As a follow-up to my initial analyses and commentary, I did some additional analyses of ITRC's 2008 data...

Source - Chronicles of Dissent

Reddit It | Digg This | Add to del.icio.us

The oversize white envelope bore the blue logo of the Department of Homeland Security. Inside, I found 20 photocopies of the government's records on my international travels. Every overseas trip I've taken since 2001 was noted.

I had requested the files after I had heard that the government tracks "passenger activity." Starting in the mid-1990s, many airlines handed over passenger records. Since 2002, the government has mandated that the commercial airlines deliver this information routinely and electronically.

Source - Budget Travel Blog
hat-tip, Slashdot

Reddit It | Digg This | Add to del.icio.us

“You may be recorded.” Soon, a select group of New York City yellow taxicabs will be marked with decals bearing that message.

As part of a data-collection experiment, the New York City Taxi and Limousine Commission will install windshield-mounted cameras, similar to the “black boxes” in aircraft, that will record data on vehicle use, road accidents and other information in and around the city’s yellow taxicabs.

Source - NY Times
hat-tip, FourthAmendment.com

Reddit It | Digg This | Add to del.icio.us

In a rather disturbing development it is being reported in the British press that police have been given the power to hack into computers without a court warrant.

[...]

One thing I can promise you though: If Sophos encounters any malware written by the police, we won’t turn a blind eye. We will add detection for it.

And if you think about it, we don’t have any other sensible choice.

For anti-virus vendors to know which spyware Trojan horse to ignore, the British police would need to provide us with a sample of their code. For security reasons, it seems unlikely that this would happen. As a result, how will we (and other security vendors) know which code is written by the cops and which originates from traditional hackers? After all, it’s not likely to say

Copyright (c) New Scotland Yard

is it?

In order to properly protect customers, Sophos continues to protect against all the malicious code that we see. ..... And if that puts us at loggerheads with our friends in the police, so be it.

Source - Sophos

Reddit It | Digg This | Add to del.icio.us

I can report this because it happened to me and not a client. The Canada Border Services opened mail addressed to "Todgham Cherniak, Counsel, Lang Michener LLP". The Canada Border Services Agency knew the package was being sent to a lawyer at a lawyer's office and they opened it and read it. I know because the package arrived re-taped and a stamp notified me that the contents were "EXAMINES / RELEASED - CUSTOMS - TORONTO - DOUANES, EXAMINE / LIBERE". However, there is no indication of the date that this invasion of privacy occurred and there is no indication of the identy of the officer who made the decision to examine my package. There certainly was no reasonable or probably cause to examine this lawyer's mail.

Source - Trade Lawyer's Blog

hat-tip, Canadian Privacy Law Blog

Reddit It | Digg This | Add to del.icio.us

In a controversial ruling, a federal judge has dismissed a spam lawsuit filed by four Web users against social networking site Reunion.com because the users did not claim they lost money as a result of e-mails sent by the site.

"Plaintiffs cannot proceed with their claim in the absence of an allegation that each such plaintiff incurred some type of injury or damage," wrote federal district court judge Maxine Chesney.

Source - MediaPost

Reddit It | Digg This | Add to del.icio.us

As one of the most secretive presidential administrations in history gets ready to close up shop, it’s closing a few more things—records. Over the past few months, some federal agencies have issued rules that would eliminate public disclosure of information—or, in some cases, make it more difficult for requestors to get information.

[...]<[p>The Family Educational Rights and Privacy Act, the privacy law that protects information that identifies students will broaden starting Jan. 9 under a final rule of the Department of Education. According to the Student Press Law Center, the proposed rule said that records would remain confidential if a student’s identity could be determined by people outside the school: “But the final regulation says that a redacted record is confidential if a person’s identity could be determined by people in the school.”

In its rule, the agency provides the example of a high school student being suspended for bringing a gun to class. That information could not be disclosed, because someone in the school likely knew the identity of the student—thus making it almost impossible for someone outside the school to get that information. So no one in the community would ever have that information.

The new FERPA rules likely will affect access to test scores, which already are restricted when demographic characteristics might allow someone to determine a student’s identity.

Source - Columbia Journalism Review

Reddit It | Digg This | Add to del.icio.us

A defunct Islamic charity in Oregon that says it was illegally wiretapped by federal authorities can pursue its lawsuit challenging President Bush's clandestine eavesdropping program, a federal judge in San Francisco ruled Monday.

In reviving a suit filed by Al-Haramain Islamic Foundation, Chief U.S. District Judge Vaughn Walker said the group had enough publicly available evidence to show that it could reasonably believe it had been wiretapped.

Source - San Francisco Chronicle

Reddit It | Digg This | Add to del.icio.us

A federal appeals court in Oregon will hold a hearing next month on a government appeal of a 2007 judicial ruling that said the Foreign Intelligence Surveillance Act (FISA) is unconstitutional.

.... A hearing on the appeal has now been scheduled for February 5, 2009 at the Ninth Circuit Court of Appeals in Portland, Oregon.

Source - Secrecy News

Reddit It | Digg This | Add to del.icio.us

The Identity Theft Resource Center (”ITRC”) issued its end of year press release today. Not surprisingly, the number of breaches reported in 2008 was up significantly from 2007, with their counter hitting 656 U.S. breaches for the year, an increase of 47% over last year’s total of 446 breaches in their database.

[...]

Whereas ITRC’s analysis might lead to the conclusion that the financial section is the most proactive sector because they represent less than 12% of all breaches, inspection of the raw frequency data suggests a somewhat different picture: reported breaches increased over 250% from 2007 to 2008. That trend indicates that security in the financial sector is not keeping pace with previous threats and new threats to data security.

In interpreting ITRC’s data, then, and in addition to all of the cautions and qualifiers they appropriately include, we also need to keep other factors in mind, not the least of which is that when Massachusetts analyzed its breach reports for the first 10 months after its law went into effect, 75% of the reported breaches were from the financial sector, a statistic that does not seem to “fit” with what ITRC found based on published media reports or those reports available on a few states attorney general web sites.

Source - Chronicles of Dissent (commentary and analysis)

Reddit It | Digg This | Add to del.icio.us

For adults, browsing MySpace.com can be a secret window onto how teenagers sculpt their public personas. Teens, one of the most wired groups in America, use the social-networking site to create profiles where they share clips of their favorite songs, post pictures or vent about a bad day.

But MySpace, which now boasts 200 million profiles, is not all fun and games. Findings from a new pair of studies by Megan Moreno, a physician specializing in adolescent medicine, and her colleagues at Seattle Children's Hospital reveal that more than half of the 500 teen profiles they looked at during two and a half months in 2007, read more like cautionary tales, chock full of high-risk behaviors from sexual conquests to binge drinking and drug use. While the prevalence of racy MySpace pages created by teens may not be news, Moreno's studies are the first to systematically catalog the sexual and substance-abuse content of teens' profiles, and to look at the results of an online health intervention. Her results, on a small scale, support the idea that these profiles are an untapped resource for physicians and mental-health professionals. By harnessing this technology as a monitoring tool, physicians, parents and counselors may effectively tag along with teens for some of their social interactions and when appropriate, contact teens at risk.

Source - Newsweek

Reddit It | Digg This | Add to del.icio.us

The California Supreme Court could set new ground rules for the clash between privacy and security in a case from an unusual setting - Candlestick Park, where 49ers fans are subjected to pat-down searches before entering the stadium.

The court hears arguments Tuesday in an appeal by a Danville couple whose lawsuit challenging the pat-downs was tossed out on the grounds that they consented to be searched when they bought season tickets. Their lawyers say any consent was coerced and that a company could give the same rationale for conducting body searches at work or wiretapping customers' phones, as long as it announced its intentions ahead of time.

Source - San Francisco Chronicle

Reddit It | Digg This | Add to del.icio.us

THE Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant.

The move, which follows a decision by the European Union’s council of ministers in Brussels, has angered civil liberties groups and opposition MPs. They described it as a sinister extension of the surveillance state which drives “a coach and horses” through privacy laws.

Source - Times Online

hat-tip, tech.blorge

Reddit It | Digg This | Add to del.icio.us

Last July, the Washington Post reported that officers in Maryland State Police Homeland Security Division had been conducting surveillance on war protesters and death penalty opponents for over a year.

... New information suggests the Maryland State Police surveillance was even more broad than what was reported in July, including surveillance of activists involved in human rights and the establishment of bike lanes in Maryland.

Source - Examiner.com

Reddit It | Digg This | Add to del.icio.us

EDMONTON — Surveillance cameras are gradually making their way onto school buses with education and transport officials defending the equipment as a good deterrent to rowdy behaviour and bullying.

But some privacy experts say the cameras don't always discourage misbehaving and represent a possible invasion of student privacy.

Source - The Canadian Press

Reddit It | Digg This | Add to del.icio.us