The Wall Street Journal reports that China is the latest country to require cellphone users to prove their identity when signing up for service. Several countries have considered such legislation. In the United States, there is legislation under discussion in the Senate that would require people to present ID when buying a prepaid mobile phones and would require companies to keep the information on file. Mexico, Vietnam, Spain and Japan are all seeking to identify some types of cellphone users and create databases.

Often, governments say this is a way to improve security, as only those with nefarious purposes (kidnappers, blackmailers) would need to have mobile phones that are not linked to their identities. This argument ignores that there are legitimate reasons for people to use prepaid cellphones anonymously: whistleblowers speaking to journalists or government prosecutors, or domestic violence victims who seek to avoid tracking by their abusers.

The Journal reports:

China began implementing a long-discussed measure that requires cellphone users to register by name when setting up an account, prompting concerns over privacy in the world’s largest mobile market. Read more »

The federal Chief Information Officers Council has released a report (pdf) detailing recommendations for a cloud computing privacy framework. Cloud computing is when you upload, store and access your data at an online service owned or operated by others. Millions of consumers use cloud computing services such as Web-based e-mail, online photo or video databases, or Internet calendar services.

The lack of control of your data is a substantial problem, as is the question of the physical location of the data and which country’s laws your personal information are subject to. (Read a previous post for more on the privacy issues connected with cloud computing.)

In “Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies,” the federal CIOs say:

While [cloud computing] provides a flexible solution for complex information technology needs, cloud computing poses additional privacy challenges to those using the “cloud.” Federal agencies need to be aware of the significant privacy concerns associated with the cloud computing environment where [personally identifiable information (PII) ] will be stored on a server that is not owned or controlled by the Federal government. That solution may result in holding or processing data without complying with Federal privacy requirements in a multi-jurisdictional environment. The framework below provides guidance on the privacy considerations posed by moving computer systems that contain PII to a Cloud Computing Provider (CCP). [...] Read more »

Research in Motion (RIM) has been dealing with the threat that its BlackBerry smartphones would be banned in the United Arab Emirates, Saudi Arabia, India and other countries because of security concerns. There were reports that Saudi Arabia and RIM had reached a preliminary deal, which raised security and privacy questions about the BlackBerry messaging service, which promises a “secure” e-mail system. However, RIM has faced problems in negotiations with India, with the possibility of a ban for its BlackBerry cellphones in the country. Now, the Associated Press reports that RIM has received a 60-day reprieve from India for its mobile phones.

The Ministry of Home Affairs said in a statement it would review the situation in 60 days after the Department of Telecommunications studies the feasibility of routing BlackBerry services through a server in India.

India wants greater access to encrypted corporate e-mails and instant messaging, though it remains unclear precisely what concessions Research In Motion agreed to in order to avert the ban. [...] Read more »

In the last few weeks, Research in Motion (RIM) faced the threat that its BlackBerry smartphones would be banned in the United Arab Emirates and Saudi Arabia, among other countries, because of security concerns. There were reports that Saudi Arabia and RIM had reached a preliminary deal, which raised security and privacy questions about the BlackBerry messaging service, which promises a “secure” e-mail system. NPR reported that problems that could arise for political dissidents or activists if governments gain access to the e-mail system.

Now, Slate takes a look at the issue of Internet security in general, explaining that Web users have a lot to worry about:

To understand how this happened, you need to understand the way much of the Web’s private traffic stays private. Whenever you’re sending sensitive information online—say, your credit card number to Amazon or a message over Gmail—the content is encrypted before being sent and then decrypted by the Web site you sent it to. (Sites using this secure mode have URLs that start with “https,” and browsers add a padlock icon as well to demonstrate you’re communicating securely.) Every vendor has its own rules for how to scramble information so that only it, the intended recipient, can decode it. If anyone intercepts the message along the way, it will appear to be a meaningless digital jumble. [...] Read more »

Earlier this week, there were reports that Germany was considering drafting a law concerning the privacy rights of employees in the workplace, as well as the rights of job applicants. Now, the Associated Press reports:

The draft law on employee data security presented by Interior Minister Thomas de Maiziere on Wednesday is the government’s latest attempt to address privacy concerns about online services including social networks and Google “Street View”.

It is also a reaction to corporations checking on employee e-mails and filming sales clerks during coffee breaks — which has triggered public outrage in Germany.

De Maiziere acknowledged that some of the new regulations — which have yet to be discussed and passed by parliament — might be complicated to enact. Read more »

The Irish Times has an editorial about online privacy, noting the interest that online companies such as Google and Facebook have in obtaining and “monetizing” user data through behavioral targeted advertising or otherwise. (Security expert Bruce Schneier also has discussed this issue.) The Irish Times says:

SHOULD PEOPLE be allowed to change their names to disassociate themselves from embarrassing youthful follies or damaging indiscretions recorded on social networking sites such as Facebook and Twitter? Eric Schmidt, chief executive of internet search engine Google, believes they should. He bases his argument on the modern reality that details of the private lives and personal views of young people are now so easily accessible online. Certainly, there is cause for concern, especially for job-seekers. A recent Microsoft survey of employers found that two-thirds had rejected applicants on the basis of personal information obtained from internet searches. [...]

Individuals have an interest in protecting their online privacy while the business model of many internet companies is quite the opposite: it is based on exploiting that personal information for commercial gain. Individuals have little knowledge or control over how these companies use, collect, process and store such information.

Given the stark conflict in these two positions, it is hardly surprising that internet companies have done so little to ease concerns by accepting the public has a right to see information held about them, to be told how it is used, with whom it is shared and how securely it is protected.