A recent call has been made for the United States to create a federal privacy agency to promote the protection of personal privacy and implement the more internationally recognized principles of Fair Information Practices. In an article prepared for the Enforcing Privacy Rights Symposium, on November 15 and 16, 2002, Robert Gellman presented the idea of the establishment of the Privacy Protection Board.
With consideration given to the history of the Civil Rights Commission, the Privacy Protection Board would be an independent agency of the executive branch without regulatory powers. Gellman argues that establishment of the Board is needed as no existing American institution plays the role of fact finder, investigator, policy resource, and opinion leader for privacy. The Board's members would be appointed by the President, and confirmed by the Senate. Its most important mission would be to promote the adoption and implementation of protections for personal privacy and principles of Fair Information Practices. Such principles include collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability.
The European Union is the world leader on data protection and on national data protection agencies. Today, each EU member state has a data protection authority, as do more than a dozen other countries. To be without a data protection agency put the US to a disadvantage, as the resolution of many international privacy matters come principally through the cooperation of national privacy agencies. No country that established a data protection agency has later abolished it.
For more on this article as well as the Draft Privacy Protection Board Legislation in the article's Appendix, see:
Sypmosium: Enforcing Privacy Rights: Remedying Privacy Wrongs--New Models: A Better Way to Approach Privacy Policy in the United States: Establish a Non-Regulatory Privacy Protection Board, 54 Hastings L.J. 1183 (April, 2003).
The Financial Services Roundtable is creating an Identity Theft Assistance Center to help fight the rising incidence of the crime. Under the program, expected to launch on May 1, 2004, people who believe they are victims of identity theft would make one phone call to their local bank, which in turn would contact the assistance center. The Roundtable represents 100 institutions handling about 70 percent of the economy's financial transactions. Wells Fargo & Co. is heading the poilot program.
EPIC is spearheading a coalition that plans to write a letter to ICANN asserting that individuals and small-business owners should be able to buy domain names without being required to divulge their mailing address, phone number and e-mail address. More than 50 consumer and civil liberties organizations from around the world have written to the Internet Corporation for Assigned Names and Numbers (ICANN) President to urge him to limit the use and scope of the WHOIS database to its original purpose - the resolution of technical network issues - and to establish strong privacy protections based on internationally accepted privacy standards. ICANN is currently meeting in Carthage, Tunisia, to discuss the WHOIS database, which broadly exposes domain registrants' personal data to a global audience, including criminals and spammers.
The U.S. Library of Congress has created new narrow exemptions to the Digital Millenium Copyright Act, a digital piracy statute that makes it illegal to crack digital copyright protections. In reviewing the act, regulators created four instances where it would be legal to crack digital protections. One can now legally crack codes to access lists of sites blocked by commercial Internet filtering software, but not spam-fighting lists; computer programs protected by hardware dongles that are broken or obsolete; computer programs or video games that use obsolete formats or hardware; and e-books that prevent read-alound or other handicapped access formats from functioning. The move was still
criticized by free-speech activists, who had hoped for more exceptions.
Two articles published in the San Francisco Chronicle concern the growing practice of American companies "offshoring" personal information to India and other countries for processing. In the first, David Lazarus reports that a Pakistani clerk threatened to reveal individuals' medical information unless she was paid more money. The clerk was eventually paid and later promised not to disseminate any personal information.
The American Association for Medical Transcription estimates that 10 percent of all U.S. medical transcription work is done overseas.
In the second story, Lazarus reports that tax returns are being sent offshore for processing. Some US accountants are scanning in tax records, and transmitting them to tax preparers in India.
The U.S. Postal Service annouced today that it will withdraw notice of a sender identification program issued last week. In a statement issued today, the Postal Service announced:
"The Postal Service will withdraw a Federal Register notice because
its issuance has caused misunderstanding in some quarters.
"Sender-Identified Mail: Enhanced Requirement for Discount Rate Mailings,"
a notice intended to clarify business customer information, will be reissued.
The deadline to submit tutorial, plenary session, and workshop proposals to the Computers, Freedom, and Privacy (CFP) 2004 Conference Program Committee is Friday, October 31. CFP is to be held in Berkeley, California from April 20-23, 2004.
If credit reporting agencies and creditors were liable for the losses caused when they report the transactions of identity thieves as the transactions of the consumer victims, they would have greater incentives to take more aggressive steps to reduce incidences of identity theft. This is the argument put forward by Jeff Sovern, professor of law at St. John's University School of Law, in his article The Jewel of Their Souls: Preventing Identity Theft Through Loss Allocation Rules, published in the Winter 2003 edition of the University of Pittsburgh Law Review.
The current reality of identity theft is that those who bear the greatest costs associated with identity theft, the consumer victim, are often powerless to prevent it, while those able to prevent it have either no incentive to do so or have a disincentive. Mr. Sovern argues in his article that a better solution is to create a system in which the same person would absorb both the cost of identity theft and the benefits of preventing it. This argument is framed within a traditional goal of loss allocation rules: to put the loss on the party who can avoid the loss at the least cost. "If the loss were put on the party best able to prevent the loss, that party would have an incentive to take precautions to avoid the loss," contends Mr. Sovern in his article.
The article also details the impediments created by the current approaches to identity theft. Mr. Sovern discusses the inadequacies of the Fair Credit Reporting Act (FCRA) in properly addressing identity theft. Under the FCRA, credit-reporting agencies are liable only when they fail to follow reasonable procedures to assure maximum possible accuracy. He argues that the bar here is set too low. The article considers a strict liability standard to the credit-reporting agencies for attributing the transactions of identity thieves to innocent consumers, as well as liability to creditors for reporting the transactions of imposters to the credit agencies as the transactions of others.
The Jewel of Their Souls: Preventing Identity Theft Through Loss Allocation Rules, Jeff Sovern, 64 U.Pitt.L.Rev. 343.
The new anti-spam bill passed by Congress does nothing to combat a growing breed of unsolicited e-mail from legitimate companies dubbed "white collar" spam. While legislation and criticism have focused on fraudulent and pornographic spam, major corporations are increasingly using spam for their own marketing purposes. Many of them claim they use "opt-in" marketing lists, but email addresses are so commonly bought, shared, or stolen that its often not clear whether people knowingly agreed to receive such email or not. In the meantime, not only has Congress has ignored this type of spamming, but this latest bill would invalidate stronger state laws, such as those in California, that try to protect individuals from all categories of spam.
The Senate unanimously approved an anti-spam bill that would prohibit emails that market fraudulent activites or pornography. The "Can Spam" Bill, sponsored by Sens. Conrad Burns (R-Mont.) and Ron Wyden (D-Ore.) would also lay the groundwork for an anti-spam registry similiar to the Do-Not-Call registry. Overall, however, the bill is fairly weak, and does not extend to the vast majority of spam.
The U.S. Postal Service has published a proposed rule in the federal register that would require users of discounted mail to identify themselves on the mailpiece.
Although individuals typically do not use discounted mail, it is clear from the information in the proposed rule that USPS is moving toward sender identification for all mail users:
"Requiring sender-identification for discount rate mail is an initial step on the road to intelligent mail."
Any member of the public can comment on the rule until November 20, 2003. Comments should reference "39 CFR Part 111--Sender-Identified Mail: Enhanced Requirement for Discount Rate Mailings" and be mailed to: Manager, Mailing Standards, U.S. Postal Service, 1735 N. Lynn Street, Room 3025, Arlington, VA 22209-6038.
The Supreme Court announced that it will decide a case challenging police's right to require identification from people who have not been arrested. The case, Hiibel v. Sixth Judicial District of Nevada, arose when Larry D. Hiibel was convicted and fined for refusing 11 requests for ID when a Nevada sheriff's deputy detained him. His refusal was a violation of a Nevada law that requires a citizen to identify himself after police stop him based on "reasonable suspicion" that a crime is underway. Hiibel appealed to the Supreme Court, arguing that the Nevada law is a violation of his privacy rights and conflicts with several other federal and appeals court rulings, including Terry v. Ohio (1968).
California Attorney General Bill Lockyer issued notice that state police are not allowed to monitor political, religious, social or educational meetings unless there's reason to believe a crime is planned or has happened. This is directly opposed to the Department of Justice stipulations, which since Sept. 11 have allowed FBI agents to monitor public meetings without identifying themselves. The revised rules, compiled in a 134-page handbook called "Criminal Intelligence Systems: A California Perspective," were written by Lockyer and his staff after a public outcry over increased surveillance in the state. "This re-emphasizes the balance between security and the right of privacy in California," said Special Assistant Attorney General Scott Thorpe in Sacramento.
The United States Court of Appeals for the Fifth Circuit has allowed an important case to continue that alleges that the use of credit scoring illegally discriminates based on race. The case was brought by six non-Caucasian Allstate policyholders alleging racially discriminatory pricing practices on the part of Allstate for its use of a credit scoring system. They claimed that Allstate uses this system to target non-Caucasian customers for the sale of more expensive insurance policies than those directed at Caucasian customers.
Three U.S. Senators wrote to Defense Secretary Donald Rumsfeld, seeking more information on JetBlue's breach of passenger privacy and inquiring as to whether the Pentagon's involvement violated the Privacy Act. Susan Collins (R-Maine), Joe Lieberman (D-Connecticut), Carl Levin (D-Michigan) argue that JetBlue and the Pentagon's actions go beyond the bounds of justified security provisions.
The Supreme Court announced that it will hear arguments in the Child Online Protection Act, a 1998 law enacted to protect children from material deemed inappropriate online. COPA has never taken effect because it has been tied up in legal battles since it was passed. The ACLU immediately challenged the law on first amendment grounds, and the U.S. Court of Appeals for the 3rd Circuit upheld the ACLU's claim. The case went to the Supreme Cout last year and was sent back down to the 3rd Circuit court, but the High Court decided to render a decision this year.
Snooping software, which are installed on a computer to monitor everything a user does, are becoming more and more prevalent, raising significant privacy concerns. There are more than a dozen such programs on the market, and while they serve legitimate purposes such as tracking children and employee's computer use, they are also being used secretly by criminals to obtain personal user information.
The amount to which personal data is protected varies greatly within the realm of communications industries. While laws regulating the cable industry are stringent when it comes to personal privacy, legal protections related to digital media are relatively lax. The New York Times details the inconsistent, often-confusing mix of federal and state laws that regulate personal privacy in the media and communications industries. It highlights the advent of the Digital Millenium Copyright Act and Patriot Act as making personal information more vulnerable and also adding to the complexity of laws regulating such data.
The FBI practice of requiring convicts to give blood for a criminal DNA database was ruled unconstitutional by a federal court on Thursday. A three-judge panel of the 9th Circuit U.S. Court of Appeals decided that such a practice was a violation of the Fourth Amendment guarentee against illegal searches. If it stands, the decision would also nullify numerous similar state laws but it is unclear if it would apply retroactively, or only to future cases. The Justice Department is expected to appeal.
Chairman Michael Powell testified at a Senate hearing on the "Rules and Regulations Implementing the Do-Not-Call Registry" that the Federal Communications Commission will continue to enforce the Do-Not-Call rules "to the extent legally persmissible." However, he acknowledged that the commission's power has been crimped by the Colorado District Court's order on Monday denying the FTC's request for a stay of its earlier ruling and also forbidding the FTC from enforcing the registry "indirectly" through the FCC.� Despite the uncertainty, consumers have continued to sign up for the registry � more than one million in the last month.
