Privacy News Highlights

15–21 March 2010



US – Senators Push Obama for Biometric National ID Card. 3

US – N.H. Lawmakers Reject Broad Restrictions on Biometrics. 3

SA – Bank Biometric System Raising Security Concerns. 3

WW – Lie Detector to Fight Smugglers and Terrorists. 3

CA – Privacy Act Invoked to Protect NSERC Research Fraudsters. 3

US – Harbour: Consumer Privacy Cannot Be Run in Beta. 4

WW – IBM, Insurer Develop ‘eHarmony for the Call Center’ 4

UK – New Code of Practice Restricts Data Collection. 4

UK – Brown to Put All Britons Online. 5

EU – Art. 29 Working Party Defines Terms. 5

EU – EC Decision on Standard Contractual Clauses for the Transfer of Personal Data. 5

UK – ICO Announces Consultation on the Assessment Notices Code of Practice. 5

US – Data Breaches Are Heaviest at Hotels: Study. 6

US – 18- to 24-Year-Olds Most at Risk for ID Theft, Survey Finds. 6

UK – Lords Approve Controversial Digital Economy Bill 6

EU – Reding Assures Parliament on Bank Transfer Conditions. 6

CH – Swiss People Want Secrecy Laws Upheld. 7

CA – House of Commons Sent T4s to Wrong Homes. 7

US – Protecting Agencies from Oversight, Obama Threatens to Veto Intelligence Funding. 7

US – Municipalities Use Internet to Share Information. 7

US – Secret Document Calls Wikileaks ‘Threat’ to U.S. Army. 8

US – Obama Supports Mandatory DNA Sampling of Americans Upon Arrest 8

AU – Heath Identifier Function Creep Threatens Data Privacy Says Coalition. 8

CA – Malware Found on Calgary Medical Clinic Computer 9

NZ – Conficker Infection at New Zealand Hospital Traced to USB Drive. 9

EU – Educational Web Game by Nestlé Sparks Privacy Concerns. 9

UK – House of Lords Pass Controversial Internet Piracy Bill 9

CA – Copyright Conviction Raises Privacy Concerns. 9

WW – Spammers Go After Facebook Users. 10

WW – MySpace Selling User Data. 10

US – FBI Embraces Facebook, MySpace to go Undercover 10

US – Facebook Settles $9.5 Million Suit on Beacon Privacy Complaint 10

WW – Privacy Concerns Hinder ‘Real-Time Web’ Creation, Developers Say. 11

CA – High Court Quashes Child Porn Conviction. 11

CA – Former North Vancouver Cop Sues RCMP. 11

GH – Data Protection Law Coming. 11

UK – 25% of UK Schoolchildren Admit to Accessing Others’ Online Accounts. 12

US – Microsoft’s Boyd Questions Future of Online Privacy. 12

US – Firms Merging Offline, Online Data to Improve Ad Targeting. 12

JP – Japan: Internet Posts Held To Libel Standards. 12

US – Dems to Obama: Stop Dithering - Move on P&CL Board NOW! 13

US – EPIC Recommends that Congress Suspend Body Scanning Program.. 13

US – Principal May Have Violated Student Privacy Law.. 13

US – IAPP Explores the Future of the Privacy Profession. 13

CA – Toronto Firm Brings Direct Mail Marketing Online With Unique Privacy Service. 14

CA – Avatars to Debate Autonomy. 14

US – Nano-Based RFID Tags Could Replace Bar Codes. 14

WW – RFID News Roundup. 14

US – Former Employee Disables 100+ Cars Via Computer 15

UK – Study: School Children Monitored ‘As Closely As Inmates’ by CCTV.. 15

WW – Blog Mining: Scouring blogs for useful information. 16

EU – Software: Running Commentary for Smarter Surveillance?. 16

US – Instant Ads Set the Pace on the Web. 16

US – FCC Broadband Plan Focuses on Privacy, Competition. 16

CA – CRTC Telecom Notice of Consultation CRTC 2010-130. 17

NZ – ‘Do Not Call Register’ for NZ Mooted. 17

US – F.B.I. Faces New Setback in Computer Overhaul 17

US – Many Choosing to Pay $100 Fine, Not Answer ‘Intrusive’ Census Questions. 17

US – Revised Cyber Security Bill Mandates Public-Private Collaboration. 18

CA – Marine Security Trumps Privacy as Union Loses Legal Bid Against Screening. 18





US – Senators Push Obama for Biometric National ID Card

Two U.S. senators met with President Obama last week to push for a national ID card with biometric information such as a fingerprint, hand scan, or iris scan that all employers would be required to verify. In an opinion article published in the Washington Post, Chuck Schumer (D-N.Y.) and Lindsey Graham (R-S.C.) say the new identification cards will “ensure that illegal workers cannot get jobs” and “dramatically decrease illegal immigration.” Schumer and Graham pitched the idea to President Obama during a private meeting at the White House. Graham said afterward that Obama “welcomed” their proposal for a new ID card law; the White House said in a statement that the senators’ plan was “promising.” [Source] [Immigration Reform Must Respect Civil Liberties, Says ACLU] [CATO: Schumer and Graham on Immigration Reform: Why Not Do it Without the Biometric National ID?] [Obama apparently pledges support for biometric national ID card: Washington Post]


US – N.H. Lawmakers Reject Broad Restrictions on Biometrics

Following an education and advocacy push by Security Industry Association (SIA), New Hampshire legislators rejected by a 267-39 vote HB 1409, which would have prohibited any government agency or private entity in the state from using biometrics as part of identification cards “ except for employee identification cards “ and from requiring a person “to disclose or provide biometric data as a condition of doing business with, engaging in any business activity or relationship with, or obtaining services from, that agency or entity.” [Source] See also: [US Biometric Scanning Rises Despite Privacy Fears] and [At Bronx clinic, the eyes are windows to medical records]


SA – Bank Biometric System Raising Security Concerns

A biometrics deal between the South African Banking Risk Information Centre and the Department of Home Affairs aimed at reducing identity theft is raising some security concerns. The deal allows banks to conduct online fingerprint verification of clients and gives the banks access to the Home Affairs National Identification System to verify their identity, the report states. “The information is very sensitive, so we have to see that the proper security measures are in place,” explains Frank Rizzo of KPMG, adding, “The advantages are huge. It’s a very strong method for the proof of authentication. I think the initiative is great, but I’d like to see the proper security measures in place.” [ITWeb] See also: [Biometric Tiem Clocks Creating Frustration Among Employees] and [Palm Vein’s Application to Biometrics (podcast)]


WW – Lie Detector to Fight Smugglers and Terrorists

Researchers at Aberystwyth University and the University of Bradford have developed a thermal-imaging scanner that can reveal the physical signs of guilt, such as minute fluctuations in blood flow and temperature. The researchers say the system, called Real-Time Dynamic Passive Profiling, could be used to identify smugglers or terrorists at border control points. “This new technology is based on the modeling of facial expressions, eye movement, and pupil changes in both the visual and thermal domains,” says Aberystwyth professor Reyer Zwiggelaar. “In the future, it could have many uses, because it tells us how people are really feeling.” The researchers plan to test the system at U.K. ports and airports next month. “We aim to automatically analyze people’s facial expressions and eye movements in response to a series of questions through video images and computer-based intelligent algorithms,” says Bradford professor Hassan Ugail. [Wales Online]




CA – Privacy Act Invoked to Protect NSERC Research Fraudsters

The privacy doctrine is being used as a fig leaf by cynical government officials who wish to hide embarrassing information. An example comes courtesy of the Natural Sciences and Engineering Research Council (NSERC), which refuses to divulge the identity of any scientist who runs afoul of its research or financial-accountability guidelines. The council insists Canada’s Privacy Act has tied its hands, and so it cannot “out” so-called “rogue researchers” without violating the alleged culprits’ rights. The issue has come to the forefront now because of the case of Daniel Kwok, a University of Calgary engineering professor recently barred from seeking NSERC grants because of accusations that he plagiarized some of his work and spent as much as $150,000 in NSERC money inappropriately. While Mr. Kwok vehemently denies the allegations against him, according to information obtained by the Calgary Herald and Canwest News Service, NSERC insists he made tens of thousands of dollars in purchases deemed “inconsistent” with his research, including an iPod, aluminum wheels and chrome exhaust pipes for a car and a home theatre worth $17,624.63. NSERC is not a department of the government. But it spends the public’s money -- doling out $1-billion annually in federal research funds. Like every other agency or department funded by Canadians’ tax dollars, it should be transparent about where that money goes. [National Post] [Read more] See also: [Privacy ‘zealots’ compound a family’s torment Ottawa won’t release details in case of woman who vanished in Syria]




US – Harbour: Consumer Privacy Cannot Be Run in Beta

In her opening address for yesterday’s Federal Trade Commission (FTC) roundtable on Internet privacy, FTC Commissioner Pamela Jones Harbour said technology companies are setting a dangerous precedent of publicly exposing consumer data during new product rollout. She said the throw-it-up-against-the-wall-and-see-if-it-sticks approach to product launches comes at the expense of consumers’ privacy and that “Unlike a lot of tech products, consumer privacy cannot be run in beta.” It was the third and final FTC roundtable dedicated to online privacy. Among other topics, participants discussed the privacy of health information, the notice-and-choice framework and privacy policies, which one panelist described as “an unmitigated disaster.” In the months to come, the commission will synthesize its findings and gather comments from the public. [Wall Street Journal]


WW – IBM, Insurer Develop ‘eHarmony for the Call Center’

IBM and insurance provider Assurant Solutions have come up with a project that, in the manner of dating services like eHarmony, uses analytics to match up call center callers with the most appropriate representative. The Real-Time Analytics Matching Program (RAMP) is an attempt at improving the traditional call center experience, where calls are routed via few menu options, such as which language the caller speaks and the type of product involved, but don’t necessarily end up getting handled by an agent capable of resolving the problem. The RAMP system’s real-time analytics engine weights factors such as a caller’s average wait time, payment history or spending patterns. It then looks for an ideal agent to take the call, based on their past performance and skill set. Prediction algorithms figure out when an optimal agent will be free, and the system sends them the call. RAMP’s capabilities could also be expanded by adding more types of data, such as “psychographic” details of a caller’s historical demeanor, said Toby Cook, practice leader, IBM Analytics Solutions Team, IBM Global Business Services. “If they’re traditionally cranky, and [the company has] that data available as a score input, you could match that to optimal agents.” [Source]


UK – New Code of Practice Restricts Data Collection

Advertising industry groups have released a new code of practice that outlaws the collection of personal data from children under the age of 12 without parental consent. The rules, which will be enforced by the Advertising Standards Authority, will take effect on September 1. The rules also prohibit marketers from collecting personal information about other people from children under the age of 16, the report states. [OUT-LAW.COM] [New UK Advertising Codes] See also: [Netflix Cancels Second Contest Over Privacy Concerns] and also: [ tied to more dubious marketing tactics]




UK – Brown to Put All Britons Online

Every person in Britain would get their own personalised website under plans by Gordon Brown to save billions of pounds by creating a paperless state. Online transactions are proposed for everything from claiming benefits and paying council tax to passport applications. However, the move, due to be rolled out over the next four years, may put tens of thousands of public sector workers at risk of redundancy. Union leaders and privacy experts are already warning of major concerns over privacy, data protection and fraud. Plans to introduce Amazon-style online form-filling are expected to be unveiled by the Prime Minister tomorrow. Huge savings are expected to be made through the phasing out of call centres and benefits offices, as well as reducing the cost of postal services and telephone calls. It is hoped personalised websites will be introduced for every person in Britain within a year of the scheme being launched. [Source]


EU Developments


EU – Art. 29 Working Party Defines Terms

The Article 29 Working Party has created guidance on two terms in the EU Data Protection Directive in order to help organizations apply the directive in practice. The guidance provides detailed definitions of “data processor” and “data controller,” terms on which the application of the directive hinges. The group said a potential lack of clarity around the terms has led to inconsistencies. [OUT-LAW.COM] [The Guidance]


EU – EC Decision on Standard Contractual Clauses for the Transfer of Personal Data

The European Commission’s Decision 2010/87/EU on standard contractual clauses for the transfer of personal information to processers established in third countries updates the standard contract clauses effective May 15, 2010; Decision 2002/16/EC is repealed with effect from May 15, 2010. Current contracts between a data exporter and a data importer pursuant to Decision 2002/16/EC will remain in force and effect for as long as the transfers and data-processing operations unchanged; if contracting parties decide to make changes or subcontract the processing operations that are the subject matter of the contract they will be required to enter into a new contract which must then comply with the updated standard contractual clauses set out in this Decision. The standard clauses spell out the obligations of the data exporter and data importer; the data exporter must warrant, among other things, that the processing is carried out in accordance with the relevant provisions of the applicable data protection law, that it has instructed the data importer to process the personal data transferred only on the data exporter’s behalf, and that the data importer will provide sufficient guarantees in respect of the specified technical and organisational security measures. The data importer must warrant and agree to process the personal data only on behalf of the data exporter and in compliance with its instructions, that it has implemented the technical and organisational security measures before processing the personal data and that that it will promptly notify the data exporter about any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise or any accidental or unauthorised access. Other clauses deal with third-party beneficiary rights of data subjects, liability, mediation, co-operation with supervisory authorities, sub-processing and obligations after the termination of the data-processing services. [Source]


UK – ICO Announces Consultation on the Assessment Notices Code of Practice

The ICO has published a draft Code of Practice for Assessment Notices for consultation, with comments due March 24, 2010; “consensual” audits will be conducted where a data controller agrees to a letter of engagement served by the ICO - a “compulsory” audit may be used by the ICO where the data controller refuses to consent to a consensual audit or fails to respond to the letter of engagement. Data controllers may be targets for audits if at high-risk of causing damage and distress to a significant number of individuals; risk level will be based on factors including compliance history, communications with the data controller that highlight a lack of compliance controls and/or weak understanding of the Data Protection Act, statements published and audits conducted by the data controller that indicate issues in processing personal data, the implementation of new systems where there is a public concern that personal data is at risk, volume and nature of personal data being processed, and perceived impact on individuals of any potential non-compliance. Audits will involve a review of documents (documents that explain how the data controller meets compliance obligations and what governance controls are in place), on-site inspections (to determine how personal data is handled), and interviews with staff of the data controller and data processor. [Source]


Facts & Stats


US – Data Breaches Are Heaviest at Hotels: Study

Hackers are now stealing credit-card data from hotels more often than any other industry, according to data-security companies. In a recent report, SpiderLabs, a unit of data-security firm Trustwave, said 38% of its data-breach investigations in 2009 occurred at hotels. Financial services accounted for 19% of the company’s data-breach investigations. Once an attack occurred, it took an average of 156 days for the business to realize it, according to the report. The problem has continued into 2010. [The Wall Street Journal]


US – 18- to 24-Year-Olds Most at Risk for ID Theft, Survey Finds

The “core millennial” group, identified as people ages 18 to 24, is at the greatest risk of identity fraud and theft because it takes them longer to figure out that they have been defrauded -- meaning their information is compromised for a longer period, according to a recent Javelin Strategy survey. It takes young people an average of 132 days to detect fraudulent activity on their credit cards, bank accounts and other personal holdings, and those in older age groups average 49 days, the survey shows. When their identities are stolen, millennials are victimized by thieves for an average of about five months. “The 18-to-24 group is unique. They’re going to college. They’re away from home for the first time. They’re sharing more information. More of their information is exposed. The old stereotype is true that people are sharing information willy-nilly and are waiting until they become a victim to listen to sound advice.” [The Washington Post]




UK – Lords Approve Controversial Digital Economy Bill

The UK House of Lords has approved the Digital Economy Bill; the House of Commons is expected to approve the bill before the general election. The bill imposes penalties for illegal filesharing, including giving the government the power to block websites. The bill would also suspend Internet accounts of people who persistently share digital content in violation of copyright law. British Telecom, Google and Facebook have spoken out against the provision, proposing that illegal filesharers be fined instead. [BBC News] [eWeek Europe]




EU – Reding Assures Parliament on Bank Transfer Conditions

EU justice commissioner Viviane Reding has assured members of the European Parliament that their demands for data protection concerning European bank transfers “will be guaranteed.” Parliament recently rejected an agreement to share bank transfer data with the U.S. on the grounds that the accord failed to adequately consider the privacy of EU citizens. At a European Policy Centre debate in Brussels last week, Reding said, “I can tell you that, following discussions with the American authorities, the guarantees regarding privacy which were required by parliament will be met.” German MEP Martin Schulz said, “The EU and U.S. Obama administration have accepted MEP concerns.” [The Parliament]


CH – Swiss People Want Secrecy Laws Upheld

A Swiss Bankers Association survey of more than 1,000 Swiss citizens has found that the majority oppose ending banking secrecy laws in the state. Seventy-three percent of respondents want the laws maintained, down 5% from last year’s poll. In addition to wanting confidentiality laws upheld, 40% of respondents indicate that their government should do more to protect the tradition and 70% say they object to the automatic exchange of banking information with other governments. The Swiss government has been facing international pressure to relax the rules in order to assist international tax evasion investigations. [Source]


CA – House of Commons Sent T4s to Wrong Homes

The House of Commons has launched an internal probe in the wake of an “administrative error” that resulted in hundreds of personal income tax forms being mailed to the wrong addresses. The glitch affected 697 former staffers of members of Parliament in 2009 who received a T4 tax form last month that belonged to somebody else. Government House leader Jay Hill said the mix-up likely occurred when lists of former employees were incorrectly merged with addresses prior to the mailout by the human resources department. “It was an inadvertent human error,” Hill said. “I often wonder when people sit and stare at these computer screens all day why there aren’t a lot more errors like this.” A spokeswoman for Jennifer Stoddart, the federal privacy commissioner, said that an investigation by her office would be beyond the scope of her mandate. Although the commissioner is an advocate for privacy rights of Canadians in federal institutions and the private sector, the existing privacy legislation in Canada does not cover the House of Commons, said Valerie Lawton, a senior communications adviser for the commissioner. [Source] [Read more] See also: [RRSP mixup scares off client: Ottawa man received Calgarian’s statement]


US – Protecting Agencies from Oversight, Obama Threatens to Veto Intelligence Funding

The White House is threatening to veto a key intelligence funding bill over what it considers to be a dangerous amount of oversight on covert agencies, according to published reports. The 2010 Intelligence Budget has gone through a number of key changes over the past few months, with House Democrats and the Obama administration butting heads over a number of provisions. Key among them for the latest White House veto threat is a provision that would allow the Government Accountability Office to investigate intelligence agencies. “Current law exempts intelligence and counterintelligence activities from GAO review, leaving oversight to the inspectors general at the various intelligence community agencies,” Politico reported. In a letter to the House and Senate intelligence committees, Office of Management and Budget chief Peter Orszag highlighted several areas of the bill that have intelligence officials worried, including the GAO oversight provision. Orszag’s letter also claims that proposed reforms to how Congress is notified of covert activities poses a “serious” threat that intelligence agencies object to. [Source] [Obama threatens to veto greater intelligence oversight] See also: [GAO Report: Information Security: IRS Needs to Continue to Address Significant Weaknesses. GAO-10-355, March 19 | [Highlights]




US – Municipalities Use Internet to Share Information

Editor’s note: March 14-20 is ‘Sunshine Week,’ an initiative spearheaded by journalists that’s designed to highlight the importance of open government and freedom of information. In conjunction with Sunshine Week, the Tri-City Times [Michigan] has decided to examine how municipalities use Web sites to improve accessibility for residents. [Details] See also: [Open government talk buzzes across Canada]


US – Secret Document Calls Wikileaks ‘Threat’ to U.S. Army

Wikileaks presents a “threat to the U.S. Army” and publishes “potentially actionable information” for targeting military personnel, according to a classified intelligence report posted last week on the whistleblowing site. The 32-page report entitled – An Online Reference to Foreign Intelligence Services, Insurgents, or Terrorist Groups? indicates the government’s concern that “current employees or moles” within the Defense Department or the U.S. government “are providing sensitive or classified information to Wikileaks.” To stop this, the 2008 report had suggested a campaign to expose and punish those who leak to the site, which was founded in 2007 by Chinese dissidents, journalists and mathematicians. “ uses trust as a center of gravity by assuring insiders, leakers, and whistleblowers who pass information to personnel or who post information to the website that they will remain anonymous,” according to the report. “The identification, exposure, or termination of employment of or legal actions against current or former insiders, leakers, or whistleblowers could damage or destroy this center of gravity and deter others from using to make such information public.” The document is classified Secret, and was produced by the Army Counterintelligence Center, under the Department of Defense Intelligence Analysis Program. It appears to underscore the military’s alarm that Wikileaks might be used to reveal United States military secrets, or broadcast disinformation harmful to the U.S. [Source]




US – Obama Supports Mandatory DNA Sampling of Americans Upon Arrest

Josh Gerstein over at Politico has underscored once again President Barack Obama is not the civil-liberties knight in shining armor many were expecting. Gerstein posts a televised interview of Obama and John Walsh of America’s Most Wanted. The nation’s chief executive extols the virtues of mandatory DNA testing of Americans upon arrest, even absent charges or a conviction. Obama said, “It’s the right thing to do” to “tighten the grip around folks” who commit crime. When it comes to civil liberties, the Obama administration has come under fire for often mirroring his predecessor’s practices surrounding state secrets, the Patriot Act and domestic spying. There’s also Gitmo, Jay Bybee and John Yoo. Now there’s DNA sampling. Obama told Walsh he supported the federal government, as well as the 18 states that have varying laws requiring compulsory DNA sampling of individuals upon an arrest for crimes ranging from misdemeanors to felonies.The data is lodged in state and federal databases, and has fostered as many as 200 arrests nationwide, Walsh said. The American Civil Liberties Union claims DNA sampling is different from mandatory, upon-arrest fingerprinting that has been standard practice in the United States for decades. A fingerprint, the group says, reveals nothing more than a person’s identity. But much can be learned from a DNA sample, which codes a person’s family ties, some health risks, and, according to some, can predict a propensity for violence. [Source]


Health / Medical


AU – Heath Identifier Function Creep Threatens Data Privacy Says Coalition

The Australian Senate Community Affairs committee has recommended passage of the controversial Healthcare Identifiers Bill, despite the minority Coalition members calling for amendments to ensure patient privacy and prevent personal identifiers being turned into a national identity regime. This week, the committee recommended developing a plan to introduce the scheme over the next two years, opening it to public comment before finalisation. The report calls for an education strategy targeting health providers and consumers “which clearly lays out the facts and provides (a means) for people to access further information”. In a dissenting report, Coalition senators said government assurances on privacy, “function creep” and readiness for introduction had been “insufficient” to allay concerns. “Amendments are required to ensure the privacy of health consumers is maintained, and that individual identifiers cannot become de facto Australia Cards,” they said. [The Australian]


Horror Stories


CA – Malware Found on Calgary Medical Clinic Computer

The University of Calgary Sunridge Medical Clinic has sent letters to more than 4,700 patients to let them know that their personal information may have been compromised. A computer that holds copies of faxes, billing data and medical legal reports was found to be infected with two pieces of malware. The Alberta privacy commissioner is investigating the incident. Last year, the same clinic discovered that information shared over a University of Calgary intranet was accessible to outside users. [Calgary Sun] [Calgary Herald] [U of C warns patients after computer virus hits medical records] See also: [Second Vodafone HTC Magic Found to be Infected with Malware]


NZ – Conficker Infection at New Zealand Hospital Traced to USB Drive

An infection that shut down the computer system at the Waikato (New Zealand) district health board (DHB) in December has been blamed on a USB device used in a computer in a booth in a parking lot. The three thousand computers in the DHB network became infected with the Conficker virus and shut down the system for three days. [NZ Herald] []


Identity Issues


EU – Educational Web Game by Nestlé Sparks Privacy Concerns

A German educational foundation for reading faced criticism for allowing food company Nestlé to collect information on children via an online learning game. But the group claims it was unaware of the practice. The organisation Stiftung Lesen teamed up with Swiss firm Nestlé to create Nutrikid & Das Geheimnis der Pyramide, or “Nutrikid & the Secret of the Pyramids,” distributing it to schools across the nation. The game directs young players on a treasure hunt through ancient pyramids as they solve riddles about good nutrition. While the school version of the program does not ask for children’s personal data, when children go home and play on their family PCs, the online version does. Now parents have become concerned that when their children play the game at, the company requires them to provide personal information - name, email address, gender, birth date, and a nickname. Meanwhile the Nestlé logo crops up throughout the game. Data protection officials in Darmstadt near Nestlé’s German headquarters have said they plan to look into the reports. [Source]


Intellectual Property


UK – House of Lords Pass Controversial Internet Piracy Bill

Legislation to tackle internet piracy, including bans for illegal file-sharers, has been passed by the UK House of Lords. The Digital Economy Bill is now expected to be rushed through the Commons before the general election. [BBC]


CA – Copyright Conviction Raises Privacy Concerns

The decision to send a Montreal man to prison for pirating movies has set a dangerous precedent that could threaten privacy rights, say civil rights advocates in Vancouver. Lat week, Gérémi Adam, 27, became the first Canadian jailed for breaking cinematic copyright, when he was sentenced to 2½ months after pleading guilty to two counts of distributing high-quality pirated copies of Hollywood films. Canadian film distributors welcomed the sentencing of Adam, whom the FBI once called Canada’s biggest movie pirate. But Chris Brand, co-founder of the Vancouver Fair Copyright Coalition, questioned the sentencing. “The question then comes down to what level of enforcement is reasonable and what level of punishment is reasonable,” said Brand. Brand is concerned the enforcement of those piracy laws could violate Canada’s privacy laws, because in order to monitor illegal uploads and downloads online, authorities would have to monitor a person’s entire internet connection, he claims. [Source]


Internet / WWW


WW – Spammers Go After Facebook Users

Spammers have been targeting Facebook members with data-stealing malware. The malicious messages appear to come from legitimate senders, but the return address is spoofed. The messages tell recipients that their Facebook passwords have been reset and that they need to download an attachment that contains the new password. Although many users may know by now that websites would not reset passwords and email the new ones, because Facebook’s user base is so large, the attackers appear to be hoping that at least some will fall for the ruse. [PC World] [CNet] See also: [Facebook discovery: Is civil litigation in uncharted waters?] and also:


WW – MySpace Selling User Data

Social networking just became a little riskier to your privacy. MySpace has begun to sell user data to third parties ranging from academics and analysts to marketers. The data will include any activity or information that is attached to an account. [PC World] [Slashdot] see also: [Wall Street Journal: U.S. Official Blasts Google on Buzz]


US – FBI Embraces Facebook, MySpace to go Undercover

The Feds are on Facebook. And MySpace, LinkedIn and Twitter, too. U.S. law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting. The document, obtained in a Freedom of Information Act lawsuit, makes clear that U.S. agents are already logging on surreptitiously to exchange messages with suspects, identify a target’s friends or relatives and browse private information such as postings, personal photographs and video clips. Among other purposes: Investigators can check suspects’ alibis by comparing stories told to police with tweets sent at the same time about their whereabouts. Online photos from a suspicious spending spree — people posing with jewelry, guns or fancy cars — can link suspects or their friends to robberies or burglaries. The Electronic Frontier Foundation, a San Francisco-based civil liberties group, obtained the Justice Department document when it sued the agency and five others in federal court. The 33-page document underscores the importance of social networking sites to U.S. authorities. The foundation said it would publish the document on its Web site. [EFF Posts Documents Detailing Law Enforcement Collection of Data From Social Media Sites] [Confidential U.S. Department of Justice presentation on social-networking sites] [EFF: Break the law and your new ‘friend’ may be the FBI] [Meet your new Facebook friend: Johnny Law] [Coverage] See also: [Conflict: Social Network Terms & Gov’t Agents Lying About Their Identity]


US – Facebook Settles $9.5 Million Suit on Beacon Privacy Complaint

Facebook won approval for its $9.5 million settlement of a class action lawsuit related to its controversial Beacon program, which let users track one another’s online purchases. The company dropped Beacon last November after a dust-up over privacy concerns related to the use of the program. It continues to deny wrongdoing. On Wednesday, a U.S. District Court judge in San Jose approved the settlement, despite objections by privacy advocates. As part of the settlement, Facebook will create a “digital trust fund.” Facebook public policy director Tim Sparapani will sit on the board of the fund, which some privacy advocates say is a conflict of interest. Here’s a recent interview of Sparapani on C-Span’s The Communicators program discussing privacy and other issues. The company will also fund $6 million in grants for online privacy research. [Source] See also: [Naming and shaming: Canadian academia too protective of those who “go rogue” ]


WW – Privacy Concerns Hinder ‘Real-Time Web’ Creation, Developers Say

Before the Web can begin providing information to users in real time, Internet professionals need to figure out how to protect personal privacy. “A lot of this data that people would like to make available, they wouldn’t necessarily want to make available to everyone,” Jack Moffitt of Collecta explained during the South by Southwest Interactive Festival. “I think we’ll be wrestling with privacy issues around real-time data for a long time.” Brett Slatkin of Google suggested one option would be for developers to create a way for users to set their online privacy settings in one place and then have those settings apply across the Internet. “We’re going to see a definition, at the technical level, of what sharing means,” he said. [CNN]


Law Enforcement


CA – High Court Quashes Child Porn Conviction

A botched search warrant and the right to computer privacy featured in a Supreme Court ruling that overturned the child pornography conviction of a Saskatchewan man. By a slim 4-3 margin, the high court quashed Urbain P. Morelli’s 2005 conviction in a ruling that threw out the “carelessly drafted” and “misleading” RCMP warrant at the heart of the case. “This case concerns the right of everyone in Canada, including the appellant, to be secure against unreasonable search and seizure ... particularly, to the search and seizure of a personal computer,” Justice Morris Fish wrote. Fish said it’s difficult to imagine “a search more intrusive, extensive, or invasive” than the police seizing a computer and getting unfettered access to someone’s personal notes, medical and financial records, as well as every website visited “by design, but sometimes by accident.” The search warrant the RCMP eventually obtained on Morelli’s computer fit that description, Fish said, but it was “materially misleading, and factually incomplete.” [Source] See also: [Child Pornography Reporting Soon to be Mandatory for Ontario Employers | Ontario Bill 37]


CA – Former North Vancouver Cop Sues RCMP

A former North Vancouver police officer is suing the RCMP, claiming the force inappropriately released details of an internal investigation that probed possible links to child pornography. No charges or disciplinary action ever resulted from the investigation. According to the lawsuit, Khomphet Kameron Khamphoune complained to the federal privacy commissioner on March 17, 2008 about the leaked investigation. In October, 2009, that office said the complaint was “well-founded”, according to the statement of claim, and said “although the identity of the source could not be identified despite a thorough investigation by the RCMP, the RCMP was convinced that given the details involved, information came from the RCMP itself.” Damage to his reputation has made Khamphoune “unemployable and untouchable in the policing/security field,” according to the lawsuit. Khamphoune alleges members of the RCMP did that deliberately. He is seeking damages of over $50,000 and is also suing the Province, Vancouver Sun and Richmond News over the articles. The newspapers have filed a defence, arguing the stories were handled responsibly and that most of the material was a result of official disciplinary proceedings, court proceedings or were statements made by an official RCMP spokesman. [North Shore News]




GH – Data Protection Law Coming

The government of Ghana will establish a data protection law this year. Speaking at a mobile telephony event in Accra this week, Communications Minister Haruna Iddrisu announced the Data Protection Bill would help secure personal data. The event was to celebrate the launch of Zain Zap, a service to enable mobile banking via cell phones. Minister Iddrisu called on Zain Ghana managers to “inspire customer confidence in the service” by protecting the information consumers divulge when registering their SIM cards. He said the “government will continue to uphold and respect the privacy of the communication of every Ghanaian.” []


Online Privacy


UK – 25% of UK Schoolchildren Admit to Accessing Others’ Online Accounts

One quarter of school-aged children in the UK admitted to accessing other people’s Facebook or web-based email accounts. Seventy-eight percent of the students said that breaking into others’ accounts was wrong and 53% said they believed it was illegal. The reasons most often given for the unauthorized account access were just for fun and mischief. 20% of the students believed they could make money breaking into others’ accounts, and five percent envisioned making a career out of cyber attacks. [The Register] [Fast Company]


US – Microsoft’s Boyd Questions Future of Online Privacy

Microsoft researcher Danah Boyd presented a pretty bleak picture of how privacy and publicity is managed online Sunday in her SXSW Interactive keynote. Targeting Chatroulette, Facebook, and Google Buzz as examples, Boyd says consumers have no idea what they are sharing online, and that the businesses that build social networks don’t either. Facebook changed its privacy policies in December, requiring each user to sign off on new privacy settings. When offered this choice, 35% of users chose to make their profiles private. Boyd pointed out that that means 65% made their updates public. After conducting scores of interviews, Boyd doubts those users even read the privacy statement; they just clicked through as we have been conditioned to do. “I have yet to find a single person who actually knew what their settings were,” Boyd said. “When they don’t know what the value proposition is, they just click through.” [Source] See also: [New York Times: Couple fights on Facebook now commonplace] and [New York Times: How Privacy Vanishes Online] and also: [Matyszczyk Contra McCullagh: Why people really do care about privacy] and also: [Privacy is still a social norm: Cavoukian]


US – Firms Merging Offline, Online Data to Improve Ad Targeting

Consumer research firm Nielsen and Web data collection company eXelate Media are forming a new alliance aimed at creating more detailed consumer profiles. Advertisers will be able to purchase data from eXelate’s research on more than 150 million Internet users and Nielsen’s database on 115 million American households, the report states. “We can build profiles from any building blocks,” says Meir Zohar, chief executive of eXelate, which has offices in New York and Israel. “Age, gender, purchase intent, interests, parents, bargain shoppers--you can assemble anything.” Lawmakers, regulators and privacy advocates, however, are warning such a move could be too intrusive. “If consumers learn that information about them has been compiled from multiple different sources, it certainly could cause them to be concerned,” says Christopher Olsen of the Federal Trade Commission. [Wall Street Journal]


Other Jurisdictions


JP – Japan: Internet Posts Held To Libel Standards

The Japanese Supreme Court has ruled that individuals posting comments on the Internet must be held to the same standards for criminal libel as writers in other forms of media. The unprecedented ruling means that individuals can be held criminally responsible for their Internet postings. In its ruling, the top court’s First Petty Bench said that the Internet postings of individuals are not necessarily considered “low in trust” by those who read them. The ruling also took into consideration the circumstances of such Internet postings, including the possibility of grave libel damage because an unspecified number of users can instantaneously view the posting and the fact that there was no guarantee the party libeled would have adequate opportunity to respond on the Internet. The top court ruled that, just as in the case of libel rulings on printed matter or speech, the only way in which libel would not apply is when the person making the posting could show “recognition of adequate cause based on reliable documents and grounds” for what was expressed. In other words, a person writing on the Internet would have to provide evidence to show that what was posted was believed to be correct. [Source]


Privacy (US)


US – Dems to Obama: Stop Dithering - Move on P&CL Board NOW!

Privacy advocates and congressional Democrats want to know why President Obama has yet to appoint nominees to a privacy and civil liberties board that has been defunct for more than two years. The board is supposed to ensure that the government protects Americans’ privacy and civil liberties in a range of counterterrorism activities. President Bush created the board in 2004 at the recommendation of the 9/11 Commission, but it fell apart a few years later. Privacy advocates and Democrats in Congress seemed willing to give President Obama a grace period. Now there is a growing consensus that the grace period is over. “I wish they’d hurry up and get the nominations up here,” Senate Judiciary Committee Chairman Patrick Leahy (D-VT) said in an interview. “I’ve written to President Obama and told him that this shouldn’t lag any longer.” The White House has not responded to Leahy’s letter. “I’m not sure why,” Leahy said. “I realize they’ve got a lot of things to do down there, but this is something that’s going to affect every single American. And I think it should be done. If you’re going to have credibility in our various agencies, I think you need something like this.” Other congressional Democrats have made similar requests. On March 1, 2010, more than 30 privacy and civil liberties groups sent a letter urging the White House to appoint board members without delay White House spokesman Ben LaBolt said the positions will be filled soon, and the president is committed to reviving the board. [National Public Radio] [Listen to the Story]


US – EPIC Recommends that Congress Suspend Body Scanning Program

In testimony before the House Committee on Homeland Security, EPIC President Marc Rotenberg urged Congress to halt the plan to deploy body scanners in the nation’s airports. “Based on the documents we’ve obtained, the views of experts, the concerns of Americans, and the extraordinary cost, Congress should suspend the program,” said Mr. Rotenberg. [Details] See also: [Do airport full body scanners violate Islam?]


US – Principal May Have Violated Student Privacy Law

Marshfield Middle School’s principal might have violated a federal law that protects the privacy of student’s education records on Thursday when he made public about 100 students’ failing grades. Principal Dave Schoepke said he posted in the alcove of his office a list of names of kids who were failing in order to quickly disseminate information to students who needed to turn in assignments, so they could raise their grades and attend Friday night’s school dance. Students with failing grades are not allowed to participate in certain extra-curricular activities, including dances, Schoepke said. Sensing urgency, and in need of a way to address many students in a short amount of time, Schoepke decided to post the list, he said. But that decision, which Schoepke said in hindsight was a poor choice, likely violated the Family Educational Rights and Privacy Act, a federal law that protects the privacy of a student’s education records. “Is there something that is legally wrong? I would have to say ‘yes,’” Schoepke said. The list was taken down when he received complaints, he said. According to FERPA, schools must generally “have written permission from the parent or eligible student in order to release any information from a student’s education record.” [Wausau Daily Herald]


US – IAPP Explores the Future of the Privacy Profession

In conjunction with the celebration of its 10th anniversary on March 16, the International Association of Privacy Professionals (IAPP) has released a white paper on the future of the privacy profession entitled, “A Call for Agility: The Next-Generation Privacy Professional.” When the IAPP initially was formed, the role of the chief privacy officer was newly emerging following the dot-com boom. Over the past 10 years, the exponential increase in data collection and retention have propelled the privacy professional into senior levels of management. As the legal landscape continues to develop and corporations’ focus on privacy matures, privacy professionals will need to adapt. The IAPP’s paper considers what skill set the privacy professionals of the future will need to succeed, how privacy programs will become more proactive and less reactionary, and why privacy should be viewed as an enabler rather than a hindrance. The IAPP asserts that the privacy professionals of tomorrow will need to be more nimble. [Source: Hunton & Williams] [Paper: A Call for Agility: The Next-Generation Privacy Professional]


Privacy Enhancing Technologies (PETs)


CA – Toronto Firm Brings Direct Mail Marketing Online With Unique Privacy Service

Bering Media has a privacy-protection service that allows it to connect advertisers with individuals in a location they want to target, all while keeping the target group’s personal information private. The Toronto firm, acts as an intermediary between ISPs and advertisers looking for location-specific promotional opportunities online. Bering can connect an advertiser promo with the appropriate ISP location, without revealing any personal or proprietary information about the folk being targeted. A double-blind network architecture – a transaction-based system run in the cloud – makes this possible. Bering allows a business to display its advertising to people they intend targeting, but doesn’t share back information about the actual location, name or address of people being targeted. The location-based platform can cut down to neighbourhood level. Web surfers will see the local ads appear on Web sites they are surfing. [Source]


CA – Avatars to Debate Autonomy

The medium and the message come together this week in a law and technology conference being billed as a Canadian first. “Technology can have many unintended consequences,” says Queen’s University law professor Art Cockfield, organizer of the meeting. Increasingly worried about the personal privacy implications of new technologies and social networking sites, Cockfield decided to gather together some of the top thinkers on the issue from around the world. But instead of meeting face-to-face, participants will be sending their avatars to Education Island, a virtual location set up by the university in the popular online virtual world of Second Life. Avatars will be attending from across North America and as far away as Australia, Cockfield says. “Because the conference deals with technology, meeting in cyberspace feels appropriate.” And with conferences such as his, Cockfield says, Second Life can be used to make our real lives more efficient. He says this is the first such meeting for Canada. The conference will focus on the impact of new technology on personal privacy and autonomy. Cockfield, who worries that our privacy has been eroded with the advance of technology, will lead a session on privacy and surveillance. Often, he says, we give up a little privacy for the convenience of new technical devices. [Source]




US – Nano-Based RFID Tags Could Replace Bar Codes

Long lines at store checkouts could be history if a new technology created in part at Rice University comes to pass. Rice researchers, in collaboration with a team led by Gyou-jin Cho at Sunchon National University in Korea, have come up with an inexpensive, printable transmitter that can be invisibly embedded in packaging. [Science Daily]


WW – RFID News Roundup


CH – Swiss Study Finds RFID Tags Safe for MRI, CT Scans

Researchers at St. Gallen Canton Hospital say that wristbands with 13.56 MHz passive RFID tags do not significantly interfere with the functionality of imaging devices, or pose a risk to scanned patients wearing such wristbands. [Full Story]


US – Retirement Community Gains Insight From RTLS

Technology from Intelligent InSites and CenTrak allows Rockhill Mennonite to know the locations of its residents and employees in real time, enabling faster responses to calls for assistance, as well as documentation of patients’ activities and care. [Full Story]


WW – Citibank Says RFID Pilot Proves Strong Consumer Interest in Mobile-Phone Payments

The company, which has completed a Near Field Communication project in India, finds that NFC-based retail applications can be successful--with the proper mix of marketing, incentives and execution. [Full Story]


US – Wristbands Document Interactions Between Prisoners and Officers

Hardin County Jail has upgraded its RFID system with high- frequency 13.56 MHz RFID wristbands, to track every officer- inmate transaction in real time. [Full Story]


US – Tagged Tablets Memorialize the Deceased

The RosettaStone, containing a passive 13.56 MHz RFID tag, is designed to be either taken home as a keepsake or installed on a gravestone, to provide information regarding a departed loved one. [Full Story]




US – Former Employee Disables 100+ Cars Via Computer

Police in Austin, Texas have arrested Omar Ramos-Lopez for allegedly accessing a computer system at Texas Auto Center and disabling the ignition systems on more than 100 cars. Ramos-Lopez was laid off from the Texas Auto Center in February. The company uses a system to disable cars that have not been paid for; a device installed under the car’s hood allows someone with access to the computer system to disable the vehicle’s ignition system or start the car’s horn honking, which can be stopped only by removing the battery. The company received reports of problems for five days before resetting the system’s password. Examination of access logs led investigators to Ramos-Lopez. Although his account was disabled when he was let go, he used another employee’s account to access the system. [WIRED] [MSNBC] See also: [High-tech copy machines a gold mine for data thieves]




UK – Study: School Children Monitored ‘As Closely As Inmates’ by CCTV

Children are being monitored as closely as inmates in prisons as schools break the law to introduce scores of covert CCTV cameras, a ground-breaking new study has found. The vast majority of secondary schools use more than 20 CCTV cameras to capture children’s movements in corridors, playgrounds and even the toilets. But many are breaking the law by failing to make it clear to pupils where cameras are located and how the images might be used. At least one unnamed school has installed cameras with microphones in classrooms and corridors and given staff earpieces to listen in on conversations. The spread of CCTV in schools is documented in a study by a researcher based at Salford University. Dr Emmeline Taylor studied surveyed 24 comprehensives in the north west of England and discovered that 23 had installed more than 20 cameras. Out of three studied in-depth, two had gone as far as placing them in the toilets. Dr Taylor also found that schools are increasingly using biometric technology - such as fingerprint, iris or facial recognition systems - for ‘mundane’ reasons such as lending library books. Parents are often in the dark about the biometric data taken from their children or the extent of CCTV. ‘There has been very little attempt to inform the general public, including parents, about the extent that schools are using surveillance devices, including biometric surveillance,’ said Dr Taylor. ‘The level of surveillance that some pupils are subjected to on a daily basis rivals that of international airports and prisons.’ [Daily Mail]


WW – Blog Mining: Scouring blogs for useful information

Researchers at the University of Southern California’s Institute for Creative Technologies in Los Angeles are training a computer system to analyze personal blogs to build a system that could gather aggregated statistics daily on large populations. Andrew Gordon and colleagues first taught the computer system how to distinguish narrative blogs from other types of blogs by having it focus on the common phrases of narrative storytelling. The team took the same approach to getting the system to recognize casual connections of narrative blogs by having it search for phrases often associated with cause and effect relationships. Gordon says that a system for analyzing the personal stories of blogs could operate in the manner of a larger version of the Google flu tracker program. He says mining the comments that people make about their daily lives would provide information on all kinds of emerging trends and behaviors. Tracking blogs also would reveal how ideas are spread and trends are set. [The Economist] See also: [EFF: Hooking Up The Big Brother Machine... And Fighting It]


EU – Software: Running Commentary for Smarter Surveillance?

European researchers have developed HERMES, a software surveillance system that automatically detects human motion, behavior, and facial expressions; generates a running commentary of what is happening; and virtually re-enacts events. HERMES consists of a scalable, flexible platform, which integrates software components that can detect events in real time and describe them semantically. The HERMES tracking technology functions like a human watching the same scene, making predictions about where a target is heading and reacting to other unusual events. The system can track people as they walk across a city with a combination of static cameras and pan-tilt-zoom cameras. Generating semantic information from video has led to the development of a tool that creates a virtual three-dimensional representation of the scene. “The virtual graphical representation of the footage is generated in near real time and can be displayed alongside the actual video stream,” says Universitat Autonoma senior researcher Andrew Bagdanov. [ICT Results]


US – Instant Ads Set the Pace on the Web

Web publishers’ use of real-time bidding, a sales method that lets advertisers “examine site visitors one by one and bid to serve them ads almost instantly,” the reports states. Some hope the method will revive the online ad market. Publishers and advertisers like it for its revenue and return-on-investment potential, among other benefits. But not everyone is excited. “The fact that you can be auctioned off in 12 milliseconds or less just illustrates how privacy in this country has rapidly eroded,” says one consumer advocate. [The New York Times]


Telecom / TV


US – FCC Broadband Plan Focuses on Privacy, Competition

The Federal Communications Commission’s ambitious national broadband plan will include recommendations aimed at ensuring consumers’ online privacy, according to an executive summary released last week. While the six-page summary was short on details, the FCC said it intends to suggest measures to “clarify the relationship between users and their online profiles ... including the obligation of firms collecting personal information to allow consumers to know what information is being collected, consent to such collection, correct it if necessary, and control disclosure of such information to third parties.” The FCC in January asked for comments about online privacy in response to a proposed notice of inquiry submitted by the digital rights group Center for Democracy & Technology. But it wasn’t clear until Monday whether the FCC intended to address the issue in its broadband plan. [Source]


CA – CRTC Telecom Notice of Consultation CRTC 2010-130

The CRTC maintains a difference for telecommunications to existing clients for financial advisors telephoning clients regarding financial products or services (these communications are not “telemarketing” and not subject to the Unsolicited Telecommunications Rules) and insurance agents selling or promoting insurance products or services (this is “telemarketing” and subject to the Rules). The CRTC is inviting comments on whether this difference should be maintained; comments are due March 19, 2010 and reply comments are due April 19, 2010. [CRTC Notice]


NZ – ‘Do Not Call Register’ for NZ Mooted

A “Do not call” register that would prohibit New Zealand telemarketers making unsolicited sales calls and a law that would oblige government agencies to tell people if their personal information had been lost or stolen are among a raft of ideas to tighten privacy law canvassed by the Law Commission. In a 500-page report, the commission also floats the possibility of controls on “cloud computing” and questions whether tougher regulations may be required to prevent internet providers snooping on customers’ emails and web surfing habits. Interception provisions in the Crimes Act and Telecommunications Information Privacy Code are designed to stop internet providers from spying on customers, but the commission questions “whether more is needed” given deep packet inspection - a technology that can help internet providers better manage their networks - had the potential to be misused. [The Dominion Post]


US Government Programs


US – F.B.I. Faces New Setback in Computer Overhaul

The Federal Bureau of Investigation has suspended work on parts of its huge computer overhaul, dealing the agency the latest costly setback in a decade-long effort to develop a modernized information system to combat crime and terrorism. The overhaul was supposed to be completed this fall, but now will not be done until next year at the earliest. The delay could mean at least $30 million in cost overruns on a project considered vital to national security, Congressional officials said. F.B.I. officials said that design changes and “minor” technical problems prompted the suspension of parts of the third and fourth phases of the work, which is intended to allow agents to better navigate investigative files, search databases and communicate with one another. The decision to suspend work on the $305 million program is particularly striking because the current contractor, Lockheed Martin, was announced to great fanfare in 2006 after the collapse of an earlier incarnation of the project with the Science Applications International Corporation. Beyond the financial costs are concerns about the F.B.I.’s ability to handle its law enforcement and national security responsibilities with an information system still regarded as sub-par in some crucial areas. [New York Times]


US – Many Choosing to Pay $100 Fine, Not Answer ‘Intrusive’ Census Questions

As questionnaires from the U.S. Census Bureau begin filling millions of mailboxes around the country for the official decennial head-count, citizens and civil rights advocates are loudly objecting to certain inquiries as violations of privacy and irrelevant to the legitimate purposes of government. “The government may mandate collection of information pertaining to race and ethnicity matters only where it is assembled in a manner which protects the privacy of individuals by separating the racial or ethnic information from personal identifying information such as name and address. Beyond this information, however, a citizen’s right to privacy overrides the government’s right to information.” – American Civil Liberties Union vs: “the [Census] Bureau employee conceded that listing a religious denomination or organization as an employer could fall into a “gray area” of Title 13, Section 221 ( c) which states: “No person shall be compelled to disclose information relative to his religious beliefs or to membership in a religious body.” [Details] [Source]


US Legislation


US – Revised Cyber Security Bill Mandates Public-Private Collaboration

The latest version of a Senate cyber security bill removes a provision that granted the President power to shut down Internet access and transit if the country comes under cyber attack, although the President would still have the authority to declare a cyber security emergency. The bill also calls for government officials to work with the owners and operators of critical infrastructure systems to establish a cyber attack response plan. The legislation is sponsored by Senators Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine). This is the fourth revision of the legislation, which was originally introduced last April. [Information Week] [NextGov] [SC Magazine]


Workplace Privacy


CA – Marine Security Trumps Privacy as Union Loses Legal Bid Against Screening

Longshoremen have lost a legal bid to contest marine security regulations they call an unwarranted invasion of their privacy. The Supreme Court of Canada says it won’t hear a challenge from the International Longshore and Warehouse Union of Canada. At issue was the Federal Court of Appeal’s ruling that the Marine Transportation Security Regulations do not violate the employees’ constitutional guarantees. The regulations, which allow authorities to screen marine workers with sensitive jobs, were brought in after the 9/11 terrorist attacks. The information gathered from workers includes details about the employees, their spouses and friends, as well as other personal background. The union and several local units, mainly in Vancouver, objected to the questioning and took their case to court. [Canadian Press]