RCMP investigators testified in court Thursday how they installed hidden cameras to spy on detectives suspected of snooping into confidential databases then passing that information along to criminals.

Montreal police detective Mario Lambert is accused of unlawfully retrieving information about license plates and car ownerships in exchange for payments from criminals.

In court, RCMP investigators said they had been asked by Montreal’s Internal Affairs investigators to set up the cameras in the force’s detective headquarters, located in Anjou.

The cameras were up for about two weeks, during the time that the 20-year veteran was accused of accessing the database.

However during the precise time that Lambert is accused of dipping into the electronic files, he was not at his desk, and consequently not on camera.

Read more on CTV

The lawsuit (pdf) alleges that ID Lifeguards, Inc., and its owner, Arthur Natanyan of Burbank, California, deceived consumers into unknowingly purchasing the identity protection when they responded to a sales offer for other products or services on a third-party Web site. According to the complaint, between September 2009 and March 2010, the defendants charged $157,562 for unauthorized services on the phone bills of 5,071 Illinois consumers.

In a press release from her office, Madigan said, “The defendants in this case claim to be in the business of identity protection, but in fact they’re in the business of scamming people out of their hard-earned money.”

The Attorney General’s lawsuit alleges that ID Lifeguards, in addition to maintaining its own Web site, marketed its identity protection services on several Web sites belonging to other companies and offering products and services unrelated to identity protection, such as discount coupons and online contests. Consumers responding to offers on these third-party Web sites were automatically directed to a sign-up page owned by the defendants and prompted to provide personal information. By completing the sign-up page, consumers were unknowingly signed up for ID Lifeguards’ purported services and billed $12.95 a month for those services, with the charges appearing in the miscellaneous section on their phone bills.

Additionally, ID Lifeguards’ Web site claims the company provides consumers with free copies of their credit reports, yet none of the consumers who spoke with Madigan’s office had received copies of their reports from the defendants.

“Unfortunately, it is fairly easy for companies to add charges to your telephone bill that have nothing to do with your phone service,” Madigan said. “Consumers should be aware of this and carefully check their phone bills each month for any additional charges.”

To further reduce the risk of becoming the victim of a scam artist, Madigan advised consumers to call their local phone company and request that third-party billings be blocked from their phone bill.

In the suit, Attorney General Madigan is asking the court to prohibit the defendants from engaging in the business of offering identity protection services in Illinois. She also seeks to have the defendants pay restitution to consumers, a civil penalty of $50,000 per defendant, and additional penalties of $50,000 for each act committed with the intent to defraud.

Botswana’s popular publishing company, Macmillan Botswana, avoided being arraigned before the Lobatse High Court last week by settling out of court, after publishing without consent, the photo of a certain Botsanyang Motswere in a school textbook under a chapter on HIV and AIDS next to a caption that implied she was a patient receiving counseling.

The settlement has been cited as an indication of the refusal by some elements in the media fraternity to recognize the right of individuals to privacy in their daily and professional pursuits.

Read more in the Sunday Standard.

The Foreign Intelligence Surveillance Court has proposed new rules to comply with the provisions of the FISA Amendments Act of 2008.  The Court reviews government applications for intelligence surveillance and physical search under the Foreign Intelligence Surveillance Act (FISA).

The proposed FISA Court rules (pdf) provide new procedures by which telecommunications companies can petition the Court to modify or dismiss a court order or a directive from the Attorney General or the DNI requiring them to assist in electronic surveillance, to provide “any tangible thing,” or to adhere to a nondisclosure requirement concerning intelligence surveillance.  Meanwhile, other procedures would permit the government to petition the Court to compel cooperation by a non-compliant telecommunications provider.  A new section in the proposed FISA Court rules accordingly addresses the conduct of “adversarial proceedings,” a term that does not appear in the current rules (last modified in 2006).

[...]

The FISA Court has provided an opportunity for public comment on the new rules.  Comments are due by October 4, 2010.

Read more on Secrecy News.

Objections levied by Irish European officials have put a stop to Israel gaining recognition for its data protection and access to sensitive information.

The European Commission has announced it has halted a proposal to allow Israel access to potentially sensitive data on European Union citizens following concerns expressed by the Irish representatives.

The unexpected move saw the Commission withdraw the application to effectively recognise Israel’s data protection standards as being on a par with those enjoyed in the EU, thereby limiting the state’s access to EU citizen’s information.

[...]

The Irish objections were raised after it emerged Israeli agents had used forged Irish passports in the murder of a Hamas operative. The events eventually led to the expulsion of an Israeli Diplomat, and a breakdown in Irish/Israeli relations.

Read more on Build.ie

A constant theme of the recent press discussion of “sportsman’s privacy injunctions” has been the suggestion that judges have created a privacy law by stealth and that this raises serious questions about democratic accountability.   I have already commented on some of the issues arising from this coverage but it is worth looking at the background to the development of the modern law of privacy in order properly to evaluate the charge of “development by stealth”.   This involves considering the development of the law of confidence by the common and the approach of successive Governments towards privacy, including during the passage of the Human Rights Act.

Read more on Inform’s Blog.

Via LawandLit

Soon, Twitter will be collecting data on which Twitter users click any links in any Twitter streams. They will also be able to collect IP address info for any user (even non-Twitter users) who click on any link in any Twitter message via the Twitter Web interface. Hmm.

Specifically:

“In the coming weeks, we will be expanding the roll-out of our link wrapping service ( http://t.co ), which wraps links in Tweets with a new, simplified link. Wrapped links are displayed in a way that is easier to read, with the actual domain and part of the URL showing, so that you know what you are clicking on. When you click on a wrapped link, your request will pass through the Twitter service to check if the destination site is known to contain malware, and we then will forward you on to the destination URL. All of that should happen in an instant … Twitter will log that click …” [emphasis added]

This is a significant amount of data. I’d like to know more about how Twitter plans to protect that data, what their data retention and release policies for that specific data will be (if different from their generic privacy policies) and if they will be escrowing the link mappings with a third party for protection (as does bit.ly, for example, with Internet Archive).

All good questions.  I have e-mailed Twitter to ask them for their response to his concerns.  If I get a reply, I will publish it.

Hat-tip, Infowarrior.org

Apple moved quickly to allay potential concerns about information privacy on Wednesday when it introduced Ping, its music-focused social-networking service for the 160 million users of its iTunes service.

Speaking at an event in San Francisco, Steven P. Jobs, Apple’s chief executive, promised the company would include straightforward and simple privacy controls. Anyone will be able to follow bands, and users will be able to say whether anyone can follow them or only people they approve.

Read more in the New York Times.

President Obama’s address on the end of the combat mission in Iraq has left open the question of what will happen to the massive biometric databases on Iraqis, assembled by the United States, during the course of the conflict. In 2007, EPIC, Privacy International, and Human Rights Watch wrote to Defense Department Secretary Robert Gates to express concern about the creation of secret profiles on hundreds of thousand of Iraqis, tied to unique biometric identifiers, including digital fingerprints, photographic images, iris scans, and even DNA. Citing misuses of secret files and personal data in other conflicts, the organizations warned that the identification practices “contravene international treaties and could lead to potentially devastating consequences.” EPIC, PI, and HRW urged the Defense Department to “adopt clear guidelines that incorporate strong privacy safeguards to ensure that Iraqis are afforded basic human rights in their personal information.” For more information, see EPIC – Iraqi Biometric Identification System.

Good for EPIC for raising this issue. I hope the Defense Department responds with a statement as to what will happen to this database now.

Personal data of people, whether address, email ID or phone number, cannot be sold. But you can still buy a ‘database’ that includes two crore email IDs and 10 lakh phone numbers of IT professionals for as low as Rs 2,500.

The Reserve Bank of India and Telecom Regulatory Authority of India (TRAI) have very strict guidelines for data privacy, and to circumvent them, those who sell such data do it through an irresistible ‘buy one, get one’ offer.

They technically sell only bulk SMS software, which enables you to send as many as 10,000 SMSes in an hour. Actually, the software is free: they instead charge you for the SMSes which they send through the internet and not through mobile service providers.

Read more in the Banglore Mirror.

If I’m doing the conversion correctly, that’s 20 million email addresses and 1 million phone numbers for about $54.00. If I’m not doing it correctly, Fergie will probably let me know, bless him.