The Transportation Security
Administration (TSA) last week announced several parameters for a nationwide
private sector Registered Traveler (RT) program, including the biometrics to be
used on Smart Cards for identification purposes and the redress process for
individuals who are denied access to the program. Airline
passengers who buy a pre-approved security pass could have their credit
histories and property records examined as part of the U.S.
government’s plan to turn over the Registered Traveller program to private
companies. The program will begin June 20. [Source]
[Source]
When a parent arrives to pick up their child at one of 3
grade schools in the Freehold Borough School
District, they’ll need to look into a camera that
will take a digital image of their iris. That photo will establish positive
identification to gain entrance into the school. Funding for the project, more
than $369,000, was made possibly by a school safety grant through the National
Institute of Justice, a research branch of the U.S. Department of Justice. “The
idea is to improve school safety for the children,” said the Freehold Borough
School District Superintendant, “We had a swipe-card system that operated the
doors, but the technology was obsolete.” Installation of the iris technology
began in October. The Teacher-Parent Authorization Security System (T-PASS), a
software application developed by Eyemetric Identity Systems, was installed on
the front office computers at each of the three schools. School participation in
the 18-month study is voluntary. [Source]
The Ponemon Institute’s
2nd annual online survey found that IBM and Bell Canada remain the most trusted
companies for protecting customer privacy. The survey also found that ID theft
topped the list of privacy concerns – up from 46% in 2004. The survey also
detected increased concern in Canada over telemarketing calls.
Larry Ponemon, chairman of the Ponemon Institute, said Canadians typically trust
Canadian companies over global enterprises – with the exception of IBM. [Source]
CA – Ontario Police Using ‘Production Order’ to Access
Reporter’s Notes.
It’s the first time police
have used a new Criminal Code provision called a production order to obtain
information from the media. Police want a Hamilton Spectator reporter to turn
over all records of his interviews with a convicted drug dealer between 2001 and
2005. The Spectator Editor-In-Chief is concerned production orders will become a
tool of choice for prosecutors and police intent on getting at reporters’ work.
The new Criminal Code provision came into force in September 2004 and allows a
judge to compel a person not under investigation to turn over documents or data
relevant to the commission of an offence. Not complying is punishable by a fine
up to $250,000 or up to six months in jail, or both. While there may be
compelling reasons on occasion to seek such orders, “a free press cannot be
willy-nilly turned into a tool of the police,” said the Editor. [Source] [CAJ
Press Release]
Alberta’s privacy commissioner
handed down a heavy ruling against an office supply store after it re-sold a
computer containing a customer’s personal information to a third party. The
commissioner lambasted Staples Business Depot for re-selling a computer that
held a woman’s resume, tax return data, social insurance number, as well as
family photos and contact information, said Office of the Information and
Privacy Commissioner director Elizabeth Denham. “There needs to be more due
diligence around reselling and recycling computers that may contain personal
information,” she said. [Source]
In 2005, consumers filed more
than 255,000 ID theft complaints, according to the FTC. Internet-related
complaints were responsible for 46 percent of all fraud reports. However,
studies have indicated that most ID theft does not involve the Internet. The
highest per capita rates of ID theft occurred in the metro regions of Phoenix, Las Vegas and
San Bernardino, Calif., according to the FTC. [Source]
Visa International reveals in
a new global survey that the theft or loss of personal and financial information
is the No. 1 concern of consumers worldwide. Most striking, the theft or loss of
personal and financial information ranks as the top concern of consumers
worldwide (64%), surpassing environmental degradation (62%), terrorism (58%),
job loss (57%) and disease or epidemics (55%), among other major issues. In the
research, consumers report changes in behavior, particularly when shopping
online:
• 63%
of consumers say they are more careful when disposing of financial
statements;
• 50%
look at the privacy policies of companies with which they do
business;
• 62%
of online shoppers are more discriminate about the sites at which they make
purchases; and
• 24%
report shopping less online and 26% less via the
telephone.
Actual e-commerce figures for
Visa show global sales growth of 27% in 2005 over 2004. [Source]
A poll finds that a majority
of those surveyed believe Google should not release information to the
government about its users’ search habits, and more than a third said they would
even stop using the world’s most popular search engine if the company did so.
The survey results, released by the Ponemon Institute, a think tank that studies
privacy in businesses and government, also indicate that a vast majority of
respondents do not believe that Google collects information that can personally
identify who they are. [Source]
[Source]
[Source]
UK – Resident First to Win Legal Case Against
Spam
Nigel Roberts used the
European Union’s E-Privacy Directive law to win £300 (US$500) in compensation
from Media Logistics (UK) Ltd., becoming the first person in the country to use
European legislation to defeat spammers. Roberts had originally complained to
the company after receiving unsolicited e-mail advertising from a contract car
firm and fax broadcasting business. He also used Section 7 of the Directive to
force the company to reveal how it obtained his contact details without his
consent. After receiving an apology, Media Logistics refused to pay him
compensation, resulting in Roberts making a claim for damages to the Small
Claims
Court. This case was won in October, but judgement on
the scale of damages was deferred until the first week in January. Roberts has
now come to an out-of-court settlement with Media Logistics, stating “This may
be a tiny victory but perhaps now spammers will begin to realize that people
don’t have to put up with their e-mail inboxes being filled with unwanted junk.”
[Source]
US – U.S. Computers Responsible for Most Spam,
Company Says
Almost
a quarter of the world’s spam in the last three months of 2005 was sent from
computers in the United
States, according to U.K.
antivirus company Sophos. The U.S. is closely followed by China,
with 22.3% . South
Korea rounds out the top three with 9.7%,
according to Sophos, which said the level of non-English language spam is
rising. [Source]
US – Washington State Sues Over Spam, Spyware
The
Washington state attorney general’s office has sued a New York company and
individuals in New York, New Hampshire, Oregon and India under state and federal
anti-spam and spyware laws, saying they induced computer users to download
software that weakened their computers’ security. [Source]
UK – Police Stop and Search 100 People a Day
Under New Anti-Terror Laws
Charles Clarke, the U.K. Home
Secretary, is facing an onslaught over the Government’s anti-terror laws after
figures showed nearly 36,000 people were stopped and searched under the
emergency powers last year. The number of people stopped and searched each year
has soared since the Act came into force in 2001, when 10,200 people were
stopped. It rose to 33,800 in 2003-04. Despite the high number of people
stopped, only 455 were arrested. Campaigners will mount a legal challenge in the
House of Lords this week, as they attempt to limit the laws giving police
sweeping powers to stop people even if they have no grounds to suspect them of a
crime. [Source]
The
purpose of this survey was to:
• Identify examples of current offerings and
actual implementation of authentication across borders.
• Identify actual or
potential barriers to the current cross-border use of digital signatures from
the supplier/user perspective (taking into account input from other stakeholders
as well).
• Explore the extent to which the cross-border offerings of
authentication meet transaction needs.
The questionnaire was addressed to
governments and to the private sector. The survey is part of the ongoing work of
the Working Party on Information Security and Privacy on authentication that is
aimed at:
• Assessing the need to develop mechanisms to “bridge” varying
legislative/legal/policy frameworks to provide for cross-jurisdictional
authentication and for legal effect of electronic signatures.
• Promoting
the use of authentication as an integral element of a safer, more secure
Internet.
• Developing linkages so as to use the authentication work as an
element for addressing other issues such as online identity theft, management of
digital identities, spam, travel security, biometrics etc. [Source]
Millions of parents rely on
Web filtering software to shield their children from the nasty side of the
Internet—porn, predators and other unseemly phenomena. But according to the U.S.
Justice Department, Web filters are not enough to protect minors. The agency
voiced its concern about the technology last week as it geared up to defend an
antiporn law that’s under attack from civil liberties advocates. The case, which
deals with the 1998 Child Online
Protection Act, grabbed attention last week after the department subpoenaed
Internet search companies, including Google and Yahoo, for millions of search
records. [Source]
UK – Study: Consumers To Blame For Not
Preventing Online Fraud
Britain’s Financial Services
Authority presented research this week that shows that more than half of 1,508
customers surveyed were “extremely” or “very” concerned about the potential
fraud risks of online banking. The survey found that 95% of those surveyed
indicated that banks should take some of the responsibility for online security,
while 45% said banks should take all the responsibility for keeping customers
safe online. According to the report, the
blame for online banking insecurity is due as much to user ignorance as banking
inadequacy. According to the survey, if the banks attempted to move all
liability for online banking losses to customers, 77% say they would abandon
Internet banking completely. The authority’s report makes only veiled criticism
of banks themselves. [Source]
[Source]
Seeking to compel the
immediate disclosure of information concerning the Administration’s warrantless
domestic surveillance program, EPIC has filed a Freedom of Information Act lawsuit
against the U.S. Department of Justice. The suit asks the federal court in
Washington to
issue a preliminary injunction requiring the release of relevant documents
within 20 days. According to President Bush, the Justice Department has played a
key role in authorizing, implementing and overseeing the warrantless
surveillance program. Attorney General Alberto Gonzales and other Justice
officials have been in the forefront of Administration efforts to justify the
program and assert its legality. EPIC’s lawsuit seeks the disclosure of internal
DOJ documents about the program to facilitate the current and ongoing public
debate on the propriety of the warrantless surveillance. EPIC argues in its
court papers that the debate “cannot be based solely upon information that the
Administration voluntarily chooses to disseminate.” [Source]
UK – Government Defends Recording 24,000
Childrens’ DNA Profiles
The
government has defended storing the DNA profiles of about 24,000 children and
young people aged 10 to 18. The youngsters’ details are held on the UK
database, despite them never having been cautioned, charged or convicted of an
offence, a Conservative MP found. [Source]
Some AIDS groups are objecting
to a new HIV data reporting system implemented by the federal Centers for
Disease Control and Prevention (CDC) that they charge is burdensome and intrudes
into the personal lives of clients. The CDC is requiring the 65 state or local
health departments and roughly 130 community-based AIDS groups that are directly
funded by the federal health agency to use its Program Evaluation and Monitoring
System (PEMS), a Web browser-based software application, to report on how they
are fulfilling their contracts. [Source]
Ameriprise Financial, the
investment advisory unit spun off from American Express, said this week that
lists containing the personal information of about 230,000 customers and
advisers had been compromised. A security breach occurred in late December,
Ameriprise said, after a company laptop was stolen from an employee’s parked
car. The laptop contained a list of reassigned customer accounts that was being
stored unencrypted, a violation of Ameriprise’s rules. The information on the
laptop included the names and Social Security numbers of about 70,000 current
and former financial advisers and the names and internal account numbers of
about 158,000 customers, about 6% of its 2.8 million clients. [Source]
A briefcase containing the
names, SSNs and birth dates of hundreds of National Guardsmen has fallen into
the wrong hands after someone broke into a car earlier this month in California. The National
Guard has sent notices to the affected officers warning them about the potential
for ID theft. [Source]
US –
University of Notre Dame Probing Electronic
Break-In
Two
computer-forensic companies are helping the University of Notre Dame investigate
an electronic break-in that may have exposed the personal and financial
information of school donors. The hackers may have made off with Social Security
numbers, credit card information and check images. [Source]
UK – Study: Poor Call-Centre Security Poses ID
Theft Risk
Poor security checks in
UK call centres are leaving banking
customers exposed to the risk of identity fraud, according to a new study. Call
centres operated by the UK’s top 20 financial services
companies were investigated to find out how robust identity checks on customers
calling up were. A password was found to be the most widely used security check
when customers get through to a call centre but agents at nine of the
institutions were persuaded to accept less secure methods of verifying the
identity of callers claiming to have forgotten their password. [Source]
UK – UK Info Commissioner to Probe Tax
Credit ID Theft of 8,800 Identities
The UK’s
data protection watchdog has launched an investigation into the tax credit fraud
fiasco that resulted from the theft of the identities and personal details of
almost 13,000 staff at the Department for Work and Pensions (DWP) and Network
Rail. The government admitted that 8,800 staff identities at the DWP had been
stolen in 2003/04, with 6,800 used in attempts by criminal gangs to make false
tax credits claims last summer. Meanwhile 4,000 Network rail staff had personal
details stolen and used by fraudsters to exploit security weaknesses on the tax
credits claim website. Although HM Revenue and Customs claims to have stopped
many of the fraudulent claims before any money was paid, it admits to losing
£2.7m from those that slipped through the net. The tax credits website was
closed down in December and is still offline while the criminal investigation is
ongoing. [Source]
[Source]
The Center for Democracy
&Technology (CDT) has asked the FTC to put an end to the illegal and
deceptive practices of 180solutions Inc., one of the world’s largest developers
of Internet advertising software. In a detailed complaint, CDT outlines a
pattern whereby 180Solutions, through a complicated web of affiliate
relationships, deliberately and repeatedly attempted to dupe Internet users into
downloading intrusive advertising software. The complaint illustrates how
180solutions continued this pattern of practice even after being warned by
technology experts, privacy advocates and its own auditors that its practices
were unethical, and in several cases, illegal. [Source] [Source]
The Direct Marketing Association has set up its first
requirements governing members’ use of software distribution. The rules are
designed to curb unethical installation practices, the industry group said, as
well as to draw a line in the sand it hopes will preserve the legitimate uses of
downloaded software. Many online marketers have been experimenting with using
downloadable software as part of their marketing plans. The guidelines say
marketers “should not install, have installed, or use...software that initiates
deceptive practices or interferes with a user’s expectation of the functionality
of the computer and its programs.” They single out as unacceptable software that
relays spam, serves “endless loop pop-up advertising,” or deceptively modifies
security or browser settings. [Source]
A
group including Google and institutes at Harvard and Oxford universities plans
to unveil a campaign against spyware and other malicious computer programs that
can steal personal information, snoop on your Web surfing and bombard you with
pop-up ads. The coalition, which is receiving unpaid advice from Consumer
Reports WebWatch, is launching a Web site -- http://www.stopbadware.org/ -- to
catalogue programs that infect unsuspecting users and to let them check whether
something is dangerous before downloading it. The group also will spotlight
firms that make the software in an effort to shame them and will gather data
that could lay the groundwork for class-action lawsuits against them. [Source]
Dealing with viruses, spyware,
PC theft and other computer-related crimes costs U.S.
businesses a staggering $67.2 billion a year, according to the FBI. The FBI
calculated the price tag by extrapolating results from a survey of 2,066
organizations. [Source]
US – U.S. Obtains Internet Users’ Search Records from
Yahoo, MSN, AOL, Others
Federal investigators have
obtained potentially billions of Internet search requests made by users of major
websites run by Yahoo Inc., Microsoft Corp. and America Online Inc., raising
concerns about how the massive data trove will be used. The information turned
over to Justice Department lawyers reveals a week’s worth of online queries from
millions of Americans — the Internet Age equivalent of eavesdropping on their
inner monologues. The Internet companies said that the information did not
violate their users’ privacy because the data did not include names or computer
addresses. The disclosure nonetheless alarmed civil liberties advocates, who
fear that the government could seek more detailed information later. A Justice
Department spokesman said the government was not interested in ferreting out
names — only in search trends as part of its efforts to regulate online
pornography. But the search-engine subpoenas come amid broader concerns over how
much information the government collects and how the data are used. [Source]
[Source] [Source]
[DOJ
Submission]
The government’s battle with
Google to obtain search query records comes as federal officials are targeting
Internet evidence to bolster law enforcement investigations in several areas,
including domestic security and cybercrime. Justice Department officials contend
that it needs the Google records – not to investigate individuals – but to
defend the Child Online Protection
Act of 1998. The Justice Department argues the evidence would help
prosecutors determine how much users are searching for pornography and how well
filtering software works to block that content. [Source]
[Source]
[Source]
More than three quarters of
web surfers don’t realize Google records and stores information that may
identify them, results of a new opinion poll show. The phone poll, which sampled
over 1000 internet users, was conducted by the Ponemon Institute following the
DoJ
subpoenas last week. This suggests that the battle for internet privacy is
far from over. Google maintains a lifetime cookie that expires in 2038, and
records the user’s IP address. But more recently it has begun to integrate
services which record the user’s personal search history, email, shopping
habits, and social contacts. After first promising not to tie its email service
to its search service, Google went ahead and opted its users in anyway. It’s all
part of CEO Eric Schmidt’s promise to create a “Google that knows more about
you”. [Source]
Ruling on one of the most
important First Amendment issues of the day, a Philadelphia judge has ruled that a valid
defamation claim trumps any right to speak anonymously on the Internet. In his
19-page opinion in Klehr Harrison Harvey Branzburg & Ellers v. JPA
Development Inc., Common Pleas Judge Albert W. Sheppard Jr. ordered the operator
of two now-defunct Web sites to turn over the identities of the anonymous
authors of comments on the sites that allegedly defamed a Philadelphia law firm. [Source]
Internet
users surrender any privacy rights they have to their subscriber information
when they sign up for online service, a New Haven Superior Court judge has ruled
in a matter of first impression in Connecticut. The decision by Judge Nicola E.
Rubinow rejects a motion to suppress evidence that was brought by a Southbury
family whose computer was seized by police investigating the alleged online
harassment of a Quinnipiac University student.
Interest
in software that allows people to send e-mail messages that cannot be traced to
their source or to maintain anonymous blogs has quietly increased over the last
few years, say experts who monitor Internet security and privacy. “People in the
world are more interested in anonymity now than they were in the 1990’s,” when
the popularity of the Internet first surged, said Chris Palmer, technology
manager at the Electronic Frontier Foundation, a nonprofit group in San
Francisco dedicated to protecting issues like free speech on the Web. [Source]
UK – Blair Under Fire On ID Cards
Tony Blair’s plans for a
national identity card scheme could end up as being a “monument to the failure
of big government”, the opposition leader has warned. The Tory leader attacked
the proposed scheme as new research came to light suggesting it could cost more
than £14bn to run. [Source]
[IT
industry prepares for the worst over ID cards]
The ranking Democrat on the
House Judiciary Committee is seeking information from 20 phone, cable and
Internet company executives about whether they provided information to the
federal government for a secret domestic surveillance program. Michigan Democratic Rep. John Conyers, a leading critic of
President Bush’s surveillance program, sent a letter to the chief executives of
the Bell phone
companies such as Verizon Communications Inc. and AT&T Inc., wireless
companies such as Cingular Wireless and cable companies including Comcast Corp.,
as well as Google Inc. and Yahoo Inc., among others. [Source]
T-Mobile is seeking an
injunction in Washington state against several online data
brokers that allegedly use fraudulent means to obtain and sell its customers’
telephone records. Federal lawmakers are pursuing legislation that would make it
illegal to obtain the records or sell them. [Source]
[See also Cingular
Wireless Wins Injunction Against Data Brokers]
US – New Hampshire Reps Approve RFID ‘Tracking
Device’ Bill
The New Hampshire House of
Representatives approved a bill, HB-203, that would require warning labels on
consumer goods and identity documents that contain RFID tags or other tracking
devices, regulate the use RFID or other technology for tracking individuals, and
establish a commission on the use of tracking devices in government and
business. The bill now
heads to the New Hampshire Senate, where it will be assigned a committee for
hearing. At least two industry groups, the American Electronics Association
(AeA) and the Retail Merchants Association of New Hampshire, oppose the bill,
claiming that despite amendments that soften the restrictions originally placed
on the use of tracking devices such as RFID, the bill remains too limiting of
the technology and places overly onerous requirements on companies that want to
use the technology. Despite the opposition, New Hampshire Representative Neal
Kurk (D, R), one of the bill’s supporters, stands behind the proposed law. “This
is a simple notification bill, which is something that industry groups keep
saying they support,” says Kurk, who was surprised to hear that industry groups
still object to the bill after numerous amendments. In addition to requiring
notice of tracking devices on consumer goods, HB203 would prohibit the state of
New Hampshire
or any of its political subdivisions or agencies from using RFID to track
individuals, with exceptions such as incarcerated prisoners or patients in
hospitals, nursing homes or assisted-living facilities. It also states that no
state-issued identity document could contain, transmit or enable the remote
reading of any personal information other than a unique personal identifier
number issued by the state. The bill’s latest amendments also says it would
prohibit the implantation of an RFID tag into any person without that person’s
consent or that of his legal guardian. And it calls for a commission to study
RFID devices in government and business and monitor their effect on the economy
and society. At least 12 states in 2005 introduced privacy legislation relating
to the use of RFID, according to the National Conference of State Legislatures.
Last year, the California Senate and House of Representatives approved the
Identity Information Protection Act of 2005, which would put a three-year
moratorium on the use of RFID in California-issued identity documents (see Calif. RFID Bill
Assumes New Identity). The full state assembly is set to vote on it some
time this year. Washington has also introduced legislation
aimed at regulating the use of RFID in IDs. [Source]
US – Coalition Objects to RFID chips for
Driver’s Licenses
A coalition of conservative
groups and privacy advocates is urging the Homeland Security Department not to
include the use of radio frequency identification contactless chips in its
regulations for implementing the Real ID Act for state driver’s licenses. In a
letter
to Secretary Michael Chertoff, the groups assert that RFID costs a lot, lacks
standardized technology and poses potential dangers to privacy from unauthorized
reading of the chips. [Source]
US – FTC Levies Highest-Ever Civil Fine
Against ChoicePoint
ChoicePoint has agreed to pay
$15 million – a $10 million civil penalty and $5 million to consumers – to
settle charges that its security and record-handling procedures violated
consumers’ privacy rights and federal laws. The Federal Trade Commission (FTC)
said a data breach at the company involved the personal information of 163,000
consumers. ChoicePoint, which also has agreed to independent audits, did not
admit any wrongdoing. [Source]
[Source]
A recent OECD report is a
major information resource on governments’ effective efforts to foster a shift
in culture as called for in the 2002 OECD Guidelines for the Security of
Information Systems and Networks: Towards a Culture of Security. It includes a
detailed inventory of initiatives to implement the Guidelines in the following
18 OECD member countries, including Canada. It also highlights main
findings based on an analysis of common current trends in those countries and
progress made since 2003. The
report is structured in two parts, including: 1) the main policy messages based
on an analysis of the responses; and 2) a synthesis of the responses, question
per question. More detailed country summaries and the questionnaire are to be
found in Annexes 1 and 2. [Source]
Complying with a recent
Defense mandate, the Army has announced it will require users to use a
public-key infrastructure to log on to the service’s unclassified network. The
Army is implementing the Common Access Card Cryptographic Logon, which requires
a smart card and a personal identification number to gain access to the
Non-Classified IP Router Network (NIPRnet). The Defense Department’s Joint Task
Force for Global Network Operations (JTF-GNO), headed by Air Force Lt. Gen.
Charles Croom, set a July 31 date for all of the services and agencies to fully
install a PKI to help ward off network intrusions. [Source] [Source]
A majority of Americans want
the Bush administration to get court approval before eavesdropping on people
inside the U.S., even if those calls might
involve suspected terrorists, an AP-Ipsos poll shows. President Bush and top
aides have defended the electronic monitoring program they secretly launched
shortly after Sept. 11, 2001, as a vital tool to protect the nation from
al-Qaida and its affiliates. Yet 56% of respondents in an AP-Ipsos poll said the
government should be required to first get a court warrant to eavesdrop on the
overseas calls and e-mails of U.S. citizens when those
communications are believed to be tied to terrorism. Agreeing with the White
House, some 42% of those surveyed do not believe the court approval is
necessary. According to the poll, age matters in how people view the monitoring.
Nearly two-thirds of those between age 18–29 believe warrants should be
required, while people 65 and older are evenly divided. Party affiliation is a
factor, too. Almost three-fourths of Democrats and one-third of Republicans want
to require court warrants. [Source]
Canadian privacy legislation
is powerless to protect cellphone records and other personal information that is
being obtained and sold by U.S.-based data brokers, the Canadian Internet Policy
and Public Interest Clinic charged last week. While the United States’ Federal Communications Commission
said it is investigating the sale of private cellphone records, in
Canada the protection of
privacy legislation appears to stop at the border, leaving companies outside
Canada free to trade in personal
information. [Source]
Missouri
Attorney General Jay Nixon is on the case of the cell-phone data burglars. Nixon
filed a request in Cole County Circuit Court late last week for a temporary
restraining order against Data Find Solutions Inc. and 1st Source
Information Specialists. The companies, Nixon said, are thought to operate Web
sites such as http://www.locatecell.com/ that promote
the sale of personal phone records. [Source]
Extract: Recent data breaches
highlight how identity theft may occur when businesses share individuals’
personal information, including Social Security Numbers (SSNs), with
contractors. Because private sector entities are more likely to share consumers’
personal information via contractors, members of Congress raised concerns about
the protection of this information in contractual relationships. In response,
GAO examined (1) how entities within certain industries share SSNs with
contractors; (2) the safeguards and notable industry standards in place to
ensure the protection of SSNs when shared with contractors; and (3) how federal
agencies regulate and monitor the sharing and safeguarding of SSNs between
private entities and their contractors. Banks, securities firms,
telecommunication companies, and tax preparation companies share SSNs with
contractors for limited purposes. Firms GAO interviewed routinely obtain SSNs
from their customers for authentication and identification purposes, and
contract out various services, such as data processing and customer service
functions. Although these companies may share consumer information, such as
SSNs, with contractors, company officials said that they only share such
information with their contractors when it is necessary or unavoidable.
Companies in the four business sectors GAO studied primarily relied on accepted
industry practices and used the terms of their contracts to protect the personal
information shared with contractors. Most company officials stated that their
contracts had provisions for auditing and monitoring to assure contract
compliance. Some noted that their industry associations have also developed
general guidance for their members on sharing personal information with third
parties. Federal regulation and oversight of SSN sharing varied across the four
industries GAO reviewed, revealing gaps in federal law and agency oversight in
the four industries GAO reviewed that share SSNs with contractors. [Source]
Efforts to reach
an agreement on a long-term renewal of the USA
Patriot Act appear stalled as House Judiciary Committee Chairman Rep.
James Sensenbrenner, the House’s chief negotiator, has said his
chamber is finished negotiating. Sixteen
key provisions of the Patriot
Act were set to expire at the end of last year. Members of Congress
were unable
to reach an agreement on a long-term extension before Christmas, and
instead passed
a one-month extension set to expire February 3. Senate Democrats and
four Republican senators are pressing for more civil liberties protections to be
incorporated in the renewal legislation, but Sensenbrenner has said that the
proposal in December’s conference
report provides adequate
safeguards. Senate Judiciary Chairman Arlen
Specter said Tuesday that there are likely only two options at this
point: the conference report or another short-term extension. Republican Sen.
John Sununu, one of the four who have joined Senate Democrats in
opposition to the conference report, said however that discussions with the Bush
administration on possible changes are continuing. [Source]
Senators
David Shafer (R-Duluth) and John Wiles (R-Marietta) this week announced that
they have introduced legislation aimed at prohibiting the sale of cell phone
records without the consent of the consumer. Senate Bills 455 and 456 were filed
with the Secretary of the Senate’s office this week. SB 455, if passed, would
prohibit cell phone companies from selling or releasing cell phone records
without the consent of the customer. It also would ban information brokers from
obtaining and selling this information. Shafer’s bill would require cell phone
companies to implement measures to protect cell phone records from unauthorized
disclosure. SB 456, authored by Wiles, would provide for penalties for those
that engage in the sell and trade of cell phone records. Under Wiles’
legislation, those who are found guilty of illegally selling this information
could face felony charges and up to 10 years in prison and/or $100,000 fine. [Source]
US – West
Virginia Miners to Get Electronic Tracking
Devices
West
Virginia
lawmakers unanimously passed legislation Jan. 23 requiring miners to wear
electronic tracking devices and carry wireless emergency communications
equipment when working underground. Swift passage of the bill was in direct
response to the deaths of 14 miners in two separate incidents since the
beginning of this year. Gov. Joe Manchin, who unveiled the legislation Monday
morning, is expected to sign the bill into law. The bill includes a provision to
protect miners’ privacy when they’re wearing the monitoring technology. It
states that no one “shall discharge or discriminate against any miner based on
information gathered by a wireless tracking device during nonemergency
monitoring.” [Source]
--------
11