Biometrics

US – Airport Officials Ask Congress Not to Disrupt TSA Biometrics Work

Executives at more than 80 airports are defending an existing federally affiliated biometric program exclusively run by their trade association and are urging Congress not to convert the project into a fully competitive contract. Under pending legislation, the Transportation Security Administration would be required to seek competitive bids for the first time to process and transmit fingerprint data needed for background checks on millions of aviation workers. In 2001, the TSA designated the Transportation Security Clearinghouse, an entity owned by the American Association of Airport Executives, as the sole provider to perform that work. The clearinghouse collects fees from the aviation workers, currently $27 per worker, as payment. The TSA later also designated the clearinghouse for additional biometric handling projects, including Registered Traveler. The provision to convert that work to full competition is included in the TSA reauthorization bill, H.R. 2200, sponsored by Rep. Sheila Jackson-Lee (D-Texas), which is being debated on the House floor this week. The airport executives are urging Congress to consider the risks of making changes to a program that they say is delivering valuable services at a low cost. A biometrics industry group released a statement objecting to the airport executives’ arguments. Other vendors are available in the market that can provide comparable work at low cost, according to a statement from the International Biometrics Industry Association (IBAC). Also, there is no reason to believe that full and open competition will disrupt or interfere with the performance of the processing, or channeling, of the biometric data, the association contends. “The function at issue does not rise to the level of justifying using a no-bid sole source contract. Basically, it is a message routing service (“channeling”). The service provider neither analyzes nor processes the data; it only transmits the data. While the information must be protected, many other companies are also FBI-certified as meeting all security and privacy requirements,” the biometric association statement said. [Source]

Canada

CA – $454K for Privacy Research, Awareness

Canadian federal Privacy Commissioner Jennifer Stoddart has announced the 2009-2010 Contributions Program recipients. Eleven organizations across Canada will receive $454,697 for research and projects to advance privacy awareness and rights. The projects focus on four key OPC priority areas: national security, identity integrity and protection, information technology and genetic privacy. Among this year’s recipients are the Canadian Association of the Deaf, which will receive $49,855 for a campaign to inform Canadians with hearing impairments about identity theft, privacy rights and Internet scams, and Canada Dashboard Digest publisher IAPP Canada, which will receive $48,440 to bring free privacy education workshops to several cities. Other recipients include the University of Guelph, the Option Consommateurs and the Coopérative radiophonique de Toronto. [Source] [Backgrounder] [Press Release]

CA – Critics Call for Probe into Police Jury Checks

The Ontario government is facing renewed criticism for its refusal to order an independent probe into allegations the Crown has been enlisting police to conduct improper background checks of potential jurors. “These are allegations of a most serious interference with the impartiality of a jury,” said NDP justice critic Peter Kormos. “An investigation has to be conducted by a completely independent team,” he added. For several years, the Crown office in Simcoe County, in Barrie, has allegedly asked police to probe potential jurors, according to documents filed in the Court of Appeal. A Crown memo written in 2004 that was sent to local police forces in the Barrie-area asks for help in weeding out “disreputable persons” from serving as jurors. The information obtained by police was not disclosed to the defence, the court documents state. [Source] [Secret jury lists note drinkers, whiners]

CA – Privacy Commissioner of Canada Launches 2009 National Youth Video Competition

The Office of the Privacy Commissioner of Canada is launching its second annual My Privacy & Me national video competition, which encourages youth ages 12 to 18 to produce video public service announcements that explore the importance of privacy. The goal of the My Privacy & Me video competition is to encourage young people to learn how to build a secure online identity so they don’t expose personal information about themselves that they will regret later. Last year’s final seven videos (including the 1st-, 2nd- and 3rd-place winners) are available at youthprivacy.ca, the Office’s youth Web site. They can also be viewed on the Office’s YouTube channel. Videos must be submitted before Friday, December 11, 2009. [Source]

CA – Canadian Cinema Ordered to Pay $10K in Damages for Search

A Quebec court has ordered a cinema to pay $10,000 in damages after staff searched patrons’ bags and turned up smuggled snacks and birth control pills -- and in the process violated their privacy rights. The incident happened in 2007 when a woman took her two daughters to Cinemas Guzzo in Montreal to watch the film “Shrek the Third.” [CTV]

Consumer

CA – Ombud for Crime Victims Calls for Disclosure of CNA Data Without Court Oversight

The Office of the Federal Ombudsman for Victims of Crime has issued a new report calling on the government to introduce legislation to make it mandatory for ISPs to give law enforcement basic customer name and address information upon request. [Source]

E-Government

CA – Privacy Breaches in Government Databanks Concern Advocates

Jon Schubert says he was as shocked as anyone when he learned a lawyer working for the Insurance Corp. of British Columbia used the Crown corporation’s database to check claims histories of prospective jurors in a lawsuit against the public auto insurer. The court case was suspended, the contracted lawyer fired and a review undertaken. It has turned up two more cases where different corporation staff gave claims information to lawyers screening jurors. The incident has raised concerns not only about the privacy of data held by government and quasi-government agencies but on how those institutions deal with adversaries. The incidents raise the question: just what safeguards are there to protect citizens from unauthorized use of large government and quasi-government databases containing people’s personal information? [Source]

UK – Confidential Data ‘Not Kept Safe’

More than 200 laptops, PCs and memory sticks containing confidential data have been lost by councils and health boards, according to the Lib Dems. A report published by the party said entire school servers, clinical studies and patient videos had gone missing over the past 18 months. The Scottish Government said it had been working to raise awareness of good practice in data security policies. [Source]

Electronic Records

US – VA and DOD Move Closer to Single E-Health Record

The Defense and Veterans Affairs departments are on track to meet a Sept. 30 deadline to develop a single electronic health record through which they can share patients’ medical information, according to the executive in charge of that program. The existing Bidirectional Health Information Exchange, developed incrementally by both departments since 2004, will be incorporated into the shared EHR. It provides an interface that connects the departments’ individual clinical data repositories so physicians can exchange readable data in text on pharmacy and allergy data, lab and radiology results, vital signs and patient histories. In the future, VA and DOD have agreed to collaborate on the development of a virtual lifetime electronic record that would include health, benefits and personnel data. It would use a common services approach that would allow for single sign-on to authorize users, and would also provide identity management and records portability. [Source]

EU Developments

UK – BSI Issues New Data Protection Standard, Survey Results

The British Standards Institution (BSI) has released a new data protection standard, along with survey results suggesting that it comes at a good time. The BSI surveyed 516 small- and medium-sized businesses to determine Data Protection Act compliance, finding that one in five has breached the act, and half of those businesses have breached it more than once. In addition, the majority of firms indicated they do not train staff on data protection and nearly half do not have a data controller, as required by law. One-third of the respondents noted that the act’s complexity hinders their compliance efforts. The BSI10012 standard aims to help firms better understand their compliance obligations. [Source] The Standard is called BS 10012:2009 Data Protection – Specification for a personal information management system]

UK – Code for Handling Personal Data is Muddled, Says Lawyer

A code of conduct for handling personal data was launched in London last week. But the document is inconsistent on the need for consent when collecting personal data, according to a data protection expert. Sometimes consent is not necessary, he said. The Personal Data Guardianship Code was published jointly by the British Computer Society and the Information Security Awareness Forum (ISAF) in response to the number of high profile data breaches in recent years. Its aim is to change the culture of organisations towards the handling of personal data. According to its authors, the Code “follows on the success of the BCS petition objecting to the changes in the Coroners and Justice Bill which would have seen drastic changes to the way in which government departments could have used personal information.” [Source] [Personal Data Guardianship Code]

UK – ICO Launches Updated Guide for Privacy Impact Assessments

The Information Commissioner’s Office (ICO) is urging organisations to always consider the impact on individuals’ privacy before developing new IT systems or changing the way they handle personal information. The call comes as the ICO today launches the latest version of the Privacy Impact Assessment (PIA) handbook. The user friendly handbook is designed to help organisations address the risks to personal privacy before implementing new initiatives and technologies. The benefits of a Privacy Impact Assessment include:

· Identifying and managing risks

· Avoiding unnecessary costs

· Avoiding the introduction of inadequate solutions too late in a scheme’s development

· Avoiding loss of trust and reputational damage

· The opportunity to inform and seek feedback from stakeholders

· Meeting and exceeding legal requirements [Source] [PIA Handbook v 2.0]

Facts & Stats

US – Breach Affected Hundreds of Institutions

The number of banks reporting card compromises as a result of the Heartland Payment Systems data breach has reached 656. Multiple financial institutions have filed suits against the company for losses due to the breach. On Wednesday, the Judicial Panel on Multidistrict Litigation heard arguments on whether the class action suits should be consolidated. Consumers and investors have also filed suits and the Federal Trade Commission may be investigating. [Source]

US – Report: Social Networking Up 83% for U.S.

The explosion in social networking may be even greater than imagined. The time that people in the U.S. spend on social network sites is up 83% from a year ago, according to a report from market researcher Nielsen Online. Facebook enjoys the top spot among social networks, with people having spent a total of 13.9 billion minutes on the service in April of this year, 700% more than in April 2008, Nielsen said. Minutes spent on Twitter soared a whopping 3,712% to almost 300 million, versus around 7.8 million from the same month a year ago. [CNET]

Filtering

CN – Chinese Web Filter Move Raises Issues: Microsoft

Microsoft said a Chinese rule that personal computers sold in the country include Web filtering software raises issues of freedom of expression, privacy, and security which “need to be properly addressed.” The statement by the US software giant came after a US computer industry association denounced the Chinese move and the largest US personal computer makers said they were studying its ramifications. The head of a software developer involved in devising the Chinese filtering program told AFP in Beijing that the move was aimed at protecting people from pornography. According to The Wall Street Journal, China has told global PC makers that all personal computers sold in the country as of July 1 must be shipped with the software that blocks access to certain websites. It said the software, called “Green Dam-Youth Escort,” would link PCs with a regularly updated database of banned sites and block access to those addresses. The Journal said China’s Ministry of Industry and Information Technology issued a notice on May 19 requiring that PCs to be sold in China as of July 1 have Green Dam software “preloaded” – pre-installed or enclosed on a CD. China has the world’s largest online population at nearly 300 million Web users, and the Chinese authorities have a history of blocking websites they deem politically unacceptable or offensive, a censorship system that has been dubbed the “Great Firewall of China.” [Source]

CN – China Defends Web-Filtering Software Requirement

China yesterday defended a new requirement that personal computers sold in the country carry software that filters online content, saying the program is targeted at preventing the spread of pornography and other “unhealthy” content. The Ministry of Industry and Information Technology posted on its Web site a notice to all PC makers that they will be required to pre-load the “Green Dam-Youth Escort” filtering software on units to be sold in China as of July 1, including imported PCs. [Washington Post]

FOI

CA – Information Commissioner’s New Modus Operandi to Foster More Transparency

The Information Commissioner of Canada, Robert Marleau, tabled his 2008-2009 Annual Report in Parliament. The report describes the substantial improvements that the Office of the Information Commissioner (OIC) has made to its investigative process in an effort to enhance efficiency and timeliness. An important goal is to eliminate the OIC’s pre-April 2008 inventory of complaints by April 2010. The report also presents the Commissioner’s new approaches for addressing system-wide issues which adversely affect access to information in Canada and for maximizing his influence on institutions’ compliance with the law. [Source]

Health / Medical

CA – Legislation to Protect PHRs Tabled in New Brunswick

As the New Brunswick government moves toward electronic personal health records (PHRs), lawmakers there tabled health protection legislation, reports the Daily Gleaner. The legislation intends to give citizens control over who sees their medical information. “We have to make sure that New Brunswickers feel safe because we are going ahead with the e-health file,” said Health Minister Mike Murphy. If passed, the law will let patients determine who can see what parts of their medical records. For example, a person could let his providers access his medication list, but block them from seeing test results. [Source]

US – CDT Comments on FTC Health Data Breach Notification Rulemaking

CDT, together with the Markle Foundation and others, filed comments with the Federal Trade Commission (FTC) regarding new requirements on how to notify patients when unsecured personal health record (PHR) data has been breached. In the comments, CDT called on FTC to work with the Department of Health and Human Services to ensure consistency between their respective breach notification rules. CDT also recommended that FTC narrow the discretion of health care entities to determine whether an unauthorized party has acquired breached data. In addition, the comments urged FTC to incorporate major Internet news outlets as acceptable media vehicles for notifying patients of data breaches. [CDT Joint Comments On Notice of Proposed Rulemaking] [Text of FTC’s Notice of Proposed Rulemaking]

UK – NHS Trust Signs Undertaking

The Information Commissioner’s Office (ICO) has required the Salford Royal NHS Foundation Trust to sign a “formal undertaking” on data protection. The trust failed to disclose in a timely fashion the theft of a laptop computer containing unencrypted medical information on thousands of patients. In signing the undertaking, the trust commits to encrypting personal data and better protecting access to equipment, the report states. The trust “recognizes the seriousness of this data loss and has agreed to take immediate remedial action,” said Assistant Information Commissioner Mick Gorrill. “It has also agreed to conduct future audits to ensure compliance with the Act.” [Source]

AU – Health Card Plan Sparks Privacy Concerns

Australian Federal Health Minister Nicola Roxon said the Government was considering introducing a card to carry information such as a patient’s vaccinations, medication, test results and past procedures. Ms Roxon said it would be up to the individual to decide which information to add to the card, and who was given access to the information. She said it would be very different from the Access Card proposed by the former Howard government, which would have been compulsory for any Australian who wanted to access about 16 government health and welfare services. “There are certainly no plans for it to be linked with other government information,” Ms Roxon said. Liberty Victoria President Michael Pearce, SC, said that while the card seemed to have benefits he was concerned its scope would be expanded over time. While the Government is still weighing up whether to create a card, it has already committed to creating a system of electronic health records from the middle of next year. Under that scheme, all Australians will be assigned numbers to which they can add information from their medical histories. The issue is being examined by the National Health and Hospitals Reform Commission, which in April issued a statement supporting a system of “person-controlled electronic health records”. The commission cited a survey showing 82% of Australians support the idea. But the commission said the Government needed to legislate to ensure privacy. In a submission, the Office of the Privacy Commissioner said such a system should allow people to quarantine sensitive information, such as mental illness, and legislation should define the legitimate use of the information and set out sanctions for abuse. [Source]

Horror Stories

US – List of U.S. Nuclear Sites Inadvertently Posted Online

A U.S. document containing sensitive details about hundreds of civilian nuclear sites across the country was posted online Monday, an apparently inadvertent security breach that had federal officials scrambling to remedy the mistake. The document, a draft declaration of U.S. nuclear facilities to the U.N. nuclear watchdog agency, contained descriptions of sensitive civilian sites, including the locations of facilities that store enriched uranium and other materials used in nuclear weapons. It was available for about a day on a Government Printing Office Web site before inquiries by news organizations prompted its hasty removal. [Washington Post] [Source] [“The List of Sites, Locations, Facilities, and Activities Declared to the International Atomic Energy Agency”] message from the President of the United States, May 6, 2009 (267 pages, 13 MB PDF file).

US – Virginia Notifying Those Affected by Prescription Database Breach

The state of Virginia is notifying 530,000 people by mail that their Social Security numbers (SSNs) may have been compromised in a computer security breach. In late April of this year, an intruder gained access to the state’s Prescription Monitoring Program system. The database was created to detect and thwart drug abuse in Virginia. The breach also affected approximately 1,400 registered database users, largely pharmacists and physicians. The records include patients’ names, addresses, dates of birth, names of prescribed drugs, and physician and pharmacist information. Some records also contained nine-digit patient identification numbers, which could be SSNs. [Source]

Identity Issues

US – Feds Spike Voter Citizenship Checks In Georgia

The Justice Department has rejected Georgia’s system of using Social Security numbers and driver’s license data to check whether prospective voters are citizens, a process that was a subject of a federal lawsuit in the weeks leading up to November’s election. In a letter released this week, the Justice Department said the state’s voter verification program is frequently inaccurate and has a “discriminatory effect” on minority voters. The decision means Georgia must halt the citizenship checks. The decision comes as Georgia awaits word on whether a law passed in the spring that requires newly registering voters to show proof of citizenship will pass muster with DOJ. Under the law that takes effect in January, people must show their proof up front compared to doing checks through databases. [Source]

US – Police in Arizona May Stop Accepting Mexican ID Card

A recent legal review revealed a Mexican identification card issued to more than 231,000 people in the Valley fails to meet Arizona traffic law, leaving some immigrant motorists subject to arrest during routine stops. While the Mexican government billed the matricula consular card as a secure document for U.S. transplants, police agencies said the card is invalid - the difference between a civil citation and a criminal charge in some cases. Phoenix city attorneys reviewed the details of the matricula card after Mexican diplomats pushed for a police department policy that would require officers to accept the ID, which appears like a driver’s license. Attorneys said officers are unable to read biometric information - such as height, weight and eye color - encoded on the back of the card. According to Arizona state law, a driver who fails to provide evidence of their identity could be charged with a Class 2 misdemeanor. Tucson police Sgt. Fabian Pacheco said officers have the discretion to make an arrest if they feel they cannot identify a subject based on the matricula card alone. [Source]

Internet / WWW

WW – Web Site Tracks Policy Changes at Popular Sites

A new Web site unveiled this week will track policies imposed by popular Internet sites such as Facebook and Google, hoping to help users spot potentially harmful changes. TOSBack.org, the brainchild of privacy advocacy group Electronic Frontier Foundation, will track terms of service modifications within hours of an update. [Washington Post]

US – Government Agencies Will Work with ICANN to Secure Internet

The US Department of Commerce’s National Telecommunications and Information Administration and the National Institute of Standards and Technology (NIST) will ask ICANN (The Internet Corporation for Assigned Names and Numbers) for help in deploying DNSSEC “at the authoritative root zone of the Internet” by the end of the year. [Source] [Source]

Law Enforcement

CA – Ottawa to Tighten Up National Sex Offender Registry, DNA Database

Sweeping changes to the national sex offender registry and the national DNA database are intended to make them more effective tools for police in tracking and preventing sex crimes, Public Safety Minister Peter Van Loan said. Advocacy and law enforcement groups had argued the registry, in place since 2004, hasn’t been responsible for solving a single sex crime. Among the proposed changes:

· All sex offenders will automatically be added to the registry upon conviction. Currently such offenders are included only after a formal request is made by the Crown and a judge orders it — which happens 58% of the time.

· Convicted sex offenders will also automatically be required to provide a DNA sample to be entered into the national database.

· Police will have access to the sex offender registry to prevent sex crimes. “If police see an individual behaving suspiciously near a school ground, for example, they will be able to request information from the database,” said Van Loan. “They will be able to obtain additional information to assist them in their prevention work.” Currently police can use the sex registry to investigate a crime only after it has happened.

· Those who are convicted and jailed for sex crimes in another country and are returned to Canada to serve the remainder of their sentence will now be registered with the registry.

· Canadians convicted abroad of sex crimes and returning to Canada at the end of sentence must report their conviction to police within seven days of arriving back in the country or face criminal prosecution. “No longer will Canada be a safe haven from which travelling sex offenders can operate safely,” said Van Loan.

· Sex offenders must report the name of their employer, the type of employment as well as any volunteer organizations they are associated with. They will also be required to provide notice in advance of absences from their residence of seven days or more.

· Police will be allowed to notify other Canadian and foreign law enforcement jurisdictions when registered sex offenders are travelling to another area.

· Federal and provincial correctional services will be allowed to notify registry officials if a registered sex offender is either released into the community or re-admitted to custody.

The proposed changes were to be tabled in the House of Commons, though it was unclear when they would take effect. [Source]

CA – Niagara Courts Ruling: Taser Use to Obtain DNA Not Unconstitutional

A decision by Falls Police to use a Taser to obtain a DNA sample from a suspect in an armed robbery, shooting and kidnapping is not unconstitutional. Niagara County Court Judge Sara Sheldon Sperrazza reached that conclusion in a 16 page decision handed down that refused to dismiss an indictment against Ryan Smith and denied his request to have DNA evidence that links him to two separate criminal cases thrown out. [Source]

Online Privacy

US – Study Finds Consumer Privacy Expectations Not Met

University of California, Berkeley graduate students have released the results of a study comparing consumer expectations for online privacy with Internet companies’ data collection practices. The researchers examined how companies gather information about users’ Web activities using cookies and beacons, among other trackers, finding that despite consumer demand for control over how their personal information is collected and used, Web analytics tools are used widely, often without users’ knowledge. This disconnect is notable, says Chris Hoofnagle, advisor to the researchers and director of the UC-Berkeley Center for Law and Technology. Hoofnagle suggests that the new FTC may take a different approach toward such practices. [NYT] [Study: Know Privacy]

UK – British MP’s Facebook Account Hit by Spam Scam

A British MP has expressed dismay that his Facebook account was hijacked and used to send spam messages to 1,500 contacts. Michael Fabricant’s account has been suspended; the spam messages, which ask the recipients to “Look at this,” contain a link to a maliciously crafted web page. Fabricant’s Facebook account was restored after he contacted one of the company’s directors. [Source] [Source]

US – Judge: Posting SSNs Online is OK

A federal judge has ruled that Social Security number (SSN) privacy campaigner B.J. Ostergren is within her First Amendment rights in posting the publicly available SSNs of Virginia officials on her Web site. Ostergren, who urged legislators to enact a law requiring the redaction of SSNs in public records, began posting state lawmakers’ SSNs to demonstrate their accessibility. But last year state lawmakers passed a bill banning such postings. Ostergren then moved to block the law. In his decision, U.S. District Court Judge Robert E. Payne said that the law violates Ostergren’s First Amendment rights. [Source]

AU – New Benchmark Set for Online Privacy

Effective Measure has announced plans to roll out a new industry leading visitor opt out mechanism that promises a new benchmark in visitor privacy. Under the new initiative, Effective Measure will also allow the millions of anonymous users it measures throughout the world a greater deal of control, by offering a permanent visitor opt out mechanism. Scott Julian, CEO at Effective Measure, said that the new opt out mechanism, scheduled for release this month, is designed to enhance and extend the visitor opt out mechanism currently available on the Effective Measure website. [Source]

Privacy (US)

US – Breach Suit Targets Auditor

A bank is suing the security auditor that certified CardSystems Solutions three months before hackers breached its systems in 2004, reports Wired. The breach affected 263,000 card numbers, including those of merchants serviced by Merrick Bank, which brought the suit against managed services company Savvis. It is believed to be the first time a security auditing firm has been implicated in a data-breach suit. Legal experts say the case marks new territory in data breach litigation and the potential “liability of third parties that audit and certify the trustworthiness of those companies,” the report states. [Source]

US – New Travel Rules in Effect

The U.S. Western Hemisphere Travel Initiative went into effect June 1^st, imposing new, more stringent border-crossing requirements on those returning or passing into the U.S. from Canada, Mexico, Bermuda and the Caribbean via land or sea, reports Federal Computer Week. The rules limit acceptable forms of border-crossing documentation to passports, U.S. passport cards and enhanced driver’s licenses (EDLs). EDLs have come under scrutiny in the U.S. and Canada--where four provinces have implemented them to satisfy the new requirements--due to their embedded RFID technology, which some say leave cardholders vulnerable to identity fraud and mishandling. [Source]

US – FTC-Sears Settlement Reached

The Federal Trade Commission (FTC) has reached a settlement with Sears Holdings Corp on allegations it collected personal data from customers without adequate disclosures. The company paid customers $10 in exchange for permission to track their online activities. But the FTC said that Sears did not effectively communicate the extent of the tracking--which included online bank statements, health information and e-mails--despite disclosure in its lengthy user agreement. To satisfy the settlement, the company must destroy the data collected and make more prominent future disclosures. Sears said it has already destroyed the data. [Source]

US – Microsoft, Google Cautiously Endorse Privacy Bill

Top attorneys for Microsoft and Google have reiterated their companies’ support for tougher government rules to protect consumer privacy. But when it comes to the details, some watchdog groups say they are concerned that Web firms will continue to fight against specific provisions that would limit the ways they can collect and use people’s information to serve more targeted ads. [Source]

RFID

US – DHS expands RFID Use at borders today

OIn June 1^st, the Department of Homeland Security expanded its use of electronic passports, enhanced drivers licenses and other RFID-enabled identification documents at US border crossing points. [Source]

WW – Team to Develop Standards for Testing RFID in Health Care

AIM Global, MET Labs and Georgia Tech will develop testing protocols for detecting electromagnetic interference caused by RFID transmissions, and for determining the effects of such interference on medical devices. [Source]

US – Calif. Researchers Tag Cadavers, Body Parts

The project adds the University of California to a growing list of hospitals and schools turning to RFID technology to track human bodies, tissues or specimens. [Source]

US – Philly Hospital Uses RTLS to Track Patient Flow, Care and Training

Teaching hospital Albert Einstein Medical Center is using ultrasonic ID tags not only to monitor patient flow, but also to provide performance feedback to its residents and interns. [Source]

US – U.S. Veterans Hospital Deploys Real-Time Location RFID System to Track Patients

Chalmers P. Wylie Veterans Ambulatory Care Center, a VA medical center in Columbus, Ohio, has implemented an RTLS system from Versus Technology that will track up to 300 patients in more than 150 locations. The system uses RFID and infrared tracking technology, according to the announcement.

WW – RFID Gives Voice to Nonverbal Children

Thanks to its built-in RFID interrogator, the Logan ProxTalker can identify words that autistic children want to say--and utter them on their behalf. [Source]

US – Nuclear Plant Operator Uses RFID to Promote Safety

Southern Co. employs a unique type of active tag to track employees’ locations at its training center, as well as teach them how to avoid excessive radiation exposure. [Source]

US – Dairy Queen to Deploy RFID-Based Mobile Loyalty Program

Mobile loyalty and rewards solution provider Tetherball announced an RFID-based mobile marketing platform that enhances retailer loyalty programs by providing consumers with small tags that affix to their mobile phones. Dairy Queen has been named as a customer, with one Dairy Queen franchisee claiming 900 Tetherball-based loyalty members per store. [Source]

Security

US – NIST Releases Final Draft of Recommended Security Controls Document

NIST has released the final public draft of Special Publication 800-53, Revision 3: Recommended Security Controls for Federal Information Systems and Organizations. NIST calls the draft “historic in nature [because] for the first time, and as part of the ongoing initiative to develop a unified information security framework for the federal government and its contractors, NIST has included security controls in its catalog for both national security and non national security systems.” NIST is accepting public comment on the document though July 1, 2009. [Source] [Source]

Surveillance

US – EFF and ACLU Planning to Appeal Dismissal of Dozens of Spying Cases

A federal judge has dismissed dozens of lawsuits over illegal domestic surveillance of American citizens, ruling that telecommunications companies had immunity from liability under the controversial FISA Amendments Act (FISAAA). The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) California and Illinois affiliates are planning to appeal the decision to the 9th U.S. Circuit Court of Appeals, arguing that FISAAA is unconstitutional. “We’re deeply disappointed in Judge Walker’s ruling today,” said EFF Legal Director Cindy Cohn. “The retroactive immunity law unconstitutionally takes away Americans’ claims arising out of the First and Fourth Amendments, violates the federal government’s separation of powers as established in the Constitution, and robs innocent telecom customers of their rights without due process of law.” Signed by President Bush in 2008, the FISAAA allowed for the dismissal of the lawsuits over the telecoms’ participation in the warrantless surveillance program if the government secretly certifies to the court that the surveillance did not occur, was legal, or was authorized by the president. [Source]

US – Judge Halts Suits Over NSA Wiretapping

A federal judge in San Francisco has tossed out a slew of lawsuits filed against AT&T and other telecommunications companies alleged to have illegally opened their networks to the National Security Agency. U.S. District Judge Vaughn Walker on Wednesday ruled that, thanks to a 2008 federal law retroactively immunizing those companies, approximately 46 lawsuits brought by civil liberties groups and class action lawyers will be dismissed. [CNET]

US – Congress Approves Bill Limiting TSA’s Use of Whole-Body Imaging

Today, the House approved a bill that will limit the use of Whole-Body Imaging machines, installed by the Transportation Security Administration, in US airports. The devices photograph American air travelers stripped naked and could easily be programmed to record images. Congressman Jason Chaffetz (R-UT) sponsored the bill that will prohibit the use of the devices as the sole or primary method of screening aircraft passengers; require that passengers be provided information on the operation of such technology and offered a pat-down search in lieu of such screening; and prohibit the storage of an image of a passenger after a boarding determination is made. EPIC launched a campaign and a Facebook Group seeking to raise public awareness about Whole Body Imaging. [Source]

EU – Remote Monitoring Law Proposed in France

A proposed French law on domestic security would give the Criminal Investigative Police access to citizens’ electronic communications in some cases, reports European Digital Rights. D’orientation et de programmation pour la performance de la securite interieure would allow magistrates to, in “the most severe cases,” give police authority to install software on an individual’s computer to monitor activity and data. The police could install the spyware physically or remotely, and could monitor for a four-month period with the option for renewal. [Source]

Telecom / TV

JP – Japanese University Tracking Students via Free iPhones

The Aoyama Gakuin University’s School of Social Informatics in Tokyo has made a deal with Softbank Corporation, the iPhone’s vendor in Japan, to give the phones to 550 students for school usage. But oh, there is one catch: they’re also going to use the phones’ GPS to track students, and make sure they’re attending class on time. It looks like skipping class is an issue -- the students at the school, despite having to answer an attendance check and/or hand in an attendance card, are still skipping out on class and having their classmates cover them. But apparently university officials think the iPhone plan will work better, because students will be less inclined, they believe, to pass off their iPhone to a buddy. [Source]

US Government Programs

US – Obama to Appoint Federal Privacy Official

In the immediate wake of many calls for a federal CPO, President Barack Obama has announced that he will appoint a privacy officer as part of the new White House cybersecurity office. “To ensure that policies keep faith with our fundamental values,” said the President during remarks to government and industry officials, “this office will...include an official with a portfolio specifically dedicated to safeguarding the privacy and civil liberties of the American people.” Obama also stressed that the cybersecurity office will not monitor private-sector networks or Internet traffic. “We will preserve and protect the personal privacy and civil liberties that we cherish as Americans,” Obama said. [Source] [Comments on Cyber Security Strategy]

US – GAO to FDA: Boost Privacy

The Government Accountability Office (GAO) wants the Food and Drug Administration (FDA) to improve privacy and security protections for its Sentinel Initiative. Sentinel will aggregate information from insurance companies, academic institutions, government agencies and healthcare providers to monitor the safety of medications and medical devices. By mid-2012, the system will have access to the data of 100 million people, the report states. In its report, the GAO called for engaging citizens in the Sentinel development process; limiting data retention, when possible; and limiting the use of personal health data. The GAO also wants the FDA commissioner to create a privacy and security plan. [Source]

US Legislation

US – House Passes Act to Reinstate TSA Registered Traveler Background Checks

Registered Traveler proponents are cheering last week’s House passage of the Transportation Security Administration Authorization Act, claiming the bill would return benefits to a program that TSA has largely reduced to a front-of-the-line offering. However, the Senate has yet to introduce a counterpart bill, making the timeframe for a final law unclear. With 397 votes in favor and only 25 opposed, the House yesterday overwhelmingly passed the bill—TSA’s first authorization act since its formation in 2001—allocating more than $15.6 billion in transportation security programs for fiscal years 2010 and 2011. [Source]

US – State Rep. Michael Skindell Sponsors Legislation to Track Criminals

The Ohio House of Representatives approved a bill on May 27 sponsored by State Rep. Michael Skindell (D-Cleveland) to stop people who have been convicted of identity theft or a sexually oriented offense from legally changing their names. The bill, House Bill 95, is designed for easier tracking of these criminals by ensuring that such offenders do not conceal themselves through a legal name change. The bill would prohibit legal name changes for individuals who have been convicted of, pleaded guilty to or been adjudicated a delinquent child for committing identity fraud or for committing a sexually oriented offense or child-victim oriented offense for which the person must register under the Sex Offender Registration and Notification Law. The bill now moves to the Ohio Senate for consideration. [Source]

Workplace Privacy

AU – Auscheck Expansion Prompts Privacy Concerns

Plans to expand the AusCheck aviation and maritime employee background checking regime to more “national security” workplaces, together with the collection of fingerprints and other biometric identifiers, have rekindled privacy fears in Australia. Australian Privacy Foundation spokesman Nigel Waters says the AusCheck Amendment Bill, currently before the federal Parliament, confirms fears that the scheme would be expanded “far beyond the initial focus on maritime and aviation security” when it was introduced in 2006. [Australian IT]