California Bill Would Create Cyber Security Commission

By Christin McMeley and Jane Whang

In recognition of the increasing threat that cyber-attacks pose to the state's infrastructure and the considerable costs that government and private sectors are estimated to spend on cyber security (more than $70 billion estimated to be spent in 2014 nationally), Assembly Speaker John Perez has introduced a bill to establish a "Cyber Security Commission."

The bill (AB 2200), if passed, would authorize the proposed commission to develop public-private partnerships to share cyber security and cyber threat information and to improve cyber security and cyber response strategies. The commission is required to meet monthly and submit quarterly reports to the Governor's Office and Legislature on the status and progress of cyber security efforts.

Continue Reading...

Montana and Washington have passed laws refusing to comply with the federal government's Real ID Act

Posted by Bruce E. H. Johnson

The Real ID Act has been described by Crosscut columnist Skip Berger as creating "what is in essence America's first national identity card using driver's licenses that could be embedded with computer chips and biometric information, such as fingerprints. It has been proposed that such cards be required of every citizen who wants to drive, access government buildings, apply for federal benefits, or fly on commercial aircraft. Management of the vast databases would fall to each state's department of motor vehicles."

Continue Reading...

Homeland Security's Latest Passenger Screening Program Criticized

Posted by Randy Gainer

The Automated Targeting System (ATS) passenger screening program, formally announced by the Department of Homeland Security (DHS) in November, assigns a risk score to international air travelers bound for the U.S. that is intended to show the degree to which each traveler poses a terrorist risk. The scores can be kept for up to 40 years and DHS may share the information widely among federal, state, and international agencies. Although everyone except terrorists and their supporters wants DHS to stop terrorists from boarding planes bound for the U.S., the ATS has been widely criticized.  EPIC’s website includes a useful summary and links. The attacks on the ATS fall into three categories.  

Continue Reading...

What's Your ATS Score?

The Electronic Frontier Foundation Files Suit to Find That Out, and More

Posted by Joe Addiego

On December 19, 2006, the Electronic Frontier Foundation filed a Freedom of Information Act complaint against the Department of Homeland Security concerning the Automated Targeting System, public notice of which was recently given by DHS in the Federal Register. ATS is a computerized system that collects personal data and uses it to assign “risk assessments” to all travelers who cross U.S. borders.

EFF has several concerns about ATS and its uses and potential abuses by DHS. For example, EFF alleges in its complaint that individuals are not allowed to access or review the information in ATS pertaining to them, yet that information is “made readily available to an untold numbers of federal, state, local and foreign agencies, as well as a wide variety of ‘third parties.’” EFF also complains that the information will be stored by the government for 40 years, and that DHS “has failed to describe the consequences that might result from a ‘risk assessment’ score (possibly derived from inaccurate or incomplete information) indicating that an individual poses a ‘threat or potential threat to national or international security.’” 

Continue Reading...

Red Hook: Not Just a Micro-Brewery in the Pacific Northwest Any Longer

Posted by Kaustuv M. Das

On Tuesday, Oct. 3, 2006, the Electronic Freedom Foundation’s FLAG project filed a Freedom of Information Act (FOIA) action Freedom of Information Act (FOIA) action, in the United States District Court for the District of Columbia, seeking release of information from the FBI on its DCS-3000 and Red Hook tools. DCS-3000 and Red Hook appear to be successors to the FBI’s less politically correctly named Carnivore program, which the agency began in 2000.

According to the DOJ’s Office of Inspector General’s (OIG) report entitled “The Implementation of the Communications Assistance of Law Enforcement Act” (the CALEA report), the FBI has spent nearly $10 million to develop DCS-3000. “The FBI developed the system as an interim solution to intercept personal communications services delivered via emerging digital technologies used by wireless carriers in advance of any CALEA solutions being deployed. Law enforcement continues to utilize this technology as carriers continue to introduce new features and services.” (CALEA report, Appendix VIII.) The CALEA report also discloses that “[t]he FBI has spent over $1.5 million to develop [the Red Hook] system to collect voice and data calls and then process and display the intercepted information in the absence of a CALEA solution.” Id.

Continue Reading...

Privacy and Homeland Security Stories

Posted by DWT

We recently heard from Rich Gordon, a professor at the Medill School of Journalism and Director of that school’s Digital Technology in Education program, about a package of stories (text, video and interactive) his students have put together about privacy and homeland security.

The stories are available here, and are well worth a read. In particular, Professor Gordon drew our attention an interactive piece on data mining programs operated by federal agencies.

Who Paid for the Airline Ticket?

Posted by Brian Bennett

A few weeks after discovering a terrorist plot, European and American authorities are looking for additional ways to expand the screening of international airline passengers. A new proposal by the Homeland Security Secretary would expand government access to passenger information from basic data commonly found in a passport, like name, nationality and date of birth, to other personal information such as e-mail addresses, telephone numbers, credit card information and related hotel or car reservations. U.S. authorities are already allowed to get most of this information from the reservation company databases to help look for people on watch lists, but the new proposal would allow the government to search not only for known terrorists on watch lists, but also for people who may be linked to terrorists.

CDC Proposes Significant Changes to Its Ability to Track and Quarantine Passengers

Posted by K.M. Das

The Center for Disease Control ("CDC") is expected to post the first round of comments in response to its Notice of Proposed Rule Making ("NPRM") relating to the Control of Communicable Diseases on Tuesday, December 6, 2005. "The intent of the proposed updates to 42 CFR Parts 70 and 71 is to clarify and strengthen existing procedures to enable CDC to respond more effectively to current and potential communicable disease threats." (see here).

Continue Reading...

"No Fly" List Revelations

Posted by DWT

The Privacy and Security Law Blog is today able to release, for the first time anywhere, the final set of previously secret documents produced by the Transportation Security Administration ("TSA") and the FBI in connection with a high profile Freedom of Information Act ("FOIA") lawsuit involving the government "no fly" list. The documents include the names of TSA employees involved in the administration of the list:

TSA Documents, pages 1-12.
TSA Documents, pages 12-24.
FBI Documents, pages 1-6.

Continue Reading...