Showing once again that security systems face threats from unscrupulous insiders, the Washington Post reports:

The State Department has notified approximately 400 passport applicants in the D.C. area of a breach in its database security that allowed a ring of thieves to obtain confidential information so they could fraudulently use credit cards stolen from the mail, officials said. [...]

In another statement, the department said that a single State employee was allegedly involved in the fraud and that so far 400 individuals had been identified “whose records may have been accessed by the suspect for illicit purposes.” But, the statement added, “to the best of our knowledge, most of these individuals have not experienced identify theft.” Read more »

BBC News reports:

Hand-held fingerprint scanners enabling on-the-spot identity checks are to be made available to all UK police forces.

The devices, about the size of a mobile phone, will be rolled out from 2010 under a scheme managed by the National Policing Improvement Agency. [...] 

The devices compare prints against the records of the 7.5m people on the police national biometric database.

The images are sent encrypted to the national computer using the same technology used to handle data in mobile phones.

Of course, there are valid questions about the effectiveness of the handheld scanner techonolgy. However, technology will only get better so we should not criticize such programs solely on the basis of technological failure. Read more »

Found via PogoWasRight.org

The Sacramento Bee reports that a California police chief “is asking for a local ordinance that requires motel and hotel operators to hand over their guest registries to his officers. If innkeepers fail to do so, at any hour of the day, they could be fined or jailed.”

Innkeepers are critical of the plan.

Providing the home address, credit card number, vehicle license number and other private information of law-abiding patrons is an invasion of privacy, said [Michael Belote, who represents about 1,000 California motel and hotel operators, including some in Roseville].

“We want to be careful with the personal information of our guests,” Belote said.

Some California cities already have such laws in place, and “some ordinances in other cities allow nearly any city employee to access the registries, according to the lodging association.”

Saul Hansell has an interesting post over at the New York Times’ Bits Blog.

Before heading to the beach this summer, I decided to buy a plastic watch, so I ordered one from Swatch.com. What I didn’t know was that Swatch sent information about my purchase to a company called Acerno, which runs an advertising network that reaches 80 of the top 100 Web sites. Since then, some of the ads I have seen on those sites could well have been placed by a company that specifically wanted to reach watch buyers. (There’s no way to tell if that did happen.)

Acerno, which has operated for three years with almost no publicity, says it now has files on 140 million people in the United States, nearly all the online shoppers. These are gathered from 375 online stores, including Spiegel, eHarmony, Video Professor, Michelin and American Girl, where it tracks not only what Internet users buy but also what products they read about. It uses this information to place ads on more than 400 sites on behalf of marketers. Read more »

The Berkeley Center for Law and Technology has selected several papers for publication in its Law and Technology Scholarship collection. Among them are two articles of interest: “Data Mining and Internet Profiling: Emerging Regulatory and Technological Approaches” by Paul M. Schwartz, Ronald D. Lee, and Ira Rubinstein and “Privacy Decisionmaking in Administrative Agencies” by Deirdre Mulligan and Kenneth A. Bamberger.

From the abstract of the data-mining article: 

[...] Accordingly, to identify and preempt terrorist activity, intelligence agencies have begun collecting, retaining, and analyzing voluminous and largely banal transactional information about the daily activities of hundreds of millions of people.

Private organizations have their own reasons for gathering wide-spread information about individuals. With the expansion of internet-based services, companies can track and document a broad range of people’s online activities and can develop comprehensive profiles of these people. Advertisers and marketing firms likewise have strong incentives to identify and reach internet users whose profiles have certain demographic, purchasing behavior, or other characteristics. The construction, storage, and mining of these digital dossiers by inter-net companies pose privacy risks. Additional privacy issues arise when the government obtains this information, which it currently can with-out much legal process.

This essay begins by examining governmental data mining; its particular focus is on pattern-based searches of databases according to a model of linkages and data patterns that are thought to indicate suspicious behavior. In Part I, this essay reviews widely held views about the necessary safeguards for the use of data mining. In Part II, this essay considers “dataveillance” by private corporations and how they have compiled rich collections of information gathered online in the absence of a robust legal framework that might help preserve online privacy. Read more »

In a survey and supplement delivered in September to members of Congress but only recently released to the public, the Government Accountability Office (the investigative arm of the legislative branch), finds that “Many [county governments] make public records that may contain Social Security numbers (SSNs) available in bulk to businesses and individuals in response to state open records laws, and also because private companies often request access to these records to support their business operations.” The GAO surveyed 247 counties in 45 states.

The GAO ”estimate[s] that 85 percent of the largest counties make records with full or partial SSNs available in bulk or online, while smaller counties are less likely to do so (41 percent).” Especially problematic is the lack of restrictions by local governments. “Of counties that make records available in bulk or online, only about 16 percent place any restrictions on the types of entities that can obtain these records.” Not surprisingly, the lack of restrictions means, “Information from these records may also be used by companies to build and maintain databases or resold to other businesses.”

Local, state and federal governments are attempting to safeguard SSNs through various means, “but these actions are a recent phenomenon,” the GAO said. For example, “25 states have enacted some form of statutory restriction on displaying SSNs in public records. Some states have also enacted laws allowing individuals to request that their SSNs be removed from certain records such as military discharge papers.” Read more »