The Congressional Research Service (a nonpartisan department of the Library of Congress created to assist legislators) has published a report concerning the federal government’s information security capabilities and data privacy protections. The report, “Federal Information Security and Data Breach Notification Laws, RL34120 (Jan. 28, 2010)” is available through Open CRS. Not all CRS reports are made public, though the department is funded by taxpayer money. Open CRS, a project of the Center for Democracy & Technology, gathers and archives publicly accessible CRS Reports, ones that are already in the public domain. Here’s the summary:
The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information Security Management Act, Office of Management and Budget Guidance, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health Act, the Gramm-Leach-Bliley Act, the Federal Trade Commission Act, and the Fair Credit Reporting Act. Also included in this report is a brief summary of the Payment Card Industry Data Security Standard (PCI DSS), an industry regulation developed by VISA, MasterCard, and other bank card distributors. Read more »
In the New York Times magazine, there’s a story about how crowdsourcing is being used to unmask people online. There are questions about whether individual privacy is being violated, and in some cases, whether the “human-flesh search engines” are causing enabling violence.
Human-flesh search engines — renrou sousuo yinqing — have become a Chinese phenomenon: they are a form of online vigilante justice in which Internet users hunt down and punish people who have attracted their wrath. The goal is to get the targets of a search fired from their jobs, shamed in front of their neighbors, run out of town. It’s crowd-sourced detective work, pursued online — with offline results.
There is no portal specially designed for human-flesh searching; the practice takes place in Chinese Internet forums like Mop, where the term most likely originated. Searches are powered by users called wang min, Internet citizens, or Netizens. The word “Netizen” exists in English, but you hear its equivalent used much more frequently in China, perhaps because the public space of the Internet is one of the few places where people can in fact act like citizens. [...] Read more »
The Philadelphia Inquirerreports that the Lower Merion School District placed on leave two Information Technology workers, the latest update in an ongoing surveillance scandal. Recap: In a lawsuit — Robbins v. Lower Merion School District (pdf) — in Pennsylvania, the Robbins family alleged that the Lower Merion School District misused Webcam-enabled laptops it issued to students in order to remotely peep into the students’ homes, take photographs and violate their privacy. The school district has denied violating anyone’s privacy, claiming the Webcams were only turned on in case of lost or stolen computers. The FBI and local officials are investigating. There have been discussions among legal scholars about the Fourth Amendment implications.
The Inquirer reports that, “The two people authorized to activate the software — Michael Perbix, a network technician, and Carol Cafiero, information systems coordinator — were put on paid leave last week while lawyers and technicians examine how the remote system was used.”
Lawyers for Cafiero and Perbix said their clients did nothing wrong. Perbix and Cafiero only turned on the remote software when a laptop was reported missing, they said – and administrators knew what they were doing. [...] Read more »
USA Today has a report on an issue I’ve discussed before: law enforcement use of license-plate scanners to track cars.
The cameras read license plates of parked and moving cars — hundreds per minute — and check them against vehicle databases, said Lance Clem, a spokesman for the Colorado Bureau of Investigation, which purchased several systems for its police vehicles last fall.
Departments in Denver and Colorado Springs; South Portland, Maine; Gwinnett, Douglas and Cherokee counties in Georgia; and Clinton, Conn., are planning to deploy or have already added License Plate Recognition (LPR) systems this year, officials from those agencies said.
Also, about 40 law enforcement agencies in the Washington, D.C., metro area are deploying LPRs this year, according to Nate Maloney, a spokesman for their supplier, ELSAG of Brewster, N.Y. The district has had them since 2005, he said. [...] Read more »
Physorgreports on a new poll that shows one in four Germans would accept being implanted with a radio frequency identification (RFID) chip if they believed the benefits outweighed concerns, including privacy questions. RFID systems transmit data wirelessly from a chip or tag to a reader.
The survey, by German IT industry lobby group BITKOM, was intended to show how the division between real life and the virtual world is increasingly coming down, one of the main themes of the CeBIT trade fair that kicks off Tuesday.
In all, 23 percent of around 1,000 respondents in the survey said they would be prepared to have a chip inserted under their skin “for certain benefits”.
Around one in six (16 percent) said they would wear an implant to allow emergency services to rescue them more quickly in the event of a fire or accident. Read more »
USA Todayreports on privacy and social-networking site Facebook:
Whether it’s avoiding bars frequented by students or politely declining the occasional social invitation, professors often make an extra effort to establish boundaries with their students. But social networking sites, which are often more public than they may appear, are lifting the veil on the private lives of professors in ways they may not have expected. [...]
Colleges have for years been warning students to keep their Facebook and Myspace pages free of embarrassing photos or writings, but a more recent phenomenon is the emergence of concrete policies governing how faculty and other employees use social media. DePaul University and Ball State University, for instance, both have approved social media policies, and Ball State’s specifically notes that social media sites “blur the lines between personal voice and institutional voice.” Read more »
