Privacy and Security Law Blog : Privacy & Security Law Blog : Davis Wright Tremaine LLP : Seattle, Los Angeles, Washington D.C., New York, San Francisco, Shanghai, Portland and Anchorage Law Firm

Posted by Lance Koonce

Perhaps I'm just cynical, but if the Internal Revenue Service sends me an email notice today saying that I have unexpectedly received a refund on my taxes, I will not rush out and start start shopping for that new car just yet. (Of course, maybe that's because my taxes are never done until April 15th, so anything I receive from the IRS this early is clearly a fraud.)

But the IRS is not laughing at the surge in email phishing attempts designed to prey on people's tendency to trust official-looking communications from the federal government.

• Email This
• Print
• Comments
• Share Link

Posted by Peter Mucklestone and Stuart Louie

The Federal Deposit Insurance Corporation (FDIC) recently released an on-line multimedia education tool that consumers can use to learn how to better protect their computers and themselves from identity thieves. The presentation also features actions consumers can take if their personal information has been compromised.

• Email This
• Print
• Comments
• Share Link

Posted by K.M. Das

K.M. is blogging from the RSAConference2006 in San Jose this week.

One of the decisions I had made on my way to the RSAConference2006 was that I was not going to post any vendor-specific remarks or reviews based on what I saw at the conference or on the Exposition floor. I had a number of reasons for this decision, not the least of which were that: (1) I simply do not know enough about the technologies to write a knowledgeable review, and (2) I would only be getting the vendors' view of the technology and not the other side of the story. But as they say about the best laid plans of men and mice . . . .

• Email This
• Print
• Comments
• Share Link

Posted by DWT

This April in San Francisco, our own Bruce Johnson and Greg Kopta will be giving presentations at the "Blog Law and Blogging for Lawyers" conference in San Francisco, co-hosted by Dennis Crouch of Patently-O and Cathy Kirkman of the Silicon Valley Media Law Blog.

Other presenters will include Denise Howell, Raymond Nimmer and our friend Kevin O'Keefe at LexBlog. A more complete list of speakers with links, can be found on Patently-O.

• Email This
• Print
• Comments
• Share Link

Posted by K.M. Das

K.M. is blogging from the RSAConference2006 in San Jose this week.

One of the topics that is being frequently discussed at various sessions at the RSAConference2006 is the erosion of consumer confidence in e-commerce and how, if that erosion continues, it could lead to a crash of the entire e-commerce model. The need for private entities and the government to work together to reverse the trend has been repeated by numerous keynote speakers, including Art Coviello, CEO and President of RSA Security, Inc., Stratton Sclavos, CEO and President of VeriSign, Inc., and John Thompson, CEO of Symantec Corp. One of the possible solutions that speakers at the conference have pointed to is the implementation of a more robust national identification and authentication system, based perhaps on the REAL ID Act.

• Email This
• Print
• Comments
• Share Link

Posted by Lance Koonce

Recently a friend sent me an email message that contained, in the footer, a message stating that the email had been sent via "MSGTAG". Curious, I visited the website for this product, and learned that MSGTAG is an email "read receipt" program. The difference between this program and the read receipt function in MS Outlook and other widely-used email software is that the recipient does not receive a pop-up window asking whether he or she wants to send a read receipt - MSGTAG automatically does that. Further, if you upgrade to a pay version of the software, you can eliminate the footer message altogether. Then you can track all of your emails, and whether and when the recipients opened them, without the recipient knowing that his or her activity is being tracked.

• Email This
• Print
• Comments (5)
• Share Link

Posted by Bruce Johnson

Bureaucracy at its craziest.

Fascinating article (subscription req'd) in yesterday's New York Times about the do-not-fly list.

• Email This
• Print
• Comments (1)
• Share Link

Posted by K.M. Das

K.M. is blogging from the RSAConference2006 in San Jose this week.

One of the themes that appears to be emerging at this year's RSAConference2006 on information security is that security protocols that are aimed at consumers (e.g., security at e-commerce sites and online banking) and employees (e.g., network authentication or database access) is effective only when the consumer or the employee does not find the measures inconvenient.

• Email This
• Print
• Comments
• Share Link

Posted by Brian Wong

Google Vice President Marissa Mayer: "With everything, you trade privacy for a value-add."

This has long been true, and sometimes the only surprise is how little some people ask in return for their private information.

• Email This
• Print
• Comments
• Share Link

Posted by Randy Gainer

A Washington Post article on February 9, 2006 revealed that the Chief Judge of the Foreign Intelligence Surveillance Court directed the Department of Justice in 2004 not to present applications for FISA orders to the FISA Court (FISC) that were based on information gathered through the NSA's domestic surveillance program. The previous Chief Judge of the FISC, Royce C. Lamberth, reportedly issued a similar directive to the DoJ as well. Judge Lamberth and Judge Kollar-Kotelly were the only members of the FISC that had been told about the NSA program. The directives of the two FISC Chief Judges "reveals the depth of their doubts about its legality and their behind-the-scenes efforts to protect the court from what they considered potentially tainted evidence," the Post says.

• Email This
• Print
• Comments
• Share Link

Posted by Lance Koonce

Earlier today, the Transportation Security Administration (TSA) told Congress that it would be sending the Secure Flight program back for re-certification, citing privacy concerns raised by an internal audit. A transcript of the testimony of Assistant Secretary Kip Hawley before the Senate's Committee on Commerce, Science and Transportation can be found here.

• Email This
• Print
• Comments
• Share Link

Posted by Merrill Baumann

Here is a nice primer on the basics that every business should think about regarding the need to adopt data protection measures.

Another helpful habit, of course, is to visit www.privsecblog.com regularly. We'll keep you informed with news and insights on the constantly-changing landscape of data protection, privacy and security law issues.

• Email This
• Print
• Comments
• Share Link

Posted by Steve Chung

Add to the list of amazing capabilities that cell phones can perform, employee tracking. In the name of operational efficiency for businesses, British technology firms are offering tracking services that take advantage of mobile phone tracking technology. To put at ease civil rights groups' concerns that this technology raises substantial privacy concerns, technologists list advantages such as knowing when an employee is stuck in a traffic jam or quickly locating and rerouting staff, for example, in the sales or freight industry.

• Email This
• Print
• Comments
• Share Link

Posted by Thomas R. Burke

The Transportation Security Administration and the FBI have agreed to pay $200,000 in attorneys' fees to the ACLU to settle a Freedom of Information Act and Privacy Act lawsuit filed in 2003 seeking information about the government's "no fly" list to screen airline passengers. ACLU press release here; additional news coverage here. U.S. District Judge Charles Breyer of the Northern District of California in San Francisco approved the settlement Tuesday afternoon (1/24/06).

• Email This
• Print
• Comments
• Share Link

Posted by Peter Mucklestone and Stuart Louie

On January 26, 2006, the Federal Trade Commission announced that a settlement had been reached with consumer data broker, ChoicePoint, Inc. ChoicePoint was charged with (i) violating the Fair Credit Reporting Act (FCRA) by furnishing consumer reports to subscribers who did not have a permissible purpose to obtain them, (ii) failing to maintain reasonable procedures to verity both the subscribers' identities and how such subscribers intended to use such information, and (iii) making false and misleading statements about its privacy policies. As a direct result of these violations, the personal financial records of more than 163,000 consumers were compromised resulting in no less than 800 cases of identity theft.

• Email This
• Print
• Comments
• Share Link