I’m quoted in a Washington Post article, “License Plate Readers To Be Used In D.C. Area.” Officials in the D.C. metro area “plan to install about 200 automated license plate readers on police vehicles and alongside roads in the Washington area to thwart potential terrorist attacks, dramatically expanding the use of a high-tech tool previously aimed at parking scofflaws and car thieves. [...] The readers will scan the license plate of every vehicle that zooms by and run the numbers through federal criminal databases and terrorist watch lists, Reardon said. Maryland, Virginia and the District could plug in additional databases.”

The expansion of this technology raises a number of questions. What happens to all this data? “[A Virginia police officer] said that at least in the short term, officials don’t plan to store data on the scanned license plates, except for those associated with terrorism or other crime.” But that is “in the short term.” What prevents the officials from changing their minds and keeping track of every vehicle that passes by these readers — even if the drivers have done nothing wrong?

Also, will this really work to find terrorists? The license plate readers run the names against the terrorist watch lists, which continue to be proved full of problems. Will that lead to numerous individuals being detained because of mistaken matches? Senators, nuns, and federal air marshals have been caught in the watch list mess. The public needs to know much more about this program in order to learn if it is worth the costs paid — in terms of civil liberties and diverting funds from other, more proven, security programs.

"The central theme of this year’s Summer Privacy Symposium is ‘Privacy in Transition’; After four decades of privacy balances, organizational policies, and legal/regulatory systems geared to successive waves of computer and telecommunication applications by businesses and government and then the Net 1.0 environment, many observers believe we have entered a dramatic new information environment.

This arises from a combination of developments, such as Net 2.0 technology, personal mobile communication devices, the social networking and online self-revelation revolution, an increasingly voyeuristic media and blogger world, continuous data breaches and a global identity theft enterprise, the shrinkage of public-places anonymity, adoption of online behavioral marketing, and concerns over various homeland security surveillance measures.

How these developments are unfolding, whether they can be handled effectively by adaptations of the 1970 - 2004 privacy systems, or whether democratic nations will need to develop a new privacy framework will be the Symposium’s key issues."

Date: August 18 - 21, 2008
Location: Harvard University, Cambridge, MA
For more information: http://www.privacysummersymposium.com/

A variety of sources are reporting on a case in Australia where: 

Victoria Police force will re-examine 7000 crimes solved through DNA after it was forced to drop murder charges based on contaminated evidence.

Charges were yesterday withdrawn against Russell John Gesah who was last month accused of the 1984 murders of Ferntree Gully woman Margaret Tapp, 35, and her nine-year-old daughter Seana.

Every crime solved by DNA in Victoria in the 20 years since the technology was introduced would be reviewed, Deputy Commissioner Simon Overland said.

This story follows a revelation by the UK Daily Telegraph that “[m]illions of profiles on the national DNA database have been handed over secretly to private companies without the consent of those involved”; recent coverage by the Los Angeles Times on questions surrounding the reliability of DNA evidence; and last year’s news concerning the mishandling of DNA evidence in the Massachusetts State Police crime laboratory. These cases make clear that there needs to be more transparency and oversight of the collection, testing and retention of DNA data. 

The Federal Trade Commission and the California Office of Privacy Protection will co-host a half-day public workshop in Los Angeles on Wednesday, August 13, 2008, on how businesses can secure personal information and protect the privacy of consumers and employees.

The workshop, "Protecting Personal Information: Best Practices for Business," is presented in partnership with the International Association of Privacy Professionals and the Los Angeles Area Chamber of Commerce. It features business people, attorneys, government officials, privacy officers, and other experts who will provide practical guidance for businesses of all sizes on data security, privacy, best practices for developing an appropriate data security program, and responding to data breaches and other privacy and security problems.

The FTC and COPP will provide a brief overview of the business and legal reasons to address data security.

– The first panel will discuss steps and strategies for developing a data security plan. Speakers include Barbara Lawler, Chief Privacy Officer, Intuit; Eric Nelson, Principal, Secure Privacy Solutions; Jill Phillips, Chief Privacy Officer, Chevron; Shai Samet, President and Founder, Samet Privacy LLC; Andrew Serwin, Partner, Foley & Lardner. Read more »

USA Today has a revealing story on thieves who target gas pumps to surreptitiously gather or "skim" data from credit and debit cards.

The skimmed data are used to create cards used at the victims’ expense, says James Van Dyke, president and founder of Javelin Strategy and Research, a financial consulting firm that focuses on fraud and identity theft. [...]

The skimming devices can be installed outside or inside the pump. Thieves glue a plastic sleeve, equipped with covered wires that capture data, over the pump’s card reader or connect the device directly to the reader inside.

The devices are molded and painted to match the machine and are small, making them hard to detect, Van Dyke says. Read more »

AmericaBlog has published a post I wrote about the security problems of a company running one of the federal government’s “trusted traveler” programs. The company lost a laptop with sensitive data on 33,000 program applicants.

ACLU Guest Post: “Trusted Traveler” Program Suspended After 33,000 Customers’ Records Went Missing