EPIC DIGEST 01.09.02

 
--------------------------------------------------------------- 
EPIC DIGEST AT PRIVACY.ORG

EPIC-DIGEST is a weekly update of news, information, and action items 
posted 
on privacy.org.

December 18, 2001-January 9, 2002

TOC------------------------------------------------------------

NEWS
Firm Develops Subdermal Info Chip 
Fortune: MS Passport Worst Product of the Year 
“Unprecedented” Hole in XP Discovered 
Qwest Angers Customers With CPNI Sharing Notice 
De facto National ID Program Underway? 
Toys R Us Settles NJ Privacy Case 
Court Rules that FBI Can Use Keylogger without Wiretap Order 
NY Bill Enhances Online Privacy 
Pretexting Led Killer to Amy Boyer 
ACLU Report Finds Florida’s Facial Recognition Foray a Failure 
Internet Ad Profiling Doesn't Pay 
School Children's Privacy Enhanced With New Law

ACTION 
Opt-Out of CPNI Sharing

NEWS-----------------------------------------------------------

Firm Develops Subdermal Info Chip 

A Florida company has developed an information storage device that can 
be implanted under a person’s skin. 

Next: An ID Chip Planted in Your Body?, Washington Post, December 19, 
2001.
http://www.washingtonpost.com/wp-dyn/articles/A62663-2001Dec18.html

A Chip ID That's Only Skin-Deep, Los Angeles Times, December 19, 2001.
http://www.latimes.com/technology/la-
000100545dec19.story?coll=la%2Dheadlines%2Dtechnology
---------------------------------------------------------------
 
Fortune: MS Passport Worst Product of the Year 

Microsoft Passport has been rated as one of the worst products of the 
year by Fortune Magazine.

Worst Products of the Year, Fortune Magazine, December 24, 2001.
http://www.fortune.com/indexw.jhtml?channel=artcol.jhtml&doc_id=205607

EPIC Sign Out of Passport Page.
http://www.epic.org/privacy/consumer/microsoft/ 
---------------------------------------------------------------

 “Unprecedented” Hole in XP Discovered 

A serious vulnerability has been discovered in Microsoft’s Windows XP 
operating system. The vulnerability allows remote control of a computer 
through the XP universal plug and play system.

Security Flaw Compromises Windows XP, Washington Post, December 21, 
2001.
http://www.washingtonpost.com/wp-dyn/articles/A10033-2001Dec20.html
---------------------------------------------------------------

Qwest Angers Customers With CPNI Sharing Notice 

Qwest, a telecommunications company, has sent a notice to customers 
describing information collection and sharing that the company will 
engage in unless the customer opts-out. Qwest’s notice describes 
policies regarding the sharing of Customer Proprietary Network 
Information (CPNI). This includes customers’ subscription plans, and a 
list of telephone numbers called by the customer. In November 2001, 
EPIC filed comments with the Federal Communications Commission urging 
the agency to create opt-in protections for customers’ CPNI.

EPIC Comments to FCC on CPNI.
http://www.epic.org/privacy/cpni/CPNI_Reply_Comments.html

Qwest Plan Stirs Protest Over Privacy, New York Times, January 1, 2002 
(registration required).
http://www.nytimes.com/2002/01/01/technology/01QWES.html
---------------------------------------------------------------
 
De facto National ID Program Underway? 

Two recent stories highlight the attempt to transform the state drivers 
license into a de facto national ID card by requiring the driver's 
biometric data to be electronically stored on the license and creating 
a national standard for machines to be able to read that data on the 
license. The risk is that a well-defined form of identification, used 
for a particular public safety function, will be transformed into a 
general purpose ID that could be used routinely for policing and 
surveillance.

New Drivers' Licenses Study Underway Associated Press, January 8, 2002 
(registration required).
http://www.nytimes.com/aponline/technology/AP-Identity-Cards.html

Upgraded Driver's Licenses Are Urged as National ID's, New York Times, 
January 8, 2002 (registration required).
http://www.nytimes.com/2002/01/08/national/08LICE.html 

EPIC's ID Card Resource Page.
http://www.epic.org/privacy/id_cards/ 

CPSR's ID Card FAQ  
http://www.cpsr.org/program/natlID/natlIDfaq.html 
---------------------------------------------------------------

Toys R Us Settles NJ Privacy Case 

Toys R Us, a toy company, has agreed to change its privacy policy and 
pay $50,000 as a result of a New Jersey inquiry into the company’s 
information collection and sharing practices.

N.J., Toys 'R' Us reportedly reach deal on Internet privacy policies, 
Siliconvalley.com (Hackensack Record), January 2, 2002.
http://www.siliconvalley.com/docs/news/tech/067884.htm
---------------------------------------------------------------
 
Court Rules that FBI Can Use Keylogger without Wiretap Order 

A federal court ruled last month that the FBI did not need a special 
wiretap order to place a keystroke logging device on a suspect’s 
computer. Also, the judge allowed the FBI to keep details of the device 
secret, citing national security concerns. The defendant in the case, 
Nicodemo Scarfo Jr., used encryption to protect a file on his computer. 
The FBI used the keystroke logging device to capture Scarfo’s password 
and gain access to the file.

FBI May Use Keystroke-Recording Device Without Wiretap Order, New 
Jersey Law Journal, January 3, 2002.
http://www.law.com/cgi-
bin/gx.cgi/AppLogic+FTContentServer?pagename=law/View&c=Article&cid=ZZZD
RC3TZVC&live=true&cst=1&pc=0&pa=0&s=News&ExpIgnore=true&showsummary=0
--------------------------------------------------------------- 

NY Bill Enhances Online Privacy 

New York’s Internet Privacy Policy Act will require state agencies to 
develop online privacy policies. The bill also prevents the collection 
of personal data from individuals without opt-in consent and grants 
individuals access their personal information collected from state web 
sites.

New York Strengthens Internet Privacy, Newsbytes, January 2, 2002.
http://www.newsbytes.com/news/02/173331.html 
---------------------------------------------------------------

Pretexting Led Killer to Amy Boyer 

Court documents in a lawsuit filed against an online information 
brokerage company have revealed that the practice of pretexting led a 
killer to Amy Boyer. The information brokerage company used by the 
killer, Docusearch, hired another person to obtain Amy Boyer’s personal 
information through pretexting. 

A Deadly Collection of Information, Washington Post, January 4, 2002.
http://www.washingtonpost.com/wp-dyn/articles/A59329-2002Jan3.html
---------------------------------------------------------------
 
ACLU Report Finds Florida’s Facial Recognition Foray a Failure 

A report published by the ACLU has found that Florida’s experimentation 
with facial recognition technology to be a failure. The ACLU found that 
the system never correctly identified a suspect, that officials 
suspended the system on August 11, 2001, that many false positives were 
made by the system, and that the suspect database contained the names 
of persons who were sought for police intelligence rather than for 
committing a crime.

Drawing a Blank: Tampa Police Records Reveal Poor Performance of Face-
Recognition Technology, ACLU Press Release, January 3, 2002.
http://www.aclu.org/news/2001/n010302a.html

Drawing a Blank, ACLU Report on Facial Recognition Technology, January 
3, 2002.
http://www.aclu.org/issues/privacy/drawing_blank.pdf

EPIC Face Recognition Web Page.
http://www.epic.org/privacy/facerecognition/
---------------------------------------------------------------
 
Internet Ad Profiling Doesn't Pay 

Online advertising company DoubleClick has got out of its Internet ad 
profiling service proving consumer tracking doesn't pay. Active 
consumer privacy protection efforts and the lack of significant returns 
from tracking users prompted the change in the company's strategy. 

DoubleClick turns away from ad profiles  CNET News, January 8, 2002
http://news.cnet.com/news/0-1005-200-8407125.html?tag=mn_hd 

EPIC's Archived Resource Page on DoubleClick
http://www.epic.org/privacy/doubletrouble/default.html 
---------------------------------------------------------------

School Children's Privacy Enhanced With New Law 

President Bush today signed into law a massive education reform bill 
that aims to strengthen children's Internet privacy rights in public 
schools, and makes more than $7 billion in school technology grants. 
The privacy language would put a damper on a growing practice among 
companies that offer IT equipment and Internet access in public schools 
in exchange for the ability to monitor online usage and solicit 
information about surfing and buying habits. Some of the information 
that companies compile, such as the American Student List, includes 
religious affiliation, as well as surfing and spending habits for 
children as young as two years old. The education package, however, 
puts the burden on the parents to notify schools if they do not want 
information on their children collected rather than an 'opt-in' regime 
where the company has to get the parent's consent to collect the 
information.

Bush OK's Education Act With Privacy Clause, Tech Grants, Newsbytes, 
January 9, 2002.
http://www.newsbytes.com/news/02/173469.html

ACTION---------------------------------------------------------

Opt-Out of CPNI Sharing

Qwest, a telecommunications provider, plans to share its subscribers’ 
CPNI unless individuals opt-out of the information-sharing program.  
CPNI includes a subscriber’s name, address, services purchased, and 
records of calls made and received.  Qwest customers should opt-out of 
this information sharing and tell Qwest to adopt privacy-protective 
policies, such as an opt-in approach to CPNI sharing.  

Individuals can also send comments to the Federal Communications 
Commission urging the agency to maintain opt-in protections for CPNI.

The Fourteen States Affected by Qwest’s CPNI Decision.
http://www.qwest.com/about/policy/localService/

EPIC Letter to Qwest President on CPNI sharing.
http://www.epic.org/privacy/cpni/qwest_let_jan2002.html

EPIC Comments to FCC on CPNI.
http://www.epic.org/privacy/cpni/CPNI_CMN.pdf

fccinfo@fcc.gov, an e-mail address for sending comments to the FCC.
mailto:fccinfo@fcc.gov
---------------------------------------------------------------

How to unsubscribe from EPIC-DIGEST:

You can leave the EPIC-DIGEST by entering the subscription e-mail 
address at 
http://www.privacy.org/digest.php and 
selecting "unsubscribe." There is also an administrative page for 
changes to 
your subscription at 
https://mailman.epic.org/cgi-bin/control/epic_digest Or, you can send a 
blank e-mail message to epic_digest-
request@mailman.epic.org from the subscribed address with the following 
text 
in the subject line: unsubscribe

If you experience difficulty with subscription issues, send a message 
to 
digest-editor@privacy.org.
---------------------------------------------------------------

Privacy.org is a joint project of the Electronic Privacy Information 
Center 
(http://www.epic.org) and Privacy International 
(http://www.privacyinternational.org). For more information, e-mail 
Chris 
Hoofnagle at digest-editor@privacy.org. 
---------------------------------------------------------------

EPIC-DIGEST Privacy Policy: http://www.privacy.org/privacy.php 
--------------------------------------------------------------- 
END EPIC-DIGEST