The Department of Homeland Security’s Privacy Office has released its first annual “Privacy and Civil Liberties Assessment Report” (DHS pdf; archive pdf). The office said, “Executive Order 13636, Improving Critical Infrastructure Cybersecurity, requires that senior agency officials for privacy and civil liberties assess the privacy and civil liberties impacts of the activities their respective departments and agencies have undertaken to implement the Executive Order, and to publish their assessments annually in a report compiled by the DHS Privacy Office and Office for Civil Rights and Civil Liberties. This is the first of the required annual reports. It includes the DHS Privacy Office’s and Office for Civil Rights and Civil Liberties’ assessments of certain DHS activities under Section 4 of the Executive Order (enhanced threat information sharing with the private sector) as well as assessments conducted independently by the Department of the Treasury and the Departments of Defense, Justice, Commerce, Health and Human Services, Transportation, and Energy, and by the Office of the Director of National Intelligence and the General Services Administration.”
Archive for the ‘Technology’ Category
Center for Investigative Reporting and KQED: Hollywood-style surveillance technology inches closer to realityTuesday, April 15th, 2014
The Center for Investigative Reporting and KQED looked into emerging surveillance technologies that could have a significant impact on the privacy rights of individuals:
[Ross McNutt] and his Ohio-based company, Persistent Surveillance Systems, persuaded the Los Angeles County Sheriff’s Department to use his surveillance technology to monitor Compton’s streets from the air and track suspects from the moment the snatching occurred.
The system, known as wide-area surveillance, is something of a time machine – the entire city is filmed and recorded in real time. Imagine Google Earth with a rewind button and the ability to play back the movement of cars and people as they scurry about the city. [...]
McNutt who holds a doctorate in rapid product development, helped build wide-area surveillance to hunt down bombing suspects in Iraq and Afghanistan. He decided that clusters of high-powered surveillance cameras attached to the belly of small civilian aircraft could be a game-changer in U.S. law enforcement. [...]
The Center for Investigative Reporting and KQED teamed up to take an inside look at the emerging technologies that could revolutionize policing – and how intrusively the public is monitored by the government. The technology is forcing the public and law enforcement to answer a central question: When have police crossed the line from safer streets to expansive surveillance that threatens to undermine the nation’s constitutional values? Read more »
The Associated Press reports on a privacy program at St. Michael School in suburban St. Louis. The program is based a privacy curriculum based on one released by the Fordham Law School’s Center for Law and Information Policy. AP reports:
CLAYTON, Mo. — In an age of increased online government surveillance and targeted social media ads, the notion of privacy as a classroom subject worthy of distinct study is gaining momentum far beyond the narrow niches of First Amendment lawyers and computer hackers.
Using a privacy curriculum developed at Fordham Law School in New York, educators there and at another dozen of the country’s top law schools want to equip adolescents growing up in a digital world with a user manual that has little to do with apps and pixel resolution.
At the St. Michael School in suburban St. Louis, middle-school students recently learned how to manage their digital reputations. Led by a law-student instructor from nearby Washington University, the preteens discussed how facial recognition software is used everywhere from Facebook to the local mall. As the cellphone increasingly becomes an early adolescent rite of passage, they debated the legal and ethical issues raised by spending hours each day online or texting with friends. […] Read more »
The Government Accountability Office has released a new report, “IRS Needs to Address Control Weaknesses That Place Financial and Taxpayer Data at Risk (GAO-14-405￼￼),” concerning security problems that could affect the privacy of taxpayers. Here’s an excerpt detailing problems at the Internal Revenue Service:
Specifically, the agency had not always (1) installed appropriate patches on all databases and servers to protect against known vulnerabilities, (2) sufficiently monitored database and mainframe controls, or (3) appropriately restricted access to its mainframe environment. In addition, IRS had allowed individuals to make changes to mainframe data processing without requiring them to follow established change control procedures to ensure changes were authorized, and did not configure all applications to use strong encryption for authentication, increasing the potential for unauthorized access. Read more »
InformationWeek reports on accusations of insiders misusing their access privileges in New York. We’ve seen the problems that arise when insiders abuse or misuse their access privileges to individuals’ data and violate the individuals’ rights. Such cases have occurred in: Tucson, Ariz., where University Medical Center officials fired three employees for violating privacy of patients connected to the shooting rampage of which Jared Loughner is accused; New York City, where a police sergeant pleaded guilty “to illegally entering a federal database and giving information from a terrorist watch list to an acquaintance to use in a child-custody case in Canada”; Ohio, where the Ohio Inspector General released a report (pdf) finding that state employees improperly accessed and distributed confidential state records related to Samuel Joseph Wurzelbacher, who gained fame during the 2008 election as “Joe the Plumber”; and the U.S. government, where the State Department found that federal employees repeatedly snooped into the passport files of entertainers, athletes and other high-profile Americans. The cases aren’t confined to the United States; for example, they’ve occurred in Canada and New Zealand.
InformationWeek reports on a case concerning medical privacy in Queens, N.Y., as well as other cases in the United States:
The Queens, N.Y., district attorney recently charged two employees of Jamaica Hospital Medical Center with illegally accessing emergency room patients’ medical records and personal identification information, and selling that data to individuals who then solicited services such as outpatient care or legal assistance — sometimes while patients were still in the ER. [...] Read more »
The Court observes first of all that the data to be retained make it possible, in particular, (1) to know the identity of the person with whom a subscriber or registered user has communicated and by what means, (2) to identify the time of the communication as well as the place from which that communication took place and (3) to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. Those data, taken as a whole, may provide very precise information on the private lives of the persons whose data are retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, activities carried out, social relationships and the social environments frequented. Read more »