PogoWasRight - Fed. Govt & Privacy

Homeland Security: Privacy Officer Report

Mon, 12 May 2008 15:10:46 -0400

In support of Section 803 of the Implementing Recommendations of the 9/11 Commission Act of 2007, The Privacy Officer will submit a report covering all privacy protection activities of the Department.

Source - Quarterly Report, December 2007 - March 2008 (PDF, 5 pages - 40 KB) - contains 2nd quarter findings for 2008.

Reddit It | Digg This | Add to del.icio.us

FTC Approves New Rule Provision Under The CAN-SPAM Act

Mon, 12 May 2008 12:53:29 -0400

The Federal Trade Commission has approved four new rule provisions under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM or the Act). The provisions are intended to clarify the Act�s requirements. The provisions and the Commission�s Statement of Basis and Purpose (SBP) will be published in the Federal Register shortly.The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of �sender� was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act�s opt-out requirements; (3) a �sender� of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act�s requirement that a commercial e-mail display a �valid physical postal address�; and (4) a definition of the term �person� was added to clarify that CAN-SPAM�s obligations are not limited to natural persons.

Source - FTC

Reddit It | Digg This | Add to del.icio.us

House Intelligence Committee Rejects FISA Fix in Close Vote

Fri, 09 May 2008 06:11:05 -0400

House Democrats continued to block passage of a terrorist surveillance bill today, rejecting a measure by Rep. Heather Wilson (R-N.M.) to add the Senate-passed FISA bill to the fiscal 2009 Intelligence authorization bill. The amendment was defeated by one vote in the House Intelligence Committee, the latest proof that the Senate bill would pass the House if Speaker Nancy Pelosi allowed it to come to the House floor. Congress let emergency surveillance powers lapse more than 80 days ago.

Rep. Pete Hoekstra (R-Mich.), the committee�s top Republican, said it was irresponsible for Congress not to act on the bipartisan measure.

Source - The Heritage Foundation

Reddit It | Digg This | Add to del.icio.us

Congress, can you hear me NOW? (commentary)

Fri, 02 May 2008 14:29:28 -0400

By Dissent:

A few nights ago, I played "catch up" on breaches after the Maryland Attorney General's office started making breach notifications publicly available on the web.

It is staggering how many breaches we never learn about because there is no central registry of breaches and most states do not make their breach notices publicly available on the web. Thankfully, three states do report on notifications received, and two of them upload the reports themselves.

Since the beginning of this year, Maryland has received approximately 64 breach notifications. New Hampshire shows 43 breach reports for 2008. Of the combined pool of 74 unique breaches, 44 breaches appeared on one of the two, but not both, states' reports. Clearly we need more states uploading their reports as some breaches may be state- or region-specific.

Even more significantly, perhaps, of the 74 unique breaches, over 2/3 never appeared in the media. If we extrapolate from the first quarter data, that's another 200 breaches per year for just those two states that might never show up in the media. How many breaches would we be talking about nationwide if we could readily access all state reports or if all breaches were required to be reported to one central federal agency that would publish the reports?

Congress has been catering to business or giving in to push-back for too long. We are way overdue for a national disclosure and notification law. If Congress can require a national ID that imposes huge financial burdens on states and taxpayers, they can darn well require a national notification law, even if it costs businesses something. After all, no business has to incur costs of notification if they keep our personal information secure, right?

Reddit It | Digg This | Add to del.icio.us

Bill would penalize companies for aiding Internet censorship

Fri, 02 May 2008 06:18:22 -0400

US-based companies could be held liable for helping officials in other countries censor the Internet, if a bill proposed by House Representative Chris Smith (R-NJ) is approved. Smith recently announced his plans to push the Global Online Freedom Act (HR 275) to the House floor for voting after having lobbied human rights organization Reporters Without Borders for support. Among other things, the Global Online Freedom Act will bar US companies from disclosing personally-identifiable information about a user, except for "legitimate foreign law enforcement purposes."

Source - Ars Technica

Reddit It | Digg This | Add to del.icio.us

Federal breach notification stuck in Congress

Wed, 30 Apr 2008 07:38:45 -0400

The cornucopia of state data breach notification laws -- only eight states are without notification requirements -- makes for a confusing process.

CIOs prepping a notification in the wake of a breach of personal information must comply with the law for each state in which a customer lives. That could potentially mean following the small details in at least 43 different laws (the District of Columbia has also passed legislation).

Yet federal lawmakers have yet to pass a similar law, though not for lack of trying.

Currently, Congress has its hands on no fewer than nine different bills that would set notification procedures of some sort. Three of those are specific to federal agencies and would not affect private businesses.

But the other six would. And from a response perspective, that could be a good thing.

Source - SearchCIO-Midmarket.com

Reddit It | Digg This | Add to del.icio.us

Leahy Concerned With Proposed DNA Database Rule

Mon, 28 Apr 2008 07:35:33 -0400

Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) is urging policy makers on Capitol Hill to scrutinize a proposed Federal rule that will sanction the collection of DNA from all citizens arrested for Federal crimes. Under the proposal, the personal, genetic information of arrested or detained individuals would be included in the nation�s leading DNA database known as CODIS.

In a statement Thursday, Leahy pointed to serious civil liberties violations that could arise if the proposed rule were enacted.

Source - Senator Patrick Leahy

Reddit It | Digg This | Add to del.icio.us

Identity Theft Resource Center Applauds the DoD Military ID Change

Fri, 25 Apr 2008 19:05:28 -0400

... How can we expect a serviceman to clear up identity theft while serving in one of the remote places in the world? While running drills aboard a ballistic missile submarine or while patrolling a dark street in Baghdad? The simple answer is, they cannot. And their inability to act may result in financial ruin. How can they concentrate on their jobs, protecting themselves and their fellow servicemen, with this fear on their minds?

."These patriotic men and women have volunteered to serve our country. They have put their lives on the line to protect and defend our freedom. We owe our military members more," urged Sheila Gordon, ITRC's Director of Victim Services and a daughter of a career officer.

Source - ITRC Press Release

Reddit It | Digg This | Add to del.icio.us

FBI's Net surveillance proposal raises privacy, legal concerns

Fri, 25 Apr 2008 15:57:05 -0400

The FBI director and a Republican congressman sketched out a far-reaching plan this week for warrantless surveillance of the Internet.

During a House of Representatives Judiciary Committee hearing, the FBI's Robert Mueller and Rep. Darrell Issa of California talked about what amounts to a two-step approach. Step 1 involves asking Internet service providers to open their networks to the FBI voluntarily; step 2 would be a federal law forcing companies to do just that.

Source - C|net

Reddit It | Digg This | Add to del.icio.us

GOP wants to tack FISA bill onto war supplemental

Thu, 24 Apr 2008 17:32:00 -0400

Rep. Jerry Lewis (R-Calif.) announced Thursday that he will try to attach a measure updating the Foreign Intelligence Surveillance Act (FISA) as an amendment to the war supplemental bill.

Source - The Hill

Reddit It | Digg This | Add to del.icio.us

Republicans push for phone company immunity

Thu, 24 Apr 2008 06:25:16 -0400

Republican politicians in the U.S. House of Representatives failed last month to persuade Democratic leaders to back a spy law rewrite that would immunize telecommunications companies that cooperated with allegedly illegal government spying. Now they're trying to force the issue.

On Wednesday, a number of Republican leaders, including Lamar Smith (R-Texas), Peter Hoekstra (R-Mich.) and Peter King (R-N.Y.), began circulating what's known as a "discharge" petition, which they characterized as a "rare step."

Source - C|net

FBI, politicos renew push for ISP data retention laws

Wed, 23 Apr 2008 14:15:11 -0400

The FBI and multiple members of Congress said on Wednesday that Internet service providers must be legally required to keep records of their users' activities for later review by police.

Their suggestions for mandatory data retention revive a push for potentially sweeping federal laws--which civil libertarians oppose--that flagged last year after the resignation of Attorney General Alberto Gonzales, the idea's most prominent proponent.

FBI Director Robert Mueller told a House of Representatives committee that Internet service providers should be required to keep records of users' activities for two years.

Source - C|net

Reddit It | Digg This | Add to del.icio.us

CRS: Data Mining and Homeland Security: An Overview

Wed, 23 Apr 2008 09:38:07 -0400

Summary:

Data mining has become one of the key features of many homeland securityinitiatives. Often used as a means for detecting fraud, assessing risk, and productretailing, data mining involves the use of data analysis tools to discover previouslyunknown, valid patterns and relationships in large data sets. In the context ofhomeland security, data mining can be a potential means to identify terroristactivities, such as money transfers and communications, and to identify and trackindividual terrorists themselves, such as through travel and immigration records.

While data mining represents a significant advance in the type of analytical toolscurrently available, there are limitations to its capability. One limitation is thatalthough data mining can help reveal patterns and relationships, it does not tell theuser the value or significance of these patterns. These types of determinations mustbe made by the user. A second limitation is that while data mining can identifyconnections between behaviors and/or variables, it does not necessarily identify acausal relationship. Successful data mining still requires skilled technical andanalytical specialists who can structure the analysis and interpret the output.

Data mining is becoming increasingly common in both the private and publicsectors. Industries such as banking, insurance, medicine, and retailing commonly usedata mining to reduce costs, enhance research, and increase sales. In the publicsector, data mining applications initially were used as a means to detect fraud andwaste, but have grown to also be used for purposes such as measuring and improvingprogram performance. However, some of the homeland security data miningapplications represent a significant expansion in the quantity and scope of data to beanalyzed. Some efforts that have attracted a higher level of congressional interestinclude the Terrorism Information Awareness (TIA) project (now-discontinued) andthe Computer-Assisted Passenger Prescreening System II (CAPPS II) project (nowcanceledand replaced by Secure Flight). Other initiatives that have been the subjectof congressional interest include the Multi-State Anti-Terrorism InformationExchange (MATRIX), the Able Danger program, the Automated Targeting System(ATS), and data collection and analysis projects being conducted by the NationalSecurity Agency (NSA).

As with other aspects of data mining, while technological capabilities areimportant, there are other implementation and oversight issues that can influence thesuccess of a project�s outcome. One issue is data quality, which refers to theaccuracy and completeness of the data being analyzed. A second issue is theinteroperability of the data mining software and databases being used by differentagencies. A third issue is mission creep, or the use of data for purposes other thanfor which the data were originally collected. A fourth issue is privacy. Questionsthat may be considered include the degree to which government agencies should useand mix commercial data with government data, whether data sources are being usedfor purposes other than those for which they were originally designed, and possibleapplication of the Privacy Act to these initiatives. It is anticipated that congressionaloversight of data mining projects will grow as data mining efforts continue to evolve.This report will be updated as events warrant.

Source - CRS Report, Updated April 3, 2008 [pdf]

Reddit It | Digg This | Add to del.icio.us

US-VISIT Program: Collection of Alien Biometric Data upon Exit from the United States at Air and Sea Ports of Departure

Wed, 23 Apr 2008 08:56:06 -0400

The Department of Homeland Security has uploaded, "United States Visitor and Immigrant Status Indicator Technology (US-VISIT) Program In conjunction with the Notice of Proposed Rulemaking on the Collection of Alien Biometric Data upon Exit from the United States at Air and Sea Ports of Departure", April 22, 2008, (PDF, 26 Pages - 851 KB).

The United States Visitor and Immigrant Status Technology (US-VISIT) Program is implementing the first phase of the Exit component of its integrated, automated biometric entry-exit system that records the arrival and departure of covered aliens; conducts certain terrorist, criminal, and immigration violation checks of covered aliens; and compares biometric identifiers to those collected on previous encounters to verify identity. The US-VISIT Program has been implemented in phases with each phase adding additional capabilities, locations of implementation, or subject populations. US-VISIT is publishing this Privacy Impact Assessment (PIA) in conjunction with the Notice of Proposed Rulemaking (NPRM) on Collection of Alien Biometric Data upon Exit from the United States at Air and Sea Ports of Departure. A revised PIA will be issued in conjunction with the Final Rule on Collection of Alien Biometric Data upon Exit from the United States at Air and Sea Ports of Departure. US-VISIT does not collect any information on United States citizens.

Reddit It | Digg This | Add to del.icio.us

Anti-'Pretexting' Efforts Stall in Congress

Tue, 22 Apr 2008 13:08:23 -0400

After a flurry of legislative initiatives at the state level and policy action at the Federal Communications Commission (FCC), federal legislation to criminalize pretexting--the impersonation of a customer to gain access to his or her private records--appears to have stalled.

[...]

Congress is not likely to revisit pretexting or other types of privacy violations until after the election, said Peter Kosmala, assistant director for the International Association of Privacy Professionals (IAPP), a York, Maine-based professional group.

Agency-level action continues, however. Acting on a petition brought by EPIC, FCC ordered U.S. telecommunications service providers to strengthen security and authentication measures regarding release of personal calling data.

Source - Heartland Institute

Reddit It | Digg This | Add to del.icio.us

FISA meeting revives compromise hopes

Mon, 21 Apr 2008 16:20:25 -0400

Congressional staffers from both parties met with administration officials Monday to discuss controversial electronic surveillance legislation, confirmed an aide to House Majority Leader Steny H. Hoyer (D-Md.), offering a ray of hope for the long-stalled bill.

For the first time since February, representatives from both parties, from both sides of the Capitol and from the administration gathered to discuss the stalled bill, according to the aide.

Source - Politico

Reddit It | Digg This | Add to del.icio.us

Dianne Feinstein: Americans need notice when private data exposed (opinion)

Sun, 20 Apr 2008 07:22:28 -0400

None of us is immune to the rash of data breaches that are occurring with ever more frequency.

[...]

Congress needs to pass legislation that would require businesses and federal agencies to notify consumers promptly when their sensitive personal data is exposed. We deserve to know. That's why I introduced the Notification of Risk to Personal Data Act. The bill, first introduced five years ago, also:

Requires consumers to be given a description of the breach and a toll-free phone number to call for more information.

Requires the media to be notified if the breach involves the data of more than 5,000 people.

Requires that the company or agency that is the subject of the breach coordinate with credit- reporting agencies if more than 5,000 individuals need to be notified.

Requires the Secret Service to be notified if the database breached has information on more than 1 million people, is owned by the federal government or involves national security or law enforcement.

Perhaps most important, this legislation would ensure that federal agencies tell us when our sensitive personal information has been exposed.

Source - SacBee.com

Reddit It | Digg This | Add to del.icio.us

U.S. to Expand Collection Of Crime Suspects' DNA

Thu, 17 Apr 2008 07:29:54 -0400

The U.S. government will soon begin collecting DNA samples from all citizens arrested in connection with any federal crime and from many immigrants detained by federal authorities, adding genetic identifiers from more than 1 million individuals a year to the swiftly growing federal law enforcement DNA database.

The policy will substantially expand the current practice of routinely collecting DNA samples from only those convicted of federal crimes, and it will build on a growing policy among states to collect DNA from many people who are arrested. Thirteen states do so now and turn their data over to the federal government.

The initiative, to be published as a proposed rule in the Federal Register in coming days, reflects a congressional directive that DNA from arrestees be collected to help catch a range of domestic criminals. But it also requires, for the first time, the collection of DNA samples from people other than U.S. citizens and legal permanent residents who are detained by U.S. authorities.

Source - Washington Post

Related - Associated Press

Reddit It | Digg This | Add to del.icio.us

Democrats blast Mukasey for 9/11 call remarks

Wed, 16 Apr 2008 12:03:08 -0400

Attorney General Michael Mukasey's assertion that an unmonitored terrorist phone call before the Sept. 11 attacks showed the need for more government wiretapping authority drew a scathing retort Monday from Democrats on the House Judiciary Committee, who accused him of rewriting history and ducking questions.

... In an accompanying letter to Mukasey, they said the phone call he now appears to be describing was reviewed in 2003 by congressional intelligence committees, which found that the National Security Agency had intercepted the message but failed to relay it to other intelligence agencies.

"The failure to utilize the information in this call had nothing to do with limitations in (the Foreign Intelligence Surveillance Act), contrary to what your March 27 speech appeared to suggest," the House members said. "Instead, the problem was NSA's narrow interpretation of its authority," a policy that the agency later changed on its own.

Source - San Francisco Chronicle

Reddit It | Digg This | Add to del.icio.us

House approves bill to curb identity theft

Wed, 16 Apr 2008 11:58:45 -0400

The House has voted to approve a bill that would require the Internal Revenue Service to notify taxpayers if it suspects identity theft and strengthen efforts to fight scams. The Taxpayer Assistance and Simplification Act of 2008 also would repeal the IRS� authority to use private agencies to collect outstanding tax debts and would simplify some tax-related provisions.

The bill, introduced by Rep. Charles Rangel (D-N.Y.), chairman of the Ways and Means Committee, and Rep. John Lewis (D-Ga.), chairman of that committee�s Oversight Subcommittee, passed by a 238-179 vote April 15.

Source - FCW

Reddit It | Digg This | Add to del.icio.us

FBI: Security letter problems now fixed (updated)

Tue, 15 Apr 2008 17:22:35 -0400

The FBI is resisting legislation that would put more restrictions on domestic surveillance of Americans' private records, saying the agency already has tightened its rules to crack down on wrongful use of national security letters.

FBI general counsel Valerie E. Caproni told a House panel Tuesday that the agency has responded to abuses outlined in internal reports by tightening the requirements for issuing national security letters.

National security letters, or NSLs, are investigative tools used to compel businesses to turn over customer information without a judge's order or grand jury subpoena.

Source - USA Today

Update: Statement of Glenn A. Fine, Inspector General, U.S. Department of Justice before the House Committee on the Judiciary Subcommittee on the Constitution, Civil Rights, and Civil Liberties [pdf]

Reddit It | Digg This | Add to del.icio.us

Lawmakers Want FBI Access to Data Curbed

Tue, 15 Apr 2008 13:14:32 -0400

Bipartisan groups in Congress are pressing to place new controls on the FBI's ability to demand troves of sensitive personal information from telephone providers and credit card companies, over the opposition of agency officials who say they deserve more time to clean up past abuses.

Proposals to rein in the use of secret "national security letters" will be discussed over the next week at hearings in both chambers.

Source - Washington Post

Reddit It | Digg This | Add to del.icio.us

Senator Seeks To Amend Privacy Law

Tue, 15 Apr 2008 11:16:17 -0400

Virginia Senator Jim Webb will introduce legislation aimed at easing school officials' concerns over when it is appropriate to disclose student medical records.

His announcement comes almost a year after a disturbed gunman killed 32 students and himself at Virginia Tech. It addresses one of the key issues raised by a panel formed by Governor Tim Kaine to investigate the April 16, 2007 shootings.

Source - WCSH6

Reddit It | Digg This | Add to del.icio.us

Report on the Improper Use of an NSL to NC State University

Tue, 15 Apr 2008 00:01:15 -0400

Documents obtained by an EFF Freedom of Information Act request show that a high profile misuse of the Federal Bureau of Investigation�s National Security Letter authority went unreported to the Intelligence Oversight Board for almost two years.

The improper NSL was issued at the direction of FBI headquarters, after the FBI already had the documents in hand pursuant to an earlier subpoena. While the matter received the personal attention of FBI Director Robert S. Mueller III, as well as officials with the FBI Office of the General Counsel, and was covered in news media, it was not formally reported until a short time before Inspector General Glenn Fine�s report on the abuse of NSLs was due before Congress. While the report identified dozens of instances in which National Security Letters may have violated laws and agency regulations and were not reported, this is the first time documents have that shown top FBI executives were aware of a misuse before it was officially reported.

Source - EFF

Reddit It | Digg This | Add to del.icio.us

Agent's case might unveil privacy issues

Mon, 14 Apr 2008 11:51:35 -0400

Last week's acquittal of an immigration agent accused of improper use of a criminal database has raised concerns about privacy.

Supporters of agent Cory Voorhis believe that his actions justified the means in that he exposed an unpopular practice � plea deals for legal and illegal immigrants.

Voorhis, 39, was charged in U.S. District Court with misdemeanor counts of improperly accessing the National Crime Information Center database and turning over information to the Bob Beauprez for Governor campaign.

The information was later used in a political ad against Bill Ritter, who still won the 2006 election.

But others wonder if Voorhis' decision to turn over records to a political campaign opens the door to more breaches of personal information.

Source - Denver Post

hat-tip, Flying Hamster

Reddit It | Digg This | Add to del.icio.us

Newspaper Association: Proposed Privacy Standards Infringe On Rights

Mon, 14 Apr 2008 07:02:47 -0400

ADDING ITS VOICE TO THE debate about behavioral targeting, the Newspaper Association of America filed comments with the Federal Trade Commission on Friday arguing that its proposed privacy standards could infringe on newspapers' First Amendment rights.

"The agency has ignored significant constitutional issues raised by the proposed behavioral targeting principles," the group stated in its comments.

Source - MediaPost

Reddit It | Digg This | Add to del.icio.us