WW – Researchers Foil Biometric Devices

Researchers fooled biometric systems with fake fingerprints made out of Play-Doh nine out of ten times, demonstrating a weakness of some computer security systems. Led by Stephanie Schuckers, an associate professor of electrical and computer engineering at Potsdam, N.Y.-based Clarkson University, the researchers tested 66 Play-Doh copies of real fingerprints of 11 different people. The fake fingerprints were verified as the real deal 90% of the time. "As with any identification or security system, biometric devices are prone to 'spoofing’ or attacks designed to defeat them," said Schuckers in a statement. Schuckers also tested cadaver fingers on fingerprint readers, and got the same results. In some of the tests, dismembered fingers passed 94% of the time. [Source]

CA – Carleton Scientist Pushing Device to Read Your Mind

Brainwave the ultimate security key: Researchers hope to soon be able to use brainwaves to unlock doors and access bank accounts. Some companies are already offering iris recognition systems that many countries want to put into biometric passports. But Ottawa-based Carleton University researcher Julie Thorpe wants to take the idea further. She says it is possible to do away with key cards, numbers and a litany of other security tools that allow people to retrieve bank money, access computer data or enter restricted buildings. "A user would simply think their password," said Ms Thorpe, who hopes to develop the first biometric security device to read your mind to authenticate users. Her idea, yet to be proven viable for commercial use, assumes that brainwave signals, like fingerprints, vary between people, even when they think alike. "Everyone's brainwave signal is a bit different even when they think about the same thing. They're unique just like fingerprints," she said. While people may be tricked into giving up passwords, smartcards may be lost or stolen, as can biometric templates stored on computers, so-called "passthoughts" are unique. [Source]

CA – New Federal Outsourcing Guidelines to Shield Personal Data

A federal proposal would allow government departments to cancel immediately any contract with an American firm if it hands personal information about Canadians to U.S. anti-terrorism investigators. The planned move was sparked by concerns that the FBII now can see sensitive Canadian data the government supplies to American firms doing business with departments in Ottawa. The USA Patriot Act gives the FBI broader access to records held by firms in the United States. The FBI can apply to a U.S. court to have a company disclose records, including information about Canadians, to assist with investigations involving prevention of terrorism or espionage. Draft guidelines prepared for federal departments say that means U.S. officials could obtain information about Canadians through American firms or their affiliates, even if the data is located in Canada. [Source] [Source]

CA – Survey: Canadians Content with Gov’t e-Services, but Privacy Still Big Concern

While largely happy with the quality of e-services provided by the public sector, Canadians still have concerns around the privacy and security of their online transactions with government. That’s a key finding of a recent survey titled ‘Citizens First 4’ conducted by the Institute for Citizen-Centered Service (ICCS) and the Institute of Public Administration of Canada (IPAC). The survey canvassed the views of around 7,000 Canadians on public sector service quality. Most stated service levels had improved at all three levels of government, but highlighted the need for better access to services. Canadians are worried about security and privacy of personal information, said Wendy Paquette, information manager with ICCS. “Their concerns are about secure storage of their information. If you’re online and you provide personal information, [you] want to ensure that information is protected and secure.” Paquette said another concern relates to the unauthorized use of personal information – for example the possibility of someone breaking into the system and using information to create a false identity. [Source]

AB – What the Alberta Information and Privacy Commissioner Wants for Christmas!

“The Office of the Information and Privacy Commissioner conducted several investigations this year involving businesses that failed to look after customers’ information, putting those customers at risk for identity theft. “The prospect of consumer fraud as a result of poor information practices is deeply troubling,” said Commissioner Work. “The risk of identity theft is a problem all year round, but particularly during the holiday season.” Businesses in Alberta are subject to the Personal Information Protection Act (PIPA) which requires them to take reasonable care in their handling of customer and employee personal information. At this time of year, the Commissioner urges businesses to be especially careful in handling their customers’ information: Don’t collect the information if you do not need it; Shred paper records that contain information of customers or employees; Limit access to personal information to those who need to know it; Look in garbage and recycle bins to ensure you’re not handing fraudsters your customers’ personal information; and Use technology that obscures credit card numbers on printed receipts...” [Source]

US – Survey: Retailers Need to Improve Data Security

According to a recent survey by Retail Systems Alert Group retailers need to improve their customers’ privacy protection. The study measures the extent to which retailers are capturing and using consumer-specific data to offer unique value to customers, and examines what retailers are doing to protect consumers’ privacy. The survey results show that most retailers rely on internal control audits to ensure the security, confidentiality, and integrity of consumer-specific data. More than 50% of the respondents have assigned responsibility to a security program coordinator, and an even greater number provide training to employees regarding consumer privacy and information security. Only 43% of retailers, however, have formal incident response plans, and even fewer test those plans. Most retailers do not encrypt customer-specific data within the database itself, and only 40% are capturing forensic data about how customer-specific data are captured and accessed. Most retailers do not use an external certification program to ensure controls. Customers don’t fare very well either. They have little control over how data specific to them are used, and only 60% of retailers allow customers to opt out of frequent-shopper or club programs. Retailers’ internal staff members have ad hoc access to consumer-specific data, according to almost 50% of the survey respondents. Most retailers do not share event-aggregated data with business partners, and very few share transaction data. [Source]

AU – Australia Launches Review of Anti-Spam Law

Australia’s Minister for Communications, Information Technology and the Arts has launched a review of that country’s anti-spam legislation. Senator Helen Coonan said the Australian Spam Act is internationally recognized as a “leading legislative model” to crack down on the scourge of spam that is overloading people’s in-boxes and causing great frustration. [Source]

WW – Expert: Lengthy Logs Not Always a Good Thing

System administrators should consider keeping minimum log records and brushing up on privacy laws to better protect employees’ right to free speech, according to the non-profit Electronic Frontier Foundation. While IT shops can use computer logs to spot malicious activity on machines, they can also be used as part of a “very effective” surveillance tool against individuals and companies. [Source]

EU – EU Prepares ‘Anti-Terror’ Data Legislation

The European Parliament approved new rules governing the retention of phone and mobile phone data pioneered by the UK government in the wake of the July terrorist bombings in London. Already approved by EU justice ministers, the new rules will force telecoms companies to retain Phone and email data for up to 2 years instead of a matter of months as is currently practiced in most EU states. [Source] [Source]

EU – Privacy International (PI) Report Criticizes EU Anti-Terror Policies

In a report released this week Privacy International, a London-based watchdog organization, compares the anti-terrorism approaches in the U.S. with those in Europe. It finds that on every policy involving mass surveillance of its citizens, the EU is prepared to go well beyond what the U.S. Government finds acceptable and palatable, and violate the privacy of citizens. According to PI’s Senior Fellow Dr. Gus Hosein: “It is no surprise that governments introduce harsh laws after terrorist attacks. But what is surprising when you compare the surveillance laws in Europe and the U.S. you find that the EU always goes further. The EU plans to fingerprint all of its citizens, monitor all communications transactions, surveil all movement and travel. All these policies have been rejected by the U.S. but are now law in Europe. The EU and some of its member states may paint the U.S. as a monster when it comes to anti-terror powers and civil liberties but they need to look into the mirror every now and then.” The notable exception to the rule that the EU always goes further than the U.S. is in border security. In this case both blocs are introducing vast surveillance regimes with little oversight and debate. [Source] [Report]

UK – Information Commissioner Publishes Good Practice Notes

The Information Commissioner’s Office (ICO) has published a series of user-friendly guides, designed to answer frequently asked questions about the application of data protection to everyday situations like email marketing and CCTV. [Source] [ICO Website]

DE – German Data Privacy Watchdog Praises Change of Heart at Microsoft

The software titan Microsoft has moved on the data privacy issue. This was becoming apparent on the one hand in that the global player was actively seeking to engage in a dialogue with German and European data privacy advocates. And on the other in that the company had “radically overturned its previous data privacy policy in a refreshingly unambiguous manner,” the head of the Independent State Center for Data Protection of the German federal state of Schleswig-Holstein Thilo Weichert – in the wake of his exchange of ideas with Microsoft’s Chief Privacy Strategist Peter Cullen – has said by way of summing up his assessment of the change of strategy of the Redmond-based company. [Source]

UK – Scottish Freedom of Information Act Under Review

With the first anniversary of the Freedom of Information Act’s enforcement approaching, the Scottish Executive announced a review of the Scottish version of the legislation yesterday, to identify areas that may need fine-tuning. According to the Scottish Executive, the review will consider: coverage of the Act, the fees regime, statutory prohibitions to disclosure of information, general feedback on discharge of functions under the Act and any areas where difficulty is arising. [Source]

WW – New Device Will Prevent Eavesdropping

A new device, called Babble, is billed as a solution to keeping coworkers from overhearing telephone conversations. The device, scheduled for release next year, attaches two speakers and a sound generator to a telephone. It produces sounds that mix with a person’s voice, producing sounds without any meaning. The device could help bolster patient privacy if used in waiting rooms and reception areas. [Source]

US – NY State Commission Approves Governor’s Plan to Expand DNA Databank

A NY state commission on Tuesday approved Gov. George Pataki’s plan to expand the state’s DNA databank, a move expected to add to the system DNA samples from as many as 40,000 more criminals. Pataki last week ordered additional DNA samples be collected from individuals as a condition of release from parole, probation, a plea bargain or a temporary release program. The order came after a broader legislative proposal to widen the DNA database stalled in the state Assembly. Pataki’s plan, which does not expand the list of crimes eligible for DNA testing, was approved by a 9-3 commission vote, said Jessica Scaperotti, a spokeswoman for the state Division of Criminal Justice Services. [Source]

US – New York City to Register, Monitor 500,000 Diabetics

NYC health officials will create a database to monitor the blood-sugar levels of about 500,000 diabetics, alerting them and their doctors to changes in condition and helping them obtain medical care. The program approved by the Board of Health today, the first of its kind for a patient population as large as New York's, will require laboratories to send the health department blood test results showing any abnormally high level of hemoglobin A1C, a three-month average measure of glucose indicating diabetes. The department will then notify patients and their doctors. As many as 250,000 more of New York City's 8.1 million residents have diabetes and don't know it, Health Commissioner Thomas Frieden said. [Source]

AU – Police Embarrassed by Crime Photos Bungle

Hundreds of disturbing police photographs showing murder victims and crime scenes have been found in a suburban dumpster, renewing pressure on the Australian Government to tighten security over confidential police material. Only months after thousands of secret police files were leaked in the state’s biggest ever privacy breach, graphic pictures showing victims who were stabbed, bashed or burnt to death have been found in a rubbish bin at a Cranbourne shopping centre in Melbourne’s outer south-east. The 330 photographs include close-ups of murdered Irish tourist Nicholas McNulty, 28, who was stabbed by a psychiatric patient while taking his dog for a run in Clifton Hill in July 1997. [Source]

US – Security Breach at Sam’s Club Exposes Credit Card Data

Sam’s Club, a division of Wal-Mart Stores Inc., is investigating a security breach that has exposed credit card data belonging to an unspecified number of customers who purchased gas at the wholesaler’s stations between Sept. 21 and Oct. 2. In a brief statement released Dec. 2, the company said it was alerted to the problem by credit card issuers who reported that customers were complaining of fraudulent charges on their statements. It’s still not clear how the data was obtained, according to the statement. But “electronic systems and databases used inside its stores and for Samsclub.com are not involved,” the company said. Sam’s Club is currently working with both Visa International Inc. and MasterCard International Inc. to investigate the breach. The company also has notified the U.S. Attorney’s Office for the Western District of Arkansas and the U.S. Secret Service. [Source]

UK – Hackers Steal Donor Info from UK Charity

Hackers have stolen the personal details of thousands of donors to Aid to the Church in Need, a Christian charity Web site. The charity does not yet know how much money the criminals have stolen, but the addresses of more than 2,000 online donors have been compromised, and the hackers have used these details to contact the benefactors directly to try to extract more money. [Source]

UK – Thousands targeted in tax credit fraud

MPs are worried that organized criminals have stolen thousands of staff identities in fraud which forced the closure of the online tax credit system. Security breaches at the online tax credit service are likely to be more widespread than first thought as criminals have targeted a group of 13,000 staff in order to use their identities to make fraudulent claims, the department responsible admitted this week. The Department for Work and Pensions said that thousands of staff at its Jobcentre Plus offices were targeted by organized criminals who then used their identities to make fraudulent claims through the online service, which has remained closed for the past 13 days. According to official figures, 547,000 claims are made through the website annually. Staff responsible for handling benefits claims across multiple offices were targeted. It is thought that the Financial Accounting Management Information System which covers thousands of staff was attacked by the fraudsters. [Source]

US – US Study: Fears Over Identity Theft Overblown

A new study suggests consumers whose credit cards are lost or stolen or whose personal information is accidentally compromised face little risk of becoming victims of identity theft. The analysis, released late on Wednesday, also found that even in the most dangerous data breaches – where thieves access social security numbers and other sensitive information on consumers they have deliberately targeted – only about 1 in 1,000 victims had their identities stolen. [Source]

US – Secret US ID Law Goes to Court

A three-judge panel of the U.S. Circuit Court of Appeals heard arguments last week on tech entrepreneur and Internet freedom fighter John Gilmore’s challenge to a secret government order forcing airline passengers to show identification or submit to a pat-down search. Gilmore contends that the policy violates his right to travel and that the additional search of those who do not show ID is a form of punishment. [Source]

US – Sony BMG Says it is Rethinking DRM Policy

Sony BMG is rethinking its anti-piracy policy following weeks of criticism over the copy protection used on CDs. The head of Sony BMG’s global digital business, Thomas Hesse, told the BBC that the company was “re-evaluating” its current methods. Hesse added that the furore about the XCP software had lead Sony BMG to “diligently re-evaluate” how it protects music on CDs. [Source]

EU – Law Requires Italian Internet Cafes to Record ID

A new Italian law requires businesses that offer Internet access to the public to ask clients for identification and log the owner’s name and the document type. Internet cafes also must make and keep a photocopy of the ID and be registered with their local police station, dictates the law, part of an anti-terror package approved after the July terrorist bombings in London. Many cafe owners say the law has increased their work load and decreased their profits. [Source]

EU – European Parliament Approves Data Retention Rules

The European Parliament adopted new rules drawn up by the European Union to store phone and Internet data for up to two years. Some EU lawmakers criticized the assembly saying it had caved in to pressure from member states, and arguing that the new rules would allow authorities to do what they wanted with the data. The parliament voted by 378 to 197 with 30 abstentions. [Source] [Source] [Source] [Source]

EU – Ireland to Contest Data Retention Law at EU Court

Ireland is set to challenge a newly adopted EU directive on data retention at the European Court of Justice, arguing that the issue falls outside EU competence. With 387 votes in favour and 204 against, MEPs in Strasbourg on Wednesday (14 December) adopted a controversial commission proposal on data retention, giving national police authorities far-reaching rights on monitoring telephone and data traffic. Minutes after the vote, a spokesperson from the Irish ministry of justice said that justice minister Michael McDowell had the intention of testing its judicial bearing, claiming it should not fall under the EU's so-called first pillar. [Source]

CA – Nova Scotians Still Vulnerable as U.S. Patriot Act is Extended

Nova Scotia NDP House Leader and Justice Critic Kevin Deveaux is calling on the Minister of Justice, Michael Baker, to release his Department’s plans for protecting Nova Scotians who have personal information stored in American data bases – accessible to the FBI under section 215 of the USA Patriot Act. “Let’s pay attention here,” says Deveaux. “U.S. intelligence can and will continue to be able to look at the details of our lives any time they want. That should all make us pretty nervous. Nova Scotians have a particular reason for concern. The Tories have outsourced that databases for the Department of Community Services, the Department of Motor Vehicles, and the government payroll to the U.S.” “The least this Minister should do now is follow B.C.’s lead and put legislation in place to protect us. Over a year ago we were told the Minister was going to review the situation and take action. Well where is the review and when are we going to see action?” [Source]

CA – EFF & CIPPIC Launch New Online Rights Organization

The Electronic Frontier Foundation and the Canadian Internet Policy and Public Interest Clinic have joined forces to create Online Rights Canada, a new grassroots organization focused on technology and information policy issues. ORC is initially focused on Internet surveillance and copyright reform. One of ORC’s first actions is a petition drive against unwarranted surveillance law. The petition asks Canadian lawmakers to protect citizens’ privacy rights when the new government convenes in 2006. Other important issues for ORC will include copyright law, access to information, and freedom from censorship. Online Rights Canada is the latest group to join the global fight for digital rights. Digital Rights Ireland launched earlier this week, and the Open Rights Group launched in the United Kingdom last month. [Source] [Source] [Source]

US – Princeton Students Lobby for Internet Privacy

A trio of graduate students is alleging in a new web-based petition that students who surf websites, connect to peer-to-peer networks or access online services from their dorm rooms are unwittingly leaving behind a wealth of personal information. The students’ website, www.princetonprivacy.org, illustrates a property of Dormnet — the service that provides Internet access to dorm rooms — that allows website operators, both on and off campus, to uncover such personal information as email, dorm telephone and campus address. [Source]

US – New Hampshire Bill to Regulate RFID Privacy

State lawmakers have crafted a bill that, if passed, would make New Hampshire the first state in the nation to regulate so-called “spy chips” in an effort to protect consumer privacy. The full House of Representatives is scheduled to vote on the measure, House Bill 203, in January. State lawmakers and advocates say it represents the most complete effort so far among the states to address the use of radio frequency identification, or RFID, microchips. One provision would require retailers to inform consumers if a RFID chip is embedded in a product or its packaging at the time of a sale, giving buyers the chance to ask to have the chip removed if they prefer. The bill also would make it a felony to implant human beings with a “spy chip” without their consent. It would set up a commission to track the technology’s growth and monitor its affect on individual privacy rights. Four states — Massachusetts, California, Utah and Missouri, have attempted to pass legislation to address RFID, according to CASPIAN. But legislatures in each state so far have not passed related bills. [Source]

JP – Paper-thin, Foldable Battery to Attach to Clothes

Japan’s NEC has developed a thin, foldable battery to be used in cards or clothes, leading to new possibilities such as people walking through ticket gates with fare passes in their pockets. The battery “will be used extensively in the future to power all kinds” of gadgets ranging from electronic paper to tags that trace retail goods in real-time, it said. It is “bringing us closer to a ubiquitous networked society by allowing access to the network anytime, anywhere,” an NEC statement said. [Source]

CA – Survey: More than 50% of Companies Admit Data is at Risk

Although a vast majority of Canadians are concerned about the privacy of their personal information, more than half of Canadian companies admit confidential and private data is at risk. A survey conducted by Leger Marketing shows that 55% of companies say customer information is not safe and secure. The survey also showed that 58% of consumers would immediately terminate their relationship with a company that compromised the safety of personal information. These numbers conflict with the 98% of business leaders who say they believe it is important for companies to ensure private data is protected. Most companies concerned about security feel the greatest danger rests in the hands of an uninformed employee, and 46% of business leaders say the greatest risk comes from the accidental download of viruses, spyware or adware. [Source]

UK – New International Standard for Information Security

A new international standard will provide an international framework and improve the security of information systems has been launched at a London conference. Based on the original British Standard BS 7799, ISO27001 will help business suppliers and customers have greater confidence in each other, knowing that their IT management systems are more secure. ISO 27001 will make it easier for companies to incorporate information security into their overall management system and companies that are already ISO 9001 compliant on quality management should be more able to adopt this standard. [Source]

WW – Survey: Firms Count the Cost of Security Threats

Security threats soared during 2005, along with the risk of financial losses, but a new report shows that companies still aren’t heeding the warnings. According to the State of Information Security 2005 report from PricewaterhouseCoopers and CIO Magazine, not only are security-related events up 22.4% on last year’s figures, but the number of organisations reporting financial losses as a result of the attacks is also surging. Twenty-two% of companies said they had been hit financially, compared with last year’s 7%. But despite the growing security threat to businesses, only 37% of respondents have a security plan in place, with only 24% saying that they expected to develop one in the coming year. However, organisations with a chief information security officer (CISO) or chief security officer (CSO) fare a little better, with 62% implementing a security plan. More companies are employing a CISO or CSO, with 40% of respondents in the survey having one on the payroll compared with 31% in 2004. Security spending is slightly increasing to compensate for the growing threat, accounting for 13% of an organisation’s IT budget this year, compared with 11% last year. Malicious hackers are the top culprits to carry out the attacks, with 63% of events attributed to them compared with 66% last year. However, the number of employee-related attacks is also up, at 33% compared with 2004’s 28%. Former employees remain a likely source of the security threats, representing 20% of events. Meanwhile, computer viruses still top the charts as the most common type of attack, rising to 59% of attacks from 53% the previous year. Privacy issues delivered mixed results, with 17% of respondents employing a chief privacy officer. More organisations also said they kept inventory of all third-party use of their data this year than in 2004 - 26% compared to 16% in 2004. However, some areas received a “could do better” rating, including posting the organisation policy on the company website. The number of companies providing employees with privacy training also slipped from 75% in 2004 to 58%. [Source]

WW – ITU Report: The Internet of Things

The internet as we know it is set to transform radically, according to a new ITU Internet Report entitled The Internet of Things, specially prepared to coincide with the World Summit on the Information Society (WSIS) in Tunis in November 2005. According to ITU’s report, we are standing on the brink of a new ubiquitous computing and communication era, one that will radically transform the Internet, and with it, our corporate, community, and personal spheres. The new ITU report looks at key enabling technologies for ubiquity (e.g. RFID, sensors and sensor networks, telematics, robotics, nanotechnology) and how they might impact the future human and technological landscape. [Source]

US – FTC Fines Directv $5.3M for Telemarketing Violations

Satellite television provider DIRECTV will pay $5,335,000 to settle FTC charges that, since October 2003, DIRECTV and companies it hired to promote DIRECTV programming have been violating the Do Not Call provisions of the Commission’s Telemarketing Sales Rule. This is the largest civil penalty the FTC has ever announced in a case enforcing any consumer protection law. At the Commission’s request, the U.S. Department of Justice filed the complaint, which names as defendants DIRECTV, 5 firms that telemarketed on its behalf, and 6 principals of those telemarketing firms. “This multimillion dollar penalty drives home a simple point: Sellers are on the hook for calls placed on their behalf,” said Chairman Deborah Platt Majoras. “The Do Not Call Rule applies to all players in the marketing chain, including retailers and their telemarketers.” [Source]

US – Privacy Groups Comment to HHS on “Parent Locator Databases”

The Electronic Privacy Information Center, Privacy Rights Clearinghouse, and World Privacy Forum have filed comments concerning the proposed State Parent Locator Service. “Because of the volume and sensitivity of personal information made available for child support enforcement purposes, we believe that it is necessary to build in strong rules for access to databases. Our comments below emphasize two privacy protections needed to ensure accountability in the use of child support enforcement databases: the need for audit logs to ensure that the databases are only used for approved purposes, and the need for accuracy provisions to ensure that individuals are not falsely identified as owing child support.” [Source]

US – Feds Get D+ on 2005 Cybersecurity

The federal government earned a barely passing grade in enacting meaningful improvements in cybersecurity during the past year, an industry group announced today. The Cyber Security Industry Alliance (CSIA) released its report card evaluating the federal government’s progress on 12 recommendations. Congress and the Bush administration received one B, four Cs, six Ds and an F - a 1.4 average on a 4.0 scale, or a D+. “Cybersecurity research is in a crisis,” said Paul Kurtz, CSIA’s executive director. “Information sharing is largely at a standstill. There continues to be a lack of priorities.” “It’s kind of old that we haven’t been making as much progress for as many years as we’ve been working on this,” said James Lewis, senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies. Lewis moderated a panel discussion of CSIA board members who commented on the report card. [Source] [Source]

US – Congress Reaches Deal to Extend Key Provisions of the USA Patriot Act

House and Senate leaders have reached a deal on the anti-terrorism law approved after Sept. 11. Under the deal, 14 of 16 provisions would become permanent. However, two controversial measures would expire in four years - one that would give the FBI broad authority to subpoena business records and another that would allow law enforcement investigators the power to tap any telephone used by a suspected terrorist. Opponents have argued that the law has eroded the privacy and civil liberties of Americans. [Source] [Criticism]

US – Coalition Wants to Delay Patriot Act Vote

An unusual bipartisan coalition wants to delay Friday’s scheduled vote to reauthorize the Patriot Act until privacy protections are improved, a report said. The coalition of lawmakers and activists urging the delay is the strongest to lobby Congress on any issue. Up to 41 senators are willing to block reauthorization of the bill that the Bush administration has said is vital to its war on terror, the Christian Science Monitor reported. Many lawmakers were stunned by reports the FBI has issued up to 30,000 “national security letters” under the Patriot Act. The letters order public and private entities to turn over people’s personal data and remain silent about it, which would be subject to judicial review under the revised bill that would extend 14 of the original 16 provisions. Sens. Larry Craig, R-Idaho, and Russell Feingold, D-Wis., threatened a filibuster if privacy concerns are not met. Senate and House negotiators said they have come up with a better, not perfect, Patriot Act with four-year rather than 10-year sunset provisions. [Source]

US – House Ready, Senate Balks on Patriot Act

The GOP-controlled House plans to quickly renew portions of the USA Patriot Act before they expire at the end of the year. Some Republicans say the nation’s safety could be endangered if the Senate doesn’t follow suit. The House on Wednesday was expected to pass a White House-backed bill that would renew more than a dozen provisions of the Act - the government’s premier anti-terrorism law - which are due to expire Dec. 31. But saving those provisions will be more difficult in the Republican-controlled Senate, where some GOP and Democratic senators are unsatisfied with the compromise bill, which was worked out last week between key Republicans in the House and Senate. [Source] [Source] [Source]

--------