US – Reports: Biometrics Can Be Useful In Databases Without Sacrificing Privacy

The National Biometric Security Project, a research and analysis organization, has issued reports that analyze the impact of biometrics on U.S. and international privacy laws. The first report, “United States Federal Laws Regarding Privacy and Personal Data and Applications to Biometrics,” was written for the Department of Homeland Security. The second study, “Report on International Data Privacy Laws and Application to the Use of Biometrics in the United States,” provides an assessment of privacy laws in Australia, Canada, Japan and New Zealand. The report also considers what role the U.S. could play in international cooperation. [Source]

US – U.S. Considering Fingerprinting European Visitors

Homeland Security officials are considering requiring European travelers to keep their fingerprints on file with the United States if they want to visit the country without a visa. The proposal is one of a series of measures being developed by the Homeland Security policy office in response to a growing fear that terrorism may originate in Western Europe rather than the Middle East. “We’re moving to an area where international travelers’ fingerprints are going to be part of their identifier,” said Stewart Baker, assistant secretary for policy in the US DHS. Baker, whose office develops long-term homeland security policies, said a decision is not imminent on the proposal to require Europeans to register their fingerprints. But he is considering it as a way to protect against terrorists with European backgrounds. [Source]

US – Minnesota to Use Biometrics on IDs

Minnesota soon will start using biometric face scans to prevent would-be crooks — and underage wannabe smokers and drinkers — from getting fake driver’s licenses from the state. Gov. Tim Pawlenty announced plans to add biometric facial recognition technology to driver’s licenses as part of a broader effort to protect consumers from identity theft and unauthorized use of personal data. That effort will include stiffer criminal penalties for hackers and others who abuse access to personal data on computers. Pawlenty says the new measure will guard personal data. [Source]

CA – Federal Privacy Commissioner Awards $148,850 for Research on Privacy Issues

The Privacy Commissioner of Canada, Jennifer Stoddart, announced that five organizations will be awarded a total of $148,850 through her Office’s Contributions Program for research into emerging privacy issues. Studies through the program will delve into the thriving data brokerage industry, the use of DNA samples, workplace surveillance, and compliance with and enforcement of the Personal Information Protection and Electronic Documents Act (PIPEDA). [Source] [Details] [Coverage]

CA – Privacy Commissioner Inquires into Privacy Allegations Involving Ottawa-Area MP

Several constituents have expressed concerns about whether Ottawa-area Tory MP Cheryl Gallant has used their personal information, submitted on a passport application, for political purposes. The Office of Privacy Commissioner Jennifer Stoddart is inquiring about a complaint of possible misuse of personal information after people received birthday cards from Gallant’s office. The MP’s spokeswoman says that MPs are not covered by the Privacy Act. The official’s campaign spokeswoman said constituents’ birth dates are not gleaned from passport applications and stored in a database. [Source] [Source]

CA – More Fret Over Edmonton Cop Database Usage

The number of people demanding to know whether city cops have run their names through criminal databases has shot through the roof. And one expert says that’s because of public suspicion of what cops are up to. “There’s evidence members of the (Edmonton Police Service) are accessing information without good reason,” said a University of Alberta civic affairs expert. [Source]

WW – Retailers Increasingly Ask for Personal Information

Retail businesses value their customers’ telephone numbers and frequently have sales clerks request them at the register. But privacy experts warn consumers to value their personal privacy by refusing to give their telephone numbers. Merchants say they do not sell the information to third parties, but instead use the data to target customers with special offers. Privacy advocates contend that it is difficult for consumers to ascertain what the company does with telephone numbers, especially if it is joined with other personal information. [Source] [Source]

CA – Edmonton Shop Owner Ready to Fight Computer Tracking System

A city pawnshop owner says he’s ready to fight for his customers’ privacy rights - even if the battle lands him in court. Kelly Buryniuk said he will defy a city bylaw that kicks in Jan. 1 forcing secondhand dealers to use a computer system that tracks detailed personal information on customers. Buryniuk said he’ll continue to keep detailed customer records and make them available to police. Pawnshops have been doing that for decades. Buryniuk said his concern is the new law requires secondhand dealers to electronically transfer that information to a company contracted by the city. The company, Saskatchewan-based Business Watch International, will process the data and send it to cops. Buryniuk said he’s concerned the customer files could get into the wrong hands, leading to problems such as identity theft. [Source]

US – Poll Shows Young Americans Possess ‘Healthy Attitude Toward Privacy’

A recent poll to gauge attitudes about revelations that President Bush had authorized secret spying on Americans shows that young adults between the ages of 18 and 29 disapprove of the once-secret electronic monitoring program. The poll, according to The Decatur Daily editorial, indicates that young adults want the government to “do the right thing, follow the law, and safeguard individual privacy.” [Source]

US – CNET News.com Investigation: U.S. Agencies Tracking Online Users

Government agencies and dozens of U.S. senators are using permanent cookies to track visitors’ online behavior despite a federal directive and public pledges not to do so, according to a CNET News.com investigation. Some agencies changed their practices after media inquiries. The investigation revealed that the expiration dates of the cookies detected ranged from 2006 to 2038. Many agencies seemed unaware that their Web sites were able to track users’ online activity. 66 politicians in the U.S. Senate and House of Representatives are setting permanent Web cookies even though at least 23 of them have promised not to use the online tracking technique. [Source] [Source] See also: NSA Removes Persistent Cookies That Can Track Users’ Web Activity: The National Security Agency has disabled cookies from its Web site after a privacy activist and the Associated Press raised concerns this week. The spy agency said the use of persistent cookies on its Web site resulted from a recent software upgrade. See also White House INvestigates Use of Web Tracking on Site.

US – ISP Receives $11.2 Billion Judgment Against Spammer

Yes, billion. A Midwest internet service provider was awarded an $11.2 billion judgment against a Florida man for sending millions of unsolicited e-mails advertising mortgage and debt consolidation services. The lawsuit, filed in 2003 by Iowa’s CIS Internet Services, also prompted earlier judgments against companies in Florida and Arizona worth more than $1 billion. [Source]

WW – Survey: EBay, PayPal Top List of Phishing Targets in 2005

According to year-end 2005 data from research firm Netcraft, eBay and PayPal were the top phishing targets representing 62% of attacks. [Source]

US – Online Public Records Stir Fears About Privacy and Safety

The balance between open government and the right to privacy is proving difficult for some public-sector officials who had not anticipated the complexities of providing online access to public records. Laws about posting personal information on the Internet vary from state to state. While public officials in Pennsylvania and Missouri complained first about safety concerns related to online access of their public records, the debate has expanded to include the privacy of all citizens. [Source]

US – Survey Results Show Companies Shun Encryption

The Ponemon Institute’s 2005 National Encryption Survey shows that only 4.2% of companies said their organizations have an encryption plan. While the U.S.-based study shows that many IT professionals view encryption as an important security tool, respondents cited concern about system performance, complexity and cost as the reasons for not encrypting sensitive or confidential information. PGP sponsored the survey. [Source]

UK – Privacy Commissioner Approves First Overseas Employee Data Transfer

In the first authorized transfer outside the European Economic Area, the UK’s information watchdog has given approval to General Electric to pass information to parts of the company’s overseas operation. The Data Protection Directive of 1995 largely restricts the data that European firms may transfer or store in countries that lack similar rules and enforcement procedures. The Information Commissioner has found that GE has the necessary procedures in force and offers an adequate level of protection for individuals’ rights throughout the multinational company. [Source]

JP – Voters Evenly Split on Impact of New Privacy Law

A survey of Japanese voters has found that nearly 60% of people surveyed are concerned that “overprotection” of their personal information could make pose an inconvenience while 61% of the 3,000 respondents said they fear their information could be exposed or misused. In April, the country’s Personal Information Protection Law took effect. [Source]

US – 6 Months After Deadline, Many e-Retailers Lag in Card Data Security

Six months after deadline for compliance, a large percentage of online merchants still haven’t complied with the data protection rules of MasterCard International, Visa U.S.A., American Express Co. and other major card brands, according to Protegrity Corp., a data security company. In a recent survey of 150 online retailers, 26% of merchants said they hadn’t started the compliance process for the Payment Card Industry Data Security Standard despite a June 1, 2005, deadline set by Visa. In addition, 19% said they were just beginning the compliance process and 30% said they were in the middle of the assessment process needed to verify compliance. Only 3% of the online retailers responding to the survey said they had passed both the assessment and external scan needed to verify compliance, while 19% said they failed the assessment and were taking steps to comply with the PCI standards. The PCI standards outline what steps online merchants must take to protect customers’ confidential data, including credit card account numbers. Retailers that fail to implement PCI could face up to a $500,000 fine or could be permanently barred from accepting credit cards. [Source]

UK – World’s Largest DNA Database Will Include One in 14 Britons

The Home Office has predicted that by April 2008 one in 14 people will be recorded on a Government DNA database. It is expected that there will be 4,250,000 DNA samples on the national database at the end of 2007-08, which amounts to roughly 7% of the population. In March 2005 the figure stood at just over three million people, or 5% of the population. The world’s second-largest DNA database is in Austria, but it covers just 1% of the population. The UK Government and police have invested over £300 million in the DNA Expansion Programme over 5 years. The law has also been changed so that samples can be kept from people who have been acquitted of any crime, or who have been arrested for a recordable offence but never charged. [Source] [Source] [DNA of 37% of black men held by police - Home Office denies racial bias] [Police hold DNA of 150,000 ‘innocents’] [Call for inquiry into DNA samples] [Coverage] [Expanding police DNA database sparks anger] [Huge rise in juvenile DNA samples kept by the police] [

CA – Health Researcher to Track Residents

A researcher at Dalhousie University plans to track Halifax residents in hopes of uncovering the secrets of healthy neighbourhoods. Daniel Rainham, a population health researcher, will outfit volunteers with Global Positioning System units to follow their daily movements. At the end of one week, Rainham will be able to generate a map to show the streets and addresses where that person has been and how they made use of roads, pathways and parks. “I’ll know exactly where you went. The only problem is I won’t know exactly what you did there,” he said. [Source]

US – President Bush to Push Medical Record Computerization

President Bush is readying a major push to computerize the nation’s medical records, including what is expected to be between $100 million and $200 million in funding for the program in the federal budget he will propose next month. [Source]

US – Michigan Leaders Collaborate on New Health Information Network

Michigan Gov. Jennifer M. Granholm has announced that a group of 300 healthcare and information technology experts will work to establish the Michigan Health Information Network. Eventually, the network would enable e-medical records to move with patients statewide, in an effort to improve quality of care. Protecting patient privacy will remain paramount in the effort, the participants said. [Source]

US – VISA Deals with Possible Security Breach

Visa USA acknowledged that a U.S. merchant “may have experienced a data security breach” that compromised credit card account information. [Source]

US – Marriot Loses Data on 200,000 Customers

Marriott International’s time-share division said that it is missing backup computer tapes containing credit card account information and the Social Security numbers of about 206,000 time-share owners and customers, as well as employees of the company. [Source] [Source]

US – H&R Block Error Exposes Consumer SSN Data

Some consumers may be dismayed to find their Social Security numbers printed on unsolicited packages from H&R Block, the result of a recent labelling blunder at the company. The packages, which H&R Block mailed in December, contained free copies of the company’s tax preparation software, TaxCut. By mistake, some of the packages also displayed recipients’ Social Security numbers, which were embedded in 47-digit tracking codes above mailing labels. [Source]

UK – Confusion Swirls Over Whether New UK Identity Cards Are Voluntary

A new government document suggests that local officials will be asked to check the Electoral Register to determine who has failed to register or keep their address information accurate after they move. The plan is causing some opponents to bristle because they expected that card registration would be voluntary. [Source] [No identity card? You could be fined £2,500] [A tax on being alive]

CA – Sony Hit With Canadian Rootkit Class Actions

Echoing the U.S. lawsuit, a $100-million class action was launched in Ottawa against Sony BMG Music (Canada) Inc. over allegations the company damaged Canadians’ computers with software designed to thwart online piracy. [Source]

WW – Sony Reaches Settlement of U.S. Rootkit Class Actions

A proposed settlement of lawsuits against Sony BMG Music Entertainment would let consumers receive free music downloads to compensate them for Sony including flawed software on millions of CDs. Lawyers said the deal requires the world’s second-largest music label to stop manufacturing compact discs with MediaMax software or with extended copy protection or XCP software that could leave computers vulnerable to hackers. [Source] [Source] [Source] [Michael Geist commentary] [Proposed settlement]

WW – ‘Fingerprinting’ to Unmask Anonymous Web surfers

Extract: “One could also use our techniques to help track laptops as they move, perhaps as part of a Carnivore-like project. A fingerprinter can use the information contained within the TCP headers to estimate a device’s clock skew and thereby fingerprint a physical device. ...Our techniques report consistent measurements when the measurer is thousands of miles, multiple hops, and tens of milliseconds away from the fingerprinted device, and when the fingerprinted device is connected to the Internet from different locations and via different access technologies.” [Source]

US – Posner Argues Electronic Surveillance Not Privacy Invasion

Judge Richard Posner has written an op-ed in which he argues that machine collection and processing of data cannot, as such, invade privacy. He states that because of their volume, the data are first sifted by computers, which search for names, addresses, phone numbers, etc., that may have intelligence value. Posner believes that this initial sifting, far from invading privacy, keeps most private data from being read by any intelligence officer. [Source] [Commentary: Judge Posner's Troubling Call for Massive Surveillance] [Commentary]

US – Anti-Offshoring Movement Builds

Pressure will continue for passage of bills at the state and national level to stop jobs from moving overseas. Forrester Research has estimated that 3.3 million U.S. jobs will be outsourced by 2015. In the first quarter of 2005, lawmakers introduced more than 112 bills in 40 states, according to the National Foundation for American Policy. The group determined that just a few of the bills have passed, with the majority stalled in committee or no longer under consideration. [Source]

WW – Companies Feeling the Effects of Spyware

IDC, a global provider of market intelligence, estimated that spyware problems represent 30% of all helpdesk calls. According to Webroot, about 87% of all computers scanned by the company had some type of spyware. Governments are stepping in with enforcement and legislation. [Source]

FR – French Parliament OKs Anti-Terror Measures

France’s parliament approved an anti-terrorism bill that will boost the use of video surveillance and allow police more time to question terror suspects. The bill, sponsored by law-and-order Interior Minister Nicolas Sarkozy, who has sought to assure lawmakers the measure would not violate civil liberties, as some fear. The law will allow mosques, department stores and other potential targets to install surveillance cameras, and it will stiffen prison terms for terrorists and those providing support. It also will enable police to monitor people who travel to countries known to harbor terror training camps, and to extend the detention period for terror suspects from 4 days to up to 6 days. [Source]

JP – Privacy Concerns Reduce Responses to Census

The number of people who refused to respond in the national census carried out in October for fear that their personal information could be misused increased compared with the census taken five years ago, according to a recent survey. [Source]

US – 2005 Was The Worst Year For Computer Security Breaches

At least 130 security breaches in 2005 exposed more than 55 million Americans to the risk of identity theft. Despite the record-setting number of breaches, ID theft bills remain stalled in Congress. [Source]

WW – Top 10 Privacy Stories of 2005 from the Electronic Privacy Information Center

§ PATRIOT Act Reauthorization Falls Short (temporary 3 month extension only)

§ Security Breaches on the Rise (more than 130 in 2005)

§ Defense Department Ignores Privacy Laws (Student recruitment database)

§ In Federal Court, a Good E-mail Privacy Decision (intercepting e-mails violates the Wiretap Act)

§ Privacy for Voters (guidelines for electronic voting, voter ID requirements struck down)

§ State Department Drops Hi-Tech Passport Plan (RFID = bullseye on US citizens)

§ NSA Domestic Spying Disclosed (lack of judicial review for eavesdropping)

§ Problems Remain with Travel Screening Plans (Problematic no-fly lists)

§ Credit Freeze Laws on the Rise (identity theft a result of creditors not verifying thieves identities)

§ Surveillance of Activists Revealed (increasing role of military in domestic policing and surveillance)

WW – EPIC’s Top Ten Privacy Issues to Watch in 2006

The USA PATRIOT Act is yet again up for renewal, biometric technologies are on the rise, and students are being used as the guinea pigs for the next generation of privacy-invading policies. Issues both new and familiar will be making their way into the privacy debate in 2006:

§ Nomination of Samuel Alito to the Supreme Court

§ Future of REAL ID Act

§ Expansion of US VISIT Program and collection and use of fingerprints

§ Workplace Privacy (surveillance)

§ Student Privacy (spychip IDs, marketing)

§ Location Tracking (vehicle, cell phone and mission creep)

§ New Revelations About Government Datamining (Son of TIA)

§ Wiretapping the Internet (expansion of CALEA, lawful access)

§ DNA Databases and Genetic Privacy Legislation

§ Data Broker Regulation (Congress likely to act)

WW – Pfizer Fights Fake Pills With RFID

Pfizer, the maker of Viagra, is now fighting back against counterfeit pills with technology. The company began on Dec. 15 to affix RFID tags to all U.S. shipments of Viagra in an effort detect counterfeit pills, 5 million of which were seized by authorities last year. [Source]

EU – German Privacy Hackers Develop RFID Zapper to Destroy Passive RFID tags

A group of German privacy hackers have come up with a portable device that can wipe a passive RFID-Tag permanently. While it is known that RFID tags could be wiped, it usually took some fairly cumbersome microwave gear to get the job done, and the result could damage whatever the tag was installed on. But, according to the group’s website, two developers have managed to make a functioning prototype and produce plans that everyone can use to build their own RFID-Zapper. [Source]

JP – RFID Tracking Chips for Japanese Students

Electronic giant Fujitsu collaborated with a suburban Tokyo private school Rikkyo Elementary to launch a trial where RFID tracking chips were attached to 40 students’ backpacks. [Source]

WW – Study: Data Loss, Network Vulnerabilities Top Security Issues

Phoenix Technologies conducted a survey of industry experts, analysts and technology and government leaders during its recent conference on the state of digital information security. The respondents said the “greatest concern” about endpoint security was unauthorized access to network data. Half of the respondents said endpoint security is very likely or likely to solve many of the current security problems. [Source]

US – Spy Agency Mined Vast Data Trove, Officials Report

The National Security Agency has traced and analyzed large volumes of telephone and Internet communications flowing into and out of the United States as part of the eavesdropping program that President Bush approved after the Sept. 11, 2001, attacks to hunt for evidence of terrorist activity, according to current and former government officials. The volume of information harvested from telecommunication data and voice networks, without court-approved warrants, is much larger than the White House has acknowledged, the officials said. It was collected by tapping directly into some of the American telecommunication system’s main arteries, they said. [Source] [CNN Report] [Coverage]

US – Judge Posner Argues Electronic Surveillance Not Privacy Invasion

Judge Richard Posner has written an op-ed in which he argues that machine collection and processing of data cannot, as such, invade privacy. He states that because of their volume, the data are first sifted by computers, which search for names, addresses, phone numbers, etc., that may have intelligence value. Posner believes that this initial sifting, far from invading privacy (a computer is not a sentient being), keeps most private data from being read by any intelligence officer. [Source] [Daniel Solove commentary: Judge Posner’s Troubling Call for Massive Surveillance] [Commentary]

US – 3 Judges On Special U.S. Spy Court Upset By Wiretaps

Three U.S. federal judges assigned to the Foreign Intelligence Surveillance Court are deeply upset by revelations that President George W. Bush authorized the National Security Agency to conduct secret communications wiretaps to thwart possible terrorist plots following the Sept. 11 attacks, CBS News reported Wednesday, citing sources. One of the 11 judges on the court, U.S. District Judge James Robertson, was reported by the Washington Post to have quit his job apparently in protest of Bush’s secret authorization of the domestic spying program. The Post said that Robertson’s resignation stemmed from concern that the espionage program Bush authorized was legally questionable and may have tainted the work of the court. [Source]

US – Illinois Governor Announces Phone Records Privacy Legislation

Gov. Rod R. Blagojevich has proposed legislation to crack down on the unauthorized release or sale of telephone records and other private information. The Electronic Privacy Information Center said if the bill passed, it would be the first of its kind in the nation. The legislation would prohibit brokers from selling or releasing private information, including account records, identifying information, personal data or the location of Illinois residents or businesses. The bill also would require telephone companies to maintain privacy measures and notify consumers of data breaches. The bill would provide for increased criminal penalties for “pretexting,” which includes hacking phone records and employee theft of telephone information. [Source]

US – U.S. Opening Some Private Mail in Terror Fight

U.S. officials are opening personal mail that arrives from abroad when they deem it necessary to protect the country from terrorism, a Customs and Border Protection spokeswoman said this week. News of the little-known practice follows revelations that the government approved eavesdropping on U.S. citizens without judicial oversight after the terrorist attacks of September 11, 2001, which sparked concern from civil liberties advocates and some lawmakers, who called for congressional hearings. [Source]

US – Americans Worry About Government Abuses Of Privacy

Dr. Larry Ponemon, founder and president of the Ponemon Institute, did a survey recently that found increasing concern about the government’s secret surveillance of Americans. While many Americans seem less fazed by commercial data breaches, Ponemon’s study suggests that Americans harbor serious concerns about government privacy issues. [Source]

US – Minnesota A-G Seeks Legislation to Ban Bulk Sale of Driver’s License Information

AG Mike Hatch announced that the Department of Public Safety has sold state driver’s license data to about 5,000 outside groups. Hatch is seeking legislation that would restrict the state from selling driver’s license data in bulk to commercial companies. Under Hatch’s plan, anyone who wants the information would have to pay $5 per name and also notify the driver of the data request. [Source]

US – CDC Passenger Database Hits Turbulence

The Centers for Disease Control’s (CDC) recent proposal to set up a new passenger database to track possible disease vectors and bioterrorism outbreaks may overlap with other databases, as well as raise privacy concerns, according to public comments submitted on the plan. The new database, which covers both airline and cruise ship passengers, will cost the travel industry $117 million to $425 million, according to a CDC regulatory impact analysis of the new program. Most of that expense, from $5 million to $316 million, will pay for data collection, while about $108 million will go to computer reprogramming costs for airlines, cruise ships and travel agencies, the CDC analysis said. [Source]

US – Data Security Movement Backburnered By Lawmakers

Once a hot-button item, data and identity theft protection has stalled in Congress, a Gartner research analyst said Thursday, pushed aside by bigger political fish, ranging from Iraq and Hurricane Katrina to domestic spying and Supreme Court nominees. Despite a year’s worth of highly publicized security breaches and a lot of talk in Congress this summer on ways to protect consumers, there’s been too little done to protect U.S. consumers’ data, said Gartner research director Avivah Litan. [Source]

US – New State Laws Seek to Halt Identity Theft

Multiple states enacted laws on January 1^st designed to help prevent identity theft. New and existing state laws require timely notification of information breaches to affected customers, and related legislation allows consumers to freeze their credit reports as a means of identity-theft prevention and protection. 12 states have credit-freeze legislation, which allows residents to block new creditors from accessing their credit reports and helps prevent identity thieves from opening spending accounts using a stolen name. Credit-freeze laws in Connecticut, Illinois and New Jersey were enacted Jan 1, while Maine’s will become effective Feb. 1 and Colorado’s July 1. [Source] [Source]

UK – Employees Have Right In Most Cases to View References

The UK Information Commissioner has found that the Data Protection Act, in most cases, allows workers to review information received from references. The commissioner has provided guidance on the issue following several inquiries from employers and employees. Employers may lawfully refuse an employee’s request to see a copy of some references under certain circumstances, according to the Information Commissioner. [Source] [Data Protection Good Practices Note]

US – Las Vegas Cocktail Waitresses Monitored For Beverage Service Using RFID

Harrah’s Entertainment has unveiled a pilot RFID program to monitor how long it takes waitresses to serve drinks to casino customers. Waitresses at the Rio’s All-Suites Hotel & Casino are carrying RFID tags that send signals to readers installed on tables and bars. The American Civil Liberties Union is not fond of the practice, but the Nevada chapter’s general counsel acknowledged that employees “don’t have a constitutional right to privacy in the workplace.”. [Source]