The Vancouver Sun reports that British Columbia’s Privacy Commissioner has decided (pdf) that “identity-scanning technology used by about 100 bars and clubs provincewide violates the B.C. Personal Information and Protection Act.”

The decision arose from a customer’s complaint about the Wild Coyote Club, a bar on Southwest Marine Drive in Vancouver, which requires patrons to swipe their driver’s licences and have their photo taken. Customers’ names, photos and ages are stored in a database.

The technology is used by Bar Watch members — a coalition of bar owners — to make it easier to identify violent individuals and deter potential violence. [...] Read more »

The Associated Press has a follow-up on the story about a BlackBerry software update that added spyware to the devices in the United Arab Emirates.

BlackBerry users in the Mideast business centers of Dubai and Abu Dhabi who were directed by their service provider to upgrade their phones were actually installing spy software that could allow outsiders to peer inside, according to the device’s maker.

While many questions about the breach remain unanswered, including who ordered it sent and why, analysts say the disclosure highlights the security risks posed by increasingly popular smart phones like the BlackBerry.

Richard M. Smith, an Internet security and privacy consultant at Boston Software Forensics, said smart phones are ”the perfect personal spying devices” because as tiny computers they can be programmed to send back a broad range of information. [...] Read more »

Today at 6:30 p.m. ET, I will be on on “The Drive with Gary Nolan,” on radio station The Eagle 93.9 FM. I’ll discuss surveillance programs, including camera surveillance systems. You can listen live at http://theeagle939.com/

The Washington Post reports that Maryland trains and buses are wired for audio as well as video surveillance, but officials currently aren’t allowing audio surveillance. The good news is that Maryland’s acting transportation secretary is against audio surveillance. ”The [transportation] secretary believes that matters of public privacy are the ultimate test of people’s trust in government,” said her spokesman, Jack Cahalan. “We have tabled the matter.”

The bad news is that the public didn’t know about the capability until a transit authority official asked (pdf) the state attorney general’s office if audio surveillance would be legal.

“Can MTA lawfully make audio recordings of conversations of passengers and employees on board public transit vehicles?” wrote MTA Administrator Paul J. Wiedefeld. And, is it necessary “to obtain the consent of passengers and employees before recording their conversations?”

The Post reports that the Maryland Transit Administration “operates buses, subways and commuter rail lines throughout the state, focusing heavily on Baltimore, but its MARC rail lines and commuter buses into Washington carry more than 10 million passengers a year.”

Read more »

The New York Times reports on new technology that would place a time limit on digital data, causing it to self-destruct. Vanish was created by researchers at the University of Washington. In a press release, the researchers explained:

The Vanish prototype washes away data using the natural turnover, called “churn,” on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered. [...]

Vanish works with any text entered into a Web browser: Web-based e-mail such as Hotmail, Yahoo and Gmail, Web chat, or the social networking sites MySpace and Facebook. The Vanish prototype now works only for text, but researchers said the same technique could work for any type of data, such as digital photos. Read more »

In an article for the Guardian, security expert Bruce Schneier writes about “privacy salience,” which shows that “reassuring people about privacy makes them more, not less, concerned” about their personal data.

Leslie John, Alessandro Acquisti, and George Loewenstein – all at Carnegie Mellon University – demonstrated this in a series of clever experiments. In one, subjects completed an online survey consisting of a series of questions about their academic behaviour – “Have you ever cheated on an exam?” for example. Half of the subjects were first required to sign a consent warning – designed to make privacy concerns more salient – while the other half did not. Also, subjects were randomly assigned to receive either a privacy confidentiality assurance, or no such assurance. When the privacy concern was made salient (through the consent warning), people reacted negatively to the subsequent confidentiality assurance and were less likely to reveal personal information. [...] Read more »