Daily updates on privacy stories in the news.

September 2007 Archives

« August 2007 | Main | October 2007 »

Senate Reviews Privacy, Competition Issues in Proposed Google-DoubleClick Merger

U.S. senators on Thursday injected themselves into a high-stakes dispute between Google and Microsoft over whether the search giant's proposed acquisition of display advertising company DoubleClick presents antitrust or privacy concerns. Much of the back and forth focused on two major issues: whether Google's acquisition of DoubleClick would diminish competition in the online ad space, potentially raising ad rates, and whether the merger would put Google in possession of massive stores of data on Internet users, thereby posing privacy concerns and stifling other ad companies' abilities to target ads as effectively.

On Capitol Hill, Google and Microsoft spar over DoubleClick, CNet News.com, September 27, 2007.

Security Expert Criticizes Chertoff's Privacy Dismissals

A keynote speaker at a conference has criticized U.S. secretary of homeland security Michael Chertoff's comments that privacy is not sacrificed by anti-terrorism security measures."Privacy is part of security," Bruce Schneier told CTV's Canada AM. "We don't give up privacy to get security. And there's a lot of talk about that after 9/11 for terrorism -- that we must give up privacy in the name of security. But we know that's ridiculous."

Chertoff's security comments face opposition, Canada AM, September 27, 2007.

Gmail Security Flaw Exposes User E-mails

Petko Petkov of "ethical hacking" group GNUCitizen has developed a proof-of-concept program to steal contacts and incoming e-mails from Google Gmail users. "This can be used to forward all your incoming e-mail," Pure Hacking security researcher Chris Gatford said. According to Gatford, attackers could compromise a Gmail account--using a cross-site scripting vulnerability--if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account's messages to a POP account.

Gmail cookie vulnerability exposes user's privacy, CNET News.com, September 27, 2007.

U.S. Sues Illinois Over State Law Banning Use of Error-Filled System

The Bush administration sued the State of Illinois yesterday, hoping to block a new state law that bars employers from using a federal employment eligibility verification system. Under the Illinois statute, the ban would remain until Washington certifies that the databases used to verify workers� eligibility are 99 percent accurate.

U.S. Sues Illinois to Let Employers Use Immigrant Databases, New York Times, September 25, 2007.

Company Seeks to Monitor Phone Calls For Advertising-Targeting

Pudding Media, a start-up based in San Jose, Calif., is introducing an Internet phone service today that will be supported by advertising related to what people are talking about in their calls. The Web-based phone service is similar to Skype�s online service � consumers plug a headset and a microphone into their computers, dial any phone number and chat away. Pudding Media offers calling without any toll charges. The trade-off is that Pudding Media is eavesdropping on phone calls in order to display ads on the screen that are related to the conversation.

Company Will Monitor Phone Calls to Tailor Ads, New York Times, September 24, 2007.

Massachusetts Considers Technology To Track Drivers' Travel

Toll booths in Massachusetts � and across the nation � could be heading the way of manual typewriters and vinyl records. Instead of fumbling for change or navigating through special lanes in transponder-equipped cars, drivers may soon have to do little more than cruise on and off highways passing under a metal beam spanning the entire width of the road. At the end of the month they�d receive a bill, much like any other utility bill. Except this bill would log each time they entered or exited a highway system, how far they traveled and how much they owed.

�Open road tolling� could spell end to toll booths, Associated Press, September 22, 2007.

Records Reveal U.S. Government Tracks Travelers' Reading Material

The U.S. government is collecting electronic records on the travel habits of millions of Americans who fly, drive or take cruises abroad, retaining data on the persons with whom they travel or plan to stay, the personal items they carry during their journeys, and even the books that travelers have carried, according to documents obtained by a group of civil liberties advocates and statements by government officials.

Collecting of Details on Travelers Documented, Washington Post, September 22, 2007.

Canadian Homeless Shelter Considers ID Cards for Clients

Fingerprint scans and ID cards may be required for clients wanting to enter Calgary's largest homeless shelter. The Calgary Drop-In Centre is pricing out new security measures that could include biometric technology, such as fingerprints, a spokeswoman said Thursday.

Homeless shelter considers ID cards and fingerprint scans, CanWest News Service, September 22, 2007.

TJX Offers Deal In Security Breach Case

TJX Cos. said that it reached a tentative settlement with customers who were victims of the largest security breach of personal data ever reported and that it would provide store vouchers to some people whose data were compromised and a three-day sale for all customers. The deal in the class-action lawsuit, disclosed by TJX of Framingham late yesterday, still requires court approval and would not resolve claims TJX faces from banks that had to reissue many credit and debit cards compromised in the breach.

TJX offers deal to end data breach suit, Boston Globe, September 22, 2007.

Connecticut News Editor Demands Names of New Haven ID Card Applicants

The managing editor of the Journal Inquirer newspaper in Connecticut is asking the state Freedom of Information Commission to order New Haven officials to disclose the names of applicants for controversial municipal identification cards. The ID cards are believed to be the first in the country specifically designed to bring illegal immigrants out of the shadows and give them access to community services. But they are available to all city residents.

Journal Inquirer seeks names of New Haven ID card applicants, Newsday, September 21, 2007.

France Plans to Screen Visa-Seekers' DNA

The French National Assembly on Thursday approved a controversial proposal authorizing the use of DNA testing to determine whether foreigners applying for visas are actually related to family members they seek to join in France. The plan, part of President Nicolas Sarkozy's efforts to make it tougher for foreigners from Middle Eastern and African countries to immigrate to France, prompted outrage from human rights groups, opposition politicians and some members of the president's cabinet.

French Plan to Screen DNA of Visa-Seekers Draws Anger, Washington Post, September 21, 2007.

Federal Agent Charged With Using Federal Database to Track Girlfriend

A special agent with the Department of Commerce has been charged with unlawfully accessing a database within the Department of Homeland Security to stalk his former girlfriend and her family. Benjamin Robinson, 40, of Oakland, Calif., was indicted by a federal grand jury in San Jose Wednesday in connection with allegations that he accessed a government database known as the Treasury Enforcement Communications System (TECS) at least 163 times to track a woman's travel patterns. He is being charged with making a false statement to a government agency, and unlawfully obtaining information from a protected computer.

Federal Agent Indicted For Using Homeland Security Database To Stalk Girlfriend, InformationWeek, September 20, 2007.

Increasing Criticism of RFID Technology Use

Privacy concerns over RFID tagging are reaching new heights, with state legislators introducing and increasingly passing new measures to restrict their use, while employers face a barrage of concern from workers over RFID-embedded identity badges. Those worries were aired by speakers and attendees at RFID World: Boston today, even as some RFID technology defenders worried that they haven't done enough to promote the value of RFID in tracking tainted foods or counterfeit drugs and of reducing the cost of tracking inventory. Fifty bills involving limits on RFID were introduced in 19 states in 2007, and three of them became law, the largest number of the past four years.

Privacy a hot topic as RFID tagging grows in use, Computerworld, September 20, 2007.

'Fusion Centers' Raise Significant Privacy Questions

Privacy concerns persist with state-run "fusion centers" designed to help law enforcers investigate suspected terrorist plots, nongovernmental policy watchers told a Homeland Security Department panel on Wednesday. More than 40 state, local and regional centers have been established in recent years, and several bills now pending before Congress have elements that address the centers. Fusion centers are financed by the states and the Homeland Security Department, and there is no uniform structure. A July report from the Congressional Research Service found that the high-tech intelligence operations "have increasingly gravitated toward an all-crimes and even broader all-hazards approach."

Privacy advocates wary of data 'fusion centers', National Journal's Technology Daily, September 20, 2007.

U.S. Government Screeners Watch Reading Habits of Travelers

International travelers concerned about being labeled a terrorist or drug runner by secret Homeland Security algorithms may want to be careful what books they read on the plane. Privacy advocates obtained database records showing that the government routinely records the race of people pulled aside for extra screening as they enter the country, along with cursory answers given to U.S. border inspectors about their purpose in traveling. In one case, the records note Electronic Frontier Foundation co-founder John Gilmore's choice of reading material, and worry over the number of small flashlights he'd packed for the trip. The breadth of the information obtained by the Gilmore-funded Identity Project (using a Privacy Act request) shows the government's screening program at the border is actually a "surveillance dragnet," according to the group's spokesman Bill Scannell.

U.S. Airport Screeners Are Watching What You Read, Wired News, September 20, 2007.

NSA's Warrantless Wiretap Program Not Used for Months

The National Security Agency has not conducted wiretapping without warrants on the telephones of any Americans since at least February, the nation�s top intelligence officer told Congress on Tuesday. Mike McConnell, the director of national intelligence, told the House Judiciary Committee that since he took office that month, the government has conducted electronic surveillance only after seeking court-approved warrants.

Warrantless Wiretaps Not Used, Official Says, New York Times, September 19, 2007.

EPIC, CDD, U.S. PIRG Urge More Scrutiny Into Proposed Google-DoubleClick Merger

The U.S. government still needs to block or impose conditions on Google Inc.'s acquisition of online advertising server DoubleClick Inc., despite Google's call for global privacy standards, three privacy groups said today. Google last Friday called for a global privacy standard, and the company referred to a framework designed by Asia-Pacific Economic Cooperation (APEC). But the APEC standard is "weak," Melissa Ngo, director of the Identification and Surveillance Project at the Electronic Privacy Information Center (EPIC), said during a press conference today. The APEC standard "puts the burden on consumers to prove they are being harmed," she said.

Privacy groups: Google's call for standard not enough, Computerworld, September 17, 2007.

Google Proposes Weak Global Privacy Standard

While Google is leading a charge to create a global privacy standard for how companies protect consumer data, the search giant is recommending that remedies focus on whether a person was actually harmed by having the information exposed. However, a privacy advocate dismissed the move as a desperate attempt by Google to appear to be sensitive to privacy issues in the midst of government scrutiny of its proposed $3.1 billion acquisition of online ad firm DoubleClick. Marc Rotenberg, executive director of the Electronic Privacy Information Center, called the APEC Privacy Framework "backward looking" and said it "is the weakest international framework for privacy protection, far below what the Europeans require or what is allowed for transatlantic transfers between Europe and the U.S.," particularly because it focuses on the need to show harm to the consumer.

Google proposes global privacy standard, CNet News.com, September 13, 2007.

Canada Opens Internet Service Provider Talks to Privacy Groups

The Canadian government revealed late Wednesday it will open up previously closed-door consultations it has been holding on plans to force Internet service providers to turn customers' personal information over to police without a court order. The decision was made as privacy and civil liberties organizations voiced concerns Wednesday they were being deliberately excluded from providing input into the contentious proposal, which they have criticized for several years over concerns it would jeopardize privacy rights and could lay the groundwork for giving police power to eavesdrop on wireless and Internet communications.

Civil liberties groups fear erosion of privacy rights, CanWest News Service, September 12, 2007

Ohio Security Breach Encompassed More Than 1.3 Million

Nearly 67,000 additional names and Social Security numbers were on a sensitive computer backup tape stolen out of a state intern's car in June, bringing the total number of companies, government agencies and people affected by the theft to 1.33 million, according to a report released Monday. The latest information, previously unreported by the state in its own review, showed the tape contained information on 47,245 additional taxpayers and 19,388 more former state employees, according to the report prepared by Columbus-based Interhack Corp. It also contained banking information of 100 extra businesses and the federal employee ID numbers of 40,088 additional businesses.

Breach in privacy ends up even bigger, Associated Press, September 11, 2007.

Wall Street Tied Into Chinese Surveillance Systems

Wall Street analysts now follow the growth of companies that install surveillance systems providing Chinese police stations with 24-hour video feeds from nearby Internet cafes. Hedge fund money from the United States has paid for the development of not just better video cameras, but face-recognition software and even newer behavior-recognition software designed to spot the beginnings of a street protest and notify police. Now, the ties between China�s surveillance sector and American capital markets are starting to draw Washington�s attention.

An Opportunity for Wall St. in China�s Surveillance Boom, New York Times, September 11, 2007.

FBI Records Show Agency Broadly Used NSL Power

The F.B.I. cast a much wider net in its terrorism investigations than it has previously acknowledged by relying on telecommunications companies to analyze phone-call patterns of the associates of Americans who had come under suspicion, according to newly obtained bureau records.The documents indicate that the Federal Bureau of Investigation used secret demands for records to obtain data not only on individuals it saw as targets but also details on their �community of interest� � the network of people that the target was in contact with. The bureau stopped the practice early this year in part because of broader questions raised about its aggressive use of the records demands, which are known as national security letters, officials said.

F.B.I. Data Mining Reached Beyond Initial Targets, New York Times, September 9, 2007.

Groups Criticize DHS Use of 'Long-Range' RFID in ID Documents

A U.S. government plan to use long-range RFID technology as part of a border-crossing security initiative is coming under intensified fire by an industry group. Beginning Jan. 31, 2008, a valid driver's license won't be enough for travelers to pass between the United States and Canada, Mexico, the Caribbean and Bermuda, under new Department of Homeland Security (DHS) rules. A standard government passport will be required, or a birth certificate with driver's license. But as an alternative, DHS is moving forward with a pilot program that has states adding long-range RFID technology to driver's licenses. "Long-range RFID is meant for tracking packages in a warehouse," says Randy Vanderhoof, executive director of the Smart Card Alliance.

Plan to Use RFID in U.S. Border Control Draws Fire, Network World, September 8, 2007.

European Court of Human Rights to Decide Whether Police Can Keep DNA of Innocent People

Police could lose the power to keep DNA samples taken from suspects who have been cleared of any wrongdoing, in a landmark case which is to be decided by the highest court in Europe. A ruling against the British Government could lead to the destruction of tens of thousands of DNA and fingerprint materials as well as deal a severe blow to any plans to create a universal genetic database. The challenge at the European Court of Human Rights is being brought by a teenager, known as S, who was arrested and charged with attempted robbery aged 11 in 2001, and Michael Marper, from Sheffield, who was arrested on harassment charges, aged 38, in the same year. Both were cleared and have no criminal records.

Europe to rule on whether police can keep DNA of innocent people, Independent, September 8, 2007.

Georgia Photo Voter ID Law Upheld

Georgia's much-debated photo voter ID law survived a major court challenge Thursday when a federal judge found it did not impose a significant burden on the right to vote. The ruling upholds Georgia's law, said to be one of the most restrictive in the country, and clears the way for it to be enforced in the upcoming local elections on Sept. 18. Early voting begins Monday.

STATE LAW UPHELD: Bring photo ID for voting, Atlanta Journal-Constitution, September 7, 2007.

Federal Court Invalidates National Security Letter Provision of PATRIOT Act

A federal judge struck down controversial portions of the USA Patriot Act in a ruling that declared them unconstitutional yesterday, ordering the FBI to stop its wide use of a warrantless tactic for obtaining e-mail and telephone data from private companies for counterterrorism investigations. The ruling by U.S. District Judge Victor Marrero in New York said the FBI's use of secret "national security letters" to demand such data violates the First Amendment and constitutional provisions on the separation of powers, because the FBI can impose indefinite gag orders on the companies and the courts have little opportunity to review the letters.

Judge Invalidates Patriot Act Provisions, Washington Post, September 7, 2007.

DOJ IG Report: Terrorist Screening Database Filled With Errors

The government's master watch list of known or suspected terrorists continues to be marred by errors and inconsistencies that can obstruct the capture of terrorists or cause innocent people to be detained by U.S. authorities, the Justice Department's inspector general said yesterday. As one of the most powerful intelligence tools created by the Bush administration after the 2001 attacks, the watch list is used to screen about 270 million people a month and its content can determine whether people are allowed to fly on airplanes or detained after routine traffic stops. But Inspector General Glenn A. Fine said its management by the Terrorist Screening Center (TSC) "continues to have significant weaknesses," producing a high error rate and a slow response to complaints from citizens.

Terrorism Watch List Is Faulted For Errors, Washington Post, September 7, 2007.

Lawmakers Question Legality of Administration's Satellite Plan

Senior House Democrats called on the Bush administration yesterday to delay a planned Oct. 1 expansion of the use of powerful satellite and aircraft spy technology by local and federal law enforcement agencies, challenging the plan's legality and charging that the administration is failing to safeguard the privacy of Americans. House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) and two Democratic subcommittee chairmen jointly asked the Department of Homeland Security to provide the legal framework for the domestic use of classified and military spy satellites, and to allow Congress to review privacy and civil liberties protections.

Lawmakers Challenge Plan to Expand Spying, Washington Post, September 7, 2007.

EPIC v. DOJ: Federal Court Rejects Secrecy Claims in FOIA Case

A U.S. judge scolded the Bush administration yesterday for responding with sometimes blanket secrecy to a request for documents on its warrantless-wiretapping program. U.S. District Judge Henry H. Kennedy Jr. said that the government's reasoning is not good enough. "While the court is certainly sensitive to the government's need to protect classified information and its deliberative processes, essentially declaring 'because we say so' is an inadequate" defense, Kennedy wrote in EPIC v. Department of Justice.

Federal judge faults Bush administration for excessive secrecy, Associated Press, September 6, 2007.

Homeland Security Scraps Another Data-Mining Program

The Homeland Security Department scrapped an ambitious anti-terrorism data-mining tool after investigators found it was tested with information about real people without required privacy safeguards. The department has spent $42 million since 2003 developing the software tool known as ADVISE, the Analysis, Dissemination, Visualization, Insight and Semantic Enhancement program, at the Lawrence Livermore and Pacific Northwest national laboratories. It was intended for wide use by DHS components, including immigration, customs, border protection, biological defense and its intelligence office.

DHS Ends Criticized Data-Mining Program, Associated Press, September 5, 2007.

California Bans Forced RFID Implantation

California's state Senate curbs a high-tech societal dilemma by making it illegal for employers to require ID chips implanted in their employees. Radio Frequency ID chip-maker VeriChip's slogan is "RFID for people." The company grabbed headlines in October 2004 when it gained FDA approval for its subdermal RFID implant. The chip measured 12 mm by 2.1 mm and allowed implantees to be identified and tracked broadcast radio identification.

California Blocks Mandatory ID Implants in Employees, Daily Tech, September 3, 2007.

New Licenses, ID Cards At Risk of Security Breaches

Despite an $11 billion price tag and the availability of new security technologies, the millions of new driver�s licenses that states will need to produce to comply with the Real ID Act may still be vulnerable to counterfeiting and tampering, industry experts say. Recent emphasis in the government identification card field has been on high-tech security features, such as encryption of data on the microchip embedded in the cards. But the Real ID Act cards that now exist may present greater low-tech risks.

A layered approach, Washington Technology, September 3, 2007.

Privacy Commissioner Warns of Privacy Threat From RFID Use

RFID technology could become a major privacy threat, warns Privacy Commissioner Marie Shroff. In a keynote address to last week�s Privacy Awareness Week opening forum, she said although RFID might not present a clear and immediate threat to personal privacy, the potential range of applications left room for concern, as well as doubt about future uses. The devices were promiscuous in that they could talk to any compatible reader, as well as being stealthy and remotely readable.

�Promiscuous� RFID a data threat, warns privacy watchdog, Computerworld, September 3, 2007.

E-ZPass Records Used to Track Individuals

A woman accused of killing her husband was convicted after New Jersey prosecutors reconstructed her movements. Investigators pieced together the driving route of a missing Baltimore federal prosecutor who later turned up dead. Prosecutors in a New York City murder trial discredited a suspect's alibi. A key factor in these and other cases: E-ZPass, the electronic toll payment system that records when and where the vehicles in question traveled.

E-ZPass records make way into criminal and civil trials, Boston Globe, September 2, 2007.

Federal Government Restricts Volunteers From Helping During Disasters

In an effort to provide better control and coordination, the federal government is launching an ambitious ID program for rescue workers to keep everyday people from swarming to a disaster scene. A prototype of the new first responder identification card is already being issued to fire and police personnel in the Washington, D.C., area. Proponents say the system will get professionals on scene quicker and keep untrained volunteers from making tough work more difficult. But they also know it is a touchy subject, particularly for those devoted to helping in moments of crisis.

Feds to Restrict Volunteers at Disasters, Associated Press, September 2, 2007.