President Bush is stumping for many provisions of the original Patriot Act to be not only renewed before expiring at the end of 2005, but permanent fixtures in the American legislative landscape. Bush argues that these provisions have all but singlehandedly saved America from terrorism, having “closed dangerous gaps in America’s law enforcement and intelligence capabilities” (as quoted in this CNN article).

While Bush is presenting the frightening could-have-been scenarios that were thwarted by the Patriot Act’s presence, however, many civil liberties and privacy advocates continue to argue the potential and real abuses of the Patriot Act’s sweeping power. While the opposition has been hard-pressed to point to specific cases of overreaching authorities, many still argue from a fundamental and constitutional standpoint that the Act should not be renewed. Some Senators are pushing for a scaled-back version of the Patriot Act (see this Wired article). The same article quotes an ACLU senior counsel’s key point: “the lack of a documented case of abuse doesn’t mean the law doesn’t violate civil liberties.”

Read the rest of this entry »

IBM has contracted with UAE CERT Telematics, the “leading technology and research organization of the United Arab Emirates” (according to their site), to develop and deploy over 100,000 automobile-monitoring systems in the next four years. The devices, according to this article at GeekCoffee, “would be installed in cars to provide a voice warning if the driver exceeds the local speed limit for wherever he may be driving. If the voice warning is ignored, the system would use a GSM/GPRS link to beam the car’s speed, identity and location to the police so that a ticket could be issued.”

There is no announcement yet as to whether these devices will be mandatory, or who will be selected for having to install the devices in their vehicles.

Read the rest of this entry »

The Privacy Commissioner of Canada has ruled that business e-mail addresses are personal information. The ruling is intended to protect people from spam at work that is not work-related. The case itself involved a local football team sending an unsolicited email to a University of Ottawa law professor. The professor asked them to remove him from their list, and the same message appeared a few days later.

Read more here.

In today’s economic and technologically advanced culture, there are two constants: (1) the amount of personal information available on the Internet is increasing, and therefore the greater the risk of identify theft; and (2) people are depending less on cash and more on credit as a way to obtain goods and services. When you combine these two factors, the risks to each individual increases dramatically. However, a concerned individual could always obtain a copy of their credit report to investigate any anamolies. Obtaining a copy of your credit report is one of the best ways to prevent and combat identity theft. Beginning last month, legally, Americans were entitled to one free credit report per year. I encourage everyone to exercise this new right and obtain their credit report.

The following article contains more information about this new law, as well as factoids about obtaining your credit report and identity theft: “Giving credit where it is due: Check out your rating“

There was language inserted into an omnibus spending bill that would have allowed two committee chairmen to view the tax returns of any American. The language was caught and is being revised before being sent to President Bush for his approval. What is concerning here, as Republican Senator John McCain points out, is that when budgets and bills are pushed through at the end of a session, noone has a chance to read them and virtually anything can be contained in the bill.

Obviously this is a serious invasion of privacy, but it makes one ponder how much legislation there may be in these hundreds of thousands of pages of leglislation that either explicitly or implicitly violates the privacy and rights of U.S. citizens.

More information can be found on this ongoing news story at this article on CNN.com.

The Privacy Place researchers have participated in a Transnational Digital Government project, which focuses on developing a prototype system for remote border control. Recently, I read an article that says new security technologies, which call for fingerprinting, photographing and running checks on suspicious visitors, are being tested at U.S. border crossings. Digital fingerscans and photos are matched with databases to determine if visitors might be wanted for immigration problems and crimes or are on lists barring them from entering the country because of suspected terrorist ties. The information will be stored indefinitely in a national database, but Homeland Security officials promised its use would be restricted to ensure privacy. By the end of 2005, the United States Visitor and Immigrant Status Indicator Technology program, or US-VISIT, is scheduled to be used at all 165 land border crossings.

The current issue of Mental Floss (http://www.mentalfloss.com/) has an interesting story about the origin of Social Security numbers and what the different parts of the number mean.

According to Mental Floss, the first three digits are assigned based on the zip code where you applied for the number, the second two digits are group numbers and are not assigned sequentially but rather according to a rather complicated sequencing scheme which goes something like, a) odd numbers between 01 and 01 b) even numbers from 10 to 98 c) even numbers from 02 through 08, and d) odd numbers from 11 through 99. The last for digits are simple sequence numbers

The Mental Floss article has an interesting story about accidental misuses of the social security numbers in the early days of the system . . .

Read the rest of this entry »

Apparently, there is a new x-ray machine to be used in airports in England that can see through peoples’ clothes. The machine produces an anatomically correct and detailed image in black and white. Civil liberties groups have labeled the machines as unjustified and intrusive. However, 98 percent of people who participated in the prelimary random “test run” gave positive feedback.

When I began reading this article, I was appalled at the idea of having to stand in front of an x-ray machine that will render me all but naked to some given individual. However, when I read further, it seems they address many privacy concerns. A spokesperson said that the machine images are not stored, it would be operated by a same sex operator, and that the operator would never see the actual individual. This anonymity is a bit more reassuring, but I still see the possibility of privacy invasions. The question is: Is this mild form of embarassment worth the protection the machines could provide?

Read more about this article, “Airport X-ray sees through clothes.”

Dozens of voters from Florida had to speak their ballot choice aloud to the poll people. They feel like they lost their right to a secret ballot as everyone in the line could hear their choice and this violated their privacy. By 2006, all counties in the state are required to provide voting machines accessible to to the blind.

Source

Law.com posted an article, entitled “Keeping Promises: Online Privacy Policies,” that describes a settlement between the FTC and Gateway Learning, the sellers of “Hooked on Phonics.” To summarize the complaint, Gateway Learning posted in its privacy policy that it would not share customer information with outside parties. Gateway Learning, despite these promises, began renting personal information to marketers — including names, address, phone numbers, ages, and information about consumers’ children.

This practice is alarming, but it is also interesting to note that, as part of the settlement provisions, the FTC prohibits Gateway Learning from sharing any personal information collected unless they receive an “opt-in” consent from the consumer. I’ve been an emphatic advocate for the notion of “opt-in” to be not only common practice, but implemented in the form of legislation. Presently, some companies allow consumers to “opt-out” of sharing information with third parties, most don’t give you a choice at all, and rarely do they ever have an “opt-in” policy. Privacy shouldn’t be the burden of the consumer, it should be the de facto standard.

Unfortunately, most of the sites we analyzed in the healthcare domain have nearly identical policies to that of Gateway Learning. You can read more about this analysis in our paper: An Analysis of Web Site Privacy Policy Evolution in the Presence of HIPAA.