Privacy News Highlights
06–13 April 2007
Contents:
CA – Alberta to Probe Privacy
Breach in Survey
US – Consumers Value ID Theft Prevention
Over Financial Reimbursement: Study
UK – ID Theft Websites 'Take
Advantage of Fear'
EU – Dutch e-Citizen Charter Promotes
Citizen-Centered Government
US – Bush Under Fire Over '5
Million' Disappearing Emails
UK – UK Information Commissioner
Reappointed for Reduced Term
EU – Nominations for Big Brother
Award Italy 2007 Are Now Open
WW – Survey: Google Draws 64% of
Search Queries
EU – German Data Commissioner Warns
that US Could Access Bank Info
US – FBI Needs Six Years to Process
EFF FOIA Request
UK – FOI Restrictions Unnecessary,
Says Information Commissioner
EU – 15 Countries Call For EU
Sharing Of DNA Databases
US – States Consider Following New
Hampshire’s Lead to Prohibit Sale of Drug Data
India - Women Civil Servants Required
to Disclose Menstrual Cycles
US – Data on 2.9 Million Georgians
Goes Missing
UK – Millions to Rebel Over ID
Cards: UK Government Study
WW – Digitally Enhanced Passports a
Cybercrook’s Delight, Expert Says
UK – Experian Reports 69% Jump in ID
Theft
US – EFF Presents 16th
Internet Pioneer Awards
EU - Public Consultation: Safer
Internet and Online Technologies For Children
US – Ohio Police Test ID Scanner:
140 Wanted or Watch Lists
WW – UNESCO States Position on
Ethical Issues In The Information Society
US – Privacy Advocate Threatens to
Post Prominent Individuals' Data
NZ – Security, Privacy Concerns Slow
Adoption of the NZ Gov’t ID Scheme
US – More U.S. States Oppose Federal
Real ID Act
US – Court: Students Have Reasonable
Expectation of Privacy on University Networks
US – Motorists in Six States Sue
Imagitas Over Personal Info Use
US – North Dakota Becomes Second
State to Ban Forced RFID Implantation.
UK – Manchester Airport to Track
Travelers with RFID
EU – Boffins Working on RFID
Super-Shield for Consumers
US – The Security Breach Price Tag
Calculator
US – Survey: Cost of a Security
Breach Varies From $90 to $305 Per Lost Record
EU – EU Data Watchdog Blasts Plans
to Share Police Data Bases
US – New Spy Chief Seeks More Power
KR – Korean Opposition to
Surveillance Law Mounts
CA – Scientists to Use Satellites to
Test Ability to Track Movement of Ottawa Traffic
US – Telecoms Voice Opposition to
New FCC Phone Records Regulations
US – Solving the Phone Number Blues:
“One Number for Life”
US – Government Receives a C-Minus
on Information Security Efforts
US – Credit Freeze Legislation Dies
In Arizona
US – Washington Lawmakers Approve
Credit Freeze Legislation
The Alberta Privacy Commissioner is investigating a
health survey by a provincial government agency that shared information about
hospital patients who didn't give their consent, The Globe and Mail has
learned.Brian Strobel of Edmonton is applauding the move. He also has concerns
with the survey, approved by the Health Quality Council of Alberta, an
arm's-length body of the provincial government mandated to improve health
services. [Source]
Consumers are more concerned with getting identity
safeguards than financial loss reimbursement from online banks, a new study
suggests. The study also reveals that that 9 out of 10 web users are willing to
sacrifice convenience for stronger security protection for online accounts.
Authentify Inc. announced the results of a study on consumer attitudes and
preferences towards security for online financial services. The survey was
independently conducted by Javelin Strategy & Research. [Source]
Websites that charge for information that can
otherwise be found free through other sources may be playing on peoples fears
to get money the Trading
Standards Institute has said. The statement follows the launch of ID theft protect,
a website that claims to help stop people becoming victims of identity theft.
It also offers advice to those who have, for a subscription fee. Richard Webb,
leading officer of e-commerce at the Trading Standards Institute, said there
was no need for consumers to pay to access this information. "The fact
that people are willing to pay for something that can otherwise be found free
shows that these sites are probably taking advantage of peoples' fears, to make
money," he told Computeractive. [Source]
The Dutch e-Citizen Charter consists of 10 quality
requirements, deliberately written from the citizens’ perspective, for a new
relationship between citizen and government. The aim of the Dutch e-Government
policy is to improve information exchange, service delivery and interactive
participation by introducing a new partnership between citizen and government.
This is to be achieved by giving more responsibility and choice to citizens. As
far as the Dutch Cabinet is concerned, the required empowerment is being supported
by ICTs. Each requirement is formulated as a right of a citizen and a
corresponding duty of government. This is not to say that a citizen has no
duties. A citizen is not only a customer of services, but also a user of
provisions, a subject of law and a participant in policy-making. The charter allows
citizens to call their government to account for the quality of digital
services. [Source]
The White House has come under fire after losing a
reported 5 million official emails, including several relating to the
controversial firing of eight US attorneys. Democrat Patrick Leahy told the
Senate: “Like the famous 18-minute gap in the Nixon tapes, it appears that key
documentation has been erased. This sounds like the Administration’s version of
‘the dog ate my homework.’ You can't erase emails, not today.” The Democrats
have also launched an inquiry into whether the US government's reliance on
email is a deliberate ploy to avoid keeping records. [Source]
[Source] See also: [U.S.
Government Agencies Facing Records Management Rules Need Centralized Approach
for Compliance]
Information Commissioner Richard Thomas was
reappointed until June 2009. Appointed initially in November 2002, Thomas has
been reappointed to another term, but he has requested that his term last only
until his 60th birthday in June 2009, it was announced yesterday. The Information
Commissioner*s Office enforces the Freedom of Information Act and the Data
Protection Act. [Source]
[Thomas re-appointed for reduced
term as Information Commissioner]
The official start of the call for nominations for the
Italian Big Brother Award (BBA) 2007 began on 2 April 2007 and will last until
30 April. The award ceremony will take place in Florence (Italy) at the end of
May during the E-Privacy 2007 conference, where there will be some surprises.
The BBA procedures are simple: everybody - before 30 April - can send one or
more nominations for one or more of the categories of the award. A suitable
form is available online. People can also vote via e-mail and voting via
anonymous re-mailers is of course possible. [BBA 2007 Italy (only in Italian)] [E-Privacy 2007 conference (only in
Italian)] [Form for
nominations (only in Italian) ] [EDRI-gram: Big Brother
Awards Italy 2006 (24.05.2006) ]
Web search leader Google’s market share inched up to
64% of all queries among U.S. Internet searchers in March, gaining further
ground against Yahoo and Microsoft, a survey released on Wednesday by Hitwise
found. The number of search queries on Google rose to 64.1% in March, compared
with 63.9% in February and 58.3% a year ago, according to Hitwise, which bases
its report on the surfing habits of 10 million U.S. Web users. [Source]
[Source]
The German Federal Data Protection Commissioner Peter
Schaar has critically remarked that the creation of a Single Euro Payments Area
(SEPA) will mean that in future the SWIFT (Society for Worldwide Interbank
Financial Telecommunications) financial network will also handle all domestic transfers.
This would make it possible for secret services, including those of the United
States, ostensibly out to combat the funding of terrorist organizations, to
gain access to such transfer data. "If these data, as is planned, are
handled by SWIFT, it would mean that, unless the system is changed, these data
too will be available to the Americans for their investigations," Mr.
Schaar, talking to the regional German public broadcaster SWR, said by way of
summing up his misgivings about the developments. According to the data privacy
advocate such a practice would "scarcely be compatible with our notions of
sovereignty." [Source]
The oldest reported Freedom of Information Act request
in the federal government resides at the Justice Department and is 18 years old
– or, as the National Security Archive, a research group that tracks these
things, likes to say, "old enough to enlist in the Army and go to
Iraq." So perhaps it should be no surprise that the FBI has just told a
federal court that it will need until 2013 to process a request for information
from the Electronic Frontier Foundation. The group sued the Justice Department
last fall under FOIA for records that detail how the FBI protects privacy while
collecting hundreds of millions of personal records in its Investigative Data
Warehouse, a database used for counterterrorism purposes. The organization
wanted to know how errors in records are corrected and outdated files are
deleted, what privacy impact the system might have on U.S. residents, and the
results of any audits performed to ensure the data system is working properly –
that is, to find bad guys and not invade the privacy of innocent Americans. [Source]
[Visit
StopIllegalSpying.org]
The Government would not need to limit the scope of
the Freedom of Information (FOI) Act if public authorities used existing rules
properly, the Information Commissioner's Office (ICO) has said. The ICO is
opposing the Government's changes. The Government wants to limit the scope and
number of FOI enquiries by changing the cost structure currently in place. In
response to a consultation process the ICO said that the Government's stated
aims could be achieved under existing rules and that the proposed changes would
make the operation of the Act more difficult.
The response was lodged in February but has only just been published.
Since that time the Government has issued a further consultation in a move
widely seen as backtracking on some of its more controversial proposals. [Source]
Fifteen EU countries have proposed that a treaty
governing DNA data sharing signed outside of the structure of the European
Union should be adopted as EU policy. The EU's own planned framework on data
sharing has not yet been put in place. [Source] See also: [DNA database 'will span most of the UK
population']
Other states are closely watching the outcome of a
trial challenging New Hampshire’s law that bans the sale of doctors’
prescription-writing data. Data mining companies compile records on what
prescription drugs doctors prescribe – information that drug companies use to
better market their drugs to physicians. New Hampshire’s law was challenged in
federal court by the largest health data mining company, IMS Health, which
joined Verispan LLC, to fight the law’s constitutionality. The trial ended Feb.
5 and a decision is pending. Arizona, Illinois, Kansas, Maine, Massachusetts,
Nevada, New York, Rhode Island, Vermont, Washington, West Virginia and Texas
are considering similar bills. A federal bill died in committee last year. [Source]
[Maine Senate OKs bill
limiting drug sales tactics]
Women civil servants in India have expressed shock at
new appraisal rules which require them to reveal details of their menstrual
cycles. Under the new nationwide requirements, female officials also have to
say when they last sought maternity leave. Women civil servants say the
questions are a gross invasion of privacy. One told the BBC she was
"gobsmacked". Annual appraisals and health checks are mandatory in
India's civil service. The ministry was unavailable for comment. [Source] [Source] [Order
on women's intimate details nixed]
Georgia health officials said this week that a computer
disk containing the names, birth dates, and Social Security numbers of 2.9
million Medicaid and children’s health care recipients is missing. The state
said the security breach was reported by Affiliated Computer Services, a
private vendor with a contract to handle health care claims for the state. [Source] [Source]
[Source]
CA – Canadian ISP Loses Data On Hundreds of Subscribers: A Toronto resident found hundreds of Rogers
order forms – complete with names, addresses, phone numbers, driver’s licence numbers
and, in a few cases, what appear to be credit card and SIN numbers – tucked
behind a coffee shop and strewn across a parking lot. [Source] [New
Security Breach Renews Debate On Need For Mandatory Breach Notification]
US – Laptop Theft Exposes Teachers to ID Fraud Risk: About 40,000 Chicago Public Schools
employees are at risk of identity fraud after two laptops containing their
personal information were stolen last Friday. The computers were taken from the
CPS headquarters. The laptops belong to accounting firm McGladrey and Pullen
and its subcontractor, who were reviewing contributions to the Chicago Teacher
Pension Fund. [Source]
US – UCSF Breach May Have Led To Exposure Of
Information On 46,000 Staff, Students: The University of California at San Francisco has
notified faculty, staff and students affected by a possible security breach
involving a server located in Oakland. The university alerted the 46,000
individuals to watch for possible signs of identity theft related to the
possible release of names, SSNs and bank account numbers used for electronic
payroll. The university said that there is no evidence to suggest that data on
the server was accessed, but officials have been unable to rule it out. A Web
site and a hotline have been set up to help the affected individuals. [Source]
The government is predicting that some 15m people will
revolt against Tony Blair’s controversial ID card scheme by refusing to produce
the new cards or provide personal data on demand. The forecast is made in
documents released by the Home Office under the Freedom of Information Act. The
papers show ministers expect national protests similar to the poll tax
rebellions of the Thatcher era, with millions prepared to risk criminal
prosecution. Opposition MPs said the new documents proved their case that the
programme would never work. David Davis, the shadow home secretary, said: “This
will cripple the system. Fifteen million is a massive number. What the Home
Office is accepting in private, but refuses to accept in public, is that a
massive number of ordinary law-abiding citizens simply will not go along with
their scheme.” Davis, whose party’s policy is to scrap the cards, added: “This
will render it completely useless as a security or check mechanism of any
sort.” The documents, quietly released during parliament’s Easter break, also
show that the government is planning to make ID cards compulsory in 2014,
despite the expected revolt. [Source]
[One third of people will resist ID
checks, Government predicted]
New digitally enhanced passports might make your life
easier but they could also place your personal data in the hands of cybercrooks
or terrorists, according to a report issued today by international security
firm McAfee Inc. That’s because the passports -- some of which are already
being tested by the U.S. government -- contain radio-frequency identification
(RFID) tags that contain such information as the person’s name, date of birth,
photo and digital fingerprint, designed to be read on a screen by officials.
“You wave it in front of a scanner and it authenticates you,” McAfee spokesman
David Marcus said in an interview. “But what if I set up a fake scanner and I
query people as they’re walking by and I’m scanning at hip level where most
people keep their passports?” [Source]
[Source]
[McAfee:
Cyber-crime will continue to pay]
Identity thieves are showing more determination in
picking out victims, while the number of reported U.K. victims of identity
theft continues to rise, according to new data
released by credit-checking agency Experian this week. In the U.K., 2,124
people contacted the agency's helpline for victims of identity theft in the
second half of 2006, a 69% increase from the same period in 2005. About 45% of
those victims were alerted to a problem by a financial services company that
noticed unusual activity, Experian said. 41% found out through their credit
report. The rest found out either after a refusal of credit, a theft or through
notices they were being awarded credit they had not personally requested. Experian
said ID fraud has transitioned from small-time crooks digging in garbage bins
to sophisticated operations that are leveraging security weaknesses in Internet
applications to collect information on victims. [Source]
On
March 29, three Internet superheroes received awards, and one even got a cape.
EFF presented the 16th
annual Pioneer Awards to Bruce
Schneier, Yochai Benkler,
and Cory Doctorow
(in cape
at right, source:
Scott Beale/Laughing Squid and Wired). The event was kicked off by a rousing
debate between our own Fred von Lohmann and HDNet Chairman Mark Cuban
on YouTube and the future of copyright.
Then
check out Wired's
and Ars
Technica's recaps, photos by Scott
Beale and Quinn
Norton, and audio from the
YouTube debate as well as Cory's
and Bruce's
acceptance speeches. Kevin Marks has also posted
video from EFF's Birds-of-a-Feather session. [Source]
The European Commission has launched a public
consultation to identify the most effective ways of making the online
environment and communication technologies safe for users, in particular
children. The current Safer Internet plus programme will end in 2008 and the
Commission is conducting this consultation for creating a basis for deciding whether
to propose a follow-up programme from 2009 to 2013 and how best to address
issues relating to online technologies in the future. The deadline for
contributions is 07/06/2007. [Source]
A handheld device that can tell in a second whether a
person is on one of 140 wanted or watch lists is being hailed by police as a
crime-fighting breakthrough and flayed by civil libertarians as an intrusion on
the innocent. The sheriff's office in Clermont County, Ohio, is the first
civilian law enforcement agency in the nation to test the portable fugitive
finder. Police say Mobilisa Inc.'s m2500 Defense ID system shows promise of
saving them time and helping them fight crime. Critics say it intensifies
questions about privacy. The Port Townsend, Wash., wireless technology company
says its handheld electronic scanner can identify within a second whether
someone is a fugitive from justice, has a violent criminal past or is a
convicted sex offender. The scanner reads the magnetic strip or barcode on
state-issued ID cards, passports and driver's licenses. It uses the information
to determine whether a person shows up on wanted or watch lists, including ones
from the Drug Enforcement Agency and Immigration and Customs Enforcement. [Source]
UNESCO has published a
brochure entitled "Ethical
Implications of Emerging Technologies" dealing with the consequences
of the use of RFID chips, biometric identification systems, and location-based
services (LBSs). Written by lawyers from the US, the brochure was published as
part of the "NGO Geneva Net Dialogue" in which non-governmental
organizations stated their case after the UN World
Summit on Information Freedom and the Internet
Governance Forum. The results of the dialogue are to be included in the
WSIS Action Line C10 ''Ethical dimensions of the Information Society." The
authors say that these technologies offer an opportunity to further enforce
human rights if the technologies embedded in such general trends as the semantic
Web, mesh networks in underdeveloped areas, and grid computing are used in
compliance with ethical guidelines. However, the danger is that RFID,
biometrics, and ubiquitous computing in particular might also be used to
monitor people. If individuals can be identified and located at any time by
these means, people might shy away from standing up for their human rights at
demonstrations or otherwise exercising their freedom of expression. Therefore,
information ethics must ensure the right to privacy and anonymity. Among other
things, the authors say that a mature ethics of information includes free
access to public knowledge, such as in Wikipedia, and the storage of content in
open formats, such as the Open Document Format. [Source] See
also: [CoE
to address the impact of technical measures on human rights]
A privacy advocate threatened to publicly post on her
Web site the names of prominent individuals in Massachusetts whose SSNs and
other personal data she was able to pull from public records posted on the
commonwealth secretary of state's Web site. In addition, Betty "B.J."
Ostergren said detailed instructions will be provided on her site telling
others how to access the data from the site. Ostergren, a Virginia-based
privacy advocate, runs a Web site called The Virginia Watchdog, which she uses
to draw attention to – and put pressure on – county and state government
officials who post unredacted public records online. [Source]
See also: [Groups
call on Secretary of State to disable Web links to personal data]
A lack of trust both in government and internet
security has been identified as a barrier to the adoption of the Department of
Internal Affairs’ proposed Identity Verification Service (IVS). A report
commissioned by the department identifies concerns about the “growing intrusion
of government into people’s lives and the loss of privacy protections by
citizens (that is, ‘Big Brother’)”, as one of four barriers to adoption of a
planned voluntary token-based online verification system to be used to access
government services online. “Key in this domain is that the level of trust in
government varies across individuals and that this will act in various degrees
as a barrier to IVS uptake,” says the report, prepared by Gravitas Research and
Strategy. The report also identifies internet security concerns as a barrier,
saying people need to feel that “IVS is a secure process, particularly in
respect of the registration process, when identity is originally confirmed.”
Hewlett-Packard and Datacom have just won contracts to prepare detailed
costings for the development and operation of an IVS scheme. Department of
Internal Affairs communications advisor Tony Wallace says the report, delivered
in October, was prepared very early in the design phase of the project and is
largely based on even earlier high-level design. When it comes to security,
however, some potential users could be their own worst enemies. Alarmingly, the
report says that 10% of the adult population - or 14% of internet users - said
it was likely they would share their user information with another person.
“Focus groups revealed that people were most likely to share information with
their intimate partner, with this often reflecting the couple’s respective
tasks and responsibilities in the relationship,” the report says. [Source]
[Sleepwalking
into a surveillance society] See also: [We've
given away our privacy, a card's just the final blow] [Bangladesh
- Importance of national identity cards] [Religion
on Indonesian ID cards blamed for deaths]
In
the New Hampshire statehouse last week, legislators sent a message to federal
officials, voting 268 to 8 to bar the state from participating in the U.S. Real
ID program. The bill will now go to the state senate and then the governor, who
has already made his opinion clear. “I continue to have many concerns about
Real ID, including the cost, the impact on the privacy of our citizens and the
burden it will place on state government employees,” Gov. John Lynch said in a
statement. Legislators in four other states, Maine, Idaho, Washington and
Arkansas, have also voted to oppose the act. [Source]
[Washington,
New Hampshire, South Carolina Oppose Real ID] [Source] [REAL
ID Act hurts Michigan] [New
ACLU Video]
A federal court of appeals handed down a ruling in
connection with a warrantless search case that makes it clear that students
have a reasonable expectation of privacy for their personal computers and hard
drives. The case involved a University of Wisconsin-Madison student whose
computer hard drive was searched without a warrant by school administrators
after they learned that the student had gained unauthorized access to the
university’s main email servers. Despite the court’s ruling in favor of
students’ right to privacy, the court ruled the university administrator had
the right to conduct the search without a warrant under this case’s particular
circumstances. [Source] [Ruling:
double-edged sword for student privacy and search warrants] [Defining
Privacy - and Its Limits]
Motorists in six states are suing a company that sends
advertising in vehicle registration notices, saying it violates a federal law
that protects their personal information. Imagitas Inc., a Pitney Bowes
company, has contracts in all six states - Ohio, Massachusetts, Missouri,
Florida, Minnesota and New York - to insert advertisements before mailing
vehicle registration notices to millions of drivers. A total of nine
class-action lawsuits have been filed. "The class action attorneys are
essentially trying to kill the program so they can line their pockets at the
expense of the taxpayer," said Alfie Charles, vice president of
DriverSource at Imagitas. "This is one of those programs that makes sense
for everybody." [Source]
As expected, North Dakota has become the second state
in the U.S. to ban the forced implanting of radio frequency identification
(RFID) chips in people. The two-sentence bill, passed by the state legislature,
was signed into law by Gov. John Hoeven last Wednesday. Essentially, it forbids
anyone from compelling someone else to have an RFID chip injected into their
skin. The state follows in the steps of Wisconsin, which passed similar
legislation last year. [Source]
See also: [RFID
Implants: 5 Amazing Stories]
Manchester Airport, one of the UK’s largest, has just
wrapped a six-month passenger tracking trial. The airport used RFID tags to
track 50,000 passenger volunteers as they moved throughout the facility with
the goal of measuring and improving the efficiency of airport operations. When
the system is fully operational, boarding passes will be tagged at passenger
check-in. If a passenger brings a pre-printed boarding pass from home, it will
be tagged as the passenger passes through security. According to the airport’s
head of innovation, the aim is to understand how efficient the security
screening process is and how much time passengers spend after security before
boarding their planes. The airport was motivated to run the trial because of
the upheaval caused if a single passenger cannot be found. If a passenger
checks in but does not show up at the terminal, oftentimes the passenger’s
luggage is pulled from the plane’s hold, a time consuming and labor intensive
process. In the worst cases, it can result in the plane missing its turn to
take off, forcing it to go to the back of the line. The article cites an
instance of a missing passenger in London’s Heathrow causing a 90-minute delay
on a Frankfurt-bound flight. While improved efficiency is the primary objective
of the effort, there are also prospective security applications that the
airport is exploring. One is using RFID to detect unauthorized entry of a
person into prohibited areas of the airport. Another involves the automatic
detection of an inert tag, which might suggest that it has been dropped or
lost. If the RFID system is deemed a success, similar ones will be deployed at
other airports around the UK, including Heathrow. [Source]
See also: [TSA
Seeks Feedback on RFID Program]
A group of Dutch researchers at Vrije Universiteit in
Amsterdam is building RFID Guardian, a personal RFID firewall to allow
individuals to monitor and control access to RFID tags. The researchers
presented the latest results of the project to build the prototype at last
week’s Emerging Technology conference. The project aims to create a platform
that will handle all types of RFID chips and allows individuals to create their
own personalised security policies and enforce them using features already
built into the tags such as cryptography and kill commands along with newer
ones such as automatic key management. When it’s finished, RFID Guardian is
intended to be a portable, battery-operated device incorporating an RFID reader
that will tell users when new RFID tags appear (for example, when you buy a
tagged item), when they’re being read, and who owns them. The prototype so far
has focused on one subset of RFID, the 13.56 ISO 15693 tags that are typically
used in credit card and smart card applications. More detail is available from
the group’s paper here (PDF).
[Source]
See also: [Top
15 Weirdest, Funniest, and Scariest Uses of RFID]
A technology liability insurance company has unveiled
a free online calculator that allows companies to estimate the financial costs
associated with a security breach. Darwin Professional Underwriters Inc. of
Farmington, Conn., says the calculator, which uses proprietary algorithms,
allows companies to accurately capture its costs in three areas: customer
notification; internal investigation costs; and regulatory and compliance
expenses, according to this Computerworld article. [Source]
Forrester Research has just released a survey that
estimates the financial costs of a security breach. The survey results, which
indicate that the cost per lost record can be as high as $305, are based on
data provided by 28 companies that experienced security breaches. Senior
analyst Khalid Kark noted that breach coats have increased as public scrutiny
has intensified. Media coverage of breaches and the increase in regulations
have led to an escalation in breach-related costs, according to the analyst,
who was quoted in this InformationWeek article. [Source]
The EU's data protection watchdog this week criticized
EU plans to allow police cross-border access to national databases containing
fingerprints, DNA samples and license plate information to fight terrorism and
cross-border crime. A report
by the watchdog questioned whether there were adequate rules to protect
citizens under the data-exchange plan. The data-sharing pact, known as the
Pruem Treaty and adopted by seven nations in 2005, is expected to be adopted by
all 27 EU nations later this year. The treaty "should not be adopted"
into EU law, however, until the bloc's members agree on new rules to protect
personal data processed by police or justice officials in criminal matters, EU
data protection supervisor Peter Hustinx said in his report. He said he
regretted that the proposal - endorsed by EU justice and interior ministers in
February - did not specify which people would be included in shared DNA data
bases, and urged EU governments to assess how privacy could be better
protected. The plan's aim is to minimize the bureaucracy involved in data
exchange in cross-border police investigations. f adopted as EU legislation,
permission for such data exchanges would be automatic, with all involved EU
nations having direct access to one anothers' data bases. Currently, police in
the seven participating countries - Germany, Belgium, Spain France, Luxembourg,
the Netherlands and Austria - have direct access to one anothers' records on
DNA, fingerprints and traffic offenses. German Interior Minister Wolfgang
Schaeuble has led efforts to get EU governments to adopt the pact into EU
legislation. [Source]
[EDPS
Press Release] [EDPS
Opinion] SEE ALSO: [German
terrorism surveillance plans opposed] and [Europol Seeks
Broader Mandate Amid Growing Terror Threat] [German minister of the
interior sees threat of Big Brother state]
President Bush's spy chief is pushing to expand the
government's surveillance authority at the same time the administration is
under attack for stretching its domestic eavesdropping powers.National
Intelligence Director Mike McConnell has circulated a draft bill that would
expand the government's powers under the Foreign Intelligence Surveillance Act,
liberalizing how that law can be used. Known as "FISA," the 1978 law
was passed to allow surveillance in espionage and other foreign intelligence
investigations, but still allow federal judges on a secretive panel to ensure
protections for U.S. citizens – at home or abroad -- and other permanent U.S.
residents. The changes McConnell is seeking mostly affect a cloak-and-dagger
category of warrants used to investigate suspected spies, terrorists and other
national security threats. The surveillance could include planting listening
devices and hidden cameras, searching luggage and breaking into homes to make
copies of computer hard drives. McConnell, who took over the 16 U.S. spy
agencies and their 100,000 employees less than three months ago, is signaling a
more aggressive posture for his office and will lay out his broad priorities on
Wednesday as part of a 100-day plan. [Source]
See also: [RCMP
Demanding More Access to ISP Subscriber Data]
A Korean campaign against a revision of the so-called
“telecommunications privacy law” has been getting fiercer. Under the proposed
revision bill, it will be possible for the government to monitor mobile phone
conversations, e-mail, and Internet messenger services, and telecommunications
data and Internet use records will be stored by companies for at least a year.
[Source]
[Korea
Law revision will give authorities access to phone, Internet data for 1 year]
Canadian and German scientists hope to position two
satellites in orbit over Ottawa in an experiment to see if they can be used to
help urban planners break traffic gridlock. Canadian defence researchers
working with the Radarsat 2 and officials with the German space agency using
that country's TerraSAR-X plan to have both satellites over Ottawa at the same
time so images can be taken of the traffic flow in the entire city. [Source]
Industry representatives are speaking out against new
Federal Communications Commission phone privacy rules aimed at preventing
unauthorized release of telephone records. The rules require companies to
obtain a consumer’s permission before the companies share the telephone records
with third-party marketers or under a joint venture agreement. Telecom
representatives say the rules will impede competition and hurt smaller firms.
Consumer advocates are praising the rules for strengthening consumer
protections and preventing pretexting. [Source]
A Web company, GrandCentral, is developing a new
service system to unify all of your telephone numbers, from cell phone to the
Internet. The company’s motto, “One number for life,” pretty much says it all.
At GrandCentral.com, you choose a new, single, unified phone number. You hand
it out to everyone you know, asking them to delete all your old numbers from
their Rolodexes. From now on, whenever somebody dials your new uni-number, all
of your phones ring simultaneously. [Source]
The results of the 2006 Federal Information Security
Management Act (FISMA) reports was released yesterday. Rep. Tom Davis, ranking
member of the House Government Oversight and Reform Committee, gave the federal
government an overall grade of C-minus when it comes to safekeeping information
on government computer systems. "This grade indicates slow but steady
improvement from past years," said Davis, who had given the government a
grade of D-plus, D-plus and D the last three years. "Obviously, challenges
remain. While there are some excellent signs of progress in this year's report,
and that's encouraging, I remain concerned that large agencies like DOD and DHS
are still lagging in their compliance." Davis said he is exploring ways to
provide an incentive through the scorecard process to agencies that effectively
configure their systems with security in mind. For example, as agencies move to
Microsoft Vista, bonus points could be awarded to agencies that take certain
steps toward secure configurations. Leading information security professionals
applauded this announcement. [Source] [Source]
Despite Senate approval of a bill that would allow
Arizonans to freeze their credit, the bill has died in the House after it
failed to emerge from several committees. House Rules Committee Chairman Bob
Robson, R-Chandler, said his concern was that the bill might delay a consumer’s
ability to access his or her credit reports and hinder commercial transactions.
Arizona has the highest rate of identity theft complaints in the country,
according to the Federal Trade Commission. Credit freeze laws are on the books
in at least 25 other states, according to the National Conference of State
Legislatures. [Source]
Washington Attorney General Rob McKenna is praising a
recently approved credit freeze bill that allows consumers to reduce their risk
of identity theft while balancing their need to quickly “thaw” the credit
freeze for their own borrowing needs. The bill, which gives all Washington
residents the option of freezing unauthorized access to their credit reports,
was approved unanimously by the Legislature. The bill now heads to the desk of
Gov. Chris Gregoire. [Source]
--------