Daily updates on privacy stories in the news.

January 2008 Archives

« December 2007 | Main | February 2008 »

Georgetown University Loses Personal Data of 38,000 Individuals

An external hard drive containing the Social Security numbers of 38,000 Georgetown University students, faculty, and staff was stolen from the university's Office of Student Affairs, according to The Hoya, the university's student newspaper. The hard drive contained billing information for student services, and included data on 7,700 current students -- over half the current student body -- as well as information on alumni from 1998 to 2006 and many faculty members. The hard drive, which turned up missing Jan. 3, was kept in the office of Lynn Hirschfield, senior business manager for student affairs, The Hoya said. It said the hard drive was not encrypted.

Data Thieves Hit Georgetown University Students, Faculty, Consumer Affairs, January 30, 2008.

UK Government to Force Youths to Buy National ID Card to Apply for Student Loans

Students will be "blackmailed" into holding identity cards in order to apply for student loans, the Tories have warned. According to Home Office documents leaked to the Conservative party last night, those applying for student loans will be forced to hold identity cards to get the funding from 2010. Anyone aged 16 or over will be expected to obtain a card - costing up to �100 - to open a bank account or apply for a student loan.

No student loan without ID card, says government, Guardian Unlimited, January 24, 2008.

UK Company Plans to Add High-Res Aerial Photos and Other Information to Large Database

If you were up to no good in the London open air last winter, start working up excuses: you might be on the web. This week, a company launches an online map of central London which includes aerial photography at four times the resolution of existing online maps: the equivalent of looking down from the 10th floor. The map, from 192.com, publishes aerial photography at a resolution of 4cm for London and 12.5cm for the rest of the UK. In the right conditions, images at this resolution are enough to identify individuals - a step that existing online mapping ventures such as Google Earth and Microsoft's Virtual Earth have so far been careful to avoid. The prospect is likely to alarm privacy campaigners. Dr David Wood, of the Surveillance Studies Network at Newcastle University, says he is worried by the power of such systems. "When you combine detailed mapping with demographic data, consumer data and particularly things like credit ratings, you end up with very powerful tools."

Sharper aerial pictures spark privacy fears, Guardian, January 24, 2008.

DHS's National ID Scheme Faces Opposition from Congress

A US government scheme to introduce a federal ID card for US citizens, dubbed Real ID, has run into problems in Congress. The Department of Homeland Security scheme plans to use states' driver's licence databases as the foundation of the federal identity scheme. Department of Homeland Security secretary Michael Chertoff published a Final Rule on 11 January that set out how the scheme will work and set dates for compliance. Commenting on the Final Rule, Bennie Thompson, chairman of the House of Representatives committee on homeland security, said in a letter to Chertoff, that it showed the Bush administration had failed to consider adequately the nation's security priorities.

US national ID card scheme runs into trouble, ComputerWeekly, January 23, 2008.

UK Airport Requires Iris Scans From Employees

The Department for Transport's security team, Manchester Airport and biometric identity-management consultancy Human Recognition Systems (HRS) have launched the first iris-recognition access-control system at a UK airport. The system is able to control the movement of Manchester Airport's 25,000 staff. It incorporates single-person access-control portals combined with iris-recognition cameras, controlling the access of staff to restricted zones.

Manchester Airport launches staff biometrics, ZDNet UK, January 23, 2008.

Chinese Couple Sues Train Company Over Video Surveillance

A young Chinese couple is planning to sue a train company after CCTV footage of their prolonged farewell kiss in a Shanghai station was broadcast on the internet. It is not clear how film of the embrace made its way from the subway station's closed circuit television onto YouTube, but more than 60,000 people have now watched the clip on the video sharing site. Three voices can be heard on the clip speaking in the local Shanghai dialect laughing and making lewd comments. The couple, unnamed but thought to be in their 20s, said they were furious that the video had embarrassed them and violated their privacy.

Chinese couple to sue metro over stolen kiss, Times Online, January 22, 2008.

German Data Protection Commissioner Says IP Addresses Are Personal Information

BRUSSELS, Belgium � IP addresses, string of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said Monday. Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google Inc., Yahoo Inc., Microsoft Corp. and others comply with EU privacy law. A privacy advocate at EPIC said it was "absurd" for Google to claim that stripping out the last two figures from the stored IP address made the address impossible to identify by making it one of 256 possible configurations. "It's one of the things that make computer people giggle," EPIC executive director Marc Rotenberg told The Associated Press.

EU Official: IP Is Personal, Associated Press, January 22, 2008.

UK Information Commissioner to Investigate Facebook's Privacy Practices

Facebook is to be quizzed about its data protection policies by the Information Commissioner's Office. The investigation follows a complaint by a user of the social network who was unable to fully delete their profile even after terminating their account. Currently, personal information remains on Facebook's servers even after a user deactivates an account. Facebook has said it believes its policy is in "full compliance with UK data protection law."

Facebook faces privacy questions, BBC News, January 18, 2008.

FBI Proposes Massive International Biometrics Database

Police in the U.K. are in talks with the FBI about establishing an international biometric database for tracking down the world's most wanted criminals and terrorists. The so-called "server in the sky" database would share criminals' biometric data, such as fingerprints and iris scans, internationally. The Washington Post reported last month that the FBI is spending $1 billion to develop the world's largest centralized biometrics database, a system the agency calls Next Generation Identification. The FBI suggested the database at a meeting of five countries--Australia, Canada, New Zealand, the U.K., and the U.S.--in the International Information Consortium technology group.

FBI takes biometrics database proposal to U.K., CNet News, January 16, 2008.

Study: Americans Increasingly Concerned About Online Privacy

Privacy concerns stemming from online shopping rose in 2007, a new study finds, as the loss or theft of credit card information and other personal data soared to unprecedented levels. Sixty-one percent of adult Americans said they were very or extremely concerned about the privacy of personal information when buying online, an increase from 47 percent in 2006. Before last year, that figure had largely been dropping since 2001. People who do not shop online tend to be more worried, as are newer Internet users, regardless of whether they buy things on the Internet, according to the survey from the University of Southern California's Center for the Digital Future.

Study: Online Privacy Concerns Increase, Associated Press, January 16, 2008.

Tennessee Loses Laptop With SSNs of 337,000 Voters

The theft of a laptop containing Social Security numbers of Nashville, Tenn.-area voters is expected to cost local officials about $1 million as they roll out identity-theft protection to those affected. County officials say that thieves broke into Davidson County Election Commission offices on the weekend before Christmas, smashing a window with a rock and then making off with a $3,000 router, a digital camera, and a pair of Dell Latitude laptops containing names and Social Security numbers of all 337,000 registered voters in the county. County election officials began notifying residents of the breach on Jan. 2, and the local government is offering victims one year of free identity theft protection from Debix Identity Protection Network. Debix says that 25 to 35 percent of victims of this type of breach typically request this service.

Nashville laptop theft may cost $1 million, IDG News, January 14, 2008.

Alberta, Canada Privacy Commissioner Questions Bars Scanning Customers' IDs

Alberta's privacy commissioner will rule in February whether bars in the province can continue to scan ID cards and compile personal information from customers as part of their efforts to keep out troublemakers. The commission held an inquiry into the matter in January 2007, and the ruling is just in the final stages of completion, said Wayne Wood, a spokesman for the Office of the Information and Privacy Commissioner. The ruling will set a standard for all bars and nightclubs in the province that collect personal information from their patrons, Wood told CBC News on Monday.

Alberta privacy commission to rule on bar scans, CBC News, January 14, 2008.

UK Considers Implanting Prisoners With RFID Chips

UK ministers are planning to implant "machine-readable" microchips under the skin of thousands of offenders as part of an expansion of the electronic tagging scheme that would create more space in British jails. Amid concerns about the security of existing tagging systems and prison overcrowding, the Ministry of Justice is investigating the use of satellite and radio-wave technology to monitor criminals. But, instead of being contained in bracelets worn around the ankle, the tiny chips would be surgically inserted under the skin of offenders in the community, to help enforce home curfews. The radio frequency identification (RFID) tags, as long as two grains of rice, are able to carry scanable personal information about individuals, including their identities, address and offending record.

Prisoners 'to be chipped like dogs,' The Independent (UK), January 13, 2008

New REAL ID Proposal Could Cause Massive Airport Delays in May

Come May 11 this year, Georgia and Maine residents without passports may not be allowed into federal buildings and the lines at Hartsfield-Atlanta airport could stretch to Alabama, according to federal rules designed to morph state driver's licenses in a national identification card that were released Friday. The Department of Homeland Security announced the final regulations Friday that implementing the Real ID act, legislation that requires states to standardize their driver's licenses, forces current license holders to re-apply with certified copies of birth certificates and marriage licenses, and penalizes states that don't comply by making their licenses unacceptable for federal purposes, such as entering Federal buildings. Without any hearings, the measure was slipped into a must-pass military spending bill in 2005 by Congressman James Sensenbrenner (R-WI).

New Real I.D. Rules To Shut Down Nation's Airports in May?, Wired, January 11, 2008.

Department of Homeland Security Announces National ID Plan

Department of Homeland Security Secretary Michael Chertoff today released the agency's final regulations for REAL ID, the national identification system. The proposal has drawn sharp criticism from state governments, members of Congress, civil liberties advocates and security experts. The Secretary scaled back some of the requirements, reduced the cost, and extended the deadline for state compliance. However, Secretary Chertoff also indicated that the REAL ID card would be used for a wide variety of purposes, unrelated to the law that authorized the system, including employment verification and immigration determination. He also indicated that the agency would not prevent the use of the card by private parties for non-government purposes.

Homeland Security to press ahead with Real ID, CNet News, January 11, 2008.

Justice Department: Wiretaps Are Cut Off After FBI Fails to Pay Phone Bills

Telecommunications companies have repeatedly cut off FBI access to wiretaps of alleged terrorists and criminal suspects because the bureau did not pay its phone bills, according to the results of an audit released yesterday. The report by Justice Department Inspector General Glenn A. Fine said that more than half of nearly 1,000 FBI telecommunications bills reviewed by investigators were not paid on time, including one invoice for $66,000 at an unidentified field office.

Wiretaps Are Cut Over Unpaid Bills, Washington Post, January 11, 2008.

Maryland Indicts Five, Including State Employee, on Charges Related to Fake IDs

A Maryland Motor Vehicle Administration employee assigned to the Glen Burnie office and four others were indicted yesterday on charges that they made and sold fake state driver's licenses and identification cards in exchange for money, the U.S. Attorney's Office said. Prosecutors said that from December 2005 through October last year 25 fake ID cards and licenses were made using names of other people. Smith is accused of making the cards and meeting with others at the Glen Burnie office to distribute them.

Five indicted in identity theft scheme, Baltimore Sun, January 11, 2008.

Wisconsin Improperly Discloses SSNs of 260,000 Residents

The Social Security numbers of about 260,000 Wisconsin residents who participate in the Medicaid, BadgerCare or SeniorCare programs were mistakenly disclosed on an item sent through the mail, a state official said Tuesday. The disclosure comes a little more than a year after the Social Security numbers of more than 170,000 residents were printed on state tax booklets. Rep. Marlin Schneider, D-Wisconsin Rapids, said the state is ultimately responsible for the privacy breach. "The people in the Department of Health and Family Services at the highest levels ought to be fired, " Schneider said, adding that they 're responsible for keeping the Social Security numbers of health program participants private.

Another slip-up opens 260,000 to ID theft in Wisconsin, Wisconsin State Journal, January 9, 2008.

Parents, Lawmakers Wary of Schools Using Biometrics of Students

A high-tech tool that makes lunch lines move faster is raising concerns about student privacy rights. Fingerprint scans are popping up in schools across the country, prompting one Mesa lawmaker to seek to limit their use in Arizona. In recent years, schools across the country have started using technology that allows students to pay for their lunches with the swipe of their fingerprint.

Use of biometrics in schools concerns parents, East Valley Tribune, January 8, 2007.

EPIC and Privacy International: US, UK Rank Dismally on Privacy

According to a new international privacy report, governments around the world are increasingly invading the privacy of citizens with surveillance, identification systems, and archiving of private data. Driven by concern over immigration and border control, countries have been quick to implement database, identity, and fingerprinting systems, according to the 2007 International Privacy Ranking report. The report, prepared by Privacy International and the Electronic Privacy Information Center, is based on EPIC's annual Privacy and Human Rights survey, an 1,100-page report that covers 75 countries.

Big Brother gets bigger, says global privacy study, CNet News.com, January 2, 2008.

Electronic Passport Cards Include Long-Range, Insecure Technology

The federal government will soon offer passport cards equipped with electronic data chips to U.S. citizens who travel frequently between the United States and Canada, Mexico or the Caribbean. The cards can be read wirelessly from 20 feet, offering convenience to travelers but raising security and privacy concerns about the possibility of data being intercepted. Last year, the Government Accountability Office reviewed technology similar to that used in the passport cards. The report found low read rates and said the technology should be used only to track goods, not to identify people.

Electronic Passports Raise Privacy Issues, Washington Post, January 1, 2008.