Last week, Google announced changes in its privacy policies that will affect users of its services, such as search, Gmail, Google+ and YouTube. Advocates and legislators questioned the changes, saying that there were privacy issues, and criticized the Internet services giant (Congress pdf; archive pdf) for not including an opt-out provision; Google said that users who objected could stop using its services and move their data elsewhere. Google responded to the criticisms in a letter (pdf) to U.S. lawmakers and a blog post.

Now, the EU’s Article 29 Data Protection Working Party has written (Working Party pdf; archive pdf) to Google about the privacy policy, which affect 60 Google services. The Working Party includes data protection authorities from all 27 European Union member states as well as the European Data Protection Supervisor. Jacob Kohnstamm, chairman of the Article 29 Working Party, writes:

The Department of Homeland Security’s Privacy Office has released a new Privacy Impact Assessment (DHS pdf; archive pdf) cybersecurity program Einstein. It is a Bush-era pilot program, continued under Obama, that seeks to have private telecommunications companies route the Internet traffic of civilian government agencies through hardware and software that would search for and block malicious computer codes; see more here and here. Recently, the Constitution Project included a discussion of EINSTEIN and privacy and civil liberties in a report, “Recommendations for the Implementation of a Comprehensive and Constitutional Cybersecurity Policy” (Project pdf; archive pdf), calling on Congress to include strong privacy protections in any cybersecurity legislation it adopts.

From the Privacy Impact Assessment:

The Department of Homeland Security (DHS) and the Department of Defense (DoD) are jointly undertaking a proof of concept known as the Joint Cybersecurity Services Pilot (JCSP). The JCSP extends the existing operations of the Defense Industrial Base (DIB) Exploratory Cybersecurity Initiative (DIB Opt-In Pilot) and shifts the operational relationship with the CSPs in the pilot to DHS. The JCSP is part of overall efforts by DHS and DoD to enable the provision of cybersecurity capabilities enhanced by U.S. government information to protect critical infrastructure information systems and networks. The purpose of the JCSP is to enhance the cybersecurity of participating DIB critical infrastructure entities and to protect sensitive DoD information and DIB intellectual property that directly supports DoD missions or the development of DoD capabilities from unauthorized access, exfiltration, and exploitation. [...] Read more »

The scandal about the alleged hacking of thousands of British citizens’ phones by the UK News of the World led to that newspaper’s closing and the questioning of owner Rupert Murdoch and his son, James Murdoch, by British officials. (It also led to much discussion about the privacy and security of telephone voicemail systems.) Now, the New York Times reports that the voicemail hacking scandal has spread to the Murdochs’ Times of London and it could include e-mail hacking:

The hacking scandal at Rupert Murdoch’s British newspapers took a new turn on Thursday when a lawmaker said police investigations had spread to the flagship Times of London. The revelation came a day after lawyers said an e-mail referring to “a nightmare scenario” of legal repercussions from widespread phone hacking at the News of the World tabloid was deleted from James Murdoch’s computer less than two weeks before the police opened investigations.

The lawmaker, Tom Watson, from the opposition Labour Party, who has been a central figure in the inquiries into phone hacking, said in a message on Twitter that Scotland Yard had “confirmed to me they are investigating” The Times “over e-mail hacking.” [...]

The development was significant in two regards: it focused attention on e-mail hacking rather than the illicit voice mail interception at the center of inquiries so far, and it suggested that the most august of the Murdoch publications in Britain was not immune from scrutiny. Read more »

The Associated Press reports on the U.S. no-fly list. In 2003, Homeland Security Presidential Directive No. 6 consolidated administration of the no-fly, selectee and other security watchlists under the jurisdiction of the Terrorist Screening Center. In 2009, the Justice Department’s Inspector General released a report (pdf) reported substantial problems with the terrorist watchlists. “The Federal Bureau of Investigation has improperly kept nearly 24,000 people on a terrorist watch list based on outdated or sometimes irrelevant information, while it missed others with legitimate terror ties who should have been on the list,”said the New York Times. Here are a few stories in the archives about problems with watchlists.

The Associated Press reports:

Even as the Obama administration says it’s close to defeating al-Qaeda, the size of the government’s secret list of suspected terrorists who are banned from flying to or within the United States has more than doubled in the past year, the Associated Press has learned.

The no-fly list jumped from about 10,000 known or suspected terrorists one year ago to about 21,000, according to government figures provided to the AP. Most people on the list are from other countries; about 500 are Americans.

The flood of new names began after the failed Christmas 2009 bombing of a Detroit-bound jetliner. The government lowered the standard for putting people on the list, and then scoured its files for anyone who qualified. The government will not disclose who is on its list or why someone might have been placed on it. [...] Read more »

The New York Times reports on negotiations concerning the sharing of traveler data between European Union countries and the United States:

BRUSSELS — Raising the stakes in a trans-Atlantic struggle over data privacy, an influential lawmaker said Tuesday that the European Parliament should reject a deal between the European Union and the United States that aims at sharing information about air passengers as a way to fight serious crime and terrorism.

Sophie in ’t Veld, a Dutch member of the Parliament who previously helped lead efforts to block an initiative for sharing banking information with the United States, said the air passenger deal failed to address earlier concerns raised by the Parliament, and was incompatible with other European legislation. [...]

A majority of E.U. member governments approved the air passenger deal in December, although Germany and Austria abstained because they still had serious concerns about the effects of the deal on privacy.

Ms. in ’t Veld’s recommendation is not binding, but if she gathers enough support the Parliament could block the agreement when it comes to a vote in April. Read more »

Last week, Google announced changes in its privacy policies that will affect users of its services, such as search, Gmail, Google+ and YouTube. Advocates and legislators questioned the changes, saying that there were privacy issues, and criticized the Internet services giant (Congress pdf; archive pdf) for not including an opt-out provision; Google said that users who objected could stop using its services and move their data elsewhere.

Now, CNet reports that Google is responding to the criticisms in a letter (pdf) to federal lawmakers and a blog post. CNet reports:

Google announced plans to rewrite its privacy policy last week. The revision will give the company explicit rights to “combine personal information” across the many products and services it currently offers.

“We’re not collecting more data about you. Our new policy simply makes it clear that we use data to refine and improve your experience on Google–whichever products or services you use,” Google said at the time. “This is something we have already been doing for a long time. We’re making things simpler and we’re trying to be upfront about it. Period.” Read more »