The New York Times’ gadget blog has some tips on how to protect your privacy online and securely manage your many passwords.

1. Low-tech: Write it down. It’s actually not all that bad a strategy at home, if there aren’t too many people poking around there and you tuck it away somewhere nondescript. But this is a bad M.O. at the office, where any number of people could see your helpful list. Some people keep their passwords on a card in their wallet, which might work well, at least, until the day your wallet is lost or stolen.

2. Medium-tech: If memory fails, use site features for resetting your password. You can do this endlessly and it’s free, and it has the side benefit of causing you to change your passwords often, which is highly recommended by security folk.

3. High-tech: Use one of the many digital tools available for storing and using encrypted login information. This will allow you to use mind-bending passwords on every site, while only having to remember one master password (or use a fingerprint or other biometric).

The article also lists some options for software to buy.

The Globe and Mail reports that students at the University of British Columbia, “discovered intact hard drives containing secret international security data and personal information at a digital dumping ground in Ghana.”

[The students' teacher, Peter Klein], a producer for the PBS television program Frontline and an Emmy Award winning journalist, said the drives included information about U.S. Homeland Security and Pentagon defence contracts as well as social security numbers, credit card numbers, and family photos. [...]

The findings are part of a project by Mr. Klein’s graduate students investigating electronic waste, or e-waste. The team also travelled to Guiyu, China, and India, piecing together the afterlife of discarded computers, drives and parts. [...]

While there’s no way to know if the data has been used to commit crimes, Mr. Klein said that criminal gang members have been seen combing the debris.

Two years ago, Congress argued about overhauling the nation’s immigration laws, but failed to pass comprehensive immigration law reform. Now, the Washington Post reports that Senate Democrats are again looking to change federal immigration laws. Instead of just creating an error-filled national database of Americans’ employment eligibility, this time legislators are seeking to require “that all U.S. workers verify their identity through fingerprints or an eye scan.” I would like to emphasize that they would gather biometric data from “all U.S. workers”; not just undocumented workers.

Speaking on the eve of a White House summit with congressional leaders on immigration, Sen. Charles E. Schumer (N.Y.) said a national system to verify work documents is necessary because Congress has failed to crack down on unscrupulous employers and illegal immigrants with fake documents.

“I’m sure the civil libertarians will object to some kind of biometric card — although . . . there’ll be all kinds of protections — but we’re going to have to do it. It’s the only way,” Schumer said. [...]

A senior White House official said Obama is open to all of Schumer’s proposals, including his ID plan, saying that “he wants to listen, he wants to talk. All of it is on the table.”

There are numerous privacy and civil liberty problems that are fundamental in the creation of a national database of fingerprints and eye scans for all U.S. workers, a database that places the burden on the individual to prove that he or she is allowed to work in this country. How quickly will this database go from being strictly to prove employment eligibility to being used by police departments to gather fingerprints while circumventing the warrant process and Fourth Amendment rights of search and seizure? Who else could have access to your fingerprint and iris scans? The United States already has discussed sharing fingerprint and other biometric data of suspects with European countries. It’s a small step to opening up a national employee biometrics database to other countries. Read more »

The Washington Examiner reports that, “Security controls were so lacking at University of Maryland, University College that thousands of students’ academic records were vulnerable to prying eyes.” The report (pdf) from the Maryland Office of Legislative Audits found:

Our audit disclosed information system security and control deficiencies in UMUC’s network that includes the student administration, human resources, and financial information systems, as well as its online education application. [...]

For example, our audit disclosed that UMUC did not perform required periodic reviews of the appropriateness of user access capabilities for its accounting, personnel, and student records systems and that certain account and password controls were inadequate, including for the online education application. In addition, security reports were not generated for certain critical applications, proper controls were not established over computer program changes, and the internal computer network was not sufficiently secured from both internal and external sources.

The security problems lead to privacy risks, such as the fact that “student assignment folders and faculty grade books were at risk of disclosure and compromise from the general public.”

At FindLaw, Cornell Law Professor Sherry F. Colb has a great analysis of People v. Weaver (pdf), which concerns GPS and privacy.

Last month, in People v. Weaver, the New York Court of Appeals, the highest court of New York State, held that before attaching a GPS device to a suspect’s car and continuously monitoring the car’s whereabouts for 65 days, the police should have obtained a search warrant.

In so holding, the court relied exclusively on the New York State Constitution’s analogue to the U.S. Constitution’s Fourth Amendment right against unreasonable searches and seizures. The court thereby insulated its decision from reversal by the U.S. Supreme Court (because a state’s highest court has the final word on the construction of state law). [...] Read more »

Department of Homeland Security Secretary Janet Napolitano announced “her decision to end the National Applications Office (NAO) program, after a five-month review conducted in coordination with the Department’s law enforcement, emergency management and intelligence partners.” She said, “This action will allow us to focus our efforts on more effective information sharing programs that better meet the needs of law enforcement, protect the civil liberties and privacy of all Americans, and make our country more secure.”

Yesterday, the Wlall Street Journal reported that the administration planned to shutter the controversial National Applications Office. There was an uproar last year over the spy-satellite program, which would greatly expand the domestic use of military technology. Recently, the Major Cities Chiefs Association, wrote to Napolitano (pdf), saying, “In our view, the NAO is not an issue of urgency.” The chiefs urged Napolitano to instead focus on the goal of “effective sharing of law enforcement information that protects the privacy and civil liberties of Americans.” They said, “we are thus committed to a national framework of privacy and civil liberty protections. We believe that at this time, it is these efforts that should be the priority versus the establishment of the NAO.”