Privacy News Highlights

06–13 April 2007

 

Contents:

CA – Alberta to Probe Privacy Breach in Survey. 2

US – Consumers Value ID Theft Prevention Over Financial Reimbursement: Study. 2

UK – ID Theft Websites 'Take Advantage of Fear' 2

EU – Dutch e-Citizen Charter Promotes Citizen-Centered Government 2

US – Bush Under Fire Over '5 Million' Disappearing Emails. 2

UK – UK Information Commissioner Reappointed for Reduced Term.. 3

EU – Nominations for Big Brother Award Italy 2007 Are Now Open. 3

WW – Survey: Google Draws 64% of Search Queries. 3

EU – German Data Commissioner Warns that US Could Access Bank Info. 3

US – FBI Needs Six Years to Process EFF FOIA Request 3

UK – FOI Restrictions Unnecessary, Says Information Commissioner 4

EU – 15 Countries Call For EU Sharing Of DNA Databases. 4

US – States Consider Following New Hampshire’s Lead to Prohibit Sale of Drug Data. 4

India - Women Civil Servants Required to Disclose Menstrual Cycles. 4

US – Data on 2.9 Million Georgians Goes Missing. 4

UK – Millions to Rebel Over ID Cards: UK Government Study. 5

WW – Digitally Enhanced Passports a Cybercrook’s Delight, Expert Says. 5

UK – Experian Reports 69% Jump in ID Theft 6

US – EFF Presents 16th Internet Pioneer Awards. 6

EU - Public Consultation: Safer Internet and Online Technologies For Children. 6

US – Ohio Police Test ID Scanner: 140 Wanted or Watch Lists. 6

WW – UNESCO States Position on Ethical Issues In The Information Society. 6

US – Privacy Advocate Threatens to Post Prominent Individuals' Data. 7

NZ – Security, Privacy Concerns Slow Adoption of the NZ Gov’t ID Scheme. 7

US – More U.S. States Oppose Federal Real ID Act 8

US – Court: Students Have Reasonable Expectation of Privacy on University Networks. 8

US – Motorists in Six States Sue Imagitas Over Personal Info Use. 8

US – North Dakota Becomes Second State to Ban Forced RFID Implantation. 8

UK – Manchester Airport to Track Travelers with RFID.. 8

EU – Boffins Working on RFID Super-Shield for Consumers. 9

US – The Security Breach Price Tag Calculator 9

US – Survey: Cost of a Security Breach Varies From $90 to $305 Per Lost Record. 9

EU – EU Data Watchdog Blasts Plans to Share Police Data Bases. 9

US – New Spy Chief Seeks More Power 10

KR – Korean Opposition to Surveillance Law Mounts. 10

CA – Scientists to Use Satellites to Test Ability to Track Movement of Ottawa Traffic. 10

US – Telecoms Voice Opposition to New FCC Phone Records Regulations. 10

US – Solving the Phone Number Blues: “One Number for Life” 11

US – Government Receives a C-Minus on Information Security Efforts. 11

US – Credit Freeze Legislation Dies In Arizona. 11

US – Washington Lawmakers Approve Credit Freeze Legislation. 11

 


 

CA – Alberta to Probe Privacy Breach in Survey

The Alberta Privacy Commissioner is investigating a health survey by a provincial government agency that shared information about hospital patients who didn't give their consent, The Globe and Mail has learned.Brian Strobel of Edmonton is applauding the move. He also has concerns with the survey, approved by the Health Quality Council of Alberta, an arm's-length body of the provincial government mandated to improve health services. [Source]

 

US – Consumers Value ID Theft Prevention Over Financial Reimbursement: Study

Consumers are more concerned with getting identity safeguards than financial loss reimbursement from online banks, a new study suggests. The study also reveals that that 9 out of 10 web users are willing to sacrifice convenience for stronger security protection for online accounts. Authentify Inc. announced the results of a study on consumer attitudes and preferences towards security for online financial services. The survey was independently conducted by Javelin Strategy & Research. [Source]

 

UK – ID Theft Websites 'Take Advantage of Fear'

Websites that charge for information that can otherwise be found free through other sources may be playing on peoples fears to get money the Trading Standards Institute has said. The statement follows the launch of ID theft protect, a website that claims to help stop people becoming victims of identity theft. It also offers advice to those who have, for a subscription fee. Richard Webb, leading officer of e-commerce at the Trading Standards Institute, said there was no need for consumers to pay to access this information. "The fact that people are willing to pay for something that can otherwise be found free shows that these sites are probably taking advantage of peoples' fears, to make money," he told Computeractive. [Source]

 

EU – Dutch e-Citizen Charter Promotes Citizen-Centered Government

The Dutch e-Citizen Charter consists of 10 quality requirements, deliberately written from the citizens’ perspective, for a new relationship between citizen and government. The aim of the Dutch e-Government policy is to improve information exchange, service delivery and interactive participation by introducing a new partnership between citizen and government. This is to be achieved by giving more responsibility and choice to citizens. As far as the Dutch Cabinet is concerned, the required empowerment is being supported by ICTs. Each requirement is formulated as a right of a citizen and a corresponding duty of government. This is not to say that a citizen has no duties. A citizen is not only a customer of services, but also a user of provisions, a subject of law and a participant in policy-making. The charter allows citizens to call their government to account for the quality of digital services. [Source]

 

US – Bush Under Fire Over '5 Million' Disappearing Emails

The White House has come under fire after losing a reported 5 million official emails, including several relating to the controversial firing of eight US attorneys. Democrat Patrick Leahy told the Senate: “Like the famous 18-minute gap in the Nixon tapes, it appears that key documentation has been erased. This sounds like the Administration’s version of ‘the dog ate my homework.’ You can't erase emails, not today.” The Democrats have also launched an inquiry into whether the US government's reliance on email is a deliberate ploy to avoid keeping records. [Source] [Source]  See also: [U.S. Government Agencies Facing Records Management Rules Need Centralized Approach for Compliance]

 

UK – UK Information Commissioner Reappointed for Reduced Term

Information Commissioner Richard Thomas was reappointed until June 2009. Appointed initially in November 2002, Thomas has been reappointed to another term, but he has requested that his term last only until his 60th birthday in June 2009, it was announced yesterday. The Information Commissioner*s Office enforces the Freedom of Information Act and the Data Protection Act. [Source] [Thomas re-appointed for reduced term as Information Commissioner]

 

EU – Nominations for Big Brother Award Italy 2007 Are Now Open

The official start of the call for nominations for the Italian Big Brother Award (BBA) 2007 began on 2 April 2007 and will last until 30 April. The award ceremony will take place in Florence (Italy) at the end of May during the E-Privacy 2007 conference, where there will be some surprises. The BBA procedures are simple: everybody - before 30 April - can send one or more nominations for one or more of the categories of the award. A suitable form is available online. People can also vote via e-mail and voting via anonymous re-mailers is of course possible. [BBA 2007 Italy (only in Italian)] [E-Privacy 2007 conference (only in Italian)] [Form for nominations (only in Italian) ] [EDRI-gram: Big Brother Awards Italy 2006 (24.05.2006) ]

 

WW – Survey: Google Draws 64% of Search Queries

Web search leader Google’s market share inched up to 64% of all queries among U.S. Internet searchers in March, gaining further ground against Yahoo and Microsoft, a survey released on Wednesday by Hitwise found. The number of search queries on Google rose to 64.1% in March, compared with 63.9% in February and 58.3% a year ago, according to Hitwise, which bases its report on the surfing habits of 10 million U.S. Web users. [Source] [Source]

 

EU – German Data Commissioner Warns that US Could Access Bank Info

The German Federal Data Protection Commissioner Peter Schaar has critically remarked that the creation of a Single Euro Payments Area (SEPA) will mean that in future the SWIFT (Society for Worldwide Interbank Financial Telecommunications) financial network will also handle all domestic transfers. This would make it possible for secret services, including those of the United States, ostensibly out to combat the funding of terrorist organizations, to gain access to such transfer data. "If these data, as is planned, are handled by SWIFT, it would mean that, unless the system is changed, these data too will be available to the Americans for their investigations," Mr. Schaar, talking to the regional German public broadcaster SWR, said by way of summing up his misgivings about the developments. According to the data privacy advocate such a practice would "scarcely be compatible with our notions of sovereignty." [Source]

 

US – FBI Needs Six Years to Process EFF FOIA Request

The oldest reported Freedom of Information Act request in the federal government resides at the Justice Department and is 18 years old – or, as the National Security Archive, a research group that tracks these things, likes to say, "old enough to enlist in the Army and go to Iraq." So perhaps it should be no surprise that the FBI has just told a federal court that it will need until 2013 to process a request for information from the Electronic Frontier Foundation. The group sued the Justice Department last fall under FOIA for records that detail how the FBI protects privacy while collecting hundreds of millions of personal records in its Investigative Data Warehouse, a database used for counterterrorism purposes. The organization wanted to know how errors in records are corrected and outdated files are deleted, what privacy impact the system might have on U.S. residents, and the results of any audits performed to ensure the data system is working properly – that is, to find bad guys and not invade the privacy of innocent Americans. [Source] [Visit StopIllegalSpying.org]

 

UK – FOI Restrictions Unnecessary, Says Information Commissioner

The Government would not need to limit the scope of the Freedom of Information (FOI) Act if public authorities used existing rules properly, the Information Commissioner's Office (ICO) has said. The ICO is opposing the Government's changes. The Government wants to limit the scope and number of FOI enquiries by changing the cost structure currently in place. In response to a consultation process the ICO said that the Government's stated aims could be achieved under existing rules and that the proposed changes would make the operation of the Act more difficult.  The response was lodged in February but has only just been published. Since that time the Government has issued a further consultation in a move widely seen as backtracking on some of its more controversial proposals. [Source]

 

EU – 15 Countries Call For EU Sharing Of DNA Databases

Fifteen EU countries have proposed that a treaty governing DNA data sharing signed outside of the structure of the European Union should be adopted as EU policy. The EU's own planned framework on data sharing has not yet been put in place. [Source] See also: [DNA database 'will span most of the UK population']

 

US – States Consider Following New Hampshire’s Lead to Prohibit Sale of Drug Data

Other states are closely watching the outcome of a trial challenging New Hampshire’s law that bans the sale of doctors’ prescription-writing data. Data mining companies compile records on what prescription drugs doctors prescribe – information that drug companies use to better market their drugs to physicians. New Hampshire’s law was challenged in federal court by the largest health data mining company, IMS Health, which joined Verispan LLC, to fight the law’s constitutionality. The trial ended Feb. 5 and a decision is pending. Arizona, Illinois, Kansas, Maine, Massachusetts, Nevada, New York, Rhode Island, Vermont, Washington, West Virginia and Texas are considering similar bills. A federal bill died in committee last year. [Source] [Maine Senate OKs bill limiting drug sales tactics]

 

India - Women Civil Servants Required to Disclose Menstrual Cycles

Women civil servants in India have expressed shock at new appraisal rules which require them to reveal details of their menstrual cycles. Under the new nationwide requirements, female officials also have to say when they last sought maternity leave. Women civil servants say the questions are a gross invasion of privacy. One told the BBC she was "gobsmacked". Annual appraisals and health checks are mandatory in India's civil service. The ministry was unavailable for comment. [Source] [Source] [Order on women's intimate details nixed]

 

US – Data on 2.9 Million Georgians Goes Missing

Georgia health officials said this week that a computer disk containing the names, birth dates, and Social Security numbers of 2.9 million Medicaid and children’s health care recipients is missing. The state said the security breach was reported by Affiliated Computer Services, a private vendor with a contract to handle health care claims for the state. [Source] [Source] [Source]

 

CA – Canadian ISP Loses Data On Hundreds of Subscribers: A Toronto resident found hundreds of Rogers order forms – complete with names, addresses, phone numbers, driver’s licence numbers and, in a few cases, what appear to be credit card and SIN numbers – tucked behind a coffee shop and strewn across a parking lot. [Source] [New Security Breach Renews Debate On Need For Mandatory Breach Notification]

 

US – Laptop Theft Exposes Teachers to ID Fraud Risk: About 40,000 Chicago Public Schools employees are at risk of identity fraud after two laptops containing their personal information were stolen last Friday. The computers were taken from the CPS headquarters. The laptops belong to accounting firm McGladrey and Pullen and its subcontractor, who were reviewing contributions to the Chicago Teacher Pension Fund. [Source]

 

US – UCSF Breach May Have Led To Exposure Of Information On 46,000 Staff, Students: The University of California at San Francisco has notified faculty, staff and students affected by a possible security breach involving a server located in Oakland. The university alerted the 46,000 individuals to watch for possible signs of identity theft related to the possible release of names, SSNs and bank account numbers used for electronic payroll. The university said that there is no evidence to suggest that data on the server was accessed, but officials have been unable to rule it out. A Web site and a hotline have been set up to help the affected individuals. [Source]

 

UK – Millions to Rebel Over ID Cards: UK Government Study

The government is predicting that some 15m people will revolt against Tony Blair’s controversial ID card scheme by refusing to produce the new cards or provide personal data on demand. The forecast is made in documents released by the Home Office under the Freedom of Information Act. The papers show ministers expect national protests similar to the poll tax rebellions of the Thatcher era, with millions prepared to risk criminal prosecution. Opposition MPs said the new documents proved their case that the programme would never work. David Davis, the shadow home secretary, said: “This will cripple the system. Fifteen million is a massive number. What the Home Office is accepting in private, but refuses to accept in public, is that a massive number of ordinary law-abiding citizens simply will not go along with their scheme.” Davis, whose party’s policy is to scrap the cards, added: “This will render it completely useless as a security or check mechanism of any sort.” The documents, quietly released during parliament’s Easter break, also show that the government is planning to make ID cards compulsory in 2014, despite the expected revolt. [Source] [One third of people will resist ID checks, Government predicted]

 

WW – Digitally Enhanced Passports a Cybercrook’s Delight, Expert Says

New digitally enhanced passports might make your life easier but they could also place your personal data in the hands of cybercrooks or terrorists, according to a report issued today by international security firm McAfee Inc. That’s because the passports -- some of which are already being tested by the U.S. government -- contain radio-frequency identification (RFID) tags that contain such information as the person’s name, date of birth, photo and digital fingerprint, designed to be read on a screen by officials. “You wave it in front of a scanner and it authenticates you,” McAfee spokesman David Marcus said in an interview. “But what if I set up a fake scanner and I query people as they’re walking by and I’m scanning at hip level where most people keep their passports?” [Source] [Source] [McAfee: Cyber-crime will continue to pay]

 

UK – Experian Reports 69% Jump in ID Theft

Identity thieves are showing more determination in picking out victims, while the number of reported U.K. victims of identity theft continues to rise, according to new data released by credit-checking agency Experian this week. In the U.K., 2,124 people contacted the agency's helpline for victims of identity theft in the second half of 2006, a 69% increase from the same period in 2005. About 45% of those victims were alerted to a problem by a financial services company that noticed unusual activity, Experian said. 41% found out through their credit report. The rest found out either after a refusal of credit, a theft or through notices they were being awarded credit they had not personally requested. Experian said ID fraud has transitioned from small-time crooks digging in garbage bins to sophisticated operations that are leveraging security weaknesses in Internet applications to collect information on victims. [Source]

 

US – EFF Presents 16th Internet Pioneer Awards

On March 29, three Internet superheroes received awards, and one even got a cape. EFF presented the 16th annual Pioneer Awards to Bruce Schneier, Yochai Benkler, and Cory Doctorow (in cape at right, source: Scott Beale/Laughing Squid and Wired). The event was kicked off by a rousing debate between our own Fred von Lohmann and HDNet Chairman Mark Cuban on YouTube and the future of copyright.

Then check out Wired's and Ars Technica's recaps, photos by Scott Beale and Quinn Norton, and audio from the YouTube debate as well as Cory's and Bruce's acceptance speeches. Kevin Marks has also posted video from EFF's Birds-of-a-Feather session. [Source]

 

EU - Public Consultation: Safer Internet and Online Technologies For Children

The European Commission has launched a public consultation to identify the most effective ways of making the online environment and communication technologies safe for users, in particular children. The current Safer Internet plus programme will end in 2008 and the Commission is conducting this consultation for creating a basis for deciding whether to propose a follow-up programme from 2009 to 2013 and how best to address issues relating to online technologies in the future. The deadline for contributions is 07/06/2007. [Source]

 

US – Ohio Police Test ID Scanner: 140 Wanted or Watch Lists

A handheld device that can tell in a second whether a person is on one of 140 wanted or watch lists is being hailed by police as a crime-fighting breakthrough and flayed by civil libertarians as an intrusion on the innocent. The sheriff's office in Clermont County, Ohio, is the first civilian law enforcement agency in the nation to test the portable fugitive finder. Police say Mobilisa Inc.'s m2500 Defense ID system shows promise of saving them time and helping them fight crime. Critics say it intensifies questions about privacy. The Port Townsend, Wash., wireless technology company says its handheld electronic scanner can identify within a second whether someone is a fugitive from justice, has a violent criminal past or is a convicted sex offender. The scanner reads the magnetic strip or barcode on state-issued ID cards, passports and driver's licenses. It uses the information to determine whether a person shows up on wanted or watch lists, including ones from the Drug Enforcement Agency and Immigration and Customs Enforcement. [Source]

 

WW – UNESCO States Position on Ethical Issues In The Information Society

UNESCO has published a brochure entitled "Ethical Implications of Emerging Technologies" dealing with the consequences of the use of RFID chips, biometric identification systems, and location-based services (LBSs). Written by lawyers from the US, the brochure was published as part of the "NGO Geneva Net Dialogue" in which non-governmental organizations stated their case after the UN World Summit on Information Freedom and the Internet Governance Forum. The results of the dialogue are to be included in the WSIS Action Line C10 ''Ethical dimensions of the Information Society." The authors say that these technologies offer an opportunity to further enforce human rights if the technologies embedded in such general trends as the semantic Web, mesh networks in underdeveloped areas, and grid computing are used in compliance with ethical guidelines. However, the danger is that RFID, biometrics, and ubiquitous computing in particular might also be used to monitor people. If individuals can be identified and located at any time by these means, people might shy away from standing up for their human rights at demonstrations or otherwise exercising their freedom of expression. Therefore, information ethics must ensure the right to privacy and anonymity. Among other things, the authors say that a mature ethics of information includes free access to public knowledge, such as in Wikipedia, and the storage of content in open formats, such as the Open Document Format. [Source] See also: [CoE to address the impact of technical measures on human rights]

 

US – Privacy Advocate Threatens to Post Prominent Individuals' Data

A privacy advocate threatened to publicly post on her Web site the names of prominent individuals in Massachusetts whose SSNs and other personal data she was able to pull from public records posted on the commonwealth secretary of state's Web site. In addition, Betty "B.J." Ostergren said detailed instructions will be provided on her site telling others how to access the data from the site. Ostergren, a Virginia-based privacy advocate, runs a Web site called The Virginia Watchdog, which she uses to draw attention to – and put pressure on – county and state government officials who post unredacted public records online. [Source] See also: [Groups call on Secretary of State to disable Web links to personal data]

 

NZ – Security, Privacy Concerns Slow Adoption of the NZ Gov’t ID Scheme

A lack of trust both in government and internet security has been identified as a barrier to the adoption of the Department of Internal Affairs’ proposed Identity Verification Service (IVS). A report commissioned by the department identifies concerns about the “growing intrusion of government into people’s lives and the loss of privacy protections by citizens (that is, ‘Big Brother’)”, as one of four barriers to adoption of a planned voluntary token-based online verification system to be used to access government services online. “Key in this domain is that the level of trust in government varies across individuals and that this will act in various degrees as a barrier to IVS uptake,” says the report, prepared by Gravitas Research and Strategy. The report also identifies internet security concerns as a barrier, saying people need to feel that “IVS is a secure process, particularly in respect of the registration process, when identity is originally confirmed.” Hewlett-Packard and Datacom have just won contracts to prepare detailed costings for the development and operation of an IVS scheme. Department of Internal Affairs communications advisor Tony Wallace says the report, delivered in October, was prepared very early in the design phase of the project and is largely based on even earlier high-level design. When it comes to security, however, some potential users could be their own worst enemies. Alarmingly, the report says that 10% of the adult population - or 14% of internet users - said it was likely they would share their user information with another person. “Focus groups revealed that people were most likely to share information with their intimate partner, with this often reflecting the couple’s respective tasks and responsibilities in the relationship,” the report says. [Source] [Sleepwalking into a surveillance society] See also: [We've given away our privacy, a card's just the final blow]  [Bangladesh - Importance of national identity cards] [Religion on Indonesian ID cards blamed for deaths]

 

US – More U.S. States Oppose Federal Real ID Act

In the New Hampshire statehouse last week, legislators sent a message to federal officials, voting 268 to 8 to bar the state from participating in the U.S. Real ID program. The bill will now go to the state senate and then the governor, who has already made his opinion clear. “I continue to have many concerns about Real ID, including the cost, the impact on the privacy of our citizens and the burden it will place on state government employees,” Gov. John Lynch said in a statement. Legislators in four other states, Maine, Idaho, Washington and Arkansas, have also voted to oppose the act. [Source] [Washington, New Hampshire, South Carolina Oppose Real ID] [Source] [REAL ID Act hurts Michigan] [New ACLU Video]

 

US – Court: Students Have Reasonable Expectation of Privacy on University Networks

A federal court of appeals handed down a ruling in connection with a warrantless search case that makes it clear that students have a reasonable expectation of privacy for their personal computers and hard drives. The case involved a University of Wisconsin-Madison student whose computer hard drive was searched without a warrant by school administrators after they learned that the student had gained unauthorized access to the university’s main email servers. Despite the court’s ruling in favor of students’ right to privacy, the court ruled the university administrator had the right to conduct the search without a warrant under this case’s particular circumstances. [Source] [Ruling: double-edged sword for student privacy and search warrants] [Defining Privacy - and Its Limits]

 

US – Motorists in Six States Sue Imagitas Over Personal Info Use

Motorists in six states are suing a company that sends advertising in vehicle registration notices, saying it violates a federal law that protects their personal information. Imagitas Inc., a Pitney Bowes company, has contracts in all six states - Ohio, Massachusetts, Missouri, Florida, Minnesota and New York - to insert advertisements before mailing vehicle registration notices to millions of drivers. A total of nine class-action lawsuits have been filed. "The class action attorneys are essentially trying to kill the program so they can line their pockets at the expense of the taxpayer," said Alfie Charles, vice president of DriverSource at Imagitas. "This is one of those programs that makes sense for everybody." [Source]

 

US – North Dakota Becomes Second State to Ban Forced RFID Implantation

As expected, North Dakota has become the second state in the U.S. to ban the forced implanting of radio frequency identification (RFID) chips in people. The two-sentence bill, passed by the state legislature, was signed into law by Gov. John Hoeven last Wednesday. Essentially, it forbids anyone from compelling someone else to have an RFID chip injected into their skin. The state follows in the steps of Wisconsin, which passed similar legislation last year. [Source] See also: [RFID Implants: 5 Amazing Stories]

 

UK – Manchester Airport to Track Travelers with RFID

Manchester Airport, one of the UK’s largest, has just wrapped a six-month passenger tracking trial. The airport used RFID tags to track 50,000 passenger volunteers as they moved throughout the facility with the goal of measuring and improving the efficiency of airport operations. When the system is fully operational, boarding passes will be tagged at passenger check-in. If a passenger brings a pre-printed boarding pass from home, it will be tagged as the passenger passes through security. According to the airport’s head of innovation, the aim is to understand how efficient the security screening process is and how much time passengers spend after security before boarding their planes. The airport was motivated to run the trial because of the upheaval caused if a single passenger cannot be found. If a passenger checks in but does not show up at the terminal, oftentimes the passenger’s luggage is pulled from the plane’s hold, a time consuming and labor intensive process. In the worst cases, it can result in the plane missing its turn to take off, forcing it to go to the back of the line. The article cites an instance of a missing passenger in London’s Heathrow causing a 90-minute delay on a Frankfurt-bound flight. While improved efficiency is the primary objective of the effort, there are also prospective security applications that the airport is exploring. One is using RFID to detect unauthorized entry of a person into prohibited areas of the airport. Another involves the automatic detection of an inert tag, which might suggest that it has been dropped or lost. If the RFID system is deemed a success, similar ones will be deployed at other airports around the UK, including Heathrow. [Source] See also: [TSA Seeks Feedback on RFID Program]

 

EU – Boffins Working on RFID Super-Shield for Consumers

A group of Dutch researchers at Vrije Universiteit in Amsterdam is building RFID Guardian, a personal RFID firewall to allow individuals to monitor and control access to RFID tags. The researchers presented the latest results of the project to build the prototype at last week’s Emerging Technology conference. The project aims to create a platform that will handle all types of RFID chips and allows individuals to create their own personalised security policies and enforce them using features already built into the tags such as cryptography and kill commands along with newer ones such as automatic key management. When it’s finished, RFID Guardian is intended to be a portable, battery-operated device incorporating an RFID reader that will tell users when new RFID tags appear (for example, when you buy a tagged item), when they’re being read, and who owns them. The prototype so far has focused on one subset of RFID, the 13.56 ISO 15693 tags that are typically used in credit card and smart card applications. More detail is available from the group’s paper here (PDF). [Source] See also: [Top 15 Weirdest, Funniest, and Scariest Uses of RFID]

 

US – The Security Breach Price Tag Calculator

A technology liability insurance company has unveiled a free online calculator that allows companies to estimate the financial costs associated with a security breach. Darwin Professional Underwriters Inc. of Farmington, Conn., says the calculator, which uses proprietary algorithms, allows companies to accurately capture its costs in three areas: customer notification; internal investigation costs; and regulatory and compliance expenses, according to this Computerworld article. [Source]

 

US – Survey: Cost of a Security Breach Varies From $90 to $305 Per Lost Record

Forrester Research has just released a survey that estimates the financial costs of a security breach. The survey results, which indicate that the cost per lost record can be as high as $305, are based on data provided by 28 companies that experienced security breaches. Senior analyst Khalid Kark noted that breach coats have increased as public scrutiny has intensified. Media coverage of breaches and the increase in regulations have led to an escalation in breach-related costs, according to the analyst, who was quoted in this InformationWeek article. [Source]

 

EU – EU Data Watchdog Blasts Plans to Share Police Data Bases

The EU's data protection watchdog this week criticized EU plans to allow police cross-border access to national databases containing fingerprints, DNA samples and license plate information to fight terrorism and cross-border crime. A report by the watchdog questioned whether there were adequate rules to protect citizens under the data-exchange plan. The data-sharing pact, known as the Pruem Treaty and adopted by seven nations in 2005, is expected to be adopted by all 27 EU nations later this year. The treaty "should not be adopted" into EU law, however, until the bloc's members agree on new rules to protect personal data processed by police or justice officials in criminal matters, EU data protection supervisor Peter Hustinx said in his report. He said he regretted that the proposal - endorsed by EU justice and interior ministers in February - did not specify which people would be included in shared DNA data bases, and urged EU governments to assess how privacy could be better protected. The plan's aim is to minimize the bureaucracy involved in data exchange in cross-border police investigations. f adopted as EU legislation, permission for such data exchanges would be automatic, with all involved EU nations having direct access to one anothers' data bases. Currently, police in the seven participating countries - Germany, Belgium, Spain France, Luxembourg, the Netherlands and Austria - have direct access to one anothers' records on DNA, fingerprints and traffic offenses. German Interior Minister Wolfgang Schaeuble has led efforts to get EU governments to adopt the pact into EU legislation. [Source] [EDPS Press Release] [EDPS Opinion] SEE ALSO: [German terrorism surveillance plans opposed] and [Europol Seeks Broader Mandate Amid Growing Terror Threat] [German minister of the interior sees threat of Big Brother state]

 

US – New Spy Chief Seeks More Power

President Bush's spy chief is pushing to expand the government's surveillance authority at the same time the administration is under attack for stretching its domestic eavesdropping powers.National Intelligence Director Mike McConnell has circulated a draft bill that would expand the government's powers under the Foreign Intelligence Surveillance Act, liberalizing how that law can be used. Known as "FISA," the 1978 law was passed to allow surveillance in espionage and other foreign intelligence investigations, but still allow federal judges on a secretive panel to ensure protections for U.S. citizens – at home or abroad -- and other permanent U.S. residents. The changes McConnell is seeking mostly affect a cloak-and-dagger category of warrants used to investigate suspected spies, terrorists and other national security threats. The surveillance could include planting listening devices and hidden cameras, searching luggage and breaking into homes to make copies of computer hard drives. McConnell, who took over the 16 U.S. spy agencies and their 100,000 employees less than three months ago, is signaling a more aggressive posture for his office and will lay out his broad priorities on Wednesday as part of a 100-day plan. [Source] See also: [RCMP Demanding More Access to ISP Subscriber Data]

 

KR – Korean Opposition to Surveillance Law Mounts

A Korean campaign against a revision of the so-called “telecommunications privacy law” has been getting fiercer. Under the proposed revision bill, it will be possible for the government to monitor mobile phone conversations, e-mail, and Internet messenger services, and telecommunications data and Internet use records will be stored by companies for at least a year. [Source] [Korea Law revision will give authorities access to phone, Internet data for 1 year]

 

CA – Scientists to Use Satellites to Test Ability to Track Movement of Ottawa Traffic

Canadian and German scientists hope to position two satellites in orbit over Ottawa in an experiment to see if they can be used to help urban planners break traffic gridlock. Canadian defence researchers working with the Radarsat 2 and officials with the German space agency using that country's TerraSAR-X plan to have both satellites over Ottawa at the same time so images can be taken of the traffic flow in the entire city. [Source]

 

US – Telecoms Voice Opposition to New FCC Phone Records Regulations

Industry representatives are speaking out against new Federal Communications Commission phone privacy rules aimed at preventing unauthorized release of telephone records. The rules require companies to obtain a consumer’s permission before the companies share the telephone records with third-party marketers or under a joint venture agreement. Telecom representatives say the rules will impede competition and hurt smaller firms. Consumer advocates are praising the rules for strengthening consumer protections and preventing pretexting. [Source]

 

US – Solving the Phone Number Blues: “One Number for Life”

A Web company, GrandCentral, is developing a new service system to unify all of your telephone numbers, from cell phone to the Internet. The company’s motto, “One number for life,” pretty much says it all. At GrandCentral.com, you choose a new, single, unified phone number. You hand it out to everyone you know, asking them to delete all your old numbers from their Rolodexes. From now on, whenever somebody dials your new uni-number, all of your phones ring simultaneously. [Source]

 

US – Government Receives a C-Minus on Information Security Efforts

The results of the 2006 Federal Information Security Management Act (FISMA) reports was released yesterday. Rep. Tom Davis, ranking member of the House Government Oversight and Reform Committee, gave the federal government an overall grade of C-minus when it comes to safekeeping information on government computer systems. "This grade indicates slow but steady improvement from past years," said Davis, who had given the government a grade of D-plus, D-plus and D the last three years. "Obviously, challenges remain. While there are some excellent signs of progress in this year's report, and that's encouraging, I remain concerned that large agencies like DOD and DHS are still lagging in their compliance." Davis said he is exploring ways to provide an incentive through the scorecard process to agencies that effectively configure their systems with security in mind. For example, as agencies move to Microsoft Vista, bonus points could be awarded to agencies that take certain steps toward secure configurations. Leading information security professionals applauded this announcement. [Source] [Source]

 

US – Credit Freeze Legislation Dies In Arizona

Despite Senate approval of a bill that would allow Arizonans to freeze their credit, the bill has died in the House after it failed to emerge from several committees. House Rules Committee Chairman Bob Robson, R-Chandler, said his concern was that the bill might delay a consumer’s ability to access his or her credit reports and hinder commercial transactions. Arizona has the highest rate of identity theft complaints in the country, according to the Federal Trade Commission. Credit freeze laws are on the books in at least 25 other states, according to the National Conference of State Legislatures. [Source]

 

US – Washington Lawmakers Approve Credit Freeze Legislation

Washington Attorney General Rob McKenna is praising a recently approved credit freeze bill that allows consumers to reduce their risk of identity theft while balancing their need to quickly “thaw” the credit freeze for their own borrowing needs. The bill, which gives all Washington residents the option of freezing unauthorized access to their credit reports, was approved unanimously by the Legislature. The bill now heads to the desk of Gov. Chris Gregoire. [Source]

 

 

--------