Saturday, January 7, 2006

Two Virginia Men Pardoned From Recent DNA Testing Not Available at Trials. Two Virginia Men Pardoned From Recent DNA Testing Not Available at Trials. The two exonerations came out of 31 cases that underwent DNA testing as a result of the random sample review ordered by Governor Warner in September 2004 [GT: Privacy] 5:20:44 PM  PermaLink   / trackback []

West Central Tribune - Governor is seeking privacy law changes ST. PAUL -- Two leading governor candidates are trying to outdo each other in protecting Minnesotans' privacy. On Thursday, Gov. Tim Pawlenty announced a series of actions he supports to protect privacy and prevent identity theft, including a high-technology face-recognition system for driver's licenses. His announcement followed by a day Attorney General Mike Hatch's proposal for the state to stop selling driver's license data. The issue is the second this week, after how to deal with illegal immigrants, that has surfaced as a major dispute between the two. "The crime of identity theft can be costly and traumatic," Pawlenty said. "Minnesota needs to do more to strengthen safeguards on personal information and to crack down on identity thieves." The Republican governor said one step the state can take is adding biometric facial recognition technology to Minnesota driver's licenses. The technology allows state officials to search a computer database of photographs to be confident a person applying for a driver's license is who he or she claims to be. The database would not be public information, Pawlenty said. The governor said since driver's licenses are the prime means of identification, the state needs to pay special attention to making them accurate. Democrat Hatch said he would go along with Pawlenty's idea. 5:19:14 PM  PermaLink   / trackback []

Three more U.S. states add laws on data breaches Companies struggling to keep up with a patchwork of U.S. state laws related to data privacy and information security have three more to contend with, as new security-breach notification laws went into effect in Illinois, Louisiana and New Jersey on Jan. 1. Like existing statutes in more than 20 other states, the new laws prescribe various actions that companies are required to take in the event of a security breach involving the compromise of personal data about their customers. For instance, New Jersey's Identity Theft Prevention Act requires businesses to destroy all unneeded customer data and to notify consumers when sensitive data about them has been accessed by an unauthorized person. The law also limits the use of Social Security numbers on all items that are sent via postal mail. Louisiana's Database Security Breach Notification Law requires entities that collect information on the state's residents to notify affected individuals of security breaches involving their confidential data. Government officials also need to be notified, according to the law. Illinois' Personal Information Protection Act is similar, although it doesn't require companies to inform the state government when breaches occur. 5:15:06 PM  PermaLink   / trackback []

How to triangulate location data, privacy and profit | OUT-LAW.COM Services that text details of the restaurant closest to you, based on your mobile phone location, or help you pick an exit at the next roundabout using GPS navigation in your car, raise data protection issues that have become the subject of EU guidance. This is not the European Commission telling operators what to do - it is just an opinion on compliance from the EU's Article 29 Working Party on Data Protection. Such opinions are not binding; but they are influential and the latest opinion will be of interest to anyone operating in the market for location data services. All location data relates back to an identifiable person - the person driving the car or the owner of the mobile phone. So the Working Party, which is an independent EU advisory body, is anxious to ensure that the data processing is lawful. The focus of its 11-page opinion is on commercial uses of data rather than the retention and use of location data for national security or law enforcement purposes. The current rules are set out in the Data Protection Directive of 1995 and the Directive on Privacy and Electronic Communications of 2002. These provide, generally, that location data can only be processed if the user or subscriber of a service that relies on processing the data has consented to the processing. 5:10:06 PM  PermaLink   / trackback []

WTOP: D.C. Mayor Supports Adding Surveillance Cameras Mayor Tony Williams is supporting efforts by D.C. Police to start putting surveillance cameras near crime hotspots. Police Chief Charles Ramsey has said he'd like to add cameras in such areas to help police disrupt drug activity and other crimes, but he'll have to work with the D.C. Council to address privacy concerns before cameras can be used in city neighborhoods. 5:06:29 PM  PermaLink   / trackback []

No PATRIOT Without Wiretapping Investigations! Stop Illegal Spying! No PATRIOT Without Wiretapping Investigations! The NSA has been conducting iillegal wiretaps of people within the US, and placing monitoring equipment in US telco switches. Congress needs to investigate these abuses of power and legislate against them. Make sure your representatives know that you want a full investigation before the PATRIOT debate can begin again. [EFF Action Alerts] 5:04:10 PM  PermaLink   / trackback []

EFF - Illegal NSA Wiretapping Program Involved Data-Mining. Illegal NSA Wiretapping Program Involved Data-Mining. News reports over the holidays revealed that the US National Security Agency (NSA)'s presidentially-approved domestic spying program is even broader than the White House acknowledged. First it was revealed that the Administration has been wiretapping the international phone and email communications of people inside the US without getting search warrants. Now we learn that, according to the New York Times and the Los Angeles Times, the NSA has gained access to major telecommunications switches inside the US, giving it essentially unchecked access not only to international communications but to purely domestic emails and phone calls as well. Those newspapers, and a new book by New York Times reporter James Risen, have further revealed that the NSA has been using that access--as well as access to telecommunications companies' databases--to data-mine Internet logs and phone logs for suspicious patterns, presumably to find new targets for the wiretapping program. The continuing revelations about the NSA's illegal surveillance activities make a mockery of the current debate over USA PATRIOT reform. The Administration has been vigorously arguing against adding any new checks and balances to its foreign intelligence capabilities in the new PATRIOT renewal bill, yet the White House has now admitted that it authorized the NSA to bypass the few checks and balances remaining after PATRIOT. What good is legislative reform if the Administration considers itself above the law? EFF is actively investigating all options for going to court and challenging the NSA program. However, the exact scope of the "President's Program," as it has been called, is still very unclear, and these new revelations show just how badly a Congressional inquiry is needed to get to the bottom of things. Senator Arlen Specter (R-PA) has vowed to hold hearings in the Senate Judiciary Committee, but neither the House nor Senate Intelligence Committees has announced similar plans. What is needed here is a full-court press from Congress -- it appears that the facts we've gotten so far are potentially the tip of the iceberg. Specter's hearings start this month. The debate over PATRIOT will resume, too, as the "sunsetting" provisions of the Act are now set to expire on February 3rd. Particularly in light of the NSA scandal, Congress should not even consider renewing the spying powers in the PATRIOT Act until the public hears the full story of the President's Program. Visit our Action Center and tell your Senators and Representative to support hearings on the NSA program and oppose PATRIOT renewal. [EFF: Deep Links] 4:59:43 PM  PermaLink   / trackback []

Experts question Windows win in flaw tally | CNET News.com Critics have taken aim at a study published by the U.S. Computer Emergency Readiness Team that said more vulnerabilities were found in Linux/Unix than in Windows last year. The report, Cyber Security Bulletin 2005, was released last week. It claimed that out of 5,198 reported flaws, 812 were found in Microsoft's Windows operating system, 2,328 were found in open-source Unix/Linux systems. The rest were declared to be multiple operating-system vulnerabilities. The report has attracted criticism from some in the open-source community. Linux vendor Red Hat said the vulnerabilities had been wrongly tagged, and so could not be used to compare the relative security of Windows and Linux/Unix platforms. "The study is confusing and misleading. When you look at the list, the vulnerabilities are miscategorized," Mark Cox, a consulting software engineer at Red Hat, said. "For example, Firefox is categorized as a Unix/Linux operating-system flaw, but it runs just as well on a Windows platform. Apache and PHP also run just as well on both platforms. There are methodological flaws in the statistics." In addition, Steven Christey, an editor for Common Vulnerabilities and Exposures, an organization that maintains a common vulnerability database, said that the statistics were no basis for comparison of the relative security of Windows and Linux/Unix, because they had been collected from different sources with different criteria for the collection of flaws. "In my opinion, refined vulnerability information sources (CVE, Bugtraq, etc.) are still a year or two away from being able to produce comparable statistics," Christey wrote in an open letter posted online. 4:57:15 PM  PermaLink   / trackback []