Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Monthly Archives: November 2005

Why Posting Your Email Address On A Website May Get You Spammed

Posted in Marketing and Consumer Privacy

Posted by Thomas R. Burke Email addresses that are available on website pages remain the richest target for SPAMMers who “harvest” addresses using automated systems that easily search for the “@” symbol. In a study released this month by the FTC’s Division of Marketing Practices, the government also found that email addresses posted in chat rooms, message boards, and blogs were “far less likely to be harvested.” This may be because operators in some chat rooms automatically remove postings that contain email addresses — in contrast, website pages typically remain static. Best news: free anti-SPAM filters were highly effective in catching SPAM, although SPAM caught by ISPs remains a burden on the ISPs doing the filtering.... Continue Reading

A Creeping Spread of Location Technology

Posted in Surveillance

Posted by Brian Bennett
A government proposal to use Global Positioning System (“GPS”) transmitters to track New York City taxis has led to taxi driver demonstrations. Businesses are increasingly using location technology to track the movement of employee vehicles, raising employee and union concerns about businesses tracking employee movements. Some privacy advocates warn that the use of GPS technology could create more problems than benefits for businesses, leading to potential liability when plaintiffs’ attorneys can prove a taxi or delivery van was speeding.... Continue Reading

Spokane mayor’s beefcake cache is not a public record, but list of websites he visited is

Posted in Marketing and Consumer Privacy

Posted by Bruce Johnson

Spokane Mayor James E. West’s laptop was the subject of an interesting Public Disclosure Act decision on Thursday.

West, a Republican who is now subject to a recall vote on Dec. 6 for these activities, apparently used his city-owned laptop to access and other gay-oriented websites, and also conduct internet chats with prospective dates.... Continue Reading

Merchant Bank May be Liable for Costs to Replace Hacked Visa Cards

Posted in Cyber and National Security, Litigation, Policy and Regulatory Positioning

Posted by Randy Gainer

The United States District Court for the Middle District of Pennsylvania ruled on October 18, 2005, that the bank that processed credit and debit card transactions for BJ’s Wholesale Club, Inc. may be liable for the costs that a credit union incurred to replace compromised cards. The ruling came in a lawsuit filed by the Pennsylvania State Employees Credit Union against Fifth Third Bank and BJ’s after data thieves hacked into BJ’s computers and downloaded credit and debit card data that BJs obtained when it processed card used at its stores. The thieves used the stolen data to create fraudulent cards and used the cards to make purchases. The credit union replaced the cards after cardholders and Visa notified the credit union of the fraudulent charges. The credit union spent about $100,000 to replace more than 20,000 cards.... Continue Reading

UK Police Endeavor to Create the Largest Surveillance System in the World

Posted in Surveillance

Posted by Steve Chung

The UK newspaper, The Register, reports that the UK’s Association of Chief Police Officers (ACPO) plan to create a national vehicle moving database that is designed to retain license plate data captured from moving vehicles. A control center in London will link existing speedcams and other databases around the country, and by the end of the year, APCO expects the control center to process up to 50 million number plates, which would make it one of the most pervasive surveillance systems in the world. APCO’s roads policing head, Meredydd Hughes, has revealed that Automatic Number Plate Recognition systems will be placed along roads every 400 yards, and will be used to enforce speed limits and then later to address more serious crimes. While the system will undoubtedly become a powerful tool for police officers, privacy concerns will inevitably arise, especially as the technology advances and license plate data is linked with faces and images of vehicle interiors.... Continue Reading

Sony Music CD Woes, Continued

Posted in Cyber and National Security

Posted by Brian Wong Sony BMG Music Entertainment (Sony) has announced it will remove music CDs containing First4Internet XCP digital rights management (DRM) software from stores, and it will offer exchanges for discs already sold. As we explained here, the XCP DRM requires the installation of a rootkit deep within the Windows operating system in order for a PC to play the CD, and the rootkit represents a potential security flaw [UPDATE: Make that several flaws.] Sony stated that more than 20 titles have been released with XCP software, and of those CDs, over 4 million have been manufactured, and 2.1 million sold.... Continue Reading

Hi, Dad! Teen Uncovers Anonymous Sperm Donor Through Online Geneaology Database

Posted in Marketing and Consumer Privacy

Posted by Lance Koonce

As it turns out, had Oedipus been blessed with a good laptop and a secure wifi node instead of those cryptic Oracles (this kind, not that kind), he might have avoided the entire murder/incest/blinding thing.

Today’s Washington Post reports that a 15-year-old boy whose mother was artificially inseminated by sperm from an anonymous donor managed to track down the donor using readily available online sources.... Continue Reading

Select Sony/BMG Music CDs Include Invasive Digital Rights Management Software

Posted in Cyber and National Security

Posted by Brian Wong

The term “rootkit” entered a broader public consciousness after researchers discovered that Sony BMG Music Entertainment (Sony) has included digital rights management (DRM) software on 19 music CDs that must be installed in order for a PC to play the CD. The software installs itself deep within the Windows operating system and hides itself from view using rootkit technology. It runs even when the CD is not being played, consuming system resources. The software is difficult to remove and the removal process can crash the computer and/or disable the computer’s CD drive.... Continue Reading

“No Fly” List Revelations

Posted in Cyber and National Security, Marketing and Consumer Privacy, Surveillance

Posted by DWT The Privacy and Security Law Blog is today able to release, for the first time anywhere, the final set of previously secret documents produced by the Transportation Security Administration (“TSA”) and the FBI in connection with a high profile Freedom of Information Act (“FOIA”) lawsuit involving the government “no fly” list. The documents include the names of TSA employees involved in the administration of the list: TSA Documents, pages 1-12. TSA Documents, pages 12-24. FBI Documents, pages 1-6.... Continue Reading

Spyware and Adware Guidelines Released

Posted in Cyber and National Security

Posted by Peter Mucklestone and Stuart Louie

The Anti-Spyware Coalition, a collection of anti-spyware vendors and consumer groups, recently released guidelines for public comment to help consumers assess products designed to defend against spyware and adware ‚Äî unwanted programs that can “bombard [the user] with pop-up ads and drain [a PC’s] processing power to the point of rendering [the computer] unusable.”... Continue Reading

Executive Order 13388: Changing Information Sharing Priorities for Federal Agencies

Posted in Cyber and National Security

On October 25, 2005, President Bush signed Executive Order 1388, which orders that “agencies shall, in the design and use of information systems and in the dissemination of information among agencies: (a) give the highest priority to . . . (iii) the interchange of terrorism information between agencies and appropriate authorities of State, local, and tribal governments, and between agencies and appropriate private sector entities . . . .” The text of the Order can be found here.... Continue Reading

Proposition 73 in California – Abortions, a Minor’s Privacy, and a Parent’s Right to Know

Posted in Marketing and Consumer Privacy

Posted by Peerapong Tantamjarik

Here in California, it’s that time of the year again… it’s Special Election time! Where ordinary citizens, like you or me, or those with gobs of extra cash, can gather (or pay for) signatures and make a difference to the state by putting up for approval various propositions. Often times, these propositions can even amend our state Constitution. Proposition 73, currently on the November 8th, special election ballot, proposes to do just such a thing.... Continue Reading

Private Lives as WiFi Performance Art

Posted in Communications/Media

Posted by Lance Koonce

Most readers of this blog are well aware of the risks of unencrypted wifi, but a Toronto-based artist is demonstrating some of those risks in a rather graphic way.

Michelle Teran is presenting a series of performance art pieces in which she leads a small group of onlookers through the streets of a city (recently, Cardiff, in Wales) carrying a video monitor and receiver tuned to the 2.4GHz band on which many wireless equipment operates, such as closed-circuit video monitors. When she finds unencrypted signals she displays the unintentionally-broadcast signals on her monitor for her audience.... Continue Reading

Seventh Circuit Breaks with Other Appeals Courts to Find Federal Jurisdiction for Consumer Junk Fax Suits

Posted in Litigation, Policy and Regulatory Positioning

Posted by Ronald London

The U.S. Court of Appeals for the Seventh Circuit, which sits in Chicago and encompasses Illinois, Indiana and Wisconsin, recently issued a decision in Brill v. Countrywide Home Loans, Inc., No. 05-8024, holding that federal courts may hear lawsuits arising out of consumer claims for redress under the Telephone Consumer Protection Act (“TCPA”), which regulates unsolicited commercial faxes and phone calls. The Seventh Circuit breaks with six other federal courts of appeal that have held jurisdiction over such consumer claims lies exclusively in state court and cannot be lodged in or removed to federal court. The Seventh Circuit decision is significant in that it creates the kind of “split” among circuits that often forms the basis for the Supreme Court to exercise discretionary review, and because it is the first federal appeals court TCPA decision that post-dates the Class Action Fairness Act of 2005.... Continue Reading

ThePrivacyPlace.Org 2005 Privacy Survey

Posted in Marketing and Consumer Privacy

Posted by DWT We have been asked to help get the word out about an online survey being conducted by ThePrivacyPlace.Org. The survey will measure privacy policies and user values, and is supported by a National Science Foundation Information Technology Research grant. In the words of the survey’s sponsor, the survey is “intended to evaluate individuals’ views and opinions on privacy related issues in the context of the Internet.” Click here or on the image above for the survey.... Continue Reading

Alito on Privacy

Posted in Marketing and Consumer Privacy

Posted by Brian Bennett

The initial reports on Supreme Court nominee Samuel Alito’s views on privacy rights are mixed. In Third Circuit cases involving search warrants, Judge Alito has voted in dissent to uphold intrusive searches of women and children who were not named in search warrants and were not the subjects of any investigation. Judge Alito assured Senator Arlen Specter, on the other hand, that he endorses a constitutional right to privacy as cited by the Supreme Court in Griswold v. Connecticut, 381 U.S. 479 (1965). In Griswold, the Supreme Court invalidated a Connecticut law that outlawed contraception, stating that the Connecticut law violated a constitutional right to privacy. Conservative Justices such as Antonin Scalia, with whom Judge Alito has been compared, have criticized the concept of a constitutional right to privacy.... Continue Reading