Wednesday, October 11, 2006

The Ithaca Journal - Enhanced federal IDs could spark biometrics boom The technology has been the stuff of movies for years: A secret agent runs his fingertip and an encrypted ID card over a pair of sensors. There's a match, and the door swings open. In the coming months, a wave of government initiatives could start making such high-tech methods of identification commonplace -- beginning with the replacement this fall of federal employee IDs. Similar cards are planned for transportation workers, first responders and visitors to the United States.      Packed with biometric data such as fingerprints and containing a computer chip with room to expand the amount of information stored, the new IDs represent a potential boon to technology companies eyeing an estimated $8 billion in identity-related contracts. Firms such as BearingPoint Inc. and Lockheed Martin Corp. have set up showcase identity labs, pulling technology from different companies into turnkey operations. Hundreds of smaller companies, down to manufacturers of plastic cards, are vying for part of the market. The biggest business opportunity still looms: Driver's licenses, which are due for a retooling under new federal laws. 5:51:44 PM  PermaLink   / trackback []

E-Health Gaffe Exposes Hospital. E-Health Gaffe Exposes Hospital. An Indiana computer consultant finds a password hard-coded into a popular medical office application, and that leads to patient data from a hospital in Washington, D.C. By Kevin Poulsen. [Wired News: Security Blanket] 5:48:42 PM  PermaLink   / trackback []

Protect Yourself From Pretexting. Protect Yourself From Pretexting. Do you sit on the board of a Silicon Valley giant? Are you a journalist with high-placed sources to protect? Here's your survival guide for the dawning era of corporate plumbers and counter-journalism espionage. By Kim Zetter. [Wired News: Security Blanket] 5:47:22 PM  PermaLink   / trackback []

Belgian PM: Data Transfer Broke Rules The transfer of confidential banking records by a Belgium-based company to U.S. authorities for use in anti-terrorism investigations breached Belgian and likely European Union data privacy rules, top government officials said Thursday. The controversy surrounds a secret transfer deal between the U.S. treasury and the Belgium-based Society for Worldwide Interbank Financial Telecommunication, or SWIFT. The company routes about 11 million financial transactions daily between 7,800 banks and other financial institutions in 200 countries, recording customer names, account numbers and other identifying information. 'SWIFT finds itself in a conflicting position between American and European law,' Prime Minister Guy Verhofstadt said. 'When you look to every European legislation they ask more guarantees than those obtained by SWIFT.' He said Belgium would be pushing its EU partners to open talks on a new agreement to get more privacy guarantees from the U.S. side as part of a new deal on the transfer of financial records used in terror investigations. 5:45:17 PM  PermaLink   / trackback []

NSA Bill Performs a Patriot Act. NSA Bill Performs a Patriot Act. Under the guise of reining in the Bush administration's warrantless eavesdropping program, the Senate Judiciary Committee approves a bill that would dramatically expand the government's domestic surveillance capabilities, and usher in a new age of rampant monitoring. By Ryan Singel. [Wired News: Security Blanket] 5:43:12 PM  PermaLink   / trackback []

Pay By Touch puts its finger on ID verification system. Pay By Touch puts its finger on ID verification system. Pay By Touch, a credit card processing and in-store biometrics vendor, has launched an identity verification service that allows online shoppers to make purchases by using their fingerprint to verify their identity. [Computerworld Privacy News] 5:41:13 PM  PermaLink   / trackback []

Microsoft revokes MVP status of adware distributor. Microsoft revokes MVP status of adware distributor. Microsoft has revoked one of its Most Valued Professional awards after learning that the recipient distributes adware. [Computerworld Privacy News] 5:39:40 PM  PermaLink   / trackback []

FCW.com - IG: IRS not doing enough to safeguard taxpayers' privacy The Internal Revenue Service has not done enough to protect the privacy of more than 130 million taxpayers, according to a Treasury Department Inspector General's report released Oct. 3. The agency has conducted privacy impact assessments (PIAs) on less than half of its computer system and does not adequately monitor its own application of privacy laws, according to the report from the Treasury IG For Tax Administration. The E-Government Act of 2002 and IRS guidelines require every computer system or project that collects personal information to have a current PIA on file with the agency's privacy office. As of August 2005, the IG could not find PIAs for 130 of the 241 IRS computers systems that collect the sensitive information, according to the report. "We attribute the missing PIAs to the lack of emphasis on privacy issues, and the decision to not require that all systems be certified and accredited," the report states. Thus, taxpayers' identities are at a higher risk of being stolen and used unlawfully, the report found. The IG recommended that IRS officials build a searchable database of PIAs with quarterly verifications on their accuracy and reinforce the importance of PIA case documentation. The IG report recommended that officials review employee privacy training and assess whether IRS business units meet regulations. 5:37:22 PM  PermaLink   / trackback []

FCW.com - House passes data breach bill A bill that would require all federal agencies to strengthen their protection of sensitive information has passed the House and now moves on to the Senate. The language is part of a larger bill, the Veterans Identity and Credit Security Act of 2006. Rep. Tom Davis (R-Va.), who introduced the measure applying to all agencies, said he will try to move the language separately if the Senate does not act on the bill. Davis' legislation would amend the Federal Information Security Management Act, which Davis introduced and championed in 2002. The change directs the Office of Management and Budget to establish procedures for agencies to follow if personal information entrusted to an agency is lost or stolen. It also requires agencies to notify people whose personal information is jeopardized by a security breach and gives chief information officers the power to ensure that agency employees comply with information security laws. The bill comes after a series of revelations about lost, stolen or exposed data from several agencies. 5:34:53 PM  PermaLink   / trackback []

Beguiling but Beware: Ajax, VOIP. Beguiling but Beware: Ajax, VOIP. They are slick and gaining popularity, but voice over internet protocol and Ajax have some big security problems that will probably get worse before they get better. Quinn Norton reports from San Diego. [Wired News: Security Blanket] 5:32:32 PM  PermaLink   / trackback []

NSA Spy Program Gets Temporary OK. NSA Spy Program Gets Temporary OK. Hold the phone: Warrantless surveillance of international calls and e-mails into and out of the United States can go ahead while a judge's ruling, which called the intercepts unconstitutional, works its way through the appeals process. [Wired News: Security Blanket] 5:30:59 PM  PermaLink   / trackback []

Why Everyone Must Be Screened. Why Everyone Must Be Screened. Isn't it logical and more efficient to allow people carrying U.S. government security clearances to bypass airport screening? You might think so, but you'd be wrong. Commentary by Bruce Schneier. [Wired News: Security Blanket] 5:27:14 PM  PermaLink   / trackback []

Slashdot | New Copy Protection to Make Playing DVDs on a PC Difficult The Cowardly Pirate writes "ZDNet's Hardware 2.0 blog is reporting that new copy-protection software for DVD publishers from a company called ProtectDisc not only makes it difficult to rip movies that you've purchased but also prevents discs from playing in a Windows PC at all. From the article: 'Protect DVD-Video is the brainchild of a company called ProtectDisc. Part of the copy-protection mechanism is a non-standard UDF (Universal Disc Format) file system which results in the IFO file on the DVD (this is the file responsible for storing information on chapters, subtitles and audio tracks) appearing to the PC as being zero bytes long.'" 5:25:22 PM  PermaLink   / trackback []

Slashdot | Vista DRM Prevents Kernel Tampering mjdroner writes "A ZDNet blog reports on a new DRM feature for Vista that 'protects' the kernel from tampering. The blog quotes a Microsoft document: 'Code (CI) protects Windows Vista by verifying that system binaries haven't been tampered with by malicious code and by ensuring that there are no unsigned drivers running in kernel mode on the system.' The blog says that much of the DRM in Vista is simply a port from XP, but that this feature is new to the OS." 5:23:30 PM  PermaLink   / trackback []

Privacy Group Files Suit Against FBI A privacy-advocacy group is suing the U.S. government for records concerning electronic-surveillance tools such as one that appears to be a successor to the FBI's abandoned Carnivore program. The Electronic Frontier Foundation said it is suing the Department of Justice because the FBI failed to respond in time to its Freedom of Information Act request for records on the DCS-3000 and Red Hook programs. DCS-3000 is an interception system that the EFF said apparently evolved out of Carnivore, a system later renamed DCS-1000. The FBI developed Carnivore to read e-mails and other online communications among suspected criminals, terrorists and spies, but privacy groups and lawmakers complained it could collect much more than allowed by a warrant. A Justice Department Inspector General report in March said the FBI had spent about $10 million on DCS-3000 to intercept communications over emerging digital technologies used by wireless carriers before next year's federal deadline for them to deploy their own wiretap capabilities. The same report said the FBI spent more than $1.5 million to develop Red Hook, 'a system to collect voice and data calls and then process and display the intercepted information' before those wiretap capabilities are in place. 5:14:14 PM  PermaLink   / trackback []

BBC NEWS | Technology | Internet privacy 'sacrificed' by Icann Internet law professor Michael Geist argues that the internet oversight body has sacrificed the issue of privacy for a shot at independence. For the past five years, privacy has lingered as one of the Internet Corporation for Assigned Names and Numbers' (Icann) most contentious policy issues. Information on tens of millions of domain name registrants is contained in the "WHOIS database", which is readily available to anyone with internet access. Pre-dating Icann, the database identifies the name, address and other personal information of domain name registrants. Privacy groups, including European data protection commissioners, have expressed misgivings about the mandatory collection and disclosure of this personal information. 5:11:17 PM  PermaLink   / trackback []

Congress Wades Into HP Probe. Congress Wades Into HP Probe. A Congressional committee, federal prosecutors and the FBI all join California's Attorney General to investigate the legalities of Hewlett Packard's questionable information-gathering methods. [Wired News: Security Blanket] 5:07:21 PM  PermaLink   / trackback []

Private investigators plead not guilty in HP pretexting case. Private investigators plead not guilty in HP pretexting case. Arraignment dates have been set for the three investigators in HP's pretexting case. [Computerworld Privacy News] 5:03:25 PM  PermaLink   / trackback []

Survey: High-tech firms dissing online customers. Survey: High-tech firms dissing online customers. High-tech and computer companies aren't as good as retailers and telecoms when it comes to communicating with their online customers. But they're getting better at respecting private data, according to a new survey by The Customer Respect Group. [Computerworld Privacy News] 5:01:41 PM  PermaLink   / trackback []

ICANN: We can't shut down Spamhaus. ICANN: We can't shut down Spamhaus. ICANN said it does not have the authority to legally shut down Spamhaus, a U.K.-based antispam service, despite a court order calling for it to do so. [Computerworld Privacy News] 5:00:21 PM  PermaLink   / trackback []

FTC Report:"Let Localities Decide on Muniwireless". FTC Report:"Let Localities Decide on Muniwireless". Yesterday, the Federal Trade Commission released a report on municipal broadband. Specifically, the staff report tried to address the question, thoughtfully included in the title of the press release, [base "]Should Municipalities Provide Wireless Internet Service?[per thou] Jon Leibowitz, the one Democrat (the other non-Republican, Pamela Jones Harbor, is an independent), issued a concurring statement strongly supporting the right of localities to provide broadband services as a needed competitor and potential [base "]third pipe[per thou] into the home. For me, the important bottom line on the Report is that each locality needs to make its own decision on whether to provide internet service, and under what model. Accordingly, it is a phenomenally bad idea to pass laws that impose blanket bans (like Nebraska[base ']s), or which limit the flexibility of localities to act (like Pennsylvania[base ']s law, which gives private companies a right of first refusal before municipalities can build their own systems). read more [Public Knowledge - Policy Blog] 4:56:15 PM  PermaLink   / trackback []

Macrovision DRM Still Screws TiVo Users. Macrovision DRM Still Screws TiVo Users. Last year, TiVo users experienced glitches that auto-erased recorded content. The culprit was Macrovision DRM, and it's back and as bad as ever in TiVo Series 3 for HD. CNet documents brand new errors that prevented viewing and recording content. (Link via BoingBoing.) Unfortunately, glitches like this are only part of Series 3 users' worries. Hollywood and cable providers have forced TiVo to remove TiVoToGo and implement a host of DRM restrictions in this device. If a program is marked as "copy never" or "copy once," your TiVo must obey -- it doesn't matter whether the copy limit was put there on purpose by the cable provider or was a technical error, as in CNet's case. Learn more about these restrictions in our new white paper, "Who Killed TiVoToGo?" [EFF: Deep Links] 4:53:39 PM  PermaLink   / trackback []

US and EU stitch up airline passenger data deal. US and EU stitch up airline passenger data deal. And data protection law European data protection authorities are choking on their baguettes after seeing the detail of the data-sharing agreement the EU signed with the US on Friday. The passenger name record (PNR) agreement was presented as a formality that had been passed by the respective administrations without so much as a hiccup. But it's proving hard to swallow. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 4:51:16 PM  PermaLink   / trackback []

Privacy groups rap DHS plan to limit access to clearance information (10/10/06) Privacy advocates have voiced strong opposition to the Homeland Security Department's proposal to scale back the amount of information that security clearance applicants can access about government investigations of their background. "It needs to be thoroughly revised," Pam Dixon, executive director of the World Privacy Forum, said of DHS' proposed rule change. Members of the public have until Oct. 12 to submit comments on the draft regulation. DHS argued in its proposal that more information that comes up during background checks -- central to employment in many positions at the department -- must be kept secret to avoid compromising national security or revealing that an individual is being investigated. Dixon responded with a four-page letter, in which she argued that DHS' move to "commingle" systems of records that come up during investigations -- including those on terrorism-related inquiries and criminal investigations -- and then exempt them from the 1974 Privacy Act creates an overly broad category of documents that are unavailable to applicants. Provisions in the Privacy Act currently give applicants the right to view their materials. 4:47:19 PM  PermaLink   / trackback []

Californians Lose Out on New RFID Safeguards. Californians Lose Out on New RFID Safeguards. Last month, California's state legislature passed a bipartisan, groundbreaking new law that would institute tough privacy safeguards for Radio Frequency Identification RFID chips embedded in state identification cards. Unfortunately, over the weekend Governor Arnold Schwarzenegger vetoed the Identity Information Protection Act and prevented Californians from gaining control over the personal information that will be broadcast by RFID-equipped drivers' licenses, library cards, and other important ID cards. In his veto statement, Schwarzenegger claimed that the bill was premature, as the federal government has not released new technology standards for state drivers' licenses and other ID cards as part of the REAL ID Act. But this is precisely why California and other states should act now. The REAL ID Act mandates that drivers' licenses have "common machine-readable technology" on every ID. If the Department of Homeland Security decides that this "machine-readable technology" will be RFID, then citizens deserve a thoughtful and rational law to protect them from identity theft, covert tracking, and stalking. While obviously disappointing, the fight's not over yet -- EFF and our partners will work hard to get this bill reintroduced and passed next year. The bill is sponsored by EFF, the ACLU, and the Privacy Rights Clearinghouse, and support came from groups ranging from the AARP to the California Alliance Against Domestic Violence to the Gun Owners of California. [EFF: Deep Links] 2:10:10 AM  PermaLink   / trackback []

BAY AREA / 3 of region's brightest win 'genius' fellowships / $500,000 each in grants from the MacArthur Foundation "Techies love technology and solving problems, and social problems are often the coolest ones,'' h