Interesting blurb, but the content comes up missing when I call the page. Only the template/shell seems to be available at the moment, sigh.

solidox writes "SecurityFocus has an article on how Alwyn Farey-Jones instructed his lawyer to issue a subpoena against ICA to get all their emails. ICA's ISP, NetGate, complied and gave them over 300 emails from ICA employees. When ICA found out about this they sued and the court ruled that this was a violation of the Computer Fraud and Abuse Act. This could be good news for those trying to fight off the RIAA subpoenas to isps to catch file-sharers."

Camera technology designed to spot potential terrorists by their facial characteristics at airports failed its first major test, a report from the airport that tested the technology shows.

Last year, two separate face-recognition systems at Boston's Logan Airport failed 96 times to detect volunteers who played potential terrorists as they passed security checkpoints during a three-month test period, the airport's analysis says. The systems correctly detected them 153 times.

[ ... ]

''But before you even get to the privacy concern, there's a fundamental question about our security,'' says Barry Steinhardt, who specializes in privacy issues at the ACLU's national office in New York. ''The thing just plain doesn't work.''

A spokesman for one of the companies whose system was tried at Logan Airport says the test was not a fair measure of the technology. Meir Kahtan of Identix of Minnetonka, Minn., says the technology is far better suited for ''one-to-one'' identification, such as comparing photos on passports or driver's licenses, than random searches of photo databases.

[ ... ]

The Logan Airport report is the latest piece of bad news for a technology that was once touted as the state-of-the-art method for picking faces out of crowds. Last month, Tampa police announced that they were shutting down face-recognition cameras because they had failed to make any matches during a two-year test period. The cameras, which were mounted in a popular tourist area, were designed to match pictures captured at random against stored photos of wanted suspects and runaway children. Virginia Beach, Va., police, who have operated a similar system for the past year, reported no matches as of July.

The Logan experiment was the largest test of facial-recognition technology made public. The technology has also been tested using smaller groups of volunteers at airports in Dallas/Fort Worth, Fresno, Calif., and Palm Beach County, Fla., with similar results.

The Transportation Security Administration, which is responsible for passenger screening, has tested other airport security technology but has not made results public. Phone calls requesting comment on the Logan Airport test were not immediately returned.

Kelly Shannon, spokeswoman for the "State Department"'s consular affairs office, said the Logan Airport results would not affect plans to use face recognition to enhance passport security. Beginning in October 2004, the United Kingdom, Japan and 25 other countries whose nationals are permitted to travel to the USA without visas are required to convert to passport photos that are compatible with face-recognition systems.

bryan writes "Only a few weeks after cameras were found to be ineffective in catching criminals in Tampa, FL, a test of a facial-recognition system in Boston's Logan airport also came up disappointing. The cameras which were given photos of employees to detect, were only successful in 153 out of 249 random tests over the past year (about 61%). The article did not say how many false positives the tests generated. The companies involved were Indentix and Visage."

OTTAWA -- New passport photo rules forbidding applicants to smile may be nothing to chuckle at.

Privacy experts say the new photos are just the first stage in a process which is paving the way for biometrics -- identifiers based on physical traits such as facial features, fingerprints, or even DNA and stored in a computer or on a chip.

The move to biometrics is aimed at speeding travellers through airports while providing heightened security and guarding against identity theft, according to the International Civil Aviation Organization, the UN body recommending the changes.

Some say the passport office is opening an expensive can of worms which could lead to a violation of privacy rights without providing better security.

"Once you introduce a technology without public debate, you have a tool that's costly and you have a tool that nobody's really been consulted on as to the benefits or lack of benefits," said Ken Rubin, an information and privacy expert in Ottawa.

Two powerful players in India's outsourcing industry are drafting a data protection law designed to quell growing privacy concerns from their offshore clients.

India's Ministry of Information Technology and the National Association of Software and Service Companies (Nasscom) in New Delhi expect the legislation to be in place early next year. It would provide legal safeguards to ensure data privacy protection in India, according to Nasscom President Kiran Karnik.

Such safeguards are required for all data leaving the European Union, which is a result of the EU Data Protection Directive and is what prompted India to act. But the regulations could prove beneficial for American companies as well.

No U.S. law currently prohibits information--such as Social Security and driver's license numbers, employment histories, and medical records--from being shipped to or accessed from other countries, says William Bierce, attorney and president of New York City-based law practice Bierce and Kenerson. However, the number of U.S. companies required to comply with industry-specific and state laws is growing. Laws such as the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act, and California's pending SB 1386 identity-protection law regulate what data companies can share. With offshore outsourcing deals, data protection provisions are usually written into service contracts.

Some CIOs worry whether a data protection law would have any teeth in India's courts. But competition for offshore business should keep the courts on the straight and narrow. "Nasscom and India understand how vital a clear policy on data protection and privacy are to the trust and confidence of foreign clients," says Bierce, adding that the rules will most likely be enforced by a special appellate court established under India's Information Technology Act of 2000.

Spammers congregate online at the Bulk Club, a site where they trade tips and support. But a glitch reveals the club's roster, potentially exposing members to more backlash from those opposed to spam.

Privacy advocates will love this. Ingram Micro, the technology products and services company, last week unveiled "Target: Surveillance," a marketing program focused on selling surveillance and network-monitoring equipment and services, with a special emphasis on vertical sectors such as education, government, military, retail, and transportation. The surveillance-market strategy is a joint effort with Cisco, Hewlett-Packard, Sony, wireless-network device maker Proxim, and network-camera maker Axis. "As demand for heightened security and surveillance solutions increases, the need for advanced products, systems, and services rises," Kevin Murai, president of Ingram Micro North America, said in a statement.

It's a startling idea: Instead of relying on regulators to protect our privacy against telemarketers, data miners and consumer companies, we should capitalize on the value of our personal information and get something in return.

That is the idea put forward by John Deighton, a Harvard Business School professor, in a recent working paper titled "Market Solutions to Privacy Problems?"

Just what would consumers get in return for their personal information? Money perhaps, or price discounts, better customer service, maybe products tailored specifically to their needs.

His point: The information that is gathered about you by stores, researchers and credit agencies belongs to those companies, not to you. They in turn resell that information to others. So if our personal information is such an asset, shouldn't we benefit from our asset as well? Why shouldn't intelligent consumers sell their identities to stores they trust? And wouldn't those trusted stores in return be motivated to use that information wisely?

"The challenge is to give people a claim on their identities while protecting them from mistreatment," Deighton said. "The solution is to create institutions that allow consumers to build and claim the value of their marketplace identities and that give producers the incentive to respect them."

We asked Deighton to elaborate on his ideas.