The Miami Herald reports on a variety of surveillance programs in Argentina that is raising privacy questions for citizens:

BUENOS AIRES – [A government-issued bus card, known as SUBE, allows the tracking of bus riders.] It’s one of several new measures that enhance the government’s surveillance and control capacity that have civil liberties groups raising red flags — and Argentines like Saad raising eyebrows.

Another initiative, decreed by President Cristina Fernández de Kirchner late last year, ordered the creation of the Federal System of Biometric Identification. In a sprawling, centralized system, biometric data — such as fingerprints and facial scans — will be integrated between the National Registry of Persons and the Argentine Federal Police. Starting Jan. 1, even newborns began having their biometric information registered in the system.

And as national documents and passports expire and are renewed, the unique physical characteristics of all 40 million Argentines will eventually be recorded in a government database, available to federal and provincial authorities. Read more »

The Department of Homeland Security has released its annual performance report. DHS’s Report, Appendix 1 and Appendix 2; archive Report, Appendix 1 and Appendix 2 (all pdf). The report reviews its programs for the past year, and there isn’t anything new that I see (although Appendix 2 does have a list of all GAO and DHS Inspector General reports evaluating DHS’s programs).

Among the issues discussed in the report:

1. The installation of privacy-enhancing software in some body scanners used by the Transportation Security Administration.
2. DHS Secretary Janet Napolitano’s decision to scrap the Secure Border Initiative (SBINet), which was a plan to build a “virtual fence” at the U.S.-Mexico border using surveillance equipment — unmanned aerial vehicles (also known as “drones”), thermal imaging equipment, camera surveillance systems. Learn more about SBINet in a previous post. DHS’s replacement for SBINet is similar to the scrapped program. The performance report says the new border security technology plan “will use existing, proven technology tailored to the distinct terrain and population density of each border region, including commercially available mobile surveillance systems, unmanned aircraft systems, thermal imaging devices, and tower-based remote video surveillance systems. Where appropriate, this plan will also incorporate already existing elements of the former SBInet program that have proven successful, such as stationary radar and infrared and optical sensor towers.”
3. The start of Self-Check, “a free, online, voluntary service of the E-Verify program that allows individuals to verify their employment eligibility in the United States. Administered by USCIS, Self Check is currently available to residents of Arizona, Colorado, Idaho, Mississippi, Virginia, the District of Columbia, California, Louisiana, Maine, Maryland, Massachusetts, Minnesota, Missouri, Nebraska, Nevada, New Jersey, New York, Ohio, South Carolina, Texas, Utah, and Washington and will be available nationwide in early 2012.” There have been many questions about the E-Verify employment eligibility verification system, especially the database that it uses. I am against a system that forces citizens to prove that they are eligible to work — the burden needs to be on the employer to prove that a person is not eligible to work, because it is less onerous for a business to make a mistake and hire an ineligible person than for an eligible employee to fix a mistake in a system to prove he or she is legally able to work. E-Verify’s false negatives can cause significant problems for eligible workers who have done nothing wrong.

Read the full report for more information on DHS’s activities in the past fiscal year.

In the last year, that has been increasing focus on the use of aerial drones (also known as unmanned aerial vehicles, “UAVs”) to conduct surveillance in the United States. Last year, the Washington Post had an in-depth report of possible privacy problems with the domestic use of aerial drones, which are commonly used in military operations. (Be sure to take a look at the Post’s graphic on the specs, abilities and uses of different UAVs.) The ACLU released a report on this technology, “Protecting Privacy From Aerial Surveillance: Recommendations for Government Use of Drone Aircraft” (ACLU pdf; archive pdf).

Recently, the Electronic Frontier Foundation filed a lawsuit against the Department of Transportation to learn more about the use of drones in the United States. And the Center for Democracy and Technology has looked into the privacy issues that can arise from commercial and domestic law enforcement use of drones.

Now, Congress has approved and sent to President Obama the FAA reauthorization bill, which includes a provision to integrate the use of aerial surveillance by drones in the United States by Sept. 30, 2015, rather than keeping the drones for their original purpose flying in combat missions. The bill says “(1) COMPREHENSIVE PLAN- Not later than 270 days after the date of enactment of this Act, the Secretary of Transportation, in consultation with representatives of the aviation industry, Federal agencies that employ unmanned aircraft systems technology in the national airspace system, and the unmanned aircraft systems industry, shall develop a comprehensive plan to safely integrate civil unmanned aircraft systems into the national airspace system.” Also, “Not later than 1 year after the date of enactment of this Act, the Administrator of the Federal Aviation Administration shall establish a program to integrate unmanned aircraft systems into the national airspace system at not fewer than 4 test ranges.”

The Associated Press reports on the FAA legislation: Read more »

A few years ago, then-DC Mayor Adrian Fenty (D) unveiled plans for a city-wide surveillance system  (VIPS). At the time, the Washington Examiner reported: “The Video Interoperability for Public Safety system, or VIPS, links 5,200 District-owned closed-circuit television cameras within a single monitoring office under the Homeland Security and Emergency Management Agency. The goal: Assist Homeland Security ‘to rapidly identify and respond to emergency circumstances that occur within the District.’ Every camera in a school, in a jail cell, in a government building, outside a public housing project or attached to a traffic light has been integrated into the network. The police department’s crime cameras, which require passive monitoring only, are not included.” The Fenty administration gave the DC Council and the public little information on the project, and critics (including me) charged that it did not adequately address the substantial privacy and civil liberty questions that were raised.

Last year, the Washington Examiner reported that DC Mayor Vincent Gray (D) sought to expand the city’s camera surveillance system to watch the public. (Note that the District of Columbia also uses license-plate readers to capture images of vehicles’s plates.)

Now, the Washington Times reports on a public-private partnership on surveillance cameras in D.C.’s Georgetown neighborhood that is raising privacy and civil liberties questions:

When D.C. police began installing surveillance cameras in neighborhoods more than five years ago as crime-fighting tools, privacy concerns voiced by civil liberties groups limited their scope and use.

Now a less-formal agreement from a citizens association planning to expand the Metropolitan Police Department’s watchful eye in Georgetown over the next few months is hitting a similar hurdle.

The Citizens Association of Georgetown, a private neighborhood association, plans to pay for the installation of up to 10 cameras in the hopes that the additional surveillance will deter crime. [...] Read more »

The Washington Post reports that privacy questions are starting to become more prominent in India:

The Indian government’s recent announcement that it taps nearly 300 new phones every day has sparked a debate about privacy in a country that traditionally views such concerns as an ugly offshoot of Western individualism.

Indians tend to stress identities of family and community over any others. But a growing desire for privacy and what many say is a government assault on it are creating tension in this nation of 1.2 billion people.

The reasons for the shift, experts say, include changing family structures and lifestyles among the urban middle class, a mass media explosion and the Internet, all coming just as the government has begun tapping more phones and using surveillance cameras in more public places.

India’s constitution does not guarantee a right to privacy, nor does the country have a data protection law to guard against the misuse of personal information. But the government has proposed a wide-ranging privacy law, and a coalition of organizations and activists, including the newly formed advocacy group Privacy India, is trying to help shape it. [...] Read more »

In honor of International Data Privacy Day, Computerworld in New Zealand has rounded up what it believes to be the 15 worst Internet privacy scandals:

These high-profile privacy scandals involve many underlying technologies, from search to social media, e-mail to voice mail, mobile phones to Webcams to GPS. But at the heart of all of these privacy scandals are companies collecting personal data without the user’s knowledge or consent and then either sharing it with third parties or simply failing to keep it safe. [...]

1. Sony CD Spyware

Sony BMG ran into a major privacy flap in fall 2005 because of the anti-piracy measures called XCP that it added to music CDs. When a customer played one of these CDs on a Windows PC, the CD installed hidden rootkit software onto the PC that communicated the CD being played and the IP address of the PC back to Sony. This so-called spyware also created vulnerabilities on PCs for worms or viruses to exploit. Critics said Sony had created a backdoor onto its customers’ machines, leading Sony to recall the CDs and offer a free removal tool for the rootkit software. Class action lawsuits were filed against Sony in Texas, New York and California. The U.S. Federal Trade Commission required Sony to pay $150 to any consumer whose PC was damaged by the software as part of a settlement for violating federal law. (Also see: Sony BMG rootkit scandal – five years later) [...]

3. AOL Search Leak

In August 2006, AOL released a file containing 20 million search keywords used by 650,000 of its users over a three-month period. The file was supposed to be anonymous data available for research purposes, but personally identifiable information was available in many of the searches making it possible to identify an individual and their search history. AOL admitted it was a mistake to release the data and removed it from its Web site after three days, but by then the data had been mirrored at sites across the Internet. AOL’s CTO Maureen Govern quit two weeks later. In September 2006, a class action lawsuit was filed – that’s still lingering in California courts — against AOL demanding $5,000 per user.

4. Google Street View Read more »