20 May 2008 – ‘My heart fills. I’m so proud’

With at least one poll putting the Tories ahead, the fight for Crewe and Nantwich has got dirty. Labour activists have criticised a leaflet put out by their own party which shows a picture of Timpson and the statement: “Do you oppose making foreign nationals carry an ID card?”

Foreign nationals will receive ID cards this year and British citizens next year but the leaflet has been condemned for its far-right tone and suggestion the Tories are “soft” on immigrants. Is it a sign of the increasingly partisan campaign or desperation that Tamsin is unrepentant? “I don’t think it sounds BNPish,” she says. “I’m not apologising for the tone of it. Do the Tories support or oppose it? It’s time they came clean – what policies have we had out of the boy’s [Timpson's] mouth?”

More: ‘My heart fills. I’m so proud’

Source: http://www.guardian.co.uk/

20 May 2008 – We’ll Be Able to Sign Up for ID Cards at Tesco

Almost imperceptibly, the security architecture originally built around the ID card project has been dismantled.

When it was proposed in 2002, the intention was to establish a bespoke database. David Blunkett, then Home Secretary, said: “We’ve got to build a clean identity database from scratch. We can’t use the National Insurance numbers, as there are 20 million more National Insurance numbers than there are people in the country.”

But this idea was abandoned. Instead, biometrics will be stored on an existing system in the Home Office used for asylum seekers, biographical information will be held on a National Insurance database in the Department for Work and Pensions and a third database at the Identity and Passport Service (IPS) will hold administrative details related to the issue and use of the ID cards.

It was also envisaged that everyone would have to give an iris print, which is the most secure biometric with a far lower chance of false readings than fingerprints. Last year, however, the Identity and Passport Agency said it would proceed only with fingerprints, which are far cheaper to capture.

Still, at least these fingerprints would be taken in the secure and official environs of a government passport office, one of 70 being set up for this purpose. But when it became clear that far more than 70 offices would be needed to enrol 60 million people on to a database, and it would be costly, this changed as well. Hence the announcement that private contractors will be asked to bid for the work.

Does any of this sound secure to you? It seems to defeat the purpose of the whole exercise, which is to protect identities, capture terrorists, bear down on benefit fraud and stop illegal immigration. But of course none of these will be ameliorated by the possession of an ID card, which nobody will be required to carry with them.

As one perplexed campaigner said after the publication of the new costings: “The Government now appears to have junked the primary pretext for the scheme. So what is it for?”

More: We’ll Be Able to Sign Up for ID Cards at Tesco

Source: http://www.telegraph.co.uk/

20 May 2008 – ID Cards Scheme ‘Is Open to Fraud’

A government-appointed panel of experts is warning that the new ID cards system will be open to fraud by the people running it.

In a potentially damaging revelation, which undermines claims that the scheme will enhance national security, the group has concluded that it will be prone to corruption.

A new report by the Independent Scheme Assurance Panel (Isap), set up to advise the government on the implementation of ID cards, states: ‘Based on the likelihood that the scheme will aggregate a lot of valuable data, there is the risk that its trusted administrators will make improper use of this data.’ It adds: ‘The scheme will be subject to data errors and errors in decisions made.’

The acknowledgements come as the government has admitted it is to contract out the taking of fingerprints and photographs of ID card applicants to the private sector to save money.

The news has alarmed opponents of the scheme, who say this will increase the risk that the data of individuals will be illegally shared with third parties. ‘By cutting costs and cutting corners, the Home Office has fundamentally undermined the integrity of the scheme,’ said Phil Booth, spokesman for the campaign group, No2ID.

More: ID Cards Scheme ‘Is Open to Fraud’

Source: http://www.guardian.co.uk/

20 May 2008 – Apparatchiks Seek to Cut Costs of UK ID Scheme

Following years of criticism that the ID scheme will amount to nothing more than an expensive bodge, the Identity and Passport service said it has slashed the cost by nearly a £1 billion.

But opponents say it has cut corners to cut costs and British citizens will suffer the consequences, while the Home Office has had to create a rush job mini-ID scheme to meet its own 2009 deadline.

The IPS said today that its cost estimate for giving ID cards to every UK national and running the system for 10 years had been cut from £5.43 million to £4.56 million.

It had done this, it said in its quarterly ID costs report, by deciding to leave the “open market” to capture citizens’ biometrics, effectively outsourcing the cost of enrolling people onto the ID scheme.

More: Apparatchiks Seek to Cut Costs of UK ID Scheme

Source: http://www.theinquirer.net/

20 May 2008 – ID Cards? Government Can’t Be Trusted With Our Personal Information

We have seen only recently just how incompetent the Government is at keeping our personal information secure. Last year, HM Revenue and Customs lost computer discs containing the personal information of about 25 million people, including their bank account details and National Insurance numbers.

This is on top of the DVLA in Northern Ireland losing the personal details of 6000 people and the loss of details of three million theory test candidates.

It is estimated that the market value of these “identities” lost by HMRC was around £1.5 billion, making this a golden opportunity for fraudsters. It serves as a clear demonstration of the dangers of large databases, and the problems with securing personal details, even with “trusted” organisations.

The danger of databases increases with every increase in the amount of data they hold. A comprehensive national identity database, holding 50 pieces of personal information about every person in the UK, would be the most dangerous database of all. Yet the Government are still determined to press ahead with this scheme.

More: ID Cards? Government Can’t Be Trusted With Our Personal Information

Source: http://news.scotsman.com/

19 May 2008 – Nonsensical Excuses for Labour Failure

The second, barely acknowledged, cause of rejection is the growing and palpable concern at the continued erosion of civil liberty. Populist attacks on civil liberties have long been the stock-in-trade of New Labour and it was an essential ingredient of the project to outflank and ambush the Tories on law and order.

At first this may have worked, but it has produced a growing sense of alarm which has finally found expression. This alarm is now fuelled by the (albeit unjust) perception of the Prime Minister as a gloomy authoritarian who tolerates no dissent.

So to the second apologia: “I will listen and learn”. If this is serious then I propose the following political week for the Prime Minister, which will bring about a dramatic revival in Labour’s fortunes.

Monday: announce an immediate programme to return power and responsibility in public services to the excellent professionals who operate within them with an associated substantial reduction in targets and other official impertinence.

Tuesday: termination of the identity card programme, with the billions saved to be spent on the alleviation of poverty, sensibly increased security intelligence and improved conditions for service personnel injured in conflict.

More: Nonsensical Excuses for Labour Failure

Source: http://www.telegraph.co.uk/

19 May 2008 – Disappointed? I am angry! Let’s show some conviction

So what can be done to reignite Labour Party members and avoid self-combustion? We need to be talking of positive policies which improve people’s lives and will show Labour at its best. We have been in power for 10 years and it’s time to take stock. We must look at which policies have worked and which have not; we must look at what the public wants. We must move on from Blairite policies on ID cards, Trident missiles and futile wars with astronomical costs. The need for affordable housing and a national council house building programme remains. We must be seen to be “moving forward” on issues like carbon neutral housing, flooding, cliff erosion and seabed change. These are problems we encounter with constituents week in and week out.

More: Disappointed? I am angry! Let’s show some conviction

Source: http://www.independent.co.uk/

19 May 2008 – Big Brother is Filling Up Your Car

“Mike Byrne is concerned that he might one day have to present his ID card when buying petrol. He need not worry – this is not necessary. At Birchhanger Green services on the M11 I recently observed a notice that all registration numbers are checked against the Police National Computer (PNC) before the pump is enabled – and that this information will be retained.”

Turns out that the systems examine a vehicle’s licence plate against the PNC WITHOUT giving the cashier, or the petrol company, access to the database.

The driver is then cleared or flagged, and the cashier has the option to enable the pump. The whole process takes a matter of seconds.

Interestingly, it seems that should a car do a runner, the cashier then has the option of adding the record to a police database.

So although Shell / Esso / BP employees cannot access the database, they can add records to it by flagging cars that have done a runner.

More: Big Brother is Filling Up Your Car

Source: http://newsdesk.computing.co.uk/

19 May 2008 – Labour Revolt over ID Cards

Campaigners fighting the Government’s plans for ID cards are claiming a victory after four Labour candidates seeking election to Oxford City Council on Thursday opposed the scheme.

And today, city councillor and Lord Mayor John Tanner, who is seeking re-election in his Littlemore seat, told Oxford campaign group NO2ID he also did not support the Government’s proposals.

NO2ID contacted each of the 101 candidates fighting for election to half the city council’s 48 seats to find out where they stood on the controversial issue.

NO2ID chairman Chris Rimmer, from Kennington, said although the scheme was a national one, it seemed likely local authorities would end up footing much of the bill.

He said candidates from the Conservative Party, Liberal Democrats and Green Party opposed the scheme, but five Labour candidates also said they were against the idea of a compulsory ID card system.

Mr Rimmer said: “When we carried out a similar exercise at the last local elections, there was a deafening silence from Labour candidates.

“This time it appears they have seen how unpopular the policy is and are not afraid to declare themselves against it.

“With even grass-roots Labour activists turning against it, surely now the time has come for Gordon Brown to scrap this highly intrusive, expensive and potentially damaging scheme.”

More: Labour Revolt over ID Cards

Source: http://www.oxfordmail.net/

19 May 2008 – Time to Bite the Ballot

One temptation the government must resist is to respond to demands for greater ballot security by waving the national identity card in our faces. Sadly, I would not be at all surprised if the government were to insist that, in future, voters will have to produce their “voluntary” identity cards at the polling station.

Yet, as Wilks-Heeg points out, the system works perfectly well in Northern Ireland by allowing people to use any form of photo ID. Most use their driver’s licence or passport, while there is the option of applying for a basic photographic identity card specifically for voting purposes. Such a scheme can be introduced inexpensively and quickly. By contrast, the national identity card is now due to take more than a decade to roll out across the country – and that is assuming no future government scraps the scheme. We need action now.

More: Time to Bite the Ballot

Source: http://commentisfree.guardian.co.uk/

28 April 2008 – LSE Ignites Privacy Settings Project

The London School of Economics (LSE) is undertaking an identity management project to examine how 10,000 staff and students manage their privacy.

The £500,000 Flame project will give LSE students and staff access to external online learning services with access privileges correlated to the amount of private information users are willing to divulge.

More: LSE Ignites Privacy Settings Project

Source: http://www.computing.co.uk/

28 April 2008 – Face Scans for Air Passengers to Begin in UK This Summer

Airline passengers are to be screened with facial recognition technology rather than checks by passport officers, in an attempt to improve security and ease congestion, the Guardian can reveal.

From summer, unmanned clearance gates will be phased in to scan passengers’ faces and match the image to the record on the computer chip in their biometric passports.

Border security officials believe the machines can do a better job than humans of screening passports and preventing identity fraud. The pilot project will be open to UK and EU citizens holding new biometric passports.

More: http://www.guardian.co.uk/business/2008/apr/25/theairlineindustry.transport?gusrc=rss&feed=travel

Source: http://www.guardian.co.uk/

28 April 2008 – Civil Service Workers to Fight Glasgow Redundancies

The PCS civil service workers’ union has pledged to combat any plans for compulsory redundancies in the Glasgow Identity and Passport Service (IPS).

Management has announced that it wants to axe 100 jobs from the department’s Cowcaddens site.

Paul McGoay, the PCS IPS group president, told Socialist Worker, “A 90-day consultation period about the job losses is now taking place, but we could be faced with compulsory redundancies.

“This is down to the treasury making every civil service department carry out ‘efficiencies’. It is also to do with the fact that the IPS has been tasked with producing ID cards, and we need to make more ‘efficiencies’ to pay for them.

More: Civil Service Workers to Fight Glasgow Redundancies

Source: http://www.socialistworker.co.uk/

28 April 2008 – Infuriated by Incapability Gordon Brown

Gordon Brown’s failure to define what he stands for is provoking despair even among his loyal supporters, reports John Kampfner.

Four years ago, as Tony Blair was hanging on to his premiership by his fingertips, I wrote a piece suggesting that perhaps, after all, Gordon Brown might not have what it takes to become prime minister. I used the word, much used by Margaret Thatcher to disparage her opponents – “frit”, or cowardice.

More: Infuriated by Incapability Gordon Brown

Source: http://www.telegraph.co.uk/

18 April 2008 – ID Card Challenge Batted Back

Justice Stanley Burnton, the presiding judge, made an aside on the hopes of anti-ID card campaigners that the Gateway Reviews might prove damning to the programme as a whole.

“If there were a ’smoking gun’ in the reviews, the case for disclosure would, on one view, be considerably strengthened,” said Burnton.

“I have read both reviews. There is, in my view, no ’smoking gun’,” he said.

It stands to reason, he said, that if there had been a smoking gun, then the government wouldn’t have gone ahead with the ID Scheme in the first place, would it?

As Burnton isn’t an IT expert, we can probably reserve judgment on that argument until the reviews are published. It quite puts the whole question of this case for transparency in a logical deadlock: the whole thrust of the requests after all was the belief that the government pressed ahead with the scheme in total disregard of any amount of sensible advice that it shouldn’t. So yes, Burny, it well might.

More: ID Card Challenge Batted Back

Source: http://www.theinquirer.net/

18 April 2008 – The Minister, the Internet and the Phrase that ‘Disappeared’ From

One can readily understand why civil servants might have cringed at the phrase “hack-proof” and requested its removal; no database can ever be described as such. However, erasure of “not connected to the internet” is a far more serious matter. When the Identity Cards Bill was being debated by parliament, ministers routinely gave conflicting information about whether this supposedly secure database would be connected to the internet. At times, it was claimed that citizens would be able to check and update their details online. On other occasions, it was claimed that the database would be physically isolated. After wasting two years and many millions of pounds of our taxes, without even a single plastic card being issued, it seems the Home Office is still unsure about this basic question.

If the National Identity Register is not connected to the internet, it will not be able to fulfil any of the dreams of ministers. If it is connected to the internet, it will not be secure.

Perhaps Meg Hillier could consult her advisers and let us know which of these unsatisfactory options has been selected, or when a decision will be made.

More: The Minister, the Internet and the Phrase that ‘Disappeared’ From

Source: http://www.theherald.co.uk/

13 April 2008 – ID Cards Not So Hack-Proof

More confusion over the Government’s ill-fated ID card scheme after the Home Office minister Meg Hillier explained the system’s security measures to MPs in the wake of a string of Whitehall blunders.

She told the Home Affairs select committee: “The National Identity Register, essentially, will be a secure database… hack-proof, not connected to the internet… not be accessible online; any links with any other agency will be down encrypted links.”

By the time the transcript of Miss Hillier’s evidence was published, however, in the official Commons record, the words “hack-proof, not connected to the internet” had mysteriously been removed.

Did someone realise the claim was a hostage to fortune?

More: ID Cards Not So Hack-Proof

Source: http://www.telegraph.co.uk/

18 April 2008 – Judge Quashes Decision to Make Details of ID Card Scheme Public

A High Court judge yesterday quashed decisions to make public details of two early assessments of the government’s controversial ID cards scheme.

But Mr Justice Stanley Burnton said a different Information Tribunal should look again at the request under the Freedom of Information Act.

He said his ruling is not a judgment on whether the gateway reviews should or should not be disclosed and that would have to be determined by the tribunal.

More: Judge Quashes Decision to Make Details of ID Card Scheme Public

Source: http://www.theherald.co.uk/

18 April 2008 – High Price of Launching ID Cards as Consultants Cost Us £150m

Spending on consultants by the Home Office has rocketed by 2,000 per cent under Labour to almost £150m a year.

The total amount lavished on management consultants and other so-called experts over the past decade is £545m.

One of the major reasons for the expenditure is trying to get the controversial ID cards project of the ground.

The cash could otherwise have been spent putting 10,900 extra police on streets for a year.

Shadow Home Secretary David Davis, who unearthed the figures, said: “The Home Office has had its worst period in its 200-year history, stumbling from crisis to crisis.

More: High Price of Launching ID Cards as Consultants Cost Us £150m

Source: http://www.dailymail.co.uk/

10 April 2008 – One Lord Leaping On the Government’s IT Flaws

A programmer and system designer by trade, Lord Erroll is giving the government grief about cybercrime. Merlin, the Earl of Erroll, is the spokesman for the House of Lords Science and Technology Select Committee’s report on personal internet security.

The committee recommended in August last year that the Serious Organised Crime Agency should develop a unified web-based reporting system for cybercrime. It also asked the government to look again at its decision that the public should report cybercrime to the banks and not the police. The Lords asked for a central cybercrime unit to handle low-level internet fraud. In essence, Erroll and his noble friends do not think the government and police take cybercrime seriously.

More: One Lord Leaping On the Government’s IT Flaws

Source: http://www.guardian.co.uk/

10 April 2008 – HSBC Loses Customer Data

HSBC has lost a disc containing details of 370,000 of its customers, in an incident which will raise further questions about firms’ data security policies.

The loss occurred four weeks ago when HSBC used the Royal Mail to transport its disc between the bank’s offices in Southampton and Folkestone, an HSBC spokesman told IT Week.

The disc was password protected and contained names, life insurance cover levels, dates of birth and whether or not a customer smokes, said HSBC in a statement. “There is nothing else that could in any way compromise a customer and there is no reason to suppose that the disk has fallen into the wrong hands. “

More: HSBC Loses Customer Data

Source: http://www.computing.co.uk/

10 April 2008 – Google Sued for Street View Privacy Invasion

A Pennsylvania couple are suing Google for posting pictures of their home on Google Street View.

The couple have filed a case claiming that one of Google’s vehicles which photographs urban areas using a digital camera mounted on the roof took the photos by driving up a road clearly marked ‘Private Property’.

“As residents living in a private road Plaintiffs had a reasonable expectation of privacy, as well as within their exclusive residence,” the filing reads.

“The invasion of Plaintiffs was substantial and highly offensive to a reasonable person. Revealing this information has caused Plaintiffs mental suffering and diminished the value of their property.”

More: Google Sued for Street View Privacy Invasion

Source: http://www.computing.co.uk/

10 April 2008 – Mayoral Debate Focuses on Crime

Three of the candidates for London’s Mayor have clashed over crime levels in the capital during a televised debate.

Ken Livingstone, the Labour incumbent, said the capital’s murder rate had decreased by 28% over five years.

Conservative Boris Johnson said he would get more police on the street by taking bureaucracy “off their backs”.

Lib Dem Brian Paddick, a former senior Met officer, said many members of the public “don’t trust the police enough to phone up, even anonymously”.

More: Mayoral Debate Focuses on Crime

Source: http://news.bbc.co.uk/

10 April 2008 – ID Card Rebels Offer £1,000 for Brown’s Fingerprints

Two of Britain’s leading civil liberties groups are to offer a £1,000 reward for the fingerprints of the Prime Minister or Home Secretary – a move that could leave both groups open to prosecution for incitement.

The anti-ID cards group No2ID and the campaign organisation Privacy International will this week take out spoof ‘Wanted’ posters in tube stations and pub lavatories offering the cash to anyone who can lawfully obtain either the fingerprints of Gordon Brown or Jacqui Smith. An initial print run of 10,000 has been commissioned.

The posters, resembling those issued by US sheriffs hunting outlaws in the Wild West, are backed by an internet campaign and accuse Brown and Smith of ‘identity theft’. They stipulate that ‘the fingerprint must be obtained lawfully and can be located on a beer glass, doorknob or any object with a hard surface. Corroborating evidence is required to ascertain the identity of these thieves.’ The £1,000 reward will then be paid to the charity of the ‘bounty hunter’s choice’, as the posters put it. The poster continues: ‘As fingerprint technology spreads, this government will essentially have back-door access to your computers, files, wallets and even cars and homes. We are offering this bounty to teach these individuals a lesson about personal information security.’

More: ID Card Rebels Offer £1,000 for Brown’s Fingerprints

Source: http://www.guardian.co.uk/

10 April 2008 – ID Group Calls for End to Card Plan

PROTESTERS in Cambridge are calling for a Government rethink on ID cards.

Members of the Cambridge No2ID organisation arrived to greet Meg Hillier, the Home Office minister in charge of the scheme, at the gates to Jesus College yesterday (Tuesday, 01 April).

She was in the city to meet Cambridge businesses and local officials to hear their views on the project.

Andrew Watson, No2ID campaigner, said: “We counted the number of people going in to meet the minister, and made it a sum total of 12.

“Considering we had 18 people outside, from all walks of life, from councillors, to businessmen, we outnumbered them despite only having 18 hours notice.”

More: ID Group Calls for End to Card Plan

Source: http://www.cambridge-news.co.uk/

1 April 2008 – Hackers Attack Euro 2008 Ticket Website

Don’t score an own goal, warns security firm.

Football fans were warned today to be careful when buying tickets online for the forthcoming Euro 2008 championships, after the discovery of malicious code on the website of a major European ticket resale company.

The site in question has a high search engine ranking and a presence among sponsored links, indicating that the hackers may have a huge pool of potential victims, according to SophosLabs.

Visitors attempting to purchase tickets through the site will be exposed to the malicious script which is embedded in some of the web pages.

This malware then attempts to download further attacks from another remote website.

More: Hackers Attack Euro 2008 Ticket Website

Source: http://www.computing.co.uk/

1 April 2008 – Google Gears Up to Offline Access

Google uses Gears extension to provide offline access to docs.

Google has delivered on its offline access to applications promise, providing users with the ability to edit and view spreadsheets and documents while offline.

Announcing the update Janani Ravi, Software Engineer, said, “As you’ll read on the Google Docs blog, starting today and over the coming weeks we’re rolling out offline editing access to word processing documents to Google Docs users. You no longer need an Internet connection when inspiration strikes. Whether you’re working on an airplane or in a cafe, you can automatically access all your docs on your own computer.”

More: Google Gears Up to Offline Access

Source: http://www.computing.co.uk/

1 April 2008 – IT Security Experts Lured To the Middle East

The region is poaching staff in a bid to become the world’s IT security centre.

Soaring salaries for IT security professionals are attracting experts to the Middle East, as the region aims to beome the world’s IT security centre.

Salaries will hit $15,000 (£7,600) a month during 2008, driving a massive global skills migration, according to research by supplier Oger Systems.

Wages in the Middle-East region are easily surpassing those in the West, said David Michaux, a divisional manager at Oger Systems.

More: IT Security Experts Lured To the Middle East

Source: http://www.computing.co.uk/

31 March 2008 – Whose Responsibility Is the Question of Identification Now?

With ID cards there are a number of legal questions that arise for a Scottish Government that may wish to oppose the introduction of such a scheme. The first is whether the Scottish Parliament is empowered to legislate in relation to ID cards. Although having such a power could not prevent Westminster from passing a UK-wide scheme, it could enable the Scottish Parliament to modify or even revoke that scheme at some future date.

The answer depends at least in part on whether it can be said the making of law on ID cards is “reserved” to Westminster. Needless to say, the Scotland Act 1998 is silent on the specific issue of an ID card scheme, so a more detailed analysis of that Act is necessary. Would an Act of Parliament about ID cards be an Act relating to the defence of the realm, data protection or the questions of nationality, immigration and the “issue of travel documents”? If so, it is pretty clear Westminster enjoys the exclusive right to legislate. If, however, an ID card scheme is not about immigration control and is instead characterised as being about access to public services – something successive Scottish administrations have rejected – then that would appear to be an area in which Holyrood could have a role.

More: Whose Responsibility Is the Question of Identification Now?

Source: http://news.scotsman.com/

31 March 2008 – Get Your German Interior Minister’s Fingerprint Here

A hacker club has published what it says is the fingerprint of Wolfgang Schauble, Germany’s interior minister and a staunch supporter of the collection of citizens’ unique physical characteristics as a means of preventing terrorism.

In the most recent issue of Die Datenschleuder, the Chaos Computer Club printed the image on a plastic foil that leaves fingerprints when it is pressed against biometric readers.

No-one from the Germany-based group has been able to test the foil to see if it can fool a computer into believing it came from Schauble. But the technique has been shown to work with a variety of other people’s prints on almost two-dozen readers, according to a colleague of the hacker who pulled off the demonstration.

“The whole research has always been inspired by showing how insecure biometrics are, especially a biometric that you leave all over the place,” said Karsten Nohl, a colleague of an amateur researcher going by the moniker Starbug, who engineered the hack. “It’s basically like leaving the password to your computer everywhere you go without you being able to control it anymore.”

More: Get Your German Interior Minister’s Fingerprint Here

Source: http://www.theregister.co.uk/

31 March 2008 – Unrecognised Irises

THE UK government remains hell-bent on introducing biometric identity cards. We have to wonder how many of the civil servants behind the scheme have tried using the iris-recognition technology the government introduced a year ago to make it quicker to get through passport control at UK airports and which Feedback reported on at the time (14 April 2007).

A colleague who regularly travels abroad has gamely persevered with the iris scheme. He leaves his friends waiting to show paper passports in the immigration line and joins the iris line. Then he enters a cubicle, looks into a camera and obeys synthesised voice instructions to stand further back, closer, to the left, to the right and so on.

The iris line is always short or empty because very few passengers now bother to try it. Most of those who do are routinely rejected. The camera and computer spend several minutes trying to recognise the traveller’s eyes before saying no. The reject then has to back out of the cubicle and return to the line to show paper.

More: Unrecognised Irises

Source: http://www.newscientist.com/

27 March 2008 – Awed Fraudsters Defeated by UK’s Passport Interviews

Interviews for first time passport applicants have been massively successful – because, er, no fraudulent applications at all have been detected since the government introduced the system last May. In answer to a Freedom of Information request, the Home Office said last week that 38,391 interviews had been held to date, 222 applications were currently under investigation, but that so far no application had been rejected.

More: Awed Fraudsters Defeated by UK’s Passport Interviews

Source: http://www.theregister.co.uk/

27 March 2008 – Heathrow Fingerprint Plan Challenged

Plans to fingerprint millions of passengers at Heathrow’s new fifth terminal could be illegal and have been challenged by the UK’s data protection watchdog.

The Information Commissioner’s Office warned airport operator BAA that the security measure, designed to stop terrorists getting into the country, may breach the Data Protection Act.

More: Heathrow Fingerprint Plan Challenged

Source: http://www.telegraph.co.uk/

27 March 2008 – Public Does Not Trust Government with Personal Data

Only one in 10 adults in the UK trusts the government with their personal data, an online survey reveals.

By contrast, the survey of over 1,000 people by IT security supplier Data Encryption Systems (DES) showed 74% were willing to share personal information with banks, employers and friends.

The level of trust in the government, at 10%, is just one percentage point higher than trust in online retailers.

DES managing director David Tomlinson said, “With the increasing dependence on IT and the rise of identity theft, data protection is no longer just a problem for the CIO, but something everyone has to consider.”

The survey found 41% were in favour of introducing ID cards in the UK, 40% were against, and 19% undecided.

More: Public Does Not Trust Government with Personal Data

Source: http://www.computerweekly.com/

27 March 2008 – Airport Workers’ ID Card ‘Insult’

Union leaders representing airport workers are to meet Home Office officials to express their concern at being among the first to have ID cards.

Steve Turner of the Unite union will say that his members oppose the plan.

Mr Turner says staff are already extensively vetted before being given airside passes.

The Home Office says that recording the fingerprints of staff will speed up the checking process and help maintain public confidence in airport security.

More: http://news.bbc.co.uk/1/hi/uk_politics/7301424.stm

Source: http://news.bbc.co.uk/

27 March 2008 – New Approach to ID Card Scheme

Technology is just one issue in the government’s overhaul of controversial identity plan.

James Hall is the chief executive of the Identity and Passport Service – the government department running the controversial £5.4bn national identity card scheme. He talked to Computing about the technology behind the latest developments in the scheme.

The Home Office has announced revised plans for ID cards, which aim to cut £1bn from the cost of the scheme. Where will these savings be made?

We made a decision that we will work with the private sector to collect fingerprints and biometrics from each citizen on our behalf, rather than ­ as previously assumed ­ doing that ourselves. It will work in the same way as having to pay to have your passport photograph taken today. We believe that several suppliers should emerge from that process and it will be considerably more convenient and cost effective.

We have also offered people a choice between having a passport and an ID card ­ rather than under the previous regime where you had to have both.

A significant number of people will have one or the other rather than both ­ this will cut our costs.

We have continued to look at the efficiency of operations and believe we can sharpen our pencils a bit more over this issue.

More: New Approach to ID Card Scheme

Source: http://www.computing.co.uk/

17 March 2008 – Private Enterprise Needs to Prepare to Profit from a National Identity Scheme

Sir – There have been claims that Sir James Crosby’s independent report for the Treasury on identity assurance (ie, the means of checking identity) undermines government plans for a national scheme. On close inspection, I find this puzzling.

The Crosby report states that significant economic and social advantage is available through “universal” identity-checking schemes, which are also designed to deliver strong national security benefits.

More: Private Enterprise Needs to Prepare to Profit from a National Identity Scheme

Source: http://www.telegraph.co.uk/

17 March 2008 – MI5 Seeks Powers to Trawl Records in New Terror Hunt

Millions of commuters could have their private movements around cities secretly monitored under new counter-terrorism powers being sought by the security services.

Records of journeys made by people using smart cards that allow 17 million Britons to travel by underground, bus and train with a single swipe at the ticket barrier are among a welter of private information held by the state to which MI5 and police counter-terrorism officers want access in order to help identify patterns of suspicious behaviour.

The request by the security services, described by shadow Home Secretary David Davis last night as ‘extraordinary’, forms part of a fierce Whitehall debate over how much access the state should have to people’s private lives in its efforts to combat terrorism.

More: http://www.guardian.co.uk/uk/2008/mar/16/uksecurity.terrorism

Source: http://www.guardian.co.uk/

17 March 2008 – Lax Standards’ on Data Security

The government has persistently failed to take data protection “sufficiently seriously,” the Joint Committee on Human Rights has warned.

Episodes such as the loss of child benefit discs containing 25m people’s details were “symptomatic of lax standards,” said MPs and peers.

The report said this did not “inspire confidence” in controversial plans for a National Identity Register.

More: http://news.bbc.co.uk/1/hi/uk_politics/7295467.stm

Source: http://news.bbc.co.uk/

17 March 2008 – ID Cards: The student Perspective

As the government revises its ID card timetable, students look likely to be one of the first groups in the roll-out.

But will they really be willing participants, as is the perceived wisdom? Here are the views of three students at Leeds University.

Katie Armitage, 20, is in her second year of a degree in History and History of Art and describes it as a good idea.

“I agree that students are a more willing group. I’ve got a student card, a passport and a driver’s licence, why shouldn’t I have an ID card?”

For Ms Armitage, another card would not be too much of a change and she believes, in using students, the government will actually be covering a wide cross section of society.

“The government can target different backgrounds – young, mature, different cultures and religions – they’re not just targeting the middle classes,” she said.

More: http://news.bbc.co.uk/1/hi/uk/7280971.stm

Source: http://news.bbc.co.uk/

14 March 2008 – Identity Scheme Still Popular, Says Survey

A new Home Office poll disagrees with earlier surveys which have shown opponents outweighing supporters.

Support for the national identity scheme remains stable, according to a survey of more than 2,000 people carried out for the Home Office by Taylor Nelson Sofres in February. The research, released on 6 March 2008, found that 59% of those questioned supported the scheme, while 23% did not. A similar survey by the firm in October last year found 59% in support, with 20% against.

However, a survey by ICM on 1,008 people, also carried out in February, found 50% in opposition with 47% in favour, using a question mentioning a likely price of £93 for a biometric passport. A poll by YouGov for the Daily Telegraph in December found 48% opposed the scheme and 43% in favour.

More: Identity Scheme Still Popular, Says Survey

Source: http://www.kablenet.com/

14 March 2008 – MPs Raise Fears over Data Protection for National ID Register

Committee highlights question marks over repeated breaches of data laws.

Repeated breaches of data protection laws by government departments raise huge question marks over plans for the national identity register required for ID cards and biometric passport, an influential parliamentary human rights watchdog has warned.

MPs and peers on the Lords and Commons Joint Committee on Human Rights said repeated losses of personal information by departments had increased their concern, and announced they ” intend to take a close interest in the government’s detailed proposals for the national identity register as and when they emerge.”

More: MPs Raise Fears over Data Protection for National ID Register

Source: http://www.computing.co.uk/

14 March 2008 – IBM Beefs up ID Management with Encentuate

Financial details of acquisition not disclosed.

IBM has announced the acquisition of Encentuate, a privately held provider of identity and access management software.

Encentuate offers enterprise single sign-on technologies and integration of strong authentication. IBM will integrate the firm into its Tivoli division.

“IBM has made a strategic decision to acquire Encentuate because customers are increasingly seeking a complete identity and access management solution with IBM quality and support,” said Al Zollar, general manager of IBM Tivoli software.

More: IBM Beefs up ID Management with Encentuate

Source: http://www.computing.co.uk/

14 March 2008 – A German’s Hard Disk Is His Castle

Germans became the best-protected users of computers and the Internet today when the Federal Constitutional Court set out strict rules for government agencies anxious to spy on their hard disks. The decision was widely viewed as a slap in the face for Wolfgang Schaeuble, the hard-liner Interior Minster who has been proposing that law enforcement agencies be given broad powers to monitor the computers and e-mails of suspects on their own authority. No, the court said, you have to ask a judge first. And if during the course of an authorized surveillance the police also happen to stumble across highly personal data, then it is their obligation to erase it “immediately”.

More: http://blogs.kuppingercole.de/cole/

Source: http://blogs.kuppingercole.de/

13 March 2008 – Experts Wary Over ID Card Plan

Home Office slows ID card rollout as independent Treasury study recommends fast implementation.

The government’s failure to take on board the recommendations of independent reports on the national identity card scheme may lead to faults and extra cost, warn experts.

Last week, home secretary Jacqui Smith announced plans for a slower rollout of the £5.4bn ID cards programme, with the government retaining control of the national identity register.

But in a Treasury-commissioned report, also released last week, former HBOS chief executive Sir James Crosby recommends a fundamentally different, consumer-led approach.

More: Experts Wary Over ID Card Plan

Source: http://www.computing.co.uk/

13 March 2008 – IBM Buys Encentuate to Boost ID Management

Encentuate purchase will boost access and ID management in IBM’s Tivoli arm.

IBM has acquired Encentuate, an access and ID management solutions provider specializing in single sign-on and access management.

The Ecentuate bounty will be integrated into Tivoli software group. IBM called identity management tools, for enterprises, a ‘business productivity tool’, adding in a statement, “It can help reduce the burden of remembering different passwords, rules and user IDs while helping to improve security by automatically managing passwords, rules and user IDs.”

More: IBM Buys Encentuate to Boost ID Management

Source: http://www.computing.co.uk/

13 March 2008 – Identity 2.0 Products Gaining Ground

New technologies lead the way in ID management.

Identity 2.0 technologies are leading the way in identity management, according to research from industry analysts.

Analyst group Kuppinger Cole and Partner analysed the 10 predominant topics and trends in identity management in 2008.

Identity 2.0 continues to receive the support and influence of industry giants, including Yahoo, Google, Microsoft and IBM.

Identity 2.0 platforms are classified as identity verification techniques on the internet using emerging user-centric technologies such as information cards or OpenID.

More: Identity 2.0 Products Gaining Ground

Source: http://www.computing.co.uk/

13 March 2008 – Thousands Of Military ID Cards Missing

The Ministry of Defence is at the centre of a new security row after it emerged an “extraordinary” 11,000 military ID cards were lost or stolen in the past two years.

Opposition parties said the scale of the losses cast fresh doubt on the Government’s plans for a national ID card scheme.

The MoD said it took the issue “very seriously” and steps were being taken to improve general security awareness.

According to figures released in a Commons written answer, some 4,433 ID cards disappeared in 2006 and a further 6,812 went missing last year.

Tory defence spokesman Gerald Howarth said: “This is another example of the Government’s scandalous disregard for the security of our citizens and yet another reason why the public has no confidence in the Government’s ID card plans for the rest of the population.”

More: Thousands Of Military ID Cards Missing

Source: http://news.sky.com/

12 March 2008 – They Lost How Many?

It appears that more than 11,000 military ID cards have been lost or stolen in the last two years, according to the Ministry of Defence.

Some 4,433 went missing in 2006 and 6,812 last year.

We discover this via a PQ from Liam Fox. We then sit here quivering with rage and fear. No get this, if a serving serviceman loses his military ID card he or she is up on charge pronto, at least that was case when I last had one.

There are about 120,000 people in the armed services. At just over 5% that is a major loss rate. But more serious than that. The fact that there are severe penalties for the loss of the MOD ID card makes people take keeping it secure seriously. So with an approximate population of 60 million we could be looking at a loss theft rate of about 3,000,000 per annum. And that is as if there were incentives to keep them safe. Without those incentives the figures are likely to be far higher.

Human ingenuity is just no match for human incompetence.

More: They Lost How Many?

Source: http://englandexpects.blogspot.com/

12 March 2008 – Government Fails to Sell ID Concept

Identity card rollout recommendations are ignored by the government.

It would be easy to be cynical and suggest the government engaged in a bit of press control with the timing of the publication of Sir James Crosby’s report on UK identity management last week.

On the afternoon that home secretary Jacqui Smith announced the latest changes to ID cards, the Treasury-commissioned Crosby study was also quietly released after months of delays ­ – Computing was leaked details of its contents as long ago as last August – ­ see www.computing.co.uk/2197249.

Smith said she was “indebted” to Crosby, but ignored most of his recommendations ­ – not least the widely publicised suggestion that ID cards should be free.

But a detailed look at the Crosby report ­ – which was initiated by Gordon Brown when he was chancellor – ­ reveals a more coherent, workable, and less costly alternative to the increasingly ham-fisted and ever-changing plans for ID cards.

More: Government Fails to Sell ID Concept

Source: http://www.whatpc.co.uk/

10 March 2008 – ID Cards Chief Defends U-turn

The head of Britain’s ID cards project and national identity database has defended the government’s revised ID card plans in the face of allegations of a u-turn after the project was scaled back.

James Hall, director of the Identity and Passport Service (IPS), told silicon.com the revised scheme is likely to cut £1bn off its £5.4bn price tag, that power station workers are likely to join airport workers and Olympic security staff as the first UK citizens in line for the cards and that the cards may be used to prove identity over the internet.

But UK businesses remain critical, with the Confederation of British Industry (CBI) fearing that companies could be liable if they provide inaccurate information to the National Identity Register and expressing unease over the security of the data that will be held on it.

Shadow Home Secretary David Davis launched a further attack, citing the risk of a massive data breach on the system. He said: “It is something very dangerous the government are doing. We would cancel this database.”

More: ID Cards Chief Defends U-turn

Source: http://www.silicon.com/

10 March 2008 – Nothing to Hide, but Plenty to Fear From Ms ID Card

And so they plough on with their “ID” cards, never admitting that the real purpose of these breathing licences is to increase the Government’s power to meddle in our private lives.

Many of you have helped me in my campaign against this unBritish scheme. And we have, in fact, won a small victory.

Ms Smith has now put off plans to force us to be fingerprinted when we renew our passports, probably until 2012.

Originally, this was meant to have started by now, but thousands of people renewed their passports early – to avoid being fingerprinted and to protest – and this has plainly frightened the Home Office. We can still beat this grotesque plan.

More: Nothing to Hide, but Plenty to Fear From Ms ID Card

Source: http://www.dailymail.co.uk/

10 March 2008 – Is There a Sensible Reason for ID Cards?

A national identity database is – on all the evidence we have – extremely unpopular. A Home Office Minister, Beverley Hughes, admitted to Parliament only under duress that the Government’s consultation exercise on what it was then, insultingly, calling an “entitlement card” had been overwhelmingly against the scheme.

It will be extraordinarily expensive. Nobody disputes this – and the dismal record on state IT procurement suggests that we might do well to double or triple the official estimates of how expensive.

And it will, regardless of the issues of principle, be deeply ineffective.

More: Is There a Sensible Reason for ID Cards?

Source: http://www.telegraph.co.uk/

10 March 2008 – ID Cards Are the Ultimate Identity Theft

Computer systems always fail – and the national database will do so big time.

The ID card project is still on track – more or less. Jacqui Smith is just the latest in a long line of Home Office ministers to sell us the benefits of ID cards, while casually informing us of the latest rise in costs or slippage in its implementation schedule. Ms Smith is also yet another Home Secretary who subscribes to the “pixie dust” school of technology: computation is a magic substance to be sprinkled over problems, that, hey presto, then vanish. Little wonder that Britain has an appalling record in government IT projects.

The ID project is one of the biggest computer systems envisaged – far more complex than the failing NHS system. And it’s another disaster waiting to happen. Still the politicians naively claim there will be no problems: it will be totally secure because of biometrics. Apparently iris scans, fingerprints, face-recognition software will all work perfectly, be amazingly cheap to implement – and all foolproof. It must be true, as they’ve been told this by those selling the technology. Baroness Anelay of St Johns, with a group of parliamentarians, was once given a demonstration of a facial recognition system. It failed; indeed the system subsequently crashed, twice. The reason? The baroness was told her face was “too bland”.

More: ID Cards Are the Ultimate Identity Theft

Source: http://www.timesonline.co.uk/

10 March 2008 – ID Card Report Criticises Government’s ‘Uncoordinated’ Approach

Ministers faced embarrassment today following the publication of an official report criticising the way the national identity card programme is being rolled out.

Sir James Crosby’s report, commissioned two years ago by the Treasury, accuses the government of adopting an “uncoordinated” approach to the problem of identity assurance.

It says any national identity card scheme should be free to users, involve minimum amounts of information and not be promoted as an anti-crime initiative.

The Treasury published the review today with minimum publicity, and its release coincided with the home secretary Jacqui Smith’s high-profile announcement of further details of the programme’s implementation.

More: http://www.guardian.co.uk/politics/2008/mar/06/idcards

Source: http://www.guardian.co.uk/

6 March 2008 – Government to Begin Rolling Out ID Cards ‘By Stealth’ Within a Year

The Government has been accused of introducing identity cards by stealth after it was revealed the first of the controversial IDs will be issued early next year.

Workers in sensitive jobs will be required to apply for the compulsory cards in 2009, despite the Home Office postponing the overall scheme until 2012.

Some 100,000 British airport staff and others working in sensitive locations are expected to be affected by the move.

It is thought that “airside” workers including airline staff, baggage handlers as well as workers in duty-free shops, bars and cafes would all have to apply.

Shadow home secretary David Davis said: “It is inconceivable that these workers would not already have full ID verification.

“Therefore the question has to be will this add to airport security or is it a way of getting the British public used to an ID card by stealth – despite an explicit promise from a former home secretary that this programme would not be rolled out in a compulsory fashion without a vote in the House of Commons.”

More: Government to Begin Rolling Out ID Cards ‘By Stealth’ Within a Year

Source: http://www.dailymail.co.uk/

6 March 2008 – First Compulsory ID Cards to Be Announced, Claim Tories

The Conservatives have claimed that the government will announce plans tomorrow to make identity cards compulsory for airport workers.

Shadow home secretary David Davis said he believed Home Secretary Jacqui Smith will make the announcement on Thursday in breach of an undertaking not to introduce compulsion without a prior vote by MPs.

About 100,000 airside staff are expected to be covered in a statement from Smith to MPs, which is thought to be in line with leaks last month indicating a national rollout is being postponed to 2012 but that workers in sensitive locations would be covered sooner.

More: http://www.computing.co.uk/computing/news/2211217/first-compulsory-id-cards

Source: http://www.computing.co.uk/

6 March 2008 – ID Cards Assessment

A fight to keep secret details of two early assessments of the Government’s ID cards scheme began in the High Court. The Office of Government Commerce said that failing to keep the reviews confidential could damage the system of assessing the cost and feasibility of government schemes. Requests had been made to see details of the reviews under the Freedom of Information Act.

More: http://www.timesonline.co.uk/tol/news/uk/article3479159.ece

Source: http://www.timesonline.co.uk/

6 March 2008 – Why We Should Keep an Eye On Those Who Are Watching Us

Our own government is justifying the introduction of ID cards linked to a centralised national data register as a means to combat violent crime, illegal immigration, benefit fraud, identity theft and tax evasion. This seems very plausible and seductive, at first sight. The Last Enemy debunks this illusion by depicting what really happens when the state gets too much power over the individual. Seemingly reasonable measures are open to malign manipulation – either by the state or by rogue elements within it.

This is the direction in which the US and British governments are moving. Faced with the Islamist terror threat, they are increasingly fighting tyranny with tyranny: phone-tapping; 28 days’ detention without charge; control orders; extraordinary rendition and torture. These measures are, of course, no defence of democratic freedoms, but their stealthy subversion.

Our government has concluded that maintaining both security and liberty is too complicated, difficult and costly. Liberty has to be sacrificed for the greater good. This “ends justifies the means” rationale is, as The Last Enemy shows, the slippery slope to an authoritarian, unaccountable state. The future is, I fear, nearer than we think. Britain doesn’t have to end up like this. Resist.

More: http://www.guardian.co.uk/media/2008/mar/03/television.idcards

Source: http://www.guardian.co.uk/

3 March 2008 – Too Much Information

If you think that the worst thing the government can do with all the data it collects about you is lose it in the post, then you haven’t been watching The Last Enemy. Set in the near future, this BBC series is now halfway through exploring Britain as a surveillance society.

In one thrilling scene at the end of the first episode, the lead character, a reclusive mathematician seconded to the government to trial a new super-database, uses a combination of CCTV footage, automatic number plate recognition (ANPR) cameras and facial recognition software, presumably linked to a putative National Identity Register, to track in minute detail the movements and associates of a girl with whom he has fallen in love.

More: http://www.newstatesman.com/200802280039

Source: http://www.newstatesman.com/

3 March 2008 – ID Could Be You

Foreigners living in Britain who don’t buy a new biometric ID card by November will be fined, thrown out, or jailed.

If they don’t get fingerprinted and iris-scanned they’ll be fined £250, rising to £1,000 for further offences. Expulsion from the UK is the next level of punishment.

This regime will eventually apply to all of us, not just foreigners.

Despite ministerial denials, we will face fines and jail if we don’t walk the streets with a Gestapo-style internal passport.

The Home Office is already working on plans for “coercion” to bully us into carrying one of their fancy new ID cards.

Shami Chakrabarti, head of rights group Liberty, accuses the government of using foreigners as “ID card guinea pigs”. She adds: “Anyone who thinks this will be limited to foreign nationals should think again.” She’s right. They are a test bed for the ID repression of everybody.

You have been warned.

More: ID Could Be You

Source: http://www.mirror.co.uk/

3 March 2008 – Internal Passports Reminiscent of the Cold War

Giving evidence to the (House of Commons) Home Affairs Committee on Tuesday, Meg Hillier, Minister for ID cards, said we should see the cards as “passports in-country”.

Such candour from a Home Office minister makes a refreshing change from the usual spin and deception. Perhaps in this apparent new spirit of openness and transparency, the government will be prepared to engage in a rational debate about where its transformational government agenda is taking our society.

Do we wish to live in a country where citizens are controlled by the state; a database state in which the intimate details of our lives are recorded by bureaucrats for administrative convenience?

Under Soviet rule, an internal passport (propiska), officially a record of a person’s address, was required when applying for jobs, for a place in higher education or for obtaining medical treatment.

More: Internal Passports Reminiscent of the Cold War

Source: http://www.theherald.co.uk/

3 March 2008 – ID Cards: £1,000 Fine for Skipping Biometric Scans

In the latest government ID-card plans, people will face fines of up to £1,000 for skipping biometric scans.

Penalties ranging from £125 for not notifying the government of the loss of an ID card to £250 for not applying for a card or missing an appointment for fingerprint and facial scans, were revealed in the Home Office consultation papers.

The fines would apply to foreign nationals entering or living in the UK, who will be required to have ID cards from November, ahead of the cards’ introduction for UK citizens next year.

More: http://news.zdnet.co.uk/security/0,1000000189,39352924,00.htm

Source: http://news.zdnet.co.uk/

28 February 2008 – Internal Passports Reminiscent of the Cold War

Giving evidence to the (House of Commons) Home Affairs Committee on Tuesday, Meg Hillier, Minister for ID cards, said we should see the cards as “passports in-country”.

Such candour from a Home Office minister makes a refreshing change from the usual spin and deception. Perhaps in this apparent new spirit of openness and transparency, the government will be prepared to engage in a rational debate about where its transformational government agenda is taking our society.

Do we wish to live in a country where citizens are controlled by the state; a database state in which the intimate details of our lives are recorded by bureaucrats for administrative convenience?

More: Internal Passports Reminiscent of the Cold War

Source: http://www.theherald.co.uk/

28 February 2008 – ID Cards: £1,000 Fine for Skipping Biometric Scans

In the latest government ID-card plans, people will face fines of up to £1,000 for skipping biometric scans.

Penalties ranging from £125 for not notifying the government of the loss of an ID card to £250 for not applying for a card or missing an appointment for fingerprint and facial scans, were revealed in the Home Office consultation papers.

The fines would apply to foreign nationals entering or living in the UK, who will be required to have ID cards from November, ahead of the cards’ introduction for UK citizens next year.

Foreigners persistently failing to apply or turn up for scans face a charge of up to £1,000, but there would be a reduction in the fine of up to £100 for anyone who could prove extenuating circumstances for non-compliance.

More: ID Cards: £1,000 Fine for Skipping Biometric Scans

Source: http://news.zdnet.co.uk/

28 February 2008 – Minister Defends ID Security

The National Identity Register will have very limited access, stringent security and no risk of ‘discs flying around’, MPs have been told.

Home Office minister Meg Hillier defended the government’s plans for its controversial National Identity Scheme, as she faced questions about data security from a committee of MPs.

Hillier, who has responsibility for identity cards, said it was important to win public confidence in the scheme, particularly following a number of recent cases in which the government had misplaced or lost confidential data.

More: Minister Defends ID Security

Source: http://www.kablenet.com/

28 February 2008 – Punishments Announced for ID Card Offences

Foreign nationals may be fined £250 for a first refusal to apply for an identity card or for damaging their fingertips, according to a draft code of practice released by the Home Office.

Those not applying for an identity card, failing to provide required data or deliberately attempting to damage or destroy biometric identifiers such as fingerprints would initially be fined up to £250, rising by £250 for each further offence, up to £1,000. Parents or carers would pay for their children’s contraventions.

Furthermore, those with limited leave to remain in Britain could have this cut short for three such offences, although the code says that indefinite leave to remain would only be cancelled “in compelling circumstances”.

Lesser fines of up to £125 for an initial offence, rising to a maximum of £500 with repetition, would be imposed for failing to update data such as a holder’s address or not informing the government about a lost, stolen, altered or damaged card.

More: Punishments Announced for ID Card Offences

Source: http://www.kablenet.com/

26 February 2008 – Home Office Claims Over False ID Exaggerated

Meg Hillier, the Home Office minister, cites preventing identity fraud as the main reason for the proposed National Identity Scheme (Letters, February 22), yet her department seems incapable of understanding what identity fraud is, let alone devising solutions to it.

The Home Office claims that the use of false identity currently costs the UK more than £1.7bn a year, yet this figure is grossly exaggerated. It includes £215m for “carousel fraud” [the theft of value added tax from governments in multi-jurisdictional trading], even though Revenue & Customs says this is not ID fraud, and the £505m cost of all bank card fraud, even though Apacs, the trade association for the UK payments sector, says only £37m of this results from ID fraud. Once all the Home Office’s exaggerations are stripped out, the true cost of ID fraud in the UK is only about 10 per cent of that claimed.

More: Home Office Claims Over False ID Exaggerated

Source: http://www.ft.com/

26 February 2008 – We Don’t Need a High-tech Domesday Book

Until very recently, it was a central tenet of government that data held by one department should not routinely be available to another. Indeed, many Acts of Parliament specifically outlaw data sharing because of concern that the state would be able to obtain a comprehensive picture of an individual’s life when it had no need to. Yet these considerations have simply been brushed aside in the past few years, and anyone questioning why this is happening is regarded as a conspiracy theorist or a Luddite.

There is now an assumption that the state should know everything about us and be able easily to access that information. This is justified as being good for us because it facilitates the provision of services that may be to our advantage, and on the grounds that anyone who is unhappy with the prospect must have something to hide.

More: We Don’t Need a High-tech Domesday Book

Source: http://www.telegraph.co.uk/

26 February 2008 – A Modern Means to Confirm and Protect Identity

The National Identity Scheme will provide the UK with a modern means of confirming identity as well as protecting against the rising problem of identity fraud and all the criminal activities that identity fraud enables. I challenge opponents of the scheme to set out how they would go about doing this without implementing something that contained the basic features of what the government is proposing.

More: A Modern Means to Confirm and Protect Identity

Source: http://www.ft.com/

26 February 2008 – Identity Cards ‘Useless in Fight Against Terrorism’

Mass fingerprinting, biometric passports, identity cards and international identity databases will not protect Britain and other European countries from terrorists or criminals.

This startling admission comes in a leaked European Commission report prepared for Home Secretary Jacqui Smith and other EU Home Affairs Ministers.

The report undermines Gordon Brown’s claims about the need for controversial new passports and identity cards to protect the country from terror attacks.

It raises new questions about the true purpose of Government databases, which will store intimate details of everyone in Britain, including their picture, fingerprints and confidential personal information.

More: Identity Cards ‘Useless in Fight Against Terrorism’

Source: http://www.dailymail.co.uk/

25 February 2008 – ID Theft Instances Down, Cost Per Incident Up, Says Javelin

Despite a nationwide decline, identity theft is still a major concern of consumers because criminals have become more creative in how they steal personal information, according to a report released Monday by Javelin Strategy and Research.

The firm’s “2008 Identity Fraud Survey Report” disclosed that identity theft declined 12 percent in the United States last year, a drop of US$6 billion. However, ID theft still accounted for a loss of US$45 billion during 2007.

The report also disclosed that over the past three years, criminals have obtained the majority of stolen personal information from belongings and telephone calls, not the web or email.

The October 2007 telephone survey of 5,000 consumers attributed several factors to the decline, including increased consumer vigilance and awareness, more frequent monitoring of financial account activity and better corporate management of personal information.

Although fraud declined, the cost of individual ID theft cases rose by 25 percent to US$691 per incident, according to Javelin.

More: ID Theft Instances Down, Cost Per Incident Up, Says Javelin

Source: http://www.securecomputing.net.au/

25 February 2008 – Americans’ e-Commerce Conundrum

A new study from the Pew Internet Project casts light on the love-hate relationship many Americans have with e-commerce.

In response to the survey, 78 percent of U.S. Internet users said that online shopping is convenient, and 68 percent said it saves time. Yet, 75 percent said they don’t like giving out personal information like a credit card number over the Internet.

The security risks, real or perceived, are hampering the growth of the Internet economy, said John Horrigan, associate director of the Pew Internet Project and author of the report.

“These inconsistent notions about the online shopping environment show that, even as e-commerce matures, people’s confidence in the security of online shopping remains as an issue,” Horrigan said in a statement. “If people’s worries about security of personal information were eased, the pool of online shoppers would be greater.”

More: http://www.insideid.com/article.php/3728396

Source: http://www.insideid.com/

25 February 2008 – Ukrainian Hacker May Get to Keep Profits

A Ukrainian hacker may be allowed to keep over $250,000 in profits owing to a loophole in US law.

Oleksandr Dorozhko is alleged to have hacked into the servers of Thomson Financial and taken a look at the forthcoming results announcement for IMS Health, hours before its release to the stock market.

Dorozhko placed a series of sell orders on the stock, investing $41,671 of his own money in sell options that would be worthless in three days unless the stock fell.

When the results, which were disappointing, were released the stock fell sharply and Dorozhko made $296,456 on the trade.

More: http://www.computing.co.uk/vnunet/news/2209899/hacker-keep-profits

Source: http://www.computing.co.uk/

25 February 2008 – IT Security Experts Call for National e-Crime Unit

Not one member of the Information Systems Security Association (ISSA) – the largest group of IT security professionals in the UK – believes the country to be adequately equipped to deal with e-crime.

And nearly two thirds (65 per cent) believe the current situation is wholly inadequate.

The results are a strong message to the government, said Geoff Harris, UK president of the ISSA.

“As increasing numbers of the criminal fraternity become aware of this weakness in UK law enforcement capability, the gap between safe online e-commerce and e-crime will continue to spiral out of control,” he said.

More: http://www.computing.co.uk/computing/news/2209871/security-professionals-call

Source: http://www.computing.co.uk/

25 February 2008 – Keeping Up with the Future

A comparison is often made with ID cards on the Continent, yet they are nothing like the UK ID card because they are all governed by strict rules protecting privacy. In Germany, the centralisation of information is forbidden for historical reasons – the twin evils of the Nazi and Stasi regimes.

But plans for the UK ID card are that it will be linked to the National Identity Register, a centralised data bank that can hold up to 50 categories of personal information: current and past places of residence, occupation, driving licence details, education and health records, marital status, a multitude of information and of course, any criminal record, cautions or youthful misdemeanours.

More: http://news.bbc.co.uk/1/hi/magazine/7246763.stm

Source: http://news.bbc.co.uk/

15 February 2008 – Confessions of a Caller-ID Spoofer

He spoofed the HR director’s work phone number, then the number of that guy’s boss, before moving up to a vice president, and finally, the CEO. Says he had no choice. He also says “this thing that I did is bad and should be outlawed.”

This thing that he did is perfectly legal, you may know already, although efforts have been under way to have that rectified.

Background: The major telecom equipment maker whose employ A.G. Bell had recently left owed him thousands in unpaid commissions, he says, yet the HR department stopped returning his calls, instead “hiding behind voicemail.” Spoofing the HR director’s number got his underlings to pick up the phone, at least until they wised to that ploy, at which point Bell – a fictitious name I’m affording him to protect his current job at another telecom vendor – started spoofing numbers right on up to the top of the org chart (not to mention a White House number – seriously).

“Juvenile? Yes,” Bell acknowledges. “Effective at getting past call screeners? Absolutely. Subject to horrible abuse? Totally.”

More: Confessions of a Caller-ID Spoofer

Source: http://www.networkworld.com/

15 February 2008 – Legal Obstacles Delay Federated Identity Management

“Who are you?” is a fundamental question for all online business activities. Whether a company wants to allow employees, contractors or business partners to remotely access its networks, or engage in online commercial transactions, the need to authenticate the identity of the remote party is a critical one.

Moreover, in today’s security-conscious environment, authentication is a legal issue. A company’s legal obligation to provide information security clearly includes a duty to properly authenticate persons seeking access to the company’s computer systems or services. For example, in a recent case brought by the victim of identity theft, the issuer of a credit card was held liable for failing to properly authenticate the identity of the applicant/imposter.

More: Legal Obstacles Delay Federated Identity Management

Source: http://www.networkworld.com/

15 February 2008 – EU Must Educate SMEs on IT Security

The European Union (EU) must co-ordinate efforts to educate the small business community about IT security if it is to keep its place as one of the world’s most advanced digital economies.

Brussels needs to ensure all member state governments are addressing the problem at home as well as providing continent-wide oversight, says the European Network and Information Security Agency (Enisa).

The IT security situation is particularly serious for the small and medium-sized enterprise (SME) sector, according to Enisa security expert Marco Thorbruegge.

More: EU Must Educate SMEs on IT Security

Source: http://www.computing.co.uk/

15 February 2008 – Security Awareness-raising Forum is Launched

A major new initiative was launched today designed to reduce information security failures in organisations by raising security awareness levels.

The Information Security Awareness Forum (ISAF) was commissioned by the advisory board of the Information Systems Security Association (ISSA) and is comprised of professional IT bodies such as the British Computer Society (BCS), Information Seecurity Forum and the Institute of Information Security Professionals (IISP).

More: Security Awareness-raising Forum is Launched

Source: http://www.computing.co.uk/

15 February 2008 – Less Than a Quarter of Us Think ID Cards Will Work

Only 24 per cent of us are convinced that the £5.5billion ID card scheme will achieve its aims, a survey revealed yesterday.

The poll, by the Government’s own Identity and Passport Service, showed that there is widespread scepticism about the plans.

Only 27 per cent of the 2,000 surveyed found it “very believable” that ID cards would disrupt terrorist plots.

Just 29 per cent believed identity fraud would be slashed.

On the matter of making it more difficult for illegals to work in the UK – one of Labour’s key aims for the cards – the figure fell to 24 per cent.

More: Less Than a Quarter of Us Think ID Cards Will Work

Spource: http://www.dailymail.co.uk/

12 February 2008 – FBI Warns of ‘Vishing’ Attacks

The FBI is warning of a dramatic increase in the number of so-called ‘vishing’ attacks that entice mobile phone users into giving up personal banking details.

Vishing works in much the same way as phishing. An email or text message is sent to a user asking them to call the target bank to reactivate a credit or debit card.

“On calling the telephone number, the recipient is greeted with ‘Welcome to the bank of …’ and [is] requested to enter their card number in order to resolve a ‘pending security issue’,” the FBI’s Internet Crime Complaint Center said in an alert.

More: FBI Warns of ‘Vishing’ Attacks

Source: http://www.securecomputing.net.au/

12 February 2008 – IT Heavyweights Join OpenID Project

Google, IBM, Microsoft, VeriSign and Yahoo have become the first corporate board members of the OpenID Foundation, paving the way for an internet-wide single sign-on platform and an end to multiple passwords.

The OpenID Foundation was formed in June 2007 to support and promote technology developed by the OpenID community.

Early members included individuals, students, non-profits and start-ups coming together to develop and promote open identity management on the web.

OpenID is a free application that aims to simplify the online user experience by eliminating the need for multiple user names across websites.

More: IT Heavyweights Join OpenID Project

Source: http://www.computing.co.uk/

12 February 2008 – Alert as College Ejects the ‘Student’ who Isn’t

A Cambridge college is on alert after claims that a man posed as a student for a year and made advances to female undergraduates.

The man, who called himself Tarique Akhtar, was thrown out by porters at Trinity College after complaints from genuine students.

The imposter is alleged to have passed a note to one female student that said: “I can’t stop staring at you”. Another student claims to have heard him say how he found life at Trinity difficult “because there were so many beautiful girls”.

The man has been warned not to come back. But some students say they have seen him in the area in the last few days.

More: Alert as College Ejects the ‘Student’ who Isn’t

Source: http://www.cambridge-news.co.uk/

11 February 2008 – Channel Warned of Rising ID Theft

As fraud figures reach their highest in 13 years, experts urge channel players to be aware of growing identity scams.

Onlookers have warned the channel to be more vigilant against identity theft, as the latest figures from KPMG indicate overall fraud in the UK is on the rise.

According to the analyst’s Forensic Fraud Barometer, £1bn of fraud went to court last year ­ the highest figure since 1995.

Fraud cases going to court fell from 277 to 197 in 2006, however, this figure still remains higher than any other prior to 2005.

More: Channel Warned of Rising ID Theft

Source: http://www.computing.co.uk/

11 February 2008 – Security Pros Confused Over Authentication

Research suggests 70 per cent of corporate authentication systems are insecure.

IT professionals are concerned that they do not have the appropriate security practices in place, according to research by Positive Networks.

The security services provider said that this concern is well founded as 20 per cent of respondents to a survey admitted to a breach that involved loss of sensitive data or access to restricted resources.

Some 70 per cent of respondents also suggested that their current authentication practices were not secure.

Positive Networks interviewed over 300 IT professionals from across the UK on issues relating to security, authentication and other network concerns.

More: Security Pros Confused Over Authentication

Source: http://www.computing.co.uk/

11 February 2008 – The Campaign Group: No2ID

Like many great – and not-so-great – ideas, the No2ID campaign against identity cards and the “database state” started with a trip to the pub.

In less than four years it has become one of the best-known single issue campaign groups.

Public concern about data security is running high at the moment, after the loss of millions of bank details by Her Majesty’s Revenue and Customs and other scandals.

Even Prime Minister Gordon Brown appears to be having a few second thoughts about whether the cards should be compulsory – and the scheme’s introduction was recently delayed by two years.

But in early 2004, when the then Home Secretary David Blunkett first proposed a national identity register, it seemed the only real opposition would come from what Mr Blunkett liked to deride as “airy fairy libertarians”.

Groups attending a public meeting at the London School of Economics in May 2004, where the idea of a campaign against ID cards was first proposed, included Privacy International and Liberty. Speakers included the future Conservative leader David Cameron.

In the pub afterwards, the No2ID campaign was officially born.

More: The Campaign Group: No2ID

Source: http://news.bbc.co.uk/

11 February 2008 – The Last Enemy Turns Eyes on the Spies

Britain is awash with CCTV cameras, and we are scrutinised as never before. Sally Kinnes reports on a drama that lifts the lid on the snooping society.

It is a beautiful, sunny day at the open-air cafe at Kenwood House, in north London, but, even here, Big Brother is watching. The Cyclops eye of a CCTV camera (one of more than 4m nationwide) clocked the tele-vision writer Peter Berry and me coming into the park, and clocked us going out. Presumably, it and others in the park know how long we stayed, where we went and what we did. There was a time when this might have seemed like a good idea, what with the terrorist threat and all. But Berry’s new five-part thriller, The Last Enemy, may make you think again.

More: The Last Enemy Turns Eyes on the Spies

Source: http://entertainment.timesonline.co.uk/

11 February 2008 – If You Have ID Cards, Drink Alcohol

One of the key identifiers of an addiction is that indulgence in it persists long after all the reasons for doing it have turned from good to bad.

A sobered-up Scottish alcoholic once told me the following examplar of alcoholic thinking. A professor is lecturing to a class of alcoholics on the evils of drinking. To make his point, he takes two glasses, one filled with water, the other with alcohol. Into each glass he drops a live worm. The worm in the glass of water lives; the worm in the glass of alcohol dies.

“What,” the professor asks, “can we learn from this?”

One of the alcoholics raises his hand. “If you have worms, drink alcohol.”

In alcoholic thinking, of course, there is no circumstance in which the answer isn’t “Drink alcohol.”

More: http://www.newswireless.net/index.cfm/article/3740

Source: http://www.newswireless.net/

6 February 2008 – Cameras Target Diesel Fumes

London’s congestion charge cameras are being turned on the capital’s most polluting vehicles in a bid to improve air quality

A London-wide Low Emission Zone was launched on 4 February 2008, designed to reduce pollution from diesel engined lorries, coaches and buses. The automatic number recognition cameras used to enforce the capital’s congestion charge are also identifying potential heavy polluters. Information gathered is being linked to the Driver and Vehicle Licensing Authority’s database to identify a vehicle’s emissions standards.

The Low Emission Zone will be introduced in a number of stages, starting with diesel engined lorries over 12 tonnes. Drivers of vehicles which do not meet emissions standards will face a charge of £200. The zone is the first in the UK and the largest of its type in the world, and covers most of Greater London.

More: Cameras Target Diesel Fumes

Source: http://www.kablenet.com/

6 February 2008 – CCTV Talks to Yobs

Barking and Dagenham has become the first borough in London to launch Talking CCTV cameras that rebuke people for anti-social behaviour.

The new technology has been fitted to 16 existing cameras located in busy areas around the borough. The cameras have been fitted with equipment that includes audio cards and loudspeakers that are activated by officers in the Barking and Dagenham’s secure CCTV control room.

If people are spotted dropping litter or otherwise misbehaving, Talking CCTV will deliver a recorded message warning them that they are being monitored. The council said the aim is to get the public to reflect on their behaviour and the example they are setting to others, especially children.

More: CCTV Talks to Yobs

Source: http://www.kablenet.com/

6 February 2008 – Google Launches Security Apps

Google today launched three new online email security and archiving packages in a move designed to broaden out its Google Apps platform and offer firms of all sizes a cheap, flexible alternative to managing in-house messaging security and compliance technology.

The three offerings are compatible with any mail system and can be bought as standalone services or as part of the Google Apps Premier Edition, said the firm’s Dave Armstrong. They are built on technology which came with the acquisition of on-demand security vendor Postini last summer.

More: Google Launches Security Apps

Source: http://www.computing.co.uk/

6 February 2008 – Google Apps Adds Email Security

Google has added a range of email security packages to Google Apps, offering message filtering, encryption, discovery and archiving services.

The new security services work with any email system, including Lotus Notes, Microsoft Exchange and Novell GroupWise, and range from £1.50 to £12.50 per user per year.

“As threats rise in volume and complexity, and compliance requirements pile up, IT is struggling to find the resources to keep up,” said Scott Petry, director of product management at Google.

More: Google Apps Adds Email Security

Source: http://www.computing.co.uk/

6 February 2008 – Poll Shows Growing Opposition to ID Cards Over Data Fears

The number of people strongly opposed to the introduction of a national identity card scheme has risen sharply, according to the results of an ICM poll to be published today.

Those campaigning against ID cards said last night that the poll, with results showing that 25% of the public are deeply opposed to the idea, raises the prospect that the potential number of those likely to refuse to register for the card has risen. If the poll’s findings were reflected in the wider population, as many as 10 million people may be expected to refuse to comply.

The ICM survey also shows that a majority of the British people say they are “uncomfortable” with the idea that personal data provided to the government for one purpose should be shared between all Whitehall-run public services.

More: Poll Shows Growing Opposition to ID Cards Over Data Fears

Source: http://www.guardian.co.uk/

4 February 2008 – Could NAC Be Juniper’s Not-So-Secret Weapon?

Analysts say built-in NAC key to Juniper’s Ethernet switch foray.

By Tim Greene, Network World, 01/31/08

Juniper Networks’ EX switches announced this week — the company’s first for the enterprise market — support a homemade version of network-access control that may be a helpful selling point, industry experts say.

“You can’t come into the LAN switch market and say, “I’ve got something that’s just as good as everybody else,” says Phil Hochmuth, an analyst with the Yankee Group. “You need something to set it apart. I think it’s the NAC integration.”

“If Juniper wants to displace the current vendors — Cisco and HP ProCurve in particular — then it needs an equally strong access-control story,” says Rob Whiteley, an analyst with Forrester Research. “I think Juniper’s UAC [Unified Access Control] delivers that, especially with the standards-based emphasis Juniper has been pushing for a while now.”

More: Could NAC Be Juniper’s Not-So-Secret Weapon?

Source: http://www.networkworld.com/

4 February 2008 – 5 Critical Security Questions That IT and Corporate Leaders Are Asking

Getting the answers to who, what, when, where and why regarding network security.

Technology Executive Alert Newsletter  By Linda Musthaler and Brian Musthaler, Network World, 01/28/08

Who, what, when, where, and why? When it comes to network security, these are the five critical questions that IT and corporate leaders are asking. As pressure mounts for companies to protect their information assets from unintentional disclosure and to maintain compliance with a growing number of policies and regulations, it’s becoming more important to know exactly who is doing what on the network as it is happening.

While only a human can answer the question of “why?” numerous tools individually help organizations manage and answer parts of the “who,” “what,” “when” and “where” questions. Tools like intrusion detection systems (IDS), security information management (SIM), network access control (NAC), and network behavior analysis (NBA) all provide good details that paint portions of a picture. The complete picture, however, is like one of those connect the dots drawings; the details are all there in different silos (e.g., users, assets, applications), but sometimes additional resources are required to match/reconcile results to reveal the picture in its entirety.

More: 5 Critical Security Questions That IT and Corporate Leaders Are Asking

Source: http://www.networkworld.com/

4 February 2008 – Confusion Reigns Over UK ID Cards

Plans for the introduction of identity cards in the UK have been thrown into confusion after leaked government memos cast doubt on the future of the project and two key backers pulled out.

BAE Systems and Accenture have both announced that they are pulling out of the plan, which could cost individuals up to £500 each.

“At this stage of the competition our assessment is that our bid would not contain every element necessary to deliver to the customer’s requirement. We continue to monitor the programme with interest,” BAE told Reuters.

More: Confusion Reigns Over UK ID Cards

Source: http://www.computing.co.uk/

4 February 2008 – Routine Fingerprinting at Heathrow Provokes Outrage

Civil Liberties campaigners have accused airport chiefs of sneaking in mandatory fingerprinting of passengers on domestic routes without proper consultation. Heathrow Airport has quietly introduced compulsory fingerprinting and photographic profiling of passengers on domestic routes, including to Glasgow and Edinburgh, ahead of the opening of its fifth terminal late next month.

The move has already caused disquiet among some passengers who were handed leaflets warning they would be barred from their flights unless they co-operated.

Anti-ID card campaigners have demanded to know why no public announcement was made and fear compulsory fingerprinting is smoothing the path for the controversial scheme’s introduction UK-wide.

The British Airports Authority (BAA), which operates Heathrow, claims the profiling is needed because the new terminal will have a single departure lounge for domestic and international travellers.

More: Routine Fingerprinting at Heathrow Provokes Outrage

Source: http://www.sundayherald.com/

4 February 2008 – Our State Collects More Data Than the Stasi Ever Did. We Need to Fight Back.

This has got to stop. Britain’s snooper state is getting completely out of hand. We are sleepwalking into a surveillance society, and we must wake up. When the Stasi started spying on me, as I moved around East Germany 30 years ago, I travelled on the assumption that I was coming from one of the freest countries in the world to one of the least free. I don’t think I was wrong then, but I would certainly be wrong now. Today, the people of East Germany are much less spied upon than the people of Britain. The human rights group Privacy International rates Britain as an “endemic surveillance society”, along with China and Russia, whereas Germany scores much better.

More: http://politics.guardian.co.uk/comment/story/0,,2249468,00.html

Source: http://politics.guardian.co.uk/

30 January 2008 – ID Cards Scheme Wobbles

The programme for the introduction of national ID cards is looking increasingly uncertain, as potential suppliers Accenture and BAE bowed out of the ID card bidding process.

Dominic Trott, a consultant at Pierre Audoin Consultants (PAC) said that the exit of Accenture and BAE highlights the fact “suppliers are feeling shaky”.

Graham Titterington, Ovum analyst, added, “Companies are becoming doubtful [about the ID cards scheme] due to large costs, political doubt and the risk of not winning a contract.”

More: ID Cards Scheme Wobbles

Source: http://www.computing.co.uk/

30 January 2008 – PGP Updated to be a Good Citizen

PGP has updated a number of components in its flagship PGP Encryption Platform to improve performance, functionality and make it less obtrusive to the user.

Three of the six tools have received a significant overhaul while the other three received only minor performance tweaks, according to John Dasher, director of product management for PGP. The release is officially dubbed PGP Encryption Platform 9.8-2.8.

Overall, PGP’s efforts behind this release were to make its security product play better with your system, said Dasher. “One of the things we’re constantly concerned about is the deployment and maintenance experience of the product line,” he told InternetNews.com. “We recognize one of the larger concerns is how do you live with it.”

More: PGP Updated to be a Good Citizen

Source: http://www.insideid.com/

30 January 2008 – IPS Leak Suggests ID Card Fingerprint Chop

A key component of the UK ID card scheme, the central database of fingerprints, may be abandoned, according to a leaked Home Office document obtained by the Observer. The document doesn’t suggest entirely scrapping fingerprints, but instead suggests that their value should be assessed for each group of the population enrolled.

So how does that work? Well, for the ID scheme as originally planned, it clearly doesn’t. From David Blunkett onwards Home Office ministers have presented biometrics as the system’s USP, the one single factor that makes it entirely certain (in their view) that you are who you say you are. And, they have claimed, the ability to check those biometrics against a central register would give us the ‘gold standard’ of identity. But if you don’t necessarily collect everybody’s fingerprints, then you don’t have a complete national biometric register, so you might as well save yourself a pile of money, chuck away any notion of online biometric checks as a matter of routine, and forget any ideas you still had about a national biometric register.

More: http://www.theregister.co.uk/2008/01/28/id_cards_chop_fingers/

Source: http://www.theregister.co.uk/

30 January 2008 – The Leaked Document On ID Cards

THIS is, as it is claimed, the scan of an internal document of the Identity and Passport Service. It’s about the plans for the UK’s identity card scheme…

More: http://www.anorak.co.uk/politicians/180005.html

Source: http://www.anorak.co.uk/

30 January 2008 – Forget Passports – Teachers and Kids Are the New ID Card Targets

Teachers and 16 year olds are the favoured ’soft targets’ for the redesigned ID card scheme rollout, according to an Identity & Passport Service planning document seen by The Register. As suggested in leaks last weekend, IPS now plans to soft-pedal fingerprints and – astoundingly – it seems on the point of abandoning the notion of forcing ID cards onto the public via passport renewals.

The document, National Identity Scheme Options Analysis – Outcome, appears to be a summary report of strategic planning sessions which took place at the end of last year, and has more than a smack of desperation about it. Although e-borders and immigration, ‘counting them all in and counting them all out’ has been the main focus of the government’s identity sales pitch over the past year, and identity cards are a key component of the full e-borders picture, actually doing it turns out to be too hard, too expensive, and the benefits “narrow in nature”. Yes, Immigration Minister Liam Byrne has precious little else to talk about, but no, that’s not how they’re planning to do it.

More: Forget Passports – Teachers and Kids Are the New ID Card Targets

Source: http://www.theregister.co.uk/

28 January 2008 – No ID, No Problem

In the two years since legislation for a UK national identity card scheme gained royal assent, the case against the multi-billion pound programme has become overwhelming. The government’s arguments in favour have crumpled. Now, if leaked official documents are to be believed, its roll-out is to be delayed until 2012. Some investors, concerned that it is not worth the wait, are already walking away. Gordon Brown inherited this deeply flawed plan from his predecessor as prime minister. He should follow his instincts and abandon it altogether.

More: No ID, No Problem

Source: http://www.ft.com/

28 January 2008 – ID Cards May Be Issued by Coercion, Says Leaked Memo

The Government is looking at using “coercion” tactics as a way of introducing the controversial ID card scheme, a leaked memo suggests.

The Home Office document said that young people could be made to apply for an ID card when they applied for a driving licence.

Gordon Brown has always insisted that ID cards would remain voluntary unless Parliament decided otherwise. But the latest memo – headed Options Analysis – suggests that officials are already thinking about how they can be made compulsory.

It states: “Various forms of coercion, such as designation of the application process for identity documents issued by UK ministers (eg, passports) are an option to stimulate applications in a manageable way.

“There are advantages to designation of documents associated with particular target groups, eg, young people who may be applying for their first driving licence.”

More: ID Cards May Be Issued by Coercion, Says Leaked Memo

Source: http://www.timesonline.co.uk/

28 January 2008 – Costs Set to Rule Out Register of Fingerprints

The future of the UK’s identity card scheme was thrown into further confusion last night after it emerged that the Home Office is looking to scrap one of its key components – a national register of fingerprints.

More: Costs Set to Rule Out Register of Fingerprints

Source: http://observer.guardian.co.uk/

28 January 2008 – Tory Leaders in Street Protest at Plan for ID Cards

Scottish Tory leaders took to the streets yesterday to protest against government plans for compulsory identity cards.

Annabel Goldie and David Mundell led a group of party supporters outside the Passport Office in Glasgow highlighting what they claim is the ineffectiveness and unfair cost of ID cards.

They argued that money needed to introduce and maintain the system would be better spent on improving security at the country’s borders, if prevention of terrorism was a desired outcome.

More: Tory Leaders in Street Protest at Plan for ID Cards

Source: http://www.theherald.co.uk/

25 January 2008 – Companies Abandon ID Card Project

Two prominent companies have pulled out of the procurement process for the controversial multi-billion pound identity card programme amid growing concerns that the government is planning to delay the roll-out of the project.

The Financial Times has learnt that the IT services company Accenture and the defence company BAE Systems have decided not to pursue contracts linked to the biometric identity card system, with IT experts warning that some suppliers are growing increasingly frustrated with the government’s indecision.

More: Companies Abandon ID Card Project

Source: http://www.ft.com/

25 January 2008 – Delay Tactics

Tony Blair regarded ID cards as an election winner. He pledged that legislation to make them compulsory would form a “major plank” of Labour’s next election manifesto. Under Gordon Brown it now looks clear that will be no such pledge.

Any decision on compulsory ID cards could be delayed until after 2020 even if ministers stay committed to the scheme and there is no change in government and technological problems, concerns about cost and shifting public attitudes don’t cause yet more delays.

More: Delay Tactics

Source: http://www.bbc.co.uk/

25 January 2008 – National ID Cards Scheme Delayed Until 2012

The Government’s national identity card scheme was “in the intensive care ward” after leaked documents showed plans to issue UK citizens with the cards have been delayed until after the next election.

Amid growing doubts that the multibillion pound scheme will ever see the light of day, a confidential Home Office report suggests that the widespread introduction of cards for British nationals will not come until 2012 at the earliest.

That is two years later than the Government has previously stated. It would also ensure that the general introduction of ID cards took place well after the next election, which must be held by May 2010 at the latest.

More: National ID Cards Scheme Delayed Until 2012

Source: http://www.telegraph.co.uk/

25 January 2008 – The National ID Register Will Leak Like a Battered Bucket

The government is going to introduce a single system for all our identities. And I promise, you can’t trust it. First, it will leak like a battered old bucket. Oh yes, there will be ministerial statements. Apologies. Inquiries. Expensive new IT consultants will be brought in. Tough and unbreakable procedures will arrive. And still it will leak like a battered old bucket – except that it will be the most expensive battered old bucket in the history of the world, and we will keep pouring in money to the IT industry in the years to come.

Second, it will be riddled with errors. Great-grannies will be jumped on by armed police at Newcastle airport because of an administrative or human error. Identities will be confused. And third, whatever promises there are about keeping some things, health things, or criminal record things, off one database, these walls will be breached. There is always an emergency, a special case, on the way.

This is a fantasy of control. Whatever Des Browne says today, whatever promises he makes, however rare and unusual he says the loss of this laptop was, the truth is in the record. The national identity register will make us less safe, not more so. However late the hour, it should be scrapped.

More: The National ID Register Will Leak Like a Battered Bucket

Source: http://politics.guardian.co.uk/

25 January 2008 – Sorry? Then Scrap the ID Database

Now it is the Defence Ministry’s turn to be caught leaving highly sensitive personal information lying around where anyone could pick it up.

The implications of this are specially bad, given the size and urgency of the terrorist threat, and no efforts should be spared in recovering the lost computer and finding out who has seen the data it held.

But there is a more general point here.

These incidents are becoming so common that it is time the Government stopped apologising – which is welcome but makes no practical difference – and began to examine the problem with honesty and clarity.

There is no good reason for low-level Government employees to have such easy entry to databases containing so much highly personal material.

More: Sorry? Then Scrap the ID Database

Source: http://www.mailonsunday.co.uk/

25 January 2008 – NAC votes against Identity Cards

The government’s plans to introduce ID cards received a fresh blow today as North Ayrshire Council voted not to co-operate with any introduction of the controversial documents.

A motion introduced by Tony Gurney, SNP Councillor for Ardrossan and Arran, called on the council to write to the Home Office informing them that North Ayrshire Council will not take part in any voluntary pilot scheme or feasibility work related to the National Identity Scheme.

Speaking during the council meeting, Councillor Gurney pointed out that the cost of introducing ID cards is estimated to be £18bn. Terminals to use the cards, (paid for by council tax payers), will cost £4000 each; money that could be far better used for providing local services. He described the proposal for ID cards as ‘an attack on civil liberties’, involving huge expense as yet un-costed by the government, and added, ‘It is without a doubt a system the council should reject wholeheartedly.”

More: http://www.arranvoice.com/detail.php?id=2818

Source: http://www.arranvoice.com/

25 January 2008 – ID Cards Not Welcome in Wales

A Welsh Liberal Democrat debate calling for ID Cards not to be used to access public services in Wales has been passed with unanimous cross party support.

The vote guarantees that any move to introduce ID cards by Labour in Westminster will have no impact on access to health and education services in Wales.

Mike German, leader of the Welsh Liberal Democrats, said: “This is a powerful message to Westminster: Wales is not interested in ID cards.

“Last time we voted on this motion the Labour Party abstained. Today, they are in support. We were expecting someone on the Labour benches to stand up and defend their party’s policy, to explain the case being put forward in Westminster. But no. Not one single Labour AM has stood up. We’ve heard absolutely nothing from the Labour Assembly Members.”

More: http://www.newswales.co.uk/?section=Politics&F=1&id=12922

Source: http://www.newswales.co.uk/

25 January 2008 – Immigrant ID Cards and Border Checks Slip Towards 2009

Immigration minister Liam Byrne has concealed what looks like further ID card slippage and set himself a remarkably unchallenging series of immigration and border control targets in a “ten point plan” for 2008. Humorously described by the Home Office as “challenging”, the plan consists largely of low targets, targets already achieved, and harder targets lobbed off into the middle distance.

More: Immigrant ID Cards and Border Checks Slip Towards 2009

Source: http://www.theregister.co.uk/

25 January 2008 – I’m One of ‘Them’

If Gordon Brown has his way I’ll soon be forced to choose between my husband and my liberty. As a Canadian resident in the UK, beginning this year I’m required to carry an ID card under the Labour government’s national identity cards scheme. As Brown put it in last week’s prime minister’s questions: “I suggest the whole of the country supports ID cards for foreign nationals.” According to the ID cards website, this means that when I fork out another 500 quid to extend the “temporary leave to remain” I was granted when I married an Englishman, I’ll be “eligible” to apply for an ID card, which I will be compelled to acquire.

More: I’m One of ‘Them’

Source: http://commentisfree.guardian.co.uk/

22 January 2008 – The Best Virtues of British Medicine Are in Grave Peril

Patients are still seen and treated on the basis of mutual trust and respect and on a continuing basis that lasts far longer than individual episodes of illness. We still treat our list of patients and act as their advocates within an increasingly complicated NHS system. Most doctors and their patients still believe in personal care, a lifelong, confidential medical record and the virtues of treating people in the context of families and loving relationships.

Why, then, is all this now in great danger? For the answer, we have to look south of the border – paradoxically under a Prime Minister brought up in Fife, educated in Edinburgh and elected to Westminster by Scottish voters. The English NHS is set to dismantle the very basis of personal care by doctors serving a defined list of patients on the grounds of fashionable competition and privatisation. The key vehicle for this change is dilution of the confidentiality of the personal medical record, recklessly allowing its details to be automatically sucked from practice computers on to what is known as “the spine” – an electronic database to be available to anyone within the NHS “family”.

Connecting for Health, the latest massively expensive governmental IT disaster, is promoted as essential for the emergency care of any patient who turns up unannounced at a hospital, but the dangers of information incontinence within the NHS, the largest single employer in Europe, is conveniently forgotten. Already there are instances of illicit access to the records of celebrity patients. The real reason for this dangerous innovation, of course, is not patient care, but so that the English Department of Health can offer general practice contracts to alternative providers – commercial companies that propose to offer primary care through the same supermarkets and high street outlets that seem to have captured the imagination of the spotty adolescents who populate the No 10 Policy Unit.

More: The Best Virtues of British Medicine Are in Grave Peril

Source: http://www.theherald.co.uk/

22 January 2008 – New Leaked Data Fiasco

First of all she was both a doctor and a patient, a woman who when young suffered a rare and serious life-threatening condition. This made her of interest to researchers.

According to the High Court statement her private medical details, in fully identifiable form, were disseminated widely for the purposes of research and passed to her employers despite her withholding consent.

She contacted Addenbrooke’s hospital, where the researchers were based, to complain about the unobtrusive (sic) phone calls. She also asked for her details to be removed.

They and the East Anglian cancer registry refused repeatedly until ordered by the court. The latter alleged that the claimant’s statement was not true, because it was ‘not possible’ that her details could be held there.

In fact, it was true. All her private medical details were there. They were forced to apologise. Although it took them five years.

It is also clear from the court documents, that the claimant and her colleagues were expected to do research using fully identifiable patient medical records/data. When she raised her concerns to her employers she was placed on special leave and suspended.

She was forced to spend the next three years fighting the libel action allegations made against her. It would appear because some people did not like her questioning of how data was held.

Why did the PCT and Addenbrooke’s react so strongly to her asking for her private medical details to be removed from the register? Neither would comment.

More: New Leaked Data Fiasco

Source: http://www.channel4.com/

22 January 2008 – Brown Gives Himself ‘Wriggle Room’ on ID Cards Scheme

The commitment of Gordon Brown to identity cards was in question last night after he declined to say if he personally supported making them compulsory.

The scheme is due to be rolled out to foreign nationals this year and on a voluntary basis to Britons renewing their passports from 2009. Under the Government’s plans, they would be made compulsory in the next decade following a vote in Parliament.

Downing Street and the Home Office insisted that the scheme was on track. But opponents of identity cards detected a softening in the Prime Minister’s enthusiasm following a series of scandals over the loss of personal data by government departments.

More: Brown Gives Himself ‘Wriggle Room’ on ID Cards Scheme

Source: http://news.independent.co.uk/

22 January 2008 – Is It or Isn’t It? Brown Keeps Bottling the ID Card Question

For the third time in four days, Gordon Brown has sown doubts about the future of compulsory ID cards for UK citizens. Speaking at prime minister’s question time today, Brown confirmed that it was “policy” for ID cards to become compulsory, but added the rider that this was subject to a vote in parliament.

As indeed is the case, but speaking to the Observer on Sunday, Brown had said that under the government’s “proposals” there was “no compulsion for existing British citizens.” When Tory leader David Cameron queried this in the Commons today, Brown responded that “it has to be voted on by parliament”, his apparent contention being therefore that there is no current compulsion, the government would like compulsion, but that compulsion nevertheless cannot exist until parliament has said that it will. Or something like that.

More: Is It or Isn’t It? Brown Keeps Bottling the ID Card Question

Source: http://www.theregister.co.uk/

22 January 2008 – Marking Gordon’s Card

Is the government backtracking on its plan to make each and every one of us have an identity card? That’s one possible interpretation of Gordon Brown’s statement in his weekend Observer interview that “under our proposals there is no compulsion for existing British citizens”. On the face of it, this is a big retreat from the current policy set out by the Home Office in a strategic action plan just over a year ago. Although the current law, passed in 2006, doesn’t make it compulsory to register for an ID card, the government has always made it plain that this is only a matter of time. According to the strategic action plan, “It is the government’s policy that registration in the NIS should eventually be compulsory for all those resident in the UK who are over the age of 16″.

As a former Kremlinologist used to studying the fine print, it seems to me there are three ways to read this Delphic statement. First, Brown simply misspoke and muddled up the existing law with the government’s proposals for the next stage of the scheme. Second, he was deliberately trying to pull the wool over the eyes of liberal-minded Observer readers who’ve been reading Henry Porter’s columns. The third intriguing possibility is that some genuine rethinking is going on over the scale and timing of the ID scheme.

More: Marking Gordon’s Card

Source: http://commentisfree.guardian.co.uk/

21 January 2008 – Clarkson Stung After Bank Prank

TV presenter Jeremy Clarkson has lost money after publishing his bank details in his newspaper column.

The Top Gear host revealed his account numbers after rubbishing the furore over the loss of 25 million people’s personal details on two computer discs.

He wanted to prove the story was a fuss about nothing. But Clarkson admitted he was “wrong” after he discovered a reader had used the details to create a £500 direct debit to the charity Diabetes UK.

More: Clarkson Stung After Bank Prank

Source: http://news.bbc.co.uk/

21 January 2008 – Not fit for purpose: £2bn Cost of Government’s IT Blunders

The cost to the taxpayer of abandoned Whitehall computer projects since 2000 has reached almost £2bn – not including the bill for an online crime reporting site that was cancelled this week, a survey by the Guardian reveals.

The failure of the multimillion pound police site marks the latest chapter in the government’s litany of botched IT projects, with several costly schemes biting the dust. Major blunders overseen by Downing Street have included the Child Support Agency’s much-derided £486m computer upgrade – which collapsed and forced a £1bn claims write-off – and an adult learning programme that was subjected to extensive fraud.

More: Not fit for purpose: £2bn Cost of Government’s IT Blunders

Source: http://www.guardian.co.uk/

21 January 2008 – Just Don’t Do it: a Motto for Gordon

Dear Gordon

(…)

You should do exactly the same with the ruinously costly national ID card scheme. The data management fiascos have proved that government cannot cope with more information. Nobody has given a convincing argument for a national ID scheme – and anyway, you will incite a revolution if you try to force the British to carry compulsory identity cards like the Germans and French. You may believe that you have no alternative but to carry on with a programme to which you are publicly committed. But if you are banging your head against a brick wall, there is always an alternative: stop doing it.

More: Just Don’t Do it: a Motto for Gordon

Source: http://www.timesonline.co.uk/

21 January 2008 – We Have Everything to Fear from ID Cards

We start the year in Britain with a challenge to our essential nature, for 2008 might turn out to be the year when we decide to rip up the Magna Carta.

Among the basic civil rights in this country, there has always been, at least in theory, an inclination towards liberal democracy, which includes a tolerance of an individual’s right to privacy.

We are born free and have the right to decide what freedom means, each for ourselves, and to have control over our outward existence, yet that will no longer be the case if we agree to identity cards.

More: We Have Everything to Fear from ID Cards

Source: http://www.telegraph.co.uk/

21 January 2008 – Give Them Up for New Year

As he looked back on a year that was going so right until it went horribly wrong, the prime minister yesterday received unsolicited advice from the new Liberal Democrat leader about how to ensure 2008 turns out more happily. Scrap ID cards, Nick Clegg urged. He objects to the cards on fundamental grounds, claiming he would rather go to jail than carry what he sees as a pernicious piece of plastic. Such talk may be grandstanding: it is doubtful that the plans would see refuseniks locked up. But it is not necessary to be a would-be outlaw or an extreme libertarian to appreciate that giving up ID cards is one new year resolution that Gordon Brown should make.

More: http://politics.guardian.co.uk/comment/story/0,,2233787,00.html

Source: http://www.guardian.co.uk/

17 January 2008 – Clegg Pledging to Fight ID Cards

The new Lib Dem leader has pledged to campaign “tirelessly” against “expensive, invasive” ID cards in 2008.

Nick Clegg said the recent data loss “scandals” had created a lack of public confidence in the government’s ability to look after personal information.

His comments were made in his New Year message to the Lib Dem party.

More: Clegg Pledging to Fight ID Cards

Source: http://news.bbc.co.uk/

17 January 2008 – Beware the State’s ID Card Sharks

If Gordon Brown picks one failure from his first six months to learn from, it should be the loss of 25m people’s personal details. If he makes one resolution for 2008, it should be to scrap his reckless plan to introduce compulsory ID cards.

“Discgate” was the result of ministerial incompetence, but also flawed policy. As chancellor, Brown relentlessly pursued his forlorn vision of a “joined-up identity management regime” across public services. As prime minister, he continues this vain search, like an obsessed alchemist, for a giant database that his closest advisers ominously refer to as a “single source of truth”.

More: Beware the State’s ID Card Sharks

Source: http://www.timesonline.co.uk/tol/news/

17 January 2008 – The Precious Gift of Parental Neglect

Here’s a sad little note to temper the cheer: a study published last week, by University College London, concluded that children who are let out to play unsupervised grow up to be healthier and more sociable. Healthier because, it was found, children without adults in tow burn up more calories in heightened energy, thus warding off obesity, and more sociable as a result of independence and self-reliance ? benefits whose loss, says the leader of the study, Roger Mackett, carry many and grave implications. What makes this so sad is not that the professor is right; it is that there is scant chance of anyone taking a blind bit of notice.

More: The Precious Gift of Parental Neglect

Source: http://www.timesonline.co.uk/

17 January 2008 – Chattering Classes Deserve a Debate About e-Government

Look on the bright side, as the directors of the White Star shipping line might have said in April 1912: at least people are talking about us now. In the continuing fallout from the child benefit disc disaster, the government’s IT chiefs can draw one small consolation: the “transformational government” programme to join up public services through IT is now on the chattering classes’ agenda.

Intelligent citizens have begun to grasp that the 10-year-old programme to offer citizens joined-up electronic access to government (and government to citizens) is the biggest change to the government machine for 60 years, since the birth of the welfare state. The chattering is mainly hostile, of course, with a consensus that e-government will create a snooper’s paradise or a permanent milch cow for IT consultancies. Or both.

More: Chattering Classes Deserve a Debate About e-Government

Source: http://www.guardian.co.uk/

17 January 2008 – Just a Few Key-strokes Away from a New Orwellian Age

So the records of three million UK driving test applicants go missing in Iowa. These things happen. For the government of Britain, with unprecedented and unparalleled ambitions to gather and retain personal information, these things happen with increasing, if predictable, frequency.

Perhaps it concerns you. If not, it should, at least according to the government that keeps on losing the stuff. When not mislaying 25 million child benefit records, or information on three million people with hopes of mastering driving theory, ministers and civil servants are keen to remind us of the need for vigilance. Identity theft is a large and growing problem, they say. Larger after their recent efforts, perhaps, than before.

More: Just a Few Key-strokes Away from a New Orwellian Age

Source: http://www.theherald.co.uk/

16 January 2008 – Tory clone? Stop pulling my Clegg

New Liberal Democrat leader Nick Clegg gets understandably irritated when people compare him to his Conservative counterpart, David Cameron.

The two men are both in their 40s, went to public school and may now find themselves trying to appeal to the same sections of the electorate. But, so far as Clegg is concerned, there the similarities end.

He rejects suggestions he is on the right in Lib Dem terms and dismisses claims he is a Cameron clone.

More: Tory clone? Stop pulling my Clegg

Source: http://news.scotsman.com/

16 January 2008 – Primarolo Admits Ignorance Over Data Losses by Nine NHS Trusts

Ministers faced embarrassment over more mislaid data yesterday when they were forced to admit that they did not have details on what information had been lost by nine NHS trusts.

The loss of data potentially covering tens of thousands of patients’ records has been disclosed to the Department of Health by the trusts and to the information commissioner.

Ministers will be worried that the loss will further undermine confidence in the department’s plans for a new computer database of all NHS patients’ records.

More: Primarolo Admits Ignorance Over Data Losses by Nine NHS Trusts

Source: http://politics.guardian.co.uk/

16 January 2008 – NPIA Dismisses FBI Biometric Link

The National Policing Improvement Agency has denied there are plans to share biometric data with the US Federal Bureau of Investigations (FBI)

A spokesperson for the NPIA told GC News on 15 January 2007 that it was not participating in any discussions on the Server in the Sky project.

This follows a report in The Guardian that UK police officials have been talking to the FBI about making biometric information on criminals and suspects available on both sides of the Atlantic.

The spokesperson said the project had only been raised as an idea at a meeting of the International Information Consortium, a consultatitve group on policing technology of which the UK, US, Canada, Australia and New Zealand are members.

More: NPIA Dismisses FBI Biometric Link

Source: http://www.kablenet.com/

16 January 2008 – Home Office Completes Visa Fingerprint Roll Out

Measures to strengthen the UK’s borders by carrying out biometric checks on visa applicants have been completed early.

Home Office minister Liam Byrne has announced that the UK is now carrying out biometric checks on all via applicants, three months ahead of schedule and several million pounds under budget.

Anyone applying for a visa from 133 countries covering 75% of the world’s population now have their fingerprints checked against UK databases. Biometric checking has already identified nearly 500 cases of identity swapping, according to the Home Office.

In one case, the fingerprints of a Zambian national applying for a visa were discovered to match an asylum claim in 2001 from a Sierra Leone national with a different identity.

More: Home Office Completes Visa Fingerprint Roll Out

Source: http://www.kablenet.com/

16 January 2008 – Panel to Scrutinise DNA Policy

The Human Genetics Commission is leading a project to assess people’s attitudes towards the DNA database.

It is putting together two panels of 30 people each with the support of £75,000 of government funds, according to a report in The Register. The panels will “direct their own research into the forensic use of DNA centred on the police national DNA database”.

They include members of the public and will be advised by experts including scientists, academic and law enforcement officials, will be able to call their own witnesses and hold group sessions of up to 200 people. They are due to report in the spring, although they will not necessarily provide a single opinion or conclusion.

The final results will be fed into the Human Genetics Commission’s own report to the government on forensic use of DNA.

More: Panel to Scrutinise DNA Policy

Source: http://www.kablenet.com/

15 January 2008 – Storm Splinters, Starts Phishing, Say Researchers

Part of the Storm botnet appears to have been rented out to identity thieves, who are using it to conduct traditional phishing attacks that target customers of a pair of U.K.-based banks, researchers said Wednesday.

Two recent phishing attacks — one aimed at customers of Barclays, the second at account holders of the Bank of Scotland — appear to be coming from domains associated with known campaigns designed to build out the botnet of Storm-infected PCs.

Fortinet was the first security company to confirm that the Barclays attack came from Storm-controlled machines. In a post Monday, Fortinet research engineer Derek Manky noted that the phishing e-mails originated from a Storm fast-flux domain that the botnet had used since the middle of 2007.

More: Storm Splinters, Starts Phishing, Say Researchers

Source: http://www.networkworld.com/

15 January 2008 – Colombian Man Pleads Guilty to Computer Fraud

A Colombian man pleaded guilty Wednesday to a 16-county indictment involving an identity theft scheme in which he installed keylogging software on hotel business center computers and Internet lounges in order to steal passwords, account data and other personal information, the U.S. Department of Justice announced.

The computer fraud scheme had more than 600 victims worldwide, including U.S. Department of Defense employees, the DOJ said. Mario Simbaqueba Bonilla, 40, used money obtained in the scheme to buy expensive electronic devices, including a home theater system, and to fund luxury travel to Hong Kong, France, Jamaica, the U.S. and other locations, according to a DOJ news release and the indictment in U.S. District Court for the Southern District of Florida.

Simbaqueba Bonilla, sometimes working with a co-conspirator, used a series of complex computer intrusions to steal money from payroll, bank and other accounts, the DOJ said. Much of the identity theft activity targeted U.S. residents, including employees of the Department of Defense.

More: Colombian Man Pleads Guilty to Computer Fraud

Source: http://www.networkworld.com/

15 January 2008 – Passport Card with Chatty RFID Chip Draws Privacy Ire

A proposed new RFID-enabled passport card intended for use by Americans frequently travelling to Canada, Mexico. Bermuda and the Caribbean poses serious security and privacy risks for users, the Centers for Democracy and Technology (CDT) warned this week.

Among the concerns are the potential for the card to be used for location tracking by government and private entities and the relative ease with which it can be manipulated for identity theft purposes, the CDT said.

The Washington-based think tank’s warning was prompted by a final ruling in the Federal Register from the U.S. Department of State on Dec. 31, 2007 calling for the use of so-called “vicinity read” radio frequency identification technology on proposed new passport cards. The department first announced plans to use RFID chips for new passport cards back in October 2006 and has been going through a process of collecting and responding to comments on its plans.

More: Passport Card with Chatty RFID Chip Draws Privacy Ire

Source: http://www.networkworld.com/

15 January 2008 – Sears Puts Customers’ Buying Histories on the Web

Sears Holdings has come under fire from privacy advocates for making the purchase history of its customers publicly available on its Managemyhome.com Web site.

Manage My Home is a community portal where Sears shoppers can download product manuals, find product tips and get home renovation ideas.

The Web site has a feature called “Find your products” that lets users look up past purchases. Ostensibly, this is designed to help customers keep track of items they’ve bought from the retailer, but the site also lets them look up the purchase histories of other people.

“Sears offers no security whatsoever to prevent a Manage My Home user from retrieving another person’s purchase history by entering that person’s name, phone number, and address,” wrote Ben Edelman, an assistant professor with Harvard Business School, in a blog posting.

More: Sears Puts Customers’ Buying Histories on the Web

Source: http://www.networkworld.com/

15 January 2008 – CEOs on Facebook Easy to Dupe, Says Researcher

Corporate executives should think twice about the information they disclose on social networking sites such as Facebook, a Hong Kong-based security company warned Friday after duping gullible CEOs and finance directors into revealing personal details that could be used for so-called spear-phishing attacks.

Network Box, which makes and sells threat prevention appliances, recently conducted an experiment to see how difficult it is to glean important information from business executives.

“We were asked to see if we could gain information about individuals without having a real-life link to them,” said Simon Heron, Network Box’s managing director, in an e-mail. “We used a fake Web mail account to create a fake Facebook account. With this, we approached individuals who we knew to be in quite senior positions and simply asked to be their friends, explaining that we knew them while at school.”

More: http://www.networkworld.com/news/2008/010408-ceos-on-facebook-easy-to.html

Source: http://www.networkworld.com/

4 January 2008 – Big Brother Awards 2007 – Austria and Switzerland

The Big Brother Awards ceremonies in Austria and Switzerland took place in the past weeks in Viena, on the 25 October 2007 and in St Gall, on the 9 November 2007, respectively.

The Swiss ceremony of the 8th edition of Big Brother Awards was organised by the associations “droitsfondamentaux.ch” and EDRI-member Swiss Internet UserGroup (SIUG).

The award for the State and for the entire work was received by the Federal Councillor Christoph Blocher. In the Business category the insurance company HELSANA of Zurich was the winner and CFF and OFT were awarded in the Work place category.

More: http://www.edri.org/edrigram/number5.22/bba-austria-switzerland

Source: http://www.edri.org/

4 January 2008 – UK Government Security Failure

In breaking news, the Chancellor of the Exchequer will announce at 1530 that HM Revenue and Customs has lost the data of 15 million child benefit recipients, and that the head of HMRC has resigned.

FIPR has been saying since last November’s publication of our report on Children’s Databases for the Information Commissioner that the proposed centralisation of public-sector data on the nation’s children was not only unsafe but illegal.

More: http://www.lightbluetouchpaper.org/2007/11/20/government-security-failure/

Source: http://www.lightbluetouchpaper.org/

4 January 2008 – Leopard Security Bug Puts Mail Users at Risk

Programmers have reintroduced a yawning security hole in Leopard, the latest version of Apple’s highly regarded operating system, after having patched it more than 20 months ago in an earlier version, a researcher has warned.

The bug in Apple Mail makes it possible for attackers to run malicious code on a victim’s machine by disguising an executable program as an image or other type of innocuous file, said (http://www.heise-security.co.uk/news/99257) Juergen Schmidt, editor-in-chief at Heise Security. A user can become infected simply by clicking on an attachment that looks like a jpeg image.

More: http://www.theregister.co.uk/2007/11/20/leopard_reintroduces_security_vuln/

Source: http://www.theregister.co.uk/

4 January 2008 – Thumb Twiddling Mozilla Promises Fix for Privacy-biting Bug

Mozilla’s head of security has promised a patch for a dangerous vulnerability that’s been lurking in the popular Firefox browser for more than eight months.

The new urgency in fixing the jar: protocol handler comes after bloggers in recent weeks demonstrated how the vulnerability could wreak real-world havoc, including allowing attackers to steal a victim’s Gmail contacts. Short for Java Archive, the jar: protocol is used to compress Java classes and other types of files into a single file. Problem is, the protocol will open any zip-formatted file without first validating the MIME type of the archived contents. Malicious content is then run in the context of a trusted site. “An attacker can use this to evade filtering on sites that allow users to upload content and use this [to] initiate a cross site scripting attack,” Window Snyder, Mozilla’s security chief, wrote in this post on the Mozilla Security blog. “This may allow the attacker to access information stored on the trusted site without the victim’s knowledge.”

More: http://www.theregister.co.uk/2007/11/19/upcoming_firefox_patch/

Source: http://www.theregister.co.uk/

4 January 2008 – Be Your Own Personal Privacy Czar

Like most journalists I know I’m very sloppy about keeping my online communications secure. I rarely encrypt e-mail messages, leaving them to be read by anyone in the electronic chain between me and the intended recipient. And I use public chat services like MSN Messenger and iChat, even though they send messages as plain text across the network.

Partly this is because the tools needed to make communications secure can be cumbersome and complicated, even for someone with a technical background. But partly it is because I have not often been involved in researching stories that are going to bring me to the attention of those with the capabilities needed to tap even insecure online communications. But you never know.

More: http://news.bbc.co.uk/1/hi/technology/7101637.stm

Source: http://news.bbc.co.uk/

3 January 2008 – net.wars: Watching you watching me

The often-quoted number of times the average Londoner is caught on camera per day is scary: 200. (And that was a few years ago; it’s probably gone up.) … What is the right, privacy-conscious response to make?

I was reminded of this a few days ago when I was handed a copy of Privacy in Camera Networks: A Technical Perspective, a paper published at the end of July. Given the amount of money being spent on CCTV systems, it’s absurd how little research there is covering their efficacy, their social impact, or the privacy issues they raise. In this paper, the quartet of authors — Marci Lenore Meingast (UC Berkeley), Sameer Pai (Cornell), Stephen Wicker (Cornell), and Shankar Sastry (UC Berkeley) — are primarily concerned with privacy. They ask a question every democratic government deploying these things should have asked in the first place: how can the camera networks be designed to preserve privacy?

Source: http://www.newswireless.net/index.cfm/article/3653

More: http://www.newswireless.net/

3 January 2008 – Intel Official: Expect Less Privacy

As Congress debates new rules for government eavesdropping, a top intelligence official says it is time that people in the United States changed their definition of privacy.

Privacy no longer can mean anonymity, says Donald Kerr, the principal deputy director of national intelligence. Instead, it should mean that government and businesses properly safeguard people’s private communications and financial information. Kerr’s comments come as Congress is taking a second look at the Foreign Intelligence Surveillance Act. Lawmakers hastily changed the 1978 law last summer to allow the government to eavesdrop inside the United States without court permission, so long as one end of the conversation was reasonably believed to be located outside the U.S.

More: Intel Official: Expect Less Privacy

Source: http://www.washingtonpost.com/

3 January 2008 – Privacy and Security: There’s Always a Tradeoff

Hugo Teufel III, chief privacy officer of the Homeland Security Department, said recently at a roundtable discussion on cyber security for the Congressional High Tech Caucus that there was no need to balance privacy and security. The two go hand in hand, he said.

What a disturbing thing for a chief privacy officer to say. Although it is true that security can help ensure privacy, the two are not the same thing. Security often entails gathering sensitive information about individuals, and these collections raise plenty of concerns about privacy, no matter how well-intentioned.

More: http://www.gcn.com/online/vol1_no1/45454-1.html

Source: http://www.gcn.com/

3 January 2008 – Steroid Bust Shows Feds Can Still Get at “Private” and “Secure” E-mail

Criminals have plenty of reasons for wanting to encrypt their e-mail, and services like Hushmail offers such encryption in a strong form; not even the company can view the messages sent through its systems. Under most circumstances.

But there are cases when it can read the messages, and when that happens, those messages can then be subpoenaed by law enforcement. An alleged California supplier of anabolic steroids found that out the hard way earlier this year when Drug Enforcement Agency officers collected his supposedly “secure” e-mail from Hushmail.

More: Steroid Bust Shows Feds Can Still Get at “Private” and “Secure” E-mail

Source: http://arstechnica.com/news.ars/

3 January 2008 – Government Attempts of Increased Level of Surveillance in Czech Republic

The Czech Interior Ministry introduced in October 2007 a new National Action Plan to Combat Terrorism that would increase the access of the police and intelligence authorities to personal data, under the pretext of the protection against terrorism.

The Czech Ministry of Interior has introduced a similar plan every year since 2002 – in 2005 it actually won the Czech Big Brother Award for it – which, until now, has been rejected by the Parliament. The Plan of Action is meant to be used to draft legislation allowing police and other agencies to have access to emails and to wiretap without following any court procedures.

More: http://www.edri.org/edrigram/number5.21/terrorism-act-czech

Source: http://www.edri.org/edrigram/number5.21

2 January 2008 – Whois Privacy Problems Not Solved by ICANN

ICANN meeting that took place last week (29 October – 2 November 2007) in Los Angeles was expected to decide on the WHOIS database privacy problems. But unfortunately the decision taken was just to make further studies on the matter, despite the already seven years of discussions on this topic.

The need for WHOIS reform has been a hot topic for some years in the civil society and some ICANN structures. An EPIC & NGO Letter to ICANN Board on Need for Whois Reform sent on 30 October 2007 asks “for changes to WHOIS services that would protect the privacy of individuals, specifically the removal of registrants’ contact information from the publicly accessible WHOIS database.”

More: http://www.edri.org/edrigram/number5.21/icann-whois

Source: http://www.edri.org/

2 January 2008 – EC Plans to Profile All Passengers In and Out EU

The European Commission(EC) put forward on 6 November 2007 a PNR plan that is almost similar to the EU-USA PNR (Passenger Name Records) agreement. The EU PNR plan is part of a new package of proposals “aimed at improving the EU’s capabilities in the fight against terrorism.”

According to this proposal, EU will have to collect 19 pieces of personal data on air passengers coming into and leaving the EU space, including phone number, e-mail address, travel agent, full itinerary, billing data and baggage information. The information will be collected in analysis units that will make a “risk assessment” of the traveller, which could lead to the questioning or even refusal of the entry. The data is to be kept for five years and then another eight years in a “dormant” database.

More: http://www.edri.org/edrigram/number5.21/eu-pnr

Source: http://www.edri.org/

2 January 2008 – EDRI Supports PI’s Comments on Google-Doubleclick Merger

European Digital Rights Initiative (EDRI) is supporting the letter Privacy International (PI) sent on 5 November 2007 asking the head of the European Commission DG Competition, Commissioner Kroes, to take the merger of Google-Doubleclick to the next phase. PI argues that the merger could have serious implications for privacy innovation in advertising.

The letter explains the problems that the merger could bring to the online advertising market: “Google’s purchase of Doubleclick is particularly worrying because it is a significant consolidation in this domain and we worry that this very competition to provide high-quality privacy practices will dissipate. Google’s dominant position in the search marketplace will be compounded by Doubleclick’s dominant position in online profiling, leading to a potentially abusive situation for the protection of privacy. If the merger is approved, then Google’s dominant service will transform radically from one with a search advertising function into one that collects both searches and browsing habits of users. “

More: http://www.edri.org/edrigram/number5.21/google-doubleclick-pi-edri

Source: http://www.edri.org/

2 January 2008 – Privacy Watchdog Questions ‘Opaque’ Federal No-fly List

Canada’s privacy commissioner says there was very little consultation with her office before the Conservative government introduced a no-fly list for air travellers last June.

And Jennifer Stoddart told the Air India inquiry Tuesday that she has so far seen little rationale for the list, part of the so-called Passenger Protect Program. Stoddart told inquiry Commissioner John Major she is concerned that people could be placed on the list in error and face dire consequences if their identities are then disclosed to the RCMP or passed on to police agencies in other countries.

More: Privacy Watchdog Questions ‘Opaque’ Federal No-fly List

Source: http://www.canada.com/edmontonjournal/

2 January 2008 – EU Could Collect Air Passenger Data

Part of a new anti-terrorism campaign, a commission proposal would allow member states to collect personal information and keep it for 13 years.

As part of a new EU counter-terrorism strategy, Brussels is to propose that member states collect 19 pieces of air passenger data, with the possibility to store it for up to thirteen years. On Tuesday (6 November), EU home affairs commissioner Franco Frattini will kick off a lengthy legislative process, which at the end should see an EU-wide air passengers name recording scheme (PNR) similar to the controversial US database on European air travellers.

More: EU Could Collect Air Passenger Data

Source: http://www.businessweek.com/

19 November 2007 – Online Police Searches Adopted Also in Austria

Austrian authorities have announced that the police will start from 2008 to use online searches as an investigation tool in order to keep up with the use of new technologies for terrorist and serious crimes. Austria is joining in this way Germany and Switzerland that are working in the same direction, despite serious privacy concerns.

In an interview to the radio station ?Ö1, Austrian Minister of Internal Affairs, G?ünther Platte, and the Minister of Justice, Maria Berger, announced this new measure that was proposed to be discussed in the Government meeting. The two politicians explained that the measure will be used only in connection with terrorist cases or other serious crimes, where a punishment of at least 10 years imprisonment is foreseen.

More: http://www.edri.org/edrigram/number5.20

Source: http://www.edri.org/edrigram/number5.20/austria-online-searches

19 November 2007 – Microchip Gives Staff the Lowdown on Pupils

Children are being tracked by micro-chips embedded in their uniforms in a trial at a secondary school.

The devices are used to monitor pupils’ movements and register their arrival in class on the teacher’s computer. Supply teachers can also be alerted if a student is likely to misbehave. The chip connects with teachers’ computers to show a photograph of the pupil, data about academic performance and whether he or she is in the correct classroom. It can also restrict access to areas of the school. The radio frequency identification system is being tested at Hungerhill School in Doncaster, South Yorkshire. Ten pupils began wearing a chip sewn into their uniforms eight months ago. The scheme has drawn criticism from human rights campaigners. “Tagging is what we do to criminals we let out of prison early,” said David Cleater, from Leave Them Kids Alone, which campaigns against the finger-printing of pupils. “It is appalling.”

More: http://www.timesonline.co.uk/tol/news/uk/education/article2698062.ece

Source: http://www.timesonline.co.uk/

19 November 2007 – Security Experts Report on Hazards of New Surveillance Architecture

This summer’s Protect America Act (PAA) temporarily authorized warrantless surveillance of communications that Americans have with individuals abroad. The use of this authority will require the deployment of new interception technologies. These new technologies raise several significant security risks.

The report identified the three most serious security risks. The experts pointed to the danger that the system could be exploited by unauthorized users. A Greek wiretapping system was exploited by an as yet unknown party to listen in on government conversations. FBI documents of the DCS 3000 telephone wiretap system revealed several problems in the system’s implementation. This risk turns a surveillance system on its head.

More: http://www.epic.org/alert/EPIC_Alert_14.21.html

Source: http://www.epic.org/

19 November 2007 – French Protest DNA Database Law

Last week, thousands of French citizens attended a concert organized by SOS Racisme to protest a new proposed law authorizing DNA tests for immigrants. The law authorizes the use of DNA testing to determine whether foreigners applying for visas are actually related to family members they seek to join in France. Critics of the proposal claim it infringes basic human rights.

The main argument against the amendment is that the notion of family in French law is not based on blood, but on recognition of a child as one’s own. DNA testing would set up a double standard – one for the French, another for immigrants. The testing could also prejudice the immigration status of stepchildren and adopted children. Another recent amendment to the proposal has limited the testing only to maternity, leaving aside the “potentially embarrassing” question of paternity. The new legislation also stirs up memories of the collaborationist Vichy government during the Nazi occupation of France.

More: http://www.epic.org/alert/EPIC_Alert_14.21.html

Source: http://www.epic.org/

19 November 2007 – Nevada Passes First Law Requiring Business to Encrypt Customer Personal Information During Transmission

Significance of the Law: Nevada has enacted the first data security law that mandates encryption for the transmission of customer personal information. (NRS 597.970) The law goes into effect on October 1, 2008. While there are several laws that direct organizations in certain industries to consider using encryption and laws that make encryption a factor in decisions regarding breach notifications, no law required the encryption of personal information prior to this Nevada law.

Summary of the Law: The law is brief and provides that “A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission.”

More: Nevada Passes First Law Requiring Business to Encrypt Customer Personal Information During Transmission

Source: http://www.privsecblog.com/

16 November 2007 – Security and Privacy Enhancements for Firefox Users Through CustomizeGoogle

CustomizeGoogle is a Firefox extension I haven been using for quite some time now. It offers some valuable settings that are aimed to Google users. Some of them include URL previews, Google search suggest words, customizing search result pages and much more.

The extension also contains a number of security enhancements that could make your online life much easier and more private. This is an overview of these security functions in CustomizeGoogle.

More: http://www.net-security.org/article.php?id=1081

Source: http://www.net-security.org/

16 November 2007 – Standardizing a wilderness of IDs

The federal government is producing a variety of identification documents for its own employees, critical infrastructure workers and international travelers. But some lawmakers are concerned about the cost of the overlapping programs and the threat to privacy posed by the technology they use.

During a hearing yesterday on Capitol Hill, Rep. Edolphus Towns (D-N.Y.), chairman of the House Government Reform and Oversight subcommittee on Government Management, Organization and Procurement, questioned the need for multiple formats and technologies for IDs. He noted that the Homeland Security Department alone has three different programs issuing cards to frequent border crossers. In addition to the Trusted Worker Identification Credential for workers in secure areas of sea and airports, there also is the Personal Identity Verification card mandated in Homeland Security Presidential Directive 12 for federal workers and new smart driver’s licenses mandated by the Real ID Act.

More: http://www.gcn.com/online/vol1_no1/45257-1.html

Source: http://www.gcn.com/

16 November 2007 – California Governor Vetoes Proposed Law Imposing Stronger Data Protection Requirements

California Governor Arnold Schwarzenegger vetoed AB 779 — legislation that would have amended California’s data security breach legislation to impose stronger data protection requirements than the Payment Card Industry Data Security Standard.

AB 779 would have prohibited businesses that sell goods or services to any resident of California and that accept as payment credit cards (and debit cards or other payment devices) from, among other things, storing, retaining, sending, or failing to limit access to payment-related data, and from storing sensitive authentication data subsequent to an authorization, unless a specified exception applied. Further, the bill would have made such businesses liable to the owner or licensee of the information for the reimbursement of costs of: (i) providing notice to consumers as required by existing data breach notification law; and (ii) card replacement as a result of the breach.

More: California Governor Vetoes Proposed Law Imposing Stronger Data Protection Requirements

Source: http://www.privsecblog.com/

16 November 2007 – Illegal Government Surveillance Opens Door to More Privacy Violations

The Electronic Frontier Foundation (EFF) told a congressional committee today that the government’s illegal dragnet electronic surveillance opens the door to even more privacy violations for ordinary Americans.

The sheer volume of personal information collected and the databases in which that information is stored create a giant target for attackers who want to steal or expose Americans’ personal data. In a response to questions asked of EFF by the House Committee on Energy and Commerce, EFF Legal Director Cindy Cohn explained in comments submitted Friday that an increase in the number of databases introduces more points of vulnerability into the system, putting sensitive personal information from millions of people at risk. “We have all heard about security problems with government databases. A report from the Department of Homeland Security found 477 breaches in 2006 alone,” said Cohn. “The warrantless domestic surveillance going on now isn’t just illegal — it could expose your personal information to thieves and criminals.”

More: http://www.eff.org/press/archives/2007/10/12

Source: http://www.eff.org/

16 November 2007 – Montreal Privacy Week: Terra Incognita or Deja Vu?

More than 600 persons from 50 countries gathered in Montreal to participate to the 29th International Conference of Data Protection and Privacy Commissioners, on 25-28 September 2007, making this year venue attended by a record number of interested parties.

The theme of the conference, ‘Privacy Horizons: Terra Incognita’, certainly played a role in this attraction. The audience has not been disappointed by presentations and panels indeed exploring currently challenging issues in the field of privacy and data protection, such as nanotechnology, ubiquitous computing, the body as data…, not to mention already well known, but continuously concerning issues like globalization, public safety and the interpenetration between law an technology.

More: http://www.edri.org/edrigram/number5.19/montreal-privacy-week

Source: http://www.edri.org/

15 November 2007 – UK: Decrypt Data or Go to Prison!

The controversial Part 3 of the Regulation of Investigatory Powers Act (RIPA) in UK is in force starting with 1 October 2007. This new regulation gives the power to police forces to ask for the disclosure of encryption keys, or force suspects to decrypt encrypted data.

RIPA was adopted in 2000, but Part 3 was not in force until last year when the UK government has started a public consultation on its enforcement. Despite the negative comments received from the security experts and the major concerns that the adoption of such a measure will push businesses outside UK, the authorities decided to uphold their initial position and to apply the law starting with 1 October 2007.

More: http://www.edri.org/edrigram/number5.19/ripa-part3-uk

Source: http://www.edri.org/

15 November 2007 – UK Fails to Properly Implement the EU Data Protection Directive

The European Commission (EC) is concerned about the way the UK has implemented the provisions for protecting personal data, according to information revealed by out-law.com following freedom of information requests.

An investigation has been initiated by the EC three years ago regarding the way the UK legislation has implemented 11 articles of the 34-article European data protection directive. This investigation has been kept secret by the UK authorities, that have concluded through the Ministry of Justice that UK “has implemented the Directive fully.”

More: http://www.edri.org/edrigram/number5.19/uk-data-protection

Source: http://www.edri.org/

15 November 2007 – The Days of the Austrian DPA are Numbered

The lack of adequate independence of the Austrian Data Protection Authority (Datenschutzkommission) is an issue the European Commission deals with since a complaint was filed by the data protection association Arge Daten back in October 2003.

In July 2005 the Commission started infringement procedures against Austria for a faulty implementation of Article 28 (1) second sentence of the data protection directive (95/46/EG) which requires that data protection authorities shall exercise their functions with complete independence. The Austrian Data Protection Commission is, in terms of organisation and staff, integrated in the Federal Chancellery.

More: http://www.edri.org/edrigram/number5.19/austrian-dpa

Source: http://www.edri.org/

15 November 2007 – French ISPs Agree to Spy on Internet Users to Stop Online Piracy

The Association of the French ISPs (AFA) agreed to propose concrete solutions to stop illegal downloading, following the discussion on 3 October 2007 with the Commission fighting Internet piracy led by Denis Olivennes. The solutions included the introduction of a system to detect the Internet users that illegally post copyrighted contents on the Internet.

On 5 September 2007, this French Commission received its formal mission from the French government to find ways of combating illegal downloads on the Internet and thus support the legal cinema and music offer. By taking the decision to create this mission, the French government wanted to show its determination to take initiatives against online piracy and support the cultural industry. “The idea that everything is possible must come to an end. We cannot let the idea that culture must be free of charge and that creation (…) has no price, therefore no value” stated Christine Albanel, Minister of Culture. On that occasion she also suggested to offer Internet users an alternative like that of the offer of limited music downloading made by Neuf Cegetel in partnership with Universal. Denis Olivennes, President-Director General of FNAC, the largest French retailer of cultural and consumer electronics products, was appointed president of this Commission (called Olivennes mission).

More: http://www.edri.org/edrigram/number5.19/french-isp-piracy

Source: http://www.edri.org/

15 November 2007 – SWIFT to Stop Processing EU Banking Data in the US

Payments processing body SWIFT will stop processing European banking transactions in the US in 2009. It is planning a restructuring of its network and the building of a new operations centre in Switzerland.

SWIFT has been heavily criticised for allowing US authorities access to records of banking transactions involving European citizens. It was revealed by The New York Times last year that US intelligence agencies were allowed to view Europeans’ transactions. SWIFT argued that it was obliged to comply with US orders because it carried out hosting and processing of information in the US. European data protection officials have condemned the release of the information. European, Swiss, and Belgian data protection authorities all ruled that SWIFT had broken data protection laws in supplying the information without informing bank customers of the US surveillance.

More: http://www.theregister.co.uk/2007/10/15/swift_processing_halt/

Source: http://www.theregister.co.uk/

13 November 2007 – Governor Kills California Data Protection Law

Schwarzenegger claims the proposed data breach security law would have driven up costs for small businesses.

California Gov. Arnold Schwarzenegger on Oct. 13 vetoed — and effectively killed — one of the nation’s most stringent proposed e-tail data breach security laws, saying that the bill would have “driven up the costs of compliance, particularly for small businesses.” The proposed California law — AB 779 — would have required retailers to protect data in a manner more demanding than the current PCI DSS (Payment Card Industry Data Security Standard) requires.

More: http://www.eweek.com/article2/0,1895,2197107,00.asp

Source: http://www.eweek.com/

13 November 2007 – California Bans Forced RFID Implants For Humans

A California state senator criticized the RFID industry for being AWOL on the issue and says it should have supported the legislation.

California has enacted a law banning mandatory RFID implants for people. The bill, signed by Gov. Arnold Schwarzenegger, prohibits employers and others from requiring people to get radio frequency identification tags. It takes effect in January. Wisconsin and North Dakota also have banned forced RFID implantation in humans. “RFID technology is not in and of itself the issue,” said California Sen. Joe Simitian, who introduced the bill. “RFID is a minor miracle, with all sorts of good uses. But we cannot and should not condone forced ‘tagging’ of humans. It’s the ultimate invasion of privacy.” In a statement, Simitian criticized the RFID industry, saying it should have supported the bill on the basis of “enlightened self-interest” and that its silence on the issue is “unforgettable and regrettable.”

More: http://www.informationweek.com/industries/showArticle.jhtml?articleID=202402856

Source: http://www.informationweek.com/

13 November 2007 – Security Flap as Finnish Password Hashes Posted Online

Hacking pranksters have caused a rumpus in Finland by posting the account and login details of thousands online.

The information – usernames, email addresses, some passwords and many more uncracked password hashes of almost 79,000 user accounts – are largely from different Finnish web forums. By itself that’s bad enough, but the possibility that many on the list use the same password for more sensitive online banking accounts and the like creates an even more significant security risk. Matching the hashes corresponding to weaker passwords on list to their plain text values is straightforward enough using password dictionary tools and the like. So the 4.5MB list could serve up rich pickings for potential fraudsters. The motives for and methods used in the attack, much less its perps, remains unclear.

More: http://www.theregister.co.uk/2007/10/15/finnish_password_hash/

Source: http://www.theregister.co.uk/

13 November 2007 – Privacy Concerns Dog IT Efforts to Implement RFID

Privacy concerns related to the use of radio frequency identification technology are reaching new heights, as legislators increasingly look to restrict RFID deployments and corporate employees criticize efforts to use it in identification badges.

At the same time, champions of the technology contend that not enough is being done to promote the value of RFID. For example, they say, it can be used to track tainted foods or counterfeit drugs or to reduce inventory-tracking costs.

More: Privacy Concerns Dog IT Efforts to Implement RFID

Source: http://www.computerworld.com/

13 November 2007 – Virtual Security and Digital Panic

Many within Central and Eastern Europe are unaware that Big Brother has not only put on a three-piece suit, but has also gone digital.

At the end of September, thirty eight experts in computer security and data privacy issues from around the world converged on Budapest for the third annual ITBN. The ITBN, also known as the Information Technology Security Day, is an all-day conference devoted specifically to network security and data privacy issues. Although it’s still a relatively new event, the ITBN has become one of the most visible and well-known information technology events in Central and Eastern Europe. The original purpose of the ITBN is to draw the attention of the general public to security issues – even for those who are not immediately aware of them. It’s a forum geared for both business users and end users alike with experts exchanging their ideas on the latest technologies and methods to safeguard computer networks and data.

More: http://www.heise.de/tp/r4/artikel/26/26393/1.html

Source: http://www.heise.de/

12 November 2007 – Privacy, Security Depend on Program Managers, Experts Say

Program managers need to apply privacy and security best practices early when they plan systems if they want to manage risk effectively, said Robert Wright, principal at Merrill and former chief of the plans and program management unit in the FBI’s Cyber Division. Program management is about managing risk, he said.

To know what to implement, program managers should use as their reference guide laws such as the Privacy Act and requirements of the Office and Management and Budget that govern privacy and security, said Sally Wallace, associate deputy assistant secretary for privacy and records management at the Veterans Affairs Department.

More: http://www.fcw.com/online/news/150491-1.html

Source: http://www.fcw.com/

12 November 2007 – European Consumers Split on Data Privacy Issues

A gap has emerged between the views of consumers in the UK and continental Europe on data privacy and dependable IT, a new report suggests.

The research, published by Unisys, found that while 81 per cent of UK customers believe an organisation’s ability to secure their data is a key trust-building attribute, just 42 per cent of French, 40 per cent of Belgians and a third of German consumers have the same view. “This research illustrates that there is still a distinct lack of awareness among consumers in many European countries about the value of having their personal data protected,” said Rene Head, head of enterprise security in continental Europe at Unisys, in a statement. According to the report, three-quarters of British consumers believe dependable IT is fundamental in building their trust, compared with an average of 42 per cent of users in continental Europe.

More: European Consumers Split on Data Privacy Issues

Source: http://www.scmagazine.com/

12 November 2007 – Google’s Paltry Privacy Proposal

Google (GOOG) wants new, international standards for the way consumer information is collected and used. The Web search provider issued the call on its Web site on Sept. 14, arguing that the existing confusion of international privacy law hampers the growth of Internet companies and doesn’t really protect consumers.

Google hasn’t said much about its ultimate strategy, but what little is known merits closer examination. On one hand, Google’s call can be seen as shrewd, forward-thinking business planning. Google has no legal obligation (in the U.S. anyway) to do much of anything to protect user privacy. Yet it has been making efforts. The company voluntarily agreed to purge identifiable information from its databases after 18 months, for example.

More: http://www.businessweek.com/technology/content/oct2007/tc20071011_180811.htm

Source: http://www.businessweek.com/

12 November 2007 – New paper: Shamed and Able – How Firms Respond to Information Disclosure

As national governments lose the ability to regulate business activities, interest groups and concerned citizens are turning to private governance to monitor global supply chains, ensure product safety, and provide incentives for improved corporate environmental performance. Proponents hope that private governance incentives will encourage firms to act responsibly, but critics worry that these developments will merely forestall necessary government regulation. Social ratings provide one way to benchmark and compare firms’ social performance. But are such ratings schemes effective? This paper investigates the effects of third-party environmental ratings, and finds that firms are particularly likely to respond to such ratings by improving their environmental performance when two circumstances arise simultaneously: (1) when the ratings threaten their legitimacy, and (2) when they face relatively low cost improvement opportunities. Key concepts include: Ratings provided by nongovernment organizations will be more influential on firm behavior if they do 2 things: highlight poor social issue management and performance while at the same time help firms identify low-cost improvement opportunities. The role of third-party monitoring will be increasingly important as private governance replaces government regulations around the world.

More: http://hbswk.hbs.edu/item/5793.html

Source: http://hbswk.hbs.edu/

12 November 2007 – The German Supreme Court Is Skeptical About Covert Online Searches

After the _hearing_ pertaining to the Constitutional Protection Act from the state of North Rhine/Westphalia (NRW), experts do not believe that the controversial regulation, which would allow IT systems to be searched online, stands much of a chance.

In a number of critical questions, the Court’s First Chamber indicated to the government of NRW that its Act was not clearly formulated, thus violating the requirement that regulations be clear. The Court’s president Hans-Jürgen Papier also announced that a ruling would be handed down on the general constitutionality of covert online searches “far beyond” the current NRW case. He said that “basic issues of liberty and security” have to be weighed off against each other in light of the changing nature of recent terrorist threats.

More: http://www.heise.de/english/newsticker/news/97237

Source: http://www.heise.de/english/

8 November 2007 – Protecting Your Kids on the Internet

With the explosion of text messaging, instant messaging, social networking sites and other technologies, many parents have resigned themselves to their kids’ high-tech habits. But all hope isn’t lost for those who want to protect their kids from online threats.

Join Kojo for a Tech Tuesday look at how and when to monitor your kids on the web.

More: http://wamu.org/programs/kn/07/10/09.php#17945

Source: http://wamu.org/programs/

8 November 2007 – Biometrics wing their way into Gatwick

Gatwick airport is the latest UK airport to trial biometric fingerprinting technology to boost immigration security.

The BioDev pilot has been running in the airport’s North Terminal since 18 September and is due to end in April next year. At present only arrivals from Sierra Leone who have been issued with biometric visas in the capital Freetown will be included in the trial.

More: http://www.silicon.com/publicsector/0,3800010403,39168746,00.htm

Source: http://www.silicon.com/

8 November 2007 – Ontario’s privacy commissioner to geeks: design for privacy

Here’s a one-hour video of a magnificent lecture from Ontario’s Information and Privacy Commissioner, Dr Ann Cavoukian, to the University of Waterloo’s Computer Science Club. The talk is called “Privacy by Design,” and it charges technologists to build tools that minimize the collection and retention of personally identifying information, and to consider a complete, end-to-end, comprehensive framework for protecting user privacy.

As Mitch Kapor said when he founded EFF, “architecture is politics” — when you design tools that have wiretappable elements, you invite wiretapping. When you design tools that retain user data, you invite identity thieves and overreaching subpoenas.

More: http://www.boingboing.net/2007/10/07/canadas-privacy-comm.html

Source: http://www.boingboing.net/

8 November 2007 – Department of Homeland Security Tracks Travelers’ Reading Habits

The Department of Homeland Security’s files on travelers include data on their race, religion, personal items they carry (including their books), and with whom they stay or travel, according to documents disclosed to the Identity Project pursuant to a Freedom of Information Act request.

These detailed files are created under the Automated Targeting System, which creates secret, terrorist “risk assessments” on tens of millions of U.S. citizens and foreign visitors and keeps the data for 15 years. Last month, in comments to DHS, EPIC detailed significant security and privacy problems in ATS, and urged the agency to either suspend the system or to fully apply all Privacy Act safeguards to any individual subject to ATS.

More: http://www.epic.org/alert/EPIC_Alert_14.20.html

Source: http://www.epic.org/

8 November 2007 – DHS Satellite Surveillance Program May Be Put On Hold

Democratic members of the Homeland Security Committee asked the House Appropriations Subcommittee on Homeland Security to withhold funding for domestic satellite surveillance programs.

The National Applications Office, a new DHS component, plans to share intelligence satellite imagery inside the United States with non-intelligence state, local and federal agencies. Democrats urged that funding be withheld until written legal procedures for protecting privacy and civil liberties were prepared.

More: http://www.epic.org/alert/EPIC_Alert_14.20.html

Source: http://www.epic.org/

7 November 2007 – EPIC Spotlight: Secure Flight Should Remain Grounded

EPIC’s Spotlight on Surveillance project is scrutinizing the Secure Flight traveler prescreening program run by the Department of Homeland Security’s Transportation Security Administration. Spotlight details the problems in the system; these issues are also discussed in recent comments EPIC submitted to DHS about Secure Flight’s proposed rulemaking.

The Department of Homeland Security’s Fiscal Year 2008 budget request is an 8 percent increase over last year’s request. Included in the $46.4 billion proposed budget for the agency is $38 million designated for Secure Flight, on top of the $144 million that has been spent on the program. Introduced in 2004, the Secure Flight has been roundly criticized.

More: http://www.epic.org/alert/EPIC_Alert_14.20.html

Source: http://www.epic.org/

7 November 2007 – Release of Privacy and Human Rights Report

The Electronic Privacy Information Center (EPIC) and Privacy International released the 9th “Privacy and Human Rights” report last week at the International Conference of Data Protection and Privacy Commissioners in Montreal. “Privacy and Human Rights: an international survey of privacy laws and developments” provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. It singles out a number of global trends, such as expansion of identification technologies, new data retention schemes, and intensified international data transfers, among others.

According to EPIC’s Executive Director, Marc Rotenberg, “the report makes clear that what is needed today is the enforcement of privacy rights as fundamental human rights and not ever-weaker policy frameworks that allow governments and businesses to do whatever they wish with the personal information of individuals.”

More: http://www.epic.org/alert/EPIC_Alert_14.20.html

Source: http://www.epic.org/

7 November 2007 – EPIC to Senate: Impose Privacy Standards in Proposed Google Deal

In testimony before the Senate Judiciary Committee on September 27 about the pending Google-DoubleClick merger, EPIC Executive Director Marc Rotenberg said that the Federal Trade Commission should establish privacy safeguards as a condition of the merger. EPIC filed a complaint before the Commission in April regarding the merger, similar to other complaints filed by EPIC in the DoubleClick-Abacus merger, the Microsoft Passport matter, and Choicepoint. Since the filing of the EPIC complaint, competition authorities around the world have opened investigations.

At the hearing, entitled, “An Examination of the Google-DoubleClick Merger and the Online Advertising Industry: What Are the Risks for Competition and Privacy?,” Senator Herb Kohl agreed that privacy is an integral part of the antitrust review. “Some commentators believe that antitrust policymakers should not be concerned with these fundamental issues of privacy, and merely be content to limit their review to traditional questions of effects on advertising rates. We disagree,” Sen. Kohl said. “The antitrust laws were written more than a century ago out of a concern with the effects of undue concentrations of economic power for our society as a whole, and not just merely their effects on consumers’ pocketbooks. No one concerned with antitrust policy should stand idly by if industry consolidation jeopardizes the vital privacy interests of our citizens so essential to our democracy.”

More: http://www.epic.org/alert/EPIC_Alert_14.20.html

Source: http://www.epic.org/

7 November 2007 – Technology’s Challenge to Privacy

Every autumn the privacy world gather for the most important global privacy conference on the calendar. The International Data Protection and Privacy Commissioner’s conference brings together hundreds of privacy commissioners, government regulators, business leaders, and privacy advocates who spend three days grappling with emerging issues.

The theme of this year’s conference, held in Montreal, Canada, was “Terra Incognita,” a reference to the unknown lands that typify the fear of the unknown in a world of rapidly changing technologies that challenge the core principles of privacy protection.

More: http://news.bbc.co.uk/1/hi/technology/7026641.stm

Source: http://news.bbc.co.uk/

7 November 2007 – Facebook Privacy Settings Putting Users At Risk

A security company is urging Facebook to tighten its default privacy settings after a study showed that a large majority of users are offering up far too much personal information to keep them safe from cybercriminals.

Sophos researchers reported their recommendations Tuesday after they took a random snapshot of 200 users in the London Facebook network, which is the single largest geographic network on the site, with more than 1.2 million members. They said they found that 75% of the social network’s users allow their profiles to be viewed by any other member, regardless of whether or not they have agreed to be “friends” It’s not just a concern for individual users, either. Sophos researchers noted that 25% of Facebook users revealed information relating to their work on their profiles, offering up details that could be used by cybercriminals to commit corporate ID fraud or infiltrate company networks.

More: http://www.informationweek.com/industries/showArticle.jhtml?articleID=202200395

Source: http://www.informationweek.com/

6 November 2007 – Goldsmith Testimony on the Secret Warrantless Surveillance Program

The Associated Press, the Washington Post and Wired’s Threat Level are reporting on testimony by Jack Goldsmith, former head of the Justice Department’s Office of Legal Counsel. Goldsmith testified that there were certain aspects of the warrantless surveillance program “that I could not find the legal support for,” describing the basis as “a legal mess … it was the biggest mess I encountered there.”

Jack Goldsmith is testifying at a hearing of the Senate Judiciary Committee, headed by Senator Patrick Leahy. Leahy has been trying to investigate the warrantless surveillance program for months, but isn’t getting anywhere working with the administration directly.

More: Goldsmith Testimony on the Secret Warrantless Surveillance Program

Source: http://www.eff.org/

6 November 2007 – Commentary: Reviving Privacy

Is there a revival of interest among Americans in protecting personal privacy? I believe that there is, and you can see the signs everywhere.

This comes at a time when the President has nominated for attorney general a judge who seems to think that civil liberties protections can be ignored in difficult times, when we are rushing towards a de facto national ID card required of all Americans, and when the Bush administration continues to assert unprecedented claims to conduct secret collections of personal information and to monitor electronic communications with total disregard for existing laws.

More: Commentary: Reviving Privacy

Source: http://www.forbes.com/

6 November 2007 – Local Court in Berlin Prohibits Retention of Personal Data

In a ruling, dated March 27, 2007, which has only now been published and is likely to have legal ramifications, the local court of the Berlin district of Mitte has barred the Federal Ministry of Justice from retaining personal data acquired via its website beyond the periods associated with the specific instances of use of the site.

Thus IP addresses in particular may no longer be filed away. Given these Web markers “it is even today possible in most cases, without any elaborate effort being required, to identify Internet users by merging personal data with the help of third parties,” the judges declared. The local court also opposed the view espoused by operators and some data privacy watchdogs that security reasons justify a recording regime that over short periods of time maps the behavior of all Net users and allows individual users to be picked out.

More: http://www.heise.de/english/newsticker/news/96861

Source: http://www.heise.de/english/

6 November 2007 – Canada to Criminalize Identity Theft

The Canadian government plans to criminalize identity theft to give police the ability to stop such activity before any fraud has actually been carried out, Justice Minister Rob Nicholson said on Tuesday.

He said he would introduce legislation targeting the actual gathering and trafficking in credit card, banking and other personal data for the purposes of using it deceptively. Identity fraud is already a crime in Canada, but gathering and trafficking in identity information generally is not. “Our government will be giving police the tools to better protect Canadians by stopping identity theft activity before the damage is done,” Nicholson said in a statement.

More: http://www.reuters.com/article/companyNewsAndPR/idUSN0243272620071002

Source: http://www.reuters.com/

6 November 2007 – Commentary: Plan a ‘privacy week’

Employee education must be part of every agency’s privacy and information security program. So, how do you craft a privacy program that effectively educates your agency’s work force from the chief executive to interns?

Annual computer security and privacy awareness training for all employees is a good start, but it is just the beginning. Planning an agencywide “privacy week” or similar event is an excellent way to put privacy center stage and demonstrate your agency’s commitment to building a culture of privacy and security. The theme for the Federal Trade Commission’s privacy week held this past March was “Info — Handle With Care.” Your privacy week can include events such as educational seminars on compliance issues, training sessions on technology resources that protect sensitive information, or an all-day privacy fair. Thought-provoking or “catchy” posters in high-traffic areas, brochures and contests and prizes help to generate enthusiasm for the week’s activities and to communicate the message. Finally, to reinforce your agency’s commitment — in terms of resource investment and leadership buy-in — have your agency head host an event or deliver a speech explaining why privacy and security are important.

More: http://federaltimes.com/index.php?S=3077070

Source: http://federaltimes.com/

2 November 2007 – Google Looking at Privacy Protections for Users

Google Inc. the world’s Web search leader, told U.S. Senate lawmakers yesterday that the company is pursuing new technologies to protect the privacy of Internet users as it seeks to acquire advertising company DoubleClick Inc. (see “Congress to scrutinize Google-DoubleClick acquisition”).

Google’s chief legal officer, David Drummond, testified that the company is looking at the Internet display advertising business with a “fresh eye and evaluating whether changes can be made to innovate on user privacy in this space.” Critics say Google’s $3.1 billion acquisition of DoubleClick, an advertising tools supplier, may give the company too much power over online advertising. Google stores mounds of data on Internet-surfing habits of users and uses the information to make money by selling advertisements.

More: Google Looking at Privacy Protections for Users

Source: http://www.computerworld.com/

2 November 2007 – IBM Software Aids in Vast Surveillance of Chicago Streets

The City of Chicago is developing a futuristic video surveillance system designed to scan city streets looking for everything from bombs to traffic jams.

For the past few years Chicago has been rolling out thousands of video surveillance cameras linked by fiber-optic cables. This Operation Virtual Shield system is intended to give the city’s emergency response coordination agency the ability to remotely keep track of emergencies in real time. Now, with the help of IBM Corp., Chicago’s Office of Emergency Management and Communications (OEMC) is looking to expand the system’s capabilities so that IBM’s software can analyze the thousands of hours of video being recorded by Operation Virtual Shield.

More: IBM Software Aids in Vast Surveillance of Chicago Streets

Source: http://www.computerworld.com/

2 November 2007 – Learning to Live with Big Brother

It used to be easy to tell whether you were in a free country or a dictatorship. In an old-time police state, the goons are everywhere, both in person and through a web of informers that penetrates every workplace, community and family. They glean whatever they can about your political views, if you are careless enough to express them in public, and your personal foibles.

What they fail to pick up in the café or canteen, they learn by reading your letters or tapping your phone. The knowledge thus amassed is then stored on millions of yellowing pieces of paper, typed or handwritten; from an old-time dictator’s viewpoint, exclusive access to these files is at least as powerful an instrument of fear as any torture chamber. Only when a regime falls will the files either be destroyed, or thrown open so people can see which of their friends was an informer.

More: http://economist.com/world/international/displaystory.cfm?story_id=9867324

Source: http://www.economist.com/

2 November 2007 – Google-DoubleClick Debate Raises Broader Issues

The debate over the pending merger between Google and Internet advertising giant DoubleClick raises a host of broader questions about the online advertising industry at large and the structures that are in place to protect Internet users’ privacy.

In a statement to the Senate panel that is holding a hearing about the merger today, CDT identifies how the evolution of the Internet advertising marketplace has outpaced the industry self-regulatory effort intended to mitigate privacy intrusions. The statement highlights how new approaches, and a new national consumer privacy law, are needed to ensure that consumers are adequately protected.

More: http://www.cdt.org/headlines/1047

Source: http://www.cdt.org/

2 November 2007 – “Secure Flight” Returns, Lacking Privacy Protections

I’m currently tapping into my laptop a few feet away from Michael Chertoff, Secretary of the US Department of Homeland Security. He is giving the keynote at Terra Incognita: the annual conference of Data Protection and Privacy Commissioners, here in Montreal.

His audience has him on the defensive. In the room are the European data protection registrars, the government officials who protested strongly against his department’s recent agreement with the EU, which hands over their citizens’ passenger name records (PNRs) to the United States government with little oversight. To protect himself from their threatening demeanours, Chertoff has some fine phrases. He spoke on how the DHS “defends all of [the United States'] values, including privacy,” and how he personally seeks to ensure his department “rigorously adheres to the laws pertaining to privacy.” And he noted that his department has released large number of privacy-related notes for public examination.

More: “Secure Flight” Returns, Lacking Privacy Protections

Source: http://www.eff.org/

29 October 2007 – Human Rights in the Information Society – Rediscover the Proportionality

On 13-14 September 2007 the French Commission for UNESCO, UNESCO and the Council of Europe organised the conference “Ethics and Human Rights in the Information Society” in Strasbourg, to which EDRi was invited to contribute.

This conference was the third in a cycle of regional conferences on the ethical dimensions of the information society, which aims to contribute to the WSIS process and the Internet Governance Forum (IGF). The first two regional conferences took place in Latin-America and Africa. While the Latin-American conference contributed to the exchange of views in the region, the African conference was suffering from a lack of participation of local stakeholders. There, mainly African expatriots from the USA and Europe and representatives of South Africa were present. At the conference in Strasbourg some estimated fifty participants were present. With equality of access, freedom of expression, identity and social networks and security and governance, the presentations and discussions covered the topics of the four round table sessions on a rather global level, while the draft code of ethics presented by the organisers was hardly discussed.

More: http://www.edri.org/edrigram/number5.18

Source: http://www.edri.org/

29 October 2007 – Surveillance Law Must Protect Privacy and Security

Congress can enact legislation that meets the needs of intelligence agencies for defending national security, while still protecting the fundamental privacy rights of innocent Americans, CDT Policy Director Jim Dempsey told the Senate Judiciary Committee today.

In his second congressional testimony in as many weeks, Dempsey identified a balanced approach that Congress could use to replace the overreaching Protect America Act, which was adopted last month and expires next year. Dempsey testified last week before the House Intelligence Committee on the same issue. CDT also last week issued memo addressing the poorly understood concept of “minimization” in the surveillance context.

More: http://www.cdt.org/headlines/1045

Source: http://www.cdt.org/

29 October 2007 – Google Sees Urgent Need for Global Privacy Rules

National regulators need to agree on a basic set of global privacy protections for the Internet within the next five years, a senior executive with Google said Monday.

Peter Fleischer, the company’s global privacy counsel, said three quarters of countries had no Internet privacy standards at a time when the amount of sensitive personal and financial data on the Web was soaring. Google–itself criticized for the threat it poses to personal privacy–says the company’s business agenda, the world economy and the Internet could suffer unless more is done to ensure basic privacy on the Web.

More: Google Sees Urgent Need for Global Privacy Rules

Source: http://www.news.com/

29 October 2007 – Update: New York Subpoenas Facebook Over User Safety

New York Attorney General Andrew Cuomo has subpoenaed Facebook because of what he says is the social networking site’s lack of controls to protect the safety of its users.

According to Cuomo, Facebook has done nothing to keep its young users safe from sexual predators, despite the representations it makes about the safety measures it has in place on the site. In a letter sent to Facebook that accompanied a subpoena for documents, Cuomo said his office conducted a preliminary review of the site that “revealed significant defects in the site’s safety controls and the company’s response to complaints — deficiencies that stand in contrast to the reassuring statements made on the Web site and by company officials.” Facebook in an e-mailed statement, said takes the issues raised by Cuomo “very seriously.” “As our service continues to grow so does our responsibility to our users to empower them with the tools necessary to communicate efficiently and safely,” said Facebook spokeswoman Brandee Barker in a e-mail.

More: Update: New York Subpoenas Facebook Over User Safety

Source: http://www.computerworld.com/

29 October 2007 – Google Says Street View Will Comply with Privacy Laws

Google Inc.’s Street View application, which has raise privacy concerns because of the street-level views of locations it provides, will respect the local laws of the countries wherever it is available, the company’s privacy counsel said today in a company blog.

Global Privacy Counsel Peter Fleischer appears to be responding to concerns raised by Canada’s privacy commissioner about the implications of Street View. In a recent letter to Google, Canadian Privacy Commissioner Jennifer Stoddart said Street View may violate that country’s privacy law, which prohibits the commercial use of personal data without permission from the individual. Stoddart was likely making preemptive strike since the application isn’t offered in Canada yet. Currently, Street View provides users with a close look at U.S. city streets that could include identifiable images of people. Google launched Street View in May with its Canadian partner, Immersive Media Corp.

More: Google Says Street View Will Comply with Privacy Laws

Source: http://www.computerworld.com/

26 October 2007 – Data Protection Framework Decision: EDPS Concerned about Dilution of Data Protection Standards

The European Data Protection Supervisor (EDPS) has today welcomed the continued efforts by the Portuguese Presidency to find agreement on the Data Protection Framework Decision (DPFD) in police and judicial cooperation in criminal matters. However, he expresses concern about the agreement by the Council of the European Union on Tuesday to limit the scope of the DPFD so that the text will only apply to the cross-border exchange of personal data. The EDPS emphasises that a drive for agreement should not dilute the level of protection for personal data provided in police and judicial cooperation in criminal matters.

Peter Hustinx, EDPS, says: “When the DPFD was first proposed, it was supposed to cover all aspects of policing and the judiciary. The recent agreement by the Council severely limits the scope of the text, and therefore also limits the level of protection the European citizen can expect from the resulting agreement. As I have stated in previous Opinions, the DPFD cannot lessen the level of protection offered, otherwise this will make it more difficult for police services to meet their international obligations.”

More: http://www.edps.europa.eu/EDPSWEB/edps/site/mySite/lang/en/pid/25

Source: http://www.edps.europa.eu/

26 October 2007 – MySpace and Facebook Plan to Use Personal Data for “Targeted Advertising”

Personal data is a hot commodity. All sorts of businesses trade in data concerning what we buy, how much credit we have, where we live, what our interests are. This information is sold to advertisers, who then eagerly use it to more precisely target people whom they hope will be interested in their products, leading to all of those annoying catalogs that litter your doorstep, for example, or the junk emails that choke your inbox every day.

Luckily for the advertising industry, modern web users have begun voluntarily providing all of their personal details on social networking sites like Facebook and MySpace. Users of these sites happily upload all sorts of personal information about what books and music they like, where they shop, who their friends are, and where they live. While users of these sites may imagine that they control the information on their profile pages, advertisers are salivating at the thought of all that personal data just waiting to be processed, analyzed, and turned into profit.

More: MySpace and Facebook Plan to Use Personal Data for “Targeted Advertising”

Source: http://www.eff.org/

26 October 2007 – Legal Suicide for Web 2.0 Start-ups: A Beginner’s Guide

I got an email from Fred von Lohmann of the Electronic Frontier Foundation yesterday. It began, “Half the companies you blog about have copyright or privacy legal issues simmering just under the surface. Since most of them are thinly capitalized, when they get into trouble, they’re likely to call EFF for legal advice. Several already have.”

I called von Lohmann right away, since I’ve had a nagging feeling for months that too many of the interesting products I’ve been seeing were legally shaky. So I talked with him to come up with this list: 9 Fun Ways Web 2.0 Startups Can Commit Legal Suicide.

More: http://www.webware.com/8301-1_109-9782365-2.html

Source: http://www.webware.com/

26 October 2007 – DoJ Testimony Alludes to Massive Scope of Wiretapping

In a recent House Judiciary hearing, Department of Justice Assistant Attorney General Ken Wainstein testified in support of the Administration’s request to give the telecom companies retroactive immunity for their participation in warrantless wiretapping.

Wainstein breathlessly warned that the telecoms might otherwise face “crushing liability.” But the statutory penalties for warrantless wiretapping are relatively small per person — even if AT&T was ordered to pay the maximum penalty, a few hundred illegal wiretaps would amount to less than a rounding error in the phone companies’ quarterly statements (AT&T reported revenues of $29.4 billion for the quarter ending June 30). If the NSA was truly limiting its spying to suspected terrorists, the potential liability would be like an annoying gnat on an elephant. So why are the companies so worried? Perhaps the telecoms are actually concerned because they helped the feds intercept the communications of millions of ordinary Americans.

More: DoJ Testimony Alludes to Massive Scope of Wiretapping

Source: http://www.eff.org/

26 October 2007 – Is Anything Private Anymore?

Kevin Bankston was a closet smoker who hid his habit by sneaking cigarettes outside his San Francisco office. He expected anonymity on a big city street. But in 2005, an online mapping service that provided ground-level photographs captured him smoking — and made the image available to anyone on the Internet. This year, Google’s Street View project caught him again.

Coincidence? Absolutely. Yet Bankston’s twice-documented smoking highlights a wider phenomenon: Privacy is a withering commodity for all of us. What you buy, where you go, whom you call, the Web sites you visit, the e-mails you send — all of that information can be monitored and logged. “When you’re out in public, it’s becoming a near certainty that your image will be captured,” says (the newly nonsmoking) Bankston. Should you care? I’ve interviewed numerous people on all sides of the privacy debate to find out just how wary we should be.

More: http://www.parade.com/articles/editions/2007/edition_09-16-2007/APrivacy

Source: http://www.parade.com/index.jsp

25 October 2007 – Illinois Gets New Public School Biometric Privacy Protection Law

Parents of Illinois public school children are given a new tool to protect the privacy of their children. The new law requires that parents be given effective notice when “unique behavioral or physiological characteristics, including fingerprint, hand geometry, voice, or facial recognition or iris or retinal scans.” Parents must provide an opt-in for their children to participate in any biometric identification program prior to the collection of fingerprint, iris, or other biometric database creation process. Parents can at any time request that their child’s information be removed from a biometric system of records, and the school cannot retain the information after a child is no longer enrolled.

More: http://www.epic.org/alert/EPIC_Alert_14.19.html

Source: http://www.epic.org/

25 October 2007 – DHS Privacy Advisory Panel Holds Hearing on Fusion Center

The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security held a series of panel discussions on “information fusion centers.” The principal role of the fusion center is to compile, analyze, and disseminate criminal/terrorist information and intelligence and other information (including, but not limited to, public safety, law enforcement, public health, social services, and public works) to support efforts to anticipate, identify, prevent, and/or monitor criminal/terrorist activity. Participants in the fusion center development can include local, state, and federal law enforcement; national security agencies; the Department of Defense; and private sector companies.

The committee heard from Department of Homeland Security officials, a representative from the State of Maryland’s fusion center, a privacy and civil liberties officer from the Director of National Intelligence, and a panel of privacy and civil liberties advocates. EPIC provided testimony to the committee on the need to make the process transparent and accountable.

More: http://www.epic.org/alert/EPIC_Alert_14.19.html

Source: http://www.epic.org/

25 October 2007 – International Privacy Commissioners Conference Next Week

The 29th International Conference of Data Protection and Privacy Commissioners, hosted by the Office of the Privacy Commissioner of Canada, will be held on September 25-28, 2007, in Montreal, Canada. The annual event draws Commissioners from around the world, as well as a host of experts from academia, civil society and the private sector. The theme of this year’s conference is “Privacy Horizons: Terra Incognita.”

Office of the Privacy Commissioner’s media release explains that the theme highlights the emphasis that conference organizers are placing on the challenging issues that data protection and privacy commissioners will need to address in the coming years. A group of leading international privacy experts will tackle these issues in various workshop, plenary and breakout sessions that deal with transborder data flows, ubiquitous computing, youth privacy, biometrics, globalization, public safety, and the intersect between law and technology.

More: http://www.epic.org/alert/EPIC_Alert_14.19.html

Source: http://www.epic.org/

25 October 2007 – Privacy Groups File Additional Papers in Google-DoubleClick Merger

At the National Press Club on Monday, EPIC, the Center for Digital Democracy, and US PIRG announced a second supplement to the groups’ original complaint and subsequent supplement with the Federal Trade Commission (FTC) concerning the proposed Google-DoubleClick merger. The amended complaint details new facts supporting the conclusion that the FTC should block Google’s proposed acquisition of DoubleClick.

At the National Press Club discussion, “Google, Online Advertising, and Privacy,” an expert panel reviewed recent developments with online privacy, including behavioral targeting, and the proposed merger of Google and DoubleClick. The panel, moderated by EPIC’s Associate Director, Lillie Coney, included Melissa Ngo, Senior Counsel and Director of EPIC’s Identification and Surveillance Project; Jeff Chester, Executive Director of the Center for Digital Democracy; Joe Turow, Professor of Communications at the University of Pennsylvania’s Annenberg School for Communication; and Amina Fazlullah, Staff Attorney at US PIRG.

More: http://www.epic.org/alert/EPIC_Alert_14.19.html

Source: http://www.epic.org/

25 October 2007 – Privacy a Hot Topic as RFID Tagging Grows in Use

Privacy concerns over RFID tagging are reaching new heights, with state legislators introducing and increasingly passing new measures to restrict their use, while employers face a barrage of concern from workers over RFID-embedded identity badges.

Those worries were aired by speakers and attendees at RFID World: Boston today, even as some RFID technology defenders worried that they haven’t done enough to promote the value of RFID in tracking tainted foods or counterfeit drugs and of reducing the cost of tracking inventory. To indicate how extreme the national RFID hysteria has become, one speaker said privacy advocate Katherine Albrecht had urged consumers to microwave new underwear to disable a possible RFID tag and thereby prevent someone from tracking your whereabouts.(However, a check of Albrecht’s Web site spychips.com, actually urges not putting items in the microwave to disable an RFID tag because it could cause a fire.)

More: Privacy a Hot Topic as RFID Tagging Grows in Use

Source: http://www.computerworld.com/

22 October 2007 – Lesson From Tor Hack: Anonymity and Privacy Aren’t the Same

As the name implies, Alcoholics Anonymous meetings are anonymous. You don’t have to sign anything, show ID or even reveal your real name. But the meetings are not private. Anyone is free to attend. And anyone is free to recognize you: by your face, by your voice, by the stories you tell. Anonymity is not the same as privacy.

That’s obvious and uninteresting, but many of us seem to forget it when we’re on a computer. We think “it’s secure,” and forget that secure can mean many different things. Tor is a free tool that allows people to use the internet anonymously. Basically, by joining Tor you join a network of computers around the world that pass internet traffic randomly amongst each other before sending it out to wherever it is going. Imagine a tight huddle of people passing letters around. Once in a while a letter leaves the huddle, sent off to some destination. If you can’t see what’s going on inside the huddle, you can’t tell who sent what letter based on watching letters leave the huddle. I’ve left out a lot of details, but that’s basically how Tor works. It’s called “onion routing,” and it was first developed at the Naval Research Laboratory. The communications between Tor nodes are encrypted in a layered protocol — hence the onion analogy — but the traffic that leaves the Tor network is in the clear. It has to be.

More: Lesson From Tor Hack: Anonymity and Privacy Aren’t the Same

Source: http://www.wired.com/

22 October 2007 – Symantec CEO Says Internet Tracking Programs Are Digital Peeping Toms

Cookies to collect Internet user data are a serious invasion of privacy, Symantec chief executive John Thompson said Wednesday, likening them to ”a peeping Tom.”

The head of the security software vendor said he thought cookies were essentially spyware if people are unaware that a program has been downloaded on their machine to record the sites they visit and do not know what will be done with that information. They ”are just as much an invasion of privacy as someone peering in my bedroom window,” he said.

More: http://www.technologyreview.com/Wire/19409/

Source: http://www.technologyreview.com/

22 October 2007 – House Committee Chair Wants Info on Cancelled DHS Data-mining Programs

Bennie Thompson (D-Miss.), chairman of the House Committee on Homeland Security, has asked Department of Homeland Security Secretary Michael Chertoff to provide a detailed listing of all IT programs that have been canceled, discontinued or modified because of privacy concerns.

He also asked for details on the amount of money the DHS spent on each program, the names of contractors who were awarded the projects, and information about the measures being taken to address privacy issues. Thompson’s demand was prompted by the recent cancellation of the agency’s Analysis Dissemination Visualization Insight and Semantic Insight (ADVISE) data-mining program, which was shelved because of privacy concerns after $42 million had been poured into it. In a letter to Chertoff yesterday, Thompson expressed concern about the “apparent litany” of DHS programs that have been canceled or otherwise modified after millions of dollars have been spent because of a failure to assess their privacy ramifications early on. DHS officials could not be reached for comment.

More: House Committee Chair Wants Info on Cancelled DHS Data-mining Programs

Source: http://www.computerworld.com/

22 October 2007 – Data Quality – the Forgotten Privacy Principle

Nearly every major privacy law requires “data quality,” but it’s become the most forgotten of all of the internationally recognized privacy principles. Why? Three reasons: The laws provide few details on what “data quality” means; companies violating this principle don’t make the headlines; and it’s not exactly clear what data quality has to do with privacy, anyhow.

Why is this important? Because companies around the globe are spending more time and resources assessing their internal privacy practices, and they need to know what is “good enough” when it comes to data accuracy. … Even then, delegates debated about whether data quality mattered to privacy. The OECD’s expert group concluded that data quality is relevant to “whether or not harm can be caused to data subjects because of lack of accuracy, completeness and updating.”

More: Data Quality – the Forgotten Privacy Principle

Source: http://www.computerworld.com/

22 October 2007 – Facebook, MySpace Users Will Trade Privacy for Features

Facebook and MySpace users are willing to let the sites sell their personal data in return for access to the sites’ social networking features, according to new research from Pace University.

Researchers at the university queried users of Facebook and MySpace in August, asking for their views of the privacy protections offered by the sites and their feelings about how much personal information they are willing to post on social networking sites. Catherine Dwyer, a professor at Pace who worked on the study, noted that most Facebook and MySpace users said that they’re willing to develop online relationships even though they believe that trust and privacy safeguards are weak.

More: Facebook, MySpace Users Will Trade Privacy for Features

Source: http://www.computerworld.com/

19 October 2007 – Surveillance Law Must Protect Privacy and Security – Testimony

Congress can enact legislation that meets the needs of intelligence agencies for defending national security, while still protecting the fundamental privacy rights of innocent Americans, CDT Policy Director Jim Dempsey told a congressional panel today.

In testimony before the House Intelligence Committee, Dempsey identified a balanced approach that Congress could use to replace the overreaching Protect America Act, which was adopted last month and expires next year. CDT also today released a memo addressing the poorly understood concept of “minimization” in the surveillance context.

More: http://www.cdt.org/headlines/1045

Source: http://www.cdt.org/

19 October 2007 – Technology Aids Expansion of Eavesdropping Powers

A combination of technological and legal circumstances are preserving and even expanding the Justice Department’s eavesdropping powers despite a recent court ruling that undercuts the government’s wiretapping authority granted by the Patriot Act.

The U.S. District Court for the Southern District of New York issued a decision in John Doe [and others] v. Alberto Gonzales [and others] that would cancel the Patriot Act’s sweeping grant of secret-wiretapping authority, passed by Congress in late 2001. Judge Victor Marrero also rejected the act’s provision that imposed perpetual gag orders. Recipients of gag order letters are prevented from disclosing the existence of the directives, even to their closest family members.

More: http://www.gcn.com/print/26_24/45025-1.html

Source: http://www.gcn.com/

19 October 2007 – FBI to Automate Wiretap Database

The FBI is working to build an automated system to track its National Security Letter wiretap cases in a bid to eliminate cumbersome and error-prone manual entry of data about the eavesdropping projects. The bureau currently relies on Microsoft Access software to track wiretap requests in the Office of General Counsel (OGC) database.

FBI deputy director John Pistole told the House Permanent Select Committee on Intelligence earlier this year that although “the OGC database was a giant technological step forward from three-by-five index cards once used to track NSLs, it is not an acceptable system given the significant increase in use of NSLs since 9/11.” The new NSL database management system will use a Java Enterprise Edition application server from Red Hat subsidiary JBoss using Oracle software and is due to roll out Dec. 31.

More: http://www.gcn.com/print/26_24/45059-1.html

Source: http://www.gcn.com/

19 October 2007 – MySpace Is Using Profile and Blog Entries to Sell Targeted Ads

News Corp.’s MySpace social networking site is using personal details contained on users’ profile pages and blogs to sell highly targeted advertising, the company said Tuesday.

The Web site started the first phase of its ”interest targeting” experiment in July, culling likes and dislikes from its users’ pages to sell ads in 10 broad categories such as finance, autos, fashion and music. The site has more than 3 million users in each category and can place ads based on responses to questions about users’ likes and dislikes, favorite movies and music. Data is even extracted from blog entries, where users write at length about their lives. Targeting ads well can be lucrative for MySpace and its corporate parent, but it can also backfire if users believe their personal expressions are being misused.

More: http://www.technologyreview.com/Wire/19404/

Source: http://www.technologyreview.com/

19 October 2007 – New Threats to Privacy

As a staff attorney at the Electronic Frontier Foundation, one of Kevin Bankston’s primary responsibilities is to monitor the effects of new technologies on citizens’ privacy rights and occasionally undertake litigation to protect those rights. Recently, he experienced the issue firsthand when he was, without his knowledge, photographed by Google Street View, and his image was posted online.

More information is being generated and collected and stored; in particular, information that is highly sensitive and revealing. There has never been a document — ever in the existence of humanity, I think — that is more revealing of the interior concerns and nature of a person than, say, a log of all their Internet search activity. This was born out by my examination of search logs that were “accidentally” disclosed by AOL last year in a frighteningly irresponsible data leak. They released search log histories of several hundred thousand of their users over a three-month period. Looking through those logs, it was clear that people treat their search engine like their most trusted confidante, seeking advice on practically every personal, medical, financial or familial problem you can imagine. So with new technologies, there are new privacy threats which I would say are graver than any we’ve faced before.

 More: http://www.gcn.com/print/26_24/45031-1.html

Source: http://www.gcn.com/

18 October 2007 – VW ‘Nazi’ Subpoena Points Up YouTube Privacy Risks

A legal spat between YouTube and Volkswagen is throwing light on the increasing copyright surveillance of social networking sites.

Volkswagen has filed a subpoena seeking the identity of a YouTube user who posted a Nazi-themed parody of a recent VW Golf commercial. Volkswagen’s move underscores the privacy risks to a blossoming community of users on sites like YouTube and Yahoo Video, and social-networking sites like Facebook and MySpace. Copyright holders and their agents have long been monitoring activity on file-sharing networks such as BitTorrent and Gnutella. Now they’re turning their attention to the social networks. “The social networking sites have definitely become a new focal point,” said Evan Cox, a San Francisco copyright attorney who, with his colleagues, issue thousands of takedown notices a year. “As a consequence, they’ve gotten more focus from copyright owners.”

More: http://www.wired.com/entertainment/hollywood/news/2007/09/vw_parody_ad

Source: http://www.wired.com/

18 October 2007 – Privacy groups: Google’s call for standards not enough

The U.S. government still needs to block or impose conditions on Google Inc.’s acquisition of online advertising server DoubleClick Inc., despite Google’s call for global privacy standards, three privacy groups said today.

Google last Friday called for a global privacy standard, and the company referred to a framework designed by Asia-Pacific Economic Cooperation. But the APEC standard is “weak,” Melissa Ngo, director of the Identification and Surveillance Project at the Electronic Privacy Information Center (EPIC), said during a press conference today. The APEC standard “puts the burden on consumers to prove they are being harmed,” she said. Google’s call for a global privacy standard does not allay concerns that privacy groups have with Google’s proposed $3.1 billion purchase of DoubleClick, said Amina Fazlullah, staff attorney with consumer group U.S. Public Interest Research Group.

More: Privacy groups: Google’s call for standards not enough

Source: http://www.computerworld.com/

18 October 2007 – Google Kicks Off Worldwide Consumer Privacy Crusade

According to Associated Press reports, confirmed by Reuters, Google will propose at a meeting of European policymakers in Strasbourg, France today that national regulators agree on a basic set of global privacy protections.

Peter Fleischer, Google’s Chief Privacy Officer, will argue that the future health of the Internet, the global economy and Google’s own business agenda depends on the world’s success in moving beyond the current patchwork of conflicting privacy rules. As Reuters’ Eric Auchard explains: “Google has recently stepped up a push for policy changes and industry self-regulation to fend off criticism over the unprecedented access to personal information the Web provides. Because its stated mission is to organize the world’s information and make it universally accessible, Google has come under fire for the threat its services pose to privacy. A recent move to acquire online advertising tools supplier DoubleClick Inc has put Google under increased scrutiny by U.S. regulators concerned by its growing power in online advertising and the mounds of data on surfing habits that Google stores.”

More: http://soa.sys-con.com/read/429213.htm

Source: http://soa.sys-con.com/

18 October 2007 – Google Calls for International Standards on Internet Privacy

Google, a frequent target of privacy advocates, yesterday called for new international standards on the collection and use of consumer data.

Peter Fleischer, global privacy counsel for Google, told a U.N. audience in Strasbourg, France, that fragmentary international privacy laws burden companies and don’t protect consumers. He argued for an international body such as the United Nations to create standards that individual countries could then adopt and adapt to fit their needs. “The ultimate goal should be to create minimum standards of privacy protection that meet the expectations and demands of consumers, businesses and governments,” Fleischer said, according to a transcript of the speech provided by Google.

More: Google Calls for International Standards on Internet Privacy

Source: http://www.washingtonpost.com/

18 October 2007 – Big Brother Is Watching Us All

The US and UK governments are developing increasingly sophisticated gadgets to keep individuals under their surveillance. When it comes to technology, the US is determined to stay ahead of the game.

Gait DNA, for example, is creating an individual code for the way I walk. Their goal is to invent a system whereby a facial image can be matched to your gait, your height, your weight and other elements, so a computer will be able to identify instantly who you are. How you walk could be used to identify you in a crowd “As you walk through a crowd, we’ll be able to track you,” said Professor Challapa. “These are all things that don’t need the cooperation of the individual.” Since 9/11, some of the best scientific minds in the defence industry have switched their concentration from tracking nuclear missiles to tracking individuals such as suicide bombers.

More: http://news.bbc.co.uk/2/hi/programmes/from_our_own_correspondent/6995061.stm

Source: http://news.bbc.co.uk/

16 October 2007 – Google Proposes Global Privacy Standard

While Google is leading a charge to create a global privacy standard for how companies protect consumer data, the search giant is recommending that remedies focus on whether a person was actually harmed by having the information exposed.

Google’s proposal is scheduled to be presented by Peter Fleischer, Google’s global privacy counsel, in a speech Friday in Strasbourg, France, at Unesco’s meeting on ethics and human rights. He briefed reporters on Thursday.

More: Google Proposes Global Privacy Standard

Source: http://www.news.com/

16 October 2007 – Tor’s Privacy Problems

People have an innate need to feel secure in their privacy. Our founding fathers built the United States on the understanding that people should be able to revolt and overthrow any government that oppresses them. Over time, Americans have lost more and more privacy rights as new laws have crept in. Fear of government, however, has never been lost.

The Internet has evolved in a similar fashion. For years it was unregulated, and largely unwatched. That all changed with the introduction of Echelon, the super-secret global Internet eavesdropping infrastructure purported to be operated by a number of countries. Still, people latched onto the idea that the Internet should be an anonymous network. Then along came Peek-a-booty.

More: http://www.darkreading.com/blog.asp?blog_sectionid=403&doc_id=133628

Source: http://www.darkreading.com/

16 October 2007 – Scientists Use the “Dark Web” to Snag Extremists and Terrorists Online

Funded by the National Science Foundation and other federal agencies, Hsinchun Chen and his Artificial Intelligence Lab at the University of Arizona have created the Dark Web project, which aims to systematically collect and analyze all terrorist-generated content on the Web.

Using advanced techniques such as Web spidering, link analysis, content analysis, authorship analysis, sentiment analysis and multimedia analysis, Chen and his team can find, catalogue and analyze extremist activities online. According to Chen, scenarios involving vast amounts of information and data points are ideal challenges for computational scientists, who use the power of advanced computers and applications to find patterns and connections where humans can not.

More: http://www.nsf.gov/news/news_summ.jsp?cntn_id=110040&org=NSF

Source: http://www.nsf.gov/

16 October 2007 – Facebook to Share Members’ Information with Public

Facebook announced that it will open its database to public search, effectively creating an Internet white pages of its users. Non-Facebook users will be able to search the Facebook database and will receive in return information such as name and picture.

These public profiles will become indexed by major search engines such as Google in the coming month. Facebook has automatically included all of its users in this information sharing, and those who do not want their information shared have to manually opt-out via Facebook’s privacy page.

More: http://www.epic.org/alert/EPIC_Alert_14.18.html

Source: http://www.epic.org/

16 October 2007 – Government Quietly Ends Another Data Mining Program

This week, the Department of Homeland Security announced it would end a federal data mining program created to troll vast amounts of data in order to attempt to find suspicious people. DHS has spent four years and $42 million on the Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE) program.

ADVISE was temporarily suspended in March after a Government Accountability Office review identified numerous privacy risks. These “include the potential for erroneous association of individuals with crime or terrorism and the misidentification of individuals with similar names,” the GAO said. The program was recently reviewed by the DHS Inspector General and its Privacy Office, which recommended ending ADVISE permanently.

More: http://www.epic.org/alert/EPIC_Alert_14.18.html

Source: http://www.epic.org/

12 October 2007 – Internet Oversight Agency Working Group Report on Domain Name Privacy

The Internet Corporation for Assigned Names and Numbers (ICANN)’s WHOIS working group submitted its Final Report on WHOIS. The report discusses the implementation issues surrounding the use of an Operational Point of Contact (OPoC) to limit public access to domain name registrants’ personal information by allowing registrants to use alternate contact details.

The report examines, among other issues, the roles, responsibility and requirements of the OpoC and what happens if they are not fulfilled. Rather than reaching any final decisions on implementation issues, the report outlines implementation options and indicates general support and/or alternative views.

More: http://www.epic.org/alert/EPIC_Alert_14.18.html

Source: http://www.epic.org/

12 October 2007 – EPIC Recommends Suspension of Secret Traveler Profiling Program

In comments to the Department of Homeland Security, EPIC urged the agency to either suspend the Automated Targeting System or to fully apply all Privacy Act safeguards to any individual subject to ATS. The system creates secret, terrorist “risk assessments” on tens of millions of U.S. citizens and foreign visitors. This new rulemaking was in response to public criticism that arose from DHS’s November 2006 rulemaking, where EPIC led 29 organizations and 16 privacy and technology experts in condemning the many privacy and security risks of ATS.

ATS was originally established to assess cargo that might pose a threat to the United States. However, since 1999, ATS was used to assign a “risk assessment,” which is essentially a terrorist risk rating, to all people “seeking to enter or exit the United States,” “engag[ing] in any form of trade or other commercial transaction related to the importation or exportation of merchandise,” “employed in any capacity related to the transit of merchandise intended to cross the United States border,” and “serv[ing] as operators, crew, or passengers on any vessel, vehicle, aircraft, or train who enters or exits the United States.”

More: http://www.epic.org/alert/EPIC_Alert_14.18.html

Source: http://www.epic.org/

12 October 2007 – Plan to Put Everyone in DNA Database Hinges on Human Rights Case

Lord Justice Sedley’s proposal to put everyone in the UK on a DNA database would be dependent on a British man’s case against the UK at the European Court of Human Rights (ECHR), according to a privacy law expert.

Michael Marper is objecting to the retention of his DNA information on the Home Office’s database, despite the fact that he has never been convicted of a crime. He has appealed through the English courts and the ECHR agreed earlier this year to hear his case. Sedley is an Appeals Court judge who this week proposed that to eradicate the imbalance of ethnic minorities on the DNA database, everyone in the UK, including visitors, should be put on to the system. The ECHR ruling could make that illegal, though, said Dr Chris Pounder, a privacy expert with Pinsent Masons, the law firm behind OUT-LAW.COM.

More: http://www.out-law.com/page-8455

Source: http://www.out-law.com/

12 October 2007 – Privacy, Secrets, and Your Phone Company

We know already that the FBI has engaged in a highly controversial wiretapping program with the cooperation and blessing of the various telecoms (one more reason I won’t get an iPhone; none of that AT&T for me).

Now evidence is mounting that the telecoms are doing some unsavory data-mining of their own, the scope of which moves them from the just-following-orders category over to more of a Junior G-Man role. I don’t seem to remember seeing anything about that sort of behavior in the customer-solicitation literature from AT&T, Verizon or MCI (!).

More: http://www.computerworld.com/blogs/node/6174

Source: http://www.computerworld.com/

12 October 2007 – Rogue Nodes Turn Tor Anonymizer Into Eavesdropper’s Paradise

A security researcher intercepted thousands of private e-mail messages sent by foreign embassies and human rights groups around the world by turning portions of the Tor internet anonymity service into his own private listening post.

A little over a week ago, Swedish computer security consultant Dan Egerstad posted the user names and passwords for 100 e-mail accounts used by the victims, but didn’t say how he obtained them. He revealed Friday that he intercepted the information by hosting five Tor exit nodes placed in different locations on the internet as a research project.

More: http://www.wired.com/politics/security/news/2007/09/embassy_hacks

Source: http://www.wired.com/

7 September 2007 – China Creates Vast Program for Surveillance and Identification of Its Citizens

At least 20,000 police surveillance cameras are being installed along streets here in southern China and will soon be guided by sophisticated computer software from an American-financed company to recognize automatically the faces of police suspects and detect unusual activity.

Starting this month in a port neighborhood and then spreading across Shenzhen, a city of 12.4 million people, residency cards fitted with powerful computer chips programmed by the same company will be issued to most citizens. Data on the chip will include not just the citizen’s name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord’s phone number.

More: http://www.epic.org/alert/EPIC_Alert_14.17.html

Source: http://www.epic.org/

7 September 2007 – DHS Warns States to Implement REAL ID

In a speech to the National Conference of State Legislatures earlier this month, DHS Secretary Michael Chertoff told states that citizens in states that do not implement REAL ID will have to use passports for federal purposes, such as entering courthouses or flying domestically.

Passports currently cost $97 each, and the State Department admitted in July that there is a significant backlog in processing passports because of, among other things, “inept planning, underfunded preparations, and popular misunderstanding of poorly crafted government advertising.” In May, EPIC and 24 experts in privacy and technology submitted comments on DHS’s draft implementation regulations for the REAL ID Act warning the federal agency not to go forward with the proposal.

More: http://www.epic.org/alert/EPIC_Alert_14.17.html

Source: http://www.epic.org/

7 September 2007 – Electronic Voting System Identifies Voters

Research undertaken by The Public Ballot, a voter privacy organization, and reported on by CNET.com revealed that Ohio voter privacy is threatened by the Election Systems and Software’s voting machines. The method of affixing a time stamp to each voter-verified paper audit record is cited as the source of the voter privacy problem. The state of Ohio, along with retaining these records, also retains the poll registration logs, which note the time each voter enters the voting process. Both types of information are treated as public information and are available upon request.

Federal and state courts and legislatures have historically taken measures to protect the right of voters to vote their conscience without fear of retaliation. United States law requires that “All votes for Representatives in Congress must be by written or printed ballot, or voting machine, the use of which has been duly authorized by the State law; and all votes received or recorded contrary to this section shall be of no effect.” The statute defines “ballot” in election provisions to mean a “method which will insure, so far as possible, secrecy and integrity of popular vote,” and interprets the Congressional requirement that elections be conducted by written or printed ballots or by machine to include the notion that ballots must be secret.

More: http://www.epic.org/alert/EPIC_Alert_14.17.html

Source: http://www.epic.org/

7 September 2007 – Spy Chief Opens Up On Surveillance

In an on the record discussion with the El Paso Times, Director of National Intelligence Michael McConnell revealed past and current surveillance activities and border security.

For the first time, an administration official confirmed that private sector companies illegally assisted with the President’s domestic spying program. Several telecommunication companies are being sued for this, and McConnell says these lawsuits will bankrupt them. McConnell argued that these companies should have immunity for any past violations of privacy laws, not just the going forward immunity that the new Foreign Intelligence Surveillance Act (FISA) provides.

More: http://www.epic.org/alert/EPIC_Alert_14.17.html

Source: http://www.epic.org/

7 September 2007 – FCC Must Protect Innovation, Privacy in e911 Rulemaking

CDT, the Electronic Frontier Foundation and Sun Microsystems this week urged the Federal Communications Commission (FCC) to be cautious in considering an “automatic” location requirement for VoIP providers for use during e911 emergency calls.

In comments filed today with the FCC, the groups noted that while the e911 system is a vital part of our public safety net, VoIP services are unable to provide “automatic” location information (without user input), and a requirement that they do so would harm innovation and competition. The comments also cautioned that some proposed solutions to address the VoIP location requirement would destroy users’ privacy.

More: http://www.cdt.org/headlines/1039

Source: http://www.cdt.org/

3 September 2007 – Super Ninja Privacy Techniques for Web App Developers

If I keep my documents on Google Docs, my mail on Yahoo Mail, my bookmarks on del.icio.us, and my address book on .Mac, is there any point in talking about the privacy of my data any more? Should I just accept that using web-hosted applications means that privacy doesn’t exist?

Many new applications do a great job of making it easy and free for you to post your information online. In a lot of cases, your data is combined with other people’s data, to pull helpful or interesting relationships out of aggregate data (“People who bought this book also bought….”). Your photos on your hard drive are not as useful as your photos on Flickr, where others can comment on them, find them via tags, share them, and make them into photo-related products.

More: http://www.net-security.org/article.php?id=1058

Source: http://www.net-security.org/

3 September 2007 – DoD Pulls Plug on Talon Database

The Defense Department announced today that it would close an intelligence reporting database that had come under legal fire as a means of storing information about peaceful domestic critics of Bush administration policies.

The Threat and Local Observation Notice (Talon) database had become a lightning rod for criticism of military intelligence agencies’ monitoring of antiwar protestors. The decision to shut it down resonated with parallel litigation and debate about the legality of federal monitoring of international telecommunications. Technological changes in international telecommunications that have arisen since the disclosure of Vietnam War-era domestic spying prompted new civil-liberties protections figure in current privacy debates. The Pentagon said it would close Talon as of Sept. 17 and “maintain a record copy of the collected data in accordance with intelligence oversight requirements,” said a department press statement issued today.

More: http://www.gcn.com/online/vol1_no1/44903-1.html

Source: http://www.gcn.com/

3 September 2007 – Security: The Great Privacy Compromise

Privacy advocates will protest the default authentication built into everything using a computer chip. But the benefits promised by corporations and the government (“We can help you locate your children if they are kidnapped”) will make consumers beg for the intrusion. Privacy advocates who don’t wish to be “chipped” will use their own version of the Internet and take their chances in a Wild West-style environment much like the one we suffer today.

Meanwhile, in the safe confines of an Internet transformed by pervasive authentication, malicious hackers will have a hard time escaping capture. The increased protections provided by more secure identity and authentication mechanisms will make malicious hacking too arduous to be profitable anymore. In exchange for compromising on privacy, the online experience will finally be a safe one.

More: Security: The Great Privacy Compromise

Source: http://www.infoworld.com/

3 September 2007 – Liberties Advocates Fear Abuse of Satellite Images

For years, a handful of civilian agencies have used limited images from the nation’s constellation of spy satellites to track hurricane damage, monitor climate change and create topographical maps.

But a new plan to allow emergency response, border control and, eventually, law enforcement agencies greater access to sophisticated satellites and other sensors that monitor American territory has drawn sharp criticism from civil liberties advocates who say the government is overstepping the use of military technology for domestic surveillance.

More: Liberties Advocates Fear Abuse of Satellite Images

Source: http://news.com.com/

3 September 2007 – Federal ID Plan Raises Privacy Concerns

Americans may need passports to board domestic flights or to picnic in a national park next year if they live in one of the states defying the federal Real ID Act.

Homeland Security Secretary Michael Chertoff says there are no plans for a federal database of drivers’ information. The act, signed in 2005 as part of an emergency military spending and tsunami relief bill, aims to weave driver’s licenses and state ID cards into a sort of national identification system by May 2008. The law sets baseline criteria for how driver’s licenses will be issued and what information they must contain. The Department of Homeland Security insists Real ID is an essential weapon in the war on terror, but privacy and civil liberties watchdogs are calling the initiative an overly intrusive measure that smacks of Big Brother. More than half the nation’s state legislatures have passed or proposed legislation denouncing the plan, and some have penned bills expressly forbidding compliance.

More: http://www.cnn.com/2007/POLITICS/08/16/real.id/index.html

Source: http://www.cnn.com/

31 August 2007 – Domestic Use of Spy Satellites To Widen

The Bush administration has approved a plan to expand domestic access to some of the most powerful tools of 21st-century spycraft, giving law enforcement officials and others the ability to view data obtained from satellite and aircraft sensors that can see through cloud cover and even penetrate buildings and underground bunkers.

A program approved by the Office of the Director of National Intelligence and the Department of Homeland Security will allow broader domestic use of secret overhead imagery beginning as early as this fall, with the expectation that state and local law enforcement officials will eventually be able to tap into technology once largely restricted to foreign surveillance.

More: Domestic Use of Spy Satellites To Widen

Source: http://www.washingtonpost.com/

31 August 2007 – Report Tracks and Compares Competition for Search Privacy

A report published today by CDT tracks the efforts of the leading Internet search companies as they begin to aggressively compete with one another to offer stronger privacy protections. In a string of recent announcements, the companies announced steps they were taking to delete old user data, strip the personally identifiable information out of stored search records, and, in one case, give users the option to have all of their search records deleted.

CDT’s Search Privacy Practices report details and compares the revamped privacy policies of the five largest search providers and offers recommendations for both the industry and lawmakers for how to strengthen privacy protections further.

More: http://www.cdt.org/headlines/1038

Source: http://www.cdt.org/

31 August 2007 – How Safe is “Social Networking”?

Myspace, Twitter, Facebook — Social Networking is the web success story of the new century. The statistics are mind-bending — Myspace claimed its 100 Millionth user in August 2006. But a recent ENISA workshop put the question – “how safe are social networks?”

According to the experts, there is a lot to be concerned about; from specialised social networking worms spreading through Myspace profiles to identity theft, extortion, spear-phishing and even recruitment of terrorists — social networking has it all. But the biggest threat is to personal privacy.

More: http://enisa.europa.eu/pages/02_01_press_2007_08_16_social_net.html

Source: http://enisa.europa.eu/

31 August 2007 – Who’s Regulating Whose Space?

ISPs keen to emulate the phenomenal success of MySpace, Facebook and YouTube may want to think again, says Rob Gallagher. Social networking looks set to reopen a can of worms they had sealed long ago. At stake is the question of responsibility for content. Before the turn of the century, politicians, lobby groups and media conducted a long and heated debate on whether ISPs were liable for third-party illegal or defamatory content held on their servers.

In 2000, the European Commission decided that ISPs were “mere conduits” – carriers of information somewhat like the postal service – rather than publishers. Across Europe, governments settled instead for self-regulation whereby ISPs agree to take down illegal content held on their servers when notified by law-enforcement bodies or sanctioned industry groups, such as the UK’s Internet Watch Foundation.

More: Who’s Regulating Whose Space?

Source: http://www.telecoms.com/

31 August 2007 – How Search Engines Rate on Privacy

Price wars are public blessings. Ask anyone who has comparison shopped between Advanced Micro Devices and Intel microprocessors or bought a cheap Harry Potter novel thanks to fierce bookseller price battles.

In the last few months, the search engine business has experienced its own version of cutthroat competition: a privacy policy war, with Google, Ask.com and Microsoft vying to outdo one another in protecting their users’ personal information.

More: How Search Engines Rate on Privacy

Source: http://news.com.com/

30 August 2007 – DHS plans changes in air passenger screening

A proposed revamp of the Department of Homeland Security air passenger screening program offers improved privacy protections, but one privacy advocate says the agency still has a ways to go.

DHS on Thursday announced initial plans for an overhaul of its Secure Flight program, with the agency no longer no longer assigning risk scores to passengers or using predictive behavior technology, DHS Secretary Michael Chertoff said at a press conference. But the Transportation Security Administration, part of DHS, will have direct control of checking domestic passenger lists against terrorist watch lists, instead of the airlines, Chertoff said.

More: DHS plans changes in air passenger screening

Source: http://www.computerworld.com/

30 August 2007 – China Enacting a High-Tech Plan to Track People

At least 20,000 police surveillance cameras are being installed along streets here in southern China and will soon be guided by sophisticated computer software from an American-financed company to recognize automatically the faces of police suspects and detect unusual activity.

Starting this month in a port neighborhood and then spreading across Shenzhen, a city of 12.4 million people, residency cards fitted with powerful computer chips programmed by the same company will be issued to most citizens. Data on the chip will include not just the citizen’s name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord’s phone number. Even personal reproductive history will be included, for enforcement of China’s controversial “one child” policy. Plans are being studied to add credit histories, subway travel payments and small purchases charged to the card.

More: China Enacting a High-Tech Plan to Track People

Source: http://www.nytimes.com/

30 August 2007 – Britain Begins ID Card Procurement Process

Britain launched on Thursday the selection process to choose companies to run its multibillion-dollar national identity card program, the world’s most ambitious biometric project.

Prime Minister Gordon Brown’s government described the move as “another milestone” toward the controversial compulsory program, which is expected to cost more than $10 billion over the next decade. Ministers say the cards carrying fingerprint, iris and face-recognition technology, are vital to fight terrorism, serious organized crime and illegal immigration.

More: Britain Begins ID Card Procurement Process

Source: http://news.com.com/

30 August 2007 – Feds Consider Lowering Passenger Data Requirements

The U.S. Department of Homeland Security has taken a preliminary step in overhauling plans for an air traveler-screening program that has alarmed privacy advocates in the past.

Under a new proposal for a controversial program known as Secure Flight, the Transportation Security Administration would assume the duty of checking passengers against terrorist watch list databases, which is currently done by U.S. air carriers. In a nod to earlier privacy concerns, it proposes scaling back the amount of data that airlines would be obligated to submit about their passengers.

More: Feds Consider Lowering Passenger Data Requirements

Source: http://news.com.com/

30 August 2007 – EPIC Warns Federal Agencies About RFID in US Travel Cards

In comments to the departments of State and Homeland Security, EPIC recommended against the use of “long-range” RFID technology (which transmits personal data to remote tracking devices) in the proposed “PASS card” for travel between the United States, Canada, Mexico, and the Caribbean.

EPIC explained that the tracking technology would jeopardize the privacy and security of US travelers, and urged the agencies to delay the implementation of the passport card requirement until solutions can be found for the extraordinary delays, problems, costs and privacy risks. Earlier this year, Homeland Security abandoned a similar proposal for US-VISIT travel documents, following criticisms from EPIC and the Government Accountability Office.

More: http://www.epic.org/alert/EPIC_Alert_14.16.html

More: http://www.epic.org/

29 August 2007 – Homeland Security Revamps Traveler Profiling Programs

The Department of Homeland Security announced revisions to two passenger profiling programs this week: the Automated Targeting System and Secure Flight. However, privacy and security threats remain in both programs. DHS also announced a final rule on the Advance Passenger Information System.

The Advance Passenger Information System final rule “enables DHS to collect manifest information for international flights departing from or arriving in the United States prior to boarding,” DHS said. The rule requires air carriers to transmit manifests 30 minutes before departure or “provide manifest information on passengers as each passenger checks in for the flight, up to the time when aircraft doors are secured.” For vessels departing from foreign ports to the United States, the rule does not change current requirements to transmit passenger and crew arrival manifest data between 24 to 96 hours prior to arrival, “but requires vessel carriers to transmit [Advance Passenger Information System] data 60 minutes prior to departure from the United States.”

More: http://www.epic.org/alert/EPIC_Alert_14.16.html

Source: http://www.epic.org/

29 August 2007 – New Law Strengthens Privacy Oversight

Last week, the President signed the Implementing Recommendations of the 9/11 Commission Act of 2007. The law is a compromise between a Senate bill (S. 4) passed in March and a House bill (H.R. 1) passed in January. Both houses of Congress passed the harmonized version in July.

The law implements certain recommendations of the 9/11 Commission, including improving privacy and civil liberties protections in agencies that perform law enforcement or anti-terrorism functions. The bill also provides for establishing regional law enforcement “fusion centers” for information sharing.

More: http://www.epic.org/alert/EPIC_Alert_14.16.html

Source: http://www.epic.org/

29 August 2007 – Phishing Researcher ‘Targets’ the Unsuspecting

If he weren’t so ethical, Markus Jakobsson could be a world-class online fraudster. In a way, he already is. Jakobsson, a cybersecurity researcher and professor at Indiana University in Bloomington, spends much of his time perpetrating online attacks of unsuspecting Web surfers — without actually harming them, of course — to see what types of ruses people will fall for and to predict potential new techniques phishers might pursue.

The university that gave the world Alfred Kinsey, the famous sex researcher, is more than willing to tolerate experiments that might improve computer security, even if it annoys a few unwitting participants. “They think everything that is not immoral or illegal is fine,” Jakobsson joked Wednesday at the Usenix Security Symposium in Boston, while delivering a talk on the human factor in online fraud such as phishing, click fraud and crimeware. Victims of online attacks often give up personal information, such as bank account details, or have their computers controlled remotely by hackers.

More: Phishing Researcher ‘Targets’ the Unsuspecting

Source: http://www.computerworld.com/

29 August 2007 – Study: Search Engine Privacy Policies Improving

Search-engine providers have begun to compete with each other on privacy protections, but the U.S. still needs to adopt a national privacy law, says a report from the Center for Democracy and Technology (CDT).

The CDT, a civil liberties advocacy group, praised many search-engine providers for recent changes to their privacy policies, with some policies setting limits on data retention. But CDT remains concerned that, in many cases, search-engine users have little control over their data and that most major search engines retain query data indefinitely, officials of the group said Wednesday.

More: Study: Search Engine Privacy Policies Improving

Source: http://www.computerworld.com/

29 August 2007 – Competition is Good for Search Privacy, Report Says

Recent privacy policy makeovers by the five major Internet search companies show competition benefits users but a “comprehensive” federal privacy law is still needed, says a Washington advocacy group in a new report.

An analysis released Wednesday by the Center for Democracy and Technology concluded it’s good news for consumers that Google, Microsoft, Yahoo, Ask.com and AOL pledged in recent months to amend how they handle user search data. That includes a person’s queries, cookie identification number and Internet Protocol address.

More: Competition is Good for Search Privacy, Report Says

Source: http://news.com.com/

28 August 2007 – Making Phones Polite

Now, researchers at Intel have developed software that could help make handhelds more considerate. The software is able to detect and record conversations, but crucially, it does so in a privacy-sensitive manner so that the actual spoken words can’t be retrieved.

“Our goal is to be able to collect data about interactions and conversations that happen spontaneously … and have a balance between privacy and the information we can get from recorded data,” says Tanzeem Choudhury, a researcher at Intel Labs Seattle.

More: http://www.technologyreview.com/Infotech/19196/?a=f

Source: http://www.technologyreview.com/

28 August 2007 – Delete This!

A series of legal events means that companies that have no business reason to retain documents or records may be compelled to create and retain such records just so they can become available for discovery.

Companies routinely create, maintain and store electronic records. Some records are consciously created — like memoranda, letters, spreadsheets, and even e-mails and chat or instant message communications. Other records are created inadvertently, like meta data, log records, IP history records and the like. Some information is useful to the company, and it wants to retain it, and other information is of little use, merely takes up space, creates potential liability, and represents an unwarranted threat for attack or violation of privacy. The problem for most companies in developing or maintaining a document retention/destruction policy is identifying the documents and records it wants to keep and effectively purging the ones it doesn’t want. Some recent legal events have made the problem of document retention and destruction even more complicated.

More: http://www.securityfocus.com/columnists/450

Source: http://www.securityfocus.com/

28 August 2007 – E-voting Must Stop, Warns U.K. Electoral Commission

The U.K. Electoral Commission has called for a halt to electronic voting unless major changes are made to the way the voting systems are implemented and secured.

The watchdog agency has issued a series of reports on pilot projects commissioned by the Ministry of Justice that allowed internet and telephone voting in some areas of England in last May’s local elections. A second set of reports examined electronic counting pilots.

More: E-voting Must Stop, Warns U.K. Electoral Commission

Source: http://www.computerworld.com/

28 August 2007 – End of Privacy

Privacy is getting harder to protect, with technologies such as E911-enabled cell phones, GPS, WiFi, black-box recorders in autos and surveillance in the name of public safety making it fairly simple to identify individuals. Here’s what CIOs can do about it.

We all leave a trail of data items as we move through the world, and we always have. Technology has simply made it easier and cheaper to record and analyze these traces. Today, for about half the world, there is no real privacy. The key questions, therefore, become: Who owns our personally identifying information? Who assures its accuracy and relevance? Who can access and use it? What are its permitted uses? Too many of the answers depend on where you live and how the laws there constrain or allow data use. This leaves businesses and technology managers facing some complex issues even beyond the ethical debate on how the information can be used.

More: http://www.cioinsight.com/article2/0,1540,2167409,00.asp

Source: http://www.cioinsight.com/

28 August 2007 – FAQ: How far does the new wiretap law go?

Just before leaving town for a month’s vacation, a divided U.S. Congress acceded to President George Bush’s requests for expanded Internet and telephone surveillance powers.

Over strong objections from civil liberties groups and many Democrats, legislators voted over the weekend to temporarily rewrite a 1978 wiretapping law that the Bush administration claimed was hindering antiterrorism investigations.

To help explain what the Protect America Act of 2007 means, CNET News.com has prepared the following Frequently Asked Questions, or FAQ list.

What does the new Protect America Act actually do? The new law effectively expands the National Security Agency’s power to eavesdrop on phone calls, e-mail messages and other Internet traffic with limited court oversight. Telecommunications companies can be required to comply with government demands, and if they do so they are immune from all lawsuits.

It also says, as George Washington University law professor Orin Kerr notes, that 1978 Foreign Intelligence Surveillance Act (FISA) warrants are not needed for Internet or telephone “surveillance directed at a person reasonably believed to be located outside of the United States.” What that means is that the National Security Agency can plug into a switch inside the United States (when monitoring someone outside the country) without seeking a court order in advance.

More: FAQ: How far does the new wiretap law go?

Source: http://news.com.com/

23 August 2007 – Paper Calls for Local ID Cards

A think tank has argued that local authority ‘entitlement cards’ could be more practical than the National Identity Card.

New Local Government Network (NLGN) published a pamphlet on the subject, Local Identity: The role of local entitlement cards in public service delivery, on 17 August 2007.

It says that local cards could prove to be cheaper, quicker and provide a better safeguard of identity than the national scheme. It would also be more relevant to most needs as local government provides about 80% of public services.

Victoria Barbary, author of the report, told GC News a national framework for the cards could be adopted to provide some consistency in their look, how they are used and the information procedures, and likened it to the framework provided by Visa and Master Card for companies that issue credit cards.

“It would be a light touch national framework within which each council would have its own franchise, benefits and uses, providing an individually tailored system,” she said, adding that it would have to be part of a statutory requirement.

More: Paper Calls for Local ID Cards

Source: http://www.kablenet.com/

23 August 2007 – Privacy Review Supports Data Disclosure Laws in Australia

Australia’s federal government is set to introduce data disclosure laws there as early as 2008.

The push is part of a review of the Privacy Act being undertaken by the Australian Law Reform Commission (ALRC), which began early this year. A discussion paper, recommending the introduction of these laws which would force organizations to notify customers of security breaches, will be released next month. The final report is scheduled to be delivered to the federal attorney general, Philip Ruddock, in March 2008.

More: Privacy Review Supports Data Disclosure Laws in Australia

Source: http://www.computerworld.com/

23 August 2007 – Google Launches Web History Tool in U.K.

Google has made its Web History tool available in the United Kingdom. The tool, launched in the United States in April, enables users to find Web sites they have visited, as well as edit or delete items from their Web history. It is an opt-in service. It raises privacy issues.

“Personalized search does raise privacy issues,” Fleischer wrote earlier this year in the Financial Times. “In order for it to work, search engines must have access to your Web search history. And there are some people who may not want to share that information because they believe it is too personal. For them, the improved results that personalized search brings are not matched by the ‘cost’ of revealing their Web history.” Fleischer argued that Google can handle this privacy issue by asking users if they want to opt in to the service when they open an account.

More: Google Launches Web History Tool in U.K.

Source: http://news.com.com/

23 August 2007 – Prague will Anonymise RFID City Cards

Prague Deputy Mayor announced that following the presure of EDRI-member Iuridicum Remedium and the interpellation of the member of city parliament Petra Kolinska (Green Party) the city authorities decided that RFID chips in newly issued city cards will no longer contain personal data.

This move is a reaction to the press conference Iuridicum Remedium held on 12 June2007. At the press conference cryptologist Tomás Rosa demonstrated that first and last name as well as date of birth of the owners of the newly issued city card can be easily read by any unauthorised person from a distance of a dozen centimeters even when carried in the purse or pocket. The NGO requested city authorities to stop the project of city card immediately or at least delete personal information from the chips.

More: http://www.edri.org/edrigram/number5.15/rfid-prague-cards

Source: http://www.edri.org/

23 August 2007 – Search Engines Dealing with Privacy Standards

Google has recently announced a new change in its privacy policies by reducing its cookies lifetime to just two years, but experts warn this is more a PR move than a substantial one. However, other search engines started the discussions on their privacy issues.

A new post in the Google blog announced on 16 July 2007 that, following consultations with privacy experts and user feedback, the major search engine will significantly shorten the lifetime of its cookies, as a major change from the initial policy that kept the cookies as long as possible in the future, until the year 2038. Peter Fleischer, Global Privacy Counsel from Google confirmed that they “will start issuing our users cookies that will be set to auto-expire after 2 years, while auto-renewing the cookies of active users during this time period. In other words, users who do not return to Google will have their cookies auto-expire after 2 years.” He also explained that this is part of the plan “to continue innovating in the area of privacy to protect our users.”

More: http://www.edri.org/edrigram/number5.15/search-engine-privacy

Source: http://www.edri.org/

16 August 2007 – Identity Management is Top Security Priority

Identity management and network access control are among IT security professionals’ top priorities, according to a survey conducted by RSA Conference Europe.

The security vendor’s conference arm surveyed IT professionals who will be attending the RSA Conference Europe 2006 later this month. Thirty percent of those polled said that tracking identities assigned to personnel throughout their employment, as well as keeping track of contractors and outsourced work identities, was of paramount importance.

Granting, maintaining and tracking access privileges were equally important for 32 percent of those surveyed.

More: http://news.zdnet.co.uk/security/0,1000000189,39284136,00.htm

Source: http://news.zdnet.co.uk/

16 August 2007 – Terrorist Database Stolen In Raid Was Encrypted, Police Confirm

Thieves have stolen a computer database from a company that specialises in gathering evidence from mobile phone networks to help police track suspected terrorists.

The robbers broke into the premises of Forensic Telecommunications Services (FTS) in Kent on Saturday and snatched the IT equipment, which included a server. Scotland Yard’s Counter Terrorism Command, SO15, was immediately informed of the raid.

The private company confirmed that the data stored on the server, which includes administration work and forensic case files, was encrypted. FTS emphasised that even if an attacker accessed the information it would not compromise any ongoing police investigations.

More: Terrorist Database Stolen In Raid Was Encrypted, Police Confirm

Source: http://www.scmagazine.com/uk/

16 August 2007 – Electronic Sick Notes Behind Benefits Drive

The Department for Work and Pensions in Wales is looking to improve benefits administration through the use of electronic sick notes.

The DWP is planning to pilot a system covering GP practices in Wales, which will see GPs fill out electronic versions of patient sick note forms. The scheme is in its early stages of development and no decision has yet been made on when it will start or how many GP surgeries will be involved.

A DWP spokesperson told GC News on 15 August 2007: “The DWP is in the process of procuring the necessary software changes to be able to test the use of electronic sick notes in Wales. The initiative is about improving communication and transfer of information with GPs, which in turn feeds into the process for the general administration of benefits.”

More: Electronic Sick Notes Behind Benefits Drive

Source: http://www.kablenet.com/

16 August 2007 – ICO Launches Data Sharing Consultation

The Information Commissioner’s Office (ICO) has launched a consultation on its new framework code of practice for sharing personal information.

The privacy watchdog is inviting comments on its 18-page framework code, which aims to help organisations to adopt good practice when sharing information and comply with the Data Protection Act.

The public consultation period, which runs until 28 September, hopes to gather feedback on the proposed guidelines, which cover issues such as security and access to personal data, retention, and personal information sharing. The ICO also hopes organisations will use the framework to produce their own codes of practice.

“Good practice in this area is of paramount importance,” said Iain Bourne, head of data protection projects at the ICO. “Organisations that share information must do so responsibly. If they do not, they risk losing individuals’ trust.”

More: ICO Launches Data Sharing Consultation

Source: http://www.scmagazine.com/uk/

15 August 2007 – BBC Reveals Defects in ID Cards

A File on Four radio programme has shown the UK government’s proposed identity card scheme to be badly co-ordinated and lacking in accountability.

The programme, broadcast on 31 July 2007, included an interview with Computer Weekly’s news editor and several experts from the identity-management and IT community. It was apparent from the interviews that civil servants are struggling with the vagueness of the project.

Peter Tomlinson, an IT consultant and specialist in smart card technology, told File on 4 he had attended government meetings where the ID card programme was discussed.

He was puzzled when officials from the Home Office, which was the department in charge of ID cards, did not appear to be present. “The meetings were called by people in the Cabinet Office. There were topics on the agenda that were set by people in the Cabinet Office and we kept on thinking: why are we not seeing people from the Home Office.

More: BBC Reveals Defects in ID Cards

Source: http://www.computerweekly.com/

15 August 2007 – Poor Company Policy Aids Identity Theft

Many businesses are still in the dark ages when it comes to making sure customers are who they say they are, reveals a new report by risk management experts Experian.

The report shows that 70 percent of financial services companies still rely on fraud-friendly paper documents to authenticate a person’s identity, and 36 percent of retailers and 40 percent of telecommunications companies are still doing it.

According to the survey too many industries are left hamstrung by their reliance on the use of passports, utility bills and driving licences for authentication, despite the fact that electronic systems are generally considered to be safer and faster for all concerned.

“It’s staggering to think that today’s businesses are still using paper documents to confirm a person’s identity,” said Anne Green, fraud consultant at Experian.

More: Poor Company Policy Aids Identity Theft

Source: http://www.securecomputing.net.au/

15 August 2007 – Government Tenders for ID Scheme Supplier

The government has issued a tender to run a procurement framework for the National Identity Register and the related national ID card and biometric passport, known collectively as the National Identity Scheme (NIS).

Initial bids to manage the procurement programme are expected to come in at up to £500m. Speaking exclusively to Computer Weekly, Passport Service CEO, James Hall, stood by previous estimates that the entire project will cost £5.5bn.

Researchers at the London School of Economics have said it will cost at least double this.

More: Government Tenders for ID Scheme Supplier

Source: http://www.computerweekly.com/

15 August 2007 – Study: Facebook Users Divulge Too Much Sensitive Data

More than a third (41 percent) of Facebook users reveal sensitive personal data to a stranger heightening the chances of becoming a victim of identity theft, new research shows.

A random snapshot of users from the social networking site revealed that more than two in five will divulge information, including email address, phone number and date of birth, according to the latest survey by security vendor Sophos.

The test involved creating a spoof Facebook profile before sending out friend requests to individuals chosen at random worldwide. The profile page, named ‘Freddi Staur’, contained a picture of a small green plastic frog and featured minimal personal information.

More than 200 friend requests were requested to observe how many people would respond, and how much personal information could be gleaned from the recipients.

Nearly three-quarters (72 percent) of the recipients revealed one or more of their email addresses, 84 percent listed their full date of birth and 78 percent named their current address.

More: Study: Facebook Users Divulge Too Much Sensitive Data

Source: http://www.securecomputing.net.au/

14 August 2007 – Online Forum Claims ‘Certegy’ Breach Led to ID Theft

The former Certegy employee who sold millions of customer records to direct marketers may also have set off a string of identity theft attacks, contrary to reports from the check verification company, according to a group of online posters.

Since the breach was announced in early July, St. Petersburg, Fla.-based Certegy has been steadfast in its claim that none of the 8.5 million records illegally sold to direct marketing firms have been used fraudulently.

But a number of posters in a Bed, Bath and Beyond online forum accuse Certegy of not being honest. According to the forum, a class-action lawsuit against the company is taking shape over the breach.

“I just found out a few days ago that my husband and I are now the victims of identity theft,” an Oklahoma woman using the alias “Class Action Suit Ready” wrote last week on the bulletin board.

“As he called his credit card company to prove his innocence, I realised it was only a few days after the notification letter [from Certegy] that all of the fraudulent checks were written on his account.

More: Online Forum Claims ‘Certegy’ Breach Led to ID Theft

Source: http://www.securecomputing.net.au/

14 August 2007 – Forensic Data Stolen in Server Theft

Thieves have stolen a computer server that contains files of forensic evidence used by police in serious criminal investigations.

FTS, a company that provides evidence on telephone use for police forces in connection with their investigations, confirmed the theft from its Kent premises in a statement on 12 August 2007.

The break-in took place at FTS’ Sevenoaks office overnight on 6-7 August. The data contained on the server is believed to relate to cases where the evidence has already been disclosed to defence solicitors, as well as old cases where judgements have already been passed.

FTS said: “In the unlikely event that the server was accessed, none of the data stored on the server in any way compromises ongoing police operations. All the data was restored within 24 hours due to FTS’ business continuity measures.”

More: Forensic Data Stolen in Server Theft

Source: http://www.kablenet.com/

14 August 2007 – ISPs Suspected of Massive Identity Theft in Korea

More than seven million illegal sign ups claimed by police.

Police are investigating South Korea’s two biggest ISPs on suspicion that they broke identity theft laws on more than seven million occasions. The two companies, KT and Hanaro Telecom Inc, are suspected of signing up more than seven million customers for services without their permission, according to police sources cited by local media today.

Many of the company’s internet service customers were apparently illegally signed up for additional services by telephone sales agents, who did not obtain the written consent required under law, police say. Reports say the two ISPs may have illegally signed up 7.3 million of the 10 million households and businesses in the country that rely on them for internet service.

More: ISPs Suspected of Massive Identity Theft in Korea

Source: http://www.securecomputing.net.au/

14 August 2007 – Land Registry Denies ID Fraud Risk

The Land Registry has attempted to dampen accusations that its online register leaves home owners open to ID fraud.

It has denied claims by the NO2ID group that it has not paid sufficient attention to security in making mortgage deeds and leases available online, and that they could reveal information which could be used to steal an individual’s identity.

The Land Registry insisted that thean open register is the norm, and that many other countries had bee operating open systems for much longer than the UK.

“The system’s transparency is designed to combat fraud; no one can say they own a property that is registered to someone else,” it said in a statement on 13 August 2007.

More: Land Registry Denies ID Fraud Risk

Source: http://www.kablenet.com/

14 August 2007 – There Are no Short-Cuts for the Impatient Tories

The Bourbon strain within the Conservative Party is very strong. It was said of that royal family of France – deposed, restored, then, in 1848 deposed forever – that they “had learnt nothing and forgotten nothing”.

Listen to Sir Stanley Kalms, Lord Saatchi and Lord Tebbit, very Bourbon the lot of them; elder, ennobled, wealthy, looking back to great days, impatient with young whippersnappers fumbling with the tiller. Being older but not all that wise, they communicate the need for an authentic, ie, Right wing Tory Party, not quietly and constructively, but papal style -– to the City and the world.

Thanks a bundle. David Cameron has made mistakes but no slip of his has approached the harm inflicted by sticks waved at the leader by aged eminent persons. When will they, and along with them, the people who write to the Press denouncing this useless, new-fangled leadership, learn something rather obvious?

More: http://www.yorkshirepost.co.uk/opinion?articleid=3105119

Source: http://www.yorkshirepost.co.uk/

13 August 2007 – Lawsuit: Apple Puts Customers at Risk for ID Theft

Apple Computer, known as much for secretive ways as it is for developing widely popular consumer electronics such as the iPod and iPhone, has been sued for disclosing too much of its customers’ personal information.

The class action lawsuit, filed on behalf of Angely Maria and Todd Narson in the Southern District Court in Miami, charges Apple with violations of the Fair Credit Reporting Act(FCRA) that put its customers at risk for identity theft.

According to the lawsuit, Apple printed credit card expiration dates on Apple Store online receipts, violating a 2003 amendment to the FCRA.

That amendment states that “No person that accepts credit cards or debit cards for the transaction of business shall print more than the last five digits of the card number or the expiration date upon any receipt provided to the card holder at the point of sale or transaction.”

The copies of Apple electronic receipts included as exhibits in the complaint also show the purchaser’s name, home address, phone number and e-mail address. That information was redacted on the copies included with the lawsuit.

More: Lawsuit: Apple Puts Customers at Risk for ID Theft

Source: http://www.securecomputing.net.au/

13 August 2007 – IPS Launches ID Card Procurement

The Identity and Passport Service is to set up a framework of suppliers to develop the National Identity Card Programme.

It posted a tender notice in the Official Journal of the European Union on 9 August 2007, inviting companies to apply for a place among a pool of suppliers to meet the technological requirements of the programme.

The IPS said the tender will pave the way for a framework agreement, creating a list of prequalified suppliers with a set of agreed contract terms. It will then be able to procure its requirements from the pool as and when required.

Bill Crothers, executive director of commercial procurement for the IPS, said it expects to select about five companies, most likely from among the major systems integrators. They will then have to take part in “mini-competitions” to run different parts of the programme under contracts lasting for up to 10 years.

More: IPS Launches ID Card Procurement

Source: http://www.kablenet.com/

13 August 2007 – ID Cards ‘could be a Big Brother tax trap’

Identity cards could provide a back door for the taxman to snoop on people’s affairs using a database of National Insurance numbers.

The card system will use an existing NI database to log details, potentially making it easier for tax inspectors to keep tabs. Officials had hoped to base ID cards on a National Identity Register but will instead use the Customer Information System run by the Department of Work and Pensions.

This holds the records of everyone with a NI number, sparking concerns that HM Revenue & Customs could track a person’s personal life through their ID card, which must be produced whenever a proof of identity is required.

More: ID Cards ‘could be a Big Brother tax trap’

Source: http://www.telegraph.co.uk/

13 August 2007 – U.K. Churches, Scouts May Fingerprint Leaders, IDs Chief Says

Churches, mosques and scout groups may start fingerprinting volunteers working with children to confirm they don’t have criminal records, the man in charge of introducing the first U.K. biometric identity cards said.

James Hall, chief executive of the Identity and Passport Service, said the system would be voluntary at first, to allow groups to speed up background checks. He said he expected the price of fingerprint scanners to fall.

“Whether every scout group would think that was a cost- justifiable expenditure I don’t know,” Hall said in an interview in London. “No doubt as demand grows prices will fall. Maybe in 10 years time people will think that’s a justifiable expense and entirely appropriate.”

More: U.K. Churches, Scouts May Fingerprint Leaders, IDs Chief Says

Source: http://www.bloomberg.com/

13 August 2007 – Procurement Begins for ID Cards

Summer launch after long wait will anger opponents.

The government has finally launched the delayed procurement process for its controversial £5.3bn ID cards scheme in a move likely to inflame opposition because it comes during the parliamentary recess.

The ID cards and national identity register scheme is so contentious that in February the Conservative Party issued an unprecedented warning to potential suppliers that it would scrap the project if it came to power at the next election.

The latest delay to procurement came as Gordon Brown prepared to take over as prime minister in June. Then, James Hall, chief executive of the Identity and Passport Service, said procurement for IT systems to support the scheme was set to begin, but “we’re not quite ready yet”.

More: Procurement Begins for ID Cards

Source: http://www.computerworlduk.com/

9 August 2007 – Firms Call for Clarity on ID Cards

Experts have urged the new minister in charge of the government’s identity card project, Meg Hillier, to provide more information on the features and cost of the scheme to help businesses better plan their own identity management investments.

The Home Office minister’s promotion hands her something of a poisoned chalice, with the ID card procurement process having been repeatedly delayed and criticism mounting over the £50m the government has so far spent on consultants for the project.

Now the business community has added to her in-tray with calls for greater disclosure on the project’s timeline, costs and capabilities.

More: http://www.channelweb.co.uk/itweek/news/2195686/firms-call-clarity-id-cards

Source: http://www.channelweb.co.uk/

9 August 2007 – Britain ‘Sleepwalking into Surveillance Society’ as Personal Data is Passed Around

Confidential personal data is being shared at unprecedented levels, the information watchdog will warn today.

Data from sources as diverse as store loyalty cards, electronic travel cards and driving licences is being used without people’s knowledge as never before.

People have “almost zero awareness” of how the information is being passed around because the web of public and private organisations storing it has become so complex.

Experts fear it will soon be impossible to stop the “information sharing juggernaut”.

The comments, from information commissioner Richard Thomas, will fuel fears Britain is becoming a “surveillance society” and stoke concerns over how data is being used in a statement today.

More: Britain ‘Sleepwalking into Surveillance Society’ as Personal Data is Passed Around

Source: http://www.dailymail.co.uk/

9 August 2007 – Q&A: Meet the Borat of Hackers

LAS VEGAS — Ever hear of the nation of Hackistan? I hadn’t until I met the president of Hackistan, who happened to be manning a booth at the Black Hat conference here Wednesday. He showed me on a map how Hackistan borders North Sloberia, East Sloberia and the Alpha Zone. The prez was kind enough to grant an interview to explain the important international role his country now plays in identity theft, hacking networks and phishing.

More: http://www.networkworld.com/news/2007/080207-hackistan.html

Source: http://www.networkworld.com/

9 August 2007 – Survey: Half of Compliance Pros Say Their Organizations Botching Identity, Access Control

Polled about their organization’s approaches to identity and access management, audit and compliance professionals in industry and government expressed a high level of frustration with how their IT and business management units are managing IAM.

Almost half (45%) of the 845 respondents questioned by the Ponemon Institute for the research study released today said their own organization does not effectively focus its IAM policies and controls on areas of business risk.

The compliance professionals, 68% of whom said IAM products were in use in their organizations, also expressed frustration that IT and business management groups weren’t collaborating well in deploying IAM.

More: Survey: Half of Compliance Pros Say Their Organizations Botching Identity, Access Control

Source: http://www.networkworld.com/

9 August 2007 – ID Cards Marked for Fast Rollout

Treasury report will call for rapid take-up by citizens, say sources.

Identity cards should be rolled out to citizens as quickly as possible, an influential Treasury-backed report will recommend to ministers this month.

Sir James Crosby’s review of private sector uses of the proposed biometric ID scheme was due to be published with the Budget in March. According to insiders, the former HBOS chief executive’s report will be circulated internally in the coming weeks and is to be published when Parliament reconvenes in early October.

‘Probably the strongest theme will be a recommendation to establish a critical mass of cardholders very fast, to enable both public and private sectors to get the benefits of the scheme and start building ID checks into business models,’ said a senior source.

More: http://www.computing.co.uk/computing/news/2196225/id-cards-marked-fast-rollout

Source: http://www.computing.co.uk/

8 August 2007 – From Russia With Larceny

Finjan, a developer of Web security products, has found what has to be the nastiest of malware yet because it inserts itself into a legitimate online banking transaction that’s supposed to be protected by SSL encryption.

The company is calling this new form of thievery “crimeware,” as if we needed another term to keep straight, but it’s nasty stuff. In just the month of July, Finjan identified 58 criminals using the MPack toolkit to infect over 500,000 unique users. MPack may be the most dangerous malware development kit seen yet. It is a PHP-based kit produced by Russian hackers for building mostly keylogging software. It’s actually sold and supported by the Russians, complete with a service contract for new versions, and is upgraded every two to four weeks. It’s not the first time a service contract has been offered for software that supports the spread of malware.More: http://www.insideid.com/article.php/3692951

Source: http://www.insideid.com/

8 August 2007 – In This Edition of Privacy Theater, Google’s Cookie Monster

Contrary to Google’s recent statements, the company’s new policy for issuing cookies won’t meaningfully help protect users’ privacy. Shorter cookie life spans can help limit a site’s ability to track you, but Google’s change doesn’t amount to any practical difference.

To its credit, Google did decide in March to delete key identifying information in its search logs, including cookie ID numbers, after 18 months. As we said at the time, this is a good first step towards protecting users’ privacy, but more is needed. Unfortunately, Google’s new policy for issuing cookies doesn’t move the ball forward.

More: http://www.eff.org/deeplinks/archives/005362.php

Source: http://www.eff.org/

8 August 2007 – Joint Consumer Comments on RFID in Europe

European consumer groups ANEC and BEUC have issued a joint policy paper on RFID in Europe. The position paper, based on the European Commission Communication on RFID from March 2007, is their contribution to the RFID Experts stakeholder group and designed to help the European Commission draft a recommendation on privacy and security aspects of RFID.

The groups recommended that the Commission begin “impartial and comprehensive information campaigns on the RFID technology, its potential benefits and risks,” to help consumers choose whether to use RFID. Also suggested is the formation of “a European committee dealing with ethics should be created and consulted” concerning any RFID or near field communication (NFC) technology applications.”

More: http://www.epic.org/alert/EPIC_Alert_14.15.html

Source: http://www.epic.org/

8 August 2007 – Medical Privacy Bill Introduced in Senate

On July 18, the Health Information Privacy and Security Act of 2007 (HIPSA) (S.1814), was introduced into the Senate. The bill was sponsored by Senator Patrick Leahy (D-VT) and co-sponsored by Senator Edward Kennedy (D-MA). HIPSA seeks to provide individuals with access to their personal health information while ensuring patient privacy.

HIPSA provides individuals the right to access their health data, prohibits the use of health data without patient authorization. The bill requires that organizations that store health information electronically notify individuals of their privacy practices and establish adequate safeguards to prevent security breaches, or face civil penalties. If a breach does occur, the bill requires patient notification within 15 days of the occurrence. HIPSA also authorizes the Attorney General to file a civil action against organizations that do not properly safeguard electronic health records or provide individuals with information about their health privacy rights.

More: http://www.epic.org/alert/EPIC_Alert_14.15.html

Source: http://www.epic.org/

8 August 2007 – Canadian Businesses Stumbling over Privacy Compliance

Almost a third of Canadian businesses are dragging their feet when it comes to complying with private-sector privacy law. According to a survey recently released by the office of Jennifer Stoddart, privacy commissioner of Canada, 31% of businesses are either still in the process of complying with such law or have yet to begin.

Only one in two businesses said they have a high awareness of their responsibilities under the Personal Information Protection and Electronic Documents Act (PIPEDA), and just a third said they have trained staff to handle privacy issues. Worse, according to Stoddart’s office, is the fact that only one in five has sought clarification of their role.

More: Canadian Businesses Stumbling over Privacy Compliance

Source: http://www.computerworld.com/

7 August 2007 – Yahoo Joins Google, Microsoft in Changing Privacy Policy

Responding to concerns from privacy advocates and the public, Yahoo Inc. said yesterday it will make user search data anonymous after 13 months.

The news comes shortly after other Internet companies, including Google Inc. and Microsoft Corp., have taken similar steps to limit the storage of personal data. “One of the core tenets of this company is the relationship and trust we have with our users,” said Yahoo spokesman Jim Cullinan in a statement e-mailed to Computerworld.

More: Yahoo Joins Google, Microsoft in Changing Privacy Policy

Source: http://www.computerworld.com/

7 August 2007 – Perspective: It’s about Piracy, Not Privacy

Just in time for the theatrical release of Harry Potter and the Order of the Phoenix, a judge has held that an Internet-based service may not offer its users an invisibility cloak.

The court ordered TorrentSpy to preserve server log data, and make it available to the Motion Picture Association of America as part of the ongoing litigation between them. TorrentSpy objected to the initial request for the preservation and production of the server logs on a number of grounds. Its lawyers claimed that preserving the data would be an undue burden requiring great technical resources and significant funds.

More: Perspective: It’s about Piracy, Not Privacy

Source: http://news.com.com/

7 August 2007 – Your Boss Is Spying on You Right Now. What Can You Do About It?

From the moment you walk into work until the moment you leave, your boss or his minions may be spying on you.

Computerworld has noted before that surveillance cameras are becoming more common in the workplace (“Big Brother is watching you … and he’s a computer”). But what we are talking about here is the more insidious tracking of your digital footprints as you go about your computing workday. When you start thinking about all the ways that you can be digitally tracked, it can make even the least paranoid person sit up and take notice.

More: Your Boss Is Spying on You Right Now. What Can You Do About It?

Source: http://www.computerworld.com/

7 August 2007 – Temple University Eliminates Social Security Numbers as Primary ID Method

College and university systems can be prime targets for identity thieves and hackers — think open computing environments in which students freely download files, interact on social networking sites and use peer-to-peer applications.

To reduce the risk of personal data being exposed, Temple University in Philadelphia launched an initiative three years ago to eliminate the use of Social Security numbers as a primary means of identifying students and staff. “People aren’t expecting to see their Social Security numbers anywhere today,” says Barbara Dolhansky, associate vice president of computer systems at the university. But in a sprawling environment such as Temple’s, identifying every point at which that information was being collected and stored was no easy task.

More: Temple University Eliminates Social Security Numbers as Primary ID Method

Source: http://www.computerworld.com/

7 August 2007 – Microsoft, Ask.com Pressure Google on Privacy

Microsoft Corp. is joining Ask.com in offering Web surfers a way to use its search engines anonymously, and the two companies are now calling on the search and online advertising industry to develop a common set of privacy practices.

By year’s end, Microsoft will give users a way to search anonymously on its Microsoft Windows Live Web sites, and it will also implement a new data retention policy that after 18 months will scrub all search query data of any information that could be used to identify the searcher. “We think that we as an industry ought to take a look at ways to further enhance privacy protections,” said Microsoft Chief Privacy Strategist Peter Cullen. “We’re really trying to make sure that people always have the ability to have a trusted experience.”

More: Microsoft, Ask.com Pressure Google on Privacy

Source: http://www.computerworld.com/

6 August 2007 – Ask.com Takes the Lead on Log Retention; Microsoft and Yahoo! Follow

We’ve often regretted that the most popular search engines have been keeping a dossier of everything you search for — forever. It’s easy to forget just how intrusive this kind of record can be until something like the AOL search history leak occurs and confronts users with even a portion of the search logs that track their everyday on-line activities.

Thus, it’s exciting to hear that Ask.com plans to take a leap into the lead of search engine privacy by expressly allowing users to opt-out of tracking — as the Associated Press and Ars Technica report, Ask has pledged to launch a service called AskEraser that allows users to decline to stop their search histories from being logged. And now, it looks like our hope that other search engines would follow Ask’s lead is becoming a reality, and faster than we expected: Microsoft announced over the weekend that it is now intending to offer users the ability to opt out of having their searches automatically associated with a single identifier. Meanwhile, Yahoo! is reportedly shortening its retention period to 13 months, so far the shortest such period amongst the major search engines.

More: http://www.eff.org/deeplinks/archives/005370.php

Source: http://www.eff.org/

6 August 2007 – Ask.com to Let Users Scrub Search Records

Search portal Ask.com plans to make it easier for Web searchers to cover their tracks.

The company is introducing a feature to its Web portal later this year called AskEraser, which will let users perform anonymous searches. When AskEraser is turned on, the Web site will not retain the data it typically stores during a search, said Patrick Crisp, an Ask.com spokesman. “We will allow users to select a privacy setting that says, ‘I do not want you to retain my data at all,’” he said. If AskEraser is not turned on, the site will store the search query, the IP (Internet Protocol) address and some cookie information from the user, as well as the URL the user visited before coming to Ask.com, Crisp said.

More: Ask.com to Let Users Scrub Search Records

Source: http://www.computerworld.com/

6 August 2007 – Opinion: The Stalker in Your Pocket

For most of a century, nosey people, both professional and amateur, have used microphones and cameras to listen to and watch unsuspecting targets. In recent years, the miniaturization of electronics has enabled these devices to be hidden. Extreme drops in price have made spy electronics available to anyone, even creepy stalker types. The only remaining challenge is placement: If anyone wants to capture the juicy tidbits, they’ve got to have a microphone or camera in the right place at the right time. Enter the camera phone, a dream come true for not just spies but a new breed of “cell phone stalkers”.

More: Opinion: The Stalker in Your Pocket

Source: http://www.computerworld.com/

6 August 2007 – Identity Theft? What Identity Theft?

GAO report concludes that theft of personal information isn’t a problem, but notifying consumers Is! The GAO reports that identity theft really isn’t a problem. The problem, apparently, is that the process of notifying consumers whenever their personal financial information has been compromised is confusing us simple-minded folks. Yes, I’ve got that right. It’s not a comedic headline from The Onion.

The SANS NewsBites, one of my top information sources on security news, turned me on to The United States Government Accountability Office’s new report to congressional requesters called Personal Information: Data Breaches Are Frequent, but Evidence of Resulting Identity Theft is Limited; However, the Full Extent is Unknown. The 50-page report was developed to assist Congress with crafting all the various data breach notification legislation being proposed (the Data Security Act of 2007 (H.R. 1685), Data Accountability and Trust Act (H.R. 958), Identity Theft Prevention Act (S. 1178), and the Personal Data Privacy and Security Act of 2007 (S. 495), to name a few.) Overall, it’s not an entirely bad report, but it comes to nebulous conclusions.

More: http://www.infoworld.com/article/07/07/20/29OPsecadvise_1.html

Source: http://www.infoworld.com/

6 August 2007 – Google’s Cookie Cut May Not be Enough for EU

A member of an influential European Union privacy group has said it will meet to discuss whether Google has gone far enough in reducing the amount of time the Google cookie stays on computers.

Alexander Dix, Berlin’s security and privacy representative, told CNET News.com sister site ZDNet UK that the Article 29 Data Protection Working Party, a group of European privacy experts, welcomed Google reducing its cookie time to two years, but said the group would discuss whether Google has gone far enough.

More: Google’s Cookie Cut May Not be Enough for EU

Source: http://news.com.com/

2 August 2007 – Irish Insurance Industry Gets Personal Data from Police

The Irish Data Protection Commissioner has indicated that there is a widespread problem with government officials selling or leaking personal information to the insurance industry.

Recent media reports have indicated that members of the Irish police force have been providing access to the police computer system to insurance companies investigating car accidents. An inquiry arising from those concerns has discovered that there is also a wider problem in the insurance industry involving access to private social welfare records of individuals. The Data Protection Commissioner Billy Hawkes is quoted as saying that the practice of obtaining such information has been and continues to be “systematic” across the industry.

More: http://www.edri.org/edrigram/number5.14/irish-data-leaking

Source: http://www.edri.org/

2 August 2007 – Traffic Data Could be Retained for One Year in Spain

The Spanish Plenary Congress of Deputies approved on 21 June 2007 the draft law on the retention of traffic data requiring fixed and mobile telephony, but also ISPs to retain data for a period of one year and to make it available to law enforcement or secret services under court order.

The bill, called Electronic Communications and Public Communications Network Data Storage Act, represents the implementation of the EU Directive 2006/24/CE on data retention. According to the draft act, the data will be retained only with the purpose to: “detect, investigate and prosecute serious crimes stipulated by the Criminal Code and other special laws” and could be accessed by law enforcement and secret services only under court order.

More: http://www.edri.org/edrigram/number5.14/data-retention-spain

Source: http://www.edri.org/

2 August 2007 – Belgium ISP Ordered by the Court to Filter Illicit Content

In an unprecedented decision, the Court of First Instance in Bruxelles has order Scarlet, a Belgium ISP, to implement technical measures in order to prohibit its users to illegally download music files.

The decision comes after a complaint initiated in 2004 by Sabam (Belgian Society of Authors, Composers and Publishers) against the Belgium ISP Tiscali, now renamed as Scarlet. A first intermediary ruling of 26 November 2004 accepted the possibility for an ISP to disconnect customers if they violate copyrights, and block the access for all customers to websites offering file-sharing programs. But further technical clarifications were needed, so an expert was appointed in order to present its opinions.

More: http://www.edri.org/edrigram/number5.14/belgium-isp

Source: http://www.edri.org/

2 August 2007 – European Parliament Adopts Harsh Resolution on the New PNR Agreement

On 10 July 2007 the members of the European Parliament (EP) adopted with an overwhelming majority, close to 90%, a Resolution that heavily criticizes the new PNR agreement struck by the European Commission with the US Department for Homeland Security (DHS), considering it “substantively flawed”, in particular by “open and vague definitions and multiple possibilities for exception”.

The EP considers that the new deal still fails to offer an adequate level of data protection and that it has been concluded without any involvement of parliaments from both sides, lacking democratic oversight.

More: http://www.edri.org/edrigram/number5.14/EP-PNR-resolution

Source: http://www.edri.org/

2 August 2007 – Microsoft Adware Patent Raises Eyebrows

Microsoft has filed for a patent for an advertising system that would use just about anything on a computer’s hard drive as a contextual trigger to deliver advertising.

Microsoft has filed for a patent for an “advertising services architecture” that would allow, for instance, your word processor to display ads to you based on the words that you were typing, or for your media player app to display ads to you based on what music it found on your hard drive. The application, filed July 5th, seems to indicate a system that would leave no stone unturned in its search for context data, and would operate at the operating system level to monitor potentially anything the user does, and any data the user interacts with, and would target ads to the user based on that data.

More: http://www.ddj.com/windows/201001859?cid=RSSfeed_DDJ_All

Source: http://www.ddj.com/

1 August 2007 – Google: User Cookies to Expire after Two Years

Google Inc. said it will soon start issuing user cookies that automatically expire after two years for users who don’t return to the search site.

However, the cookies — small bits of code stored on a computer — of users who continue to click on Google for search during this time period will automatically renew, wrote Peter Fleischer, Google’s privacy counsel in the official Google blog yesterday. “Regular Google users will have their cookies auto-renew, so that their preferences are not lost,” Fleischer said. “And, as always, all users will still be able to control their cookies at any time via their browsers.” He said the new cookie policy will start “in the coming months.”

More: Google: User Cookies to Expire after Two Years

Source: http://www.computerworld.com/

1 August 2007 – Data Mining at the FBI: Digging for Terrorists, Insurance Scammers, and Identity Thieves

Students who turn in research papers four months late are likely to be rewarded with a big fat zero; the Department of Justice, on the other hand, has to face the wrath of Sen. Patrick Leahy (D-VT), who chairs the Senate Judiciary Committee. Leahy was unhappy after the DoJ turned in a late report on the FBI’s use of data mining, but he was unhappier still about the report’s conclusions than its tardiness.

“This report raises more questions than it answers and demonstrates just how dramatically the Bush Administration has expanded the use of this technology, often in secret, to collect and sift through Americans’ most sensitive personal information,” Leahy said in a statement. “Unfortunately, the Congress and the American public know very little about these and other data mining programs, making them ripe for abuse.”

More: Data Mining at the FBI: Digging for Terrorists, Insurance Scammers, and Identity Thieves

Source: http://arstechnica.com/

1 August 2007 – European Task Force Lists RFID Privacy Threats

The European Parliament’s technology assessment task force has concluded in a study (download PDF) that the public is unaware of what it calls considerable threats posed by radio frequency identification technology to the security of their personal information.

The June survey, titled “RFID and Identity Management in Everyday Life,” cited a number of high-profile RFID implementations in Europe as examples of the growing prevalence of the technology on the continent, and listed actual and potential problems with each. “Until recently, RFID was mainly used for logistical purposes to identify cargo,” stated the report. “Now it has entered the public space on a massive scale: public transport cards, the biometric passport, micro-payment systems, office ID tokens, customer loyalty cards, etc.”

More: European Task Force Lists RFID Privacy Threats

Source: http://www.computerworld.com/

1 August 2007 – EPIC Urges Protection of Internet Subscriber Data

On July 9, EPIC joined five groups in filing a “friend of the court” brief in New Jersey v. Reid, an appeal to the state Supreme Court regarding an illegal subpoena to an Internet service provider demanding data on a subscriber. The lower court held that subscribers have a reasonable expectation of “informational privacy,” defined as “the ability to control the acquisition or release of information about oneself.”

In their brief, the groups explained, “This case raises far-reaching questions about the scope of privacy protection in the electronic environment,” especially because subscriber information “can reveal substantially more about an individual than, for example, the phone numbers she dials.” The groups urged the NJ Supreme Court to uphold the ruling: “Like the ability to engage in phone calls confidentially from one’s home, so too is the right to make confidential electronic communications from one’s home computer deserving of protection.”

More: http://www.epic.org/alert/EPIC_Alert_14.14.html

Source: http://www.epic.org/

1 August 2007 – EPIC Among Groups Discussing National Security Letters With FBI

On July 9, FBI Director Robert S. Mueller III met with EPIC and several other privacy groups to discuss the FBI’s new internal guidelines for the use of national security letters (NSLs). NSLs are an extraordinary search procedure by which the FBI can compel disclosure of data from telephone companies, financial institutions, Internet service providers and consumer credit agencies without judicial approval.

In March, the Department of Justice’s Office of the Inspector General (OIG) issued a report detailing significant abuse of the FBI’s NSL powers. On March 29, 2005, EPIC sent a Freedom of Information Act request seeking records on the FBI’s use of its expanded Patriot Act powers. The documents obtained by this request describe 13 cases of possible FBI misconduct in intelligence investigations. In response to these reports, the FBI issued new internal guidelines to all of its agents in June on the “use, requirements, and reporting of National Security Letters.”

More: http://www.epic.org/alert/EPIC_Alert_14.14.html

Source: http://www.epic.org/

31 July 2007 – EPIC Comments on New Phone Customer Privacy Rules

This week EPIC joined nine other privacy and consumer in submitting comments to the Federal Communications Commission (FCC) calling for stronger safeguards for customers’ telephone records. The Consumer Coalition recommended that the FCC establish comprehensive privacy rules that would require telephone companies to limit access to and retention of consumer call data, implement audit trails to track access to data, and curtail delays of law enforcement to customer notification in the event of a security breach.

Last month, in response to a 2005 EPIC petition, the FCC adopted new rules to strengthen the security of consumers’ phone records and requested comments on additional security proposals. The new rules relate to the treatment of customer proprietary network information (CPNI), which includes time, date, duration and destination number of each call, type of network a consumer subscribes to, and any other data that appears on the consumer’s telephone bill.

More: http://www.epic.org/alert/EPIC_Alert_14.14.html

Source: http://www.epic.org/

31 July 2007 – EU and US Reach Agreements on Data Sharing

On June 28, the European Union and the United States reached agreements on two forms of data sharing – that of passenger travel records and that of consumers’ financial data.

The first agreement concerns the transfer of passenger name record (PNR) information for travelers on all flights originating in the EU and landing in the US. A 2004 agreement on the same subject was declared invalid by the European Court of Justice in 2006. Although the Court’s decision did not address the privacy issues of PNR data transfer, EU officials have expressed concern during agreement negotiations over the amount of data collected, the length of time for which the data is retained, and the lack of access and redress for EU citizens.

More: http://www.epic.org/alert/EPIC_Alert_14.14.html

Source: http://www.epic.org/

31 July 2007 – Interpol Chief Wants Databases to Track Criminals

The head of Interpol believes terrorists and other criminals are traveling freely around the globe in ways that police agencies find difficult to track, but he says he knows how to cripple their movements.

Interpol Secretary General Ronald Noble on Wednesday suggested two solutions: first, airlines should forward passenger data on international flights to Interpol; and second, nations that arrest foreign visitors should share those fingerprints with the international police agency as well.

Noble, who is meeting on Thursday with American Airlines to discuss the proposal as a pilot project, said linking databases can help detect people flying on passports reported as lost or stolen. Ramzi Yousef, who was convicted of the 1993 World Trade Center bombing, entered the United States carrying a stolen Iraqi passport.

More: http://news.com.com/2100-1028_3-6196190.html

Source: http://news.com.com/

31 July 2007 – Ruling Endangers Privacy in Email and IP Addresses

The Ninth Circuit recently held [PDF] in US v. Forrester that the Fourth Amendment does not protect against government surveillance of the to/from addresses of one’s email messages, the IP addresses of websites one has visited, and the total volume of information transmitted to or from one’s ISP account.

This dangerous decision relies on a faulty analogy. The court accepted the argument that, because it is not a Fourth Amendment search for the government to capture dialed telephone numbers with “pen registers” and “trap and trace devices,” the same is true for capturing email addresses (as opposed to subject lines in email headers) and IP addresses. But, as we’ve pointed out elsewhere, the latter can reveal far more intimate details about Internet activities. Unlike a phone number, an email address can communicate a message (e.g., “VoteBush@aol.com” or “repealPatriot@eff.org”) and include constitutionally protected content.

More: http://www.eff.org/deeplinks/archives/005358.php

Source: http://www.eff.org/

31 July 2007 – FBI Data Mining Programs Target More Than Just Terrorists, DOJ Says

The FBI is using data mining programs to track everyone from potential terrorists to individuals who file fraudulent automobile insurance claims, according to a U.S. Department of Justice report filed with Congress this week.

The DOJ report, which is required under the Patriot Improvement and Reauthorization Act of 2005, details six pattern-based data mining initiatives currently under way or planned by the department and its components. “Each of these initiatives is extremely valuable for investigators, allowing them to analyze and process lawfully acquired information more effectively in order to detect potential criminal activity and focus resources appropriately,” a DOJ spokesman said in an e-mailed statement.

In a statement, Sen. Patrick Leahy (D-Vt.), chairman of the Senate Judiciary Committee, said the report was four months late and raised more questions than it answered. The report “demonstrates just how dramatically the Bush administration has expanded the use of [data mining] technology, often in secret, to collect and sift through Americans’ most sensitive personal information,” he said.

More: FBI Data Mining Programs Target More Than Just Terrorists, DOJ Says

Source: http://www.computerworld.com/

30 July 2007 – Greek Spying Case Uncovers First Phone Switch Rootkit

A highly sophisticated spying operation that tapped into the mobile phones of Greece’s prime minister and other top government officials has highlighted weaknesses in telecommunications systems that still use decades-old computer code, according to a report by two computer scientists.

The spying case, where the calls of around 100 people were secretly tapped, remains unsolved and is still being investigated. Also complicating the case is the questionable suicide in March 2005 of a top engineer at Vodafone Group in Greece in charge of network planning.

A look into how the hack was accomplished has revealed an operation of breathtaking depth and success, according to an analysis on IEEE Spectrum Online, the Web site of the Institute of Electrical and Electronics Engineers.

The case includes the “first known rootkit that has been installed in an [phone] exchange,” said Diomidis Spinellis, an associate professor at the Athens University of Economics and Business, who authored the report with Vassilis Prevelakis, an assistant professor of computer science at Drexel University in Philadelphia.

More: http://www.infoworld.com/article/07/07/12/phone-switch-rootkit_1.html

Source: http://www.infoworld.com/

30 July 2007 – Research Suggests Internet Safety Focus Should Be on Online Behavior, Not Personal Info

NEW YORK: Almost every lesson on Internet safety warns against posting personal information such as phone numbers and school names.

Researchers are now suggesting, though, that such advice, however well-intentioned, does not necessarily make children safer from predators and related threats.

In a recent study published in the Archives of Pediatrics and Adolescent Medicine, researchers found no evidence that sharing personal information increases the chances of online victimization, such as unwanted sexual solicitation and harassment.

More: http://www.iht.com/articles/ap/2007/07/12/business/NA-FIN-US-Internet-Safety.php

Source: http://www.iht.com/

30 July 2007 – Careless and Inexcusable Data Lapses Slammed by UK Privacy Chief

The Government and some of Britain’s largest companies are guilty of “careless and inexcusable” data security lapses leading to serious breaches of privacy, the Information Commissioner has said.

In an impassioned attack on the failure of large organisations to take data protection seriously enough, the Commissioner, Richard Thomas, said that big business and government departments were not living up to their responsibilities.

“Over the last year we have seen far too many careless and inexcusable breaches of people’s personal information. The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying,” he said.

More: http://www.out-law.com/page-8259

Source: http://www.out-law.com/

30 July 2007 – U.K. Commissioner Blames CEOs for Data Breaches

The United Kingdom’s information commissioner is calling on chief executives to take the security of customer and staff information more seriously.

“The roll call of banks, retailers, government departments, public bodies and other organizations which have admitted serious security lapses is frankly horrifying,” Richard Thomas wrote in a report. “How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store card transactions fall into the wrong hands?”

The Information Commissioner’s Office (ICO) received almost 24,000 inquiries and complaints concerning personal information, and it prosecuted 16 individuals and organizations in the past 12 months, according to its annual report for 2006 and 2007.

More: U.K. Commissioner Blames CEOs for Data Breaches

Source: http://news.com.com/

30 July 2007 – New York Plans Surveillance Veil for Downtown

By the end of this year, police officials say, more than 100 cameras will have begun monitoring cars moving through Lower Manhattan, the beginning phase of a London-style surveillance system that would be the first in the United States.

The Lower Manhattan Security Initiative, as the plan is called, will resemble London’s so-called Ring of Steel, an extensive web of cameras and roadblocks designed to detect, track and deter terrorists. British officials said images captured by the cameras helped track suspects after the London subway bombings in 2005 and the car bomb plots last month.

If the program is fully financed, it will include not only license plate readers but also 3,000 public and private security cameras below Canal Street, as well as a center staffed by the police and private security officers, and movable roadblocks.

Source: New York Plans Surveillance Veil for Downtown

More: http://www.nytimes.com/

27 July 2007 – Are We a Free Country Any More?

In his first statement to Parliament as Prime Minister, Gordon Brown said: “Britain is rightly proud to be the pioneer of the modern liberties of the individual.” Little noticed among the cascade of pronouncements about constitutional reform, was a promise to reconsider the ban on unlicensed political protest in the vicinity of the Palace of Westminster. Mr Brown implied that when it came to balancing the need for public order with the right to public dissent, this was a law too far.

A commitment to personal liberty is only to be expected from a British prime minister, and especially from a son of the manse brought up in Adam Smith’s home town. Yet Mr Brown sat in a Cabinet that did more than any other in recent years to alter the balance in the relationship between the State and the individual.

More: Are We a Free Country Any More?

Source: http://www.timesonline.co.uk/

27 July 2007 – ID Card Consultancy Hits £50m

Frustration builds as technology procurement still has not begun.

The government has spent £53m on consultants for the national biometric identity card scheme, and continues to use 83 external contractors at a cost of nearly £50,000 per day.

The figures are more than double the value of the original £19m pre-procurement consultancy contract signed in 2004, according to data released to Computing by the Home Office under the Freedom of Information Act.

The ID scheme has been substantially re-shaped in the past 18 months – changing from a standalone card system using entirely new IT systems to a broader identity management programme that will reuse existing government databases and is closely allied with international requirements for biometric passports.

The Identity and Passport Service (IPS) says that since the combined agency was created in April 2006 all spending on consultants covers both the ID and passports programmes.

More: ID Card Consultancy Hits £50m

Source: http://www.computing.co.uk/

27 July 2007 – Consumer Data Is Not Being Protected

Big business breaching the Data Protection Act is unacceptable.

The Information Commissioner’s annual report this month highlighted that many companies and public sector departments are still not taking the Data Protection Act (DPA) seriously enough, despite the law being in force for almost nine years.

The past year has been particularly bad for data protection. With an increasing amount of personal information being held online or on easily portable devices, the potential for data to go missing is on the rise.

‘The roll-call of banks, retailers, government departments, public bodies and other organisations that have admitted serious security lapses is horrifying,’ said Information Commissioner Richard Thomas on the release of the report.

More: Consumer Data Is Not Being Protected

Source: http://www.computing.co.uk/

27 July 2007 – How to Prevent Card Fraud

Technology can help beat identity thieves.

Card-not-present (CNP) transactions are considered high risk because neither the card nor the cardholder is present, so the seller is unable to check the physical security features of the card to determine its authenticity.

In addition, without a Pin or signature it is impossible to confirm that the customer is the genuine cardholder.

Mark Bowerman, spokesman for Apacs, says the problem is further compounded because card issuers cannot guarantee the information provided during a CNP transaction relates to the genuine cardholder.

More: How to Prevent Card Fraud

Source: http://www.computing.co.uk/

26 July 2007 – The Worst Virus Attack in 2 Years

Looks like the Storm Virus is making quite a reputation with its high levels of success. The primary method of propagation for Storm is through email, and it looks like it uses two different types to lure in victims. One is just an email that is blank but with a clickable link (which then sends you to a site where malware is downloaded to your computer); the other is through receiving an e-card. Using e-cards has always seemed to be a successful means of spreading malware, and chances are they will continue to be used in the future. If you don’t want to get infected by this, just simply follow the rule that if you receive an email from someone you don’t know, don’t open it.

The Storm worm authors are waging a multi-pronged attack and generating the largest virus attack some researchers say they’ve seen in two years.”We are basically in the midst of an incredibly large attack,” said Adam Swidler, a senior manager with security company Postini. “It’s the most sustained attack that we’ve seen. There’s been nine to 10 days straight days of attack at this level.”

More: The Worst Virus Attack in 2 Years

Source: http://www.essentialcomputersecurity.com/news/

26 July 2007 – Who Are You? ID Purveyors to Collaborate

In a move intended to enable competing identity management technologies to interoperate, a new forum will hold a key meeting in San Francisco on June 26 to find out first hand what users want.

In fact, all parties agree it’s a necessary move but the question is how long will it take to bear its first fruit? The answer: possibly as early as the end of the year.

Named the Concordia Project, the forum aims to provide a neutral ground for competing identity management players to communicate with each other and with customers in a venue that looks toward tearing down barriers to interoperability between their systems.

More: http://www.insideid.com/article.php/3681961

Source: http://www.insideid.com/

26 July 2007 – UK Surfers Still Rooting for Google

Majority still want Google to lead in five years despite privacy issues.

The majority of UK internet users want Google to maintain its position as the leading search engine in five years’ time, despite the recent controversy surrounding its privacy practices.

“This data shows how confident searchers are of Google and how much goodwill the search [company] has won,” said Andrew Girdwood, head of search at digital marketing agency Bigmouthmedia.

“Marketers using Google should treat this goodwill with care but also look to harness it effectively for their own campaigns.”

A Bigmouthmedia survey asked participants two similar, but quite different questions: whether they thought Google would still be the leading search engine in five years; and whether they wanted Google to be leading search engine in five years.

More: http://www.computing.co.uk/vnunet/news/2195027/uk-surfers-rooting-google-success

Source: http://www.computing.co.uk/

26 July 2007 – RFID Starts Making More Sense

Many of the use cases of RFID (radio frequency identification) technology that have been generating publicity in recent years have been around adoption in open-loop supply chains — that is, those that extend to partners or customers who are also adopting RFID — for tracking pallets and cases of goods. Think of initiatives spearheaded by outfits such as Wal-Mart, the Department of Defense, and Europe’s METRO Group.

But RFID is powering innovations on other fronts, as well, according to a new survey by ABI Research.

“The opportunity in terms of volume and revenue has been targeted in the retail CPG space, and even tangentially pharmaceuticals at the item level, because of the sheer volume of the technology there and the widespread nature of that supply chain,” says Michael J. Liard, research director at ABI Research.

More: http://www.insideid.com/article.php/3690366

Source: http://www.insideid.com/

26 July 2007 – ID Card Consultancy Hits £50m

Frustration builds as technology procurement still has not begun.

The government has spent £53m on consultants for the national biometric identity card scheme, and continues to use 83 external contractors at a cost of nearly £50,000 per day.

The figures are more than double the value of the original £19m pre-procurement consultancy contract signed in 2004, according to data released to Computing by the Home Office under the Freedom of Information Act.

The ID scheme has been substantially re-shaped in the past 18 months – changing from a standalone card system using entirely new IT systems to a broader identity management programme that will reuse existing government databases and is closely allied with international requirements for biometric passports.

More: http://www.computing.co.uk/computing/news/2194938/id-card-consultancy-hits-50m

Source: http://www.computing.co.uk/

25 July 2007 – Identity theft? What identity theft?

The GAO reports that identity theft really isn’t a problem. The problem, apparently, is that the process of notifying consumers whenever their personal financial information has been compromised is confusing us simple-minded folks.

Yes, I’ve got that right. It’s not a comedic headline from The Onion.

The SANS NewsBites, one of my top information sources on security news, turned me on to The United States Government Accountability Office’s new report to congressional requesters called Personal Information: Data Breaches Are Frequent, but Evidence of Resulting Identity Theft is Limited; However, the Full Extent is Unknown. The 50-page report was developed to assist Congress with crafting all the various data breach notification legislation being proposed (the Data Security Act of 2007 (H.R. 1685), Data Accountability and Trust Act (H.R. 958), Identity Theft Prevention Act (S. 1178), and the Personal Data Privacy and Security Act of 2007 (S. 495), to name a few.) Overall, it’s not an entirely bad report, but it comes to nebulous conclusions.

More: Identity theft? What identity theft?

Source: http://www.infoworld.com/

25 July 2007 – ‘Malware 2.0′ raises its ugly head

Signature-based malware detection techniques are becoming less effective in the face of so-called ‘malware 2.0′ threats, a security firm claimed today.

“The security space is changing rapidly. We are witnessing a major shift in the anti-malware marketplace moving into a new era of malware 2.0,” said Kurt Baumgartner, chief threat officer at PC Tools.

“We are now dealing with zero-minute, rather than just zero-day, exploits that have the potential to further evade signature detections.”

PC Tools said that malware variants are now released at “immense rates”, driving up sample volumes and making it almost impossible for researchers to keep on top of updates using manual analysis.

More: http://www.vnunet.com/vnunet/news/2194572/signature-security-dead-say

Source: http://www.vnunet.com/

25 July 2007 – Confessions of a Former Spammer

San Francisco (IDGNS) – “Ed,” a retired spammer, built a considerable fortune sending e-mails that promoted pills, porn, and casinos. At the peak of his power, Ed says he pulled in $10,000 to $15,000 a week, storing the money in $20 bills in stacks of boxes.

It was a life of greed and excess, one that preyed especially on vulnerable people hoping to score drugs or win money gambling on the Internet. From when he was expelled from high school at 17 until he quit his spam career at 22, Ed — who does not reveal his full name but sometimes goes by SpammerX — was part of an electronic underworld profiting from the Internet via spam.

“Yes, I know I’m going to hell,” said Ed, who spoke in London on Wednesday at an event hosted by IronPort Systems, a security vendor now owned by Cisco Systems. “I’m actually a really nice guy. Trust me.”

More: http://news.yahoo.com/s/infoworld/20070718/tc_infoworld/90286

Source: http://news.yahoo.com/

25 July 2007 – FBI Installs Spyware to Gather Evidence

A former Washington high school student received 90 days in juvenile detention this week after pleading guilty to charges stemming from a rash of bomb threats and being tracked down by the Federal Bureau of Investigation through the use of a Trojan horse that identified his computer.

The student used a false name and other pseudonyms in e-mail addresses registered with Google’s Gmail to send bomb threats to Timberline High School in Lacey, Washington, FBI Special Ageny Norman Sanders Jr. stated in an affidavit. The threats caused daily evacuations of the school the week of June 4, 2007. An earlier bomb threat, which evacuated the school on May 30, was found in a handwritten note.

The sender of the threats had claimed to be using a computer in Italy and taunted police and the FBI for their apparent lack of success in locating him, according to the affidavit.

More: http://www.securityfocus.com/brief/550?ref=rss

Source: http://www.securityfocus.com/

25 July 2007 – EMC Adds Authentication with Security Acquisition

EMC Corp. said Monday it has acquired Verid Inc., a Sunrise, Fla.-based security vendor specializing in identity management and authentication technology.

Hopkinton, Mass.-based EMC said Verid has clients that include large financial institutions, telecom providers and retailers.The acquisition is complete and the cost of the transaction is not being disclosed, EMC said in a statement.

Verid will function as a separate product line and services offering within RSA for at least the remainder of 2007, but the vendor said it plans to wrap Verid’s technology into the RSA Adaptive Authentication suite. EMC acquired Bedford, Mass.-based RSA Security Inc. last year. RSA, which sells encryption software has operated as part of EMC’s security division.

More: EMC Adds Authentication with Security Acquisition

Source: http://searchsecurity.techtarget.com/

24 July 2007 – Should the Feds Regulate RFID?

Well, 1984 is here and Big Brother is watching — at least that’s what the more Orwellian-leaning pundits have to say, pundits who are seeking to pass legislation that would ban or regulate RFID technology.

So what’s all the fuss about?

The fuss starts with the nature of RFID technology. An RFID tag is placed on or in an object or person for the purpose of identification (think of it as a mini barcode). This information can then be tracked and read remotely. (You can read some of the more interesting details at How Stuff Works.) This is where the privacy folks get concerned — can someone else infringe on our privacy through the use of RFID on our stuff or on our person

The main applications of this technology can be found in medicine, agriculture, manufacturing, and retail. The benefits are huge in terms of medical accuracy and safety, cost efficiency, convenience, and anti-theft. Just think, electronic medical information could be attached to your person, or there could be tags on crucial medicines. While most people don’t object to retailers using electronic tags on merchandise to ensure it doesn’t walk out of the store illegally, other uses like RFID implants in humans and animals or applications for military intelligence and security spark a whole new level of privacy and moral arguments.

More: http://www.insideid.com/article.php/3690296

Source: http://www.insideid.com/

24 July 2007 – Microsoft and Ask Follow Google’s Lead

The search industry needs to develop better global privacy principles for the collection, use and protection of data, according to web giants Microsoft and Ask.com.

Both companies have pledged to work with other technology leaders, consumer advocacy organisations and academics to develop these principles, which could include sharing best practices to provide more control for consumers.

The move follows Google’s recent announcement that it will delete cookies after two years of inactivity.

“As search and other online services progress it is important for our customers to be able to trust that their information is being used appropriately and in a way that provides value to them,” said Peter Cullen, chief privacy strategist at Microsoft.

More: Microsoft and Ask Follow Google’s Lead

Source: http://www.securecomputing.net.au/

24 July 2007 – DoJ Sends ID Theft Bill to Congress

The Bush administration sent proposed legislation to Congress today that aims to update and improve federal identity theft laws. The proposal is part of the recommendations of the president’s Identity Theft Task Force.

The Identity Theft Enforcement and Restitution Act of 2007 would allow ID theft victims to recover the value of the time lost attempting to repair damage caused by identity theft. Currently, victim restitution is limited to direct financial losses.

The bill would also expand the existing identity theft and aggravated identity theft statutes to include penalties for thieves who steal information from corporations and organizations. Both statutes now only deal with the identity theft of an individual.

More: http://www.insideid.com/article.php/3690376

Source: http://www.insideid.com/

24 July 2007 – Travelex Combats Card Fraud

Foreign exchange specialist Travelex has introduced a new system to reduce fraud on its Cash Passport product, a pre-paid card that stores foreign currencies.

The card is prone to the same type of crime as traditional debit and credit cards, such as theft and skimming. But conventional fraud detection software is unable to detect suspicious activity as it relies on unusual transaction patterns.

By its very nature, Cash Passport is used erratically, says Travelex head of fraud and risk management Peter Jackson.

‘It is aimed at the international traveller, who may use it in a number of countries during their travels,’ he said. ‘They may then stop using the card for several months, before travelling and using it again.’

More: Travelex Combats Card Fraud

Source: http://www.computing.co.uk/

24 July 2007 – Microsoft’s Identity Management Platform Gets Third-Party Help

Directory management vendor NetPro Monday beefed up its tool for handling Microsoft’s Identity Lifecycle Manager with analytical reporting capabilities, auditing features and synchronization monitoring.

MissionControl 2.2 is compatible with Version 1 of Identity Lifecycle Manager (ILM) and includes support for SQL Server 2005 to support its reporting features.

The management tool gives users insight into what is happening within their identity systems and helps pinpoint trends that may aid in planning expansion or heading off trouble.

MissionControl was formerly called MissionControl for Microsoft Identity Integration Server (MIIS). Microsoft changed the name of MIIS to ILM so NetPro dropped the MIIS.

ILM is Microsoft’s platform for identity synchronization, certificate and password management, and user provisioning. It was originally the company’s meta-directory technology, which Microsoft purchased from Zoomit in 1999.

More: Microsoft’s Identity Management Platform Gets Third-Party Help

Source: http://www.networkworld.com/

20 July 2007 – Oracle Fights ID Theft With ‘Trust’ in Bharosa

Sometimes the stars align for two companies to be more than just partners.

Oracle (Quote) today agreed to buy multi-factor authentication and fraud detection software maker Bharosa for an undisclosed sum.

While most startups in the security software space pick one area to specialize in, Bharosa, (meaning “trust” in Hindi) is unique because it offers two core products that work closely together to prevent crimes perpetrated through identity theft.

Protecting against identity theft is a key requirement for companies exchanging information with partners or customers through the Internet, which has generally leaked data like a sieve for determined hackers.

More: http://www.internetnews.com/security/article.php/3689486

Source: http://www.internetnews.com/

20 July 2007 – Many Breaches, Few ID Thefts

Data breaches are frequent, but evidence of actual identity theft resulting from the breaches is limited, according to a new report by the General Accountability Office (GAO).

The report, issued late last week, found more than 570 data breaches were reported in the news media from January 2005 through December 2006. The incidents occurred across a broad sector, including government agencies, colleges and universities, medical facilities, retailers and financial institutions.

More: http://www.insideid.com/article.php/3687936

Source: http://www.insideid.com/

20 July 2007 – Thieves Verify Credit Cards Through Charities

A disturbing trend among credit card thieves has caught the attention of Symantec.

The company posted a blog Friday detailing a pernicious scheme, where credit card thieves donate a small amount of money to charities with stolen credit cards. Why do they do that? Are they feeling guilty for their evil ways? No — they do it to verify that the numbers are valid before selling the credit cards.

Source: http://www.insideid.com/article.php/3687726

More: http://www.insideid.com/

20 July 2007 – Sneaky Web Apps to Get The Stealth Treatment

Try telling your IT manager that you’re going to put another security device in his datacenter; he’ll probably give you a murderous stare.

That pretty much sums up what some companies are proposing for enterprises, banking on concerns and vulnerabilities over a rising mass of Internet applications, including peer-to-peer software, Web mail and video conferencing that bypass traditional firewalls.

Startup Palo Alto Networks is one such vendor. And it’s not blinking on this offering. The company plans to come out of stealth mode Monday with new firewall devices intended to first complement and ultimately replace traditional firewalls from Cisco Systems, Check Point and other incumbents. The company is eyeing a $4 billion security industry grappling with emerging Web threats.

More: http://www.internetnews.com/ent-news/article.php/3685076

Source: http://www.internetnews.com/

20 July 2007 – Getting More Money to ID Theft Victims

The full impact of ChoicePoint’s data breach of two years ago is still being felt. This week, the Federal Trade Commission (FTC) is mailing another 2,400 reimbursement forms to consumers who may be victims of the breach.

Tuesday’s mailing follows FTC notices to 1,500 consumers in April and an initial mailing to 1,400 consumers in December 2006, bringing the total number to 5,300 who have identified as potential victims of the Alpharetta, Ga.-based data broker’s breach.

The victims will be paid from a $5 million consumer restitution fund established by ChoicePoint as a part of its January 2006 settlement with the FTC, which also included a record $10 million fine for not adequately protecting the data.

More: http://www.internetnews.com/bus-news/article.php/3684456

Source: http://www.internetnews.com/

19 July 2007 – Gang Blamed for Credit Card Fraud Losses Nabbed

Four members of a south Florida-based criminal gang believed to have been responsible for more than $75 million in credit card fraud losses have been arrested by the U.S. Secret Service.

More than 200,000 credit card account numbers, two pick-up trucks, about $10,000 in cash and one handgun were also recovered in connection with the gang’s activity, according to a Secret Service statement Monday.

The gang was uncovered through an earlier investigation that involved the Secret Service’s Miami and Nashville field offices. That probe targeted an individual named Julio Lopez, who used the screen name “Blinky” to traffic in counterfeit credit cards and stolen IDs for years over the Internet.

More: Gang Blamed for Credit Card Fraud Losses Nabbed

Source:  http://www.networkworld.com/

19 July 2007 – Google Moves to Appease Privacy Watchdogs

Google says that its cookies, which store information about a user’s internet habits on their own computer, will now automatically be deleted after two years.

The move comes after a group of European data protection watchdogs wrote to Google questioning the legitimacy of its privacy policies last month.

‘After listening to feedback from our users and from privacy advocates, we’ve concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies,’ said Peter Fleischer, Google’s global privacy counsel.

More: Google Moves to Appease Privacy Watchdogs

Source: http://www.computing.co.uk/

19 July 2007 – Gov’t Report: Data Breaches don’t Often Result in ID Theft

Most large data breaches don’t appear to lead to identity theft, and proposals that would require companies to notify customers of most breaches may lead to increased costs without significant benefits, says a report from a U.S. government agency released Thursday.

The report, from the U.S. Government Accountability Office (GAO), said only four of the 24 largest data breaches between January 2000 and June 2005 appear to have resulted in identity fraud.

Wide-ranging data-breach notification laws that would require nearly all breaches to be reported could lead to notifications that “present little or no risk, perhaps leading consumers to disregard notices altogether,” the report said. While a breach notification law would have several benefits, a law that requires notification for nearly all breaches could also create significant costs for businesses, the report added.

More: Gov’t Report: Data Breaches don’t Often Result in ID Theft

Source: http://www.networkworld.com/

19 July 2007 – Travelex Combats Card Fraud

Foreign exchange specialist Travelex has introduced a new system to reduce fraud on its Cash Passport product, a pre-paid card that stores foreign currencies.

The card is prone to the same type of crime as traditional debit and credit cards, such as theft and skimming. But conventional fraud detection software is unable to detect suspicious activity as it relies on unusual transaction patterns.

By its very nature, Cash Passport is used erratically, says Travelex head of fraud and risk management Peter Jackson.

‘It is aimed at the international traveller, who may use it in a number of countries during their travels,’ he said. ‘They may then stop using the card for several months, before travelling and using it again.’

More: http://www.computing.co.uk/computing/news/2194501/travelex-combats-card-fraud

Source: http://www.computing.co.uk/

19 July 2007 – Identity Thieves Really Missing Their Chance

Most of the hundreds of documented data breaches that have happened in recent years have not resulted in identify theft, according to a new government report.

The U.S. Government Accountability Office examined about 570 data breaches of all sizes and at a variety of government and non-government organizations. The breaches were reported in the news in 2005 and 2006.

“The extent to which data breaches have resulted in identity theft is not well known, largely because of the difficulty of determining the source of the data used to commit identity theft. However, available data and interviews with researchers, law enforcement officials and industry representatives indicated that most breaches have not resulted in detected incidents of identity theft, particularly the unauthorized creation of new accounts,” the GAO report says.

More: Identity Thieves Really Missing Their Chance

Source: http://www.networkworld.com/

16 July 2007 – Expert: ID Theft Arrests Validate California Disclosure Law

The Secret Service’s recent arrest and indictment of four Cuban nationals in Florida for ID theft is evidence that a presidential task force’s recommendations on ID theft are out of touch with reality, said Mari Frank, an expert and former victim of ID theft.

That President’s Identity Theft Task Force has recommended federal legislation that would permit companies involved in data breaches determine whether consumers are at risk after a data breach, according to Frank.

It would overturn California’s much stricter law, which requires companies to notify everyone whose personally sensitive information was stolen or lost in an electronic breach.

The recent arrests lead to the recovery of more than 200,000 credit card account numbers used in connection with the ring’s activity, which was responsible for fraud losses of more than US$75 million. Secret Service agents also seized two pick-up trucks, US$10,000 in cash, and one handgun.

More: Expert: ID Theft Arrests Validate California Disclosure Law

Source: http://www.securecomputing.net.au/

16 July 2007 – Google: Our Data Retention is not Data Protection Watchdogs’ Business

The retention of search engine query data is a security matter and not one for Europe’s data protection officials, according to Google’s global privacy chief.

Peter Fleischer said that its retention of user search data was “just not their field”. Speaking to weekly technology law podcast OUT-LAW Radio, Fleischer said it is interesting to hear the views of the committee of Europe’s privacy watchdogs the Article 29 Working Party, but that the matter is not up to them.

More: http://www.theregister.co.uk/2007/07/06/google_data_retention_/

Source: http://www.theregister.co.uk/

16 July 2007 – Microsoft and Yahoo to Alter Privacy Policy

Yahoo and Microsoft are preparing to announce concessions in their privacy policies in the next few weeks, as pressure mounts in Europe over the length of time internet search companies should be allowed to hold personal data.

The Article 29 Working Party, a group of national officials that advises the European Union on privacy policy, last month said it wanted to investigate how long companies such as Yahoo and Microsoft kept data on individuals who used their search engines. The working party has already been in discussions with Google over its policies for keeping data, and intends to widen scrutiny to the rest of the market.

More: Microsoft and Yahoo to Alter Privacy Policy

Source: http://www.ft.com/

16 July 2007 – A Word of Caution About Google Calendar

I’ve been playing around with Google Calendar, a beta service from the search-engine giant that lets users store — and share — calendar data online. It’s a great Web-based tool, but in experimenting with it I found that far too many people are using Google Calendar without fully understanding how to protect their personal information.

Since security is what this blog is all about, I plugged “password” into a search of Google Calendar’s public events, and within the first few pages of results found a username and password for a credit report account at TransUnion. The credentials belonged to Douglas Kerr, a network administrator for a software company in Charlotte, N.C. Kerr said he’d been experimenting with Google Calendar for a few weeks, but had no idea that he’d imported that record into the application.

More: A Word of Caution About Google Calendar

Source: http://blog.washingtonpost.com/

16 July 2007 – Press Watchdog Urges Delay in Privacy Bill

The chairman of the new Press Council of Ireland has urged the Government not to rush into drafting legislation to protect people’s privacy.

Announcing the 13 independent members of the council yesterday, Prof Thomas Mitchell said privacy was already “quite well safeguarded” and that the new council would have an important role in protecting it. Although a new defamation law would assist the council in carrying out its work, it was his personal view that a “wait and see” approach might better serve the public.

More: Press Watchdog Urges Delay in Privacy Bill

Source: http://www.independent.ie/

13 July 2007 – Data Breaches Frequent – But Evidence of Resulting Identity Theft Limited

The Government Accountability Office has published a new report titled “Personal Information: Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown”.

Quotes: In recent years, many entities in the private, public, and government sectors have reported the loss or theft of sensitive personal information. These breaches have raised concerns in part because they can result in identity theft–either account fraud (such as misuse of credit card numbers) or unauthorized creation of new accounts (such as opening a credit card in someone else’s name). Many states have enacted laws requiring entities that experience breaches to notify affected individuals, and Congress is considering legislation that would establish a national breach notification requirement. GAO was asked to examine (1) the incidence and circumstances of breaches of sensitive personal information; (2) the extent to which such breaches have resulted in identity theft; and (3) the potential benefits, costs, and challenges associated with breach notification requirements. To address these objectives, GAO reviewed available reports on data breaches, analyzed 24 large data breaches, and gathered information from federal and state government agencies, researchers, consumer advocates, and others.

More: http://www.paymentsnews.com/2007/07/data-breaches-f.html

Source: http://www.paymentsnews.com/

13 July 2007 – German Legislation Troubles the Big Internet Companies

Yahoo and Google seems to have problems adapting their business to the tough requirements of the German law regarding content harmful to minors and the implementation of the data retention directive, respectively.

Yahoo has recently changed the way the content filter setting for its photo-sharing service Flickr works for German members so that they can’t view photos labelled as “moderate” or “restricted” via the search function. This caused a lot of complaints from German users, that created special groups on the platform such as Against Censorship! Also they started uploading anti-Flickr pictures in the Yahoo photo sharing service and tag them as “thinkflickrthink”. In the end Flickr allowed the German users to turn SafeSearch off to allow photos flagged as ‘moderate’ and tried to explain the situation.

More: http://www.edri.org/edrigram/number5.13/germany-internet

Source: http://www.edri.org/

13 July 2007 – OECD Pushes for Privacy Co-operation

A new framework has been agreed by the 30 members of OECD (Organisation for Economic Co-operation and Development) regarding the co-operation in the enforcement of privacy laws, updating a 27 year old statement (OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data).

The large volume of the data being exchanged across borders and the changes in the character of these exchanges having increased the risks to privacy for individuals have brought up the need for a better co-operation between authorities in charge with data protection.

More: http://www.edri.org/edrigram/number5.13/oecd-privacy

Source: http://www.edri.org/

13 July 2007 – Visa Gets More Personal With Data

Visa plans to roll out new, highly customized incentive and reward programs based on more detailed consumer information, including data on purchases, buying habits, and retailer loyalty.

Having completed a multi-year upgrade and modernization of its payment processing systems, credit-card giant Visa plans to roll out new, highly customized incentive and reward programs based on more detailed consumer information, including data on purchases, buying habits, and retailer loyalty, company officials said during a tour of the company’s central-United States data center. Crafted two years ago and known as “account-level processing,” the plan will enable Visa’s payment processing system to manage transactions in real time using the entire 16-digit credit card number, rather than the six-digit bank identification number (BIN) that has traditionally been used. It will allow consumers to carry their account numbers with them if they move up to pricier and more exclusive cards, and merchants to offer new services and benefits, such as loyalty programs, to customers, said senior VP Jim McCarthy, head of consumer products for Visa USA: “This allows us to take a specific action in real time based on consumer behavior at a specific merchant and a specific location.”

More: Visa Gets More Personal With Data

Source: http://www.informationweek.com/

13 July 2007 – Are We Willing to Pay the Price of Catastrophe to Keep Our Privacy?

Some of the alleged conspirators involved in last week’s thwarted car bombings in London and the attack on the Glasgow airport have been apprehended, and the reason is television.

True, it was merely good luck that the plot was uncovered in the first place. One perpetrator in London haplessly called attention to himself by clumsily crashing into parked cars and then abandoning his bomb-laden Mercedes. And at least one of the bombs was inexpertly constructed and would not explode as intended, providing London with another bit of good fortune. The Glasgow attackers failed as well. Had the plots succeeded, hundreds of innocent people would have been killed, burned and maimed, but fate intervened and a terrible tragedy was averted.

More: http://www.msnbc.msn.com/id/19539748/

Source: http://www.msnbc.msn.com/

12 July 2007 – Google’s German Webmail Threatened by Proposed Legislation

Germany’s Federal Ministry of Justice has circulated a controversial draft bill that is bad news for online privacy. From preliminary reports, it seems that the bill attempts to outlaw the ability to send anonymous email by ordering ISPs to retain data traceable to individuals, and requiring a passport from anyone attempting to set up a webmail account.

Notably, Google is already pushing back. The German paper Heise reports that Google has threatened to shut down its email service in Germany if the bill becomes law (though this may be overstating the case.) And Google Privacy Counsel Peter Fleischer has come to the defense of anonymous communication, describing the many legitimate scenarios in which a person might want an anonymous email account.

More: http://www.eff.org/deeplinks/archives/005344.php

Source: http://www.eff.org/

12 July 2007 – Privatunes 0.9 Does Not Anonymize iTunes Plus Files

On Wednesday, Slashdot and Wired Compiler ran posts about Privatunes, a program that claims to remove personally identifying information from iTunes Plus files (the current version is closed source and Windows only, though the site says that this will change in the future.)

Privatunes 0.9 overwrites the user’s name and address. Unfortunately, the Privatunes coders didn’t read our last post about iTunes tracking data — aside from the name and email address, there are other fields that Apple, or a litigant that subpoenas Apple, could use to identify the purchasers of iTunes Plus files, even if they’ve been run through Privatunes 0.9.

More: http://www.eff.org/deeplinks/archives/005342.php

Source: http://www.eff.org/

12 July 2007 – Identity Management Offering Ways to Better Protect Your Privacy

Privacy and Identity Management in Europe — the PRIME Project has just released the second version of its White Paper at https://www.prime-project.eu/. The document serves as an introduction into and overview of the PRIME Consortium’s findings shortly after entering the final phase of research.

Identity Management Systems are currently under development by various actors such as Microsoft and Liberty Alliance. The implementations are aimed at facilitating online identification, authentication and transaction. The broad introduction of Identity Management has tremendous potential to fill a gap in the current ICT infrastructure, which lacks an identity layer. Meanwhile, all major actors are aware that better identification may also pose increasing risks for the user’s privacy and autonomy. PRIME shows how to counter these risks.

More: https://www.prime-project.eu/prime_products/whitepaper/

Source: https://www.prime-project.eu/

12 July 2007 – International Effort on Privacy Protection is Launched

The world’s most developed economies will co-operate to uphold privacy laws in the face of increasing amounts of cross border data transfer. The member countries of the Organisation for Economic Cooperation and Development (OECD) have agreed the plan.

The new deal updates a 25 year old agreement on the upholding of privacy laws. A new deal was needed in order to guard against the privacy risks of the increasing amounts of personal data currently being sent from country to country.

More: http://www.out-law.com/page-8182

Source: http://www.out-law.com/

12 July 2007 – Policy Experts Split on Spyware Laws

CDT and FTC disagree whether a trio of anti-spyware bills before Congress will result in more prosecutions.

Two of the agencies most actively involved in bringing cyber-criminals to justice in the United States have expressed opposing opinions over pending anti-spyware legislation. Even as a trio of spyware bills is moving forward on Capitol Hill, officials from the Center for Democracy and Technology (CDT) and the Federal Trade Commission (FTC) said their two organizations have differing views on the need for passage of the proposed laws. At a forum sponsored by the Anti-Spyware Coalition and held here at Harvard Law School on June 27, officials from the FTC and CDT — a Washington-based nonprofit that has become a prominent Internet policy watchdog — detailed areas where their organizations diverge regarding Congressional anti-spyware bills.

More: Policy Experts Split on Spyware Laws

Source: http://www.infoworld.com/

11 July 2007 – Privacy Isn’t Dead, or At Least It Shouldn’t Be: A Q&A with Latanya Sweeney

In a post-9/11 world, where security demands are high, personal privacy does not have to be sacrificed, says computer scientist Latanya Sweeney, who discusses a few ways to save it.

As security concerns mount, networks proliferate and ever more data move online, personal privacy and anonymity are often the first casualties. For the Insights story, “A Little Privacy, Please,” appearing in the August 2007 issue of Scientific American, Chip Walter sat down with Carnegie Mellon computer scientist Latanya Sweeney, who discusses the new threats to privacy and ways to fight identity theft and other misuse of information.

More: Privacy Isn’t Dead, or At Least It Shouldn’t Be: A Q&A with Latanya Sweeney

Source: http://www.sciam.com/

11 July 2007 – Laws Needed to Protect Personal Data on RFID Chips

The U.S. government is already venturing into risky territory by embedding RFID chips in passports. This allows easy scanning of information, but it also could reveal personal data on U.S. citizens to unfriendly eyes. California has an opportunity to set some standards before the technology is widely used by state and local governments.

Slap a chip costing a few cents on a clock radio or a bottle of Prozac, and you can track it from its manufacturer to the cash register at Wal-Mart. Build a chip into a special windshield tag, and it allows drivers to zip across the Golden Gate Bridge without stopping at a toll booth. Put one in a corporate identification card and all of a sudden it becomes an electronic door key. Such is the power of radio frequency identification, or RFID, a technology that’s been around for a half-century but is finally beginning to transform commerce — and become controversial.

More: http://www.technewsworld.com/rsstory/58043.html

Source: http://www.technewsworld.com/

11 July 2007 – UK Government Steps up Data Sharing Pilot

The government is to extend a pilot project sharing individuals’ personal data between the Department of Work and Pensions, HM Revenue and customs and local authorities.

New legislation to increase data sharing powers between government departments and other public agencies has been repeatedly promised by ministers, sparking controversy among opposition parties and privacy campaigners. The government argues that greater data sharing will improve public services by reducing the amount of form filling for individuals.

More: UK Government Steps up Data Sharing Pilot

Source: http://www.computerworlduk.com/

11 July 2007 – Privacy Rules on APEC Agenda

PATHFINDER projects that will ultimately lead to regional cross-border data privacy rules are being discussed by Asia-Pacific Economic Co-operation forum delegates meeting in Cairns this week.

Attorney-General Philip Ruddock said the pilots would test better protection for the transfer of personal data in the region, while keeping the burden on business to a minimum. “Personal information is a global traveller,” Mr Ruddock told the APEC Data Privacy Seminar yesterday. It is transferred and accessed across international locations, collected and handled, often simultaneously, by businesses as part of commercial transactions – much of it in the interests of customers. However, a single bad consumer experience such as the mishandling or theft of personal information, or fraud from an online transaction, may have negative consequences for similar industries.”

More: Privacy Rules on APEC Agenda

Source: http://www.australianit.news.com.au/

11 July 2007 – EU Search Engine Probe Expands Beyond Google

European privacy regulators will expand their investigation into Google’s privacy practices to all search engine companies, it has said.

The Article 29 Working Party, a committee of Europe’s data protection watchdogs, has been investigating Google’s practice of retaining users’ search queries along with information that could identify the user. In an exchange of letters the Working Party and Google have outlined their differences, with the Working Party questioning Google over its need for any retention and Google saying that it would anonymise records after 24 months, then shortening that period to 18 months.

More: http://www.out-law.com/page-8179

Source: http://www.out-law.com/

10 June 2007 – Firefox Security and Privacy Extensions

In the last few years Firefox gained a massive support from surfers worldwide. This is mainly because Internet Explorer, still the biggest player on the market, has proved to be hopelessly insecure.

Besides offering more security than IE by default, what users appreciate is the fact that Firefox can be expanded with add-ons that offer a variety of functions not integrated in the browser upon install. This article will explore useful security and privacy extensions that will add to your browsing experience.

More: http://www.net-security.org/article.php?id=1023

Source: http://www.net-security.org/

10 June 2007 – NZ Banks Demand a Peek at Customer PCs in Fraud Cases

Banks in New Zealand are seeking access to customer PCs used for online banking transactions to verify whether they have enough security protection.

Under the terms of a new banking Code of Practice, banks may request access in the event of a disputed transaction to see if security protection in is place and up to date. The code, issued by the Bankers’ Association last week after lengthy drafting and consultation, now has a new section dealing with Internet banking.

More: NZ Banks Demand a Peek at Customer PCs in Fraud Cases

Source:

10 June 2007 – Court Finds Email Private, Enjoys Fourth Amendment Protection

On June 16, the Sixth Circuit court of appeals ruled that portions of the Stored Communications Act violate the Fourth Amendment protection from unreasonable searches and seizures. In Warshak v. United States, the court found that an individual has a reasonable expectation of privacy in the emails one has stored at an ISP. Therefore, the court held, when the government seeks to obtain the contents of emails stored at an ISP, it must either use a warrant or notify the owner of the email account that a subpoena has been issued.

Steven Warshak was under investigation for violating several federal laws. During this investigation the government sent subpoenas to his ISPs requesting his subscriber account information as well as the contents of some of his emails. The orders were issued under seal, but Warshak was later notified of their existence when they were unsealed. Warshak then sued the government asking for an order declaring this access unconstitutional and preventing the government from further accessing his emails. A federal judge in Ohio granted Warshak a temporary injunction barring the government from accessing emails of individuals in its coverage without a warrant or notification to that individual.

More: http://www.epic.org/alert/EPIC_Alert_14.13.html

Source: http://www.epic.org/

10 June 2007 – FBI Guidelines Made Public

On June 13, the FBI released its updated guidelines for field agents in the use of National Security Letters (NSLs). The revised guidelines summarize and compile existing and new FBI NSL policies. The FBI created the revised guidelines after there was extensive documentation of abuses in an Office of the Inspector General report and a FBI internal audit. Both reports found that the FBI violated its own internal policies, the requirements of the NSL statute and Attorney General guidelines.

NSLs are an extraordinary search procedure by which the FBI obtains customer and consumer transactional information from communications providers, financial institutions and consumer credit agencies without obtaining a warrant or any court authorization. NSLs are issued to third parties during terrorism, espionage, and classified information leak investigations, and are typically accompanied by a non-disclosure certification, also known as a “gag order.” This gag order prohibits the recipient from disclosing to anyone, except his or her lawyer, that an NSL letter was issued.

More: http://www.epic.org/alert/EPIC_Alert_14.13.html

Source: http://www.epic.org/

10 June 2007 – EPIC Urges Limitations on Social Security Number Use

On June 21, Marc Rotenberg, Executive Director of EPIC, testified before the House Ways and Means Committee’s Subcommittee on Social Security. He urged Congress to adopt legislation to address the misuse of the Social Security Number (SSN) and the growing problem of identity theft.

Citing a recent report from the Federal Trade Commission that finds that identity is the number one concern of American consumers, EPIC called for “strong and effective legislation that will limit the use of the SSN,” and context-dependent identifiers “that will encourage the development of more robust systems for identification that safeguard privacy and security.” EPIC also criticized the President’s Identity Theft Task Force for failing to make more aggressive recommendations regarding theft of Social Security Numbers.

More: http://www.epic.org/alert/EPIC_Alert_14.13.html

Source: http://www.epic.org/

9 July 2007 – Airport Fingerprint Program Expanding

A program being launched at 10 U.S. airports this year will expand existing identification checks for visitors, including requiring 10 digital fingerprints, but still operate under strict privacy rules, a senior U.S. official said Monday.

The border checks could also soon include other biometric data, such as facial and eye retina scans, as the U.S. upgrades security at its ports, airports and border crossings, said P.T. Wright, operations director for the Department of Homeland Security’s US-VISIT Program.

More: Airport Fingerprint Program Expanding

Source: http://news.yahoo.com/

9 July 2007 – How to Sniff Out Private Information on Facebook

Facebook users who like to control who gets to see your account details, take note: political views, religious back ground and other sensitive details may be wide open to prying eyes even though you’ve configured your profile so its viewable only to designated friends.

That’s because the user setting that allows only designated friends to view a user’s profile has no effect on whether the contents of that profile can be searched by the Facebook community at large. Users who want to block their profiles from being searched must go through an additional step.

More: How to Sniff Out Private Information on Facebook

Source: http://www.theregister.co.uk/

9 July 2007 – A New Context for Data Protection

To properly secure their most valuable information, enterprises must determine what types of data need to be held closely and which records don’t need to be saved at all.

Experts gathered for the ongoing InfoWorld Enterprise Data Protection Forum in New York today said that companies need to get a better handle on all the factors that make their sensitive information susceptible to attack and become more proactive with their overall defensive strategies if they are to improve on their current security status. In a panel presentation featuring leading security executives and consultants, experts highlighted a need for businesses to study all the elements that contribute to classifying their most valuable information as truly sensitive. Protecting records whose value is immediately apparent — such as social security and credit card numbers — isn’t enough as companies must also shroud any related data that can be used to create an individual profile that could be used to carry out identity theft or other forms of fraud, the speakers said.

More: A New Context for Data Protection

Source: http://www.infoworld.com/

9 July 2007 – Fourth Amendment Applies to Cyberspace, for Now

People concerned about e-mail security got a whole new reason to worry last year with revelations of secret government monitoring. Earlier this month, though, a U.S. Appeals Court told the government where to get off, at least when dealing with people in the Southern District of Ohio.

Security folk have been telling people not to assume that e-mail is secure since about the time that e-mail was invented. The three most common worries are misaddressing, forwarding and storage. It is all too easy to misaddress e-mail, either sending private mail to a mailing list or sending mail to the wrong person (autocomplete of e-mail addresses in e-mail clients has made the latter problem much worse). There is no way to ensure that e-mail you send to a particular person is not forwarded on. (Don’t put anything in e-mail about a person that you do not want that person to see.) Finally, e-mail can be stored on laptops and other portable devices, which can get stolen or lost and the stored information compromised.

More: Fourth Amendment Applies to Cyberspace, for Now

Source: http://www.networkworld.com/

9 July 2007 – U.S. to Fingerprint E.U. Visitors

Visitors from European nations traveling with visas or visa-free to the United States will soon have to give 10 digital fingerprints when entering the country, a senior U.S. Homeland Security official said Monday.

More: U.S. to Fingerprint E.U. Visitors

Source: http://www.kiplinger.com/

6 July 2007 – When Public Records Are Too Public

The Web wasn’t created to appeal to our sense of voyeurism. It just feels that way sometimes. I’m not talking about dirty pictures, but the ability the Web’s given all of us to snoop on our friends, colleagues and neighbors, from Googling the new guy in the next cube to finding out what the people next door paid for their house to seeing which neighbors have given money to which candidates and parties.

Such behavior runs the gamut from generally acceptable nosiness (we’re a nation of self-Googlers, after all) to mildly gauche (in New York City discussing what apartments cost is practically a sport) to creepy (keep your nose out of my politics). As with all questions about Internet privacy and personal information, there are generational differences at work — if you came of age blogging and being Googled, someone seeing you gave $100 to MoveOn.org might not be the biggest deal.

More: When Public Records Are Too Public

Source: http://online.wsj.com/public/us

6 July 2007 – Call for e-Voting to be Scrapped Amid Security Fears

Privacy campaigners have called for any further e-voting trials to be scrapped after uncovering evidence of poor security, inadequate audit trails, equipment failures and an over-dependence on technology suppliers during the May local elections.

The Open Rights Group (ORG) had a team of 25 officially accredited election observers at the e-voting and e-counting pilots and has expressed “deep concern” about the use of the technology in a report of its findings. Five councils offered internet and telephone voting and six authorities were approved to use electronic counting technology at the May local elections.

More: http://www.silicon.com/publicsector/0,3800010403,39167633,00.htm

Source: http://www.silicon.com/publicsector/

6 July 2007 – Google Is Watching You

Kevin Bankston didn’t think anyone would notice his little cigarette break. His family didn’t know he sometimes snuck a smoke. So Bankston was surprised when a photo of him smoking outside his San Francisco office appeared online several years ago on Amazon.com’s (AMZN) now-defunct A9.com map service. He was even more shocked when, in May, he found out he was caught again on candid camera — possibly smoking — this time by Google’s (GOOG) new “Street View” map service.

Bloggers began buzzing about Bankston’s double-lightning-strike luck, and the two photos now appear all over the Internet. A Web search for “Kevin Bankston smokes” reveals more than 20,000 links. “I felt somewhat embarrassed and a bit spied upon,” says Bankston. “I am now thoroughly outed as a cigarette smoker.”

More: Google Is Watching You

Source: http://www.businessweek.com/

6 July 2007 – Dangerous Ruling Forces Search Engine to Log Users

The Electronic Frontier Foundation (EFF) and Center for Democracy and Technology (CDT) urged a California court Friday to overturn a dangerous ruling that would require an Internet search engine to create and store logs of its users’ activities as part of electronic discovery obligations in a civil lawsuit.

The ruling came in a copyright infringement lawsuit filed by motion picture studios against TorrentSpy, a popular search engine that indexes materials made publicly available via the Bit Torrent file sharing protocol. TorrentSpy has never logged its visitors’ Internet Protocol (IP) addresses. Notwithstanding this explicit privacy policy, a federal magistrate judge has now ordered TorrentSpy to activate logging and turn the logged data over to the studios.

More: http://www.eff.org/news/archives/2007_06.php

Source: http://www.eff.org/news/

6 July 2007 – Everyone’s a Celebrity in this Post-privacy Age

Move over, Paris Hilton. We all have celebrity issues in an age when anyone can create an online profile, post confessional videos on YouTube, or make snarky online comments about other people.

The latest generation of Web sites–which attract tens of millions of users daily to share words, photos and videos about themselves and their friends–make a virtue of openness at the expense of traditional notions of privacy. “My grandparents would have had a different attitude about privacy,” says Jeff Jarvis, a former critic for TV Guide turned top blogger and columnist for the Guardian in London. “There is a different calculus now.” Sites like Facebook, Photobucket and Flickr are enjoying surging popularity for allowing people to control their online identities in ways that make the danger of revealing too much information a constant worry–and all part of the game.

More: Everyone’s a Celebrity in this Post-privacy Age

Source: http://news.com.com/

6 July 2007 – Data Protection Commissioner Deplores “Trend Towards a Big Brother State”

Upon presenting his 8th Report Harald von Bose, the Data Protection Commissioner of the German federal state of Saxony-Anhalt, has publicly deplored the increasing degree to which the state and private companies crave and achieve access to the personal data of citizens.

“Restraint and moderation are no longer much in evidence,” he said on Wednesday in Magdeburg. “The trend towards a big Brother state defined by comprehensive registration, surveillance, evaluation and control has picked up pace significantly,” he added. This could inflict long-term damage on the foundation of values upon which the democratic order and the rule of law in Germany rest, he observed. It was unacceptable for the constraints imposed by the need to combat terrorism to be used to undermine the citizens’ constitutional right to informational self-determination.

More: http://www.heise.de/english/newsticker/news/91539

Source: http://www.heise.de/english/

4 July 2007 – EU Body to Expand Web Search Probe, Write to Google

The European Union’s data watchdog will expand its investigation of Web search engines beyond sector leader Google and write to that company, a European Commission source said on Thursday.

The Article 29 Data Protection Working Party “will prepare a substantial letter of response to the letter of Google and they have also decided they will look into other search engines,” the source said. The source was referring to a letter Google wrote last week saying the company was ready to curtail the time it stored user data to a year and a half. It was seeking to mollify the watchdog, which had questioned its privacy policies last month. That storage time was the low end of an 18- to 24-month period it had originally proposed to regulators in March.

More: http://www.ibtimes.com/articles/20070621/eu-web-probpe.htm

Source: http://www.ibtimes.com/

4 July 2007 – EU Delays Google Decision

Google Inc., which faces scrutiny in the European Union over its privacy laws, will have to wait until at least July to find out whether it must further cut the time it stores personal information from users’ online searches.

The EU data protection agency, made up of experts from 30 European countries, warned Google in a letter on May 16 that keeping personal records for as long as two years may be too much. The group was due to study Google’s response Wednesday at a meeting in Brussels. Instead, the agency decided to refer the matter to one of its subgroups.

More: http://seattlepi.nwsource.com/business/320627_googleeu21.html

Source: http://seattlepi.nwsource.com/

4 July 2007 – Perspective: Paying for Online Privacy

Countless studies quote consumers saying they care about their privacy on the Internet. However, simply stating concern about privacy is a far cry from actually taking steps to protect one’s own privacy in cyberspace.

Indeed, many consumers do not even check Web site privacy policies when they divulge their sensitive personally identifiable information. Yet, according to a recent report, when consumers are given a specific choice, many may actually pay more money during a transaction in return for privacy protection. The report, prepared by Lorrie Cranor, who directs the Carnegie Mellon Usable Privacy and Security Labs, documents that consumers would pay an extra 60 cents for privacy protection on purchases of $15. Cranor came to this result by way of a hypothetical experiment.

More: http://news.com.com/Paying+for+online+privacy/2010-1029_3-6192014.html

Source: http://news.com.com/

4 July 2007 – Heathrow Trials Back Biometric Security

The vast majority of people who participated in the miSense biometric airport security trials at Heathrow Airport would recommend the service to their fellow travellers.

The report published by miSense evaluates the experiences and feedback of the 3,166 passengers who took part in the voluntary trials in Heathrow’s Terminal 3 during a sixteen week period with 89 percent saying they would recommend the service and 66 percent sa ying it took less than 15 seconds to use the gate. The report finds that passengers not only accept the need for biometric technology as a means of providing increased levels of security, but also believe that it can significantly improve their journey through the airport.

More: http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=199905573

Source: http://www.eetimes.com/

4 July 2007 – European Visa Information System accepted by the EU bodies

The legislative package on the Visa Information System (VIS) was adopted by the European Parliament and a political agreement was reached within the Justice and Home Affairs Council in the last couple of weeks. This means that the final steps have been adopted to create the biggest biometric database in the world.

The VIS Legislative package is formed by the VIS Regulation and the VIS Decision. The VIS Regulation will allow consulates and other competent authorities to start using the system when processing visa applications and to check visas. The VIS Decision will allow police and law enforcement authorities to consult the data under certain conditions that should ensure a high level of data protection.

More: http://www.edri.org/edrigram/number5.12/VIS-EU-adoption

Source: http://www.edri.org/

2 July 2007 – Privacy Ranking of Internet Service Companies

Privacy International (PI) has undertaken a study that reveals the privacy threats and rank the positions in this matter of key players on the Internet services market. The objective of the research is not only to point fingers but also to find out trends and emergent issues related to privacy on the Internet.

The report was issued by PI after a six-month investigation on the privacy practices covering search, email, e-commerce and social networking sites. The methodology used included 20 main parameters among which data collection and processing, data retention, openness and transparency or responsiveness to customers’ complaints.

More: http://www.edri.org/edrigram/number5.12/privacy-ranking-companies

Source: http://www.edri.org/

2 July 2007 – Prüm’s Treaty Is Now Included Into the EU Legal Framework

The EU has adopted as its own law, with very little alterations, the so-called Prüm Treaty, signed on 27 May 2005 by Belgium, Germany, Spain, France, Luxembourg, The Netherlands and Austria, which allowed the police forces of their countries to compare and exchange data more easily.

The new law, adopted by the European Parliament’s report of Fausto Correia (PES, PT) and approved by the Council of Ministers during a meeting of the justice and home office ministers last week, gives the EU member-states three years to rewrite domestic laws in order to comply with it.

More: http://www.edri.org/edrigram/number5.12/prum-treaty-eu

Source: http://www.edri.org/

2 July 2007 – Iris Scanning, Now at JFK

In May, I gave up my fingerprints and a scan of my irises and joined a program called Clear at the ­British Airways terminal at John F. Kennedy International Airport in New York, thus becoming one of the first “registered travelers.” The registered-traveler program is based on a set of standards, issued by the U.S. government, that’s meant to speed “safe” passengers through airport security checks.

Launched in 2005 and implemented by private contractors, it’s designed to help airports improve efficiency by separating trusted travelers from the unknown. Clear opened the first dedicated ­registered-­traveler lane at Orlando International Airport in 2005, and four more have followed. A whole nation’s worth, of course, is planned.

More: http://www.technologyreview.com/Infotech/18879/

Source: http://www.technologyreview.com/

2 July 2007 – A Closer Look at Tor Privacy Tool

Tor is a tool that can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol.

This is a graphical overview that shows the interface and functionality of Tor (through Vidalia interface).

More: http://www.net-security.org/secworld.php?id=5273

Source: http://www.net-security.org/

2 July 2007 – Court: Feds Violated Privacy in e-Mail Search

Federal investigators overstepped constitutional bounds by searching stored e-mails without a warrant in a fraud investigation, a federal appeals court ruled Monday.

In a case closely watched by civil-liberties advocates in the still-emerging field of Internet privacy, a three-judge panel of the 6th U.S. Circuit Court of Appeals found that e-mail users have a reasonable expectation of privacy.

More: http://www.msnbc.msn.com/id/19294501/ 

Source: http://www.msnbc.msn.com/