20 May 2008 – ‘My heart fills. I’m so proud’

With at least one poll putting the Tories ahead, the fight for Crewe and Nantwich has got dirty. Labour activists have criticised a leaflet put out by their own party which shows a picture of Timpson and the statement: “Do you oppose making foreign nationals carry an ID card?”

Foreign nationals will receive ID cards this year and British citizens next year but the leaflet has been condemned for its far-right tone and suggestion the Tories are “soft” on immigrants. Is it a sign of the increasingly partisan campaign or desperation that Tamsin is unrepentant? “I don’t think it sounds BNPish,” she says. “I’m not apologising for the tone of it. Do the Tories support or oppose it? It’s time they came clean – what policies have we had out of the boy’s [Timpson's] mouth?”

More: ‘My heart fills. I’m so proud’

Source: http://www.guardian.co.uk/

20 May 2008 – We’ll Be Able to Sign Up for ID Cards at Tesco

Almost imperceptibly, the security architecture originally built around the ID card project has been dismantled.

When it was proposed in 2002, the intention was to establish a bespoke database. David Blunkett, then Home Secretary, said: “We’ve got to build a clean identity database from scratch. We can’t use the National Insurance numbers, as there are 20 million more National Insurance numbers than there are people in the country.”

But this idea was abandoned. Instead, biometrics will be stored on an existing system in the Home Office used for asylum seekers, biographical information will be held on a National Insurance database in the Department for Work and Pensions and a third database at the Identity and Passport Service (IPS) will hold administrative details related to the issue and use of the ID cards.

It was also envisaged that everyone would have to give an iris print, which is the most secure biometric with a far lower chance of false readings than fingerprints. Last year, however, the Identity and Passport Agency said it would proceed only with fingerprints, which are far cheaper to capture.

Still, at least these fingerprints would be taken in the secure and official environs of a government passport office, one of 70 being set up for this purpose. But when it became clear that far more than 70 offices would be needed to enrol 60 million people on to a database, and it would be costly, this changed as well. Hence the announcement that private contractors will be asked to bid for the work.

Does any of this sound secure to you? It seems to defeat the purpose of the whole exercise, which is to protect identities, capture terrorists, bear down on benefit fraud and stop illegal immigration. But of course none of these will be ameliorated by the possession of an ID card, which nobody will be required to carry with them.

As one perplexed campaigner said after the publication of the new costings: “The Government now appears to have junked the primary pretext for the scheme. So what is it for?”

More: We’ll Be Able to Sign Up for ID Cards at Tesco

Source: http://www.telegraph.co.uk/

20 May 2008 – ID Cards Scheme ‘Is Open to Fraud’

A government-appointed panel of experts is warning that the new ID cards system will be open to fraud by the people running it.

In a potentially damaging revelation, which undermines claims that the scheme will enhance national security, the group has concluded that it will be prone to corruption.

A new report by the Independent Scheme Assurance Panel (Isap), set up to advise the government on the implementation of ID cards, states: ‘Based on the likelihood that the scheme will aggregate a lot of valuable data, there is the risk that its trusted administrators will make improper use of this data.’ It adds: ‘The scheme will be subject to data errors and errors in decisions made.’

The acknowledgements come as the government has admitted it is to contract out the taking of fingerprints and photographs of ID card applicants to the private sector to save money.

The news has alarmed opponents of the scheme, who say this will increase the risk that the data of individuals will be illegally shared with third parties. ‘By cutting costs and cutting corners, the Home Office has fundamentally undermined the integrity of the scheme,’ said Phil Booth, spokesman for the campaign group, No2ID.

More: ID Cards Scheme ‘Is Open to Fraud’

Source: http://www.guardian.co.uk/

20 May 2008 – Apparatchiks Seek to Cut Costs of UK ID Scheme

Following years of criticism that the ID scheme will amount to nothing more than an expensive bodge, the Identity and Passport service said it has slashed the cost by nearly a £1 billion.

But opponents say it has cut corners to cut costs and British citizens will suffer the consequences, while the Home Office has had to create a rush job mini-ID scheme to meet its own 2009 deadline.

The IPS said today that its cost estimate for giving ID cards to every UK national and running the system for 10 years had been cut from £5.43 million to £4.56 million.

It had done this, it said in its quarterly ID costs report, by deciding to leave the “open market” to capture citizens’ biometrics, effectively outsourcing the cost of enrolling people onto the ID scheme.

More: Apparatchiks Seek to Cut Costs of UK ID Scheme

Source: http://www.theinquirer.net/

20 May 2008 – ID Cards? Government Can’t Be Trusted With Our Personal Information

We have seen only recently just how incompetent the Government is at keeping our personal information secure. Last year, HM Revenue and Customs lost computer discs containing the personal information of about 25 million people, including their bank account details and National Insurance numbers.

This is on top of the DVLA in Northern Ireland losing the personal details of 6000 people and the loss of details of three million theory test candidates.

It is estimated that the market value of these “identities” lost by HMRC was around £1.5 billion, making this a golden opportunity for fraudsters. It serves as a clear demonstration of the dangers of large databases, and the problems with securing personal details, even with “trusted” organisations.

The danger of databases increases with every increase in the amount of data they hold. A comprehensive national identity database, holding 50 pieces of personal information about every person in the UK, would be the most dangerous database of all. Yet the Government are still determined to press ahead with this scheme.

More: ID Cards? Government Can’t Be Trusted With Our Personal Information

Source: http://news.scotsman.com/

19 May 2008 – Nonsensical Excuses for Labour Failure

The second, barely acknowledged, cause of rejection is the growing and palpable concern at the continued erosion of civil liberty. Populist attacks on civil liberties have long been the stock-in-trade of New Labour and it was an essential ingredient of the project to outflank and ambush the Tories on law and order.

At first this may have worked, but it has produced a growing sense of alarm which has finally found expression. This alarm is now fuelled by the (albeit unjust) perception of the Prime Minister as a gloomy authoritarian who tolerates no dissent.

So to the second apologia: “I will listen and learn”. If this is serious then I propose the following political week for the Prime Minister, which will bring about a dramatic revival in Labour’s fortunes.

Monday: announce an immediate programme to return power and responsibility in public services to the excellent professionals who operate within them with an associated substantial reduction in targets and other official impertinence.

Tuesday: termination of the identity card programme, with the billions saved to be spent on the alleviation of poverty, sensibly increased security intelligence and improved conditions for service personnel injured in conflict.

More: Nonsensical Excuses for Labour Failure

Source: http://www.telegraph.co.uk/

19 May 2008 – Disappointed? I am angry! Let’s show some conviction

So what can be done to reignite Labour Party members and avoid self-combustion? We need to be talking of positive policies which improve people’s lives and will show Labour at its best. We have been in power for 10 years and it’s time to take stock. We must look at which policies have worked and which have not; we must look at what the public wants. We must move on from Blairite policies on ID cards, Trident missiles and futile wars with astronomical costs. The need for affordable housing and a national council house building programme remains. We must be seen to be “moving forward” on issues like carbon neutral housing, flooding, cliff erosion and seabed change. These are problems we encounter with constituents week in and week out.

More: Disappointed? I am angry! Let’s show some conviction

Source: http://www.independent.co.uk/

19 May 2008 – Big Brother is Filling Up Your Car

“Mike Byrne is concerned that he might one day have to present his ID card when buying petrol. He need not worry – this is not necessary. At Birchhanger Green services on the M11 I recently observed a notice that all registration numbers are checked against the Police National Computer (PNC) before the pump is enabled – and that this information will be retained.”

Turns out that the systems examine a vehicle’s licence plate against the PNC WITHOUT giving the cashier, or the petrol company, access to the database.

The driver is then cleared or flagged, and the cashier has the option to enable the pump. The whole process takes a matter of seconds.

Interestingly, it seems that should a car do a runner, the cashier then has the option of adding the record to a police database.

So although Shell / Esso / BP employees cannot access the database, they can add records to it by flagging cars that have done a runner.

More: Big Brother is Filling Up Your Car

Source: http://newsdesk.computing.co.uk/

19 May 2008 – Labour Revolt over ID Cards

Campaigners fighting the Government’s plans for ID cards are claiming a victory after four Labour candidates seeking election to Oxford City Council on Thursday opposed the scheme.

And today, city councillor and Lord Mayor John Tanner, who is seeking re-election in his Littlemore seat, told Oxford campaign group NO2ID he also did not support the Government’s proposals.

NO2ID contacted each of the 101 candidates fighting for election to half the city council’s 48 seats to find out where they stood on the controversial issue.

NO2ID chairman Chris Rimmer, from Kennington, said although the scheme was a national one, it seemed likely local authorities would end up footing much of the bill.

He said candidates from the Conservative Party, Liberal Democrats and Green Party opposed the scheme, but five Labour candidates also said they were against the idea of a compulsory ID card system.

Mr Rimmer said: “When we carried out a similar exercise at the last local elections, there was a deafening silence from Labour candidates.

“This time it appears they have seen how unpopular the policy is and are not afraid to declare themselves against it.

“With even grass-roots Labour activists turning against it, surely now the time has come for Gordon Brown to scrap this highly intrusive, expensive and potentially damaging scheme.”

More: Labour Revolt over ID Cards

Source: http://www.oxfordmail.net/

19 May 2008 – Time to Bite the Ballot

One temptation the government must resist is to respond to demands for greater ballot security by waving the national identity card in our faces. Sadly, I would not be at all surprised if the government were to insist that, in future, voters will have to produce their “voluntary” identity cards at the polling station.

Yet, as Wilks-Heeg points out, the system works perfectly well in Northern Ireland by allowing people to use any form of photo ID. Most use their driver’s licence or passport, while there is the option of applying for a basic photographic identity card specifically for voting purposes. Such a scheme can be introduced inexpensively and quickly. By contrast, the national identity card is now due to take more than a decade to roll out across the country – and that is assuming no future government scraps the scheme. We need action now.

More: Time to Bite the Ballot

Source: http://commentisfree.guardian.co.uk/

28 April 2008 – LSE Ignites Privacy Settings Project

The London School of Economics (LSE) is undertaking an identity management project to examine how 10,000 staff and students manage their privacy.

The £500,000 Flame project will give LSE students and staff access to external online learning services with access privileges correlated to the amount of private information users are willing to divulge.

More: LSE Ignites Privacy Settings Project

Source: http://www.computing.co.uk/

28 April 2008 – Face Scans for Air Passengers to Begin in UK This Summer

Airline passengers are to be screened with facial recognition technology rather than checks by passport officers, in an attempt to improve security and ease congestion, the Guardian can reveal.

From summer, unmanned clearance gates will be phased in to scan passengers’ faces and match the image to the record on the computer chip in their biometric passports.

Border security officials believe the machines can do a better job than humans of screening passports and preventing identity fraud. The pilot project will be open to UK and EU citizens holding new biometric passports.

More: http://www.guardian.co.uk/business/2008/apr/25/theairlineindustry.transport?gusrc=rss&feed=travel

Source: http://www.guardian.co.uk/

28 April 2008 – Civil Service Workers to Fight Glasgow Redundancies

The PCS civil service workers’ union has pledged to combat any plans for compulsory redundancies in the Glasgow Identity and Passport Service (IPS).

Management has announced that it wants to axe 100 jobs from the department’s Cowcaddens site.

Paul McGoay, the PCS IPS group president, told Socialist Worker, “A 90-day consultation period about the job losses is now taking place, but we could be faced with compulsory redundancies.

“This is down to the treasury making every civil service department carry out ‘efficiencies’. It is also to do with the fact that the IPS has been tasked with producing ID cards, and we need to make more ‘efficiencies’ to pay for them.

More: Civil Service Workers to Fight Glasgow Redundancies

Source: http://www.socialistworker.co.uk/

28 April 2008 – Infuriated by Incapability Gordon Brown

Gordon Brown’s failure to define what he stands for is provoking despair even among his loyal supporters, reports John Kampfner.

Four years ago, as Tony Blair was hanging on to his premiership by his fingertips, I wrote a piece suggesting that perhaps, after all, Gordon Brown might not have what it takes to become prime minister. I used the word, much used by Margaret Thatcher to disparage her opponents – “frit”, or cowardice.

More: Infuriated by Incapability Gordon Brown

Source: http://www.telegraph.co.uk/

18 April 2008 – ID Card Challenge Batted Back

Justice Stanley Burnton, the presiding judge, made an aside on the hopes of anti-ID card campaigners that the Gateway Reviews might prove damning to the programme as a whole.

“If there were a ’smoking gun’ in the reviews, the case for disclosure would, on one view, be considerably strengthened,” said Burnton.

“I have read both reviews. There is, in my view, no ’smoking gun’,” he said.

It stands to reason, he said, that if there had been a smoking gun, then the government wouldn’t have gone ahead with the ID Scheme in the first place, would it?

As Burnton isn’t an IT expert, we can probably reserve judgment on that argument until the reviews are published. It quite puts the whole question of this case for transparency in a logical deadlock: the whole thrust of the requests after all was the belief that the government pressed ahead with the scheme in total disregard of any amount of sensible advice that it shouldn’t. So yes, Burny, it well might.

More: ID Card Challenge Batted Back

Source: http://www.theinquirer.net/

18 April 2008 – The Minister, the Internet and the Phrase that ‘Disappeared’ From

One can readily understand why civil servants might have cringed at the phrase “hack-proof” and requested its removal; no database can ever be described as such. However, erasure of “not connected to the internet” is a far more serious matter. When the Identity Cards Bill was being debated by parliament, ministers routinely gave conflicting information about whether this supposedly secure database would be connected to the internet. At times, it was claimed that citizens would be able to check and update their details online. On other occasions, it was claimed that the database would be physically isolated. After wasting two years and many millions of pounds of our taxes, without even a single plastic card being issued, it seems the Home Office is still unsure about this basic question.

If the National Identity Register is not connected to the internet, it will not be able to fulfil any of the dreams of ministers. If it is connected to the internet, it will not be secure.

Perhaps Meg Hillier could consult her advisers and let us know which of these unsatisfactory options has been selected, or when a decision will be made.

More: The Minister, the Internet and the Phrase that ‘Disappeared’ From

Source: http://www.theherald.co.uk/

13 April 2008 – ID Cards Not So Hack-Proof

More confusion over the Government’s ill-fated ID card scheme after the Home Office minister Meg Hillier explained the system’s security measures to MPs in the wake of a string of Whitehall blunders.

She told the Home Affairs select committee: “The National Identity Register, essentially, will be a secure database… hack-proof, not connected to the internet… not be accessible online; any links with any other agency will be down encrypted links.”

By the time the transcript of Miss Hillier’s evidence was published, however, in the official Commons record, the words “hack-proof, not connected to the internet” had mysteriously been removed.

Did someone realise the claim was a hostage to fortune?

More: ID Cards Not So Hack-Proof

Source: http://www.telegraph.co.uk/

18 April 2008 – Judge Quashes Decision to Make Details of ID Card Scheme Public

A High Court judge yesterday quashed decisions to make public details of two early assessments of the government’s controversial ID cards scheme.

But Mr Justice Stanley Burnton said a different Information Tribunal should look again at the request under the Freedom of Information Act.

He said his ruling is not a judgment on whether the gateway reviews should or should not be disclosed and that would have to be determined by the tribunal.

More: Judge Quashes Decision to Make Details of ID Card Scheme Public

Source: http://www.theherald.co.uk/

18 April 2008 – High Price of Launching ID Cards as Consultants Cost Us £150m

Spending on consultants by the Home Office has rocketed by 2,000 per cent under Labour to almost £150m a year.

The total amount lavished on management consultants and other so-called experts over the past decade is £545m.

One of the major reasons for the expenditure is trying to get the controversial ID cards project of the ground.

The cash could otherwise have been spent putting 10,900 extra police on streets for a year.

Shadow Home Secretary David Davis, who unearthed the figures, said: “The Home Office has had its worst period in its 200-year history, stumbling from crisis to crisis.

More: High Price of Launching ID Cards as Consultants Cost Us £150m

Source: http://www.dailymail.co.uk/

10 April 2008 – One Lord Leaping On the Government’s IT Flaws

A programmer and system designer by trade, Lord Erroll is giving the government grief about cybercrime. Merlin, the Earl of Erroll, is the spokesman for the House of Lords Science and Technology Select Committee’s report on personal internet security.

The committee recommended in August last year that the Serious Organised Crime Agency should develop a unified web-based reporting system for cybercrime. It also asked the government to look again at its decision that the public should report cybercrime to the banks and not the police. The Lords asked for a central cybercrime unit to handle low-level internet fraud. In essence, Erroll and his noble friends do not think the government and police take cybercrime seriously.

More: One Lord Leaping On the Government’s IT Flaws

Source: http://www.guardian.co.uk/

10 April 2008 – HSBC Loses Customer Data

HSBC has lost a disc containing details of 370,000 of its customers, in an incident which will raise further questions about firms’ data security policies.

The loss occurred four weeks ago when HSBC used the Royal Mail to transport its disc between the bank’s offices in Southampton and Folkestone, an HSBC spokesman told IT Week.

The disc was password protected and contained names, life insurance cover levels, dates of birth and whether or not a customer smokes, said HSBC in a statement. “There is nothing else that could in any way compromise a customer and there is no reason to suppose that the disk has fallen into the wrong hands. “

More: HSBC Loses Customer Data

Source: http://www.computing.co.uk/

10 April 2008 – Google Sued for Street View Privacy Invasion

A Pennsylvania couple are suing Google for posting pictures of their home on Google Street View.

The couple have filed a case claiming that one of Google’s vehicles which photographs urban areas using a digital camera mounted on the roof took the photos by driving up a road clearly marked ‘Private Property’.

“As residents living in a private road Plaintiffs had a reasonable expectation of privacy, as well as within their exclusive residence,” the filing reads.

“The invasion of Plaintiffs was substantial and highly offensive to a reasonable person. Revealing this information has caused Plaintiffs mental suffering and diminished the value of their property.”

More: Google Sued for Street View Privacy Invasion

Source: http://www.computing.co.uk/

10 April 2008 – Mayoral Debate Focuses on Crime

Three of the candidates for London’s Mayor have clashed over crime levels in the capital during a televised debate.

Ken Livingstone, the Labour incumbent, said the capital’s murder rate had decreased by 28% over five years.

Conservative Boris Johnson said he would get more police on the street by taking bureaucracy “off their backs”.

Lib Dem Brian Paddick, a former senior Met officer, said many members of the public “don’t trust the police enough to phone up, even anonymously”.

More: Mayoral Debate Focuses on Crime

Source: http://news.bbc.co.uk/

10 April 2008 – ID Card Rebels Offer £1,000 for Brown’s Fingerprints

Two of Britain’s leading civil liberties groups are to offer a £1,000 reward for the fingerprints of the Prime Minister or Home Secretary – a move that could leave both groups open to prosecution for incitement.

The anti-ID cards group No2ID and the campaign organisation Privacy International will this week take out spoof ‘Wanted’ posters in tube stations and pub lavatories offering the cash to anyone who can lawfully obtain either the fingerprints of Gordon Brown or Jacqui Smith. An initial print run of 10,000 has been commissioned.

The posters, resembling those issued by US sheriffs hunting outlaws in the Wild West, are backed by an internet campaign and accuse Brown and Smith of ‘identity theft’. They stipulate that ‘the fingerprint must be obtained lawfully and can be located on a beer glass, doorknob or any object with a hard surface. Corroborating evidence is required to ascertain the identity of these thieves.’ The £1,000 reward will then be paid to the charity of the ‘bounty hunter’s choice’, as the posters put it. The poster continues: ‘As fingerprint technology spreads, this government will essentially have back-door access to your computers, files, wallets and even cars and homes. We are offering this bounty to teach these individuals a lesson about personal information security.’

More: ID Card Rebels Offer £1,000 for Brown’s Fingerprints

Source: http://www.guardian.co.uk/

10 April 2008 – ID Group Calls for End to Card Plan

PROTESTERS in Cambridge are calling for a Government rethink on ID cards.

Members of the Cambridge No2ID organisation arrived to greet Meg Hillier, the Home Office minister in charge of the scheme, at the gates to Jesus College yesterday (Tuesday, 01 April).

She was in the city to meet Cambridge businesses and local officials to hear their views on the project.

Andrew Watson, No2ID campaigner, said: “We counted the number of people going in to meet the minister, and made it a sum total of 12.

“Considering we had 18 people outside, from all walks of life, from councillors, to businessmen, we outnumbered them despite only having 18 hours notice.”

More: ID Group Calls for End to Card Plan

Source: http://www.cambridge-news.co.uk/

1 April 2008 – Hackers Attack Euro 2008 Ticket Website

Don’t score an own goal, warns security firm.

Football fans were warned today to be careful when buying tickets online for the forthcoming Euro 2008 championships, after the discovery of malicious code on the website of a major European ticket resale company.

The site in question has a high search engine ranking and a presence among sponsored links, indicating that the hackers may have a huge pool of potential victims, according to SophosLabs.

Visitors attempting to purchase tickets through the site will be exposed to the malicious script which is embedded in some of the web pages.

This malware then attempts to download further attacks from another remote website.

More: Hackers Attack Euro 2008 Ticket Website

Source: http://www.computing.co.uk/

1 April 2008 – Google Gears Up to Offline Access

Google uses Gears extension to provide offline access to docs.

Google has delivered on its offline access to applications promise, providing users with the ability to edit and view spreadsheets and documents while offline.

Announcing the update Janani Ravi, Software Engineer, said, “As you’ll read on the Google Docs blog, starting today and over the coming weeks we’re rolling out offline editing access to word processing documents to Google Docs users. You no longer need an Internet connection when inspiration strikes. Whether you’re working on an airplane or in a cafe, you can automatically access all your docs on your own computer.”

More: Google Gears Up to Offline Access

Source: http://www.computing.co.uk/

1 April 2008 – IT Security Experts Lured To the Middle East

The region is poaching staff in a bid to become the world’s IT security centre.

Soaring salaries for IT security professionals are attracting experts to the Middle East, as the region aims to beome the world’s IT security centre.

Salaries will hit $15,000 (£7,600) a month during 2008, driving a massive global skills migration, according to research by supplier Oger Systems.

Wages in the Middle-East region are easily surpassing those in the West, said David Michaux, a divisional manager at Oger Systems.

More: IT Security Experts Lured To the Middle East

Source: http://www.computing.co.uk/

31 March 2008 – Whose Responsibility Is the Question of Identification Now?

With ID cards there are a number of legal questions that arise for a Scottish Government that may wish to oppose the introduction of such a scheme. The first is whether the Scottish Parliament is empowered to legislate in relation to ID cards. Although having such a power could not prevent Westminster from passing a UK-wide scheme, it could enable the Scottish Parliament to modify or even revoke that scheme at some future date.

The answer depends at least in part on whether it can be said the making of law on ID cards is “reserved” to Westminster. Needless to say, the Scotland Act 1998 is silent on the specific issue of an ID card scheme, so a more detailed analysis of that Act is necessary. Would an Act of Parliament about ID cards be an Act relating to the defence of the realm, data protection or the questions of nationality, immigration and the “issue of travel documents”? If so, it is pretty clear Westminster enjoys the exclusive right to legislate. If, however, an ID card scheme is not about immigration control and is instead characterised as being about access to public services – something successive Scottish administrations have rejected – then that would appear to be an area in which Holyrood could have a role.

More: Whose Responsibility Is the Question of Identification Now?

Source: http://news.scotsman.com/

31 March 2008 – Get Your German Interior Minister’s Fingerprint Here

A hacker club has published what it says is the fingerprint of Wolfgang Schauble, Germany’s interior minister and a staunch supporter of the collection of citizens’ unique physical characteristics as a means of preventing terrorism.

In the most recent issue of Die Datenschleuder, the Chaos Computer Club printed the image on a plastic foil that leaves fingerprints when it is pressed against biometric readers.

No-one from the Germany-based group has been able to test the foil to see if it can fool a computer into believing it came from Schauble. But the technique has been shown to work with a variety of other people’s prints on almost two-dozen readers, according to a colleague of the hacker who pulled off the demonstration.

“The whole research has always been inspired by showing how insecure biometrics are, especially a biometric that you leave all over the place,” said Karsten Nohl, a colleague of an amateur researcher going by the moniker Starbug, who engineered the hack. “It’s basically like leaving the password to your computer everywhere you go without you being able to control it anymore.”

More: Get Your German Interior Minister’s Fingerprint Here

Source: http://www.theregister.co.uk/

31 March 2008 – Unrecognised Irises

THE UK government remains hell-bent on introducing biometric identity cards. We have to wonder how many of the civil servants behind the scheme have tried using the iris-recognition technology the government introduced a year ago to make it quicker to get through passport control at UK airports and which Feedback reported on at the time (14 April 2007).

A colleague who regularly travels abroad has gamely persevered with the iris scheme. He leaves his friends waiting to show paper passports in the immigration line and joins the iris line. Then he enters a cubicle, looks into a camera and obeys synthesised voice instructions to stand further back, closer, to the left, to the right and so on.

The iris line is always short or empty because very few passengers now bother to try it. Most of those who do are routinely rejected. The camera and computer spend several minutes trying to recognise the traveller’s eyes before saying no. The reject then has to back out of the cubicle and return to the line to show paper.

More: Unrecognised Irises

Source: http://www.newscientist.com/

27 March 2008 – Awed Fraudsters Defeated by UK’s Passport Interviews

Interviews for first time passport applicants have been massively successful – because, er, no fraudulent applications at all have been detected since the government introduced the system last May. In answer to a Freedom of Information request, the Home Office said last week that 38,391 interviews had been held to date, 222 applications were currently under investigation, but that so far no application had been rejected.

More: Awed Fraudsters Defeated by UK’s Passport Interviews

Source: http://www.theregister.co.uk/

27 March 2008 – Heathrow Fingerprint Plan Challenged

Plans to fingerprint millions of passengers at Heathrow’s new fifth terminal could be illegal and have been challenged by the UK’s data protection watchdog.

The Information Commissioner’s Office warned airport operator BAA that the security measure, designed to stop terrorists getting into the country, may breach the Data Protection Act.

More: Heathrow Fingerprint Plan Challenged

Source: http://www.telegraph.co.uk/

27 March 2008 – Public Does Not Trust Government with Personal Data

Only one in 10 adults in the UK trusts the government with their personal data, an online survey reveals.

By contrast, the survey of over 1,000 people by IT security supplier Data Encryption Systems (DES) showed 74% were willing to share personal information with banks, employers and friends.

The level of trust in the government, at 10%, is just one percentage point higher than trust in online retailers.

DES managing director David Tomlinson said, “With the increasing dependence on IT and the rise of identity theft, data protection is no longer just a problem for the CIO, but something everyone has to consider.”

The survey found 41% were in favour of introducing ID cards in the UK, 40% were against, and 19% undecided.

More: Public Does Not Trust Government with Personal Data

Source: http://www.computerweekly.com/

27 March 2008 – Airport Workers’ ID Card ‘Insult’

Union leaders representing airport workers are to meet Home Office officials to express their concern at being among the first to have ID cards.

Steve Turner of the Unite union will say that his members oppose the plan.

Mr Turner says staff are already extensively vetted before being given airside passes.

The Home Office says that recording the fingerprints of staff will speed up the checking process and help maintain public confidence in airport security.

More: http://news.bbc.co.uk/1/hi/uk_politics/7301424.stm

Source: http://news.bbc.co.uk/

27 March 2008 – New Approach to ID Card Scheme

Technology is just one issue in the government’s overhaul of controversial identity plan.

James Hall is the chief executive of the Identity and Passport Service – the government department running the controversial £5.4bn national identity card scheme. He talked to Computing about the technology behind the latest developments in the scheme.

The Home Office has announced revised plans for ID cards, which aim to cut £1bn from the cost of the scheme. Where will these savings be made?

We made a decision that we will work with the private sector to collect fingerprints and biometrics from each citizen on our behalf, rather than ­ as previously assumed ­ doing that ourselves. It will work in the same way as having to pay to have your passport photograph taken today. We believe that several suppliers should emerge from that process and it will be considerably more convenient and cost effective.

We have also offered people a choice between having a passport and an ID card ­ rather than under the previous regime where you had to have both.

A significant number of people will have one or the other rather than both ­ this will cut our costs.

We have continued to look at the efficiency of operations and believe we can sharpen our pencils a bit more over this issue.

More: New Approach to ID Card Scheme

Source: http://www.computing.co.uk/

17 March 2008 – Private Enterprise Needs to Prepare to Profit from a National Identity Scheme

Sir – There have been claims that Sir James Crosby’s independent report for the Treasury on identity assurance (ie, the means of checking identity) undermines government plans for a national scheme. On close inspection, I find this puzzling.

The Crosby report states that significant economic and social advantage is available through “universal” identity-checking schemes, which are also designed to deliver strong national security benefits.

More: Private Enterprise Needs to Prepare to Profit from a National Identity Scheme

Source: http://www.telegraph.co.uk/

17 March 2008 – MI5 Seeks Powers to Trawl Records in New Terror Hunt

Millions of commuters could have their private movements around cities secretly monitored under new counter-terrorism powers being sought by the security services.

Records of journeys made by people using smart cards that allow 17 million Britons to travel by underground, bus and train with a single swipe at the ticket barrier are among a welter of private information held by the state to which MI5 and police counter-terrorism officers want access in order to help identify patterns of suspicious behaviour.

The request by the security services, described by shadow Home Secretary David Davis last night as ‘extraordinary’, forms part of a fierce Whitehall debate over how much access the state should have to people’s private lives in its efforts to combat terrorism.

More: http://www.guardian.co.uk/uk/2008/mar/16/uksecurity.terrorism

Source: http://www.guardian.co.uk/

17 March 2008 – Lax Standards’ on Data Security

The government has persistently failed to take data protection “sufficiently seriously,” the Joint Committee on Human Rights has warned.

Episodes such as the loss of child benefit discs containing 25m people’s details were “symptomatic of lax standards,” said MPs and peers.

The report said this did not “inspire confidence” in controversial plans for a National Identity Register.

More: http://news.bbc.co.uk/1/hi/uk_politics/7295467.stm

Source: http://news.bbc.co.uk/

17 March 2008 – ID Cards: The student Perspective

As the government revises its ID card timetable, students look likely to be one of the first groups in the roll-out.

But will they really be willing participants, as is the perceived wisdom? Here are the views of three students at Leeds University.

Katie Armitage, 20, is in her second year of a degree in History and History of Art and describes it as a good idea.

“I agree that students are a more willing group. I’ve got a student card, a passport and a driver’s licence, why shouldn’t I have an ID card?”

For Ms Armitage, another card would not be too much of a change and she believes, in using students, the government will actually be covering a wide cross section of society.

“The government can target different backgrounds – young, mature, different cultures and religions – they’re not just targeting the middle classes,” she said.

More: http://news.bbc.co.uk/1/hi/uk/7280971.stm

Source: http://news.bbc.co.uk/

14 March 2008 – Identity Scheme Still Popular, Says Survey

A new Home Office poll disagrees with earlier surveys which have shown opponents outweighing supporters.

Support for the national identity scheme remains stable, according to a survey of more than 2,000 people carried out for the Home Office by Taylor Nelson Sofres in February. The research, released on 6 March 2008, found that 59% of those questioned supported the scheme, while 23% did not. A similar survey by the firm in October last year found 59% in support, with 20% against.

However, a survey by ICM on 1,008 people, also carried out in February, found 50% in opposition with 47% in favour, using a question mentioning a likely price of £93 for a biometric passport. A poll by YouGov for the Daily Telegraph in December found 48% opposed the scheme and 43% in favour.

More: Identity Scheme Still Popular, Says Survey

Source: http://www.kablenet.com/

14 March 2008 – MPs Raise Fears over Data Protection for National ID Register

Committee highlights question marks over repeated breaches of data laws.

Repeated breaches of data protection laws by government departments raise huge question marks over plans for the national identity register required for ID cards and biometric passport, an influential parliamentary human rights watchdog has warned.

MPs and peers on the Lords and Commons Joint Committee on Human Rights said repeated losses of personal information by departments had increased their concern, and announced they ” intend to take a close interest in the government’s detailed proposals for the national identity register as and when they emerge.”

More: MPs Raise Fears over Data Protection for National ID Register

Source: http://www.computing.co.uk/

14 March 2008 – IBM Beefs up ID Management with Encentuate

Financial details of acquisition not disclosed.

IBM has announced the acquisition of Encentuate, a privately held provider of identity and access management software.

Encentuate offers enterprise single sign-on technologies and integration of strong authentication. IBM will integrate the firm into its Tivoli division.

“IBM has made a strategic decision to acquire Encentuate because customers are increasingly seeking a complete identity and access management solution with IBM quality and support,” said Al Zollar, general manager of IBM Tivoli software.

More: IBM Beefs up ID Management with Encentuate

Source: http://www.computing.co.uk/

14 March 2008 – A German’s Hard Disk Is His Castle

Germans became the best-protected users of computers and the Internet today when the Federal Constitutional Court set out strict rules for government agencies anxious to spy on their hard disks. The decision was widely viewed as a slap in the face for Wolfgang Schaeuble, the hard-liner Interior Minster who has been proposing that law enforcement agencies be given broad powers to monitor the computers and e-mails of suspects on their own authority. No, the court said, you have to ask a judge first. And if during the course of an authorized surveillance the police also happen to stumble across highly personal data, then it is their obligation to erase it “immediately”.

More: http://blogs.kuppingercole.de/cole/

Source: http://blogs.kuppingercole.de/

13 March 2008 – Experts Wary Over ID Card Plan

Home Office slows ID card rollout as independent Treasury study recommends fast implementation.

The government’s failure to take on board the recommendations of independent reports on the national identity card scheme may lead to faults and extra cost, warn experts.

Last week, home secretary Jacqui Smith announced plans for a slower rollout of the £5.4bn ID cards programme, with the government retaining control of the national identity register.

But in a Treasury-commissioned report, also released last week, former HBOS chief executive Sir James Crosby recommends a fundamentally different, consumer-led approach.

More: Experts Wary Over ID Card Plan

Source: http://www.computing.co.uk/

13 March 2008 – IBM Buys Encentuate to Boost ID Management

Encentuate purchase will boost access and ID management in IBM’s Tivoli arm.

IBM has acquired Encentuate, an access and ID management solutions provider specializing in single sign-on and access management.

The Ecentuate bounty will be integrated into Tivoli software group. IBM called identity management tools, for enterprises, a ‘business productivity tool’, adding in a statement, “It can help reduce the burden of remembering different passwords, rules and user IDs while helping to improve security by automatically managing passwords, rules and user IDs.”

More: IBM Buys Encentuate to Boost ID Management

Source: http://www.computing.co.uk/

13 March 2008 – Identity 2.0 Products Gaining Ground

New technologies lead the way in ID management.

Identity 2.0 technologies are leading the way in identity management, according to research from industry analysts.

Analyst group Kuppinger Cole and Partner analysed the 10 predominant topics and trends in identity management in 2008.

Identity 2.0 continues to receive the support and influence of industry giants, including Yahoo, Google, Microsoft and IBM.

Identity 2.0 platforms are classified as identity verification techniques on the internet using emerging user-centric technologies such as information cards or OpenID.

More: Identity 2.0 Products Gaining Ground

Source: http://www.computing.co.uk/

13 March 2008 – Thousands Of Military ID Cards Missing

The Ministry of Defence is at the centre of a new security row after it emerged an “extraordinary” 11,000 military ID cards were lost or stolen in the past two years.

Opposition parties said the scale of the losses cast fresh doubt on the Government’s plans for a national ID card scheme.

The MoD said it took the issue “very seriously” and steps were being taken to improve general security awareness.

According to figures released in a Commons written answer, some 4,433 ID cards disappeared in 2006 and a further 6,812 went missing last year.

Tory defence spokesman Gerald Howarth said: “This is another example of the Government’s scandalous disregard for the security of our citizens and yet another reason why the public has no confidence in the Government’s ID card plans for the rest of the population.”

More: Thousands Of Military ID Cards Missing

Source: http://news.sky.com/

12 March 2008 – They Lost How Many?

It appears that more than 11,000 military ID cards have been lost or stolen in the last two years, according to the Ministry of Defence.

Some 4,433 went missing in 2006 and 6,812 last year.

We discover this via a PQ from Liam Fox. We then sit here quivering with rage and fear. No get this, if a serving serviceman loses his military ID card he or she is up on charge pronto, at least that was case when I last had one.

There are about 120,000 people in the armed services. At just over 5% that is a major loss rate. But more serious than that. The fact that there are severe penalties for the loss of the MOD ID card makes people take keeping it secure seriously. So with an approximate population of 60 million we could be looking at a loss theft rate of about 3,000,000 per annum. And that is as if there were incentives to keep them safe. Without those incentives the figures are likely to be far higher.

Human ingenuity is just no match for human incompetence.

More: They Lost How Many?

Source: http://englandexpects.blogspot.com/

12 March 2008 – Government Fails to Sell ID Concept

Identity card rollout recommendations are ignored by the government.

It would be easy to be cynical and suggest the government engaged in a bit of press control with the timing of the publication of Sir James Crosby’s report on UK identity management last week.

On the afternoon that home secretary Jacqui Smith announced the latest changes to ID cards, the Treasury-commissioned Crosby study was also quietly released after months of delays ­ – Computing was leaked details of its contents as long ago as last August – ­ see www.computing.co.uk/2197249.

Smith said she was “indebted” to Crosby, but ignored most of his recommendations ­ – not least the widely publicised suggestion that ID cards should be free.

But a detailed look at the Crosby report ­ – which was initiated by Gordon Brown when he was chancellor – ­ reveals a more coherent, workable, and less costly alternative to the increasingly ham-fisted and ever-changing plans for ID cards.

More: Government Fails to Sell ID Concept

Source: http://www.whatpc.co.uk/

10 March 2008 – ID Cards Chief Defends U-turn

The head of Britain’s ID cards project and national identity database has defended the government’s revised ID card plans in the face of allegations of a u-turn after the project was scaled back.

James Hall, director of the Identity and Passport Service (IPS), told silicon.com the revised scheme is likely to cut £1bn off its £5.4bn price tag, that power station workers are likely to join airport workers and Olympic security staff as the first UK citizens in line for the cards and that the cards may be used to prove identity over the internet.

But UK businesses remain critical, with the Confederation of British Industry (CBI) fearing that companies could be liable if they provide inaccurate information to the National Identity Register and expressing unease over the security of the data that will be held on it.

Shadow Home Secretary David Davis launched a further attack, citing the risk of a massive data breach on the system. He said: “It is something very dangerous the government are doing. We would cancel this database.”

More: ID Cards Chief Defends U-turn

Source: http://www.silicon.com/

10 March 2008 – Nothing to Hide, but Plenty to Fear From Ms ID Card

And so they plough on with their “ID” cards, never admitting that the real purpose of these breathing licences is to increase the Government’s power to meddle in our private lives.

Many of you have helped me in my campaign against this unBritish scheme. And we have, in fact, won a small victory.

Ms Smith has now put off plans to force us to be fingerprinted when we renew our passports, probably until 2012.

Originally, this was meant to have started by now, but thousands of people renewed their passports early – to avoid being fingerprinted and to protest – and this has plainly frightened the Home Office. We can still beat this grotesque plan.

More: Nothing to Hide, but Plenty to Fear From Ms ID Card

Source: http://www.dailymail.co.uk/

10 March 2008 – Is There a Sensible Reason for ID Cards?

A national identity database is – on all the evidence we have – extremely unpopular. A Home Office Minister, Beverley Hughes, admitted to Parliament only under duress that the Government’s consultation exercise on what it was then, insultingly, calling an “entitlement card” had been overwhelmingly against the scheme.

It will be extraordinarily expensive. Nobody disputes this – and the dismal record on state IT procurement suggests that we might do well to double or triple the official estimates of how expensive.

And it will, regardless of the issues of principle, be deeply ineffective.

More: Is There a Sensible Reason for ID Cards?

Source: http://www.telegraph.co.uk/

10 March 2008 – ID Cards Are the Ultimate Identity Theft

Computer systems always fail – and the national database will do so big time.

The ID card project is still on track – more or less. Jacqui Smith is just the latest in a long line of Home Office ministers to sell us the benefits of ID cards, while casually informing us of the latest rise in costs or slippage in its implementation schedule. Ms Smith is also yet another Home Secretary who subscribes to the “pixie dust” school of technology: computation is a magic substance to be sprinkled over problems, that, hey presto, then vanish. Little wonder that Britain has an appalling record in government IT projects.

The ID project is one of the biggest computer systems envisaged – far more complex than the failing NHS system. And it’s another disaster waiting to happen. Still the politicians naively claim there will be no problems: it will be totally secure because of biometrics. Apparently iris scans, fingerprints, face-recognition software will all work perfectly, be amazingly cheap to implement – and all foolproof. It must be true, as they’ve been told this by those selling the technology. Baroness Anelay of St Johns, with a group of parliamentarians, was once given a demonstration of a facial recognition system. It failed; indeed the system subsequently crashed, twice. The reason? The baroness was told her face was “too bland”.

More: ID Cards Are the Ultimate Identity Theft

Source: http://www.timesonline.co.uk/

10 March 2008 – ID Card Report Criticises Government’s ‘Uncoordinated’ Approach

Ministers faced embarrassment today following the publication of an official report criticising the way the national identity card programme is being rolled out.

Sir James Crosby’s report, commissioned two years ago by the Treasury, accuses the government of adopting an “uncoordinated” approach to the problem of identity assurance.

It says any national identity card scheme should be free to users, involve minimum amounts of information and not be promoted as an anti-crime initiative.

The Treasury published the review today with minimum publicity, and its release coincided with the home secretary Jacqui Smith’s high-profile announcement of further details of the programme’s implementation.

More: http://www.guardian.co.uk/politics/2008/mar/06/idcards

Source: http://www.guardian.co.uk/

6 March 2008 – Government to Begin Rolling Out ID Cards ‘By Stealth’ Within a Year

The Government has been accused of introducing identity cards by stealth after it was revealed the first of the controversial IDs will be issued early next year.

Workers in sensitive jobs will be required to apply for the compulsory cards in 2009, despite the Home Office postponing the overall scheme until 2012.

Some 100,000 British airport staff and others working in sensitive locations are expected to be affected by the move.

It is thought that “airside” workers including airline staff, baggage handlers as well as workers in duty-free shops, bars and cafes would all have to apply.

Shadow home secretary David Davis said: “It is inconceivable that these workers would not already have full ID verification.

“Therefore the question has to be will this add to airport security or is it a way of getting the British public used to an ID card by stealth – despite an explicit promise from a former home secretary that this programme would not be rolled out in a compulsory fashion without a vote in the House of Commons.”

More: Government to Begin Rolling Out ID Cards ‘By Stealth’ Within a Year

Source: http://www.dailymail.co.uk/

6 March 2008 – First Compulsory ID Cards to Be Announced, Claim Tories

The Conservatives have claimed that the government will announce plans tomorrow to make identity cards compulsory for airport workers.

Shadow home secretary David Davis said he believed Home Secretary Jacqui Smith will make the announcement on Thursday in breach of an undertaking not to introduce compulsion without a prior vote by MPs.

About 100,000 airside staff are expected to be covered in a statement from Smith to MPs, which is thought to be in line with leaks last month indicating a national rollout is being postponed to 2012 but that workers in sensitive locations would be covered sooner.

More: http://www.computing.co.uk/computing/news/2211217/first-compulsory-id-cards

Source: http://www.computing.co.uk/

6 March 2008 – ID Cards Assessment

A fight to keep secret details of two early assessments of the Government’s ID cards scheme began in the High Court. The Office of Government Commerce said that failing to keep the reviews confidential could damage the system of assessing the cost and feasibility of government schemes. Requests had been made to see details of the reviews under the Freedom of Information Act.

More: http://www.timesonline.co.uk/tol/news/uk/article3479159.ece

Source: http://www.timesonline.co.uk/

6 March 2008 – Why We Should Keep an Eye On Those Who Are Watching Us

Our own government is justifying the introduction of ID cards linked to a centralised national data register as a means to combat violent crime, illegal immigration, benefit fraud, identity theft and tax evasion. This seems very plausible and seductive, at first sight. The Last Enemy debunks this illusion by depicting what really happens when the state gets too much power over the individual. Seemingly reasonable measures are open to malign manipulation – either by the state or by rogue elements within it.

This is the direction in which the US and British governments are moving. Faced with the Islamist terror threat, they are increasingly fighting tyranny with tyranny: phone-tapping; 28 days’ detention without charge; control orders; extraordinary rendition and torture. These measures are, of course, no defence of democratic freedoms, but their stealthy subversion.

Our government has concluded that maintaining both security and liberty is too complicated, difficult and costly. Liberty has to be sacrificed for the greater good. This “ends justifies the means” rationale is, as The Last Enemy shows, the slippery slope to an authoritarian, unaccountable state. The future is, I fear, nearer than we think. Britain doesn’t have to end up like this. Resist.

More: http://www.guardian.co.uk/media/2008/mar/03/television.idcards

Source: http://www.guardian.co.uk/

3 March 2008 – Too Much Information

If you think that the worst thing the government can do with all the data it collects about you is lose it in the post, then you haven’t been watching The Last Enemy. Set in the near future, this BBC series is now halfway through exploring Britain as a surveillance society.

In one thrilling scene at the end of the first episode, the lead character, a reclusive mathematician seconded to the government to trial a new super-database, uses a combination of CCTV footage, automatic number plate recognition (ANPR) cameras and facial recognition software, presumably linked to a putative National Identity Register, to track in minute detail the movements and associates of a girl with whom he has fallen in love.

More: http://www.newstatesman.com/200802280039

Source: http://www.newstatesman.com/

3 March 2008 – ID Could Be You

Foreigners living in Britain who don’t buy a new biometric ID card by November will be fined, thrown out, or jailed.

If they don’t get fingerprinted and iris-scanned they’ll be fined £250, rising to £1,000 for further offences. Expulsion from the UK is the next level of punishment.

This regime will eventually apply to all of us, not just foreigners.

Despite ministerial denials, we will face fines and jail if we don’t walk the streets with a Gestapo-style internal passport.

The Home Office is already working on plans for “coercion” to bully us into carrying one of their fancy new ID cards.

Shami Chakrabarti, head of rights group Liberty, accuses the government of using foreigners as “ID card guinea pigs”. She adds: “Anyone who thinks this will be limited to foreign nationals should think again.” She’s right. They are a test bed for the ID repression of everybody.

You have been warned.

More: ID Could Be You

Source: http://www.mirror.co.uk/

3 March 2008 – Internal Passports Reminiscent of the Cold War

Giving evidence to the (House of Commons) Home Affairs Committee on Tuesday, Meg Hillier, Minister for ID cards, said we should see the cards as “passports in-country”.

Such candour from a Home Office minister makes a refreshing change from the usual spin and deception. Perhaps in this apparent new spirit of openness and transparency, the government will be prepared to engage in a rational debate about where its transformational government agenda is taking our society.

Do we wish to live in a country where citizens are controlled by the state; a database state in which the intimate details of our lives are recorded by bureaucrats for administrative convenience?

Under Soviet rule, an internal passport (propiska), officially a record of a person’s address, was required when applying for jobs, for a place in higher education or for obtaining medical treatment.

More: Internal Passports Reminiscent of the Cold War

Source: http://www.theherald.co.uk/

3 March 2008 – ID Cards: £1,000 Fine for Skipping Biometric Scans

In the latest government ID-card plans, people will face fines of up to £1,000 for skipping biometric scans.

Penalties ranging from £125 for not notifying the government of the loss of an ID card to £250 for not applying for a card or missing an appointment for fingerprint and facial scans, were revealed in the Home Office consultation papers.

The fines would apply to foreign nationals entering or living in the UK, who will be required to have ID cards from November, ahead of the cards’ introduction for UK citizens next year.

More: http://news.zdnet.co.uk/security/0,1000000189,39352924,00.htm

Source: http://news.zdnet.co.uk/

28 February 2008 – Internal Passports Reminiscent of the Cold War

Giving evidence to the (House of Commons) Home Affairs Committee on Tuesday, Meg Hillier, Minister for ID cards, said we should see the cards as “passports in-country”.

Such candour from a Home Office minister makes a refreshing change from the usual spin and deception. Perhaps in this apparent new spirit of openness and transparency, the government will be prepared to engage in a rational debate about where its transformational government agenda is taking our society.

Do we wish to live in a country where citizens are controlled by the state; a database state in which the intimate details of our lives are recorded by bureaucrats for administrative convenience?

More: Internal Passports Reminiscent of the Cold War

Source: http://www.theherald.co.uk/

28 February 2008 – ID Cards: £1,000 Fine for Skipping Biometric Scans

In the latest government ID-card plans, people will face fines of up to £1,000 for skipping biometric scans.

Penalties ranging from £125 for not notifying the government of the loss of an ID card to £250 for not applying for a card or missing an appointment for fingerprint and facial scans, were revealed in the Home Office consultation papers.

The fines would apply to foreign nationals entering or living in the UK, who will be required to have ID cards from November, ahead of the cards’ introduction for UK citizens next year.

Foreigners persistently failing to apply or turn up for scans face a charge of up to £1,000, but there would be a reduction in the fine of up to £100 for anyone who could prove extenuating circumstances for non-compliance.

More: ID Cards: £1,000 Fine for Skipping Biometric Scans

Source: http://news.zdnet.co.uk/

28 February 2008 – Minister Defends ID Security

The National Identity Register will have very limited access, stringent security and no risk of ‘discs flying around’, MPs have been told.

Home Office minister Meg Hillier defended the government’s plans for its controversial National Identity Scheme, as she faced questions about data security from a committee of MPs.

Hillier, who has responsibility for identity cards, said it was important to win public confidence in the scheme, particularly following a number of recent cases in which the government had misplaced or lost confidential data.

More: Minister Defends ID Security

Source: http://www.kablenet.com/

28 February 2008 – Punishments Announced for ID Card Offences

Foreign nationals may be fined £250 for a first refusal to apply for an identity card or for damaging their fingertips, according to a draft code of practice released by the Home Office.

Those not applying for an identity card, failing to provide required data or deliberately attempting to damage or destroy biometric identifiers such as fingerprints would initially be fined up to £250, rising by £250 for each further offence, up to £1,000. Parents or carers would pay for their children’s contraventions.

Furthermore, those with limited leave to remain in Britain could have this cut short for three such offences, although the code says that indefinite leave to remain would only be cancelled “in compelling circumstances”.

Lesser fines of up to £125 for an initial offence, rising to a maximum of £500 with repetition, would be imposed for failing to update data such as a holder’s address or not informing the government about a lost, stolen, altered or damaged card.

More: Punishments Announced for ID Card Offences

Source: http://www.kablenet.com/

26 February 2008 – Home Office Claims Over False ID Exaggerated

Meg Hillier, the Home Office minister, cites preventing identity fraud as the main reason for the proposed National Identity Scheme (Letters, February 22), yet her department seems incapable of understanding what identity fraud is, let alone devising solutions to it.

The Home Office claims that the use of false identity currently costs the UK more than £1.7bn a year, yet this figure is grossly exaggerated. It includes £215m for “carousel fraud” [the theft of value added tax from governments in multi-jurisdictional trading], even though Revenue & Customs says this is not ID fraud, and the £505m cost of all bank card fraud, even though Apacs, the trade association for the UK payments sector, says only £37m of this results from ID fraud. Once all the Home Office’s exaggerations are stripped out, the true cost of ID fraud in the UK is only about 10 per cent of that claimed.

More: Home Office Claims Over False ID Exaggerated

Source: http://www.ft.com/

26 February 2008 – We Don’t Need a High-tech Domesday Book

Until very recently, it was a central tenet of government that data held by one department should not routinely be available to another. Indeed, many Acts of Parliament specifically outlaw data sharing because of concern that the state would be able to obtain a comprehensive picture of an individual’s life when it had no need to. Yet these considerations have simply been brushed aside in the past few years, and anyone questioning why this is happening is regarded as a conspiracy theorist or a Luddite.

There is now an assumption that the state should know everything about us and be able easily to access that information. This is justified as being good for us because it facilitates the provision of services that may be to our advantage, and on the grounds that anyone who is unhappy with the prospect must have something to hide.

More: We Don’t Need a High-tech Domesday Book

Source: http://www.telegraph.co.uk/

26 February 2008 – A Modern Means to Confirm and Protect Identity

The National Identity Scheme will provide the UK with a modern means of confirming identity as well as protecting against the rising problem of identity fraud and all the criminal activities that identity fraud enables. I challenge opponents of the scheme to set out how they would go about doing this without implementing something that contained the basic features of what the government is proposing.

More: A Modern Means to Confirm and Protect Identity

Source: http://www.ft.com/

26 February 2008 – Identity Cards ‘Useless in Fight Against Terrorism’

Mass fingerprinting, biometric passports, identity cards and international identity databases will not protect Britain and other European countries from terrorists or criminals.

This startling admission comes in a leaked European Commission report prepared for Home Secretary Jacqui Smith and other EU Home Affairs Ministers.

The report undermines Gordon Brown’s claims about the need for controversial new passports and identity cards to protect the country from terror attacks.

It raises new questions about the true purpose of Government databases, which will store intimate details of everyone in Britain, including their picture, fingerprints and confidential personal information.

More: Identity Cards ‘Useless in Fight Against Terrorism’

Source: http://www.dailymail.co.uk/

25 February 2008 – ID Theft Instances Down, Cost Per Incident Up, Says Javelin

Despite a nationwide decline, identity theft is still a major concern of consumers because criminals have become more creative in how they steal personal information, according to a report released Monday by Javelin Strategy and Research.

The firm’s “2008 Identity Fraud Survey Report” disclosed that identity theft declined 12 percent in the United States last year, a drop of US$6 billion. However, ID theft still accounted for a loss of US$45 billion during 2007.

The report also disclosed that over the past three years, criminals have obtained the majority of stolen personal information from belongings and telephone calls, not the web or email.

The October 2007 telephone survey of 5,000 consumers attributed several factors to the decline, including increased consumer vigilance and awareness, more frequent monitoring of financial account activity and better corporate management of personal information.

Although fraud declined, the cost of individual ID theft cases rose by 25 percent to US$691 per incident, according to Javelin.

More: ID Theft Instances Down, Cost Per Incident Up, Says Javelin

Source: http://www.securecomputing.net.au/

25 February 2008 – Americans’ e-Commerce Conundrum

A new study from the Pew Internet Project casts light on the love-hate relationship many Americans have with e-commerce.

In response to the survey, 78 percent of U.S. Internet users said that online shopping is convenient, and 68 percent said it saves time. Yet, 75 percent said they don’t like giving out personal information like a credit card number over the Internet.

The security risks, real or perceived, are hampering the growth of the Internet economy, said John Horrigan, associate director of the Pew Internet Project and author of the report.

“These inconsistent notions about the online shopping environment show that, even as e-commerce matures, people’s confidence in the security of online shopping remains as an issue,” Horrigan said in a statement. “If people’s worries about security of personal information were eased, the pool of online shoppers would be greater.”

More: http://www.insideid.com/article.php/3728396

Source: http://www.insideid.com/

25 February 2008 – Ukrainian Hacker May Get to Keep Profits

A Ukrainian hacker may be allowed to keep over $250,000 in profits owing to a loophole in US law.

Oleksandr Dorozhko is alleged to have hacked into the servers of Thomson Financial and taken a look at the forthcoming results announcement for IMS Health, hours before its release to the stock market.

Dorozhko placed a series of sell orders on the stock, investing $41,671 of his own money in sell options that would be worthless in three days unless the stock fell.

When the results, which were disappointing, were released the stock fell sharply and Dorozhko made $296,456 on the trade.

More: http://www.computing.co.uk/vnunet/news/2209899/hacker-keep-profits

Source: http://www.computing.co.uk/

25 February 2008 – IT Security Experts Call for National e-Crime Unit

Not one member of the Information Systems Security Association (ISSA) – the largest group of IT security professionals in the UK – believes the country to be adequately equipped to deal with e-crime.

And nearly two thirds (65 per cent) believe the current situation is wholly inadequate.

The results are a strong message to the government, said Geoff Harris, UK president of the ISSA.

“As increasing numbers of the criminal fraternity become aware of this weakness in UK law enforcement capability, the gap between safe online e-commerce and e-crime will continue to spiral out of control,” he said.

More: http://www.computing.co.uk/computing/news/2209871/security-professionals-call

Source: http://www.computing.co.uk/

25 February 2008 – Keeping Up with the Future

A comparison is often made with ID cards on the Continent, yet they are nothing like the UK ID card because they are all governed by strict rules protecting privacy. In Germany, the centralisation of information is forbidden for historical reasons – the twin evils of the Nazi and Stasi regimes.

But plans for the UK ID card are that it will be linked to the National Identity Register, a centralised data bank that can hold up to 50 categories of personal information: current and past places of residence, occupation, driving licence details, education and health records, marital status, a multitude of information and of course, any criminal record, cautions or youthful misdemeanours.

More: http://news.bbc.co.uk/1/hi/magazine/7246763.stm

Source: http://news.bbc.co.uk/

15 February 2008 – Confessions of a Caller-ID Spoofer

He spoofed the HR director’s work phone number, then the number of that guy’s boss, before moving up to a vice president, and finally, the CEO. Says he had no choice. He also says “this thing that I did is bad and should be outlawed.”

This thing that he did is perfectly legal, you may know already, although efforts have been under way to have that rectified.

Background: The major telecom equipment maker whose employ A.G. Bell had recently left owed him thousands in unpaid commissions, he says, yet the HR department stopped returning his calls, instead “hiding behind voicemail.” Spoofing the HR director’s number got his underlings to pick up the phone, at least until they wised to that ploy, at which point Bell – a fictitious name I’m affording him to protect his current job at another telecom vendor – started spoofing numbers right on up to the top of the org chart (not to mention a White House number – seriously).

“Juvenile? Yes,” Bell acknowledges. “Effective at getting past call screeners? Absolutely. Subject to horrible abuse? Totally.”

More: Confessions of a Caller-ID Spoofer

Source: http://www.networkworld.com/

15 February 2008 – Legal Obstacles Delay Federated Identity Management

“Who are you?” is a fundamental question for all online business activities. Whether a company wants to allow employees, contractors or business partners to remotely access its networks, or engage in online commercial transactions, the need to authenticate the identity of the remote party is a critical one.

Moreover, in today’s security-conscious environment, authentication is a legal issue. A company’s legal obligation to provide information security clearly includes a duty to properly authenticate persons seeking access to the company’s computer systems or services. For example, in a recent case brought by the victim of identity theft, the issuer of a credit card was held liable for failing to properly authenticate the identity of the applicant/imposter.

More: Legal Obstacles Delay Federated Identity Management

Source: http://www.networkworld.com/

15 February 2008 – EU Must Educate SMEs on IT Security

The European Union (EU) must co-ordinate efforts to educate the small business community about IT security if it is to keep its place as one of the world’s most advanced digital economies.

Brussels needs to ensure all member state governments are addressing the problem at home as well as providing continent-wide oversight, says the European Network and Information Security Agency (Enisa).

The IT security situation is particularly serious for the small and medium-sized enterprise (SME) sector, according to Enisa security expert Marco Thorbruegge.

More: EU Must Educate SMEs on IT Security

Source: http://www.computing.co.uk/

15 February 2008 – Security Awareness-raising Forum is Launched

A major new initiative was launched today designed to reduce information security failures in organisations by raising security awareness levels.

The Information Security Awareness Forum (ISAF) was commissioned by the advisory board of the Information Systems Security Association (ISSA) and is comprised of professional IT bodies such as the British Computer Society (BCS), Information Seecurity Forum and the Institute of Information Security Professionals (IISP).

More: Security Awareness-raising Forum is Launched

Source: http://www.computing.co.uk/

15 February 2008 – Less Than a Quarter of Us Think ID Cards Will Work

Only 24 per cent of us are convinced that the £5.5billion ID card scheme will achieve its aims, a survey revealed yesterday.

The poll, by the Government’s own Identity and Passport Service, showed that there is widespread scepticism about the plans.

Only 27 per cent of the 2,000 surveyed found it “very believable” that ID cards would disrupt terrorist plots.

Just 29 per cent believed identity fraud would be slashed.

On the matter of making it more difficult for illegals to work in the UK – one of Labour’s key aims for the cards – the figure fell to 24 per cent.

More: Less Than a Quarter of Us Think ID Cards Will Work

Spource: http://www.dailymail.co.uk/

12 February 2008 – FBI Warns of ‘Vishing’ Attacks

The FBI is warning of a dramatic increase in the number of so-called ‘vishing’ attacks that entice mobile phone users into giving up personal banking details.

Vishing works in much the same way as phishing. An email or text message is sent to a user asking them to call the target bank to reactivate a credit or debit card.

“On calling the telephone number, the recipient is greeted with ‘Welcome to the bank of …’ and [is] requested to enter their card number in order to resolve a ‘pending security issue’,” the FBI’s Internet Crime Complaint Center said in an alert.

More: FBI Warns of ‘Vishing’ Attacks

Source: http://www.securecomputing.net.au/

12 February 2008 – IT Heavyweights Join OpenID Project

Google, IBM, Microsoft, VeriSign and Yahoo have become the first corporate board members of the OpenID Foundation, paving the way for an internet-wide single sign-on platform and an end to multiple passwords.

The OpenID Foundation was formed in June 2007 to support and promote technology developed by the OpenID community.

Early members included individuals, students, non-profits and start-ups coming together to develop and promote open identity management on the web.

OpenID is a free application that aims to simplify the online user experience by eliminating the need for multiple user names across websites.

More: IT Heavyweights Join OpenID Project

Source: http://www.computing.co.uk/

12 February 2008 – Alert as College Ejects the ‘Student’ who Isn’t

A Cambridge college is on alert after claims that a man posed as a student for a year and made advances to female undergraduates.

The man, who called himself Tarique Akhtar, was thrown out by porters at Trinity College after complaints from genuine students.

The imposter is alleged to have passed a note to one female student that said: “I can’t stop staring at you”. Another student claims to have heard him say how he found life at Trinity difficult “because there were so many beautiful girls”.

The man has been warned not to come back. But some students say they have seen him in the area in the last few days.

More: Alert as College Ejects the ‘Student’ who Isn’t

Source: http://www.cambridge-news.co.uk/

11 February 2008 – Channel Warned of Rising ID Theft

As fraud figures reach their highest in 13 years, experts urge channel players to be aware of growing identity scams.

Onlookers have warned the channel to be more vigilant against identity theft, as the latest figures from KPMG indicate overall fraud in the UK is on the rise.

According to the analyst’s Forensic Fraud Barometer, £1bn of fraud went to court last year ­ the highest figure since 1995.

Fraud cases going to court fell from 277 to 197 in 2006, however, this figure still remains higher than any other prior to 2005.

More: Channel Warned of Rising ID Theft

Source: http://www.computing.co.uk/

11 February 2008 – Security Pros Confused Over Authentication

Research suggests 70 per cent of corporate authentication systems are insecure.

IT professionals are concerned that they do not have the appropriate security practices in place, according to research by Positive Networks.

The security services provider said that this concern is well founded as 20 per cent of respondents to a survey admitted to a breach that involved loss of sensitive data or access to restricted resources.

Some 70 per cent of respondents also suggested that their current authentication practices were not secure.

Positive Networks interviewed over 300 IT professionals from across the UK on issues relating to security, authentication and other network concerns.

More: Security Pros Confused Over Authentication

Source: http://www.computing.co.uk/

11 February 2008 – The Campaign Group: No2ID

Like many great – and not-so-great – ideas, the No2ID campaign against identity cards and the “database state” started with a trip to the pub.

In less than four years it has become one of the best-known single issue campaign groups.

Public concern about data security is running high at the moment, after the loss of millions of bank details by Her Majesty’s Revenue and Customs and other scandals.

Even Prime Minister Gordon Brown appears to be having a few second thoughts about whether the cards should be compulsory – and the scheme’s introduction was recently delayed by two years.

But in early 2004, when the then Home Secretary David Blunkett first proposed a national identity register, it seemed the only real opposition would come from what Mr Blunkett liked to deride as “airy fairy libertarians”.

Groups attending a public meeting at the London School of Economics in May 2004, where the idea of a campaign against ID cards was first proposed, included Privacy International and Liberty. Speakers included the future Conservative leader David Cameron.

In the pub afterwards, the No2ID campaign was officially born.

More: The Campaign Group: No2ID

Source: http://news.bbc.co.uk/

11 February 2008 – The Last Enemy Turns Eyes on the Spies

Britain is awash with CCTV cameras, and we are scrutinised as never before. Sally Kinnes reports on a drama that lifts the lid on the snooping society.

It is a beautiful, sunny day at the open-air cafe at Kenwood House, in north London, but, even here, Big Brother is watching. The Cyclops eye of a CCTV camera (one of more than 4m nationwide) clocked the tele-vision writer Peter Berry and me coming into the park, and clocked us going out. Presumably, it and others in the park know how long we stayed, where we went and what we did. There was a time when this might have seemed like a good idea, what with the terrorist threat and all. But Berry’s new five-part thriller, The Last Enemy, may make you think again.

More: The Last Enemy Turns Eyes on the Spies

Source: http://entertainment.timesonline.co.uk/

11 February 2008 – If You Have ID Cards, Drink Alcohol

One of the key identifiers of an addiction is that indulgence in it persists long after all the reasons for doing it have turned from good to bad.

A sobered-up Scottish alcoholic once told me the following examplar of alcoholic thinking. A professor is lecturing to a class of alcoholics on the evils of drinking. To make his point, he takes two glasses, one filled with water, the other with alcohol. Into each glass he drops a live worm. The worm in the glass of water lives; the worm in the glass of alcohol dies.

“What,” the professor asks, “can we learn from this?”

One of the alcoholics raises his hand. “If you have worms, drink alcohol.”

In alcoholic thinking, of course, there is no circumstance in which the answer isn’t “Drink alcohol.”

More: http://www.newswireless.net/index.cfm/article/3740

Source: http://www.newswireless.net/

6 February 2008 – Cameras Target Diesel Fumes

London’s congestion charge cameras are being turned on the capital’s most polluting vehicles in a bid to improve air quality

A London-wide Low Emission Zone was launched on 4 February 2008, designed to reduce pollution from diesel engined lorries, coaches and buses. The automatic number recognition cameras used to enforce the capital’s congestion charge are also identifying potential heavy polluters. Information gathered is being linked to the Driver and Vehicle Licensing Authority’s database to identify a vehicle’s emissions standards.

The Low Emission Zone will be introduced in a number of stages, starting with diesel engined lorries over 12 tonnes. Drivers of vehicles which do not meet emissions standards will face a charge of £200. The zone is the first in the UK and the largest of its type in the world, and covers most of Greater London.

More: Cameras Target Diesel Fumes

Source: http://www.kablenet.com/

6 February 2008 – CCTV Talks to Yobs

Barking and Dagenham has become the first borough in London to launch Talking CCTV cameras that rebuke people for anti-social behaviour.

The new technology has been fitted to 16 existing cameras located in busy areas around the borough. The cameras have been fitted with equipment that includes audio cards and loudspeakers that are activated by officers in the Barking and Dagenham’s secure CCTV control room.

If people are spotted dropping litter or otherwise misbehaving, Talking CCTV will deliver a recorded message warning them that they are being monitored. The council said the aim is to get the public to reflect on their behaviour and the example they are setting to others, especially children.

More: CCTV Talks to Yobs

Source: http://www.kablenet.com/

6 February 2008 – Google Launches Security Apps

Google today launched three new online email security and archiving packages in a move designed to broaden out its Google Apps platform and offer firms of all sizes a cheap, flexible alternative to managing in-house messaging security and compliance technology.

The three offerings are compatible with any mail system and can be bought as standalone services or as part of the Google Apps Premier Edition, said the firm’s Dave Armstrong. They are built on technology which came with the acquisition of on-demand security vendor Postini last summer.

More: Google Launches Security Apps

Source: http://www.computing.co.uk/

6 February 2008 – Google Apps Adds Email Security

Google has added a range of email security packages to Google Apps, offering message filtering, encryption, discovery and archiving services.

The new security services work with any email system, including Lotus Notes, Microsoft Exchange and Novell GroupWise, and range from £1.50 to £12.50 per user per year.

“As threats rise in volume and complexity, and compliance requirements pile up, IT is struggling to find the resources to keep up,” said Scott Petry, director of product management at Google.

More: Google Apps Adds Email Security

Source: http://www.computing.co.uk/

6 February 2008 – Poll Shows Growing Opposition to ID Cards Over Data Fears

The number of people strongly opposed to the introduction of a national identity card scheme has risen sharply, according to the results of an ICM poll to be published today.

Those campaigning against ID cards said last night that the poll, with results showing that 25% of the public are deeply opposed to the idea, raises the prospect that the potential number of those likely to refuse to register for the card has risen. If the poll’s findings were reflected in the wider population, as many as 10 million people may be expected to refuse to comply.

The ICM survey also shows that a majority of the British people say they are “uncomfortable” with the idea that personal data provided to the government for one purpose should be shared between all Whitehall-run public services.

More: Poll Shows Growing Opposition to ID Cards Over Data Fears

Source: http://www.guardian.co.uk/

4 February 2008 – Could NAC Be Juniper’s Not-So-Secret Weapon?

Analysts say built-in NAC key to Juniper’s Ethernet switch foray.

By Tim Greene, Network World, 01/31/08

Juniper Networks’ EX switches announced this week — the company’s first for the enterprise market — support a homemade version of network-access control that may be a helpful selling point, industry experts say.

“You can’t come into the LAN switch market and say, “I’ve got something that’s just as good as everybody else,” says Phil Hochmuth, an analyst with the Yankee Group. “You need something to set it apart. I think it’s the NAC integration.”

“If Juniper wants to displace the current vendors — Cisco and HP ProCurve in particular — then it needs an equally strong access-control story,” says Rob Whiteley, an analyst with Forrester Research. “I think Juniper’s UAC [Unified Access Control] delivers that, especially with the standards-based emphasis Juniper has been pushing for a while now.”

More: Could NAC Be Juniper’s Not-So-Secret Weapon?

Source: http://www.networkworld.com/

4 February 2008 – 5 Critical Security Questions That IT and Corporate Leaders Are Asking

Getting the answers to who, what, when, where and why regarding network security.

Technology Executive Alert Newsletter  By Linda Musthaler and Brian Musthaler, Network World, 01/28/08

Who, what, when, where, and why? When it comes to network security, these are the five critical questions that IT and corporate leaders are asking. As pressure mounts for companies to protect their information assets from unintentional disclosure and to maintain compliance with a growing number of policies and regulations, it’s becoming more important to know exactly who is doing what on the network as it is happening.

While only a human can answer the question of “why?” numerous tools individually help organizations manage and answer parts of the “who,” “what,” “when” and “where” questions. Tools like intrusion detection systems (IDS), security information management (SIM), network access control (NAC), and network behavior analysis (NBA) all provide good details that paint portions of a picture. The complete picture, however, is like one of those connect the dots drawings; the details are all there in different silos (e.g., users, assets, applications), but sometimes additional resources are required to match/reconcile results to reveal the picture in its entirety.

More: 5 Critical Security Questions That IT and Corporate Leaders Are Asking

Source: http://www.networkworld.com/

4 February 2008 – Confusion Reigns Over UK ID Cards

Plans for the introduction of identity cards in the UK have been thrown into confusion after leaked government memos cast doubt on the future of the project and two key backers pulled out.

BAE Systems and Accenture have both announced that they are pulling out of the plan, which could cost individuals up to £500 each.

“At this stage of the competition our assessment is that our bid would not contain every element necessary to deliver to the customer’s requirement. We continue to monitor the programme with interest,” BAE told Reuters.

More: Confusion Reigns Over UK ID Cards

Source: http://www.computing.co.uk/

4 February 2008 – Routine Fingerprinting at Heathrow Provokes Outrage

Civil Liberties campaigners have accused airport chiefs of sneaking in mandatory fingerprinting of passengers on domestic routes without proper consultation. Heathrow Airport has quietly introduced compulsory fingerprinting and photographic profiling of passengers on domestic routes, including to Glasgow and Edinburgh, ahead of the opening of its fifth terminal late next month.

The move has already caused disquiet among some passengers who were handed leaflets warning they would be barred from their flights unless they co-operated.

Anti-ID card campaigners have demanded to know why no public announcement was made and fear compulsory fingerprinting is smoothing the path for the controversial scheme’s introduction UK-wide.

The British Airports Authority (BAA), which operates Heathrow, claims the profiling is needed because the new terminal will have a single departure lounge for domestic and international travellers.

More: Routine Fingerprinting at Heathrow Provokes Outrage

Source: http://www.sundayherald.com/

4 February 2008 – Our State Collects More Data Than the Stasi Ever Did. We Need to Fight Back.

This has got to stop. Britain’s snooper state is getting completely out of hand. We are sleepwalking into a surveillance society, and we must wake up. When the Stasi started spying on me, as I moved around East Germany 30 years ago, I travelled on the assumption that I was coming from one of the freest countries in the world to one of the least free. I don’t think I was wrong then, but I would certainly be wrong now. Today, the people of East Germany are much less spied upon than the people of Britain. The human rights group Privacy International rates Britain as an “endemic surveillance society”, along with China and Russia, whereas Germany scores much better.

More: http://politics.guardian.co.uk/comment/story/0,,2249468,00.html

Source: http://politics.guardian.co.uk/

30 January 2008 – ID Cards Scheme Wobbles

The programme for the introduction of national ID cards is looking increasingly uncertain, as potential suppliers Accenture and BAE bowed out of the ID card bidding process.

Dominic Trott, a consultant at Pierre Audoin Consultants (PAC) said that the exit of Accenture and BAE highlights the fact “suppliers are feeling shaky”.

Graham Titterington, Ovum analyst, added, “Companies are becoming doubtful [about the ID cards scheme] due to large costs, political doubt and the risk of not winning a contract.”

More: ID Cards Scheme Wobbles

Source: http://www.computing.co.uk/

30 January 2008 – PGP Updated to be a Good Citizen

PGP has updated a number of components in its flagship PGP Encryption Platform to improve performance, functionality and make it less obtrusive to the user.

Three of the six tools have received a significant overhaul while the other three received only minor performance tweaks, according to John Dasher, director of product management for PGP. The release is officially dubbed PGP Encryption Platform 9.8-2.8.

Overall, PGP’s efforts behind this release were to make its security product play better with your system, said Dasher. “One of the things we’re constantly concerned about is the deployment and maintenance experience of the product line,” he told InternetNews.com. “We recognize one of the larger concerns is how do you live with it.”

More: PGP Updated to be a Good Citizen

Source: http://www.insideid.com/

30 January 2008 – IPS Leak Suggests ID Card Fingerprint Chop

A key component of the UK ID card scheme, the central database of fingerprints, may be abandoned, according to a leaked Home Office document obtained by the Observer. The document doesn’t suggest entirely scrapping fingerprints, but instead suggests that their value should be assessed for each group of the population enrolled.

So how does that work? Well, for the ID scheme as originally planned, it clearly doesn’t. From David Blunkett onwards Home Office ministers have presented biometrics as the system’s USP, the one single factor that makes it entirely certain (in their view) that you are who you say you are. And, they have claimed, the ability to check those biometrics against a central register would give us the ‘gold standard’ of identity. But if you don’t necessarily collect everybody’s fingerprints, then you don’t have a complete national biometric register, so you might as well save yourself a pile of money, chuck away any notion of online biometric checks as a matter of routine, and forget any ideas you still had about a national biometric register.

More: http://www.theregister.co.uk/2008/01/28/id_cards_chop_fingers/

Source: http://www.theregister.co.uk/

30 January 2008 – The Leaked Document On ID Cards

THIS is, as it is claimed, the scan of an internal document of the Identity and Passport Service. It’s about the plans for the UK’s identity card scheme…

More: http://www.anorak.co.uk/politicians/180005.html

Source: http://www.anorak.co.uk/

30 January 2008 – Forget Passports – Teachers and Kids Are the New ID Card Targets

Teachers and 16 year olds are the favoured ’soft targets’ for the redesigned ID card scheme rollout, according to an Identity & Passport Service planning document seen by The Register. As suggested in leaks last weekend, IPS now plans to soft-pedal fingerprints and – astoundingly – it seems on the point of abandoning the notion of forcing ID cards onto the public via passport renewals.

The document, National Identity Scheme Options Analysis – Outcome, appears to be a summary report of strategic planning sessions which took place at the end of last year, and has more than a smack of desperation about it. Although e-borders and immigration, ‘counting them all in and counting them all out’ has been the main focus of the government’s identity sales pitch over the past year, and identity cards are a key component of the full e-borders picture, actually doing it turns out to be too hard, too expensive, and the benefits “narrow in nature”. Yes, Immigration Minister Liam Byrne has precious little else to talk about, but no, that’s not how they’re planning to do it.

More: Forget Passports – Teachers and Kids Are the New ID Card Targets

Source: http://www.theregister.co.uk/

28 January 2008 – No ID, No Problem

In the two years since legislation for a UK national identity card scheme gained royal assent, the case against the multi-billion pound programme has become overwhelming. The government’s arguments in favour have crumpled. Now, if leaked official documents are to be believed, its roll-out is to be delayed until 2012. Some investors, concerned that it is not worth the wait, are already walking away. Gordon Brown inherited this deeply flawed plan from his predecessor as prime minister. He should follow his instincts and abandon it altogether.

More: No ID, No Problem

Source: http://www.ft.com/

28 January 2008 – ID Cards May Be Issued by Coercion, Says Leaked Memo

The Government is looking at using “coercion” tactics as a way of introducing the controversial ID card scheme, a leaked memo suggests.

The Home Office document said that young people could be made to apply for an ID card when they applied for a driving licence.

Gordon Brown has always insisted that ID cards would remain voluntary unless Parliament decided otherwise. But the latest memo – headed Options Analysis – suggests that officials are already thinking about how they can be made compulsory.

It states: “Various forms of coercion, such as designation of the application process for identity documents issued by UK ministers (eg, passports) are an option to stimulate applications in a manageable way.

“There are advantages to designation of documents associated with particular target groups, eg, young people who may be applying for their first driving licence.”

More: ID Cards May Be Issued by Coercion, Says Leaked Memo

Source: http://www.timesonline.co.uk/

28 January 2008 – Costs Set to Rule Out Register of Fingerprints

The future of the UK’s identity card scheme was thrown into further confusion last night after it emerged that the Home Office is looking to scrap one of its key components – a national register of fingerprints.

More: Costs Set to Rule Out Register of Fingerprints

Source: http://observer.guardian.co.uk/

28 January 2008 – Tory Leaders in Street Protest at Plan for ID Cards

Scottish Tory leaders took to the streets yesterday to protest against government plans for compulsory identity cards.

Annabel Goldie and David Mundell led a group of party supporters outside the Passport Office in Glasgow highlighting what they claim is the ineffectiveness and unfair cost of ID cards.

They argued that money needed to introduce and maintain the system would be better spent on improving security at the country’s borders, if prevention of terrorism was a desired outcome.

More: Tory Leaders in Street Protest at Plan for ID Cards

Source: http://www.theherald.co.uk/

25 January 2008 – Companies Abandon ID Card Project

Two prominent companies have pulled out of the procurement process for the controversial multi-billion pound identity card programme amid growing concerns that the government is planning to delay the roll-out of the project.

The Financial Times has learnt that the IT services company Accenture and the defence company BAE Systems have decided not to pursue contracts linked to the biometric identity card system, with IT experts warning that some suppliers are growing increasingly frustrated with the government’s indecision.

More: Companies Abandon ID Card Project

Source: http://www.ft.com/

25 January 2008 – Delay Tactics

Tony Blair regarded ID cards as an election winner. He pledged that legislation to make them compulsory would form a “major plank” of Labour’s next election manifesto. Under Gordon Brown it now looks clear that will be no such pledge.

Any decision on compulsory ID cards could be delayed until after 2020 even if ministers stay committed to the scheme and there is no change in government and technological problems, concerns about cost and shifting public attitudes don’t cause yet more delays.

More: Delay Tactics

Source: http://www.bbc.co.uk/

25 January 2008 – National ID Cards Scheme Delayed Until 2012

The Government’s national identity card scheme was “in the intensive care ward” after leaked documents showed plans to issue UK citizens with the cards have been delayed until after the next election.

Amid growing doubts that the multibillion pound scheme will ever see the light of day, a confidential Home Office report suggests that the widespread introduction of cards for British nationals will not come until 2012 at the earliest.

That is two years later than the Government has previously stated. It would also ensure that the general introduction of ID cards took place well after the next election, which must be held by May 2010 at the latest.

More: National ID Cards Scheme Delayed Until 2012

Source: http://www.telegraph.co.uk/

25 January 2008 – The National ID Register Will Leak Like a Battered Bucket

The government is going to introduce a single system for all our identities. And I promise, you can’t trust it. First, it will leak like a battered old bucket. Oh yes, there will be ministerial statements. Apologies. Inquiries. Expensive new IT consultants will be brought in. Tough and unbreakable procedures will arrive. And still it will leak like a battered old bucket – except that it will be the most expensive battered old bucket in the history of the world, and we will keep pouring in money to the IT industry in the years to come.

Second, it will be riddled with errors. Great-grannies will be jumped on by armed police at Newcastle airport because of an administrative or human error. Identities will be confused. And third, whatever promises there are about keeping some things, health things, or criminal record things, off one database, these walls will be breached. There is always an emergency, a special case, on the way.

This is a fantasy of control. Whatever Des Browne says today, whatever promises he makes, however rare and unusual he says the loss of this laptop was, the truth is in the record. The national identity register will make us less safe, not more so. However late the hour, it should be scrapped.

More: The National ID Register Will Leak Like a Battered Bucket

Source: http://politics.guardian.co.uk/

25 January 2008 – Sorry? Then Scrap the ID Database

Now it is the Defence Ministry’s turn to be caught leaving highly sensitive personal information lying around where anyone could pick it up.

The implications of this are specially bad, given the size and urgency of the terrorist threat, and no efforts should be spared in recovering the lost computer and finding out who has seen the data it held.

But there is a more general point here.

These incidents are becoming so common that it is time the Government stopped apologising – which is welcome but makes no practical difference – and began to examine the problem with honesty and clarity.

There is no good reason for low-level Government employees to have such easy entry to databases containing so much highly personal material.

More: Sorry? Then Scrap the ID Database

Source: http://www.mailonsunday.co.uk/

25 January 2008 – NAC votes against Identity Cards

The government’s plans to introduce ID cards received a fresh blow today as North Ayrshire Council voted not to co-operate with any introduction of the controversial documents.

A motion introduced by Tony Gurney, SNP Councillor for Ardrossan and Arran, called on the council to write to the Home Office informing them that North Ayrshire Council will not take part in any voluntary pilot scheme or feasibility work related to the National Identity Scheme.

Speaking during the council meeting, Councillor Gurney pointed out that the cost of introducing ID cards is estimated to be £18bn. Terminals to use the cards, (paid for by council tax payers), will cost £4000 each; money that could be far better used for providing local services. He described the proposal for ID cards as ‘an attack on civil liberties’, involving huge expense as yet un-costed by the government, and added, ‘It is without a doubt a system the council should reject wholeheartedly.”

More: http://www.arranvoice.com/detail.php?id=2818

Source: http://www.arranvoice.com/

25 January 2008 – ID Cards Not Welcome in Wales

A Welsh Liberal Democrat debate calling for ID Cards not to be used to access public services in Wales has been passed with unanimous cross party support.

The vote guarantees that any move to introduce ID cards by Labour in Westminster will have no impact on access to health and education services in Wales.

Mike German, leader of the Welsh Liberal Democrats, said: “This is a powerful message to Westminster: Wales is not interested in ID cards.

“Last time we voted on this motion the Labour Party abstained. Today, they are in support. We were expecting someone on the Labour benches to stand up and defend their party’s policy, to explain the case being put forward in Westminster. But no. Not one single Labour AM has stood up. We’ve heard absolutely nothing from the Labour Assembly Members.”

More: http://www.newswales.co.uk/?section=Politics&F=1&id=12922

Source: http://www.newswales.co.uk/

25 January 2008 – Immigrant ID Cards and Border Checks Slip Towards 2009

Immigration minister Liam Byrne has concealed what looks like further ID card slippage and set himself a remarkably unchallenging series of immigration and border control targets in a “ten point plan” for 2008. Humorously described by the Home Office as “challenging”, the plan consists largely of low targets, targets already achieved, and harder targets lobbed off into the middle distance.

More: Immigrant ID Cards and Border Checks Slip Towards 2009

Source: http://www.theregister.co.uk/

25 January 2008 – I’m One of ‘Them’

If Gordon Brown has his way I’ll soon be forced to choose between my husband and my liberty. As a Canadian resident in the UK, beginning this year I’m required to carry an ID card under the Labour government’s national identity cards scheme. As Brown put it in last week’s prime minister’s questions: “I suggest the whole of the country supports ID cards for foreign nationals.” According to the ID cards website, this means that when I fork out another 500 quid to extend the “temporary leave to remain” I was granted when I married an Englishman, I’ll be “eligible” to apply for an ID card, which I will be compelled to acquire.

More: I’m One of ‘Them’

Source: http://commentisfree.guardian.co.uk/

22 January 2008 – The Best Virtues of British Medicine Are in Grave Peril

Patients are still seen and treated on the basis of mutual trust and respect and on a continuing basis that lasts far longer than individual episodes of illness. We still treat our list of patients and act as their advocates within an increasingly complicated NHS system. Most doctors and their patients still believe in personal care, a lifelong, confidential medical record and the virtues of treating people in the context of families and loving relationships.

Why, then, is all this now in great danger? For the answer, we have to look south of the border – paradoxically under a Prime Minister brought up in Fife, educated in Edinburgh and elected to Westminster by Scottish voters. The English NHS is set to dismantle the very basis of personal care by doctors serving a defined list of patients on the grounds of fashionable competition and privatisation. The key vehicle for this change is dilution of the confidentiality of the personal medical record, recklessly allowing its details to be automatically sucked from practice computers on to what is known as “the spine” – an electronic database to be available to anyone within the NHS “family”.

Connecting for Health, the latest massively expensive governmental IT disaster, is promoted as essential for the emergency care of any patient who turns up unannounced at a hospital, but the dangers of information incontinence within the NHS, the largest single employer in Europe, is conveniently forgotten. Already there are instances of illicit access to the records of celebrity patients. The real reason for this dangerous innovation, of course, is not patient care, but so that the English Department of Health can offer general practice contracts to alternative providers – commercial companies that propose to offer primary care through the same supermarkets and high street outlets that seem to have captured the imagination of the spotty adolescents who populate the No 10 Policy Unit.

More: The Best Virtues of British Medicine Are in Grave Peril

Source: http://www.theherald.co.uk/

22 January 2008 – New Leaked Data Fiasco

First of all she was both a doctor and a patient, a woman who when young suffered a rare and serious life-threatening condition. This made her of interest to researchers.

According to the High Court statement her private medical details, in fully identifiable form, were disseminated widely for the purposes of research and passed to her employers despite her withholding consent.

She contacted Addenbrooke’s hospital, where the researchers were based, to complain about the unobtrusive (sic) phone calls. She also asked for her details to be removed.

They and the East Anglian cancer registry refused repeatedly until ordered by the court. The latter alleged that the claimant’s statement was not true, because it was ‘not possible’ that her details could be held there.

In fact, it was true. All her private medical details were there. They were forced to apologise. Although it took them five years.

It is also clear from the court documents, that the claimant and her colleagues were expected to do research using fully identifiable patient medical records/data. When she raised her concerns to her employers she was placed on special leave and suspended.

She was forced to spend the next three years fighting the libel action allegations made against her. It would appear because some people did not like her questioning of how data was held.

Why did the PCT and Addenbrooke’s react so strongly to her asking for her private medical details to be removed from the register? Neither would comment.

More: New Leaked Data Fiasco

Source: http://www.channel4.com/

22 January 2008 – Brown Gives Himself ‘Wriggle Room’ on ID Cards Scheme

The commitment of Gordon Brown to identity cards was in question last night after he declined to say if he personally supported making them compulsory.

The scheme is due to be rolled out to foreign nationals this year and on a voluntary basis to Britons renewing their passports from 2009. Under the Government’s plans, they would be made compulsory in the next decade following a vote in Parliament.

Downing Street and the Home Office insisted that the scheme was on track. But opponents of identity cards detected a softening in the Prime Minister’s enthusiasm following a series of scandals over the loss of personal data by government departments.

More: Brown Gives Himself ‘Wriggle Room’ on ID Cards Scheme

Source: http://news.independent.co.uk/

22 January 2008 – Is It or Isn’t It? Brown Keeps Bottling the ID Card Question

For the third time in four days, Gordon Brown has sown doubts about the future of compulsory ID cards for UK citizens. Speaking at prime minister’s question time today, Brown confirmed that it was “policy” for ID cards to become compulsory, but added the rider that this was subject to a vote in parliament.

As indeed is the case, but speaking to the Observer on Sunday, Brown had said that under the government’s “proposals” there was “no compulsion for existing British citizens.” When Tory leader David Cameron queried this in the Commons today, Brown responded that “it has to be voted on by parliament”, his apparent contention being therefore that there is no current compulsion, the government would like compulsion, but that compulsion nevertheless cannot exist until parliament has said that it will. Or something like that.

More: Is It or Isn’t It? Brown Keeps Bottling the ID Card Question

Source: http://www.theregister.co.uk/

22 January 2008 – Marking Gordon’s Card

Is the government backtracking on its plan to make each and every one of us have an identity card? That’s one possible interpretation of Gordon Brown’s statement in his weekend Observer interview that “under our proposals there is no compulsion for existing British citizens”. On the face of it, this is a big retreat from the current policy set out by the Home Office in a strategic action plan just over a year ago. Although the current law, passed in 2006, doesn’t make it compulsory to register for an ID card, the government has always made it plain that this is only a matter of time. According to the strategic action plan, “It is the government’s policy that registration in the NIS should eventually be compulsory for all those resident in the UK who are over the age of 16″.

As a former Kremlinologist used to studying the fine print, it seems to me there are three ways to read this Delphic statement. First, Brown simply misspoke and muddled up the existing law with the government’s proposals for the next stage of the scheme. Second, he was deliberately trying to pull the wool over the eyes of liberal-minded Observer readers who’ve been reading Henry Porter’s columns. The third intriguing possibility is that some genuine rethinking is going on over the scale and timing of the ID scheme.

More: Marking Gordon’s Card

Source: http://commentisfree.guardian.co.uk/

21 January 2008 – Clarkson Stung After Bank Prank

TV presenter Jeremy Clarkson has lost money after publishing his bank details in his newspaper column.

The Top Gear host revealed his account numbers after rubbishing the furore over the loss of 25 million people’s personal details on two computer discs.

He wanted to prove the story was a fuss about nothing. But Clarkson admitted he was “wrong” after he discovered a reader had used the details to create a £500 direct debit to the charity Diabetes UK.

More: Clarkson Stung After Bank Prank

Source: http://news.bbc.co.uk/

21 January 2008 – Not fit for purpose: £2bn Cost of Government’s IT Blunders

The cost to the taxpayer of abandoned Whitehall computer projects since 2000 has reached almost £2bn – not including the bill for an online crime reporting site that was cancelled this week, a survey by the Guardian reveals.

The failure of the multimillion pound police site marks the latest chapter in the government’s litany of botched IT projects, with several costly schemes biting the dust. Major blunders overseen by Downing Street have included the Child Support Agency’s much-derided £486m computer upgrade – which collapsed and forced a £1bn claims write-off – and an adult learning programme that was subjected to extensive fraud.

More: Not fit for purpose: £2bn Cost of Government’s IT Blunders

Source: http://www.guardian.co.uk/

21 January 2008 – Just Don’t Do it: a Motto for Gordon

Dear Gordon

(…)

You should do exactly the same with the ruinously costly national ID card scheme. The data management fiascos have proved that government cannot cope with more information. Nobody has given a convincing argument for a national ID scheme – and anyway, you will incite a revolution if you try to force the British to carry compulsory identity cards like the Germans and French. You may believe that you have no alternative but to carry on with a programme to which you are publicly committed. But if you are banging your head against a brick wall, there is always an alternative: stop doing it.

More: Just Don’t Do it: a Motto for Gordon

Source: http://www.timesonline.co.uk/

21 January 2008 – We Have Everything to Fear from ID Cards

We start the year in Britain with a challenge to our essential nature, for 2008 might turn out to be the year when we decide to rip up the Magna Carta.

Among the basic civil rights in this country, there has always been, at least in theory, an inclination towards liberal democracy, which includes a tolerance of an individual’s right to privacy.

We are born free and have the right to decide what freedom means, each for ourselves, and to have control over our outward existence, yet that will no longer be the case if we agree to identity cards.

More: We Have Everything to Fear from ID Cards

Source: http://www.telegraph.co.uk/

21 January 2008 – Give Them Up for New Year

As he looked back on a year that was going so right until it went horribly wrong, the prime minister yesterday received unsolicited advice from the new Liberal Democrat leader about how to ensure 2008 turns out more happily. Scrap ID cards, Nick Clegg urged. He objects to the cards on fundamental grounds, claiming he would rather go to jail than carry what he sees as a pernicious piece of plastic. Such talk may be grandstanding: it is doubtful that the plans would see refuseniks locked up. But it is not necessary to be a would-be outlaw or an extreme libertarian to appreciate that giving up ID cards is one new year resolution that Gordon Brown should make.

More: http://politics.guardian.co.uk/comment/story/0,,2233787,00.html

Source: http://www.guardian.co.uk/

17 January 2008 – Clegg Pledging to Fight ID Cards

The new Lib Dem leader has pledged to campaign “tirelessly” against “expensive, invasive” ID cards in 2008.

Nick Clegg said the recent data loss “scandals” had created a lack of public confidence in the government’s ability to look after personal information.

His comments were made in his New Year message to the Lib Dem party.

More: Clegg Pledging to Fight ID Cards

Source: http://news.bbc.co.uk/

17 January 2008 – Beware the State’s ID Card Sharks

If Gordon Brown picks one failure from his first six months to learn from, it should be the loss of 25m people’s personal details. If he makes one resolution for 2008, it should be to scrap his reckless plan to introduce compulsory ID cards.

“Discgate” was the result of ministerial incompetence, but also flawed policy. As chancellor, Brown relentlessly pursued his forlorn vision of a “joined-up identity management regime” across public services. As prime minister, he continues this vain search, like an obsessed alchemist, for a giant database that his closest advisers ominously refer to as a “single source of truth”.

More: Beware the State’s ID Card Sharks

Source: http://www.timesonline.co.uk/tol/news/

17 January 2008 – The Precious Gift of Parental Neglect

Here’s a sad little note to temper the cheer: a study published last week, by University College London, concluded that children who are let out to play unsupervised grow up to be healthier and more sociable. Healthier because, it was found, children without adults in tow burn up more calories in heightened energy, thus warding off obesity, and more sociable as a result of independence and self-reliance ? benefits whose loss, says the leader of the study, Roger Mackett, carry many and grave implications. What makes this so sad is not that the professor is right; it is that there is scant chance of anyone taking a blind bit of notice.

More: The Precious Gift of Parental Neglect

Source: http://www.timesonline.co.uk/

17 January 2008 – Chattering Classes Deserve a Debate About e-Government

Look on the bright side, as the directors of the White Star shipping line might have said in April 1912: at least people are talking about us now. In the continuing fallout from the child benefit disc disaster, the government’s IT chiefs can draw one small consolation: the “transformational government” programme to join up public services through IT is now on the chattering classes’ agenda.

Intelligent citizens have begun to grasp that the 10-year-old programme to offer citizens joined-up electronic access to government (and government to citizens) is the biggest change to the government machine for 60 years, since the birth of the welfare state. The chattering is mainly hostile, of course, with a consensus that e-government will create a snooper’s paradise or a permanent milch cow for IT consultancies. Or both.

More: Chattering Classes Deserve a Debate About e-Government

Source: http://www.guardian.co.uk/

17 January 2008 – Just a Few Key-strokes Away from a New Orwellian Age

So the records of three million UK driving test applicants go missing in Iowa. These things happen. For the government of Britain, with unprecedented and unparalleled ambitions to gather and retain personal information, these things happen with increasing, if predictable, frequency.

Perhaps it concerns you. If not, it should, at least according to the government that keeps on losing the stuff. When not mislaying 25 million child benefit records, or information on three million people with hopes of mastering driving theory, ministers and civil servants are keen to remind us of the need for vigilance. Identity theft is a large and growing problem, they say. Larger after their recent efforts, perhaps, than before.

More: Just a Few Key-strokes Away from a New Orwellian Age

Source: http://www.theherald.co.uk/

16 January 2008 – Tory clone? Stop pulling my Clegg

New Liberal Democrat leader Nick Clegg gets understandably irritated when people compare him to his Conservative counterpart, David Cameron.

The two men are both in their 40s, went to public school and may now find themselves trying to appeal to the same sections of the electorate. But, so far as Clegg is concerned, there the similarities end.

He rejects suggestions he is on the right in Lib Dem terms and dismisses claims he is a Cameron clone.

More: Tory clone? Stop pulling my Clegg

Source: http://news.scotsman.com/

16 January 2008 – Primarolo Admits Ignorance Over Data Losses by Nine NHS Trusts

Ministers faced embarrassment over more mislaid data yesterday when they were forced to admit that they did not have details on what information had been lost by nine NHS trusts.

The loss of data potentially covering tens of thousands of patients’ records has been disclosed to the Department of Health by the trusts and to the information commissioner.

Ministers will be worried that the loss will further undermine confidence in the department’s plans for a new computer database of all NHS patients’ records.

More: Primarolo Admits Ignorance Over Data Losses by Nine NHS Trusts

Source: http://politics.guardian.co.uk/

16 January 2008 – NPIA Dismisses FBI Biometric Link

The National Policing Improvement Agency has denied there are plans to share biometric data with the US Federal Bureau of Investigations (FBI)

A spokesperson for the NPIA told GC News on 15 January 2007 that it was not participating in any discussions on the Server in the Sky project.

This follows a report in The Guardian that UK police officials have been talking to the FBI about making biometric information on criminals and suspects available on both sides of the Atlantic.

The spokesperson said the project had only been raised as an idea at a meeting of the International Information Consortium, a consultatitve group on policing technology of which the UK, US, Canada, Australia and New Zealand are members.

More: NPIA Dismisses FBI Biometric Link

Source: http://www.kablenet.com/

16 January 2008 – Home Office Completes Visa Fingerprint Roll Out

Measures to strengthen the UK’s borders by carrying out biometric checks on visa applicants have been completed early.

Home Office minister Liam Byrne has announced that the UK is now carrying out biometric checks on all via applicants, three months ahead of schedule and several million pounds under budget.

Anyone applying for a visa from 133 countries covering 75% of the world’s population now have their fingerprints checked against UK databases. Biometric checking has already identified nearly 500 cases of identity swapping, according to the Home Office.

In one case, the fingerprints of a Zambian national applying for a visa were discovered to match an asylum claim in 2001 from a Sierra Leone national with a different identity.

More: Home Office Completes Visa Fingerprint Roll Out

Source: http://www.kablenet.com/

16 January 2008 – Panel to Scrutinise DNA Policy

The Human Genetics Commission is leading a project to assess people’s attitudes towards the DNA database.

It is putting together two panels of 30 people each with the support of £75,000 of government funds, according to a report in The Register. The panels will “direct their own research into the forensic use of DNA centred on the police national DNA database”.

They include members of the public and will be advised by experts including scientists, academic and law enforcement officials, will be able to call their own witnesses and hold group sessions of up to 200 people. They are due to report in the spring, although they will not necessarily provide a single opinion or conclusion.

The final results will be fed into the Human Genetics Commission’s own report to the government on forensic use of DNA.

More: Panel to Scrutinise DNA Policy

Source: http://www.kablenet.com/

15 January 2008 – Storm Splinters, Starts Phishing, Say Researchers

Part of the Storm botnet appears to have been rented out to identity thieves, who are using it to conduct traditional phishing attacks that target customers of a pair of U.K.-based banks, researchers said Wednesday.

Two recent phishing attacks — one aimed at customers of Barclays, the second at account holders of the Bank of Scotland — appear to be coming from domains associated with known campaigns designed to build out the botnet of Storm-infected PCs.

Fortinet was the first security company to confirm that the Barclays attack came from Storm-controlled machines. In a post Monday, Fortinet research engineer Derek Manky noted that the phishing e-mails originated from a Storm fast-flux domain that the botnet had used since the middle of 2007.

More: Storm Splinters, Starts Phishing, Say Researchers

Source: http://www.networkworld.com/

15 January 2008 – Colombian Man Pleads Guilty to Computer Fraud

A Colombian man pleaded guilty Wednesday to a 16-county indictment involving an identity theft scheme in which he installed keylogging software on hotel business center computers and Internet lounges in order to steal passwords, account data and other personal information, the U.S. Department of Justice announced.

The computer fraud scheme had more than 600 victims worldwide, including U.S. Department of Defense employees, the DOJ said. Mario Simbaqueba Bonilla, 40, used money obtained in the scheme to buy expensive electronic devices, including a home theater system, and to fund luxury travel to Hong Kong, France, Jamaica, the U.S. and other locations, according to a DOJ news release and the indictment in U.S. District Court for the Southern District of Florida.

Simbaqueba Bonilla, sometimes working with a co-conspirator, used a series of complex computer intrusions to steal money from payroll, bank and other accounts, the DOJ said. Much of the identity theft activity targeted U.S. residents, including employees of the Department of Defense.

More: Colombian Man Pleads Guilty to Computer Fraud

Source: http://www.networkworld.com/

15 January 2008 – Passport Card with Chatty RFID Chip Draws Privacy Ire

A proposed new RFID-enabled passport card intended for use by Americans frequently travelling to Canada, Mexico. Bermuda and the Caribbean poses serious security and privacy risks for users, the Centers for Democracy and Technology (CDT) warned this week.

Among the concerns are the potential for the card to be used for location tracking by government and private entities and the relative ease with which it can be manipulated for identity theft purposes, the CDT said.

The Washington-based think tank’s warning was prompted by a final ruling in the Federal Register from the U.S. Department of State on Dec. 31, 2007 calling for the use of so-called “vicinity read” radio frequency identification technology on proposed new passport cards. The department first announced plans to use RFID chips for new passport cards back in October 2006 and has been going through a process of collecting and responding to comments on its plans.

More: Passport Card with Chatty RFID Chip Draws Privacy Ire

Source: http://www.networkworld.com/

15 January 2008 – Sears Puts Customers’ Buying Histories on the Web

Sears Holdings has come under fire from privacy advocates for making the purchase history of its customers publicly available on its Managemyhome.com Web site.

Manage My Home is a community portal where Sears shoppers can download product manuals, find product tips and get home renovation ideas.

The Web site has a feature called “Find your products” that lets users look up past purchases. Ostensibly, this is designed to help customers keep track of items they’ve bought from the retailer, but the site also lets them look up the purchase histories of other people.

“Sears offers no security whatsoever to prevent a Manage My Home user from retrieving another person’s purchase history by entering that person’s name, phone number, and address,” wrote Ben Edelman, an assistant professor with Harvard Business School, in a blog posting.

More: Sears Puts Customers’ Buying Histories on the Web

Source: http://www.networkworld.com/

15 January 2008 – CEOs on Facebook Easy to Dupe, Says Researcher

Corporate executives should think twice about the information they disclose on social networking sites such as Facebook, a Hong Kong-based security company warned Friday after duping gullible CEOs and finance directors into revealing personal details that could be used for so-called spear-phishing attacks.

Network Box, which makes and sells threat prevention appliances, recently conducted an experiment to see how difficult it is to glean important information from business executives.

“We were asked to see if we could gain information about individuals without having a real-life link to them,” said Simon Heron, Network Box’s managing director, in an e-mail. “We used a fake Web mail account to create a fake Facebook account. With this, we approached individuals who we knew to be in quite senior positions and simply asked to be their friends, explaining that we knew them while at school.”

More: http://www.networkworld.com/news/2008/010408-ceos-on-facebook-easy-to.html

Source: http://www.networkworld.com/

4 January 2008 – Big Brother Awards 2007 – Austria and Switzerland

The Big Brother Awards ceremonies in Austria and Switzerland took place in the past weeks in Viena, on the 25 October 2007 and in St Gall, on the 9 November 2007, respectively.

The Swiss ceremony of the 8th edition of Big Brother Awards was organised by the associations “droitsfondamentaux.ch” and EDRI-member Swiss Internet UserGroup (SIUG).

The award for the State and for the entire work was received by the Federal Councillor Christoph Blocher. In the Business category the insurance company HELSANA of Zurich was the winner and CFF and OFT were awarded in the Work place category.

More: http://www.edri.org/edrigram/number5.22/bba-austria-switzerland

Source: http://www.edri.org/

4 January 2008 – UK Government Security Failure

In breaking news, the Chancellor of the Exchequer will announce at 1530 that HM Revenue and Customs has lost the data of 15 million child benefit recipients, and that the head of HMRC has resigned.

FIPR has been saying since last November’s publication of our report on Children’s Databases for the Information Commissioner that the proposed centralisation of public-sector data on the nation’s children was not only unsafe but illegal.

More: http://www.lightbluetouchpaper.org/2007/11/20/government-security-failure/

Source: http://www.lightbluetouchpaper.org/

4 January 2008 – Leopard Security Bug Puts Mail Users at Risk

Programmers have reintroduced a yawning security hole in Leopard, the latest version of Apple’s highly regarded operating system, after having patched it more than 20 months ago in an earlier version, a researcher has warned.

The bug in Apple Mail makes it possible for attackers to run malicious code on a victim’s machine by disguising an executable program as an image or other type of innocuous file, said (http://www.heise-security.co.uk/news/99257) Juergen Schmidt, editor-in-chief at Heise Security. A user can become infected simply by clicking on an attachment that looks like a jpeg image.

More: http://www.theregister.co.uk/2007/11/20/leopard_reintroduces_security_vuln/

Source: http://www.theregister.co.uk/

4 January 2008 – Thumb Twiddling Mozilla Promises Fix for Privacy-biting Bug

Mozilla’s head of security has promised a patch for a dangerous vulnerability that’s been lurking in the popular Firefox browser for more than eight months.

The new urgency in fixing the jar: protocol handler comes after bloggers in recent weeks demonstrated how the vulnerability could wreak real-world havoc, including allowing attackers to steal a victim’s Gmail contacts. Short for Java Archive, the jar: protocol is used to compress Java classes and other types of files into a single file. Problem is, the protocol will open any zip-formatted file without first validating the MIME type of the archived contents. Malicious content is then run in the context of a trusted site. “An attacker can use this to evade filtering on sites that allow users to upload content and use this [to] initiate a cross site scripting attack,” Window Snyder, Mozilla’s security chief, wrote in this post on the Mozilla Security blog. “This may allow the attacker to access information stored on the trusted site without the victim’s knowledge.”

More: http://www.theregister.co.uk/2007/11/19/upcoming_firefox_patch/

Source: http://www.theregister.co.uk/

4 January 2008 – Be Your Own Personal Privacy Czar

Like most journalists I know I’m very sloppy about keeping my online communications secure. I rarely encrypt e-mail messages, leaving them to be read by anyone in the electronic chain between me and the intended recipient. And I use public chat services like MSN Messenger and iChat, even though they send messages as plain text across the network.

Partly this is because the tools needed to make communications secure can be cumbersome and complicated, even for someone with a technical background. But partly it is because I have not often been involved in researching stories that are going to bring me to the attention of those with the capabilities needed to tap even insecure online communications. But you never know.

More: http://news.bbc.co.uk/1/hi/technology/7101637.stm

Source: http://news.bbc.co.uk/

3 January 2008 – net.wars: Watching you watching me

The often-quoted number of times the average Londoner is caught on camera per day is scary: 200. (And that was a few years ago; it’s probably gone up.) … What is the right, privacy-conscious response to make?

I was reminded of this a few days ago when I was handed a copy of Privacy in Camera Networks: A Technical Perspective, a paper published at the end of July. Given the amount of money being spent on CCTV systems, it’s absurd how little research there is covering their efficacy, their social impact, or the privacy issues they raise. In this paper, the quartet of authors — Marci Lenore Meingast (UC Berkeley), Sameer Pai (Cornell), Stephen Wicker (Cornell), and Shankar Sastry (UC Berkeley) — are primarily concerned with privacy. They ask a question every democratic government deploying these things should have asked in the first place: how can the camera networks be designed to preserve privacy?

Source: http://www.newswireless.net/index.cfm/article/3653

More: http://www.newswireless.net/

3 January 2008 – Intel Official: Expect Less Privacy

As Congress debates new rules for government eavesdropping, a top intelligence official says it is time that people in the United States changed their definition of privacy.

Privacy no longer can mean anonymity, says Donald Kerr, the principal deputy director of national intelligence. Instead, it should mean that government and businesses properly safeguard people’s private communications and financial information. Kerr’s comments come as Congress is taking a second look at the Foreign Intelligence Surveillance Act. Lawmakers hastily changed the 1978 law last summer to allow the government to eavesdrop inside the United States without court permission, so long as one end of the conversation was reasonably believed to be located outside the U.S.

More: Intel Official: Expect Less Privacy

Source: http://www.washingtonpost.com/

3 January 2008 – Privacy and Security: There’s Always a Tradeoff

Hugo Teufel III, chief privacy officer of the Homeland Security Department, said recently at a roundtable discussion on cyber security for the Congressional High Tech Caucus that there was no need to balance privacy and security. The two go hand in hand, he said.

What a disturbing thing for a chief privacy officer to say. Although it is true that security can help ensure privacy, the two are not the same thing. Security often entails gathering sensitive information about individuals, and these collections raise plenty of concerns about privacy, no matter how well-intentioned.

More: http://www.gcn.com/online/vol1_no1/45454-1.html

Source: http://www.gcn.com/

3 January 2008 – Steroid Bust Shows Feds Can Still Get at “Private” and “Secure” E-mail

Criminals have plenty of reasons for wanting to encrypt their e-mail, and services like Hushmail offers such encryption in a strong form; not even the company can view the messages sent through its systems. Under most circumstances.

But there are cases when it can read the messages, and when that happens, those messages can then be subpoenaed by law enforcement. An alleged California supplier of anabolic steroids found that out the hard way earlier this year when Drug Enforcement Agency officers collected his supposedly “secure” e-mail from Hushmail.

More: Steroid Bust Shows Feds Can Still Get at “Private” and “Secure” E-mail

Source: http://arstechnica.com/news.ars/

3 January 2008 – Government Attempts of Increased Level of Surveillance in Czech Republic

The Czech Interior Ministry introduced in October 2007 a new National Action Plan to Combat Terrorism that would increase the access of the police and intelligence authorities to personal data, under the pretext of the protection against terrorism.

The Czech Ministry of Interior has introduced a similar plan every year since 2002 – in 2005 it actually won the Czech Big Brother Award for it – which, until now, has been rejected by the Parliament. The Plan of Action is meant to be used to draft legislation allowing police and other agencies to have access to emails and to wiretap without following any court procedures.

More: http://www.edri.org/edrigram/number5.21/terrorism-act-czech

Source: http://www.edri.org/edrigram/number5.21

2 January 2008 – Whois Privacy Problems Not Solved by ICANN

ICANN meeting that took place last week (29 October – 2 November 2007) in Los Angeles was expected to decide on the WHOIS database privacy problems. But unfortunately the decision taken was just to make further studies on the matter, despite the already seven years of discussions on this topic.

The need for WHOIS reform has been a hot topic for some years in the civil society and some ICANN structures. An EPIC & NGO Letter to ICANN Board on Need for Whois Reform sent on 30 October 2007 asks “for changes to WHOIS services that would protect the privacy of individuals, specifically the removal of registrants’ contact information from the publicly accessible WHOIS database.”

More: http://www.edri.org/edrigram/number5.21/icann-whois

Source: http://www.edri.org/

2 January 2008 – EC Plans to Profile All Passengers In and Out EU

The European Commission(EC) put forward on 6 November 2007 a PNR plan that is almost similar to the EU-USA PNR (Passenger Name Records) agreement. The EU PNR plan is part of a new package of proposals “aimed at improving the EU’s capabilities in the fight against terrorism.”

According to this proposal, EU will have to collect 19 pieces of personal data on air passengers coming into and leaving the EU space, including phone number, e-mail address, travel agent, full itinerary, billing data and baggage information. The information will be collected in analysis units that will make a “risk assessment” of the traveller, which could lead to the questioning or even refusal of the entry. The data is to be kept for five years and then another eight years in a “dormant” database.

More: http://www.edri.org/edrigram/number5.21/eu-pnr

Source: http://www.edri.org/

2 January 2008 – EDRI Supports PI’s Comments on Google-Doubleclick Merger

European Digital Rights Initiative (EDRI) is supporting the letter Privacy International (PI) sent on 5 November 2007 asking the head of the European Commission DG Competition, Commissioner Kroes, to take the merger of Google-Doubleclick to the next phase. PI argues that the merger could have serious implications for privacy innovation in advertising.

The letter explains the problems that the merger could bring to the online advertising market: “Google’s purchase of Doubleclick is particularly worrying because it is a significant consolidation in this domain and we worry that this very competition to provide high-quality privacy practices will dissipate. Google’s dominant position in the search marketplace will be compounded by Doubleclick’s dominant position in online profiling, leading to a potentially abusive situation for the protection of privacy. If the merger is approved, then Google’s dominant service will transform radically from one with a search advertising function into one that collects both searches and browsing habits of users. “

More: http://www.edri.org/edrigram/number5.21/google-doubleclick-pi-edri

Source: http://www.edri.org/

2 January 2008 – Privacy Watchdog Questions ‘Opaque’ Federal No-fly List

Canada’s privacy commissioner says there was very little consultation with her office before the Conservative government introduced a no-fly list for air travellers last June.

And Jennifer Stoddart told the Air India inquiry Tuesday that she has so far seen little rationale for the list, part of the so-called Passenger Protect Program. Stoddart told inquiry Commissioner John Major she is concerned that people could be placed on the list in error and face dire consequences if their identities are then disclosed to the RCMP or passed on to police agencies in other countries.

More: Privacy Watchdog Questions ‘Opaque’ Federal No-fly List

Source: http://www.canada.com/edmontonjournal/

2 January 2008 – EU Could Collect Air Passenger Data

Part of a new anti-terrorism campaign, a commission proposal would allow member states to collect personal information and keep it for 13 years.

As part of a new EU counter-terrorism strategy, Brussels is to propose that member states collect 19 pieces of air passenger data, with the possibility to store it for up to thirteen years. On Tuesday (6 November), EU home affairs commissioner Franco Frattini will kick off a lengthy legislative process, which at the end should see an EU-wide air passengers name recording scheme (PNR) similar to the controversial US database on European air travellers.

More: EU Could Collect Air Passenger Data

Source: http://www.businessweek.com/

19 November 2007 – Online Police Searches Adopted Also in Austria

Austrian authorities have announced that the police will start from 2008 to use online searches as an investigation tool in order to keep up with the use of new technologies for terrorist and serious crimes. Austria is joining in this way Germany and Switzerland that are working in the same direction, despite serious privacy concerns.

In an interview to the radio station ?Ö1, Austrian Minister of Internal Affairs, G?ünther Platte, and the Minister of Justice, Maria Berger, announced this new measure that was proposed to be discussed in the Government meeting. The two politicians explained that the measure will be used only in connection with terrorist cases or other serious crimes, where a punishment of at least 10 years imprisonment is foreseen.

More: http://www.edri.org/edrigram/number5.20

Source: http://www.edri.org/edrigram/number5.20/austria-online-searches

19 November 2007 – Microchip Gives Staff the Lowdown on Pupils

Children are being tracked by micro-chips embedded in their uniforms in a trial at a secondary school.

The devices are used to monitor pupils’ movements and register their arrival in class on the teacher’s computer. Supply teachers can also be alerted if a student is likely to misbehave. The chip connects with teachers’ computers to show a photograph of the pupil, data about academic performance and whether he or she is in the correct classroom. It can also restrict access to areas of the school. The radio frequency identification system is being tested at Hungerhill School in Doncaster, South Yorkshire. Ten pupils began wearing a chip sewn into their uniforms eight months ago. The scheme has drawn criticism from human rights campaigners. “Tagging is what we do to criminals we let out of prison early,” said David Cleater, from Leave Them Kids Alone, which campaigns against the finger-printing of pupils. “It is appalling.”

More: http://www.timesonline.co.uk/tol/news/uk/education/article2698062.ece

Source: http://www.timesonline.co.uk/

19 November 2007 – Security Experts Report on Hazards of New Surveillance Architecture

This summer’s Protect America Act (PAA) temporarily authorized warrantless surveillance of communications that Americans have with individuals abroad. The use of this authority will require the deployment of new interception technologies. These new technologies raise several significant security risks.

The report identified the three most serious security risks. The experts pointed to the danger that the system could be exploited by unauthorized users. A Greek wiretapping system was exploited by an as yet unknown party to listen in on government conversations. FBI documents of the DCS 3000 telephone wiretap system revealed several problems in the system’s implementation. This risk turns a surveillance system on its head.

More: http://www.epic.org/alert/EPIC_Alert_14.21.html

Source: http://www.epic.org/

19 November 2007 – French Protest DNA Database Law

Last week, thousands of French citizens attended a concert organized by SOS Racisme to protest a new proposed law authorizing DNA tests for immigrants. The law authorizes the use of DNA testing to determine whether foreigners applying for visas are actually related to family members they seek to join in France. Critics of the proposal claim it infringes basic human rights.

The main argument against the amendment is that the notion of family in French law is not based on blood, but on recognition of a child as one’s own. DNA testing would set up a double standard – one for the French, another for immigrants. The testing could also prejudice the immigration status of stepchildren and adopted children. Another recent amendment to the proposal has limited the testing only to maternity, leaving aside the “potentially embarrassing” question of paternity. The new legislation also stirs up memories of the collaborationist Vichy government during the Nazi occupation of France.

More: http://www.epic.org/alert/EPIC_Alert_14.21.html

Source: http://www.epic.org/

19 November 2007 – Nevada Passes First Law Requiring Business to Encrypt Customer Personal Information During Transmission

Significance of the Law: Nevada has enacted the first data security law that mandates encryption for the transmission of customer personal information. (NRS 597.970) The law goes into effect on October 1, 2008. While there are several laws that direct organizations in certain industries to consider using encryption and laws that make encryption a factor in decisions regarding breach notifications, no law required the encryption of personal information prior to this Nevada law.

Summary of the Law: The law is brief and provides that “A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission.”

More: Nevada Passes First Law Requiring Business to Encrypt Customer Personal Information During Transmission

Source: http://www.privsecblog.com/

16 November 2007 – Security and Privacy Enhancements for Firefox Users Through CustomizeGoogle

CustomizeGoogle is a Firefox extension I haven been using for quite some time now. It offers some valuable settings that are aimed to Google users. Some of them include URL previews, Google search suggest words, customizing search result pages and much more.

The extension also contains a number of security enhancements that could make your online life much easier and more private. This is an overview of these security functions in CustomizeGoogle.

More: http://www.net-security.org/article.php?id=1081

Source: http://www.net-security.org/

16 November 2007 – Standardizing a wilderness of IDs

The federal government is producing a variety of identification documents for its own employees, critical infrastructure workers and international travelers. But some lawmakers are concerned about the cost of the overlapping programs and the threat to privacy posed by the technology they use.

During a hearing yesterday on Capitol Hill, Rep. Edolphus Towns (D-N.Y.), chairman of the House Government Reform and Oversight subcommittee on Government Management, Organization and Procurement, questioned the need for multiple formats and technologies for IDs. He noted that the Homeland Security Department alone has three different programs issuing cards to frequent border crossers. In addition to the Trusted Worker Identification Credential for workers in secure areas of sea and airports, there also is the Personal Identity Verification card mandated in Homeland Security Presidential Directive 12 for federal workers and new smart driver’s licenses mandated by the Real ID Act.

More: http://www.gcn.com/online/vol1_no1/45257-1.html

Source: http://www.gcn.com/

16 November 2007 – California Governor Vetoes Proposed Law Imposing Stronger Data Protection Requirements

California Governor Arnold Schwarzenegger vetoed AB 779 — legislation that would have amended California’s data security breach legislation to impose stronger data protection requirements than the Payment Card Industry Data Security Standard.

AB 779 would have prohibited businesses that sell goods or services to any resident of California and that accept as payment credit cards (and debit cards or other payment devices) from, among other things, storing, retaining, sending, or failing to limit access to payment-related data, and from storing sensitive authentication data subsequent to an authorization, unless a specified exception applied. Further, the bill would have made such businesses liable to the owner or licensee of the information for the reimbursement of costs of: (i) providing notice to consumers as required by existing data breach notification law; and (ii) card replacement as a result of the breach.

More: California Governor Vetoes Proposed Law Imposing Stronger Data Protection Requirements

Source: http://www.privsecblog.com/

16 November 2007 – Illegal Government Surveillance Opens Door to More Privacy Violations

The Electronic Frontier Foundation (EFF) told a congressional committee today that the government’s illegal dragnet electronic surveillance opens the door to even more privacy violations for ordinary Americans.

The sheer volume of personal information collected and the databases in which that information is stored create a giant target for attackers who want to steal or expose Americans’ personal data. In a response to questions asked of EFF by the House Committee on Energy and Commerce, EFF Legal Director Cindy Cohn explained in comments submitted Friday that an increase in the number of databases introduces more points of vulnerability into the system, putting sensitive personal information from millions of people at risk. “We have all heard about security problems with government databases. A report from the Department of Homeland Security found 477 breaches in 2006 alone,” said Cohn. “The warrantless domestic surveillance going on now isn’t just illegal — it could expose your personal information to thieves and criminals.”

More: http://www.eff.org/press/archives/2007/10/12

Source: http://www.eff.org/

16 November 2007 – Montreal Privacy Week: Terra Incognita or Deja Vu?

More than 600 persons from 50 countries gathered in Montreal to participate to the 29th International Conference of Data Protection and Privacy Commissioners, on 25-28 September 2007, making this year venue attended by a record number of interested parties.

The theme of the conference, ‘Privacy Horizons: Terra Incognita’, certainly played a role in this attraction. The audience has not been disappointed by presentations and panels indeed exploring currently challenging issues in the field of privacy and data protection, such as nanotechnology, ubiquitous computing, the body as data…, not to mention already well known, but continuously concerning issues like globalization, public safety and the interpenetration between law an technology.

More: http://www.edri.org/edrigram/number5.19/montreal-privacy-week

Source: http://www.edri.org/

15 November 2007 – UK: Decrypt Data or Go to Prison!

The controversial Part 3 of the Regulation of Investigatory Powers Act (RIPA) in UK is in force starting with 1 October 2007. This new regulation gives the power to police forces to ask for the disclosure of encryption keys, or force suspects to decrypt encrypted data.

RIPA was adopted in 2000, but Part 3 was not in force until last year when the UK government has started a public consultation on its enforcement. Despite the negative comments received from the security experts and the major concerns that the adoption of such a measure will push businesses outside UK, the authorities decided to uphold their initial position and to apply the law starting with 1 October 2007.

More: http://www.edri.org/edrigram/number5.19/ripa-part3-uk

Source: http://www.edri.org/

15 November 2007 – UK Fails to Properly Implement the EU Data Protection Directive

The European Commission (EC) is concerned about the way the UK has implemented the provisions for protecting personal data, according to information revealed by out-law.com following freedom of information requests.

An investigation has been initiated by the EC three years ago regarding the way the UK legislation has implemented 11 articles of the 34-article European data protection directive. This investigation has been kept secret by the UK authorities, that have concluded through the Ministry of Justice that UK “has implemented the Directive fully.”

More: http://www.edri.org/edrigram/number5.19/uk-data-protection

Source: http://www.edri.org/

15 November 2007 – The Days of the Austrian DPA are Numbered

The lack of adequate independence of the Austrian Data Protection Authority (Datenschutzkommission) is an issue the European Commission deals with since a complaint was filed by the data protection association Arge Daten back in October 2003.

In July 2005 the Commission started infringement procedures against Austria for a faulty implementation of Article 28 (1) second sentence of the data protection directive (95/46/EG) which requires that data protection authorities shall exercise their functions with complete independence. The Austrian Data Protection Commission is, in terms of organisation and staff, integrated in the Federal Chancellery.

More: http://www.edri.org/edrigram/number5.19/austrian-dpa

Source: http://www.edri.org/

15 November 2007 – French ISPs Agree to Spy on Internet Users to Stop Online Piracy

The Association of the French ISPs (AFA) agreed to propose concrete solutions to stop illegal downloading, following the discussion on 3 October 2007 with the Commission fighting Internet piracy led by Denis Olivennes. The solutions included the introduction of a system to detect the Internet users that illegally post copyrighted contents on the Internet.

On 5 September 2007, this French Commission received its formal mission from the French government to find ways of combating illegal downloads on the Internet and thus support the legal cinema and music offer. By taking the decision to create this mission, the French government wanted to show its determination to take initiatives against online piracy and support the cultural industry. “The idea that everything is possible must come to an end. We cannot let the idea that culture must be free of charge and that creation (…) has no price, therefore no value” stated Christine Albanel, Minister of Culture. On that occasion she also suggested to offer Internet users an alternative like that of the offer of limited music downloading made by Neuf Cegetel in partnership with Universal. Denis Olivennes, President-Director General of FNAC, the largest French retailer of cultural and consumer electronics products, was appointed president of this Commission (called Olivennes mission).

More: http://www.edri.org/edrigram/number5.19/french-isp-piracy

Source: http://www.edri.org/

15 November 2007 – SWIFT to Stop Processing EU Banking Data in the US

Payments processing body SWIFT will stop processing European banking transactions in the US in 2009. It is planning a restructuring of its network and the building of a new operations centre in Switzerland.

SWIFT has been heavily criticised for allowing US authorities access to records of banking transactions involving European citizens. It was revealed by The New York Times last year that US intelligence agencies were allowed to view Europeans’ transactions. SWIFT argued that it was obliged to comply with US orders because it carried out hosting and processing of information in the US. European data protection officials have condemned the release of the information. European, Swiss, and Belgian data protection authorities all ruled that SWIFT had broken data protection laws in supplying the information without informing bank customers of the US surveillance.

More: http://www.theregister.co.uk/2007/10/15/swift_processing_halt/

Source: http://www.theregister.co.uk/

13 November 2007 – Governor Kills California Data Protection Law

Schwarzenegger claims the proposed data breach security law would have driven up costs for small businesses.

California Gov. Arnold Schwarzenegger on Oct. 13 vetoed — and effectively killed — one of the nation’s most stringent proposed e-tail data breach security laws, saying that the bill would have “driven up the costs of compliance, particularly for small businesses.” The proposed California law — AB 779 — would have required retailers to protect data in a manner more demanding than the current PCI DSS (Payment Card Industry Data Security Standard) requires.

More: http://www.eweek.com/article2/0,1895,2197107,00.asp

Source: http://www.eweek.com/

13 November 2007 – California Bans Forced RFID Implants For Humans

A California state senator criticized the RFID industry for being AWOL on the issue and says it should have supported the legislation.

California has enacted a law banning mandatory RFID implants for people. The bill, signed by Gov. Arnold Schwarzenegger, prohibits employers and others from requiring people to get radio frequency identification tags. It takes effect in January. Wisconsin and North Dakota also have banned forced RFID implantation in humans. “RFID technology is not in and of itself the issue,” said California Sen. Joe Simitian, who introduced the bill. “RFID is a minor miracle, with all sorts of good uses. But we cannot and should not condone forced ‘tagging’ of humans. It’s the ultimate invasion of privacy.” In a statement, Simitian criticized the RFID industry, saying it should have supported the bill on the basis of “enlightened self-interest” and that its silence on the issue is “unforgettable and regrettable.”

More: http://www.informationweek.com/industries/showArticle.jhtml?articleID=202402856

Source: http://www.informationweek.com/

13 November 2007 – Security Flap as Finnish Password Hashes Posted Online

Hacking pranksters have caused a rumpus in Finland by posting the account and login details of thousands online.

The information – usernames, email addresses, some passwords and many more uncracked password hashes of almost 79,000 user accounts – are largely from different Finnish web forums. By itself that’s bad enough, but the possibility that many on the list use the same password for more sensitive online banking accounts and the like creates an even more significant security risk. Matching the hashes corresponding to weaker passwords on list to their plain text values is straightforward enough using password dictionary tools and the like. So the 4.5MB list could serve up rich pickings for potential fraudsters. The motives for and methods used in the attack, much less its perps, remains unclear.

More: http://www.theregister.co.uk/2007/10/15/finnish_password_hash/

Source: http://www.theregister.co.uk/

13 November 2007 – Privacy Concerns Dog IT Efforts to Implement RFID

Privacy concerns related to the use of radio frequency identification technology are reaching new heights, as legislators increasingly look to restrict RFID deployments and corporate employees criticize efforts to use it in identification badges.

At the same time, champions of the technology contend that not enough is being done to promote the value of RFID. For example, they say, it can be used to track tainted foods or counterfeit drugs or to reduce inventory-tracking costs.

More: Privacy Concerns Dog IT Efforts to Implement RFID

Source: http://www.computerworld.com/

13 November 2007 – Virtual Security and Digital Panic

Many within Central and Eastern Europe are unaware that Big Brother has not only put on a three-piece suit, but has also gone digital.

At the end of September, thirty eight experts in computer security and data privacy issues from around the world converged on Budapest for the third annual ITBN. The ITBN, also known as the Information Technology Security Day, is an all-day conference devoted specifically to network security and data privacy issues. Although it’s still a relatively new event, the ITBN has become one of the most visible and well-known information technology events in Central and Eastern Europe. The original purpose of the ITBN is to draw the attention of the general public to security issues – even for those who are not immediately aware of them. It’s a forum geared for both business users and end users alike with experts exchanging their ideas on the latest technologies and methods to safeguard computer networks and data.

More: http://www.heise.de/tp/r4/artikel/26/26393/1.html

Source: http://www.heise.de/

12 November 2007 – Privacy, Security Depend on Program Managers, Experts Say

Program managers need to apply privacy and security best practices early when they plan systems if they want to manage risk effectively, said Robert Wright, principal at Merrill and former chief of the plans and program management unit in the FBI’s Cyber Division. Program management is about managing risk, he said.

To know what to implement, program managers should use as their reference guide laws such as the Privacy Act and requirements of the Office and Management and Budget that govern privacy and security, said Sally Wallace, associate deputy assistant secretary for privacy and records management at the Veterans Affairs Department.

More: http://www.fcw.com/online/news/150491-1.html

Source: http://www.fcw.com/

12 November 2007 – European Consumers Split on Data Privacy Issues

A gap has emerged between the views of consumers in the UK and continental Europe on data privacy and dependable IT, a new report suggests.

The research, published by Unisys, found that while 81 per cent of UK customers believe an organisation’s ability to secure their data is a key trust-building attribute, just 42 per cent of French, 40 per cent of Belgians and a third of German consumers have the same view. “This research illustrates that there is still a distinct lack of awareness among consumers in many European countries about the value of having their personal data protected,” said Rene Head, head of enterprise security in continental Europe at Unisys, in a statement. According to the report, three-quarters of British consumers believe dependable IT is fundamental in building their trust, compared with an average of 42 per cent of users in continental Europe.

More: European Consumers Split on Data Privacy Issues

Source: http://www.scmagazine.com/

12 November 2007 – Google’s Paltry Privacy Proposal

Google (GOOG) wants new, international standards for the way consumer information is collected and used. The Web search provider issued the call on its Web site on Sept. 14, arguing that the existing confusion of international privacy law hampers the growth of Internet companies and doesn’t really protect consumers.

Google hasn’t said much about its ultimate strategy, but what little is known merits closer examination. On one hand, Google’s call can be seen as shrewd, forward-thinking business planning. Google has no legal obligation (in the U.S. anyway) to do much of anything to protect user privacy. Yet it has been making efforts. The company voluntarily agreed to purge identifiable information from its databases after 18 months, for example.

More: http://www.businessweek.com/technology/content/oct2007/tc20071011_180811.htm

Source: http://www.businessweek.com/

12 November 2007 – New paper: Shamed and Able – How Firms Respond to Information Disclosure

As national governments lose the ability to regulate business activities, interest groups and concerned citizens are turning to private governance to monitor global supply chains, ensure product safety, and provide incentives for improved corporate environmental performance. Proponents hope that private governance incentives will encourage firms to act responsibly, but critics worry that these developments will merely forestall necessary government regulation. Social ratings provide one way to benchmark and compare firms’ social performance. But are such ratings schemes effective? This paper investigates the effects of third-party environmental ratings, and finds that firms are particularly likely to respond to such ratings by improving their environmental performance when two circumstances arise simultaneously: (1) when the ratings threaten their legitimacy, and (2) when they face relatively low cost improvement opportunities. Key concepts include: Ratings provided by nongovernment organizations will be more influential on firm behavior if they do 2 things: highlight poor social issue management and performance while at the same time help firms identify low-cost improvement opportunities. The role of third-party monitoring will be increasingly important as private governance replaces government regulations around the world.

More: http://hbswk.hbs.edu/item/5793.html

Source: http://hbswk.hbs.edu/

12 November 2007 – The German Supreme Court Is Skeptical About Covert Online Searches

After the _hearing_ pertaining to the Constitutional Protection Act from the state of North Rhine/Westphalia (NRW), experts do not believe that the controversial regulation, which would allow IT systems to be searched online, stands much of a chance.

In a number of critical questions, the Court’s First Chamber indicated to the government of NRW that its Act was not clearly formulated, thus violating the requirement that regulations be clear. The Court’s president Hans-Jürgen Papier also announced that a ruling would be handed down on the general constitutionality of covert online searches “far beyond” the current NRW case. He said that “basic issues of liberty and security” have to be weighed off against each other in light of the changing nature of recent terrorist threats.

More: http://www.heise.de/english/newsticker/news/97237

Source: http://www.heise.de/english/

8 November 2007 – Protecting Your Kids on the Internet

With the explosion of text messaging, instant messaging, social networking sites and other technologies, many parents have resigned themselves to their kids’ high-tech habits. But all hope isn’t lost for those who want to protect their kids from online threats.

Join Kojo for a Tech Tuesday look at how and when to monitor your kids on the web.

More: http://wamu.org/programs/kn/07/10/09.php#17945

Source: http://wamu.org/programs/

8 November 2007 – Biometrics wing their way into Gatwick

Gatwick airport is the latest UK airport to trial biometric fingerprinting technology to boost immigration security.

The BioDev pilot has been running in the airport’s North Terminal since 18 September and is due to end in April next year. At present only arrivals from Sierra Leone who have been issued with biometric visas in the capital Freetown will be included in the trial.

More: http://www.silicon.com/publicsector/0,3800010403,39168746,00.htm

Source: http://www.silicon.com/

8 November 2007 – Ontario’s privacy commissioner to geeks: design for privacy

Here’s a one-hour video of a magnificent lecture from Ontario’s Information and Privacy Commissioner, Dr Ann Cavoukian, to the University of Waterloo’s Computer Science Club. The talk is called “Privacy by Design,” and it charges technologists to build tools that minimize the collection and retention of personally identifying information, and to consider a complete, end-to-end, comprehensive framework for protecting user privacy.

As Mitch Kapor said when he founded EFF, “architecture is politics” — when you design tools that have wiretappable elements, you invite wiretapping. When you design tools that retain user data, you invite identity thieves and overreaching subpoenas.

More: http://www.boingboing.net/2007/10/07/canadas-privacy-comm.html

Source: http://www.boingboing.net/

8 November 2007 – Department of Homeland Security Tracks Travelers’ Reading Habits

The Department of Homeland Security’s files on travelers include data on their race, religion, personal items they carry (including their books), and with whom they stay or travel, according to documents disclosed to the Identity Project pursuant to a Freedom of Information Act request.

These detailed files are created under the Automated Targeting System, which creates secret, terrorist “risk assessments” on tens of millions of U.S. citizens and foreign visitors and keeps the data for 15 years. Last month, in comments to DHS, EPIC detailed significant security and privacy problems in ATS, and urged the agency to either suspend the system or to fully apply all Privacy Act safeguards to any individual subject to ATS.

More: http://www.epic.org/alert/EPIC_Alert_14.20.html

Source: http://www.epic.org/

8 November 2007 – DHS Satellite Surveillance Program May Be Put On Hold

Democratic members of the Homeland Security Committee asked the House Appropriations Subcommittee on Homeland Security to withhold funding for domestic satellite surveillance programs.

The National Applications Office, a new DHS component, plans to share intelligence satellite imagery inside the United States with non-intelligence state, local and federal agencies. Democrats urged that funding be withheld until written legal procedures for protecting privacy and civil liberties were prepared.

More: http://www.epic.org/alert/EPIC_Alert_14.20.html

Source: http://www.epic.org/

7 November 2007 – EPIC Spotlight: Secure Flight Should Remain Grounded

EPIC’s Spotlight on Surveillance project is scrutinizing the Secure Flight traveler prescreening program run by the Department of Homeland Security’s Transportation Security Administration. Spotlight details the problems in the system; these issues are also discussed in recent comments EPIC submitted to DHS about Secure Flight’s proposed rulemaking.

The Department of Homeland Security’s Fiscal Year 2008 budget request is an 8 percent increase over last year’s request. Included in the $46.4 billion proposed budget for the agency is $38 million designated for Secure Flight, on top of the $144 million that has been spent on the program. Introduced in 2004, the Secure Flight has been roundly criticized.

More: http://www.epic.org/alert/EPIC_Alert_14.20.html

Source: http://www.epic.org/

7 November 2007 – Release of Privacy and Human Rights Report

The Electronic Privacy Information Center (EPIC) and Privacy International released the 9th “Privacy and Human Rights” report last week at the International Conference of Data Protection and Privacy Commissioners in Montreal. “Privacy and Human Rights: an international survey of privacy laws and developments” provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. It singles out a number of global trends, such as expansion of identification technologies, new data retention schemes, and intensified international data transfers, among others.

According to EPIC’s Executive Director, Marc Rotenberg, “the report makes clear that what is needed today is the enforcement of privacy rights as fundamental human rights and not ever-weaker policy frameworks that allow governments and businesses to do whatever they wish with the personal information of individuals.”

More: http://www.epic.org/alert/EPIC_Alert_14.20.html

Source: http://www.epic.org/

7 November 2007 – EPIC to Senate: Impose Privacy Standards in Proposed Google Deal

In testimony before the Senate Judiciary Committee on September 27 about the pending Google-DoubleClick merger, EPIC Executive Director Marc Rotenberg said that the Federal Trade Commission should establish privacy safeguards as a condition of the merger. EPIC filed a complaint before the Commission in April regarding the merger, similar to other complaints filed by EPIC in the DoubleClick-Abacus merger, the Microsoft Passport matter, and Choicepoint. Since the filing of the EPIC complaint, competition authorities around the world have opened investigations.

At the hearing, entitled, “An Examination of the Google-DoubleClick Merger and the Online Advertising Industry: What Are the Risks for Competition and Privacy?,” Senator Herb Kohl agreed that privacy is an integral part of the antitrust review. “Some commentators believe that antitrust policymakers should not be concerned with these fundamental issues of privacy, and merely be content to limit their review to traditional questions of effects on advertising rates. We disagree,” Sen. Kohl said. “The antitrust laws were written more than a century ago out of a concern with the effects of undue concentrations of economic power for our society as a whole, and not just merely their effects on consumers’ pocketbooks. No one concerned with antitrust policy should stand idly by if industry consolidation jeopardizes the vital privacy interests of our citizens so essential to our democracy.”

More: http://www.epic.org/alert/EPIC_Alert_14.20.html

Source: http://www.epic.org/

7 November 2007 – Technology’s Challenge to Privacy

Every autumn the privacy world gather for the most important global privacy conference on the calendar. The International Data Protection and Privacy Commissioner’s conference brings together hundreds of privacy commissioners, government regulators, business leaders, and privacy advocates who spend three days grappling with emerging issues.

The theme of this year’s conference, held in Montreal, Canada, was “Terra Incognita,” a reference to the unknown lands that typify the fear of the unknown in a world of rapidly changing technologies that challenge the core principles of privacy protection.

More: http://news.bbc.co.uk/1/hi/technology/7026641.stm

Source: http://news.bbc.co.uk/

7 November 2007 – Facebook Privacy Settings Putting Users At Risk

A security company is urging Facebook to tighten its default privacy settings after a study showed that a large majority of users are offering up far too much personal information to keep them safe from cybercriminals.

Sophos researchers reported their recommendations Tuesday after they took a random snapshot of 200 users in the London Facebook network, which is the single largest geographic network on the site, with more than 1.2 million members. They said they found that 75% of the social network’s users allow their profiles to be viewed by any other member, regardless of whether or not they have agreed to be “friends” It’s not just a concern for individual users, either. Sophos researchers noted that 25% of Facebook users revealed information relating to their work on their profiles, offering up details that could be used by cybercriminals to commit corporate ID fraud or infiltrate company networks.

More: http://www.informationweek.com/industries/showArticle.jhtml?articleID=202200395

Source: http://www.informationweek.com/

6 November 2007 – Goldsmith Testimony on the Secret Warrantless Surveillance Program

The Associated Press, the Washington Post and Wired’s Threat Level are reporting on testimony by Jack Goldsmith, former head of the Justice Department’s Office of Legal Counsel. Goldsmith testified that there were certain aspects of the warrantless surveillance program “that I could not find the legal support for,” describing the basis as “a legal mess … it was the biggest mess I encountered there.”

Jack Goldsmith is testifying at a hearing of the Senate Judiciary Committee, headed by Senator Patrick Leahy. Leahy has been trying to investigate the warrantless surveillance program for months, but isn’t getting anywhere working with the administration directly.

More: Goldsmith Testimony on the Secret Warrantless Surveillance Program

Source: http://www.eff.org/

6 November 2007 – Commentary: Reviving Privacy

Is there a revival of interest among Americans in protecting personal privacy? I believe that there is, and you can see the signs everywhere.

This comes at a time when the President has nominated for attorney general a judge who seems to think that civil liberties protections can be ignored in difficult times, when we are rushing towards a de facto national ID card required of all Americans, and when the Bush administration continues to assert unprecedented claims to conduct secret collections of personal information and to monitor electronic communications with total disregard for existing laws.

More: Commentary: Reviving Privacy

Source: http://www.forbes.com/

6 November 2007 – Local Court in Berlin Prohibits Retention of Personal Data

In a ruling, dated March 27, 2007, which has only now been published and is likely to have legal ramifications, the local court of the Berlin district of Mitte has barred the Federal Ministry of Justice from retaining personal data acquired via its website beyond the periods associated with the specific instances of use of the site.

Thus IP addresses in particular may no longer be filed away. Given these Web markers “it is even today possible in most cases, without any elaborate effort being required, to identify Internet users by merging personal data with the help of third parties,” the judges declared. The local court also opposed the view espoused by operators and some data privacy watchdogs that security reasons justify a recording regime that over short periods of time maps the behavior of all Net users and allows individual users to be picked out.

More: http://www.heise.de/english/newsticker/news/96861

Source: http://www.heise.de/english/

6 November 2007 – Canada to Criminalize Identity Theft

The Canadian government plans to criminalize identity theft to give police the ability to stop such activity before any fraud has actually been carried out, Justice Minister Rob Nicholson said on Tuesday.

He said he would introduce legislation targeting the actual gathering and trafficking in credit card, banking and other personal data for the purposes of using it deceptively. Identity fraud is already a crime in Canada, but gathering and trafficking in identity information generally is not. “Our government will be giving police the tools to better protect Canadians by stopping identity theft activity before the damage is done,” Nicholson said in a statement.

More: http://www.reuters.com/article/companyNewsAndPR/idUSN0243272620071002

Source: http://www.reuters.com/

6 November 2007 – Commentary: Plan a ‘privacy week’

Employee education must be part of every agency’s privacy and information security program. So, how do you craft a privacy program that effectively educates your agency’s work force from the chief executive to interns?

Annual computer security and privacy awareness training for all employees is a good start, but it is just the beginning. Planning an agencywide “privacy week” or similar event is an excellent way to put privacy center stage and demonstrate your agency’s commitment to building a culture of privacy and security. The theme for the Federal Trade Commission’s privacy week held this past March was “Info — Handle With Care.” Your privacy week can include events such as educational seminars on compliance issues, training sessions on technology resources that protect sensitive information, or an all-day privacy fair. Thought-provoking or “catchy” posters in high-traffic areas, brochures and contests and prizes help to generate enthusiasm for the week’s activities and to communicate the message. Finally, to reinforce your agency’s commitment — in terms of resource investment and leadership buy-in — have your agency head host an event or deliver a speech explaining why privacy and security are important.

More: http://federaltimes.com/index.php?S=3077070

Source: http://federaltimes.com/

2 November 2007 – Google Looking at Privacy Protections for Users

Google Inc. the world’s Web search leader, told U.S. Senate lawmakers yesterday that the company is pursuing new technologies to protect the privacy of Internet users as it seeks to acquire advertising company DoubleClick Inc. (see “Congress to scrutinize Google-DoubleClick acquisition”).

Google’s chief legal officer, David Drummond, testified that the company is looking at the Internet display advertising business with a “fresh eye and evaluating whether changes can be made to innovate on user privacy in this space.” Critics say Google’s $3.1 billion acquisition of DoubleClick, an advertising tools supplier, may give the company too much power over online advertising. Google stores mounds of data on Internet-surfing habits of users and uses the information to make money by selling advertisements.

More: Google Looking at Privacy Protections for Users

Source: http://www.computerworld.com/

2 November 2007 – IBM Software Aids in Vast Surveillance of Chicago Streets

The City of Chicago is developing a futuristic video surveillance system designed to scan city streets looking for everything from bombs to traffic jams.

For the past few years Chicago has been rolling out thousands of video surveillance cameras linked by fiber-optic cables. This Operation Virtual Shield system is intended to give the city’s emergency response coordination agency the ability to remotely keep track of emergencies in real time. Now, with the help of IBM Corp., Chicago’s Office of Emergency Management and Communications (OEMC) is looking to expand the system’s capabilities so that IBM’s software can analyze the thousands of hours of video being recorded by Operation Virtual Shield.

More: IBM Software Aids in Vast Surveillance of Chicago Streets

Source: http://www.computerworld.com/

2 November 2007 – Learning to Live with Big Brother

It used to be easy to tell whether you were in a free country or a dictatorship. In an old-time police state, the goons are everywhere, both in person and through a web of informers that penetrates every workplace, community and family. They glean whatever they can about your political views, if you are careless enough to express them in public, and your personal foibles.

What they fail to pick up in the café or canteen, they learn by reading your letters or tapping your phone. The knowledge thus amassed is then stored on millions of yellowing pieces of paper, typed or handwritten; from an old-time dictator’s viewpoint, exclusive access to these files is at least as powerful an instrument of fear as any torture chamber. Only when a regime falls will the files either be destroyed, or thrown open so people can see which of their friends was an informer.

More: http://economist.com/world/international/displaystory.cfm?story_id=9867324

Source: http://www.economist.com/

2 November 2007 – Google-DoubleClick Debate Raises Broader Issues

The debate over the pending merger between Google and Internet advertising giant DoubleClick raises a host of broader questions about the online advertising industry at large and the structures that are in place to protect Internet users’ privacy.

In a statement to the Senate panel that is holding a hearing about the merger today, CDT identifies how the evolution of the Internet advertising marketplace has outpaced the industry self-regulatory effort intended to mitigate privacy intrusions. The statement highlights how new approaches, and a new national consumer privacy law, are needed to ensure that consumers are adequately protected.

More: http://www.cdt.org/headlines/1047

Source: http://www.cdt.org/

2 November 2007 – “Secure Flight” Returns, Lacking Privacy Protections

I’m currently tapping into my laptop a few feet away from Michael Chertoff, Secretary of the US Department of Homeland Security. He is giving the keynote at Terra Incognita: the annual conference of Data Protection and Privacy Commissioners, here in Montreal.

His audience has him on the defensive. In the room are the European data protection registrars, the government officials who protested strongly against his department’s recent agreement with the EU, which hands over their citizens’ passenger name records (PNRs) to the United States government with little oversight. To protect himself from their threatening demeanours, Chertoff has some fine phrases. He spoke on how the DHS “defends all of [the United States'] values, including privacy,” and how he personally seeks to ensure his department “rigorously adheres to the laws pertaining to privacy.” And he noted that his department has released large number of privacy-related notes for public examination.

More: “Secure Flight” Returns, Lacking Privacy Protections

Source: http://www.eff.org/

29 October 2007 – Human Rights in the Information Society – Rediscover the Proportionality

On 13-14 September 2007 the French Commission for UNESCO, UNESCO and the Council of Europe organised the conference “Ethics and Human Rights in the Information Society” in Strasbourg, to which EDRi was invited to contribute.

This conference was the third in a cycle of regional conferences on the ethical dimensions of the information society, which aims to contribute to the WSIS process and the Internet Governance Forum (IGF). The first two regional conferences took place in Latin-America and Africa. While the Latin-American conference contributed to the exchange of views in the region, the African conference was suffering from a lack of participation of local stakeholders. There, mainly African expatriots from the USA and Europe and representatives of South Africa were present. At the conference in Strasbourg some estimated fifty participants were present. With equality of access, freedom of expression, identity and social networks and security and governance, the presentations and discussions covered the topics of the four round table sessions on a rather global level, while the draft code of ethics presented by the organisers was hardly discussed.

More: http://www.edri.org/edrigram/number5.18

Source: http://www.edri.org/

29 October 2007 – Surveillance Law Must Protect Privacy and Security

Congress can enact legislation that meets the needs of intelligence agencies for defending national security, while still protecting the fundamental privacy rights of innocent Americans, CDT Policy Director Jim Dempsey told the Senate Judiciary Committee today.

In his second congressional testimony in as many weeks, Dempsey identified a balanced approach that Congress could use to replace the overreaching Protect America Act, which was adopted last month and expires next year. Dempsey testified last week before the House Intelligence Committee on the same issue. CDT also last week issued memo addressing the poorly understood concept of “minimization” in the surveillance context.

More: http://www.cdt.org/headlines/1045

Source: http://www.cdt.org/