Monday, February 5, 2007

IOL: Who watches the watchers? Chicago - In some cities in Europe and the United States, a person can be videotaped by surveillance cameras hundreds of times a day, and it's safe to say that most of the time no one is actually watching. But the advent of "intelligent video" - software that raises the alarm if something on camera appears amiss - means Big Brother will soon be able to keep a more constant watch, a prospect that is sure to heighten privacy concerns. Combining motion detection technology with the learning capabilities of video game software, these new systems can detect people loitering, walking in circles or leaving a package. 3:18:44 PM

U.S. Set to Begin a Vast Expansion of DNA Sampling - New York Times The Justice Department is completing rules to allow the collection of DNA from most people arrested or detained by federal authorities, a vast expansion of DNA gathering that will include hundreds of thousands of illegal immigrants, by far the largest group affected. The new forensic DNA sampling was authorized by Congress in a little-noticed amendment to a January 2006 renewal of the Violence Against Women Act, which provides protections and assistance for victims of sexual crimes. The amendment permits DNA collecting from anyone under criminal arrest by federal authorities, and also from illegal immigrants detained by federal agents. Over the last year, the Justice Department has been conducting an internal review and consulting with other agencies to prepare regulations to carry out the law. The goal, justice officials said, is to make the practice of DNA sampling as routine as fingerprinting for anyone detained by federal agents, including illegal immigrants. Until now, federal authorities have taken DNA samples only from convicted felons. The law has strong support from crime victims' organizations and some women's groups, who say it will help law enforcement identify sexual predators and also detect dangerous criminals among illegal immigrants. [...] While the proposed rules have not been finished, justice officials said they were certain to bring a huge new workload for the F.B.I. laboratory that logs, analyzes and stores federal DNA samples. Federal Bureau of Investigation officials said they anticipated an increase ranging from 250,000 to as many as 1 million samples a year. The laboratory currently receives about 96,000 samples a year, said Robert Fram, chief of the agency's Scientific Analysis Section. [...] "What this does is move the DNA collection to the arrest stage," said Erik Ablin, a Justice Department spokesman. "The general approach," he said, "is to bring the collection of DNA samples into alignment with current federal fingerprint collection practices." He said the department was "moving forward aggressively" to issue proposed regulations. The 2006 amendment was sponsored by two border state Republicans, Senator Jon Kyl of Arizona and Senator John Cornyn of Texas. In an interview, Mr. Kyl said the measure was broadly drawn to encompass illegal immigrants as well as Americans arrested for federal crimes. He said that 13 percent of illegal immigrants detained in Arizona last year had criminal records. [...] The F.B.I. also loads DNA profiles from local and state police into the federal database and runs searches. Only seven states now collect DNA from suspects when they are arrested; of those, only two states are authorized by their laws to send those samples to the federal database. [...] Many groups warned that the measure would compound already severe backlogs in the F.B.I.'s DNA processing. Mr. Fram of the F.B.I. said there had been an enormous increase in the samples coming to the databank since it started to operate in 1998, but no new resources for the bureau's laboratory. Currently about 150,000 DNA samples from convicted criminals are waiting to be processed and loaded into the national database, Mr. Fram said. 2:38:44 PM

Retailers, Banks Trade Blame in Data Thefts. Retailers, Banks Trade Blame in Data Thefts. The Washington Post today ran a story I wrote about data breach legislation being crafted on Capitol Hill. Lawmakers are looking to respond to the almost daily disclosures of companies, schools and government agencies suffering data breaches or otherwise exploiting consumers' personal data. Since February 2005, when data mining giant ChoicePoint divulged that it had sold data on 145,000 consumers to criminals, there have been more than 100 million instances in which Americans have had their personal data compromised due to data breaches and mishaps, according to Privacy Rights Clearinghouse. It's difficult to find a policy issue that's more timely than data privacy and security. Based on my recent interviews, it is clear that this issue is shaping up to be a slugfest between the retail industry and small banks. A recent high-profile data breach at TJX, the Massachusetts-based parent of discount retailers TJ Maxx and Marshalls, happened in the backyard of House Financial Services Committee Chairman Barney Frank (D-Mass.). According to Frank, retailers like TJX are not doing enough to protect their customers' data (TJX said hackers had broken into its credit and debit card processing network for six months last year and in a separate period in 2003). Frank wants retailers to bear more of the costs that banks incur when canceling new accounts, issuing new cards and dealing with the fallout from angry and confused customers. I suspect that his argument is likely to resonate strongly with many consumers. Retailers tell a different story. Mallory Duncan, senior vice president of the National Retail Federation, sums up their point of view: "Most of the larger banks have very sophisticated, round-the-clock fraud monitoring systems in place, but a lot of the smaller institutions don't have those systems," he said. "These institutions have abdicated their responsibilities in this regard, and now they want retailers to pay for it." The rest of the story is here. Security Fix will be keeping a close eye on this key issue. I will be moderating a panel on possible legislative solutions to data privacy and breach problems at the RSA Security conference in San Francisco next Tuesday. If you're heading out there as well, please drop by the panel to join in the conversation; I plan to leave plenty of time for Q&A. [Security Fix] 2:08:21 PM

TiVo and User Privacy. TiVo and User Privacy. The San Francisco Chronicle reports that TiVo is collecting and selling data on what parts of broadcasts people are rewinding for review and what commercials they are skipping. Dubbed [base "]StopWatch,[per thou] this data-collection practice reflects the growing ease with which various media and Internet service providers can collect and exploit vast amounts of information about consumers[base '] everyday habits. TiVo maintains that there is little privacy threat to end users, arguing that [base "]We don[base ']t know what any particular person is watching,[per thou] and [base "]We only know what a random, anonymous sampling of our user base is watching.[per thou] While it is probably true that they are only accessing and selling a random, anonymous sampling of usage data, the larger concern is that user data is collected and stored in the first place. The fact that they only sample a random subset of the data is only a temporary comfort (and perhaps only a temporarily self-imposed restriction). And given the aftermath of AOL[base ']s botched release of [base "]anonymized[per thou] user data, I have less comfort with TiVo[base ']s claim that the data is truly anonymous. TiVo is trying to do the right thing, but I[base ']m concerned that their execution might fail. Time will tell. (And this would make an excellent case study for any student looking to explore the privacy implications of new media technologies[sigma]hint hint) [michaelzimmer.org] 1:40:02 PM

© Copyright 2007 Paul Hardwick. Last update: 3/4/07; 9:08:13 AM.