Privacy and Security Law Blog : Privacy & Security Law Blog : Davis Wright Tremaine LLP : Seattle, Los Angeles, Washington D.C., New York, San Francisco, Shanghai, Portland and Anchorage Law Firm

NRC Declines Security Boost for Nuclear Plants
by David Kestenbaum, NPR Morning Edition, January 30, 2007 ·
Fearing terrorism, activist groups have asked the Nuclear Regulatory Commission to strengthen safeguards at power plants. On Monday, the NRC decided not to require plants to build additional defenses.

Banks on notice over security. Privacy watchdog wants to force disclosure of credit card breaches
By Susan Bradley Staff Reporter, The Chronicle Herald, January 30, 2007.
Canada’s privacy commissioner wants financial institutions and corporations to be required by law to notify their customers when a security breach takes place.

Comment, Critique And Debate On Security And Open Source Implementations At LinuxWorld OpenSolutions Summit
Business Newswire, January 30, 2007

• Email This
• Print
• Comments
• Share Link

Posted by Ronald London

Concerns regarding the Real ID Act have manifested themselves in Maine becoming the first state to express formal opposition to the federal legislation. The Real ID Act prohibits all federal agencies, starting May 2008, from accepting for any official purpose state-issued identifications unless they meet new federal standards, and effectively calls for creation of electronically readable, federally approved IDs for all individuals for purposes of air travel, banking, Social Security, and most government services. While state-issued driver licenses can be tailored to satisfy the statute, as a practical matter they would have to be re-issued in almost all cases in order to meet federal standards, which the Real ID Act gives the Department of Homeland Security the power to establish.

• Email This
• Print
• Comments
• Share Link

Posted by Kaustuv M. Das

On Friday, January 19, 2007, The Kansas City Star reported that twenty-six Internal Revenue Service tapes had gone missing from City Hall in Kansas City, Missouri. The IRS had provided the tapes to the municipality of Kansas City as part of “a regular information-sharing agreement between the IRS and the city.” Kansas City uses federal taxpayer information to enforce a local earnings tax paid by people who live or work in the city.

• Email This
• Print
• Comments
• Share Link

Posted by K.C. Halm

In the next several months providers of interconnected Voice over Internet Protocol (VoIP) services and facilities-based broadband Internet access must become compliant with the Communications Assistance for Law Enforcement Act (CALEA).  Enacted in 1994, CALEA imposes obligations on traditional wireline and wireless telephony service providers to design their networks to facilitate law enforcement surveillance of voice communications. However, in 2005 the Federal Communications Commission extended that obligation to providers of VoIP and facilities-based broadband Internet access services.   Under the new regime, the scope of entities covered by CALEA is broader than in the past – specifically, in addition to VoIP services, providers of broadband Internet access services, including cable modem, DSL, satellite, wireless, fixed wireless, and broadband over powerline services, are now also subject to CALEA. Interestingly, the FCC defined “broadband” services are those with ability to support upstream or downstream speeds exceeding 200 kilobits per second (kbps) in the last mile.

• Email This
• Print
• Comments
• Share Link

Posted by Peter Mucklestone

The Financial Crimes Enforcement Network (FinCEN) has revised the forms of Suspicious Activity Report (SAR). Certain financial companies are required to file SARs with the Treasury Department to report suspicious activity relevant to possible violations of law or regulations. The new forms should not be used before June 30, 2007, and the old forms will not be accepted after December 31, 2007.

There are different forms for different reporting companies. Depository Institutions should use FinCEN Form SAR-DI, Securities and Futures Industries should use FinCEN Form 101, Casinos and Card Clubs should use FinCEN Form 102 and Insurance Companies FinCEN should use Form 108.

The revisions are intended to facilitate joint filings and thereby reduce the number of duplicate SARs filed for a single transaction.

The new forms may be viewed at the FinCEN website.

• Email This
• Print
• Comments
• Share Link

Posted by Randy Gainer

The Automated Targeting System (ATS) passenger screening program, formally announced by the Department of Homeland Security (DHS) in November, assigns a risk score to international air travelers bound for the U.S. that is intended to show the degree to which each traveler poses a terrorist risk. The scores can be kept for up to 40 years and DHS may share the information widely among federal, state, and international agencies. Although everyone except terrorists and their supporters wants DHS to stop terrorists from boarding planes bound for the U.S., the ATS has been widely criticized.  EPIC’s website includes a useful summary and links. The attacks on the ATS fall into three categories.  

• Email This
• Print
• Comments
• Share Link

RFID Strategy -- RFID Privacy And Security Issues: A look at the evolving state of tag security.
By Paul Faber
(Industryweek.com, 1/9/07) 

Technology Companies Are Exposed to Security Breach Litigation.
Some Cyber Policies, By Themselves, Can Leave Gaps in Protection
(PRNewswire, 1/8/07)

Airport scanners allow some to skip security lines -- for a price.
By Stephen Majors
(The Associated Press, Published in the Seattle Post Intelligencer, 1/8/07)

• Email This
• Print
• Comments
• Share Link

Move May Signify Little, But May Be Ray of Hope for Marketers

Posted by Ronald London

The Federal Trade Commission issued a pre-holiday announcement that it would extend its forbearance from enforcing provisions of its Telemarketing Sales Rule (“TSR”) that strictly regulate use of automated prerecorded messages to market goods and services to solicit charitable donations. As reported by the recent posting here, the FTC proposed in October to modify the TSR to make clearer that even prerecorded messages permitted under Federal Communications Commission rules that parallel the TSR, are prohibited by the FTC unless the caller has obtained the express agreement, in writing, of the call recipient for placement of the prerecorded call. This represented a 180-degree shift by the FTC, which previously had proposed to reconcile its rule with the FCC’s under a multi-part “safe harbor” that would have allowed prerecorded sales and solicitations.

• Email This
• Print
• Comments
• Share Link