Ars Technica reports:

It turns out that the Federal Communications Commission actually meant it when the agency warned that phone companies must regularly inform the Commission how they keep the calling records of consumers secure. On Tuesday the FCC proposed fining over 600 of them $20,000 apiece for not filing an annual report on their efforts to protect Customer Proprietary Network Information. CPNI includes the numbers subscribers call, when they call them,and the particular services they use, such as voice mail or call forwarding. [...]

The refresher summary on this omnibus spanking goes as follows: In 2006 everybody had a conniption fit over the suddenly noticed widespread presence of “data brokers,” con artists who engage in “pretexting”—fooling phone companies into disclosing CPNI, then selling the intel over various Web sites. This practice most famously came to light that year when it surfaced that Hewlett-Packard authorized an investigation of some of its directors’ phone records, and got them via pretexting. Read more »

UPDATE: USA Today reports, “Homeland Security Secretary Janet Napolitano endorsed the use of body scanners Wednesday to screen airline passengers despite concerns that the machines create vivid images of people under their clothing.” I’ve written about the privacy risks connected with these scanners before.

In testimony to the House Committee on Homeland Security on Wednesday, Secretary Janet Napolitano explained “how DHS will work in the future to keep Americans safe.” Her comments on privacy include noting that the Committee’s platform items for DHS included “securing the homeland and preserving privacy, civil rights, and civil liberties.” She also said:

Of course, amid the implementation of new technology, we will continue to be diligent in honoring the rights of Americans and addressing concerns raised about privacy. To this end, last week I appointed an experienced new Chief Privacy Officer for the Department, who will bolster a Privacy Office already recognized as a leader in the federal government. Homeland security and privacy need not be exclusive, and the Department will look to include privacy in everything we do.

More importantly, Napolitano also discussed several programs affecting individual privacy: employment verification (“E-Verify), Western Hemisphere Travel Initiative, and state and local intelligence sharing (through “fusion centers”).

There has been much debate about DHS’s employment eligibility verification program E-Verify. especially the databases it uses. (President Bush issued an executive order last year that greatly expanded the number of employers required to use the system.) Napolitano said Wednesday, “I issued a directive to measure employer compliance and participation with the Department’s E-Verify program and ways that DHS has worked both to reduce false negatives in order to protect the rights of Americans and to strengthen the system against identity fraud.” The false negatives problem is substantial. Several federal (pdf) government evaluations (pdf) note problems with database checks that lead to initial rejections for individuals who are legally eligible to work in the US, causing significant problems for eligible workers who have done nothing wrong. Read more »

“A proposed Yukon law that would make blood testing and disclosure mandatory in certain situations would violate the privacy of Yukoners, says the territory’s privacy commissioner. Tracy-Anne McPhee said Thursday the territorial government should not go ahead with its proposed mandatory testing and disclosure act until serious flaws in the draft legislation are fixed,” reports CBC News.

The Yukon Privacy Commissioner spoke about the Draft Mandatory Testing and Disclosure Act (pdf), which reads:

2(1) An individual may apply to the court for a testing order if the individual,
(a) has come into contact with a bodily substance of another individual
(i) as a result of being a victim of crime,
(ii) while providing emergency health care services or emergency first aid to that individual, or
(iii) while performing any other prescribed function in relation to that individual; and
(b) as a result of that contact might be infected with a microorganism or pathogen that causes a prescribed communicable disease.

Also, a doctor could be given to access a person’s medical file to see whether that person has any blood-borne diseases under the draft legislation.

According to a new study from the Ponemon Institute and Symantec, “59 percent of ex-employees admit to stealing confidential company information, such as customer contact lists.” In January, researchers surveyed nearly 1,000 adults who left an employer in the last 12 months. Records taken by ex-employees include: e-mail lists, employee records, customer data (including contact lists), and non-financial data.

Improved data security and privacy policies would help prevent such theft. I have written before about how insider abuse or misuse of data is a significant privacy and security problem.

Additional findings from the survey:

53 percent of respondents downloaded information onto a CD or DVD, 42 percent onto a USB drive and 38 percent sent attachments to a personal e-mail account.

79 percent of respondents took data without an employer’s permission.

82 percent of respondents said their employers did not perform an audit or review of paper or electronic documents before the respondent left his/her job.

24 percent of respondents had access to their employer’s computer system or network after their departure from the company.

The Telegraph UK reports that the British government is considering the use of Unmanned Aerial Vehicles (UAVs), commonly used in military operations, in surveillance operations in the UK. “The miniature aircraft could be fitted with cameras and heat-seeking equipment, allowing police to carry out aerial reconnaissance from a control room,” the Telegraph reports.

The UK Home Office (equivalent to the US departments of Justice and Homeland Security) suggested the use of UAVs for domestic law enforcement purposes in its “Science and Innovation Strategy” report (pdf) for 2009-2012.

Unmanned Aerial Vehicles are likely to become an increasingly useful tool for the police in the future, potentially reducing the number of dangerous situations the police may have to enter and also providing evidence for prosecutions. However, we will need to investigate how such vehicles could be used, and their ability to provide high quality evidence for convictions and to support police operations in ‘real time’.

The US uses UAVs along the Mexican border, and recently began testing their use along the Canadian border. With new technology, the question should be: Is this new device more effective and cost-effective than other devices or programs? Currently, the UAVs have numerous problems with weather, flora and fauna, but the technology will only get better. Last year, Slate reported on how the US was connecting UAVs with and STTW, “sense-through-the-wall” technology (pdf) creating UAVs that could see through walls. The conclusion from Slate was chilling: Read more »

From the press release.

The Federal Trade Commission, in conjunction with two international organizations, will host a two-day international conference: “Securing Personal Data in the Global Economy.” The conference addresses how companies can manage personal data-security issues in a global information environment where data can be stored and accessed from multiple jurisdictions.

Working with the Asia-Pacific Economic Cooperation (APEC) forum and the Organisation for Economic Co-operation and Development (OECD), the FTC will bring together regulators, policymakers, consumer advocates, industry representatives, technology experts, and academics from around the globe. The conference will address best practices and legal requirements for business in data security, data breach responses, and conflicts-of-law issues. One goal of the conference is to help stakeholders understand how and where data flows, so they can identify ways to keep it secure as it moves around the world. Participants also will consider the current legal environment, its effects on individuals and businesses, and next steps. Read more »