Privacy and Security Law Blog : Privacy & Security Law Blog : Davis Wright Tremaine LLP : Seattle, Los Angeles, Washington D.C., New York, San Francisco, Shanghai, Portland and Anchorage Law Firm

Posted by Hozaifa Cassubhai

The election season may be in full swing, and the buzz about the recent Superbowl at full throttle, but heated debates and bravado are not just limited these days to politicians and athletes.  Recently, search engine vendor Ask.com and its supporters have come out swinging against several privacy groups over a complaint they recently filed that requested the Feds to forcibly pull the plug on a new feature called AskEraser. As Nicholas Graham, a spokesman for Ask.com stated: [The complaint] merits a 15-yard penalty for unsportsmanlike conduct.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Ronald London

The FTC recently announced a consent decree with online retailer Life is good (www.lifeisgood.com) that offers insight into what that agency may believe are the bare minimum steps companies must take when making the kind of generic we-protect-the-information-you-give-us statements found in most privacy policies. The FTC claimed Life is good offered such reassurances but failed to have in place sufficient measures (from the FTC's view) to back them up, based on the ability of a hacker to use SQL injection attacks on Life is good’s website to access consumers' credit card numbers, expiration dates, and security codes. To resolve allegations in a draft complaint the FTC had prepared alleging unfair trade practices, Life is good settled the claims by entering a consent decree requiring it to adopt a comprehensive information-security program and obtain biennial audits by an independent third-party security professional … for the next 20 years.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

By Charlene Brownlee

California extended its data breach notification law to include incidents involving electronic medical and health insurance information. California's data breach law, SB 1386, had previously covered only financial records. The new law, AB 1298 took effect January 8, 2008. The law adds medical and health-related information to the existing breach notification law definition of "personal information" and expands the application of the Confidentiality of Medical Information Act (CMIA) to include any business organized for the purpose of maintaining medical information.

Continue Reading...

• Email This
• Print
• Comments (1)
• Share Link

Posted by K.C. Halm, Ronald London, Razeeb Hossain, and Anne Shelby

In early November the FTC held a series of roundtables and panels to discuss emerging issues in behavioral advertising. The FTC has posted transcripts, videos, the workshop agenda and a list of all participants on its website, found here.

Common discussion themes throughout the two-day workshop included the contradiction between consumers' failure to protect their personal information despite their stated concern with privacy; the perceived need for greater transparency in privacy policies, especially with respect to providing more detailed descriptions of data use; the disagreement between the infor-mation industry and consumer groups as to the efficacy of private sector self-regulation; debate over the best methods to inform consumers of their privacy choices; and concern over the coming use of developing technologies for data collection, use and disclosure.

A detailed discussion of the sessions follows below. 

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Brian Kennan

Ever since the computer was invented, people have wondered when such machines would be able to think. In 1950, mathematician Alan Turing suggested a simple test for computer intelligence: if a computer can fool a human being into thinking it is also human, said Turing, the machine should be considered intelligent.

Turing died in 1954 but must have rolled over in his grave last week when the Turing test's reputation hit a new low: security analysts discovered a "sex chat" computer program so lifelike it was fooling customers into disclosing their personal data.The program is called "CyberLover" and exploits a technique long known to security researchers as "social engineering," a fancy term for manipulating users into disclosing information. What's new with this con is that the one doing the social engineering is a computer program. And a hard working one.  According to Ina Fried, citing a report from PC Tools, CyberLover "can work quickly, too, establishing up to 10 relationships in 30 minutes.... It compiles a report on every person it meets complete with name, contact information, and photos."

Of course, the user must volunteer this information, which raises another intriguing question: Are users that are naive enough to give out personal information to a computer sex-chat program able to pass the Turing test themselves?

• Email This
• Print
• Comments (1)
• Share Link

Posted by Hozaifa Y. Cassubhai

Web users may be better able to travel incognito online by the end of the year. 

AOL unveiled a new program last week that is designed to help webusers shield their online travels from advertisers. This technology would allow users to opt-out of online ads that are targeted to them based on their Web-surfing habits. The program aspires to “engender greater trust for targeted advertising by communicating with consumers in a more visible way, and by providing them more information about their choices,” stated Curt Viebranz, president of AOL’s ad platform.

Continue Reading...

• Email This
• Print
• Comments (1)
• Share Link

Posted by Tom Jeffry

An article about the upcoming AFI Festival in last Friday’s Los Angeles Times focused on a controversy around one of the film festival’s productions by Adam Rifkin titled “LOOK.” 

The description for this movie set forth in the AFI Festival Guide states: “There are approximately 30 million surveillance cameras in the United States capturing covert images of average Americans as much as 200 times a day. They're watching in department stores, gas stations, changing rooms, public bathrooms — seemingly no one and nowhere are free from the dispassionate eye of the hidden camera. LOOK pieces together this rush of information, finding several provocative, interwoven storylines amid the noise of life in a random city.” To drive home the point, a photo that accompanies the description depicts two scantly clad young women in a department store dressing room.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Charlene Brownlee

Significance of the Law

Nevada has enacted the first data security law that mandates encryption for the transmission of customer personal information. ( NRS 597.970) The law goes into effect on October 1, 2008. While there are several laws that direct organizations in certain industries to consider using encryption and laws that make encryption a factor in decisions regarding breach notifications, no law required the encryption of personal information prior to this Nevada law.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Thomas Jeffry

An interesting development from the American Medical Association is worth noting.

The AMA House of Delegates met in Chicago at the end of June where it received a report previously requested by that group’s governing body on the medical and ethical implications of the use of implantable radio frequency identification (RFID) microchips in humans. Use of RFID chips were approved for use in humans by the Food & Drug Administration in 2004. Similar versions of such chips are commonly used to tag pet dogs and cats for identification purposes. 

Continue Reading...

• Email This
• Print
• Comments (1)
• Share Link

Posted by Thomas R. Burke

Just in time for Memorial Day... if the State of Nebraska has its way, the public will never know the names or anything else about nearly 1,000 former mental health patients buried between 49 and 110 years ago at a cemetery located at one of the state's rural facilities.  Using the Nebraska Public Records Act, the Adams County Historical Society in Hastings, Nebraska recently sought access to burial records for information about former patients who were buried in unmarked graves at the Hastings Regional Center -- originally known as the "state ayslum for the incurably insane."  The State is denying access to the records, citing to patient privacy statutes, including HIPAA.  The Nebraska Attorney General's Office late last week concluded that the names of the former patients could be properly kept secret, forever.  "These people are being denied the fact that they lived and died, and it's disgraceful," said Catherine Renschler, executive director of the Adams County Historical Society, commenting to the Associated Press in a recent article. As the nation celebrates Memorial Day 2007, it's unfortunate that the state is asserting patient privacy laws and HIPPA to deprive these individuals of some permanent dignity and to perpetuate social stigmas against those who currently suffer from mental illnesses.  

FULL DISCLOSURE -- DWT is representing the Adams County Historical Society, pro bono, in connection with this matter. 

 

• Email This
• Print
• Comments (1)
• Share Link

Posted by Bruce E. H. Johnson

The Real ID Act has been described by Crosscut columnist Skip Berger as creating "what is in essence America's first national identity card using driver's licenses that could be embedded with computer chips and biometric information, such as fingerprints. It has been proposed that such cards be required of every citizen who wants to drive, access government buildings, apply for federal benefits, or fly on commercial aircraft. Management of the vast databases would fall to each state's department of motor vehicles."

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Ronald London

The Pew Internet & American Life Project has issued a report indicating that even teenagers who are very active on the Internet are careful to limit the personal information they place online out of concern over keeping sensitive data out of the hands of strangers, parents, and other adults. While almost two thirds of teenagers with online profiles acknowledged that someone hunting for information, armed with the right tools and incentive, could identify them based on information in their online profiles, most reported taking steps to make such identification more difficult, such as declining to post a full name, home phone number or cell phone number. The report is among the first in-depth looks at the privacy-related awareness and practices of teenagers that avidly use social networking sites such as MySpace or Facebook.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

By Rory Eastburg

On April 5, 2007, a unanimous state Supreme Court ruled that California’s litigation privilege extends to claims based on the state’s constitutional right to privacy.  While conceding that the statutory privilege would have to yield to the constitutional privacy right if the two conflicted, the court concluded that “the statutory and constitutional provisions are not in conflict; they can and do coexist.”

Continue Reading...

• Email This
• Print
• Comments (1)
• Share Link

Posted by Teena Lee

As more neighborhoods offer WiFi capabilities, and as more mobile devices primarily designed for children offer access to WiFi networks, there appears to be a potential slippery slope that will develop over liability under the Children’s Online Privacy Protection Act (“COPPA”).

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Joe Addiego

The San Francisco Chronicle recently reported that there has been an up tick of Craigslist users around the country who have been robbed in recent months when meeting prospective buyers to complete a transaction initiated online. Apparently, the would be robbers locate their targets online and arrange for the meeting in less than busy areas, thereby maximizing their ability to execute the robberies without being caught.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Ronald London

This week’s output at the Federal Communications Commission included several outgrowths of concerns that started to evolve last year (as reported on DWT's Privacy & Security Law Blog) regarding the apparent availability to third parties of sensitive phone records and other related data online and elsewhere. The records at issue often involve “customer proprietary information” (or “CPNI”) such as data relating to the quantity, type, destination, location and/or amount of use of telecommunications services by subscribers, which becomes available to the subscriber’s carrier solely by virtue of their status as customer. The data also can include potentially identifying information such as phone numbers, addresses, and other data. The Commission began looking into the matter late last year. In early 2006 it issued subpoenas to a number of online data brokers, and it investigated and/or issued notices of apparent liability (“NALs”) proposing fines against several telecommunications providers with respect to their submission to the FCC – or lack thereof – of certifications of compliance with federal CPNI rules and statutes.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Stuart Louie and Peter Mucklestone

This past Friday, the White House Office of Management and Budget issued new data protection security guidelines directed at federal civilian agencies. The guidelines address the protection of personal information of the millions of employees and citizens held by such agencies. The Office of Management and Budget has stated that it will work with the agencies’ inspector generals to implement these new guidelines within 45 days; however, stopped short of categorizing the guidelines as “requirements” and has instead labeled them as “recommendations.”  

Continue Reading...

• Email This
• Print
• Comments
• Share Link

By KM Das

In early February, I was saddened to hear that without any fanfare Western Union had sent its last telegraph. Although I was aware of the NSA’s warrantless electronic surveillance program at the time, I did not make the connection between the two news items at the time. With the revelation this past Thursday that the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) has been giving the Treasury Department all of its data on international wire transfer since soon after September 11, 2001, however, its hard to miss the connection. The Bush administration wants you to go back to sending telegraphs and wiring money through Western Union. It’s certainly no less credible an explanation than the explanation that this program, along with the NSA’s warrantless surveillance and telecommunications companies turning over their call data for data mining purposes, is meant to make us safer.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Bruce Johnson

Here's an update to my prior blog on Steinbuch v. Cutler. The United States District Court judge, Judge Paul Friedman, generally denied Cutler's motion to dismiss on Wednesday, except that he apparently recognized that much of the plaintiff's case was time-barred to the extent that it was filed after the one-year statute of limitations had run on such claims. A summary is available in today's Washington Post.

• Email This
• Print
• Comments
• Share Link

Posted by Kraig Baker

The IRS has changed a rule that permits tax-return preparers to sell information from individual returns to marketers and data brokers. The proposed rules do require that taxpayers "opt-in" before the tax information could be sold. Does anyone really believe that it will be difficult to get taxpayers to "opt in?" Not only to most taxpayers sign whatever their tax preparers put in front of them, but the slippery recent history of certain large commercial tax preparers suggest that it won't be difficult to get such opt-in consent. I expect that there will be a firestorm about these changes and that the IRS will back away from this change in the next month or so. Full story here.

• Email This
• Print
• Comments (2)
• Share Link

Posted by Thomas R. Burke

Still no final word from the court on yesterday's showdown between Google and the Justice Department -- although an order will likely come out this week -- but U.S. District Judge James Ware appears to appreciate the concern that the federal government's subpoena request smacks of surveillance. Delcan McCullagh's account of the contested hearing notes that the judge, based in San Jose, is reluctant to give "everything it wanted because of the 'perception by the public that this is subject to government scrutiny' when they type search terms into Google.com." Discovery battles are notoriously resolved by "splitting the baby" -- both sides are sent home with something, but far less than they wanted. This however, is not your typical discovery battle. It will be interesting to watch if Google will appeal Ware's decision. Ironically, Google's decision to continue this battle in the Ninth Circuit Court of Appeals will largely depend too on whether the company is comfortable with the public's perception of what search information -- from now on -- will be accessible by the federal government.

• Email This
• Print
• Comments (1)
• Share Link

Posted by Peerapong Tantamjarik

On March 8, 2006, the Federal Trade Commission announced that it decided to retain, without changes, the regulations implementing COPPA, a federal law enacted in 1998 to better protect children's personal information on the web. Generally, COPPA applies to operators of websites and online services directed to children under 13 years of age that also collect personal information from children. COPPA requires such operators to adhere to a clear set of standards such as posting a privacy policy and a link to the policy everywhere personal information is collected; provide notice to parents and in most instances, obtain verifiable parental consent before collecting any child's personal information; provide parents access to their child's information and control over deletion of the information; and maintain the confidentiality, security, and integrity of the personal information collected from children.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Brian Wong

Google Vice President Marissa Mayer: "With everything, you trade privacy for a value-add."

This has long been true, and sometimes the only surprise is how little some people ask in return for their private information.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Brian Bennett

The U.S. government's subpoena of Google search records may lead to greater public awareness of how search engines work and the related legal issues. A CBS News article looks at the privacy implications of the government subpoenas, and gives an overview of the risks to users of search engines. A weekend poll on the issue showed that 89% of Google users believe their Web searches are kept private, 56% said they don't want Google to release any Web search information to the government, and 38% said they would stop using Google if it gives information about their searches to the government.

• Email This
• Print
• Comments
• Share Link

Posted by Kraig Baker

Last week, Apple launched a new version of iTunes that included a "MiniStore." The MiniStore was designed to recommend new music to users. What Apple didn't disclose, however, was that in order to make the recommendations, they were monitoring users listening habits and using an ID that was tied to personal information. Moreover, Apple had this services turned on by default. After a large hue and cry, Apple has now agreed to turn off this service by default -- as Cory Doctorow at Boing Boing says, it should have done from the beginning. I think this is interesting for two reasons. First, it shows that consumers are sensitive to use of their personal information even in the case of "trusted" and "cult" brands like Apple or Google. In other words, consumer privacy concerns extend to the method of collection, not just the entity doing the collection. Second, it demonstrates once again that companies are very sensitive to consumer backlash regarding misuse of personal information. Look for more of these types of incidents as consumer demands for more personalization and customization collide with increasing sensitivity to monitoring and use of personal information.

• Email This
• Print
• Comments
• Share Link

Posted by Thomas R. Burke

California Governor Arnold Schwarzenegger's motorcycle crash this past weekend remains in the news. Not unexpectedly, the event has prompted stories and discussion about motorcycle safety, the special certification that is required to drive a motorcycle in California (one that Schwarzenegger admits he didn't have) and even comparisons between Schwarzenegger's sidecar and Boris Badenov and Natasha Fatale of "Rocky and Bullwinkle" fame.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by K.M. Das

On Thursday, January 5, 2006, the Congressional Research Service released a 44-page memorandum casting further doubt on the legality of the National Security Agency's monitoring of international communications of American citizens and residents. CRS, housed within the Library of Congress, is the "public policy research arm of the United States Congress." CRS is intended to give Congress "its own source of nonpartisan, objective analysis and research on all legislative issues."

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Brian Bennett

The New Hampshire Supreme Court recently held that financial information a person discloses in divorce cases is not subject to privacy law protection. The court held that there is a constitutional right of access to court records including financial affidavits filed in domestic relations cases, and that this public right arises from "the need to maintain the integrity and accountability of the judiciary."

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Bruce Johnson

Spokane Mayor James E. West's laptop was the subject of an interesting Public Disclosure Act decision on Thursday.

West, a Republican who is now subject to a recall vote on Dec. 6 for these activities, apparently used his city-owned laptop to access gay.com and other gay-oriented websites, and also conduct internet chats with prospective dates.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Merrill Baumann

What high-tech gadgetry do you need to get complete records of phone calls made and received by another? An internet connection and a credit card will do the trick. Criticism is mounting over the ease in which anyone can obtain phone records of others.

Continue Reading...

• Email This
• Print
• Comments (1)
• Share Link

Posted by Lance Koonce

As it turns out, had Oedipus been blessed with a good laptop and a secure wifi node instead of those cryptic Oracles (this kind, not that kind), he might have avoided the entire murder/incest/blinding thing.

Today's Washington Post reports that a 15-year-old boy whose mother was artificially inseminated by sperm from an anonymous donor managed to track down the donor using readily available online sources.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by DWT

The Privacy and Security Law Blog is today able to release, for the first time anywhere, the final set of previously secret documents produced by the Transportation Security Administration ("TSA") and the FBI in connection with a high profile Freedom of Information Act ("FOIA") lawsuit involving the government "no fly" list. The documents include the names of TSA employees involved in the administration of the list:

TSA Documents, pages 1-12.
TSA Documents, pages 12-24.
FBI Documents, pages 1-6.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Peerapong Tantamjarik

Here in California, it's that time of the year again... it's Special Election time! Where ordinary citizens, like you or me, or those with gobs of extra cash, can gather (or pay for) signatures and make a difference to the state by putting up for approval various propositions. Often times, these propositions can even amend our state Constitution. Proposition 73, currently on the November 8th, special election ballot, proposes to do just such a thing.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by DWT

We have been asked to help get the word out about an online survey being conducted by ThePrivacyPlace.Org. The survey will measure privacy policies and user values, and is supported by a National Science Foundation Information Technology Research grant. In the words of the survey's sponsor, the survey is "intended to evaluate individuals' views and opinions on privacy related issues in the context of the Internet."

Click here or on the image above for the survey.

• Email This
• Print
• Comments
• Share Link

Posted by Brian Bennett

The initial reports on Supreme Court nominee Samuel Alito's views on privacy rights are mixed. In Third Circuit cases involving search warrants, Judge Alito has voted in dissent to uphold intrusive searches of women and children who were not named in search warrants and were not the subjects of any investigation. Judge Alito assured Senator Arlen Specter, on the other hand, that he endorses a constitutional right to privacy as cited by the Supreme Court in Griswold v. Connecticut, 381 U.S. 479 (1965). In Griswold, the Supreme Court invalidated a Connecticut law that outlawed contraception, stating that the Connecticut law violated a constitutional right to privacy. Conservative Justices such as Antonin Scalia, with whom Judge Alito has been compared, have criticized the concept of a constitutional right to privacy.

• Email This
• Print
• Comments
• Share Link

Posted by Kraig Baker

One more thought about the presentations Thursday at the IAPP's Privacy Academy 2005 here in Vegas. It is increasingly clear to me that no one has figured out the ongoing tension between "security" and "privacy". These two concepts often get lumped together, but in addition to being complementary in some ways, they are, in many ways, conflicting. One can see the tension in almost every presentation at the conference.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Kraig Baker

Consumers' distrust of Corporate America is growing. It's probably not surprising following a summer full of well-publicized data breaches, but a CBS News/New York Times Poll shows widespread concern about what has become a common business practice -- collecting personal information about individuals. A large majority of Americans express negative views about companies collecting personal information about individuals, including what they buy, their credit histories, and income information.

Continue Reading...

• Email This
• Print
• Comments (3)
• Share Link

Posted by Lance Koonce

Those who rely on anonymizers to surf and transact business on the web may soon have their identities laid bare, if the National Security Agency has anything to say about it. According to World Net Daily, a new patent filed by the NSA,

describes a process based on latency, or time lag between computers exchanging data, of "numerous" known locations on the Internet to build a "network latency topology map" for all users. Identifying the physical location of an individual user, reports CNET News.com, could then be accomplished by measuring how long it takes to connect to an unknown computer from numerous known machines, and using the latency response to display location on a map.

• Email This
• Print
• Comments (2)
• Share Link

Posted by Ronnie London

In what is believed to be a first in the U.S., Verizon Wireless filed two separate lawsuits against telemarketers Intelligent Alternatives and Resort Marketing Trends, alleging that the companies violated the Telephone Consumer Protection Act ("TCPA") and state law by transmitting automated and/or prerecorded messages to Verizon Wireless customers. The suits, filed in New Jersey (where Verizon is headquartered) and California (where the largest proportion of the calls were received), seek injunctive relief and damages for what the company claims were more than a million calls by Intelligent Alternatives, and more than 200,000 calls by Resort Marketing to Verizon Wireless subscribers.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Bruce Johnson

From London, Tuesday's Guardian reports that the supermarket chain Tesco "is quietly building a profile of you, along with every individual in the country - a map of personality, travel habits, shopping preferences and even how charitable and eco-friendly you are. A subsidiary of the supermarket chain has set up a database, called Crucible, that is collating detailed information on every household in the UK, whether they choose to shop at the retailer or not."

Continue Reading...

• Email This
• Print
• Comments
• Share Link

SiliconValley.com reports that a Miami-Dade County police officer has been relieved of duty and is under investigation for allegedly obtaining unauthorized access to Social Security numbers and other personal data on 4,689 people maintained by ChoicePoint Inc. The company reported that the Secret Service was investigating the matter -- at this point, it does not appear that any identity thefts have occurred.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Judge Roberts' impressive performance answering the questions of Senate Judiciary Committee members has left little doubt that he will be confirmed as the next Chief Justice. As one commentator noted, "The only real question about his prospects, it appears, is how many votes he will get from the Democratic senators."

Much attention has appropriately been given to Judge Roberts' views on the right to privacy at issue in Roe v. Wade and Griswold v. Connecticut. Little attention has been paid to other important issues, however, such as how he will approach his duties regarding the Foreign Intelligence Surveillance Act court and what his philosophy is regarding police and other government agencies' searches of individuals' property.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

The Dutch Ministry of Health has announced that beginning on January 1, 2007, all Dutch citizens will have their personal information maintained and tracked in one database that will include health, education, and family information, as well as police records.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Note to all US patent holders: pay your maintenance fees if you value the privacy of your financial information. A recent investigative report (Patent Office Rules Allow Simple Access to Tax, Financial Data, 108 Tax Notes 1079 (Sept. 5, 2005)) reveals that patent holders who fall behind on fee payments with the U.S. Patent and Trademark Office (PTO), and then request a waiver of their payment obligations, may be asked to submit private information to validate claims of financial hardship. While the PTO claims that it never asks for or requires sensitive information, such as Social Security or account numbers, delinquent patent holders may unwittingly submit such information, which then could find its way to the publicly-available patent files. No legislative fix is imminent, but privacy advocates are investigating the issue further, and IRS Commissioner Don Alexander has urged members of the Bush cabinet to push for remedial action.

Posted by Merrill Baumann

• Email This
• Print
• Comments
• Share Link

The Fair Credit Reporting Act's guarantee of free credit reports took full effect on September 1. The links to the website, previously blocked, are now fully accessible, and reports for residents in States in the Eastern US have finally been made available. Persons may obtain one free report each year from each of the three major credit reporting agencies. For additional information, you may also visit EPIC's Fair Credit Reporting Act Page.

Posted by Merill Baumann

• Email This
• Print
• Comments
• Share Link

In a recent report to a subcommittee of the Committee on Homeland Security and Governmental Affairs on data mining (i.e., the extraction of pertinent information from large volumes of data), the Governmental Accountability Office concluded that none of five agencies the GAO audited "followed all the key procedures" for the protection of personal information. The particular agency projects were chosen for review in part because they involved one of the following goals: (1) analysis of intelligence and detection terrorist activities; (2) detection of criminal activity; (3) identification of fraud, waste or abuse; or (4) efforts to improve service or performance.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

A fascinating article (site pass req'd) about the possible evolution of the surveillance culture in the August edition of Salon, by science fiction writer and scientist David Brin. In it, Brin anticipates flocks of miniature flying cameras providing video feeds from remote locations, wearable augmented reality devices providing real-time information to users about their environment, subvocal speech systems (a precursor to "tech-mediated telepathy"), and ubiquitous geographic location awareness (for people and devices).

Continue Reading...

• Email This
• Print
• Comments
• Share Link

Posted by Kraig Baker

The LA Times reported another Paparazzi incident today. This time Scarlett Johansson hit a car carrying a family while trying to elude paparazzi who followed her home. Last month someone from Britney Spears' house shot a paparazzi with a pellet gun. Two months ago a celebrity photographer rammed Lindsay Lohan's car. With the voracious American appetite for all things celebrity and the intense competition among celebrity magazines, it's inevitable that we will have additional incidents. More to the point from a privacy perspective, look for additional anti-paparazzi legislation in California and other states within the next year.

Continue Reading...

• Email This
• Print
• Comments (5)
• Share Link

This is a legal blog, not one of those you might find at a domain ending in .xxx (oh, wait, those are on hold by White House request), so get your mind out of the gutter (but if you can't, see this recent report). The type of blindness we're talking about here is the kind that occurs when you've become so immersed in the daily routine of blogging that you've forgotten - or perhaps you never fully understood? - the legal concerns that blogging can raise. Over the next few months, on a quasi-regular basis, we'll be looking at some of the legal issues related to blogging that fall loosely under the umbrella of privacy and security law.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

The US Government Accountability Office ("GAO") recently issued a report stating that the Department of Homeland Security Transportation Security Administration ("TSA") did not act in accordance with the Privacy Act while testing its Secure Flight Program, which is designed to compare airline passengers against a terrorist watch list.

Continue Reading...

• Email This
• Print
• Comments
• Share Link

The Sunday New York Times "Week in Review" has an interesting article (subscription req'd), comparing the very different legal frameworks for privacy protection in the US and the EU (and much of the rest of the world ).

The article suggests that, in the US, 2005 is the "year of the consumer privacy breach" -- as the "personal information" for 50 million consumers "has been lost, stolen and even sold to thieves."

Continue Reading...

• Email This
• Print
• Comments
• Share Link

In the first case of its kind in the UK, a man has been prosecuted for hijacking a wireless broadband connection and has been fined 500 pounds and sentenced to twelve months's conditional discharge. While there have been several convictions for theft of credit card information over wireless networks, this case involved the theft of wifi signals for something as pedestrian as browsing the Internet. Considering the fact that in the United States there are millions of wifi users and that it is relatively easy to use a neighbor's signal even for users who have virtually no technical expertise, it may only be a matter of time before a litany of cases like this appear in U.S. courts.

Posted by Steve Chung

• Email This
• Print
• Comments
• Share Link

A report issued August 2, 2005, by Gartner, Inc. describes how thieves have stolen more than $2.75 billion by using phishing scams to obtain debit card account numbers and PINs from unsuspecting consumers. The thieves use the account numbers to create fake cards, then use the cards and PINs to drain consumers' accounts, leaving consumers to deal with the bounced checks and the banks to reimburse the victims, as described in more detail here. The debit cards of some banks, such as Bank of America, are not targets because the banks take advantage of a second track on the magnetic strips on their cards to embed additional security codes that consumers -- and therefore data phishing thieves -- don't know about. Banks whose debit cards have been hard hit by these attacks have begun using the second track on the magnetic strips on their cards and have beefed up their security codes in order to prevent the attacks.

Posted by Randy Gainer

• Email This
• Print
• Comments
• Share Link