enabled Ubiquitous Information Environment” tells a story. Here the paper
looks at emergent information and communication technologies (ICT) and
postulates that IDM promises to be a unifying component. With IDM all-pervading,
data protection will prove vital. The paper then addresses “Data Protection and
User Control”. Here it suggests that IDM systems must be built with fair
information practices in mind. [OECD Source]
AU – Jail Time for Identity Cheats
The
Australian Standing Committee of Attorneys-General has been told that proposed
new offences for identity crimes are needed to fill “gaps” in existing federal
and state laws and should carry jail terms of up to 5 years. A report by the
SCAG’s model criminal law officers’ committee also recommends establishing a
means of assisting victims to repair the damage done to their finances, credit
rating, or reputation. [Australian
IT]
US – Administration Signals Possible Compromise on
Real ID
The
Bush Administration may have signaled a possible compromise with states that
have objected to the implementation of national driver’s license standards as
described in the Real ID Act. By granting an extension to Montana, one
of many states that have voiced objections to the federal government’s plan,
the Department of Homeland Security has, in effect, deferred final decision on
Real ID’s implementation to the next administration. [Source]
See also: [New
Hampshire Joins Montana in Real ID Victory] [Maine continues to fight
Real ID] and [California
May Rebel Against Real ID - Says its not committed] and [Tennessee
Senator seeing chance to nix Real ID Act] and: [DHS:
Setting the Record Straight on REAL ID – Part II Privacy]
WW – Declaration on Protecting the Security &
Privacy of Children on the Internet
(Council
of Europe) The traceability of children’s activities on the internet may expose
them to criminal activities (for example the solicitation or “grooming” of
children for sexual purposes, discrimination, bullying, stalking and other
forms of harassment). Children need to be informed about the enduring presence
of, and the risks associated with, the content they create on the internet. The
right to privacy and the secrecy of correspondence is not respected on the
internet. The profiling of information and the retention of personal data
regarding children’s activities can be used for commercial purposes. The
Committee of Ministers asks member states to work together to explore the
feasibility of removing or deleting such content and its traces within a
reasonably short period of time. [Declaration]
[Source]
See also: [EU
Art 29 WP Working Document 1/2008 on the protection of children’s personal data
Feb 2008]
UK – Government to Create Child Internet Safety
Council
The
UK Government has said that it will establish a Council for Child Internet
Safety and start to apply to computer games the age restrictions used to
classify films. It follows a report that also addresses liability for
user-generated content. The measures are just some of the recommendations of a
report by child psychologist and television personality Dr Tanya Byron which
was commissioned by the Government. [Source]
[The report
[PDF] See also [Data protection of
children: ensuring consent as children mature]
WW – OECD
Report Measuring Security and Trust in the Online Environment
Official data on security and trust in
the online environment show that despite a growing awareness of security
problems and a corresponding growth in security measures taken, security
incidents are still widespread and are not abating. Furthermore, with more
intensive use of the Internet, security problems are increasing as are the
measures taken to counter them. Fraud with credit or debit cards is a serious
barrier to engaging in e-commerce, but current indications are this affects
only a relatively small proportion of online users although, of course, it can
be serious for the victims. A non-exhaustive inventory of sources showed that
there are not many data sources on security and trust in relation to
e-government. One of the problem areas in measuring e-government is at what
level of government the measurement should be done. The data shown in this
paper confirm that this is a real challenge, with large differences observed
for the different levels of government. [Source]
WW – OECD Report: Measuring User-Created Content
User-Created
Content: What is it and why we should measure it? According to Time, In 2006,
the World Wide Web became a tool for bringing together the small contributions
of millions of people and making them matter. This phenomenon has also been
broadly referred to as Web 2.0 and the participative web. What is User-Created
Content (UCC)? UCC includes various forms of written, audio, visual and
combined media created by Internet users. UCC, also referred to as
User-Generated Content is defined by Wikipedia, itself a source of UCC, as
on-line content that is produced by users of websites as opposed to traditional
media producers such as broadcasters and production companies. It reflects the
democratisation of media production through new technologies that are
accessible and affordable. These include digital video, blogging, podcasting,
mobile phone photography and, of course, wikis. Prominent examples of websites
based on User-Generated Content include Flickr, Friends Reunited, eBay,
indymedia, FourDocs, YouTube and Wikipedia. The advent of User-Generated Content
marks a shift among media organisations from creating online content to
creating the facilities and framework for nonmedia professionals (i.e. ordinary
people) to publish their own content in prominent places. [Source]
US – Spy-in-the-sky Drone Sets Sights on Miami
Miami
police could soon be the first in the United States to use cutting-edge,
spy-in-the-sky technology to beef up their fight against crime. A small pilotless
drone manufactured by Honeywell International, capable of hovering and
“staring” using electro-optic or infrared sensors, is expected to make its
debut soon in the skies over the Florida Everglades. If use of the drone wins
Federal Aviation Administration approval after tests, the Miami-Dade Police
Department will start flying the 14-pound drone over urban areas with an eye
toward full-fledged employment in crime fighting. “Our intentions are to use it
only in tactical situations as an extra set of eyes,” said police department
spokesman [Source].
AU – Australian Citizens Turn Cyber Cops
Tech-savvy
NSW citizens will be invited to send photo and video footage of crime directly
to police over the Internet in the biggest assault on terrorists and other
lawbreakers in decades. The dob-in-a-criminal scheme will be conducted on an
unprecedented scale using new technologies and a specially dedicated police Web
site. [Australian
IT]
WW – Hackers Target Facebook Applications
Hackers
have turned their attention to Facebook’s hundreds of independent applications.
The results are not terribly surprising, but do not tell a good tale: app
developers don’t seem to know a thing about basic security, and are putting
private user information at risk. As a result, malicious hackers are able to
access and change what should be private user data managed by the application
providers. [Source]
[Source]
See also: [The next
Facebook Privacy Scandal] and [Privacy Protection for Social
Networking APIs]
WW – Vancouver Man Exposes Facebook Security Breach
The
online social networking site Facebook says it has fixed a security loophole
discovered by a Vancouver computer technician that allowed people to look at
the private photos of users. The news follows Facebook’s announcement last week
that it was implementing tougher measures to allow members to restrict access
to their personal profiles. But a Vancouver computer technician looking for
flaws was able to use computer coding to pull up private pictures of Facebook
members and their friends. The private photos included those of Paris Hilton at
the Emmy awards and of her brother Nicholas drinking a beer with friends. A
reporter from the Associated Press was also able to use Ng’s template to access
the personal and private photos of random Facebook users, including a personal
photo album of Facebook co-founder Mark Zuckerberg posted in November 2005.
After being alerted Monday afternoon, a Facebook spokeswoman said the company
would look into the problem. By late Monday, Facebook said they closed the
security hole. [Source] [Facebook
adds privacy controls, plans chat feature] See also: [Royal pardon frees Moroccan
Facebook user]
CA – A flaw in Facebook’s New Privacy Controls
This
week, Facebook launched new privacy control upgrades and, for the most part,
the news reports have been positive. But are these new upgrades a real
improvement over past control settings? Chris Soghoian at Surveill@nce St@te
points out a critical flaw in the new control settings, noting that Facebook
claims its new privacy settings allow certain users to select which type of
strangers can view their profiles. For instance, an undergrad student at an
American university can specify that her profile can only be seen by other
undergrads and grad students, but not faculty or administration. While it
sounds like a great idea, Soghoian points out that Facebook has no way of
verifying one’s university status: [Source]
See also: [UK: Children’s group demands
employer Facebook ban]
WW – Compendium of Behavioral Targeting ‘Sensitive’
Definitions
CDT
has released a compendium of definitions for those grappling with the question
of what information should be considered “sensitive” in the online behavioral
targeting context. Culled from an array of statutes, self-regulatory guidelines
and policy proposals, the definitions address information about individuals
that has been granted some measure of special treatment. Use of sensitive data
is a key issue in the FTC’s proposed self-regulatory principles released in
December 2007. The compendium was developed in consultation with CDT’s Internet
Privacy Working Group. [CDT Compendium
of Definitions, March 24, 2008] [FTC Self-Regulatory
Principles] See also: [Major
Privacy Battle Looms Over Behavioral Targeting] and [Phorm
Promises the Deepest Data Mining Yet], [UK: The
Guardian ditches Phorm] and [Why
is Facebook so boring?]
US – Proposal Would Curb Web Tracking for
Advertisements
After
reading about how Internet companies like Google, Microsoft and Yahoo collect
information about people online and use it for targeted advertising, one New
York assemblyman said there ought to be a law. A bill gathering support in
Albany would make it a crime - punishable by a fine to be determined - for
certain Web companies to use personal information about consumers for
advertising without their consent. [Source]
[A
Push to Limit the Tracking of Web Surfers' Clicks] See also: [Web
2.0 – it may be social, but is it profitable?] See also: [New YouTube service tells posters who’s
watching]
WW – Google revamps their Privacy Center
Extract: “... today we're announcing a revamp of our
Privacy Center. The new Center is a one-stop shop for privacy resources, with
various multi-media formats aimed to help you further understand how we store
and use data, how to control who you share your data with, and how we protect
your privacy. We hope this new Center will help you make more informed privacy
choices whenever you use Google products and services. [Source]
[Utube Google Privacy Channel]
[Google Privacy Center]
US – 51-Month Sentence for Stealing Data Through
Limewire
Gregory
Kopiloff has been sentenced to 51 months in prison for stealing personally
identifiable information of 50 people through P2P (peer-to-peer) filesharing
programs. Kopiloff pleaded guilty to mail fraud, computer hacking, and
aggravated identity theft. Kopiloff accessed tax returns, credit reports, bank
statements and other financial documents through the Limewire filesharing
program. He then obtained credit cards with the information and ran up US
$76,000 in fraudulent charges. Kopiloff will be on probation for three years
following his release and was also ordered to pay compensation. [Source]
US – JuicyCampus.com Under Scrutiny
The
Web site with the tagline “Always Anonymous. Always Juicy.” finds itself on the
radar of New Jersey prosecutors, who subpoenaed JuicyCampus.com company records
after receiving complaints from alleged victims of malicious gossip. The site,
currently active on more than 50 college campuses, is a clearinghouse for
“posts” from students. “There is an unbelievable amount of offensive material
posted and absolutely no enforcement,” said New Jersey Attorney General Anne
Milgram in an Associated Press report. The subpoena cites concerns about
“unconscionable commercial practices.” [Source]
UK – Survey Says UK Citizens More Privacy-Savvy
A
new survey from the Office of the Information Commissioner (ICO) found that the
majority of citizens are concerned about their personal information, and
they’re doing something about it, says a Digital Trends report. 88% of
respondents stated they now check their bank statements on a more regular basis
and eight-five percent avoid divulging personal details whenever possible.
Other results suggested low consumer confidence related to how banks,
government departments and other organisations handle personal data. “If
organisations fail to recognize the importance of data protection they not only
risk losing business, they could also face action from the ICO,” said ICO
Deputy Commissioner David Smith. [Source]
[ICO
Press Release] [ICO
Study]
AU – Aussie Privacy Commissioner Rules on Three Cases
Australia’s
Office of the Privacy Commissioner ruled on three recent privacy cases
involving retail, healthcare and telecommunications. In the cases: The
Commission found that a ticket agency’s receipt, which included some personal
and credit card data, did not constitute a privacy violation. A manager with a
transportation company disclosed to employees that another employee had failed
a medical test, but had not provided enough information to identify the
employee, causing the Commission to find that while no privacy violation had
taken place, better policies and training were needed. And a telecommunications
company was found to have violated a customer’s privacy by publishing a fax
number and address after an upgrade from which the customer had previously paid
to remain unlisted. [Source]
PH – Philippines Survey: 94% Favor Mandatory Breach
Reporting
Local
organizations want the breach of information systems and theft of personal
information reported, a survey conducted by the Cyberspace Policy Center for
Asia Pacific showed. "A surprising 94% favored the imposition by law of an
obligation upon businesses to report a breach of security of information
systems or theft or personal information," The survey was presented to a
technical working group created by the Commission on Information and
Communications Technology to help Congress draft a data privacy bill. The
survey included a sample of 70 respondents representing four industry
organizations. [Source]
WW – Data Privacy Poses
Obstacle to E-Commerce Development
More than 100 representatives from state management
agencies and e-commerce use and supply companies in HCM City gathered yesterday
to attend the seminar "The APEC Privacy Trustmark Programme: an effective
measure to enhance the prestige of Vietnamese e-commerce merchants". At
the one – day event, leading US and Vietnamese experts gave presentations on
the necessity of privacy protection in e-commerce activities, information on US
companies’ experiences in data privacy protection, and measures to implement
data privacy protection in Viet Nam. [Source]
US – Clinton, McCain, Obama Passport Files Breached
What
began as an inquiry into three separate data breaches of Barack Obama’s
passport file, has turned into a widespread investigation at the State
Department, involving information on Hillary Rodham Clinton and John McCain, as
well. A New York Times report says that files containing personal information
on all three of the presidential candidates were accessed by contract employees
who were not authorized to view the files. The breaches were discovered during
State Department automated computer checks, which alert officials to the
viewing of certain high-profile records. Two of the employees were fired before
senior department officials learned of the breaches. The third employee was
disciplined. [Source]
[Rice
Apologizes for Breach of Passport Data] See also: [What
exactly is in those records?] and [What
Private Data? ] Update: [More Passport
Reviews at State Dept]
US – What Keeps College Administrators Up at Night
An
Educause survey of more than 500 college and universities shows that security
and privacy are the top technology-related concerns for the schools. The
results come on the heels of a Harvard Graduate School data breach which
exposed the personal information, including addresses and SSNs, of 10,000
applicants. “Data security incidents have been epidemic in the last two to
three years and not just at colleges and universities,” says Educause Security
Task Force Coordinator Rodney Petersen. [Source]
US – Google Pushes U.S. Privacy Law Agenda
Search
engine and online advertising giant Google is pushing an aggressive consumer
privacy agenda on Capitol Hill. The company led a group of organizations in
pushing for new privacy legislation in Congress as well as committed to working
with the FTC on further development of that agency’s online advertising
guidelines, which will be finalized later this year. [Source]
US – FTC Reaches Settlements with TJX, Reed Elsevier
and Seisint
The
FTC says it has reached a settlement with TJX regarding the data breach that
exposed millions of customer records resulting in significant payment card
fraud. According to an FTC statement, TJX did not have basic data protection
mechanisms, such as firewalls and wireless security, in place, and it had not
kept its software patching and anti-virus signatures up to date. The terms of
the settlement demand that TJX develop a “comprehensive security program
reasonably designed to protect the security, confidentiality, and integrity of
personal information it collects from or about consumers.” The program will be
audited by a third-party every two years for the next 20 years. The settlement
does not impose any fines on TJX. The FTC also reached settlements with data
brokers Reed Elsevier and Seisint. [Source]
[Source]
[Source] [Source]
US – Helicopter Flyover Violated Privacy, Vt. Supreme
Court Finds
The
Vermont Supreme Court held Friday that "Vermont citizens have a
constitutional right to privacy that ascends into the airspace above their
homes and property," overturning the conviction of a Goshen man on
marijuana charges. The court ruled 4-1 that the aerial surveillance of Stephen
Bryant's land constituted a search under Article 11 of the Vermont Constitution
and, as such, required a warrant. [Source]
US – IAPP Recognizes UK Info Commissioner With 2008
Privacy Leadership Award
Information
Commissioner Richard Thomas today received the International Association of
Privacy Professionals' 2008 Privacy Leadership Award for his ongoing commitment
to raising the public profile of privacy and data protection issues. Thomas
accepted the award at the IAPP's Privacy Summit in Washington, D.C., where more
than 1,000 global privacy professionals have convened for three days of
education, networking and certification. [Source]
US – Washington Approves RFID Anti-Spying Law
Washington
Governor Chris Gregoir has signed a bill making it a Class C felony to use RFID
technology to spy on someone. The bill was signed about a week after the
Washington State Senate unanimously passed Bill 1031, which makes it a crime to
intentionally scan people’s identification remotely without their knowledge and
consent, for the purpose of fraud, identity theft, or some other illegal
purpose. The bill specifically cites RFID and facial recognition technology.
Violators face a prison sentence of up to 10 years. In addition, if the
illegally gathered data is used in a separate crime, up to 10 years could be
added to whatever sentence they receive for the second crime. State Rep. Jeff
Morris, who sponsored the bill, noted that Washington state began using
so-called Enhanced Driver Licenses this winter. The new licenses use RFID tags
and can be used at the Canadian border crossing instead of a passport. In light
of these new ID cards and the growing number of RFID-based customer loyalty
cards and company ID cards, Morris said it was time for a law that protects
people’s privacy. The law, which goes into in July, focuses on skimming or
lifting information from RFID tags without the knowledge of the owner. A
person, for instance, could sit in a crowded outdoor cafe and surreptitiously
use an RFID reader to pick up information from any number of RFID-based cards
in the area. Morris said the bill that was passed this week is a watered-down
version of what he started with. Now that this law is in place, he said he
wants to focus on companies putting RFID tags in customer loyalty cards or
other forms of customer identification without the person’s knowledge. [Source][Source] [House
Bill 1031] [RFID
Law Commentary] SEE ALSO: [New
Hampshire Passes HB 686 - Extra Privacy Protection On Retail Tracking Devices]
US – Department of Energy Inspector General’s Report
Finds Security Still an Issue
According
to a report from the US Energy Department’s Office of the Inspector General,
DOE has experienced 60 security incidents on its public servers over the last
three years. The national laboratories, managed by DOE, that handle nuclear
weapons and nuclear waste are subject to the same rules as the the government
department faces. One of the attacks redirected people visiting the Brookhaven
National Laboratory web site’s home page to pornographic web pages instead. In
eight instances, personally identifiable information was compromised. Some
sites do not comply with web server security standards from the National
Institute of Standards and Technology (NIST). [Source]
WW – IT Security Out of Sync With Market Needs
InfoWorld
reports that, while the information technology security market continues to
mature, it remains out of sync with the needs of the business activities most
in need of ITSec capabilities, according to new research by PriceWaterhouseCoopers
and IDG publications CSO and CIO. The 5th annual Global State of Information
Security report, presented at the CSO Perspectives Conference in Atlanta last
week, says that the chief reasons for security product developers’ failure to meet
expectations is a lack of communication between developers and the market. [Source]
WW – Loss of Personal Data on Rise
Despite
the public outcry over identity theft, the loss of personal information still
appears to be on the rise. Experts say the number of reported “breaches,” where
sensitive personal data such as credit card numbers or financial information is
lost or stolen, increased more than 40% last year. [SiliconValley.com] See
also: [Nearly
3 in 10 Brits have fallen victim to identity theft within last 3 years]
and: and [Canadians
very vulnerable to identity theft, survey shows] [Survey:
Most in the dark about ID theft seriousness] and [Australia
Govt to release report on identity theft] and [Former
Feds Launch Service To Fight ID Theft], [Paying
for ID Theft Protection Is Not Necessary] and [2008 Javelin Identity
Fraud Survey Report Excerpts for Card Issuers: Identity Fraud Continues to
Decline, But Criminals More Effective]
US – Chertoff Addresses Passenger Name Records
Speaking
to members of the EU parliament in Brussels, U.S. Homeland Security Chief
Michael Chertoff asserted that collecting passenger name record (PNR) data does
not invade the privacy of airline passengers. Members have been at odds over
the PNR issue since U.S.-EU administrations signed the PNR deal last year
without involving the parliaments of either side. Some say the transfer of PNR
data does not offer an adequate level of data protection, but Chertoff said the
information “allows governments to focus on high-risk individuals,” says a
report on TheParliament.com. [Source]
EU – Italian DPA: It’s Illegal to Spy On P2P Users
The
Italian Data Protection Authority (Garante per la Protezione dei Dati
Personali) issued a press release on 13 March 2008, explaining that the private
companies can’t systematically monitor the activities of peer-to-peer (P2P)
users that share files on the Internet, for the purpose of identifying and
suing them. The decision was taken on 28 February 2008 in a very controversial
case. [Source]
[Case
Peppermint: illegal spying on users who exchange music files and games] [Peppermint, the Garante
protects the P2P users] and see also: [Italian
File-Sharers Let Off The Hook] [The
Rome Civil Tribunal rejects the appeals presented by Peppermint and Techland]
US – Indiana Medical Researchers Tracks 160 Teen Girls
24/7 With GPS
Researchers
at Indiana University's school of medicine plan to use cellphones to track the
movements of 160 14- to 16-year-old girls over the course of a year in an
effort to better understand the connection between specific locations and bad
behaviour. "If we know there's an area of town where an adolescent girl is
more likely to engage in some sort of risky behaviour, then we could
potentially program those phones to deliver an intervention." The study,
which will take place in Indianapolis, is scheduled to wrap up in 2010. It will
compare the girls' geographic location with their reported activities, such as
smoking and having sex. [Source]
US – ACLU Calls on NYC to Do More to Protect New
Yorkers' Personal Privacy
The
New York Civil Liberties Union has asked the city to consider the impact the
proposed congestion pricing plan would have on New Yorkers’ privacy. While the
NYCLU takes no position on congestion pricing as a concept and does not oppose
the goals of reducing traffic and pollution, the proposed congestion pricing
plan requires the installation of thousands of surveillance cameras across
Manhattan. The video cameras would read, and record in a database, the license
plates of every vehicle entering the zone to ensure payment is made for
entering the restricted area. Through the operation of this video
infrastructure, the city would compile a massive database that includes
information regarding the movement of hundreds of thousands of identified
individuals. In testimony presented to the City Council State and Federal
Legislation Committee, NYCLU Executive Director Donna Lieberman commended the
New York City Traffic Congestion Mitigation Commission for acknowledging that
the tracking of license plates has privacy implications and setting certain
procedures that will protect New Yorkers’ personal privacy during the
implementation of a congestion pricing plan. However, a reasonable congestion
pricing scheme must include explicit, concrete privacy protections or else the
Commission’s asserted commitment to protect personal privacy “may be rendered
meaningless.” [Source]
CA – Anti-Telemarketing Site Draws Thousands of
Registrants
A
new website that allows Canadians to eliminate calls from telemarketers has
already received thousands of registrations, according to its founder,
University of Ottawa professor Michael Geist. The site, ioptout.ca, launched last Thursday afternoon and
is on pace for 10,000 registrations in its first week, he told CBCNews.ca. [Source]
US – Comcast Cameras to Start Watching You?
At
a recent conference, Gerard
Kunkel, Comcast’s senior VP of user experience, told me the cable company is
experimenting with different camera technologies built into devices so it can
know who’s in your living room. The idea being that if you turn on your cable
box, it recognizes you and pulls up shows already in your profile or makes
recommendations. If parents are watching TV with their children, for example,
parental controls could appear to block certain content from appearing on the
screen. Kunkel also said this type of monitoring is the holy grail because it
could help serve up specifically tailored ads. Kunkel said the system wouldn’t
be based on facial recognition, so there wouldn’t be a picture of you on file.
Instead, it would distinguish between different members of your household by
recognizing body forms. He stressed that the system is still in the
experimental phase, that there hasn’t been consumer testing, and that any
rollout must add value to the viewing experience beyond serving ads. [Source]
See follow up: [Companies
Try To Cover-Up Move To Watch Consumers Via TV's]
US – Two DHS Privacy Reports Now Available
The
U.S. Department of Homeland Security has recently added two reports to its web
site. As described on their site: Privacy
Technology Implementation Guide (PTIG), August 2007 (PDF, 36 pages - 358
KB) The Privacy Office developed a new general guide for technology managers
and developers to integrate privacy protections into operational IT systems.
This new guide, the Privacy Technology Implementation Guide (PTIG) combines
elements of privacy protection from disparate privacy compliance requirements,
as well as a administrative policies and procedures into a single document,
contextualized for managers and developers of operational systems. The PTIG is
designed to allow each Component the flexibility to adapt privacy
considerations to the way that Component does business while retaining a common
DHS approach. The result is a new guide that provides early awareness of
privacy issues and the aspects of systems that can be managed and developed to
address privacy issues and streamline the process of complying with existing
privacy protection requirements.
Privacy
Incident Handling Guidance (PIHG), September 2007 (PDF, 109 pages - 4.25
MB) The Department of Homeland Security (DHS) has a duty to safeguard
personally identifiable information (PII) in its possession and to prevent the
breach of PII in order to maintain the public's trust. The Privacy Incident
Handling Guidance (PIHG) serves this purpose by informing DHS organizations,
employees, senior officials, and contractors of their obligation to protect PII
and by establishing procedures delineating how they must respond to the
potential loss or compromise of PII. [Source]
US – Feds Tout New Domestic Intelligence Centers
“But
critics say that “all hazards, all threats” approach sounds suspiciously like
the government is building a distributed domestic intelligence service that
could easily begin keeping tabs on Americans exercising their First Amendment
rights. The scope also seems at odds with the federal government’s Information Sharing Environment
guidelines, which say these centers are supposed to focus on terrorism.
California’s Anti-Terrorism Information Center admitted to spying
on anti-war groups in 2003. And Denver’s police department built their own
secret spy files on Quakers and 200 other organizations. Earlier this year,
the ACLU issued a warning report
about Fusion Centers, complete with an interactive fusion center
map, earlier this year. The report, entitled What’s Wrong With Fusion
Centers, cited concerns about military units operating in the centers, as
well as the potential for scope creep and data mining. How, the group asked,
can citizens contest information about themselves, given the patchwork of
state, local and federal sunshine laws that may or may not apply.” [Source]
US – Federal Student Privacy Law: Proposal to Soften
Privacy Rules
The
1974 Family Educational Rights and Privacy Act could soon undergo a
makeover if new proposed regulations by the Federal Education Department take
hold. The department aims to clarify standards for releasing confidential
student information and to assure the immunity of college officials who come
forward with concerns about a student’s mental state. The regulations follow
findings of two reports, one from the Virginia governor’s office after last
year’s Virginia Tech shootings, and a subsequent federal study, which
demonstrated that confusion about the law may cause college administrators to
take an overly-guarded approach toward the release of any student’s health
information. [Source]
US – Concealed Weapons Privacy Law in South Carolina
The
public would not have access to the names of people who can carry concealed
weapons in South Carolina under a proposal that appears to be headed to the
governor’s desk. The House made a small change to the proposal last week and
returned it to the Senate, which passed a similar measure earlier this month.
Senators are expected to approve the change and send the bill to the governor’s
desk. The South Carolina House passed the bill unanimously last May after a
Virginia newspaper put a link on its Web site with the names and addresses of
that state’s concealed carry permit holders. Gun enthusiasts say publishing the
gun owners’ names violates their privacy. Open government advocates say the
government should never issue licenses in secret. Under the House change, the
state will wait until a permit is revoked before publishing that person’s name,
address and reason for the revocation. [Source]
US – Indiana Breach Notification Law Gets Toughened Up
Indiana
will have a stronger data protection and breach notification law as of July 1,
2008 thanks to Indiana University graduate student and blogger Chris Soghoian.
Soghoian asked his state representative Matt Pierce to look more closely at the
state’s breach notification law, which said companies did not have to report
data breaches involving “unauthorized acquisition of a portable electronic device
on which personal information is stored, if access to the device is protected
by a password that has not been disclosed.” With input from Soghoian,
Representative Pierce submitted a bill to address weaknesses in the current
law. After some finagling in the state Senate, both houses unanimously passed
the bill and Governor Mitch Daniels signed it into law on March 25. Now
companies will be exempt from reporting breaches only if all the data on the
stolen device are “protected by encryption and the encryption key has not been
compromised or disclosed, and is not in the possession of or known to the
person who, without authorization, acquired or has access to the portable
electronic device.” [Source]
See also: [Vermont
Senator Leahy Wants Privacy Legislation]
US – Oregon Employers Fingerprint Thousands of
Employees
More
than 53,000 Oregonians submitted their fingerprints to the FBI last year, but
not because they were crime suspects. They did it to land a job. It’s a trend
that’s become a post-9/11 reality: More private companies and government
agencies want to know whom they’re dealing with by digging into potential
employees’ criminal pasts. Nationally, more people get fingerprinted for work
purposes than for committing a crime. [Source]
US – Workers Resent Palm Scanning
A
palm-scanning system used to track the hours of 3,500 workers in New York City
is raising the ire of some employees who say the method is an invasion of
privacy, according to an Associated Press report. CityTime, the biometric
system installed by the city at a price of $410 million, intends to reduce
fraud and help automate payroll tasks. But critics are concerned about the cost
of the system, its privacy implications, and the implied mistrust associated
with the palm tracking. But mayor’s office spokesman Matt Kelly insists it is
not about mistrust, saying “The issue is making sure we pay our staff
accurately and efficiently while remaining compliant with the law.” [Source]
See also: [Fingerprint
Scanners Help Companies Track Workers] and [Fingerprint Timecards
Creeping Out Workers] and also: [German
Supermarket Chain In Deep Over Employee Surveillance] à [German
minister calls for law against spying on employees]
--------