01-15 December 2010



EU – Europe Tells Britain to Justify Itself Over Fingerprinting Children in Schools

The European Commission, acting on the concerns of the Article 29 Working Party, wants to know more about Britain’s collection of schoolchildren’s fingerprints, The Telegraph reports. More than 3,000 schools in the UK are using fingerprint technology to deduct students’ lunch payments and loan books, for example. In a letter to British authorities, the commission wrote, “We should be obliged if you could provide us with additional information both regarding the processing of the biometric data of minors in schools, with particular reference to the proportionality and necessity in the light of the legitimate aims sought to be achieved, and the issue concerning the availability of judicial redress.” [Source]

US – Fingerprint Scanner Use Raises Privacy Concerns in N.C.

Next month, 13 law enforcement agencies in the region will begin using a new handheld device that lets an officer scan a person’s fingerprints and seek a match in an electronic database – all without going anywhere. Police say taking fingerprints in the field will allow them to work more efficiently and safely. But the ACLU North Carolina in Raleigh worries that the device may allow officers to violate privacy rights. The ACLU is concerned about what will become of fingerprint scans that are sent to other databases, such as the National Crime Information Center. “Part of the danger is the idea of the government creating a database on its citizens,” said Sarah Preston, policy director for ACLU North Carolina. “Citizens should be allowed some degree of privacy.” But those concerns are unwarranted, said Sam Pennica, director of the City-County Bureau of Identification, the agency that processes fingerprints in Wake County and is providing the devices to local agencies. The software for the device, known as Rapid Identification COPS Technology, would not store fingerprints of any individuals, even those charged with a crime. “It will not retain the fingerprints of any individuals under any circumstances,” he said, adding that fingerprints would only be compared to those in the Wake County database. “They will not be submitted to any state or federal agency.” [Source]

AU – Australian Government Considering Fingerprint Technology for Poker Machines

The Australian government is considering using USB memory sticks that can recognize individual fingerprints in order to enforce loss limits on video poker machines. As part of a program designed to cut down on the risk of problem gambling in Australia, the government has made plans to implement a pre-commitment scheme that would require players to set a limit as to how much they’re willing to lose while playing the machines. Once that limit was reached, the players would no longer be able to play for a predetermined length of time. The USB key would have an advantage over a card system. According to Phillip Ryan, director of Responsible Gaming Networks, about one-third of players using a “smartcard” system in Canada shared their cards with other players as a way to get around spending limits. In addition, Ryan defending the USB key against charges that it would violate the privacy rights of players. Fingerprint data wouldn’t be stored in a central location; only the USB card would have the fingerprint as a method of activation. [Source]


CA – No Border Deal With U.S. Yet, Harper Says

While saying he has not reached a border-security agreement with the United States, Prime Minister Stephen Harper said his government is intent on bolstering “safety” measures and “economic access” to the United States. Mr. Harper has come under fire in the House of Commons for secretly negotiating a “security perimeter” deal with Washington that could affect the privacy rights of Canadians. Liberal leader Michael Ignatieff called on the Prime Minister to reveal the details of the negotiations the Conservative government has been conducting with the Obama administration. Last week, a flurry of leaked documents revealed what has been occurring behind the scenes. According to the documents, the title of the deal being negotiated is Beyond the Border: A Shared Vision for Perimeter Security and Competitiveness. It is supposedly to be signed by Mr. Harper and U.S. President Barack Obama in January. The agreement apparently would give the U.S. government more influence over Canada’s border security and immigration controls. Furthermore, Canada would share more information with U.S. law-enforcement agencies.[Source] [Ottawa crafts plan to ward off criticism over U.S. border deal]

CA – Canada’s Privacy Watchdog to Probe Treatment of Air Travellers

Canada’s privacy watchdog has launched a sweeping audit to find out whether the federal government is doing enough to protect the privacy of air travellers given the heightened focus on national security. Jennifer Stoddart said “identity management” for citizens and consumers in the online world remains a priority — but so do national-security issues. That’s why Ms. Stoddart’s office is conducting an air travel security audit focusing on the government agency in charge of passenger screening, she said in an interview. In the case of the new full-body airport scanners — dubbed “naked scanners” by detractors — the audit will determine whether the Canadian Air Transport Security Authority is following through on promises made to minimize the privacy intrusions of this new technology. For example, the agency agreed that no record of the image would be kept and no personal information, such as a passenger’s name or boarding pass number, would be associated with the scanned image. “We want to go back and see what’s happening a year later — if the commitments made by the government have been followed up,” said Ms. Stoddart. The air travel security audit will also look at the use of surveillance cameras at airports. “Some new issues include things like bar codes on boarding pass — how is this personal information managed,” Ms. Stoddart said. The audit will also revisit whether the Passenger Protect Program has adequate controls and safeguards in place to protect personal information. In November 2009, an earlier audit dealing exclusively with Canada’s no-fly list found “several concerns” with the program, which was introduced in 2007 to prevent people named on a “specified persons list” from boarding flights to or from Canadian airports. The 2009 audit found the deputy minister ultimately in charge of who is on the list was not provided with complete information to make informed decisions. Transport Canada, meanwhile, had not verified that airlines were complying with federal regulations related to the handling of the no-fly list, and there were no requirements that air carriers report to government security breaches involving personal information related to the no-fly list. The more exhaustive air travel security audit about how CATSA manages privacy issues, to be published next fall, was launched after Stoddart’s office published a reference document last month to provide guidance to government agencies and departments about how to integrate privacy protections with new public safety and national security objectives. [Source] See also: [TSA frisks groom children to cooperate with sex predators, abuse expert says]

CA – G20 ‘Massive Compromise of Civil Liberties:’ Ombudsman

Torontonians were effectively placed under martial law during the G20 Summit, says Ontario ombudsman Andre Marin. The provincial government’s decision to secretly invoke an obscure 1939 war measures law to give police extreme powers to detain, search and arrest people was likely unconstitutional and unnecessary, Marin says in his report, Caught in the Act, which was released this week. [Source]

CA – Privacy Amendments Lack Teeth, Critics Say

Privacy experts are applauding a bill currently before parliament that would require Canadian businesses to disclose when they lose customer data, but saying it must go further and also put penalties in place. Bill C-29 is currently before Parliament and if passed will reform PIPEDA. Amongst its revisions, the biggest change would be a breach notification requirement. Organizations would have to report to the Privacy Commissioner of Canada “any material breach of security safeguards involving personal information under its control.” If the breach creates a risk of significant harm to any individuals, then the organization must also inform those individuals. But the proposed bill doesn’t actually penalize organizations that fail to report. An article about the bill by McCarthy Tetrault LLP notes that Alberta’s recently enacted breach notification requirement in its Personal Information Protection Act included financial enforcement. Organizations can be fined up to $100,000 for failing to notify. The federal office should also use fines, says Michael Geist, an Internet law lawyer at the University of Ottawa. Otherwise some companies will be tempted to risk not disclosing to save on the bottom line. “It’s quite clear we need to have real penalties so part of that risk assessment is the real costs associated with it,” he says. Ann Cavoukian, the Information and Privacy Commissioner of Ontario, has the power to issue orders. It’s one she uses sparingly. “When we talk to companies, we always lead with the carrot,” she says. “You can avoid privacy harm and potentially save millions that a data breach will cost you, and avoid the loss of consumer confidence.” Still, it would be preferable for the federal office to have that power, Cavoukian says. “Having order making power is an enormous strength.” Bill C-29 passed its first reading in the House of Commons in October. If critics don’t like the reforms in the bill that may eventually pass, they’ll get another crack at it next year. In 2011, PIPEDA will undergo a mandatory five-year review. [Source]

CA – Ontario School Boards to Share Data on Violent Students

Ottawa’s regional school boards have pledged to follow a new protocol for assessing violent threats from students, and are promising to share information with each other when troubled students transfer between boards. Ottawa police said the community-based threat risk assessment protocol would mean earlier intervention with troubled students before situations escalate. The protocol was developed by traumatic stress consultant Kevin Cameron, who led the crisis response to the school shooting in Taber, Alberta in 1999, where one student died and another was wounded. Cameron said the incident changed the way schools react to threats to identify the more potentially serious ones from off-hand comments a student might make in a heated moment. Cameron said the protocol is all based on engaging students, rather than suspending them. “We’ve learned that by just talking earlier on rather than just blowing it off as a moment in time statement… we’ve been able to identify that there’s problems at home [or] maybe there’s a bullying issue going on that hasn’t been addressed,” he said. [Source]


US – Data-Miners Will Let Consumers See their Information

Online data and tracking companies are partnering to develop a service that lets internet users see and even edit what information has been collected about them. This first of its kind service, which will launch in January, is an attempt to head off an increasing amount of criticism and scrutiny regarding personal privacy on the Internet. The project, dubbed the “Open Data Partnership”, will let consumers view and edit the interests, demographic and other profile details collected about them. Details from eight online data and tracking information companies will included in the system, including Lotame Solutions Inc., BlueKai Inc., and eXelate. Big internet companies like Google Inc. and Yahoo Inc. and at least 100 tracking firms are not involved in the project. However, more tracking companies will join Open Data Partnership after it launches. Many of the data mining firms taking part in the project are among the biggest in the fast growing industry of tracking internet users, and have been profiled in mainstream media reports about online privacy. Scott Meyer explained “The government has told us that we have to do better as an industry to be more transparent and give consumers more control. This [Open Data Partnership] is a huge step in that direction”. [Source]

US – FBI Issues Alert For Barbie Doll With Video Camera

The FBI has issued a cyber crime alert on a new Barbie doll that comes with a hidden video camera. Mattel’s Barbie Video Girl has a video camera lens built into its necklace that can record up to 30 minutes of footage to be downloaded on a computer. Officials warned that it could possibly be used to produce child pornography, but said they don’t have any reported crimes. The FBI’s Sacramento office issued a report with the warning on the doll last month. FBI spokesman Steve Dupre said the alert was inadvertently sent to the media but was meant for law enforcement agencies advising them not to overlook the doll during any searches. [Source]


CA – Nova Scotia: Drivers’ Renewal Notices Could Come by Email

It won’t happen anytime soon, but Nova Scotians could be getting email reminders that their drivers licence or vehicle registration are due. Kevin Malloy, Service Nova Scotia and Municipal Relations Department deputy minister, said the current practice sees reminders of upcoming renewals mailed to residents. He said department staff have discussed the possibility of switching to email but would have to set up the process of collecting drivers’ email addresses. “We’re looking at it from a couple of perspectives,” Malloy said as he answered questions at the legislature’s public accounts committee Wednesday. “One is it’s an opportunity to reduce costs because you’re not mailing out hard copy forms. The second is that it simply is more convenient.” The department spends about $300,000 a year sending out 500,000 paper reminders of expiring licences and vehicle registrations. That cost includes the paper, ink for the printer, envelopes and postage. Malloy said the biggest issue with setting up an email system is that “people tend to do a pretty good job of (sending change of address notices) when they move, but they may not do such a good job of changing their email address when they go from one (service provider) to another.” He said New Brunswick, the only province using email reminders, has had issues with them bouncing back as undeliverable. [Source]


US – Sixth Circuit Says E-mail Protected by Fourth Amendment

A Sixth Circuit Court of Appeals ruled this week that e-mail is protected by the Fourth Amendment and that the government must have a search warrant to intercept and read e-mails, according to an Electronic Frontier Foundation media release. In its decision in U.S. v. Warshak, the court said that, like traditional forms of communication, e-mail “requires strong protection.” Tanya Forsheit, of the InformationLawGroup said that this is “another great example of how it takes the courts and the law years to catch up with technology.” As noted by the Sixth Circuit, said Forsheit, ‘given the fundamental similarities between e-mail and traditional forms of communication, it would defy common sense to afford e-mails lesser Fourth Amendment protection.’ And yet the law is just now getting there.” Forsheit says privacy professionals and lawyers play an essential role in educating the courts and legislators on changes in technology and what those changes mean for privacy in this country. [Source] [Source]

Electronic Records

AU – Leak of Draft E-Health Document Raises Privacy Concerns

Patients will have limited control of their medical information, as a leaked document shows consumer access will be confined to a portal. While Health Minister Nicola Roxon said consumers would “truly control” their personal electronic health records at her e-health forum last week, attendees did not see a draft concept of operations, showing a patient portal tacked on to a public/private providers’ shared e-health record system (SEHR). The confidential draft for the $467 million personally controlled e-health record (PCEHR) system was produced by the National E-Health Transition Authority, just before the forum. The Australian has obtained a key system design diagram, which shows there is no mechanism for consumers to manage access by their doctors. On the contrary, it appears providers will continue operating largely as they do now. An e-health analyst who examined the material said it revealed an SEHR with “an access path for the consumer” on top. “The diagram shows that while patients will have a window on some of their information, the routine flow between GPs, specialists, pathology and so on will remain unchanged,” he said. “It will also remain as invisible to the ordinary consumer as it always has been. “The present design also makes it clear that NEHTA plans — at the very least — to create a virtual repository of summary clinical information, with all the attendant hazards that brings.” Ms Roxon had said the PCEHR would not involve the creation of a “massive data repository”. Instead, the system would link data held in GPs’ systems, at the pharmacy and within hospitals. [Source]

US – Concern Raised Over Health Record Database

An Office of Personnel Management plan to launch a comprehensive database of federal workers’ health-care records has raised the ire of some privacy advocates, employee unions and consumer groups. The OPM is organizing a research database of insurance claims filed by the 8 million workers and dependents enrolled in the Federal Employees Health Benefits Program, as well as participants in two other federally administered programs. The claims data, which will be supplied by the private insurers that participate in the FEHBP, will help the OPM figure out ways to lower costs, improve quality and fight fraud, the agency has said. But critics – including the American Civil Liberties Union, Consumers Union and the American Federation of Government Employees – argue that the government should avoid setting up a repository of sensitive information that could be vulnerable to privacy breaches. At minimum, they say, the OPM should provide more information about how the database, the Health Claims Data Warehouse, will work and who will have access to it. [Source]

CA – Ontario Commissioner: Don’t Sweat E-Health Outsourcing

Ontario’s privacy watchdog says its rules protecting patient records are so tight, patients needn’t worry about them being vulnerable if London hospitals go ahead with a deal with a U.S. software giant. “You can outsource services, but you cannot outsource accountability (for privacy),” Ann Cavoukian said. Saying Ontario has “perhaps the best (health information) privacy law on the planet,” Cavoukian said the privacy-protection buck stops with the health-care system – so she’s not worried if the hospitals outsource electronic patient-record work to Cerner Corp. London Health Sciences Centre and St. Joseph’s Health Care have been negotiating an outsourcing deal with Cerner – it supplies services to 8,500 facilities worldwide, including some now to London hospitals — that could save the hospitals hundreds of thousands of dollars a year. The controversy surfaced when word got out the move could eliminate dozens of high-paying IT jobs at the hospitals. Cavoukian said the privacy laws clearly make custodians of personal health information responsible. “They are accountable. so you can bet they are going to insist these provisions are embedded in contractual provisions (with the service provider).” At Queen’s Park this week, Ontario New Democrat Leader Andrea Horwath said she fears patient confidentiality may be put at risk. Privacy concerns were also cited by Issam Thabit, a member of the hospitals’ IT team who stood to lose his job, but become a whistleblower and quit. [Source]

EU Developments

EU – EDPS Defines Strategy on EU Administration

Europolitics reports on plans to hold European institutions accountable for respecting the obligations of data protection laws. On Monday, European Data Protection Supervisor (EDPS) Peter Hustinx adopted a policy paper that sets a framework where the EDPS “monitors, measures and ensures data protection compliance in the EU administration.” To date, the EDPS has taken a non-punitive approach. The new framework is designed to encourage proactive compliance by cracking down on those who flout the law. [Source] See also: [E.U. privacy chief Reding to meet with U.S Attorney General Holder]

EU – Spanish Researchers Want to Tag Human Embryos With Bar Codes

Researchers from the Universitat Autonoma de Barcelona in Spain have just finished testing a method for imprinting microscopic bar codes on mouse embryos – a procedure they plan to test soon on humans. The venture is meant to avoid mismatches during in vitro fertilization and embryo transfer procedures. But privacy experts and children’s rights advocates were instantly concerned by the concept of “direct labeling” of embryos, calling for transparency in the process. “An embryo is a human life, so we have to move forward with this very, very cautiously,” Pam Dixon, executive director for the World Privacy Forum, told FoxNews.com. “Obviously we can’t ask the embryo what it wants, so the individual making the donation must consent to this as well as the individual receiving the donation. There’s got to be a lot of public discussion.” The researchers insist that their technique is perfectly safe, claiming that the bar codes simply evaporate as the embryo develops into a fetus. The bar codes aren’t hidden or concealed — in fact, they’re easily observed through a standard microscope, and the research team hopes to develop an automatic code reading system when they perfect their technique for labeling mouse embryos. And once that’s done, testing on human embryos will begin. [Source]

EU – Brussels Mulls Shortening Data Retention Periods

The European Commission is planning a review of the Data Retention Directive, which could include harmonisation and a reduction of the periods when public authorities can access citizens’ private electronic data for security reasons. “We may need to agree on more harmonised, and possibly shorter, retention periods,” said EU Internal Affairs Commissioner Cecilia Malmström in a conference on the Data Retention Directive. Her statement came as the EU executive prepares to publish, at the beginning of 2011, an evaluation report on the application of the directive, which is likely to lead to legislative amendments to tackle shortfalls that could possibly emerge. [Source]


US – DOJ’s “Hotwatch” Real-Time Surveillance of Credit Card Transactions

A 10 page Powerpoint presentation recently obtained through a Freedom of Information Act Request to the Department of Justice, reveals that law enforcement agencies routinely seek and obtain real-time surveillance of credit card transaction. The government’s guidelines reveal that this surveillance often occurs with a simple subpoena, thus sidestepping any Fourth Amendment protections. As the FOIA document makes clear, Federal law enforcement agencies do not limit their surveillance of US residents to phone calls, emails and geo-location information. They are also interested in calling cards, credit cards, rental cars and airline reservations, as well as retail shopping clubs. The document also reveals that DOJ’s preferred method of obtaining this information is via an administrative subpoena. The only role that courts play in this process is in issuing non-disclosure orders to the banks, preventing them from telling their customers that the government has spied on their financial transactions. No Fourth Amendment analysis is conducted by judges when issuing such non-disclosure orders. While Congress has required that the courts compile and publish detailed statistical reports on the degree to which law enforcement agencies engage in wiretapping, we currently have no idea how often law enforcement agencies engage in real-time surveillance of financial transactions. [Source]

CA – Alberta Justice Broke Privacy Laws: Commissioner

Alberta Justice broke the province’s privacy laws when it ran unauthorized credit checks on 25 employees, says the privacy commissioner. Commissioner Frank Work said the department has agreed an error was made and is satisfied steps have been taken so it doesn’t happen again. The investigation was launched when employees with the Maintenance Enforcement Program (MEP) lodged complaints about unauthorized credit checks. Work’s report said the credit checks were part of a 2009 internal investigation involving fraudulent cheques being cashed. There were concerns an employee was involved in the forgeries, says the report. “To rule out the risk of internal involvement,” officials with the MEP decided to get a credit report on all employees working in the program’s revenue unit. “They were able to determine the breach was an external one and they handed it over to police to investigate,” said Wayne Wood, spokesman for the Office of the Information and Privacy Commissioner. In his report, Work says officials with the MEP violated the Freedom of Information and Protection of Privacy Act. [Source]


WW – WikiLeaks: Do They Have A Right to Privacy?

Henry Stimson, a predecessor of Hillary Clinton as US Secretary of State, once remarked that “Gentlemen do not read each other’s mail”. If that remains the case, there must be precious few gentlemen left in the United States, and Barack Obama’s Administration must start by blaming itself for the mess it now finds itself in. The 250,000 dispatches and diplomatic cables revealed by WikiLeaks have, apparently, been on a Pentagon-run electronic database that could be accessed, quite properly, by at least tens of thousands and, possibly, hundreds of thousands of officials and military personnel with the appropriate security clearance. The intention appears to have been to ensure that information available to any one of the US’s intelligence agencies should be available to the whole of its intelligence community, in the national interest. While that was reasonable, it is disturbing that so little care was taken to ensure that highly sensitive material reached only those who needed to know. What is appalling is that the distribution system had got out of control and nobody seemed to notice. This incompetence does not entirely excuse WikiLeaks, however. Some of what has been revealed doesn’t matter very much and will irritate rather than alarm foreign governments. There isn’t an ambassador anywhere who is not reporting to his government with his personal opinions of the strengths and weaknesses, warts and all, of the presidents, prime ministers and politicians of the countries to which he is accredited. It all comes down to trust in government. This was, very sadly, deeply corroded in both the United States and in Britain by the controversies surrounding the Iraq war and the failure to find any weapons of mass destruction. That trust must be rebuilt. Presidents and prime ministers of democratic nations must be allowed private and secure dialogue as they try to resolve some of the most difficult problems the world has known. If they are not allowed this freedom, the likelihood is that we will all suffer. [Source] [Operation: Payback attacks can be tracked down]

Health / Medical

US – Vermont Urges SCOTUS to Overturn Second Circuit’s Medical Privacy Decision

The State of Vermont has petitioned the U.S. Supreme Court to review a Second Circuit Court of Appeals decision striking down the state’s prescription confidentiality law, according to an Electronic Privacy Information Center media release. The Second Circuit overturned the 2007 law last month in a split decision, saying it constituted “an impermissible restriction of commercial speech.” In the request for appeal filed this week, Vermont’s attorney general emphasized the importance of consistency across state boundaries, pointing out that 26 states are considering prescription confidentiality laws. [Source] For more information, see EPIC: IMS Health v. Sorrell and EPIC: IMS Health v. Ayotte.

CA – Yukon Health Survey Illegal: Ombudsman

The Yukon government’s latest health survey unfairly and illegally threatened to revoke people’s health-care coverage, according to the territory’s ombudsman. In a report released Monday, Tracy-Anne McPhee said this year’s Health Insurance Survey was “not done within the scope of the law” and targeted innocent Yukoners. The Yukon Health Department and the Yukon Bureau of Statistics have been jointly surveying health-care insurance recipients every year. This year’s survey was mailed out to 5,113 people in April. But those who received the surveys were alarmed when they saw the following statement on the attached cover letter: “If you do not sign and return this card, your health care could be cancelled.” “Whatever the intent of including that statement, some survey recipients clearly saw that as a threat,” McPhee stated in her report, adding that the survey was meant to be completed on a voluntary basis. [Source]

CA – Sask Health Regions Opt Out of Fundraising Over Patient Privacy Concerns

Saskatchewan’s health minister admits he may have underestimated public reaction to a change in privacy rules for hospital fundraising. The change announced by the provincial government in April allows health regions to automatically share patients’ names and addresses with hospital foundations that raise money. But more than half of Saskatchewan’s 13 health regions have opted not to go ahead in large part because of public outcry over privacy concerns. Privacy commissioner Gary Dickson said in April that families of patients were concerned about being directly solicited for donations. Some were worried that it could affect the care their loved ones received. Dickson said at least seven health regions so far are backing away from the idea and he has not yet heard a final decision from the remaining six. [Source]

Horror Stories

CA – Provincial Informants’ Identity Compromised

Alberta’s privacy commissioner is fuming over a string of lap top and cameras losses that included unsecured data on confidential government informants and children’s medical records. Frank Work said the theft of six digital devices and the misplacement of another in the span of six weeks have shown his repeated warnings of securing such material either physically or by encryption is largely falling on deaf ears. “It’s an endless source of frustration,” said Work, adding none of the devices had employed encryption that would prevent access to data. “With all the technology with encryption devices, why take the chance?”[Source] See also: [Medical records of 2,700 children stolen from Alberta Health Services] and [Sask. privacy czar: Faxing of private health info part of systematic problem]

US – Data Cards Missing from AZ Medical Center

Mountain Vista Medical Center in Mesa, AZ, has informed 2,284 endoscopy patients that their data was contained on compact memory cards that were discovered missing on October 13, reports The Arizona Republic. The cards hold names, dates of birth, genders and hospital medical record numbers of patients receiving endoscopy procedures between January of 2008 and October 2010. Though there was no financial data on the cards, the medical center warned patients to monitor their credit for fraudulent charges. The center has made changes to its security procedures and retrained all endoscopy unit employees on security and confidentiality. [Source] See also: [McDonald’s: Customer database hacked]

UK – ‘No Risk of Identity Theft’ After GAA Data Breach

More details have emerged about the Gaelic Athletic Association (GAA) data exposure involving the personal information of more than 500,000 members. A former employee of a company that ran the GAA database was arrested in connection with the stolen data but was released without charges. The thief sent copies of the GAA’s member database to Ireland’s data protection commissioner and the UK Information Commissioner’s Office (ICO). The ICO said in a statement that it is “working closely with the Police Service of Northern Ireland and the Data Protection Commission in the Republic of Ireland” to learn more. [Source]

US – Feds Find Common Link in Data Theft

More details have emerged in the theft of McDonald’s customer data. FBI agents are looking into similar events that may have originated with a marketing services provider based in Atlanta. FBI special agent Stephen Emmett said, “The breach is with Silverpop (Systems), an e-mail service provider that has over 105 customers.” Emmett added that the breach “appears to be emanating from an overseas location.” [Source] See also: [Veteran ‘shocked’ after receiving medical records of other military members]

US – Law Enforcement Files, Personal Information Released on the Internet

Mesa County is trying to figure out the extent of a security breach that put secure law enforcement files and some peoples’ personal information out on the internet for anybody to view. Officials say the error occurred while preparing for a future transition to a new software system for the Mesa County Sheriff’s Office. The person responsible has been let go, but the problem is just beginning for investigators. “It’s the county’s fault that it was there,” Sheriff Stan Hilkey said. Hundreds of thousands of pieces of personal information have been leaked onto an un-secure file-transfer website, or FTP.”We do know that some of them do contain social security numbers,” Hilkey said. Other information includes names and addresses of current and form sheriff’s office employees. The same information could be found for almost anyone who had been listed on a police report with the county. Also, some investigation files were leaked. [Source]

Identity Issues

CA – ID Request at Gas Station Riles Driver

David Menzies came close to being arrested Saturday after refusing to give his driver’s licence to a cashier at a Petro-Canada station. The freelance journalist says he thought the request was odd, but he took his licence out of his wallet to show the cashier so he didn’t hold up the people in line behind him. But when the clerk insisted it was company policy that he had to write down the licence numbers, Menzies refused. “This is a document I share with two parties only. The police and the MTO (ministry of transportation Ontario). If someone gets a licence and a credit card number, those are the keys to the castle in terms of identity theft.” Menzies decided to forget about the candy and lottery tickets so his purchase would be under $100. Menzies says he would like the Ontario privacy commissioner to look into this matter. “Any retailer asking to record driver’s licence info is surely out of line. I say we expose this given the rampant upswing in ID theft these days,” he says.” I’m still shaking over this.” It is not company policy to demand a driver’s licence for a purchase over $100, says Petro-Canada spokesman Michael Sutherland. [Source]

US – UPS to Require Photo IDs for Shipping Packages

UPS is now requiring photo identification from customers shipping packages at retail locations around the world, a month after explosives made it on to one of the company’s planes. The Atlanta-based package courier said the move is part of an ongoing review to enhance security. The directive will apply at The UPS Store, Mail Boxes Etc. locations and other authorized shipping outlets. UPS customer centers have required government-issued photo identification since 2005. [Source]

EU – False Facebook Profile – French Court Awards Damages

A French Court has awarded €1,500 privacy damages against a person who created a false Facebook profile of a French actor and comedian. On 24 November 2010, the Tribunal de Grande Instance de Paris gave judgment in the case of Omar S v Alexandre P. The applicant was Omar Sy a well known television actor and comedian.  A “false profile” of him had been created on Facebook site, illustrated with a photograph of him and containing contains the comments he was supposed to have have posted and the replies to “friends” who had accessed the site. [Source]

Internet / WWW

IN – Now, You Can Track Your Lost Laptop

To allow law enforcement agencies access a novel method of tracking and recovering lost laptops, leading anti-virus solution provider Quick Heal launched a service. All that a laptop owner has to do is register with ‘Quick Heal’ on its website for the service through Mac-id and it keeps continuous track of where the laptop is. If the laptop is stolen the tracker service traces it on the basis of Mac-id and IP addresses. This information can then be used by the police to track the laptop down and retrieve it, said the company press release. The method is aimed at helping police by providing them an interface with the website. [Source] See also: [Vancouver police take to Twitter]

WW – Botnets, Web Threats Take Center Stage In Security Report

Symantec’s MessageLabs has released its annual security report, and it’s not pretty. Not only does the MessageLabs Intelligence: 2010 Annual Security Report reveal concerning malware trends for 2010, but the sneak peek at what 2011 might hold isn’t very comforting either. Like the recent report from McAfee, the MessageLabs security report finds that new malware was detected at an alarming rate in 2010. The MessageLabs press release explains, “In 2010, there were more than 339,600 different malware strains identified in malicious emails blocked, representing over a hundred-fold increase since 2009. This massive increase is largely due to the growth in polymorphic malware variants, typically generated from toolkits that allow a new version of the code to be generated quickly and easily.” Two of the findings in the MessageLabs report are indicators of an overall trend in malware. First, as businesses and consumers continue to migrate to the cloud, and as users spend more time online–whether from a desktop or laptop PC, or from a tablet or smartphone –the Web is emerging as a primary platform for attacks. [Source]


NZ – Commissioner Concludes WiFi Investigation

The Privacy Commissioner of New Zealand has concluded her investigation into Google’s collection of data from WiFi networks while photographing cities for its Street View feature. Privacy Commissioner Marie Shroff said that the company breached New Zealand privacy law when it collected the content of people’s communications and has acknowledged that it “went about things the wrong way.” Shroff said she is “pleased that Google has taken full responsibility for the mistakes it made here and that it has improved its practices to prevent future privacy breaches. This includes training their staff better and checking new products carefully before they’re released.” [Source] [NZ: Google apologises for privacy breaches]

WW – Geist: Location Matters Up in the Cloud

The Wikileaks disclosure of hundreds of U.S. diplomatic cables dominated news coverage last week as governments struggled to respond to public disclosure of sensitive, secret information. One of the most noteworthy developments was Amazon’s decision to abruptly stop hosting the Wikileaks site hours after U.S. Senator Joe Lieberman exerted political pressure on the company to do so. Amazon is best known for its e-commerce site, yet it is also one of the world’s leading cloud computing providers, offering instant website hosting to thousands of companies and websites. In recent years, the combination of massive computer server farms in remote locations and high speed networks have enabled cloud computing to emerge as a critical mechanism for offering online services and delivering Internet content. After Amazon pulled the plug, Wikileaks quickly shifted to a European host, demonstrating how easily sites can shift from one cloud provider to another. Although it seems counter-intuitive to consider the physical location of cloud computing equipment when discussing services that by their very definition operate across borders in the “cloud”, the Wikileaks-Amazon incident provided an important reminder that location matters when it comes to cloud computing. The notion of cloud forum shopping is relatively new, but likely to become more important as legal rules have a direct effect on cloud services and public confidence in them. Interestingly, Canada is well-positioned to emerge as a cloud computing leader in a world where service providers compete at least in part on regulatory frameworks. [Source] [Canada can be a cloud leader thanks to PIPEDA]


PH – Bill To “Sharpen the Country’s Competitive Edge”

The author of data protection legislation is confident that its passage will help solidify the Philippines’ position as a global leader in business process outsourcing, a sector that is expected to produce hundreds of thousands of new jobs in the region over the next five years, Inquirer.net reports. “We are absolutely confident that more companies around the world will subcontract their business support jobs to Philippine providers once the proposed Act Protecting Individual Personal Data in Information and Communications Systems is decreed,” said House Deputy Majority Leader Roman Romulo. “This will sharpen the country’s competitive edge in BPO activities, besides reinforcing consumer trust and user confidence in electronic commerce,” he said. [Source]

UG – Uganda: Newspaper Outs Gays, Calls for their Death

A Ugandan newspaper that “outs” people it says are gay and has called for them to be hanged said on Tuesday it would use a two-week window before a court verdict on its activities to continue with its campaign. Three gay activists who were featured in the publication secured an interim injunction on Nov. 1 stopping the newspaper from publishing such photos on privacy grounds. The paper has published some images under the headline “Hang them.” [Source]

Online Privacy

WW – Microsoft Builds Online Tracking Blocking Feature Into IE9

Microsoft is building an anti-tracking function into its upcoming version of Internet Explorer. The new feature will let users keep lists of websites that track what they do online, and block any site from logging their web activity, the company announced. The new feature, called “Tracking Protection,” will be bundled into IE9’s next beta release early next year, and is intended to give users control over what widgets and scripts display – and pull in data – when they visit a given website. The announcement comes just a week after the Federal Trade Commission castigated the online-ad industry for not regulating itself and dragging its feet on being transparent with users about the data they collect and how they use it. [Source] [Microsoft Announced Do Not Track Feature for IE9] [‘Do Not Track’ idea rattles ad industry] [New York Times Editorial – Protecting Online Privacy]

WW – History Sniffing: How YouPorn Checks What Other Porn Sites You’ve Visited

YouPorn is one of the most popular sites on the Web, with an Alexa ranking of 61. Those who visit the homemade-porn featuring site — essentially, a YouTube for porn enthusiasts — are subject to scrutiny, though, of the Web tracking variety. When a visitor surfs into the YouPorn homepage, a script running on the website checks to see what other porn sites that person has been to. How does it work? It’s based on your browser changing the color of links you’ve already clicked on. A script on the site exploits a Web privacy leak to quickly check and see whether your browser reveals that the links to a host of other porn sites have been assigned the color “purple,” meaning you’ve clicked them before. YouPorn did not respond to an inquiry about why it collects this information, and tries to hide the practice by disguising the script with some easy-to-break cryptography. The porn site is not alone in its desire to know what other websites visitors have visited. A group of researchers from the University of California – San Diego trolled through the Web’s most popular sites to see which ones were collecting this information about visitors. They found it on 46 other news, finance, sports, and games sites, reporting their findings in a paper with the intimidating title, “An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications.” The researchers who wrote the paper identifying this practice call it “history hijacking” or “history sniffing.” Mozilla, the foundation behind Web browser Firefox, calls it the “CSS: visited history bug.” It’s a bug that’s been discussed in developer circles for over a decade. Some browsers have fixed the bug. If you’re surfing using Chrome or Safari, this script doesn’t work. Firefox has fixed it in its newest version (for a long explanation as to how, see this post on the Mozilla security blog.) Internet Explorer, the most popular browser out there, is vulnerable to the history sniffing (though you can prevent it by going through the slightly onerous step of activating InPrivate Browsing, according to a spokesperson. That feature also blocks ad networks’ cookies.) [Source]

WW – Consumers Want Targeted Marketing: Facebook

Today’s consumers feel it’s “their right” to receive personalized messages from marketers, says the new managing director of Facebook Canada. “Isn’t that the consumer’s expectation these days? We’re in this era of … this two-way conversation that every consumer feels is their right,” said Jordan Banks during a public interview at the NextMedia digital media industry conference in Toronto. “Whenever they interact with a brand these days, they want to have a say, they want to be treated … personally and they want to be talked to in a timely and relevant manner.” He called the rise of platforms like Facebook — which has more than 500 million users worldwide and is visited by 10 million Canadians daily — a “paradigm shift” that provides a “huge commercial opportunity.” “The social web has opened us all up to very targeted and relevant and personalized messaging that allows us to develop these very meaningful and rich relationships with brands.” Banks downplayed privacy concerns, saying no personally identifiable information is ever provided to marketers, no one can talk to users individually unless they volunteer, and marketers can’t engage users without informing them what data they want. [Source]

Other Jurisdictions

NZ – International Privacy Leaders To Meet 6-8 December 2010, Auckland

In mid-December, the Privacy Commissioner Marie Shroff hosted privacy leaders from around the Asia-Pacific region to discuss the latest international data protection issues. For the first time the US and Mexico will be attending the Asia Pacific Privacy Authorities Forum (APPA) as members. Mexico and the US Federal Trade Commission have very recently joined the APPA Forum. The focus was on international developments in cross-border protection of data and how we can further promote data-safe business practices,” said Ms Shroff. The APPA Forum looked at:

  • Web 2.0 technologies and privacy regulation such as FTC action on social networking sites including Twitter’s security practices that left users vulnerable to hackers
  • direct marketing and privacy, including the sale of data from Hong Kong’s public transit Octopus card for marketing purposes
  • credit reporting and privacy
  • international privacy developments
  • international cross-border privacy enforcement. [Source]


Privacy (US)

US – FTC Staff Report: Web Privacy ‘Inadequate’

The FTC weighed in on the issue of Internet privacy, calling for development of a “do not track” system that would enable people to avoid having their actions monitored online-prompting immediate objections from the online-advertising industry. “Self regulation of privacy has not worked adequately and is not working adequately for American consumers,” said FTC Commissioner Jon Leibowitz. “We deserve far better.” The FTC endorsed a report by its staff that faulted the industry for not doing enough to protect consumer privacy online. Mr. Leibowitz said the FTC isn’t calling for legislation yet but pointed to the report as a recommendation for lawmakers. “A legislative solution will surely be needed if industry doesn’t step up to the plate,” Mr. Leibowitz said. The FTC report suggests that the most practical method of providing a do-not-track system would be to include a setting in Web-browsing software that would broadcast people’s desire not to be tracked. Major Web browser makers including Microsoft Corp., Google Inc., Mozilla Corp. and Apple Inc. have experimented with do-not-track tools in their browsers, Mr. Leibowitz said. “We’re going to give these companies a little time but would like to see them work a lot faster,” he said. Privacy advocates cheered the report. “The FTC finally gets it- consumer privacy is seriously at risk online and off,” said Jeffrey Chester, director of the Center for Digital Democracy. However, the $23 billion online ad industry immediately rejected the FTC’s proposal. Mike Zaneis, senior vice president at the industry’s lobbying group, the Interactive Advertising Bureau, said the industry already provides the “functional equivalent” of a do-not-track system with its website, Aboutads.info, which allows people to “opt out” of receiving targeted ads from nearly 60 companies. Mr. Zaneis said consumers wouldn’t benefit from turning off tracking because “consumers depend on sharing of data … to customize news sites, optimize Web services such as social networks, and provide relevant content and advertising across the Web.” Advertisers said restricting tracking could limit the ability of websites to offer free content that is paid for by advertising. The FTC report also calls for companies to provide “just in time” notice to consumers if they plan to use people’s data in a way that is “not commonly accepted” and for companies to give people “reasonable access” to data collected about them. The report challenged the notion that data collected by tracking companies is benign because it doesn’t include user’s names. The report says the distinction between data containing personally identifiable information and anonymous data is becoming less meaningful. As a result, the FTC report says its recommendations apply to the collection of any data that can be “reasonably linked to a specific consumer, computer or other device.” The ad industry’s current opt-out system prevents only the use of tracking data for advertising purposes, not the collection of tracking data. The FTC supports being able to “opt out of data collection, not [just] out of targeted advertising,” said Jessica Rich, the deputy director of the FTC’s Bureau of Consumer Protection.The FTC is seeking comments on its privacy recommendations and will issue a final version of its report next year. Mr. Leibowitz said the report “is not a template for enforcement.” He added: “At this point I think we’re making recommendations for best practices.” [The Wall Street Journal] [Feds propose tough new rules to limit online ‘tracking’]

US – The Evolution of Privacy Breach Litigation

On the Concurring Opinions blog, Sasha Romanosky outlines a pattern that has emerged in privacy breach litigation over the past several years. Citing existing analyses on the topic, Romanosky characterizes three types of breach lawsuits–the classic “you lost my data” suits, where the plaintiffs must prove they have been harmed; the “intentional disclosure” suits, where “the legal focus shifts from the plaintiff’s harm to the defendant’s behavior,” and the increasingly common “unauthorized collection” suits, where plaintiffs claim that organizations “knowingly and willfully collected their personal information.” The categories “tell an interesting story of how the landscape of privacy breaches and breach litigation is evolving,” Romanosky writes. [Source]


US – NASA Sold PCs Without Wiping Sensitive Data

NASA has revealed that 10 computers used for its space shuttle program were sold to the public without being wiped of sensitive data. Another computer that was confiscated before it could be sold contained information on space shuttle-related technology, which was subject to export control by the International Traffic in Arms Regulations. In addition, computers that were being prepared for sale were found at the Kennedy Space Center’s disposal facility with NASA’s Internet Protocol information prominently displayed, which the investigators said could provide hackers with details they needed to target NASA network assets and exploit weaknesses.[Source]

US – Most Employees Expose Sensitive Info When Working Outside Office

Two-thirds of employees put sensitive data at risk when working outside the workplace, and some workers even expose highly regulated and confidential information such as customer credit card and Social Security numbers, according to a recent study. Additionally, the majority of companies do not have policies or measures in place to protect sensitive information from computer screen snooping when employees are working in public places, according to The Visual Data Breach Risk Assessment Study, conducted by People Security and commissioned by 3M, the maker of privacy filters for computers and mobile devices. The study included a survey of 800 working professionals and an experiment at a large IT conference where computer usage habits and data security choices were observed. The latest smartphones now make it possible for a data thief to take a high-resolution picture of confidential information on a computer screen and retrieve data without having to hack into anything. He said the information revealed on mobile devices outside the workplace now gives a thief a window into a company’s most confidential data, greatly increasing the possibility of visual data breaches. The study also examined how privacy concerns affect employee productivity when they work outside the office. 57% of workers surveyed said they’ve stopped working on their laptops in a public place because of privacy concerns and 80% thought that “prying eyes” posed at least some risk to their organizations. [Source]


UK – Britain’s Move Towards A Surveillance Society Intensifying, Report

According to a new report by the Surveillance Studies Network (SSN), Britain’s move towards a surveillance society are expanding and intensifying. Information commissioner Christopher Graham has urged the Prime Minister to introduce new privacy safeguards for the citizens after the report. The report was prepared on behest of the Commons home affairs committee and is an update to a similar report published in 2006. The report in 2006 has resulted in earlier commissioner warning that the Britain was “sleepwalking into a surveillance society”. SSN now says that the warning is no less cogent in 2010 than it was then. The report took note of unmanned drones being used by cities, full body search scanners and workplace surveillance techniques as troublesome indicators upcoming trends. British citizens are already the most-watched citizens in the democratic world due to use of techniques and tools such as CCTV, cameras that track vehicles, vast government databases and the sharing of personal data, the report said. The use of technology for such type of surveillance decreases what one expects of privacy, according to the report. A government spokesperson has responded by saying that the authorities are committed to rolling back the `state intrusion’. [Source]

US – Florida: The Legality of Posting Surveillance Video to Shame Your Neighbour

Sometimes, when your neighbor throws a bag full of dog crap into your bushes every single day while walking his dog, you need to fight back. Here is what one guy did (See source for Video). As discussed in The New York Times, the man who made the video above is Steve Miller of Palm Beach Gardens, Fla. The Times says that in so doing, Miller joined the ranks of outraged homeowners who are recording their neighbours’ misdeeds. Attracted by the declining prices and technological advances of such devices, these homeowners are posting the videos online to shame their neighbours or using them as evidence to press charges. Tara Krieger of the Legal As She is Spoke blog posted on the legality of posting such videos, identifying two key issues:

(1) Under what circumstances may private citizens set up hidden cameras?; and

(2) Can private citizens then upload unauthorized footage of others to the Internet?

Looking at Miller’s situation, Krieger writes that for private citizens, the First Amendment often protects this type of freedom of expression. In addition, Florida is not among those states that have enacted statutes banning the use of surveillance cameras in “private places” where one would have a “reasonable expectation of privacy,” and a public sidewalk probably would not fit that definition, anyway. In short, Krieger says, Miller “can rest assured that in taking pains to film and show what was on his own property, his revenge against the poop dropper was legal.” [Source]

US – California Allows “Driver Cams” Starting in 2011

In the name of vehicle safety, California Assembly Bill 1942 will permit among other things “driver cams” to be mounted on vehicle windshields beginning on January 1, 2011. Formally known as “video event recorders,” these devices can continuously record audio, video, and G-force levels in a digital loop in order to help identify bad driver habits or other factors that lead to vehicle accidents. Well intended, the new law certainly will create a range of privacy issues for employers, particularly those in the transportation and delivery business. Specifically, the law will permit the monitoring of driver performance through video event recorders so long as the following are satisfied:

§         Size limitation – The recorder must be mounted either (i) in a seven-inch square in the lower corner of the windshield farthest removed from the driver, (ii) in a five-inch square in the lower corner of the windshield nearest to the driver and outside of an airbag deployment zone, or (iii) in a five-inch square mounted to the center uppermost portion of the interior of the windshield.

§         Notice requirement – A notice must be posted in a visible location informing passengers that their conversations may be recorded.

§         Length of recording – No more than 30 seconds may be recorded before or after a triggering event, e.g., a collision.

§         Driver for hire rights – Employers that install a video event recorder in vehicles of their employees driving for hire must provide those employees with unedited copies of the recordings upon the request of the employee or the employee’s representative. These copies must be provided free of charge to the employee and within five (5) days of the request.

There are a number of obvious issues that face employers interested in utilizing video event recorders, such as not knowing what information will be captured by these devices and how to discipline employees who violate policy as shown in the recording. There are other less obvious issues which employers should consider when deciding to implement this technology. For example, the law does not provide a period after which employees can no longer request a copy of the recording. This raises the question of how long recordings must be maintained. Another concern is whether information captured in a recording could be used against the employer, such as in a wage and hour class actions or violations of common carrier or vehicle safety requirements. Because the law is designed to address vehicle safety, a question exists as to whether the law implies a training requirement on employers aware of bad driving habits of employees from the recordings. [Source]

WW – All US-Bound Airlines Join Program to Check Passenger Info Against Watchlists

All 197 airlines that fly to the U.S. are now collecting names, genders and birth dates of passengers so the government can check them against terror watch lists before they fly, the Obama administration announced. Getting all air carriers that travel to or through the U.S. to provide this information marks a milestone in the U.S. government’s counterterrorism efforts and completes one of the 9-11 Commission’s recommendations. The program, called Secure Flight, has been delayed for years because of privacy concerns and went through three versions before it was approved. It’s designed to give U.S. authorities more time to identify and remove suspected terrorists from flights and reduce instances when passengers are mistaken for people on terror watch lists. Misidentification of passengers has been one of the biggest inconveniences in post-Sept. 11 air travel, and widely known for putting thousands of innocent travellers and well-known figures like former Sen. Ted Kennedy, through extensive searching and questioning before they were allowed to fly. Previously, airlines have been responsible for checking the passenger lists against terror watch lists. But the airlines did not have any information other than a name. Now the screening is done by the Transportation Security Administration. The more information available about a passenger, the less likely a passenger will be mistaken for someone on a watch list. When someone makes a flight reservation, that information goes to the Secure Flight database within seconds. [Source]

Telecom / TV

WW – Race Is On to ‘Fingerprint’ Phones, PCs

David Norris wants to collect the digital equivalent of fingerprints from every computer, cellphone and TV set-top box in the world. He’s off to a good start. So far, Mr. Norris’s start-up company, BlueCava Inc., has identified 200 million devices. By the end of next year, BlueCava says it expects to have cataloged one billion of the world’s estimated 10 billion devices. Advertisers no longer want to just buy ads. They want to buy access to specific people. So, Mr. Norris is building a “credit bureau for devices” in which every computer or cellphone will have a “reputation” based on its user’s online behavior, shopping habits and demographics. He plans to sell this information to advertisers willing to pay top dollar for granular data about people’s interests and activities. Device fingerprinting is a powerful emerging tool in this trade. It’s “the next generation of online advertising,” Mr. Norris says. It’s tough even for sophisticated Web surfers to tell if their gear is being fingerprinted. Even if people modify their machines-adding or deleting fonts, or updating software-fingerprinters often can still recognize them. There’s not yet a way for people to delete fingerprints that have been collected. In short, fingerprinting is largely invisible, tough to fend off and semi-permanent. Mr. Norris became CEO and spun off BlueCava to market device fingerprinting both to fraud-prevention and online-ad firms. Eventually, he hopes Blue Cava can fingerprint everything from automobiles to the electrical grid. In October, Texas billionaire Mark Cuban led a group of investors who put $5 million into BlueCava. BlueCava embeds its technology in websites, downloadable games and cellphone apps. Later this year, BlueCava plans to launch its reputation exchange, which will include all the fingerprints it has collected so far. Unlike most other fraud-prevention companies, BlueCava plans to merge its fraud data with its advertising data. Rivals say they don’t mix the two types of data. Mr. Norris says collecting that data is “standard practice” in the online-ad business. Blue Cava also is seeking to use a controversial technique of matching online data about people with catalogs of offline information about them, such as property records, motor-vehicle registrations, income estimates and other details. It works like this: An individual logs into a website using a name or e-mail address. The website shares those details with an offline-data company, which uses the email address or name to look up its files about the person. The data company then strips out the user’s name and passes BlueCava information from offline databases. BlueCava then adds those personal details to its profile of that device. As a result, BlueCava expects to have extremely detailed profiles of devices that could be more useful to marketers. In its privacy policy, BlueCava says it plans to hang onto device data “for the foreseeable future.” Advertisers are starting to test BlueCava’s system. Mobext, the U.S. cellphone-advertising unit of the French firm Havas SA, is evaluating BlueCava’s technology as a way to target users on mobile devices. “It’s a better level of tracking,” says Rob Griffin, senior vice president at Havas Digital. Phuc Truong, managing director of Mobext, explains that tracking on cellphones is difficult because cookies don’t always work on them. By comparison, he says, BlueCava’s technology can work on all phones. “I think cookies are a joke,” Mr. Norris says. “The system is archaic and was invented by accident. We’ve outgrown it, and it’s time for the next thing.” [The Wall Street Journal]

US Government Programs

US – Government Reports Violations of Limits On Spying Aimed at U.S. Citizens

The federal government has repeatedly violated legal limits governing the surveillance of U.S. citizens, according to previously secret internal documents obtained through a court battle by the American Civil Liberties Union. In releasing 900 pages of documents, U.S. government agencies refused to say how many Americans’ telephone, e-mail or other communications have been intercepted under the Foreign Intelligence Surveillance Act – or FISA – Amendments Act of 2008, or to discuss any specific abuses, the ACLU said. Most of the documents were heavily redacted. However, semiannual internal oversight reports by the offices of the attorney general and director of national intelligence identify ongoing breaches of legal requirements that limit when Americans are targeted and minimize the amount of data collected. The documents note that although oversight teams did not find evidence of “intentional or willful attempts to violate or circumvent the law . . . certain types of compliance incidents continue to occur,” as a March 2009 report stated. The unredacted portions of the reports refer only elliptically to what those actions were, but the March 2009 report stated that “information collected as a result of these incidents has been or is being purged from data repositories.” All three reports released so far note that the number of violations “remains small, particularly when compared with the total amount of activity.” However, as some variously put it, “each [incident] – individually or collectively – may be indicative of patterns, trends, or underlying causes, that might have broader implications.” and underscore “the need for continued focus on measures to address underlying causes.” The most recent report was issued in May. In a statement Thursday, the ACLU said that violations of the FISA Amendments Act’s “targeting and minimization procedures . . . likely means that citizens and residents’ communications were either being improperly collected or ‘targeted’ or improperly retained and disseminated.” The ACLU has posted the documents on its Web site. [Source]

US – Service Members Face New Threat: Identity Theft

The government warns Americans to closely guard their Social Security numbers. But it has done a poor job of protecting those same numbers for millions of people: the nation’s soldiers, sailors, airmen and Marines. At bases and outposts at home and around the world, military personnel continue to use their Social Security numbers as personal identifiers in dozens of everyday settings, from filling out health forms to checking out basketballs at the gym. Thousands of soldiers in Iraq even stencil the last four digits onto their laundry bags. All of this is putting members of the military at heightened risk for identity theft. That is the conclusion of a scathing new report written by an Army intelligence officer turned West Point professor, Lt. Col. Gregory Conti. The report concludes that the military needs to rid itself of a practice that has been widespread since the 1960s. [Source]

Workplace Privacy

CA – B.C. Labour Board Backs 2 Firings Over Facebook Comments

Two workers at a B.C. car dealership were sacked for what they wrote about their employer and their managers on Facebook. And the B.C. Labour Relations Board has upheld their dismissal. The incident, which occurred in Pitt Meadows just east of Vancouver, is believed to be the first such case in Canada. “It’s the first Facebook case that has made it to hearing,” said Donald Richards, the lawyer who handled it for the employer, but he added there are likely plenty more to come. “I think they’re in the hopper now.” In this case, the two employees left few defamatory stones unturned. One or the other slagged their employer, accusing the business of being crooked, accused managers of performing homosexual acts together and mused about committing acts of violence against them. In addition, some of the posts were made from computers at the business and one of the managers in question was a Facebook “friend” of the two, at least for part of the time in question. [Source] See also: [No-Facebook experiment yields dramatic results] [US Man charged with hacking women’s Facebook accounts, posting nude photos] [Facebook Seeks Friends in Washington Amid Privacy Talk] [As Bullies Go Digital, Parents Play Catch-Up] [Opinion: Where Anonymity Breeds Contempt]

NO – Boss Orders Female Staff to Wear Red Bracelets When They Are on their Periods

A boss in Norway has ordered all female staff to wear red bracelets during their periods – to explain why they are using the toilet more often. The astonishing demand was revealed in report by a workers’ union into ‘tyrannical’ toilet rules in Norwegian companies. The study claimed businesses were becoming obsessed with lost productivity due to employees spending too much time answering the call of nature. It found 66 per cent of managers made staff ask them for an electronic key card to gain access to the toilets so they could monitor breaks. Toilets in one in three companies were placed under video-surveillance, while other firms made staff sign a toilet ‘visitors book’, the report by the Parat union said. It added: ‘But the most extreme action was taken by one manager who made women having their period wear a red bracelet to justify more frequent trips to the loo. ‘Women quite justifiably feel humiliated by being tagged in this way, so that all their colleagues are aware of this intimate detail of their private life.’ The report, which did not name the firm imposing red bracelets on female staff, has now been passed on to Norway’s chief consumer ombudsman Bjorn Erik Thon. He said: ‘These are extreme cases of workplace monitoring, but they are real. ‘Toilet Codes relating to menstrual cycles are clear violations of privacy and is very insulting to the people concerned. ‘We receive many complaints about monitoring in the workplace, which is becoming a growing problem as it is so often being used for something other than what it was originally intended for. ‘We will be carrying out a full review of the rules surrounding employment and privacy over the coming year.’ [Source]



Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: