In 2007, "public authorities as a whole, made 519,260 requests for communications data to Communication Service Providers (CSP)," according to the annual report (pdf) from the Interception of Communications Commissioner Sir Paul Kennedy. Such "communcations data" include telephone and Internet use records of private individuals. The previous two years averaged less than 350,000 communications data requests.

The Commissioner noted that local officials made "a total of 1,707 requests [...] for communications data and the vast majority were for basic subscriber information." However, he said, "Quite a number of local authorities have struggled" to comply with the Commissioner’s Code of Practice for the investigation
of protected electronic information. Read more »

The Information Tribunal has ruled that five police forces in the United Kingdom must delete the criminal records of five individuals from the Police National Computer, which contains records of millions of people convicted, cautioned or reprimanded for a crime. The Tribunal’s ruling upholds a decision (pdf) by the UK Information Commissioner that found the retention of the convictions data violated the Data Protection Act. According to the Times UK:

The forces had appealed against a ruling by the Information Commissioner that they remove information about minor crimes because storing it breached data protection laws. Mick Gorrill, assistant commissioner at the Information Commissioner’s Office, said: “We welcome the ruling, which upholds our view that there is no justification for this old conviction data to be held by the police. Read more »

Walter Pincus at the Washington Post writes on the federal government’s Fiscal Year 2009 intelligence budget.

President Bush’s single largest request for funds and "most important initiative" in the fiscal 2009 intelligence budget is for the Comprehensive National Cybersecurity Initiative, a little publicized but massive program whose details "remain vague and thus open to question," according to the House Permanent Select Committee on Intelligence.

A highly classified, multiyear, multibillion-dollar project, CNCI — or "Cyber Initiative" — is designed to develop a plan to secure government computer systems against foreign and domestic intruders and prepare for future threats. Any initial plan can later be expanded to cover sensitive civilian systems to protect financial, commercial and other vital infrastructure data.

The House Intelligence Committee released its annual report (pdf) on the Intelligence Authorization Act and spent much of the report focused on the CNCI. The program was announced about the same time as the issuance of the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 in January 2008. That directive is classified and its contents unknown. However, the directive has been reported on, and presumably the House Intelligence Committee has the authority to know its contents. Read more »

House Judiciary Committee Chairman John Conyers, Jr. announced that, on July 25, the House Committee on the Judiciary will hold a hearing on the Imperial Presidency of George W. Bush and possible legal responses.

“Over the last seven plus years, there have been numerous credible allegations of serious misconduct by officials in the Bush Administration,” said Conyers. “At the same time, the administration has adopted what many would describe as a radical view of its own powers and authorities. As Chairman of the Judiciary Committee, I believe it is imperative that we pursue a comprehensive review commensurate to this constitutionally dangerous combination of circumstances. Next Friday’s hearings will be an important part of that ongoing effort.”

The Committee is expected to examine a range of legal and legislative responses to allegations of administration misconduct and their expansion of executive branch power. Read more »

Over at Wired’s Threat Level blog, Ryan Singel tackles the new Transportation Security Administration ID requirement. In June, TSA announced that "passengers that willfully refuse to provide identification at security checkpoint will be denied access to the secure area of airports." However, "[c]ooperative passengers without ID may be subjected to additional screening protocols, including enhanced physical screening, enhanced carry-on and/or checked baggage screening, interviews with behavior detection or law enforcement officers and other measures," before they are allowed to board their flights.

Singel reports:

Now, those who left their license at home or had it stolen have to answer a series of questions relayed to the screener by employees in TSA’s operations center in Virginia, where employees have access to databases of public records, including those compiled by data giant Lexis Nexis.

The idea is for screeners to know that the person holding a boarding pass in the name of Buster Brown, actually is that person. For travellers without ID, they better hope that the notoriously inaccurate private dossiers about them are correct. Read more »

Found via Cryptome.

In two Federal Register notices published on July 15, the Department of Homeland Security’s Privacy Office announced 26 Privacy Impact Assessments for various Homeland Security Programs. Oddly, the Privacy Office announces, "The Privacy Impact Assessments will be available on the DHS Web site until September 15, 2008, after which they may be obtained by contacting the DHS Privacy Office (contact information below)." I have never seen this sort of announcement before. Currently, the agency’s site has PIAs from 2003 (when the Department of Homeland Security was created) through the current month.

The 26 PIAs are for:

1. Whole Body Imaging (Transportation Security Administration)
2. Federal Flight Deck Officer Program (TSA)
3. REAL-ID Final Rule (DHS-wide)
4. Personnel Security Activities Management System/Integrated Security Management System Update (DHS-wide)
5. USCIS Person Centric Query Service Supporting the Verification Information System (Citizenship and Immigration Services) Read more »