October 22nd, 2014
Fortune reports on an increase in cases of medical identity theft in the United States, which has implications for patients’ health privacy:
In the last five years, the number of data breaches in the medical sector has quadrupled. Last year, for the first time, the medical sector experienced more breaches than any other. It’s again on track to lead in 2014, according to the ID Theft Center. While the health care industry has long suffered fraud by providers or employees fraudulently billing insurers, Medicare, or Medicaid, the medical industry is only just now trying to catch up to the quickly growing threat from hackers.
With the increasing digitization of health information (in the form of electronic health records) and the formation of health exchanges (due to the Affordable Care Act), the trend in medical identity theft is unlikely to abate any time soon. Personal medical information is useful to many different types of criminals, which is why it fetches a higher price on the black market than financial information. Read more »
October 21st, 2014
Wired reports on a troubling database of private phone records created by Virginia police, the Hampton Roads Telephone Analysis Sharing Network:
The database, which affects unknown numbers of people, contains phone records that at least five police agencies in southeast Virginia have been collecting since 2012 and sharing with one another with little oversight. Some of the data appears to have been obtained by police from telecoms using only a subpoena, rather than a court order or probable-cause warrant. Other information in the database comes from mobile phones seized from suspects during an arrest.
The five cities participating in the program, known as the Hampton Roads Telephone Analysis Sharing Network, are Hampton, Newport News, Norfolk, Chesapeake and Suffolk, according to the memorandum of understanding that established the database. The effort is being led in part by the Peninsula Narcotics Enforcement Task Force, which is responsible for a “telephone analysis room” in the city of Hampton, where the database is maintained. [...] Read more »
October 20th, 2014
To recap: There has been considerable controversy about the privacy and civil liberties implications of the bulk telephone data collection program revealed by former National Security Agency contractor Edward Snowden. (He revealed several surveillance programs by the agency.) The Review Group on Intelligence and Communications Technologies (created by President Obama in August after the Snowden revelations) issued a report (archive pdf) recommending against the telephone call record database. Recently, the Privacy and Civil Liberties Oversight Board (PCLOB), an independent oversight agency within the executive branch, released a report (archive pdf) on the NSA’s surveillance program that collects telephone records in bulk saying the NSA surveillance program is illegal and should be ended. Federal judges have issued conflicting rulings on the surveillance program. In January, Obama announced reforms and proposed changes to the NSA surveillance programs, including the call record database surveillance program. Obama also issued a “Presidential Policy Directive, PPD-28,” (pdf) concerning signals intelligence activities.
Now, the Office of the Director of National Intelligence has issued an interim progress report (DNI pdf; archive pdf) on implementing PPD-28. In an announcement, Robert Litt, general counsel for the Office of the Director of National Intelligence, and Alexander W. Joel, civil liberties protection officer for the Office of the Director of National Intelligence, said the report “articulates key principles for agencies to incorporate in their policies and procedures, including some which afford protections that go beyond those explicitly outlined in PPD-28. These principles include the following: Ensuring that privacy and civil liberties are integral considerations in signals intelligence activities.”
October 20th, 2014
IT News in Australia reports that New South Wales Attorney-General Brad Hazzard is considering new privacy rules for the storing of data offshore:
The office of NSW Attorney-General Brad Hazzard has confirmed the government’s intentions to update the state’s privacy legislation to make it clear where agencies and healthcare providers stand when it comes to storing data offshore, particularly as part of cloud computing arrangements.
The NSW Privacy Commissioner, Elizabeth Coombs, finalised her draft code of practice for offshore data hosting and handed it to the Attorney-General in May this year, after a number of aborted attempts by her predecessors. [...] Read more »
October 16th, 2014
The Associated Press reports that when some banks’ customers call in to customer service, their voiceprints are being gathered so the banks can identify them. This practice of gathering biometric information, sometimes without giving notice to or obtaining consent from customers, raises substantial privacy questions:
An Associated Press investigation has found that two of America’s biggest retail banks — JPMorgan Chase & Co., and Wells Fargo & Co. — are quietly recording the biometric details of some callers’ voices to weed out fraud. The technology, sometimes called voiceprinting, is aimed at bad guys rather than legitimate customers, but legal and privacy experts alike still have reservations about the practice. [...]
As it stands, seven major American financial institutions are already using blacklists or have run pilots, said Shirley Inscoe, an analyst with the Aite Group, a research and advisory firm. Read more »
October 15th, 2014
Last year, the Federal Trade Commission negotiated a settlement with Aaron’s Rent-To-Own concerning surveillance software that was installed on computers that consumers rented from them. The software, PC Rental Agent from DesignerWare, allowed access to personal e-mails, financial and medical data and webcam photos of partially undressed individuals, the FTC said.
Now, Aaron’s Rent-To-Own has negotiated a settlement with California over charges that it violated the state’s privacy and consumer protection laws. The privacy portion of the settlement is related to the surveillance software. California Attorney General Kamala D. Harris announced in a statement:
In addition, the complaint alleges that Aaron’s violated California state privacy laws by permitting its franchised stores to install spyware on laptop computers rented to its customers. A feature in the spyware program called ‘Detective Mode’, which was installed without consumers’ consent or knowledge, allowed the Aaron’s franchisees to remotely monitor keystrokes, capture screenshots, track the physical location of consumers and even activate the rented computer’s webcam. The installation of this software without customer consent violated California law. Read more »