Privacy and Security Law Blog : Privacy & Security Law Blog : Davis Wright Tremaine LLP : Seattle, Los Angeles, Washington D.C., New York, San Francisco, Shanghai, Portland and Anchorage Law Firm

Posted by Peter Mucklestone

The bank regulatory agencies recently released a frequently asked questions ("FAQs") document to aid in the implementation of the interagency guidance on Authentication in an Internet Banking Environment issued October 12, 2005 (the "Interagency Guidance"). The Interagency Guidance addresses the need for risk-based assessment, customer awareness, and security measures to reliably authenticate customers remotely accessing their financial institutions’ Internet-based financial services.

The FAQs are a representation of questions the agencies have received from financial institutions, agency examiners and technology service providers.  The FAQs are designed to assist financial institutions and their technology service providers in conforming to the Interagency Guidance by providing information on the scope of the Interagency Guidance, the timeframe for compliance, risk assessments, and other issues.

A link to the FAQs can be found on the Federal Financial Institutions Examination Council's (FFIEC) Web site.

• Email This
• Print
• Comments
• Share Link

Posted by Brian Bennett

A few weeks after discovering a terrorist plot, European and American authorities are looking for additional ways to expand the screening of international airline passengers. A new proposal by the Homeland Security Secretary would expand government access to passenger information from basic data commonly found in a passport, like name, nationality and date of birth, to other personal information such as e-mail addresses, telephone numbers, credit card information and related hotel or car reservations. U.S. authorities are already allowed to get most of this information from the reservation company databases to help look for people on watch lists, but the new proposal would allow the government to search not only for known terrorists on watch lists, but also for people who may be linked to terrorists.

• Email This
• Print
• Comments
• Share Link

Posted by Randy Gainer

By holding that the NSA's domestic eavesdropping program violates the First and Fourth Amendments of the Constitution, Judge Taylor upended Senator Specter's Bush Administration-approved FISA fix bill. See pages 28-32. Senator Specter's bill, SB 2453, would amend FISA to permit the NSA to continue the domestic surveillance that Judge Taylor enjoined on August 17. (She stayed the injunction until September 7, when she hold a hearing to consider whether to continue the stay during the appeal that the Department of Justice filed several hours after her initial ruling.) The fallback legislative fix that Senator Specter cooked up with the President's lawyers would not, even if Congress were to enact it, overcome the constitutional flaws that Judge Taylor found in the NSA eavesdropping program.

Senator Specter's bill would rewrite FISA section 109 to state "A person is guilty of an offense if he intentionally – (1) engages in electronic surveillance under color of law except as authorized by statute or under the Constitution." Judge Taylor held, however, that the Fourth and First Amendments prevent domestic wiretapping for foreign intelligence gathering without a judicial warrant. Senator Specter's bill was transparently intended to "overrule" a potential judicial ruling that the NSA program violates the requirement in FISA that the executive must get a warrant or an order from the Foreign Intelligence Surveillance Court. 

• Email This
• Print
• Comments (1)
• Share Link

Posted by KM Das

Consumer Union, the U.S. Public Interest Research Group, the Consumer Federation of America, the Center for Democracy and Technology, Consumer Action, and the Privacy Rights Clearinghouse have joined together to write to the leadership of the U.S. House of Representatives to express their dissatisfaction with H.R. 3997—the Financial Data Protection Act. Although vote on H.R. 3997 has now been postponed until at least September and possibly until after the November elections, the letter from the consumer groups highlights yet again two things—Congress’s inability to pass a data breach notification and/or data security bill more than seventeen (17) months after ChoicePoint data breach and the concerns that consumers have about preemption of state laws that are seeing as offering stronger protections and rights to consumers.

• Email This
• Print
• Comments
• Share Link

Posted by Randy Gainer

The Foreign Intelligence Surveillance Act, 50 U.S.C. §§ 1801-1811, currently makes FISA court orders and judicial warrants issued in criminal proceedings the exclusive means by which the President and other executive branch officials may lawfully intercept telephone calls and emails sent or received by people in the United States.  Section 109 of FISA, codified at 50 U.S.C. §1809(a), states in pertinent part:  “A person is guilty of an offense if he intentionally – (1) engages in electronic surveillance under color of law except as authorized by statute . . . .”  In other words, with certain exceptions, “electronic surveillance of a foreign power or its agents may not be conducted unless the FISA Court authorizes it advance.”  ACLU Foundation of S. Cal. v. Barr, 952 F.2d 457, 461 (D.C. Cir. 1991).  

• Email This
• Print
• Comments
• Share Link

Posted by Bruce E.H. Johnson

My LA partners Kelli Sager and Al Wickers have written about a new California decision, which has significant implications for everyone — including especially unsuspecting souls who never intend to set foot in the state but happen to have a telephone and a recording device. 

California's privacy laws, which have criminal penalties, can be applied to out-of-state individuals and businesses.

• Email This
• Print
• Comments
• Share Link