Friday, December 16, 2005

wnbc.com - News - Report: Bush OK'd Top-Secret Agency To Spy On Americans Senate Judiciary Committee Chairman Arlen Specter put the Bush administration on notice Friday that his panel would hold hearings into a report that the National Security Agency eavesdropped without warrants on people inside the United States. "There is no doubt that this is inappropriate," said Specter, R-Pa., calling hearings early next year "a very, very high priority." He wasn't alone in reacting harshly to the report. Sen. John McCain, R-Ariz., said the story, first reported in Friday's New York Times, was troubling. Neither Secretary of State Condoleeza Rice nor White House press secretary Scott McClellan would confirm or deny the report which said the super-secret NSA had spied on as many as 500 people at any given time since 2002 in this country. That year, following the Sept. 11 attacks, Bush authorized the NSA to monitor the international phone calls and international e-mails of hundreds -- perhaps thousands -- of people inside the United States, the Times reported. 1:55:33 PM  PermaLink   / trackback []

Bloomberg.com: U.S. - New York City to Register, Monitor 500,000 Diabetics The program approved by the Board of Health today, the first of its kind for a patient population as large as New York's, will require laboratories to send the health department blood test results showing any abnormally high level of hemoglobin A1C, a three-month average measure of glucose indicating diabetes. The department will then notify patients and their doctors. [...] Reporting of test results -- criticized by some as an invasion of patient privacy and physicians' prerogatives -- will begin as soon as possible. Officials said that in 2007, they intend to start a pilot treatment plan in the Bronx, where telephone surveys have found at least 18 percent of adults have diabetes. [...] Those opposed to the plan, including the Association of American Physicians and Surgeons, the National Lawyers Guild and the National Libertarian Party, express concern that the registry could lead to higher insurance premiums for patients or denial of life, health or car insurance coverage. ``This tracking plan would appear to violate each citizen's right to medical informational privacy,'' those groups said in an August letter to the Health Department. [...] A laboratory that fails to report blood-sugar results to the city would be in violation of the city's health code, bringing warnings and possible fines, department counsel Wilfredo Lopez said. The Health Department already requires the reporting of individuals diagnosed with contagious diseases such as tuberculosis and Hepatitis C, and non-communicable conditions such as cancer, lead poisoning and low-birth weight. 11:04:34 AM  PermaLink   / trackback []

After a security breach. After a security breach. CIOs and network administrators offer tips about how to respond following a network security breach. [Network World on Privacy] 10:56:38 AM  PermaLink   / trackback []

Security a money-motivated concern in 2005. Security a money-motivated concern in 2005. If there was one force driving the computer security industry this year, it was money, plain and simple. Gone were the days when teenage hackers vied for bragging rights by defacing a Web site or writing an annoying worm. In 2005 a more sinister class of hacker emerged, working for money and often using quieter, more precise techniques. 2005 was also the year that the financial cost of security breaches became crystal clear, thanks to a California disclosure law that is expected to become a model for upcoming federal legislation in the United States. [Network World on Privacy] 10:55:02 AM  PermaLink   / trackback []

WCBSTV.com: NY Diabetics May Soon Get Uninvited Doc's Call New Yorkers with diabetes who aren't taking care of themselves may get an unexpected call from a doctor prodding them to pay attention. That's the result of a regulatory change announced today that will allow the city to track thousands of people with diabetes. New York is now becomes the first American city to monitor diabetes in the same way health departments commonly track people with HIV or tuberculosis. The change potentially raises some privacy concerns, by collecting information about people who have a chronic disease that isn't contagious or caused by a toxin. New York's health commissioner, Doctor Thomas Frieden, says the program's potential to save thousands of lives outweighs what it gives up in medical privacy. He says the city will take the utmost care to keep people's information protected. Most New York medical labs will be required to electronically forward the results of blood-sugar tests to the city's health department, which will then crunch the data to identify people having trouble controlling their diabetes. [...] Frieden says people skittish about their privacy will be allowed to opt out of the program. Editor: If the lab is required to forward the data, how is the patient supposed to opt-out of the program(data collection)? My guess s that you will always be added to the database, but you can opt-out of the harressing phone calls. 10:50:25 AM  PermaLink   / trackback []

Card skimmers eyed in Sam's Club data theft. Card skimmers eyed in Sam's Club data theft. A data breach involving Sam's Club may have relied on the use of illegal "card-skimming" devices to steal credit card data at the company's gas stations, and it may affect many more people than the company said it knows about. [Computerworld Privacy News] 10:39:40 AM  PermaLink   / trackback []

EU approves two-year data retention policy. EU approves two-year data retention policy. Telecommunications companies and Internet service providers face a massive increase in data storage requirements after the European Union voted to require companies to keep data for up to two years. [Computerworld Privacy News] 10:38:07 AM  PermaLink   / trackback []

Health Dept. to track those with diabetes (Purple with Rage Alert) NEW YORK (AP) - Hoping to save hundreds of lives, health officials made a regulatory change Wednesday that will allow the city to track thousands of people with diabetes and occasionally prod them to take better care of themselves. In doing so, New York will become the first American city to monitor diabetes in the same way health departments now commonly track people with HIV or tuberculosis. It will also be treading new ground, and potentially raising some privacy concerns, by collecting information about people who have a chronic disease that isn't contagious or caused by an environmental toxin. The city's health commissioner, Dr. Thomas R. Frieden, said the program's potential to save thousands of lives outweighs what it gives up in medical privacy. Under a revised city code, most medical laboratories will be required to electronically forward the results of thousands of blood-sugar tests to the city's health department, which will then identify people having trouble controlling their diabetes. 10:32:58 AM  PermaLink   / trackback []

Irish pressure group slams EU 'spy' law Irish consumer pressure group IrelandOffline, today expressed "grave concern" over the new digital tracking law introduced by the EU. Speaking about the implications from a consumer point of view, IrelandOffline spokesperson Eamonn Wallace said: "Not only have they robbed us of our online privacy rights but it transpires that service providers are going to be hit with the cost of monitoring us and naturally this cost will be passed on to consumers. We need to brace ourselves for higher communication and Internet costs". 10:30:51 AM  PermaLink   / trackback []

Washington Examiner: Red light camera suit hits snag - Lawyer: Faulty device fleeced D.C. motorists A D.C. appeals panel says it is protecting drivers' privacy by forbidding a lawyer to get their records for a class-action lawsuit, but the lawyer says the judges are protecting the city from motorists who were fleeced by a fouled-up red light camera. Arlington-based lawyer Daniel M. Wemhoff tried to file a class-action suit against D.C., alleging that as many as 20,000 motorists were victimized by a faulty red light camera at the intersection of H and North Capitol streets. FOIA request foiled When a lower court tossed the suit because Wemhoff couldn't name drivers who had been victimized, he filed a Freedom of Information Act request with the city to get names and addresses of motorists busted by the camera. But a three-judge panel of the D.C. Court of Appeals Thursday put the brakes on Wemhoff's request, ruling it would violate people's privacy. d, he filed a Freedom of Information Act request with the city to get names and addresses of motorists busted by the camera. But a three-judge panel of the D.C. Court of Appeals Thursday put the brakes on Wemhoff's request, ruling it would violate people's privacy. 10:27:28 AM  PermaLink   / trackback []

High court to hear UofL donor case FRANKFORT, Ky. -- The Kentucky Supreme Court has agreed to consider whether the University of Louisville Foundation can keep secret the names of more than 45,000 individual donors to the school. In an order this week, the high court said it will review a May decision by the Kentucky Court of Appeals that the foundation did not have to disclose contributors' names. The appellate court found their right to privacy outweighed the public's right to know the donors' names. 10:22:18 AM  PermaLink   / trackback []

Let's see some ID, please - The Practical Futurist - MSNBC.com As the joke goes, on the Internet nobody knows you're a dog. But although anonymity has been part of Internet culture since the first browser, it's also a major obstacle to making the Web a safe place to conduct business: Internet fraud and identity theft cost consumers and merchants several billion dollars last year. And many of the other more troubling aspects of the Internet, from spam emails to sexual predators, also have their roots in the ease of masking one's identity in the online world. Change, however, is on the way. Already over 20 million PCs worldwide are equipped with a tiny security chip called the Trusted Platform Module, although it is as yet rarely activated. But once merchants and other online services begin to use it, the TPM will do something never before seen on the Internet: provide virtually fool-proof verification that you are who you say you are. Some critics say that the chip will change the free-wheeling Web into a police state, while others argue that it's needed to create a safe public space. But the train has already left the station: by the end of this decade, a TPM will almost certainly be part of your desktop, laptop and even cell phone. The TPM chip was created by a coalition of over one hundred hardware and software companies, led by AMD, Hewlett-Packard, IBM, Microsoft and Sun. The chip permanently assigns a unique and permanent identifier to every computer before it leaves the factory and that identifier can't subsequently be changed. It also checks the software running on the computer to make sure it hasn't been altered to act malevolently when it connects to other machines: that it can, in short, be trusted. For now, TPM-equipped computers are primarily sold to big corporations for securing their networks, but starting next year TPMs will be installed in many consumer models as well 10:03:58 AM  PermaLink   / trackback []

No More Internet Anonymity. No More Internet Anonymity. inkhaton writes "This Article tells of an Orwellian chip that, once installed in your computer (and not by your choice), will allow any website you visit to "read" your identity. The article goes on to describe how many benefits there are for using this to facilitate online business and even suggests some negative points. It ends with "Ultimately the TPM itself isn't inherently evil or good. It will depend entirely on how it's used, and in that sphere, market and political forces will be more important than technology." ... ugh. Well we all know what that means." [Slashdot: Your Rights Online] 9:58:47 AM  PermaLink   / trackback []

It's "1984" in Europe, What About Your Country? It's "1984" in Europe, What About Your Country?  An anonymous reader asks: "A few hours ago, the European parliament accepted a proposal '...on the retention of data processed in connection with the provision of public electronic communication services...'. Summarized: any data (internet connections, traffic, email, file sharing, SMS, phone calls) of 450 million people of Europe has to be collected by telcos, to be used by governments in their fight against 'crime and terrorism' ... oh, and child porn, of course. In Germany, over-the-sea reports are limited and usually do not include the latest developments in law and order, but since Slashdot has readers all over the world, I would like to ask: how is the status of YOUR country in terms of anti-terrorism-laws, observations and such? Any recommendations where one can still live free and unobserved in a non-nanny state?" [Slashdot: Your Rights Online] 9:42:49 AM  PermaLink   / trackback []

At Stake: The Net as We Know It. At Stake: The Net as We Know It. The Internet has always been a model of freedom. Today the Web is flourishing because anyone can click to any site or download any service they want on an open network. But now the phone and cable companies that operate broadband networks have a different vision. If they get their way, today's Information Highway could be laden with tollgates, express lanes, and traffic tie-ups -- all designed to make money for the network companies. [Public Knowledge - Breaking News] 9:36:49 AM  PermaLink   / trackback []

Copyright Clampdown Coming To Europe: The EUCD Is Here - Robin Good's Latest News As a matter of fact, according to the news that started to emerge at the end of November, France may be the first European country to enact what appear to be the worst copyright law ever adopted in Europe, while facilitatin gthis process by sneaking its legislative session on the December 22 and 23 dates. Europe's equivalent to the US Digital Millennium Copyright Act (DMCA) is a controversial directive called the EUCD. Each EU state is responsible for implementing the minimum set of EUCD restrictions (which are far from minimal!) but each state can exceed the minimum, and the entertainment lobby pushes hard to see to it that they do. 9:34:28 AM  PermaLink   / trackback []

House Passes PATRIOT Conference Report, Senate Filibuster Looms. House Passes PATRIOT Conference Report, Senate Filibuster Looms. The House voted 251-174 on Wednesday to reauthorize and make permanent most of the expiring provisions of the Patriot Act. The conference report is weak on civil liberties and fails to include meaningful checks and balances that have bipartisan support. A bipartisan group of Senators has threatened to block reauthorization until the conference report is improved. The Senate is scheduled to vote on the conference report Dec. 16. There is no real likelihood that the Patriot Act will expire. The only question is whether adequate civil liberties protections will be added. [Center for Democracy and Technology] 9:29:58 AM  PermaLink   / trackback []

Privacy and Security Law Blog: Is Canada Trying to Opt Out of the Patriot Act? In response to concerns that the FBI can access sensitive Canadian data that the Canadian government provides to U.S. firms, a Canadian government proposal would allow Canadian government departments to cancel contracts with U.S. firms that give information about Canadians to the FBI. Draft guidelines say that the FBI can get access through U.S. firms or their affiliates to data located in Canada. Even if the Canadian government canceled a contract, though, that may not stop the U.S. government from obtaining the Canadian data. Such a cancellation could leave a firm with the choice of breaking U.S. or Canadian law, so unless Canadian law imposes severe penalties, a firm may decide it is less costly to comply with U.S. law. 9:28:45 AM  PermaLink   / trackback []

Evidentiary Hearing Set for North Carolina E-Voting Certification. Evidentiary Hearing Set for North Carolina E-Voting Certification. As you may know, EFF filed suit last week on behalf of voting integrity advocate Joyce McCloy, arguing that the North Carolina Board of Elections ignored its obligation to test all electronic voting system source code before certifying those systems for use in the state. Wednesday, the judge in the case asked for further briefing on the issue and additional oral argument in a hearing set for Dec. 21. At issue is North Carolina's tough election transparency law, which requires the Board of Elections to review all e-voting code "prior to certification." However, on Dec. 1, the board certified voting systems from Diebold Election Systems, Sequoia Voting Systems, and Election Systems and Software without having first obtained -- let alone reviewed -- the system code. North Carolina voters like McCloy have reason to be worried. The state suffered a serious e-voting malfunction in the 2004 presidential election, when over 4500 ballots were lost in asystem provided by UniLect Corp. Meanwhile, e-voting vendors continue to hide their proprietary systems from meaningful review. So we appreciate that the judge recognized the seriousness of the issue, and we're looking forward to the hearing Wednesday. [EFF: Deep Links] 9:26:35 AM  PermaLink   / trackback []